Windows/Collection/Automated_Collection.md

# Automated Collection

MITRE ATT&CK Technique: [T1119](https://attack.mitre.org/wiki/Technique/T1119)

## cmd.exe

### find:

Input:

     dir c: /b /s .docx | findstr /e .docx

### copy:

Input:

    for /R c: %f in (*.docx) do copy %f c:\temp\

## PowerShell

Find and copy

Input:

    powershell Get-ChildItem -Recurse -Include *.doc | % {Copy-Item $_.FullName -destination c:\temp}
Initial Commit 2017-10-12 15:05:28 -07:00			`# Automated Collection`

			`MITRE ATT&CK Technique: [T1119](https://attack.mitre.org/wiki/Technique/T1119)`

			`## cmd.exe`

			`### find:`
Fix 2017-10-17 11:55:57 -07:00
Initial Commit 2017-10-12 15:05:28 -07:00			`Input:`

			`dir c: /b /s .docx \| findstr /e .docx`

			`### copy:`
Fix 2017-10-17 11:55:57 -07:00
Initial Commit 2017-10-12 15:05:28 -07:00			`Input:`

			`for /R c: %f in (*.docx) do copy %f c:\temp\`

			`## PowerShell`

			`Find and copy`

			`Input:`

			`powershell Get-ChildItem -Recurse -Include *.doc \| % {Copy-Item $_.FullName -destination c:\temp}`