chapinb / lcdic Goto Github PK

View Code? Open in Web Editor NEW

This project forked from lcdi/lcdic

0.0 1.0 0.0 1.59 MB

Configurable collector for triage analysis on remote or attached systems

License: MIT License

Python 23.89% AutoIt 76.11%

lcdic's Introduction

Senator Patrick Leahy Center for Digital Investigations Collector

LCDI Collector

Written by Chapin Bryce

Usage

Since system files are accessed by the script, please launch all consoles as administrator to ensure Python has the privileges needed.

This was written and tested with Python 2.7 x64 on Windows 7 x64. Please report all bugs in the issues tab on http://Github.com/lcdi/lcdic

GUI:

python lcdic_gui.py

Follow the GUi steps to begin using the tool!

Command line:

python.exe lcdic.py -h
usage: lcdic.py [-h] [-c CONFIG] [-r RULE] C: /path/to/output list

LCDI Collector, a script to automate targeted collections. See config.ini to
set optional information and configurations

positional arguments:
  C:                    Path to the root of the targeted volume
  /path/to/output       Path to the root of the output directory, will create
						if it does not exist
  list                  Select OS. type `list` for list of supports OS's

optional arguments:
  -h, --help            show this help message and exit
  -c CONFIG, --config CONFIG
						Path to custom config file. Default is
						config/config.ini
  -r RULE, --rule RULE  Yara Search Term (single string keyword) or Path to
						custom Yara rules file. Sample located in
						config/yara.rules

Created by Chapin Bryce

In Example...

python lcdic.py E: \output\path [OS TYPE] -c [Config File] -r [YARA Rules]

Where E: is the mounted drive to collect from
- Can be mounted with F-response (not tested)
- Can be mounted with FTK Imager
- Can be a local directory of a non-system partition
Where \output\path is the path to the output
- Can be a full or relative path
Where [OS TYPE] is the OS to collect
- To get a list of supported OS's, type list