procbins

compresses all process binaries into a zip file

This tool is intended to be used for forensic triage.

Usage

Usage:
  procbins ZIPFILE

compresses all process binaries into a zip file

Positional arguments:
  zipfile               name of the destination zip file

Optional arguments:
  -h,--help             Show this help message and exit

Features

• applies the original folder structure into the zip file, to prevent problems with duplicate file names
• writes log messages to messages.log, which will also be part of the zip file
• writes SHA1 hashes to sha1_hashes.csv, which will also be part of the zip file

Download