How to Collect System Logs within 5 minutes | Best Tool for Incident Response | Easy Log Collection

preview_player
Показать описание
Remove all your struggle at zero hour using IR-Flash and let's learn how to collect system logs just by one command and within 5 minutes. Working in incident response becomes difficult if you don't have a robust tool/process that can help you to capture your system logs from an infected machine. I have seen many such scenaros where we need to keep asking 100s of people for different types of logs and even many times they don't understand how to collect the logs and what to do. So, I have developed this script which will take all of our pain away and will collect everything and bundle up in a single space.
Ok, so let's now uncover the IR-FLASH tool and let's see what all functionality we can expect out of this tool.

What we are capturing here ?
✔arp table of the current network
✔ipconfig of this machine
✔dnscache
✔ipv4 stack from netsh
✔firewall settings from netsh
✔wifi configuration from netsh (no passwords)
✔System Information
✔Service list
✔Process list
✔Eventlogs- (Application, Security, PS), Defenderlogs, Firewalllogs
✔GPO (text and HTML)
✔Windows Scheduler
✔Audit Policy
✔net user
✔net localgroups
✔net session
✔net share
✔doskey /history
✔powershell logs for all users where accessible
✔Registry
✔AV Vendor logs (Cylance, McAfee, Defender, TrendMicro)- If exists
✔Firewall eventlog
✔registry backup
✔WMI consumer
✔archive of local scripts

-------------------------------------------------------------------------------------------------------------------------
📝
Follow the Steps in GitHub if you missed somewhere in the video. I have explained the steps in written as well.

🔗LINKS FOR YOUR REQUIREMENTS-
-------------------------------------------------------------------------------------------------------------------------

🔥🔥🔥🔥🔥
🔥🔥🔥🔥🔥

WATCH BELOW AS WELL 🔥🔥🔥🔥🔥
-------------------------------------------------------------------------------------------------------------------------

📞📲
FOLLOW ME EVERYWHERE-
-------------------------------------------------------------------------------------------------------------------------
✔ Twitter: @blackperl_dfir

SUPPORT BLACKPERL
-------------------------------------------------------------------------------------------------------------------------
╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗
║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣
╠╗║╚╝║║╠╗║╚╣║║║║║═╣
╚═╩══╩═╩═╩═╩╝╚╩═╩═╝
➡️ SUBSCRIBE, Share, Like, Comment

-------------------------------------------------------------------------------------------------------------------------
🙏 Thanks for watching!! Be CyberAware!! 🤞

#windowslogs #forensic #dfir #blackperl
  1. BlackPerl
  2. how to collect system logs
  3. how to collect system logs in windows
  4. System logs
  5. system logs troubleshooting
  6. system logs windows 10
Рекомендации по теме
How to Collect 0:13:11

How to Collect System Logs within 5 minutes | Best Tool for Incident Response | Easy Log Collection

How to check 0:02:56

How to check application logs in Windows 10 [Event Viewer] | Unlimited Solutions

how to find 0:00:57

how to find system logs on android

How to Access 0:02:09

How to Access Windows 10 Event Logs | Locate & Analyze Like a Pro!

How to Event 0:03:56

How to Event Log Login and Shutdown Activities in Windows 10/8/7

How To Use 0:08:00

How To Use The Windows Event Viewer For Cyber Security Audit

How to collect 0:05:44

How to collect Microsoft Intune log files from Windows 10

How to Quickly 0:02:09

How to Quickly Check the Crash Log on Windows 11

INTERNATIONAL WEBINAR: Cybersecurity 2:05:15

INTERNATIONAL WEBINAR: Cybersecurity in the Age of IoT: Protecting a Hyperconnected World

Get System Logs 0:09:16

Get System Logs with Promtail Loki Grafana

How to collect 0:03:04

How to collect System Platform logs

Log Files - 0:09:49

Log Files - SY0-601 CompTIA Security+ : 4.3

How to Collect 0:27:48

How to Collect Logs with OpenTelemetry: A Beginner's Guide

How to Check 0:01:53

How to Check User Login History in Windows 11/10 [Tutorial]

How to use 0:05:33

How to use LogCat to capture debug logs from an Android device

How to get 0:01:52

How to get the android log files in Android Mobile Phone ??

How to use 0:10:23

How to use splunk to analyze a realtime log | Splunk tutorial

How to show 0:01:16

How to show System Event Log

Collect ADB logs 0:05:33

Collect ADB logs using simple ADB commands

IOS XE - 0:03:29

IOS XE - How to collect logs

Filtering .log files, 0:15:36

Filtering .log files, with cat, grep, cut, sort, and uniq

ADD NODE TO 0:09:24

ADD NODE TO GRAYLOG SERVER To Collect its System Logs

How to Collect 0:06:37

How to Collect Logs from CUCM

PowerStore Log Collection 0:04:47

PowerStore Log Collection

Комментарии
Автор

Hey All. Please let me know how useful this tool gonna be for your day to day life in Incident Response.. Also post all of your queries down here. I will be happy to help!! Enjoy IR Flash!!

BlackPerl
Автор

Nice Video Archan...Content Request: Can you make an exclusive video on MITRE please?

parulkhedwal
Автор

Here in 50secs of upload... Big fan of your work...Many thanks for sharing this will definitely try this out

samvarun
Автор

Excellent work!! This gonna make my life easier from now on!! 😍😍

futurebuddies
Автор

Can't Thank you enough for sharing this one.. Amazing...

zivakhan
Автор

Hello Archan
I have tried to run the batch file from D:\ drive I faced permission issue ( Access denied ), so I copied "IR-Dump" at the root of C and run the batch file from there, then it worked !
This said, I would like to say thank you for sharing this

ParlonsCybersecurite
Автор

Brother, Can't thank you enough for the tool! I have been watching your training, it's really good. Kudos !! if you could do some training on forensics it would be appreciated.

dipubabu
Автор

Excellent work man!! Anything similar you have your arsenal for Linux?

ronmac
Автор

Hi bro.
Can you explain the each logs and it's usage for forensic investigation.

Is there any automated way to find anomalies using the IR flash collect logs and data.

jackjk
Автор

Awesome Archan !! How about getting these event logs into ELK test instance for further analysis? In an automated way.

VaibhavKrishna
Автор

Excellent work. Thanks for sharing this with us.

Recently I have started working in IR and learning about various artifacts that can be collected depending on the nature of the investigation.

I have a question regarding the selection of artifacts this script collects, did you select these artifacts based your previous experience with DFIR investigations where these were found as most valuable or are these based on certain standard procedure guidelines for conducting IR investigations ?

nuszkat
Автор

A linux tool like this would be awesome!

Nick-snbl
Автор

Could you please guide how to develop your IR-Dump exe application?

ManojKumar-ytne
Автор

hey, bro your videos and their contents are really good and quality stuff. I'm really thankful that you sharing your knowledge and your time giving out for free. must say that this script is really saving the day bro thanks again.don't ever stop this it's really helping us your content keep up the good work

sadunigunasinha