Professional Documents
Culture Documents
dd.exe
attrib.exe
strings.exe
mem.exe
mem.exe
psinfo.exe
hostname.exe
uname.exe
uptime.exe
uptime.exe
psuptime.exe
whoami.exe
net.exe
net.exe
net.exe
net.exe
net.exe
net.exe
net.exe
net.exe
net.exe
net.exe
net.exe
net.exe
auditpol.exe
pclip.exe
pslist.exe
ps.exe
listdlls.exe
pstat.exe
tlist.exe
tlist.exe
tlist.exe
cmdline.exe
handle.exe
psservice.exe
sc.exe
servicelist.exe
drivers.exe
ipconfig.exe
iplist.exe
arp.exe
route.exe
netstat.exe
fport.exe
openports.exe
ipxroute.exe
nbtstat.exe
nbtstat.exe
nbtstat.exe
hunt.exe
promiscdetect.exe
psloggedon.exe
netusers.exe
netusers.exe
ntlast.exe
ntlast.exe
ntlast.exe
ntlast.exe
dumpel.exe
dumpel.exe
dumpel.exe
psloglist.exe
psloglist.exe
psloglist.exe
psloglist.exe
ntfsinfo.exe
psfile.exe
hfind.exe
streams.exe
sfind.exe
efsinfo.exe
reg.exe
reg.exe
reg.exe
reg.exe
reg.exe
reg.exe
reg.exe
reg.exe
reg.exe
reg.exe
reg.exe
reg.exe
reg.exe
reg.exe
reg.exe
reg.exe
reg.exe
reg.exe
reg.exe
reg.exe
reg.exe
reg.exe
autorunsc.exe
regdmp.exe
RootkitRevealer.exe
md5sum.exe
now.exe
seccheck.exe
tasklist.exe
cmd.exe
cmd.exe
cmd.exe
cmd.exe
cmd.exe
cmd.exe
cmd.exe
cmd.exe
cmd.exe
cmd.exe
cmd.exe
cmd.exe
cmd.exe
cmd.exe
cmd.exe
INCIDENT RESPONSE CLI TOOLS
-R
/p
/d
-d -s -h
-a
/all
config rdr
user
group
localgroup
accounts
start
accounts /domain
share
view
session
use
file
-ealW
-v
-s
-c
/all
-a
/local /history
/local
-v -s
-v -f
-v -i
-v -r
-t -l system
-t -l security
-t -l application
-s system
-s application
-s security
http://www.mynetwatchman.com/tools/sc/
from a trusted system
cmd.exe from trusted source
cmd.exe from trusted source
cmd.exe from trusted source
cmd.exe from trusted source
cmd.exe from trusted source
cmd.exe from trusted source
cmd.exe from trusted source
cmd.exe from trusted source
cmd.exe from trusted source
cmd.exe from trusted source
cmd.exe from trusted source
cmd.exe from trusted source
cmd.exe from trusted source
cmd.exe from trusted source
cmd.exe from trusted source
nt/uptime/default.asp
nt/uptime/default.asp
xisting/drivers-o.asp
gation.htm&subcontent=/resources/proddesc/fport.htm
gation.htm&subcontent=/resources/proddesc/ntlast.htm
gation.htm&subcontent=/resources/proddesc/ntlast.htm
gation.htm&subcontent=/resources/proddesc/ntlast.htm
gation.htm&subcontent=/resources/proddesc/ntlast.htm
xisting/dumpel-o.asp
xisting/dumpel-o.asp
xisting/dumpel-o.asp
xisting/efsinfo-o.asp
bootup or login, and shows you the entries in the order Windows processes them
xisting/now-o.asp