A simple script is uploaded to every Windows computer in the corporate network to collect logs, NTFS data, entries from the Windows registry and strings from the binary files to find out how exactly the attackers were moving through the network. The tool is going to utilize a big (approx. 300 MB free space for one corporate computer ) share folder that should be prepared in advance and should be accessible from all computers in the network that will execute the script. We hope it will help to save a lot of time during IR and any malware/APT investigations.”]
Source: https://securelist.com/happy-ir-in-the-new-year/83557/