tag:blogger.com,1999:blog-1547389155659419533.post7859974763802055184..comments2024-03-24T13:20:58.768-04:00Comments on BriMor Labs: Live Response Collection - CedarpeltaBrian Moranhttp://www.blogger.com/profile/10916463151597324052noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-1547389155659419533.post-48325269272518601652019-06-26T21:36:05.380-04:002019-06-26T21:36:05.380-04:00Thanks so much for pointing that out. I didn't...Thanks so much for pointing that out. I didn't realize that the updated SDelete had command line option changes, I will work on getting that fixed and updated as soon as possible!Brian Moranhttps://www.blogger.com/profile/10916463151597324052noreply@blogger.comtag:blogger.com,1999:blog-1547389155659419533.post-90346079641054496222019-06-26T13:28:33.629-04:002019-06-26T13:28:33.629-04:00Hi,
I had reason to run your "Live Response ...Hi,<br /><br />I had reason to run your "Live Response Collection – Cedarpelta Build" tools today on a Windows 10 OS and just thought I'd mention a tweak I think is needed to one of the scripts.<br /><br />I ran the Secure Triage option which appears to have worked, except for the script failing to tidy up the unencrypted verison of the files after the encrypted zip had been created.<br /><br />It looks like the sdelete parameters have changed between v1.61 and v2.02 (the version distributed with the tool now) and the following lines in the script "Scripts\Windows-Modules\SecureData.bat” need to be changed from:<br /><br />"%TOOLSCRIPTPATH%sdelete\sdelete.exe" -a /accepteula -q -s "%TRIMMEDSCRIPTPATH%%computername%%dt%" <br /><br />to (I think):<br /><br />"%TOOLSCRIPTPATH%sdelete\sdelete.exe" -r -nobanner -s "%TRIMMEDSCRIPTPATH%%computername%%dt%" <br /><br />e.g. v2.02 of sdelete doesn't seem to support the -a option and has changed it to -r, and I think -nobanner has replaced the /accepteula option, and I can't see a -q option any more to not write out errors, but I guess you could use 2>nul ?<br /><br />Hope this helps.Anonymousnoreply@blogger.com