RichE Posted July 28, 2008 Share Posted July 28, 2008 Hi All, I wrote this (original version, very basic) years ago when i did IT forensics for Newcastle Council, and decided to rewrite it. it grabs the SID's from the registry of user accounts, and can be used to associate files at SID level (has been used in court to prove files belong to a particular user, by Newcastle Council), this version is untested and may contain errors or bugs, which I will resolve when i've more time. Anyways heres the sauce. feedback as always. RichE [font="'Arial Narrow';"]Current projects[/font] [font="'Arial Narrow';"]are on my site [/font]Sellostring Link to comment Share on other sites More sharing options...
RichE Posted July 28, 2008 Author Share Posted July 28, 2008 I've just took a peruse through my code and found that it's already done, (can't remember doing it, must have been a BRCI (Beer Related Coding Insident)). it outputs the SID's found to a nicely formated word document (which then opens via IE), but ignores the system default SID's, just in case you've PC's that are used by multiple people as the list could get quite long. I did amend the code slightly to point at the "@programfilesdir" as my window installation isn't in the usual place and threw a wobbler when trying to open IE. you never know someone in a prosocution (or defense) case my find this useful.Hivelister.au3 RichE [font="'Arial Narrow';"]Current projects[/font] [font="'Arial Narrow';"]are on my site [/font]Sellostring Link to comment Share on other sites More sharing options...
ResNullius Posted July 28, 2008 Share Posted July 28, 2008 I've just took a peruse through my code and found that it's already done, (can't remember doing it, must have been a BRCI (Beer Related Coding Insident)).it outputs the SID's found to a nicely formated word document (which then opens via IE), but ignores the system default SID's, just in case you've PC's that are used by multiple people as the list could get quite long.I did amend the code slightly to point at the "@programfilesdir" as my window installation isn't in the usual place and threw a wobbler when trying to open IE.you never know someone in a prosocution (or defense) case my find this useful.On my computer with XP Pro w/ SP3, this is only returning the SID of the currently logged on account(s).I've found it more reliable to use WMI for this task.Also, why save as a "doc" file if it's only plain html?Why not save as an html file, then use ShellExecute($file) instead of your Run line to open in the user's default browser? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now