RemoteAdmin

CompoundCompoundv2.1

Author: Drew Ervin, Mathias Frank, Andrew Rathbun, Phill Moore

description

Composite target for files related to remote administration tools

collection commands

source:

destination:

# PowerShell Collection Script
# Target: RemoteAdmin (Compound Target)
# Use KAPE for compound target collection:
# kape.exe --tsource C: --tdest D:\Evidence --target RemoteAdmin

Write-Host "For compound targets, use KAPE directly for best results." -ForegroundColor Yellow

› Save as .ps1 and run as Administrator. Use: powershell -ExecutionPolicy Bypass -File script.ps1

Note: This is a compound target that references 29 other targets. KAPE will automatically collect all referenced artifacts.

references

For those looking to contribute to this list, check here for ideas: https://en.wikipedia.org/wiki/Comparison_of_remote_desktop_software.

Install one of the applications not covered above and find where useful information is stored. If useful information can be located, make an individual Target for it and place in the appropriate folder. Then, include that Target in the appropriate Compound Target.

RemoteAdmin

description

includes (26)

paths

collection commands

references

// description

// includes (26)

// paths

// collection commands

// references

description

includes (26)

paths

collection commands

references