Wcoke – Live forensic collect and analyze tool
Last Update 2016.07.06
When we found attack to server or system from hacker, We need to live forensic.
This time we very busy, becuse we have to many thing. analyze and take look many thing.
But, we have to take many analyze or forensic tool.
So, i want to simple collect tool for live forensic before.
I just want to focus at trace hacking and found root cause. But also need to collect victim log.
This tool help you, start analyze.
2016.07.06 – Add to Account logon success/fail history
i dont have money, so i just attach to private sign. asecurity.so 🙂
support windows version windows 2008 and later version.(support .net framework 4.5)
This program collect and analyze next area.
1. Local Account
Display current Local account information
2. Logon User
Display current logon user information
3. Drive Information
Display current connect disk infomation
4. Last 24hr File
Display Last 24hr create or monify file
Display File handle and use Modules information.
6. Internet History
Display visit site informaiton and use file information
7. Task List
Display task information
8. Auto Run
Display auto run information
9. Network Use
Display network use information