B2Response - Logged PS Remote Command Wrapper for simplified Blue Team Forensics/IR.

B2Response – Logged PS Remote Command Wrapper for simplified Blue Team Forensics/IR.

B2Response (beta) is a Powershell script for Logged PS Remote Command Wrapper for simplified Blue Team Forensics/IR

Dependencies:
+ Powershell v3.0 or Higher

B2Response (Beta)

Some Features:
+ prefetch; Get creation and modification timestamps (first and last execution times) of prefetch files within C:\Windows\Prefetch
+ chromehistory; Parse Chrome browser history. Must specify username. E.g. chromehistory bobw. Due to imperfect regex constraints, only a unique list of domains is presented
+ firefoxhistory; Parse Firefox browser history. Must specify username. E.g. chromehistory bobw Due to imperfect regex constraints, only a unique list of domains is presented
+ iehistory; Parses Internet Explorer History Due to imperfect regex constraints, only a unique list of domains is presented

Usage: B2Response.ps1 remotehost
In order to use rekal:
1. Download and install rekal on your PC
2. Zip the install directory into rekal.zip
3. Place into the ‘Binaries’ folder

In order to use autorunsc (which saves the output to a .csv log):
1. Download autorunsc
2. Select the binary you wish to use (64 bit or 32 bit) and name it ‘autorunsc.exe’
3. Place it in a folder called ‘Autorunsc’
4. Zip the folder ‘Autorunsc’ containing ‘autorunsc.exe’
5. Place Autorunsc.zip into the ‘Binaries’ folder

Use and Download:

Source: https://github.com/B2dfir