ISLOnline
Appsv1
Author: Thomas Burnette
description
ISLOnline Remote Access Tool
paths
8 paths
CommunicationsISLOnline Logs - Sessions - *.out
C:\Users\%user%\AppData\Local\ISL Online Cache\ISL Light Client\*\ISLClient.outCollects client session logs for one or more sessions
CommunicationsISLOnline Logs - Session Configurations
C:\Users\%user%\AppData\Local\ISL Online Cache\ISL Light Client\*\conf\*Configurations for ISL Light sessions
CommunicationsISL AlwaysOn Logs - Sessions List
C:\Program Files (x86)\ISL Online\ISL AlwaysOn\session.xmlCollects an xml file listing all sessions for ISL AlwaysOn (Unattended Access)
CommunicationsISL AlwaysOn Logs - Sessions
C:\Program Files (x86)\ISL Online\ISL AlwaysOn\sessions\*\trace.outDetailed log for each session for ISL AlwaysOn (Unattended Access)
CommunicationsISL AlwaysOn - App Logs
C:\Program Files (x86)\ISL Online\ISL AlwaysOn\*.outApplication logs containg various artifacts.
CommunicationsISL Light Logs - Sessions
C:\Users\%user%\AppData\Local\ISL Online Cache\ISL Light\*\trace.outCollects client session logs for one or more sessions
CommunicationsISL AlwaysOn - Email Configuration
C:\Program Files (x86)\ISL Online\ISL AlwaysOn\status\trayThis file includes the email of the logged in user for ISL AlwaysOn (Unattended Access)
CommunicationsISL AlwaysOn - Configuration
C:\Program Files (x86)\ISL Online\ISL AlwaysOn\StaticConfiguration.iniConfiguration information (port, http/htpps) for ISL AlwaysOn (Unattended Access)
› paths use Windows environment syntax
collection commands
# PowerShell Artifact Collection Script
# Target: ISLOnline
# Run as Administrator
#Requires -RunAsAdministrator
$ErrorActionPreference = "SilentlyContinue"
$DestBase = "D:\Evidence"
# Function to handle directory creation and copying
function Collect-Artifact {
param (
[string]$SourcePath,
[string]$FolderName
)
$FullDest = Join-Path -Path $DestBase -ChildPath $FolderName
if (-not (Test-Path -Path $FullDest)) {
New-Item -ItemType Directory -Path $FullDest -Force | Out-Null
}
Copy-Item -Path $SourcePath -Destination $FullDest -Recurse -Force
}
# 1. ISLOnline Logs - Sessions - *.out
$UserPath = Join-Path $env:USERPROFILE "AppData\Local\ISL Online Cache\ISL Light Client\*\"
Collect-Artifact -SourcePath "$UserPath\ISLClient.out" -FolderName "ISLOnline_Logs___Sessions_____out"
# 2. ISLOnline Logs - Session Configurations
$UserPath = Join-Path $env:USERPROFILE "AppData\Local\ISL Online Cache\ISL Light Client\*\conf\"
Collect-Artifact -SourcePath "$UserPath\*" -FolderName "ISLOnline_Logs___Session_Configurations"
# 3. ISL AlwaysOn Logs - Sessions List
Collect-Artifact -SourcePath "C:\Program Files (x86)\ISL Online\ISL AlwaysOn\\session.xml" -FolderName "ISL_AlwaysOn_Logs___Sessions_List"
# 4. ISL AlwaysOn Logs - Sessions
Collect-Artifact -SourcePath "C:\Program Files (x86)\ISL Online\ISL AlwaysOn\sessions\*\\trace.out" -FolderName "ISL_AlwaysOn_Logs___Sessions"
# 5. ISL AlwaysOn - App Logs
Collect-Artifact -SourcePath "C:\Program Files (x86)\ISL Online\ISL AlwaysOn\\*.out" -FolderName "ISL_AlwaysOn___App_Logs"
# 6. ISL Light Logs - Sessions
$UserPath = Join-Path $env:USERPROFILE "AppData\Local\ISL Online Cache\ISL Light\*\"
Collect-Artifact -SourcePath "$UserPath\trace.out" -FolderName "ISL_Light_Logs___Sessions"
# 7. ISL AlwaysOn - Email Configuration
Collect-Artifact -SourcePath "C:\Program Files (x86)\ISL Online\ISL AlwaysOn\status\\tray" -FolderName "ISL_AlwaysOn___Email_Configuration"
# 8. ISL AlwaysOn - Configuration
Collect-Artifact -SourcePath "C:\Program Files (x86)\ISL Online\ISL AlwaysOn\\StaticConfiguration.ini" -FolderName "ISL_AlwaysOn___Configuration"
Write-Host "Collection complete!" -ForegroundColor Green› Save as .ps1 and run as Administrator. Use: powershell -ExecutionPolicy Bypass -File script.ps1