Jump to content

Hivelister

RichE

By RichE,
in AutoIt Example Scripts

 Share

Recommended Posts

RichE Adventurer

RichE

Posted
Posted

Hi All,

I wrote this (original version, very basic) years ago when i did IT forensics for Newcastle Council, and decided to rewrite it.

it grabs the SID's from the registry of user accounts, and can be used to associate files at SID level (has been used in court to prove files belong to a particular user, by Newcastle Council), this version is untested and may contain errors or bugs, which I will resolve when i've more time.

Anyways heres the sauce.

feedback as always.

post-4818-1217233242_thumb.jpg

RichE

[font="'Arial Narrow';"]Current projects[/font]

[font="'Arial Narrow';"]are on my site [/font]Sellostring

Link to comment
Share on other sites
RichE Adventurer

RichE

Posted
  • Author
Posted

I've just took a peruse through my code and found that it's already done, (can't remember doing it, must have been a BRCI (Beer Related Coding Insident)).

it outputs the SID's found to a nicely formated word document (which then opens via IE), but ignores the system default SID's, just in case you've PC's that are used by multiple people as the list could get quite long.

I did amend the code slightly to point at the "@programfilesdir" as my window installation isn't in the usual place and threw a wobbler when trying to open IE.

you never know someone in a prosocution (or defense) case my find this useful.

Hivelister.au3

RichE

[font="'Arial Narrow';"]Current projects[/font]

[font="'Arial Narrow';"]are on my site [/font]Sellostring

Link to comment
Share on other sites
ResNullius Universalist

ResNullius

Posted
Posted

I've just took a peruse through my code and found that it's already done, (can't remember doing it, must have been a BRCI (Beer Related Coding Insident)).

it outputs the SID's found to a nicely formated word document (which then opens via IE), but ignores the system default SID's, just in case you've PC's that are used by multiple people as the list could get quite long.

I did amend the code slightly to point at the "@programfilesdir" as my window installation isn't in the usual place and threw a wobbler when trying to open IE.

you never know someone in a prosocution (or defense) case my find this useful.

On my computer with XP Pro w/ SP3, this is only returning the SID of the currently logged on account(s).

I've found it more reliable to use WMI for this task.

Also, why save as a "doc" file if it's only plain html?

Why not save as an html file, then use ShellExecute($file) instead of your Run line to open in the user's default browser?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...