This batch script can be used to match a pattern or string(s) (as found in keywords.txt). It utilizes the findstr utility in Windows and currently, it searches .doc files. You can change this by editing line 7, and inserting the type of file/directory before the >>. It starts by creating a directory of the computer name you’re currently scanning, and when it finds a match, it’ll record the entire pathname to a log file (%COMPUTERNAME%_files_found.txt). It copies each matching file to that computer name’s directory for later analysis. Once done, it will append the log file to a master log file (masterfind.txt).

This is a simple yet powerful script and can be used for many purposes (both good and bad). I initially designed this to be (auto)run from a USB drive. Do not run this script on any computer you are not authorized to do so. I am not responsible for any harm this script may cause (direct or indirect) and where it is used and provide no support whatsoever.

findamatch.bat:

CHDIR audit
MD %COMPUTERNAME%
CHDIR %COMPUTERNAME%
ECHO #----------------------------------- >> _%COMPUTERNAME%_files_found.txt
ECHO # %DATE% %TIME% >> _%COMPUTERNAME%_files_found.txt
ECHO # %COMPUTERNAME% >> _%COMPUTERNAME%_files_found.txt

findstr /s /i /M /g:..\..\finddata.txt C:\*.doc C:\*.rtf >> _%COMPUTERNAME%_files_found.txt

ECHO # %DATE% %TIME% >> _%COMPUTERNAME%_files_found.txt
ECHO #----------------------------------- >> _%COMPUTERNAME%_files_found.txt
FOR /F "eol=# tokens=*" %%G IN (_%COMPUTERNAME%_files_found.txt) DO COPY "%%G"
TYPE _%COMPUTERNAME%_files_found.txt >> ..\masterfind.txt

keywords.txt:

<[0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9][0-9][0-9]>
<ssn.>
<password.>