-
Notifications
You must be signed in to change notification settings - Fork 386
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Create README.md for CollectSystemInfo tool
Signed-off-by: Vitalii Chulak <[email protected]>
- Loading branch information
1 parent
a81d3ab
commit cd547dd
Showing
1 changed file
with
49 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| # CollectSystemInfo | ||
|
|
||
| ## Overview | ||
|
|
||
| This PowerShell script is designed for comprehensive system diagnostics. It gathers a wide range of information, including system configuration, event logs, drivers, registry settings, update logs, services, uptime, processes, installed applications, installed KBs (knowledge base articles), and optionally, memory dumps. | ||
|
|
||
| The collected data is organized into a timestamped folder and then compressed into a ZIP archive for easy sharing and analysis. | ||
|
|
||
| ## Usage | ||
|
|
||
| 1. **Prerequisites:** | ||
| - PowerShell (Windows 10/Windows Server 2016 or later) | ||
| - Administrative privileges (for collecting event logs) | ||
| - Ensure the script runs with an unrestricted execution policy (for Windows 10 and Windows Server 2016): | ||
| ```powershell | ||
| Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process -Force | ||
| ``` | ||
|
|
||
| 2. **Running the Script:** | ||
| - Open PowerShell as an administrator. | ||
| - Navigate to the script's directory. | ||
| - Execute the script: | ||
| ```powershell | ||
| .\CollectSystemInfo.ps1 -IncludeSensitiveData | ||
| ``` | ||
| - `-IncludeSensitiveData`: Optional switch to include memory dumps in the collection (use with caution). | ||
|
|
||
| 3. **Output:** | ||
| - A folder named `SystemInfo_YYYY-MM-DD_HH-MM-SS` will be created in the script's directory. | ||
| - This folder contains the collected data files. | ||
| - A ZIP archive named `SystemInfo_YYYY-MM-DD_HH-MM-SS.zip` will also be created. | ||
|
|
||
| ## Data Collected | ||
|
|
||
| - `msinfo32.txt`: Detailed hardware and software configuration report. | ||
| - `system.evtx`, `security.evtx`, `application.evtx`: System, Security, and Application event logs. | ||
| - `drv_list.csv`: List of all installed drivers. | ||
| - `virtio_disk.txt`: Specific configuration details for Virtio-Win storage drivers. | ||
| - `WindowsUpdate.log`: Detailed logs of Windows Update activity. | ||
| - `Services.csv`: List of services and their status. | ||
| - `WindowsUptime.txt`: Duration since the last system boot. | ||
| - `RunningProcesses.csv`: Snapshot of active processes. | ||
| - `InstalledApplications.csv`: List of installed applications. | ||
| - `InstalledKBs.csv`: List of installed Windows updates. | ||
| - `MEMORY.DMP` and `Minidump` folder: Full or mini memory dumps (if `-IncludeSensitiveData` is used). | ||
|
|
||
| ## Contributing | ||
|
|
||
| Contributions are welcome! Feel free to open issues or submit pull requests. |