-
Notifications
You must be signed in to change notification settings - Fork 0
/
DirectoryCatcherBeforeRemoval_READ_ME_EN.txt
54 lines (38 loc) · 2.72 KB
/
DirectoryCatcherBeforeRemoval_READ_ME_EN.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
Tool name: DirectoryCatcherBeforeRemoval.exe
Version: 1.0
SHA256 checksum: A3A93876568D3C0DF66F24D9B26EBD0EE3D88EDDC171BD6C3A820453F32FDCA3
File Size: 27.5 KB
Written in PowerShell (built on top of the .NET Framework and .NET Core).
Compiled to an .exe executable file with the MZ file header.
Author: Michał Sołtysik
Cybersecurity Analyst & Consultant | Deep Packet Inspection Analyst | Digital Forensics Examiner | SOC Trainer | CyberWarfare Organizer
LinkedIn: https://www.linkedin.com/in/michal-soltysik-ssh-soc/
Email: [email protected]
Purpose: This script is designed to monitor a specified directory for changes and copy its contents to another directory continuously.
License: Free for personal and commercial use.
Here's a step-by-step breakdown of what the script does:
1. Print Information:
- Prints application and license information in green color, welcoming the user to "DirectoryCatcherBeforeRemoval" and providing instructions for running the script as an administrator.
- Displays information about the creator, including his name, role, and LinkedIn profile.
2. Error Handling Function:
- Defines a function named Handle-Error to handle errors by displaying error messages in red and exiting the script with an exit code of 1.
3. Set Execution Policy:
- Attempts to change the execution policy to Unrestricted for the current session. If unsuccessful, it calls the error handling function to display an error message.
4. Start Transcript Logging:
- Begins logging script output to a text file named "DirectoryCatcherBeforeRemoval_log.txt" on the user's desktop, appending to the existing log if it already exists.
5. Prompt User Input:
- Prompts the user to enter the source directory path to monitor.
6. Define Destination Directory:
- Sets the destination directory for copied files to a folder named "CaughtDirectory" on the user's desktop.
7. Continuous Monitoring Loop:
- Enters a loop that continuously checks for changes in the specified source directory. If changes are detected, it copies the entire directory and its contents to the destination directory.
8. Error Handling:
- Catches and displays any errors that occur during the monitoring process.
9. Allow User to Exit:
- Allows the user to exit the monitoring loop by pressing CTRL+C. When detected, it stops the loop and displays a message indicating that monitoring has been stopped by the user.
10. Stop Transcript Logging:
- Stops logging script output and saves the transcript log to the specified file path.
11. Display Transcript Log Location:
- Informs the user of the location where the transcript log has been saved.
12. End of Script:
- Marks the end of the script.