-
Notifications
You must be signed in to change notification settings - Fork 0
/
FileCatcherBeforeRemoval_READ_ME_EN.txt
54 lines (38 loc) · 2.65 KB
/
FileCatcherBeforeRemoval_READ_ME_EN.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
Tool name: FileCatcherBeforeRemoval.exe
Version: 1.0
SHA256 checksum: 4E8462D6FC4874D74E4E2E4F48E020F5911CE96E20F9356811B7EDDCBB56ACB1
File Size: 27.5 KB
Written in PowerShell (built on top of the .NET Framework and .NET Core).
Compiled to an .exe executable file with the MZ file header.
Author: Michał Sołtysik
Cybersecurity Analyst & Consultant | Deep Packet Inspection Analyst | Digital Forensics Examiner | SOC Trainer | CyberWarfare Organizer
LinkedIn: https://www.linkedin.com/in/michal-soltysik-ssh-soc/
Email: [email protected]
Purpose: This script continuously monitors a specified file for changes and copies it to the user's desktop when modifications occur.
License: Free for personal and commercial use.
Here's a step-by-step breakdown of what the script does:
1. Print Information:
- Prints application and license information in green color, welcoming the user to "FileCatcherBeforeRemoval" and providing instructions for running the script as an administrator.
- Displays information about the creator, including his name, role, and LinkedIn profile.
2. Error Handling Function:
- Defines a function named Handle-Error to handle errors by displaying error messages in red and exiting the script with an exit code of 1.
3. Set Execution Policy:
- Attempts to change the execution policy to Unrestricted for the current session. If unsuccessful, it calls the error handling function to display an error message.
4. Start Transcript Logging:
- Begins logging script output to a text file named "FileCatcherBeforeRemoval_log.txt" on the user's desktop, appending to the existing log if it already exists.
5. Prompt User Input:
- Prompts the user to enter the source file to monitor.
6. Define Destination Directory:
- Sets the desktop as the destination directory for copied files.
7. Continuous Monitoring Loop:
- Enters a loop that continuously checks for changes in the specified source file. If changes are detected, it copies the file to the destination directory, overwriting it if it already exists.
8. Error Handling:
- Catches and displays any errors that occur during the monitoring process.
9. Allow User to Exit:
- Allows the user to exit the monitoring loop by pressing CTRL+C. When detected, it stops the loop and displays a message indicating that monitoring has been stopped by the user.
10. Stop Transcript Logging:
- Stops logging script output and saves the transcript log to the specified file path.
11. Display Transcript Log Location:
- Informs the user of the location where the transcript log has been saved.
12. End of Script:
- Marks the end of the script.