NetMonitorforEmployeesProfessional
Appsv1
Author: Tristan PINCEAUX - CERT CWATCH - ALMOND
description
Net Monitor for Employees Pro
paths
6 paths
› paths use Windows environment syntax
collection commands
# PowerShell Artifact Collection Script
# Target: NetMonitorforEmployeesProfessional
# Run as Administrator
#Requires -RunAsAdministrator
$ErrorActionPreference = "SilentlyContinue"
$DestBase = "D:\Evidence"
# Function to handle artifact collection with robocopy
function Collect-Artifact {
param (
[string]$SourceDir,
[string]$FolderName,
[string]$FileMask = "*"
)
$FullDest = Join-Path -Path $DestBase -ChildPath $FolderName
robocopy "$SourceDir" "$FullDest" "$FileMask" /E /COPY:DAT /R:0 /W:0 /NP /NFL /NDL /NJH /NJS | Out-Null
}
# 1. Net Monitor Server Logs
$UserPath = Join-Path $env:USERPROFILE ""
Collect-Artifact -SourceDir "$UserPath" -FolderName "Net_Monitor_Server_Logs"
# 2. Net Monitor Server Data
Collect-Artifact -SourceDir "C:\ProgramData\Net Monitor for Employees Pro\data\" -FolderName "Net_Monitor_Server_Data"
# 3. Net Monitor Server Config
Collect-Artifact -SourceDir "C:\ProgramData\Net Monitor for Employees Pro\config\" -FolderName "Net_Monitor_Server_Config"
# 4. Net Monitor Server Temp Folder
Collect-Artifact -SourceDir "C:\ProgramData\Net Monitor for Employees Pro\tmp\" -FolderName "Net_Monitor_Server_Temp_Folder"
# 5. Net Monitor Client Logs
Collect-Artifact -SourceDir "C:\Program Files*\Net Monitor for Employees Pro\log\" -FolderName "Net_Monitor_Client_Logs"
# 6. Net Monitor Client Config
Collect-Artifact -SourceDir "C:\Program Files*\Net Monitor for Employees Pro\config\" -FolderName "Net_Monitor_Client_Config"
Write-Host "Collection complete!" -ForegroundColor Green› Save as .ps1 and run as Administrator. Use: powershell -ExecutionPolicy Bypass -File script.ps1