Pastebin Clone
Home
Create Paste
Create Paste
Title
Content
@echo off setlocal enabledelayedexpansion color 0A :: Penentuan Folder Output set "TIMESTAMP=%date:~10,4%%date:~4,2%%date:~7,2%_%time:~0,2%%time:~3,2%%time:~6,2%" set "TIMESTAMP=%TIMESTAMP: =0%" set "OUTDIR=%USERPROFILE%\Desktop\Bareskrim_Triage_%TIMESTAMP%" echo =================================================== echo LOGICAL FORENSICS EXTRACTOR - DEV/PROGRAMMER echo =================================================== echo [!] Menyiapkan struktur direktori... mkdir "%OUTDIR%\01_Network" mkdir "%OUTDIR%\02_System_Logs" mkdir "%OUTDIR%\03_Dev_Infrastruktur" mkdir "%OUTDIR%\04_Cloud_SSH_Keys" mkdir "%OUTDIR%\05_Browser_DB" mkdir "%OUTDIR%\06_Registry_UserAssist" echo. echo [+] 1. Mengekstrak Network & Konektivitas... ipconfig /all > "%OUTDIR%\01_Network\ipconfig_all.txt" arp -a > "%OUTDIR%\01_Network\arp_table.txt" ipconfig /displaydns > "%OUTDIR%\01_Network\dns_cache.txt" netstat -anob > "%OUTDIR%\01_Network\netstat_active_ports.txt" 2>nul route print > "%OUTDIR%\01_Network\routing_table.txt" netsh advfirewall firewall show rule name=all > "%OUTDIR%\01_Network\firewall_rules.txt" :: WiFi Profiles & Cleartext Passwords netsh wlan show profiles > "%OUTDIR%\01_Network\wifi_profiles.txt" for /f "tokens=2 delims=:" %%a in ('netsh wlan show profiles ^| findstr /C:"All User Profile"') do ( set "ssid=%%a" set "ssid=!ssid:~1!" netsh wlan show profile name="!ssid!" key=clear > "%OUTDIR%\01_Network\wifi_!ssid!.txt" ) echo [+] 2. Mengekstrak System Event Logs (EVTX)... :: Mengambil log keamanan dan sistem (Penting untuk melihat kapan PC nyala/mati, login, dsb) wevtutil epl Security "%OUTDIR%\02_System_Logs\Security.evtx" 2>nul wevtutil epl System "%OUTDIR%\02_System_Logs\System.evtx" 2>nul wevtutil epl Application "%OUTDIR%\02_System_Logs\Application.evtx" 2>nul echo [+] 3. Mengekstrak Jejak Developer & Infrastruktur... :: Docker (Melihat container web/db judol yang mungkin di-run lokal) docker ps -a > "%OUTDIR%\03_Dev_Infrastruktur\docker_containers.txt" 2>nul docker images > "%OUTDIR%\03_Dev_Infrastruktur\docker_images.txt" 2>nul :: Git Config if exist "%USERPROFILE%\.gitconfig" copy "%USERPROFILE%\.gitconfig" "%OUTDIR%\03_Dev_Infrastruktur\git_config.txt" :: Environment Variables (Sering berisi rahasia/API keys) set > "%OUTDIR%\03_Dev_Infrastruktur\env_vars.txt" :: Hosts file copy "C:\Windows\System32\drivers\etc\hosts" "%OUTDIR%\03_Dev_Infrastruktur\hosts_file.txt" echo [+] 4. Mengekstrak Cloud Credentials & SSH Keys (CRITICAL)... :: SSH Keys (Untuk masuk ke server judi) if exist "%USERPROFILE%\.ssh" xcopy /s /y /i "%USERPROFILE%\.ssh" "%OUTDIR%\04_Cloud_SSH_Keys\SSH_Keys" >nul 2>&1 :: AWS CLI Credentials if exist "%USERPROFILE%\.aws" xcopy /s /y /i "%USERPROFILE%\.aws" "%OUTDIR%\04_Cloud_SSH_Keys\AWS_Credentials" >nul 2>&1 :: Google Cloud CLI if exist "%USERPROFILE%\AppData\Roaming\gcloud" xcopy /s /y /i "%USERPROFILE%\AppData\Roaming\gcloud" "%OUTDIR%\04_Cloud_SSH_Keys\GCP_Credentials" >nul 2>&1 echo [+] 5. Mengekstrak Browser SQLite Databases... :: Mengambil History, Login Data (Password), dan Web Data (Autofill) taskkill /F /IM chrome.exe /T >nul 2>&1 set "CHROME_DIR=%LocalAppData%\Google\Chrome\User Data\Default" if exist "%CHROME_DIR%\History" copy "%CHROME_DIR%\History" "%OUTDIR%\05_Browser_DB\Chrome_History" if exist "%CHROME_DIR%\Login Data" copy "%CHROME_DIR%\Login Data" "%OUTDIR%\05_Browser_DB\Chrome_LoginData" if exist "%CHROME_DIR%\Web Data" copy "%CHROME_DIR%\Web Data" "%OUTDIR%\05_Browser_DB\Chrome_WebData" echo [+] 6. Mengekstrak Windows Registry & UserAssist... reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist" /s > "%OUTDIR%\06_Registry_UserAssist\user_assist.txt" reg query "HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions" /s > "%OUTDIR%\06_Registry_UserAssist\putty_sessions.txt" 2>nul :: Ekstrak aktivitas command line if exist "%AppData%\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" ( copy "%AppData%\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" "%OUTDIR%\06_Registry_UserAssist\powershell_history.txt" ) echo [+] 7. Zipping Evidence... powershell -Command "Compress-Archive -Path '%OUTDIR%' -DestinationPath '%OUTDIR%.zip' -Force" echo [+] 8. Membersihkan Jejak Triage... rd /s /q "%OUTDIR%" echo. echo =================================================== echo [SUCCESS] Ekstraksi Selesai! echo File Tersimpan di: %OUTDIR%.zip echo =================================================== pause
Syntax Highlighting
Plain Text
PHP
JavaScript
Python
HTML
Expiration Time
Never
1 Hour
1 Day
1 Week
Visibility
Public
Private
Save Paste
Cancel