Releases · Gizmo44z/CyLR

Fixed SFTP issue preventing upload.
Appended collection timestamp to custom named collections.
No longer need to add ".zip" when using -of file names, but if you do, it will be removed since the timestamp change will automatically add the extension.
Adjusted collection of NTUSER.DAT files to be collected even if they have been encrypted or extension changed.
Added a quick line saying the zipping process complete to mark end of collection.
If using SFTP, it will then move to that step.

2023.07.11
• File naming now includes “_INCOMPLETE” at the end of the file name and removes it if CyLR runs successfully (prior to SFTP upload step)
• Added CMD information to prochash.csv
• Added prompts indicating the CyLR is running background processes at the start instead of a blank screen
• Added logical size to EXEHash.txt
• Added *.conf files to EXEHash.txt
• Switches used to run CyLR added to SysInfo.txt and collected on all runs
• Known files and hashes are flagged in SysInfo.txt
• Added additional paths to exclude from hashing to reduce false positives
• Added winscp.ini collection across the full drive
• New switch (-dt) to collect user Desktop folders
• New switch (-recycle) to collect Recycle Bin
• Consolidated user collections (code optimization)
• Added PDQ DB default location to collection

2023.01.24
• Fixed rclone.conf collection on fixed drives
• Removed false SFTP upload error message (please report any collection errors to CyLR request channel)
• Process Hashing added along with SysInfo and EXEHash files ("C:\prochash.csv" and will be deleted upon collection)
• Added "\Program Files\Microsoft\Exchange Server\V15\Logging\CmdletInfra\Powershell-Proxy\Http" folder to collection
• New switch (-rec) to disable rclone.conf, ngrok.yml, filezilla.xml, VMware VDM log, and pCloud log collection on full disk (turned on by default and should be used unless a problem is found)
• Added additional exclusions for EXEHash.txt to get rid of known paths

2022.10.27
• Revamped SysInfo.txt and reformatted output with below information (not included on mounted drive collections…yet)
o Host Name
o OS Name
o OS Version
o Install Date
o Last Boot Time
o Bios Version
o Time Zone
o Domain Name
o Logon Server
o IPv4 Addresses
o CyLR Version
• Collect ngrok.yml anywhere on disk
• Collect Windows\System32\debug\NetSetup.log
• Collect Windows\System32\Inetsrv\Config\applicationHost.Config
• Added switch to exclude inetpub\logs\LogFiles (still collected by default)
o Use -noinet flag to skip that collection path
o Should only be used in cases of large folder size of inetpub folder that crashes CyLR.
o Folder should still be zipped separately in cases of Exchange and Web-hosting servers
• Delete EXEHash.txt and SysInfo.txt at the start of the program to prevent duplicate entries from previous failed collection (still deletes them at the end, after collection in zips as well).

Added "CyLR_" prefix
Fixed "_INCOMPLETE" logic if collection crashes to note that it is not a full collection
Added additional Mega and FreeFileSync collection paths

Major Update (2020-02-19):
- Added BITS collection locations
• {DL:}ProgramData\Microsoft\Network\Downloader
• {DL:}Windows\System32\bits.log
- Collection of fixed drives MFT files enabled by default.
• If -dl switch is used, only the MFT for the drive letter selected will be collected.
• Only drives formatted in NTFS will be collected.
- Added file paths for 2003\XP systems (for mounted drives only).
- Appended DateTime to filename so files are not accidentally overwritten.
- Replaced "Amcache" folder collection for specified file name collection.
- Switched to collection of full "System32\config" folder instead of individual files.
• .LOG files are still targeted to ensure collection.

Bug Fixes:
- Fixed bug where USNJrnl was always being collected when -dl switch was being used.
- Fixed bug where program would crash if "Fixed" drive was attached, but not formatted in NTFS.

Added "Drive Letter" variable (defaults to C:)
- Use switch -dl to specify a drive letter you want to collect from (single drive at a time).
- Variable input must include colon character (such as "D:" or "F:" without quotes).
- Recommended that you use the file name output switch to manually name ZIP after actual system name.
- Only x64 version is available, as of know.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Releases: Gizmo44z/CyLR

2024.02.21

Uh oh!

2023.07.11

Uh oh!

2024.02.05

Uh oh!

CyLR 2.2 (Custom)

Uh oh!

CyLR (Personal)

Uh oh!