My last tutorial met the usefulness requirements, so as promised I am following up with another video, this time about using one of my favorite commands - robocopy*! (I like it even more because it sounds like a bad B Movie spin-off.) I'll also show you how to automate commands, so you don't have to wait for one to finish in order to start the next one... just click and run. Enjoy!
Using the Robocopy Command
Forensic4Cast Awards
If the other excellent bloggers out there haven't convinced you to submit your nominations for the Forensic4Cast awards, I'm here to remind you that this is an excellent way to show your appreciation for the people and products that help make our jobs better, and the DFIR community great. Take a few minutes to nominate your favorites!
* I'm not going to argue whether robocopy is "forensically sound" or not... please don't take this tutorial as an endorsement that it is or isn't. Either way, it's a great tool for different situations.
OK, I used robocopy just two days ago, and I was tearing my hair out....... For some reason by (what I thought at the time) properly slashing the root of source directory, I was getting massive failure. It wasn't until I took out the slash (M: vs M:\) that it actually worked. I'm still at a loss as to why.....
ReplyDeleteLessons learned..... Place a call to my smartie sis before reaching defcon4 stress levels! :)
Please keep the awesome videos coming, I, for one, am finding them seriously useful!
Interesting! We should discuss more... maybe over a latte? :)
DeleteSo glad these are useful... any recommendations for future vids?
netcat for windows ? ;)
ReplyDeleteMaybe do them per topic ?
Disk management ? (fdisk, format, chkdsk, etc - also potentially the differences between versions ? XP vs W7)
The mic/audio is a bit scratch, maybe look into that if you're going to do a weekly vid ;)
Batch scripting 101 would also be a great tutorial.
And if you are doing these with a bit of a forensics spin on them...netstat and how to use/read that, etc ?
-ren
Aren't batch files suppose to be run as .bat files instead of .cmd ? ;)
ReplyDelete-ren
@ren Thank you for sending on the ideas. I have been meaning to look into the mic issue... definitely annoying. Sorry about that.
ReplyDeleteFor the .cmd files, I am going to appeal to a higher power (i.e. Wikipedia... it's never wrong, rite?):
"The filename extension .bat was used in DOS, and the Windows 9x family of operating systems. The Microsoft Windows NT-family of operating systems and OS/2 added .cmd." (From "Batch file" article)
As far as I am aware, the .bat can still be used, but .cmd is the newer format.
.bat
ReplyDeleteThnx for making me feel old...
Oh the good old days of .bat and Logo programming...
;)
-ren