Added files via upload

Added remote Forensic Analyst communication through text file
AJMartel · Apr 18, 2016 · dd3209c · dd3209c
1 parent be47463
commit dd3209c
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 13 deletions.
diff --git a/IRTriage.au3 b/IRTriage.au3
@@ -8,13 +8,13 @@
 #pragma compile(FileDescription, IRTriage - Digital Forensic Incident Response Triage Tool)
 #pragma compile(ProductName, IRTriage)
 #pragma compile(ProductVersion, 2)
-#pragma compile(FileVersion, 2.16.04.12)
+#pragma compile(FileVersion, 2.16.04.18)
 #pragma compile(InternalName, "IRTriage")
 #pragma compile(LegalCopyright, © 2016 Alain Martel)
 #pragma compile(LegalTrademarks, 'Released under GPL 3, Free Open Source Software')
 #pragma compile(OriginalFilename, IRTriage.exe)
 #pragma compile(ProductName, Incident Response Triage)
-#pragma compile(ProductVersion, 2.16.04.12)
+#pragma compile(ProductVersion, 2.16.04.18)
 #AutoIt3Wrapper_icon=Compile\IRTriage.ico
 ;#Compiler_Res_Language=1033
 ;#AutoIt3Wrapper_Res_Language=1033
@@ -25,7 +25,7 @@
 
 	Script Function:	Forensic Triage Application
 
-	Version:		2.16.04.12       (Version 2, Last updated: 2016 Apr 12)
+	Version:		2.16.04.18       (Version 2, Last updated: 2016 Apr 18)
 
 	Original Author:	Michael Ahrendt (TriageIR v.851 last uploaded\modified 9 Nov 2012)
                            https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/triage-ir/TriageIR%20v.851.zip
@@ -137,7 +137,7 @@
 #include <StringConstants.au3>   ;Update
 #Include <WindowsConstants.au3>
 
-Global  $Version = "2.16.04.12"                                      ;Added to facilitate display of version info (MajorVer.YY.MM.DD)
+Global  $Version = "2.16.04.18"                                      ;Added to facilitate display of version info (MajorVer.YY.MM.DD)
 Global 	$tStamp = @YEAR & @MON & @MDAY & @HOUR & @MIN & @SEC
 Global	$RptsDir = @ScriptDir & "\" & $tStamp & "-" & @ComputerName
 Global	$EvDir = $RptsDir & "\Evidence\"
@@ -315,7 +315,7 @@ Func TriageGUI()						;Creates a graphical user interface for Triage
    Global 	$PF_chk, $RF_chk, $sysint_chk
    Global 	$md5_chk, $sha1_chk, $regrip_chk, $MFTDump_chk, $compress_chk
    Global	$VS_PF_chk, $VS_RF_chk, $VS_JmpLst_chk, $VS_EvtCpy_chk, $VS_SYSREG_chk, $VS_SECREG_chk, $VS_SAMREG_chk, $VS_SOFTREG_chk, $VS_USERREG_chk
-   Global	$MFTg_chk, $LogFileg_chk, $CVE_2014_1812g_chk
+   Global	$MFTg_chk, $LogFileg_chk, $CVE_2014_1812g_chk, $analystMsgr
 
    GUICreate("Incident Response Triage: version "& $Version, 810, 300)
 
@@ -488,6 +488,8 @@ Func TriageGUI()						;Creates a graphical user interface for Triage
 			GUICtrlSetTip($compress_chk, "Use 7-zip to compress all collected evidence into one zipped archive.")
 		 $sysint_chk = GUICtrlCreateCheckbox("Add Registry Entry for SysInternals Suite.", 10, 130)
 			GUICtrlSetTip($sysint_chk, "Add registry entry to eliminate any risk of EULA stopping Sysinternals from running properly.")
+	  $analystMsgr = GUICtrlCreateCheckbox("Remote Forensic Analyst Messenger", 10,190)
+		GUICtrlSetTip($analystMsgr, "Open Analyst Messenger after acquisition completed.")
 
 	  GUICtrlCreateTabItem("") ; end tabitem definition
 
@@ -931,6 +933,12 @@ Func TriageGUI()						;Creates a graphical user interface for Triage
 				ShellExecute(@ScriptDir & '\Tools\NirSoft\CSVFileView.exe', ' "' & $Log &'"')
 			EndIf
 
+			If(GUICtrlRead($analystMsgr) = 1) Then
+				AnalystMsgrTools()
+				;Open Analyst Messenger after completion
+				ShellExecute(@ScriptDir & '\Tools\Misc\IRTriageMsgr.exe', ' "' & $RptsDir &'\AnalystMsg.txt"')
+			EndIf
+
 			If(GUICtrlRead($OpenCMD) = 1) Then
 				;Open Custom IRTriage Command Prompt after completion
 				Run(@ScriptDir & '\Tools\cmd.exe /K prompt %username%@%computername%$_$P$$$S', $RptsDir & "\", @SW_SHOWNORMAL )
@@ -3348,6 +3356,18 @@ Func CVETools()
 
 EndFunc
 
+Func AnalystMsgrTools()
+
+			If Not FileExists(@ScriptDir & "\Tools\Misc\") Then
+			   Do
+				  DirCreate(@ScriptDir & "\Tools\Misc\")
+			   Until FileExists(@ScriptDir & "\Tools\Misc\")
+			EndIf
+			   FileInstall(".\Compile\Tools\Misc\AnalystMsgr.exe", @ScriptDir & "\", 0)
+			   FileInstall(".\Compile\Tools\Misc\IRTriageMsgr.exe", @ScriptDir & "\Tools\Misc\", 0)
+
+EndFunc
+
 Func PrefetchParseTools()
 
 			If Not FileExists(@ScriptDir & "\Tools\NirSoft\") Then

diff --git a/IRTriage.exe b/IRTriage.exe
diff --git a/Update.nfo b/Update.nfo
@@ -1,15 +1,15 @@
 [IRTriage.exe]
-version=2.16.4.12
-date=2016/04/12 21:26
-Filesize=13776896
-CRC=7000B3C9
+version=2.16.4.18
+date=2016/04/18 10:42
+Filesize=15029248
+CRC=408CB393
 download=https://github.com/AJMartel/IRTriage/raw/master/IRTriage.exe
 changes=https://github.com/AJMartel/IRTriage/raw/master/Changes.txt
 
 [IRTriage.au3]
-version=2.16.04.12
-date=2016/04/12 21:25
-Filesize=196322
-CRC=6B72BE35
+version=2.16.04.18
+date=2016/04/18 10:42
+Filesize=197100
+CRC=2D1F57ED
 download=https://github.com/AJMartel/IRTriage/raw/master/IRTriage.au3
 changes=https://github.com/AJMartel/IRTriage/raw/master/Changes.txt