Emergency Forensics window script (in beta)

The first edition, the test found that there are still a lot of problems, continue to improve

:: Forensics Contingency Script v1.0::2018/4/20del C:\antiy_information.txtdel C:\antiy_executablepath.csvdel c:\antiy_process.htmldel C : \antiy_startup.csvchcp 65001@echo *******************************************>> c:\antiy_information.txt@ echo * antiy information gathering *>> C:\antiy_information.txt@echo ***********************************   >> c:\antiy_information.txt:: Do not display the command line itself @echo off:: Get system time echo ************************************ System Time *******************************>>c:\antiy_information.txtdate/t>>c:\antiy_ Information.txttime/t>>c:\antiy_information.txtecho Get system time success!:: Get host information echo ******************** HOST Name *******************************>>c:\antiy_information.txthostname>>c:\ Antiy_information.txtecho ************************************ User Name *******************************>>c: \antiy_information.txtwhoami>>c:\antiy_information.txtecho *****************System Version *******************************>>c:\antiy_information.txtver>>c:\  Antiy_information.txtecho Get System Information success!:: Get process and corresponding network information echo ********************get process Path and Net Information***************************>>c:\antiy_information.txtnetstat-bno>>c:\antiy_ Information.txtecho get process Path and Net information success!:: Process information get echo ********************get process Informat Ion (Taskkill) ***************************>>c:\antiy_information.txttasklist>>c:\antiy_       Information.txtecho Get Process information success!:: Network information get echo ********************get net config inforemation >>c:\antiy_information.txtipconfig>>c:\antiy_information.txtecho Get Net Config information success!:: Network connection get echo ********************get net connection inforemation ******************** >>c:\antiy_information.txtnetstat-ano>>c:\antiy_information.txtecho Get NET connection information success!::wmic process path get echo ***********************************wmic pprocess path***** >>c:\antiy_information.txtwmic Process List Full/format:hform>>c:\antiy_ Process.html::wmic Process List brief/format:hform>>c:\antiy_information.html::wmic process get description, Executablepath,commandline,processid,parentprocessid/format:hform>>c:\antiy_information2.csvwmic process Get Executablepath,processid>>c:\antiy_executablepath.csvecho wmic pprocess Path success!:: Startup item wmic startup > >c:\antiy_startup.csvecho Get startup Inforemation success!:: Scheduled Task echo **************************************** Task LIST************************************>>C:\ANTIY_INFORMATION.TXTSCHTASKS/QUERY/FO List/v>>c:\ Antiy_information.txtecho Get tasklist success!:: Service echo ***********************************services LIST*********** >>C:\ANTIY_INFORMATION.TXTSC Query State=all>>c:\antiy_information.txtecho Get Services list Success!echo logs save to C:\antiy_*.* Path.pause 

Emergency Forensics window script (in test)