Scribd
Upload
7 views1 page

Command Practice DEA

The document provides a list of commands to run in both PowerShell and Command Prompt for various administrative tasks, including retrieving file hashes, checking network sessions, and gathering system information. It also outlines methods for collecting non-volatile information, such as navigating to specific directories and using the registry editor for system analysis. Key registry paths for product information, shutdown times, and timezone settings are highlighted for further investigation.

Uploaded by

Abhi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
7 views1 page

Command Practice DEA

The document provides a list of commands to run in both PowerShell and Command Prompt for various administrative tasks, including retrieving file hashes, checking network sessions, and gathering system information. It also outlines methods for collecting non-volatile information, such as navigating to specific directories and using the registry editor for system analysis. Key registry paths for product information, shutdown times, and timezone settings are highlighted for further investigation.

Uploaded by

Abhi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 1

Commands

---------------------------
run as administrator Powershell --> Get-FileHash C:\Users\Hp\Desktop\New folder\
memorydump.mem -Algorithm MD5

run as administrator Command Prompt --> date /t & time /t


run as administrator Command Prompt --> net sessions
run as administrator Command Prompt --> net file
run as administrator Command Prompt --> Netstat -ano
run as administrator Command Prompt --> nbtstat -A [IP address]
run as administrator Command Prompt --> TaskList /v
run as administrator Command Prompt --> netstat -o
run as administrator Command Prompt --> ipconfig /all
run as administrator Command Prompt --> wmic service list brief | more
run as administrator Command Prompt --> net share
run as administrator Command Prompt --> doskey /history
------------------------------------------
Collecting Non volatile Information
------------------------------------------
you can navigate to C:\Windows\SoftwareDistribution\DataStore and understand
DateStore.edb file there
cmd --> dir

run as administrator Command Prompt --> cd C:\ProgramData\Microsoft\Search\Data\


Applications\Windows
then type-->DIR and

for hidden partition information tools like >> find & Mount

press win+R type sysdm.cpl > systemProperties > Advance tab> Startup and Recovery

understand file at path for registry analysis C:\Windows\System32\config

win>registry editor
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName >>
you can get your Desktop name by registryavailable there.

Information related to the Product Name, Current Build Number,Registered Owner,etc


can be found in the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion

for windows shutdown time:


HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Windows

For timezone settings:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation

for event related information:


Control Panel\All Control Panel Items\Windows Tools
check here:
Event Viewer

You might also like