This tool can collect different artifact on running system.
Like a kape but faster, more secure and open source in rust ๐ฆ.
You need to install rust on you computer.
You can use this following command to run the project for test:
cargo run --bin collector_cli -- -h
Or build in production mode:
cargo build --release --bin collector_cli
It's able to build rust project under linux to windows. To do that execute the following command
apt-get install gcc-mingw-w64-x86-64 -y
apt-get install gcc -y
apt-get install build-essential -y
rustup target add x86_64-pc-windows-gnu
after that you can build the project for example:
cargo build --target x86_64-pc-windows-gnu --bin collector_packer --release
The project is build to easy to run. You can just start the binary and the process go to start.
This tool was an artifact collector fast and secure. It can collect low level files.
Usage: collector_cli.exe [OPTIONS] [COMMAND]
Commands:
ressources Ressource list options
help Print this message or the help of the given subcommand(s)
Options:
-s, --source <SOURCE>
The source of collecting artifact [default: C:\]
-d, --destination <DESTINATION>
The destination of collecting artifact [default: .\out\]
-r, --ressources <RESSOURCES>
Ressources selection. You can list with "ressources" command. Exemple: MFT,Prefetch,EVTX [default: All]
-p, --path-ressources <PATH_RESSOURCES>
Path to artifact resources [default: .\ressources\]
--zip
Zip the output directory
--pass <PASS>
Set zip password
--vss
Collect from vss. (longer)
--log
Print log output in terminal. (longer)
-v, --verbose
Verbose log
-h, --help
Print help
-V, --version
Print version
- VSS (Collect from volume shadow copy)
- Add ZIP password
- Emebed config file and ressources to execute in click and lauch binary.
- Export to VHDX
At the end of this project, I developping a GUI to interact easier with the binary.