Add SSH artifacts collection (Get-SSHArtifacts.ps1)
Collect SSH forensic data: known hosts with counts, SSH config, keys, authorized_keys, PuTTY sessions, and server logs. Update TODO.md with completed scripts.
This commit is contained in:
18
TODO.md
18
TODO.md
@@ -10,6 +10,9 @@
|
||||
- [x] Network Connection History
|
||||
- [x] Hotspot Connections
|
||||
- [x] Recent Documents (RecentDocs)
|
||||
- [x] System Information (Get-Info.ps1)
|
||||
- [x] User Accounts (Get-Users.ps1)
|
||||
- [x] SSH sessions and known hosts
|
||||
|
||||
### User Activity Artifacts
|
||||
- [ ] UserAssist - Programs run by user through Windows Explorer
|
||||
@@ -48,6 +51,21 @@
|
||||
- [ ] VPN connections
|
||||
- [ ] Remote Desktop connections
|
||||
|
||||
### Developer & Security Artifacts
|
||||
- [x] SSH sessions and known hosts
|
||||
- [ ] Git repositories and commit history
|
||||
- [ ] WSL (Windows Subsystem for Linux) artifacts
|
||||
- [ ] PowerShell history (ConsoleHost_history.txt)
|
||||
- [ ] Terminal/Command Prompt history
|
||||
- [ ] Docker containers and images
|
||||
- [ ] Virtual machines (VirtualBox, VMware, Hyper-V)
|
||||
- [ ] IDE recent projects (VS Code, Visual Studio, JetBrains)
|
||||
- [ ] Package manager caches (npm, pip, cargo, nuget)
|
||||
- [ ] Environment variables and PATH modifications
|
||||
- [ ] Installed development tools and SDKs
|
||||
- [ ] Code signing certificates
|
||||
- [ ] API keys and tokens in config files
|
||||
|
||||
## Other Operating Systems
|
||||
|
||||
### Linux
|
||||
|
||||
Reference in New Issue
Block a user