Symantec_AV_Logs

AntivirusCompoundv1.3

Author: Brian Maloney

description

Symantec AV Logs

includes (1)

ApplicationEvents 4 paths →

paths

4 pathsfrom 1 targets

› paths use Windows environment syntax

collection commands

source:

destination:

# PowerShell Collection Script
# Target: Symantec_AV_Logs (Compound Target)
# Use KAPE for compound target collection:
# kape.exe --tsource C: --tdest D:\Evidence --target Symantec_AV_Logs

Write-Host "For compound targets, use KAPE directly for best results." -ForegroundColor Yellow

› Save as .ps1 and run as Administrator. Use: powershell -ExecutionPolicy Bypass -File script.ps1

Note: This is a compound target that references 1 other targets. KAPE will automatically collect all referenced artifacts.

references

https://malwaremaloney.blogspot.com/p/all-things-symantec.html

// description

// includes (1)

// paths

// collection commands

// references

description

includes (1)

paths

collection commands

references