From cd547dd361efb116503fa0075948acd3907dc0e4 Mon Sep 17 00:00:00 2001 From: Vitalii Chulak Date: Thu, 18 Jul 2024 16:34:41 +0300 Subject: [PATCH] Create README.md for CollectSystemInfo tool Signed-off-by: Vitalii Chulak --- Tools/debug/README.md | 49 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 Tools/debug/README.md diff --git a/Tools/debug/README.md b/Tools/debug/README.md new file mode 100644 index 000000000..2f2537c78 --- /dev/null +++ b/Tools/debug/README.md @@ -0,0 +1,49 @@ +# CollectSystemInfo + +## Overview + +This PowerShell script is designed for comprehensive system diagnostics. It gathers a wide range of information, including system configuration, event logs, drivers, registry settings, update logs, services, uptime, processes, installed applications, installed KBs (knowledge base articles), and optionally, memory dumps. + +The collected data is organized into a timestamped folder and then compressed into a ZIP archive for easy sharing and analysis. + +## Usage + +1. **Prerequisites:** + - PowerShell (Windows 10/Windows Server 2016 or later) + - Administrative privileges (for collecting event logs) + - Ensure the script runs with an unrestricted execution policy (for Windows 10 and Windows Server 2016): + ```powershell + Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process -Force + ``` + +2. **Running the Script:** + - Open PowerShell as an administrator. + - Navigate to the script's directory. + - Execute the script: + ```powershell + .\CollectSystemInfo.ps1 -IncludeSensitiveData + ``` + - `-IncludeSensitiveData`: Optional switch to include memory dumps in the collection (use with caution). + +3. **Output:** + - A folder named `SystemInfo_YYYY-MM-DD_HH-MM-SS` will be created in the script's directory. + - This folder contains the collected data files. + - A ZIP archive named `SystemInfo_YYYY-MM-DD_HH-MM-SS.zip` will also be created. + +## Data Collected + +- `msinfo32.txt`: Detailed hardware and software configuration report. +- `system.evtx`, `security.evtx`, `application.evtx`: System, Security, and Application event logs. +- `drv_list.csv`: List of all installed drivers. +- `virtio_disk.txt`: Specific configuration details for Virtio-Win storage drivers. +- `WindowsUpdate.log`: Detailed logs of Windows Update activity. +- `Services.csv`: List of services and their status. +- `WindowsUptime.txt`: Duration since the last system boot. +- `RunningProcesses.csv`: Snapshot of active processes. +- `InstalledApplications.csv`: List of installed applications. +- `InstalledKBs.csv`: List of installed Windows updates. +- `MEMORY.DMP` and `Minidump` folder: Full or mini memory dumps (if `-IncludeSensitiveData` is used). + +## Contributing + +Contributions are welcome! Feel free to open issues or submit pull requests.