Windows IR Scripting
Below is the IR Script that I produced for Windows systems. The test machine was Windows 2016 Core running inside of VMware Fusion 8. I’ve included some tools for the most commonly requested information. As an incident handler, I believe it is better to use the least complicated tools possibly to get the job done, therefore, avoiding unnecessary complications that run the risk of jeopardizing an incident response investigation. Batch scripting is also within my comfort zone. Another benefit of batch scripting is that they require the least amount of time to prepare and have proven to be very reliable across multiple operating system distributions.