banner
andrewji8

Being towards death

Heed not to the tree-rustling and leaf-lashing rain, Why not stroll along, whistle and sing under its rein. Lighter and better suited than horses are straw sandals and a bamboo staff, Who's afraid? A palm-leaf plaited cape provides enough to misty weather in life sustain. A thorny spring breeze sobers up the spirit, I feel a slight chill, The setting sun over the mountain offers greetings still. Looking back over the bleak passage survived, The return in time Shall not be affected by windswept rain or shine.
telegram
twitter
github
HomeArchives

Windows Emergency Response Common Commands

#技术110
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
This text provides a list of commands and instructions for checking and managing system accounts, network connections, processes, startup items, services, network settings, system information, registry, system logs, and event logs. It also includes default locations for system logs such as system logs, application logs, and security logs.

System Account Detection

Query the current logged-in system sessions

query user

Kick a user out of a session

logoff ID

Open lusrmgr.msc to check for new/suspicious accounts

View network connections
View all TCP and UDP port connections on the local machine and their corresponding PIDs

netstat -ano

Print the routing table

route print

Check network proxy configuration

REG QUERY "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings"

Check processes

List all processes

tasklist

Forcefully terminate a process

taskkill /T /F /PID

Check startup items

View system boot time

net statistics workstation

View system scheduled tasks

schtasks /query /fo LIST /v

View program startup information

wmic startup get command,caption

View host service information

wmic service list brief

Network configuration information, including IP address, subnet mask, default gateway, etc.

ipconfig

System information, including operating system version, installation date, hardware information, etc.

systeminfo

Open Registry Editor to search for and modify system registry

regedit

Used to view and configure network settings, user accounts, and shared resources.

net

Used to view and configure Windows services

sc

Scan and repair system files

sfc /scannow

Detect and repair disk errors

chkdsk

Open System Configuration Utility to configure startup items and services

msconfig

System Log Audit

Type eventvwr.msc in the Run box to open Event Viewer

System Log

Records events generated by operating system components, including driver programs, system components, application software crashes, and data loss errors. The time types recorded in the system log are pre-defined by the Windows NT/2000 operating system. Default location: %SystemRoot%System32WinevtLogsSystem.evtx

Application Log

Contains events recorded by applications or system programs, mainly recording events related to program execution. For example, database programs can record file errors in the application log, and program developers can decide which events to monitor. If an application crashes, we can find the corresponding record from the program event log, which may help you solve the problem. Default location: %SystemRoot%System32WinevtLogsApplication.evtx

Security Log

Records system security audit events, including various types of login logs, object access logs, process tracking logs, privilege usage, account management, policy changes, and system events. The security log is also the most commonly used log in forensic investigations. By default, the security log is turned off, and administrators can use group policies to enable the security log or set audit policies in the registry to make the system stop responding when the security log is full. Default location: %SystemRoot%System32WinevtLogsSecurity.evtx

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.