The now infamous Have Your Lost USB Drive Ask For Help article generated a lot of feedback from people, many of which had suggestions for improvements to the application. Others had completely new ideas about how to use their USB drives but they didn’t know how to do this.
One of the suggestions that I ran across (Sorry, but I forgot to take note whose suggestion it was. If it was you, please let me know in the comments.) was the ability to perform a system audit. I thought, “Cool! I could do that!”
Tim Decides To Not Reinvent The Wheel
Initially, I thought that I could write a quick AutoIt script to perform the audit. But, there were a lot more things that needed to be audited than I was prepared for! So, I turned to Gabriel Topala.
Gabriel is the person behind the wildly popular application SIW. SIW is short for System Information for Windows and it is astounding what the program can do. From her website:
SIW - System Information for Windows. This program performs computer configuration analysis and diagnostics. It gives detailed information about your computer properties and settings, detailed specs for:
- Software (Operating System, Installed Programs and Hotfixes, Processes, Services, Product Keys, Serial Numbers, Users, Open Files, System Uptime, Passwords hidden behind asterisks, Installed Codecs)
- Hardware (Motherboard, Sensors, BIOS, CPU, chipset, PCI/AGP, USB and ISA/PnP Devices, Memory, Video Card, Monitor, Disk Drives, CD/DVD Devices, SCSI Devices, S.M.A.R.T., Ports, Printers)
- Network (Network Cards, Network Shares, currently active Network Connections)
as well as real-time monitors for CPU, Memory, Page File usage and Network Traffic.
SIW can create a report file (CSV, HTML, TXT or XML), and is able to run in batch mode.
SIW is a standalone tool that does not require installation - one less installed program on your PC as well the fact that you can run the program directly from a USB flash drive (Portable Freeware).
Obviously, this is a superior piece of software that I would never be able to reproduce. Even if you do not use this program as I set it out here, download it and just see how much information it can dig up from your system.
Tim Does His Small Part
Since Gabriel had done all of the hard work, the very least that I could do is write the autorun.inf file!
Put It All Together
Here are all the steps required to create the System Auditor USB Key:
- Put your USB key into your system
- Download SIW and save it to your USB key
- Download the autorun.inf file and save it to your USB key (may need to right click and Save Target As… in Internet Explorer or right click and Save Lisk As… in Firefox)
- Remove your USB drive and start auditing!
Audit a System
To audit a system, simply place the USB drive into the system you would like to audit. If AutoPlay pops up, simply select Audit This System and click OK. You will see a progress bar. When that progress bar disappears, the audit is complete.
If AutoPlay is disabled, go to My Computer and double click on the drive labelled System Auditor. This will start the audit. As before, when the progress bar disappears, the audit is complete.
Viewing the Results
All audit files are HTML files created in the same location as SIW. They are named as such:
SIW_YYYYMMDD_hhmmss_ComputerName.html
where
- YYYY - the year
- MM - number representing the month
- DD - number representing the day of the month
- hh - hour of the day
- mm - minutes in the hour
- ss - seconds in minute
- ComputerName - name of the compute system audited
To get to these files, simply right click on the System Auditor drive and click Explore. You can then simply double click on any of the files and they will open up in your default web browser.
Conclusion
With a little bit of digging and some ingenuity, we were able to create a very powerful system auditor in a very short amount of time. Now all that is left is to put on a comfortable pair of shoes and start auditing!
| Trackback link - http://www.dailycupoftech.com/usb-system-auditor/trackback/ |
|
October 24th, 2006 at 11:54 pm
Thank you, thank you, thank you!!!! This is an incredibly fabulous and amazing program, Tim. I can’t believe how fast and thorough it is…
I followed your extremely clear and easy instructions and have it running on my USB drive.
Lilian
November 2nd, 2006 at 1:31 pm
Thanks for the information. I’ve wanted to do this for awhile but I couldn’t figure out how to make the autorun.inf work. I tweaked your script to use Winaudit and dump the html files to a network share. Not to take anything away from SIW, it’s a great program, but I am just used to Winaudit. Keep up the good work!
November 2nd, 2006 at 1:49 pm
Dennis,
Good to see that you got the idea. While most of my tools will work for many people, I also encourage people to mess around and improve on what I have done!
Way to go!
I also like WinAudit as a tool. I just chose to use SIW for the same reason you chose WinAudit.
Also, if you are dumping the HTML files to a network share, it is my assumption that all of the computers are networked together. Since you have proven yourself to be willing to play with some things, you may want to check out Modify Every Computer on the Network. You could potentially combine this script with something like PSExec and WinAudit to perform this audit on all your systems without having to get up from your chair!
I love it when I can be geeky AND lazy!
Tim
November 10th, 2006 at 4:16 pm
I found a nice article here: http://www.dailycupoftech.com/usb-system-auditor/
March 21st, 2007 at 4:12 am
Many thanks for the article Tum.
I have been playing with the SIW tool for a while now and had tried to figure out a way to make auditing automatic. Have to admit, that your autorun.inf helped a lot, but I have another issue. With your autorun.inf we get the log file with default fields checked from the Tools menu. I would like to uncheck some of the fields and check some other, like domain users etc. Any idea what to add in the autorun.inf file?
Sorry for my english and thanks in advance for reply.
Best regards and greetings from Poland.
Maciej Drywień
March 28th, 2007 at 5:18 pm
Recovering Your Lost Passwords Reducing the USB Threat Remote Control Mac From Windows Setting Up FTP Access in FreeNAS Spam Filter Busters Stop Applications From Running Stop Bleeding Personal Information Support DCoT System Auditor USB Key Tech Blog of the Week Submissions Thank You! Top 100 Torpark Installer Tracking Users, IP’s, and Computers Upgrade Ubuntu 6.06 to 6.10 USB Drive AutoRun.inf Tweaking USB Drive Menu System USB Drive Splash Screen
May 25th, 2007 at 9:01 pm
os interesa la propuesta y disponéis de algún dispositivo USB sencillo, pequeño y anticuado, podéis acompañarme en este corto viaje que os propongo. Sin olvidar la importante limitación de espacio de la que partimos, lo que más me ha gustado es una idea
May 26th, 2007 at 12:36 am
os interesa la propuesta y disponéis de algún dispositivo USB sencillo, pequeño y anticuado, podéis acompañarme en este corto viaje que os propongo. Sin olvidar la importante limitación de espacio de la que partimos, lo que más me ha gustado es una idea vista en Daily Cup of Tech, que consiste en implementar SIW (System Information for Windows), un completo auditor freeware de sistemas Windows, escrito por Gabriel Topala. El ejecutable sólo ocupa 1′5 MB (no requiere instalación) y sumando un
May 29th, 2007 at 2:13 pm
un resumen muy completo de los componentes hardware, software y de seguridad de un sistema Windows.) Los usos que se le pueden dar son variados y no todos buenos, así que utilizadlo bien. Un saludo. El artículo de kriptópolis [kriptopolis.org] El artículo original la taza diaria de tecnología [dailycupoftech.com] La página de descargas del programa en cuestión [gtopala.com] (Hay que descargar la versión multilingüe sin instalador.) Un saludo