1. Nombre del sistema y fecha actual:
C:\>hostname
WIN-xxxxxxxxx7
C:\>whoami
win-xxxxxxxxxx7\my name
C:\>echo %DATE% %TIME%
Fri 01/20/2012 20:52:34.28
C:\>wmic timezone list brief
Bias  Caption            SettingID
540   (UTC+09:00) Seoul

2. IP Address del sistema: 
C:\>ipconfig /allcompartments /all

3. Serial number del sistema:
C:\>wmic csproduct get name
Name
VMware Virtual Platform
C:\>wmic bios get serialnumber
SerialNumber
H054KL2

4. Sistema Operativo del sistema:
C:\>systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
OS Name:                   Microsoft Windows 7 Ultimate
OS Version:                6.1.7601 Service Pack 1 Build 7601
C:\>ver
Microsoft Windows [Version 6.1.7601]

5. MAC Address del sistema NIC:
C:\>wmic nicconfig get description,IPAddress,MACaddress
Description                               IPAddress          MACAddress
Intel(R) PRO/1000 MT Network Connection   {“192.168.1.151″}  00:00:00:00:00:00
RAS Async Adapter                                            00:00:00:00:00:00
Bluetooth Device (Personal Area Network)
—-sigue...—-

6. Cuanto tiempo ha estado el sistema online:
C:\>uptime.exe
\\WIN-xxxxxxxxxx7 has been up for: 0 day(s), 0 hour(s), 34 minute(s), 37 second(s)
7. Date and/or Level of Latest Patch:
C:\>wmic qfe get Hotfixid or if you wanted a bit more detail with dates C:\>wmic qfe list
HotFixID
KB971033
KB2305420
KB2393802
KB2425227
—-sigue...—-

8. Hardware del Sistema:
C:\>wmic computersystem get manufacturer
Manufacturer
VMware, Inc.

9. Software instalado en el Sistema:
C:\>wmic product list
C:\>reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

10. Tienes EFS corriendo en el sistema?
C:\>cipher /y
EFS certificate thumbprint for computer WIN-xxxxxxxxxx7:
  0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
C:\>cipher /s:"New Folder"
Listing C:\New Folder\
New files added to this directory will be encrypted.
E Meh.txt
E Foo.txt
E = Encrypted

11. ¿Tu firewall protege tu sistema? está dejando logs?
C:\>copy %windir%\System32\Logfiles\Firewall\*.log
C:\>netsh firewall show state
C:\>netsh firewall show config
C:\>netsh dump 

12. ¿Hay datos de red volátiles?
C:\>route print
C:\>arp -A
C:\>netstat -ano
Active Connections
  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       684
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING       392
—-sigue...—-
C:\>net start
These Windows services are started:
   Application Information
   Background Intelligent Transfer Service
   Base Filtering Engine
   Bluetooth Support Service
   COM+ Event System
—–cut out most of the output—–
C:\>net user y C:\>wmic useraccount list
User accounts for \\WIN-xxxxxxxxxx7
—————————————————————
Administrator            Guest                    My Name
The command completed successfully.
C:\>net use
New connections will be remembered.
Status       Local     Remote                    Network
———————————————————————
Z:        \\vmware-host\Shared Folders VMware Shared Folders
The command completed successfully.
C:\>type %windir%\System32\drivers\etc\hosts
# localhost name resolution is handled within DNS itself.
#       127.0.0.1       localhost
#       ::1             localhost
C:\>type %windir%\System32\drivers\etc\networks
# For example:
#
#    loopback     127
#    campus       284.122.107
#    london       284.122.108
loopback                 127

13. ¿Existen registros de eventos?
C:\>wmic nteventlog get name – Use this output to create the next command
C:\>copy %windir%\System32\Winevt\Logs\*.evtx
Otros comandos y herramientas para recopilar información:
wmic process list status
wmic process list memory
wmic job list brief
wmic startup list brief
wmic ntdomain list brief
wmic service list config
handle.exe /accepteula
gplist
listdlls.exe
logonsessions.exe /accepteula
pslist.exe /accepteula
psloggedon.exe /accepteula
tasklist
tcpvcon.exe -a /accepteula

Source: http://www.r00tsec.com