I just stumbled across the MIR-ROR (Motile Incident Response
– Respond Objectively, Remediate) tool reported over at the ISC Storm Center as reviewed in June's ISSA journal (http://holisticinfosec.org/toolsmith/docs/june2009.pdf).  It is a script which was created by a Microsoft IH guru and utilizes the SysInternal utilities.

The script automates and consolidates the output from a variety of Windows and SystInternals commands.  net *, ipconfig, arp, netstat, nbtstat, systeminfo, tasklist, openfiles, driverquery, sc, at, set, ftype, assoc, and doskey from the %systemroot% and the remaining tools, autorunsc, handle, listdlls, logonsessions, now, psfile, psinfo, pslist, psloggedon, psloglist, psservice, seccheck, showacls, showpriv, sigcheck, srvinfo, and tcpvcon from the SysInternal utilities.

I am sure you could create a USB stick/CD and change the script to use known good Windows files, in case you do not trust the actual Windows executable (but then again, the output could lie).

If you are interested in more tool write-ups from ISSA, please visit http://holisticinfosec.org/content/view/12/26/.

This is really good.... nice find, going on my IR usb stick