-
Notifications
You must be signed in to change notification settings - Fork 71
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #778 from naacbin/zimmermantools
Add Zimmermantools
- Loading branch information
Showing
78 changed files
with
780 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| <?xml version="1.0" encoding="utf-8"?> | ||
| <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd"> | ||
| <metadata> | ||
| <id>amcacheparser.vm</id> | ||
| <version>1.5.1.20231208</version> | ||
| <authors>Eric Zimmerman</authors> | ||
| <description>Amcache.hve parser with lots of extra features. Handles locked files</description> | ||
| <dependencies> | ||
| <dependency id="common.vm" /> | ||
| <dependency id="dotnet-6.vm" /> | ||
| </dependencies> | ||
| </metadata> | ||
| </package> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| $ErrorActionPreference = 'Stop' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'AmcacheParser' | ||
| $category = 'Forensic' | ||
|
|
||
| $zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/AmcacheParser.zip' | ||
| $zipSha256 = '7b78aa7f26287c6b9b3bf68d3bbccc372687760edf9ae84fafceaed3de535566' | ||
|
|
||
| VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| $ErrorActionPreference = 'Continue' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'AmcacheParser' | ||
| $category = 'Forensic' | ||
|
|
||
| VM-Uninstall $toolName $category |
13 changes: 13 additions & 0 deletions
13
packages/appcompatcacheparser.vm/appcompatcacheparser.vm.nuspec
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| <?xml version="1.0" encoding="utf-8"?> | ||
| <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd"> | ||
| <metadata> | ||
| <id>appcompatcacheparser.vm</id> | ||
| <version>1.5.0.20231208</version> | ||
| <authors>Eric Zimmerman</authors> | ||
| <description>AppCompatCache aka ShimCache parser. Handles locked files</description> | ||
| <dependencies> | ||
| <dependency id="common.vm" /> | ||
| <dependency id="dotnet-6.vm" /> | ||
| </dependencies> | ||
| </metadata> | ||
| </package> |
10 changes: 10 additions & 0 deletions
10
packages/appcompatcacheparser.vm/tools/chocolateyinstall.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| $ErrorActionPreference = 'Stop' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'AppCompatCacheParser' | ||
| $category = 'Forensic' | ||
|
|
||
| $zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/AppCompatCacheParser.zip' | ||
| $zipSha256 = '0ef9cc96a0784bc54f79e584f5845f7e3ada703cbfb6e209e9612bf1f7aad6c9' | ||
|
|
||
| VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false |
7 changes: 7 additions & 0 deletions
7
packages/appcompatcacheparser.vm/tools/chocolateyuninstall.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| $ErrorActionPreference = 'Continue' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'AppCompatCacheParser' | ||
| $category = 'Forensic' | ||
|
|
||
| VM-Uninstall $toolName $category |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| <?xml version="1.0" encoding="utf-8"?> | ||
| <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd"> | ||
| <metadata> | ||
| <id>bstrings.vm</id> | ||
| <version>1.5.2.20231208</version> | ||
| <authors>Eric Zimmerman</authors> | ||
| <description>Find them strings yo. Built in regex patterns. Handles locked files</description> | ||
| <dependencies> | ||
| <dependency id="common.vm" /> | ||
| <dependency id="dotnet-6.vm" /> | ||
| </dependencies> | ||
| </metadata> | ||
| </package> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| $ErrorActionPreference = 'Stop' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'bstrings' | ||
| $category = 'Utilities' | ||
|
|
||
| $zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/bstrings.zip' | ||
| $zipSha256 = '1521031bab2843757bb701b75741a24154965ba219a57cbfefddb792c6d5b301' | ||
|
|
||
| VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| $ErrorActionPreference = 'Continue' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'bstrings' | ||
| $category = 'Utilities' | ||
|
|
||
| VM-Uninstall $toolName $category |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| <?xml version="1.0" encoding="utf-8"?> | ||
| <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd"> | ||
| <metadata> | ||
| <id>evtxecmd.vm</id> | ||
| <version>1.5.0.20231208</version> | ||
| <authors>Eric Zimmerman</authors> | ||
| <description>Event log (evtx) parser with standardized CSV, XML, and json output! Custom maps, locked file support, and more!</description> | ||
| <dependencies> | ||
| <dependency id="common.vm" /> | ||
| <dependency id="dotnet-6.vm" /> | ||
| </dependencies> | ||
| </metadata> | ||
| </package> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| $ErrorActionPreference = 'Stop' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'EvtxECmd' | ||
| $category = 'Forensic' | ||
|
|
||
| $zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/EvtxECmd.zip' | ||
| $zipSha256 = 'e1b4a5f9b09eca3c057cdc2d0ed1a28fe0c24dc90f9f68b7e0572e373dce86a6' | ||
|
|
||
| VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| $ErrorActionPreference = 'Continue' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'EvtxECmd' | ||
| $category = 'Forensic' | ||
|
|
||
| VM-Uninstall $toolName $category |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| <?xml version="1.0" encoding="utf-8"?> | ||
| <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd"> | ||
| <metadata> | ||
| <id>ezviewer.vm</id> | ||
| <version>2.0.0.20231208</version> | ||
| <authors>Eric Zimmerman</authors> | ||
| <description>Standalone, zero dependency viewer for .doc, .docx, .xls, .xlsx, .txt, .log, .rtf, .otd, .htm, .html, .mht, .csv, and .pdf. Any non-supported files are shown in a hex editor (with data interpreter!)</description> | ||
| <dependencies> | ||
| <dependency id="common.vm" /> | ||
| <dependency id="dotnet-6.vm" /> | ||
| </dependencies> | ||
| </metadata> | ||
| </package> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| $ErrorActionPreference = 'Stop' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'EZViewer' | ||
| $category = 'Office' | ||
|
|
||
| $zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/EZViewer.zip' | ||
| $zipSha256 = '86a27bf8f4744d283c33d7321ad8a510e6f4067ec776cfdf1cc4748a0684072d' | ||
|
|
||
| VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $false -innerFolder $true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| $ErrorActionPreference = 'Continue' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'EZViewer' | ||
| $category = 'Office' | ||
|
|
||
| VM-Uninstall $toolName $category |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| <?xml version="1.0" encoding="utf-8"?> | ||
| <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd"> | ||
| <metadata> | ||
| <id>hasher.vm</id> | ||
| <version>2.0.0.20231207</version> | ||
| <authors>Eric Zimmerman</authors> | ||
| <description>Hash all the things</description> | ||
| <dependencies> | ||
| <dependency id="common.vm" /> | ||
| <dependency id="netfx-4.8" version="[4.8.0.20220524]" /> | ||
| </dependencies> | ||
| </metadata> | ||
| </package> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| $ErrorActionPreference = 'Stop' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'Hasher' | ||
| $category = 'Utilities' | ||
|
|
||
| $zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/hasher.zip' | ||
| $zipSha256 = '1693875e5f830e582dc01778cae34e50c1e28d472ced9fe1caeac89843b58cfa' | ||
|
|
||
| VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $false -innerFolder $true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| $ErrorActionPreference = 'Continue' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'Hasher' | ||
| $category = 'Utilities' | ||
|
|
||
| VM-Uninstall $toolName $category |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| <?xml version="1.0" encoding="utf-8"?> | ||
| <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd"> | ||
| <metadata> | ||
| <id>jlecmd.vm</id> | ||
| <version>1.5.0.20231208</version> | ||
| <authors>Eric Zimmerman</authors> | ||
| <description>Jump List parser</description> | ||
| <dependencies> | ||
| <dependency id="common.vm" /> | ||
| <dependency id="dotnet-6.vm" /> | ||
| </dependencies> | ||
| </metadata> | ||
| </package> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| $ErrorActionPreference = 'Stop' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'JLECmd' | ||
| $category = 'Forensic' | ||
|
|
||
| $zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/JLECmd.zip' | ||
| $zipSha256 = 'b0635517a72d2a7cdfdc92d5161f38e968380ae2ec33673571108bacf31b4480' | ||
|
|
||
| VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| $ErrorActionPreference = 'Continue' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'JLECmd' | ||
| $category = 'Forensic' | ||
|
|
||
| VM-Uninstall $toolName $category |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| <?xml version="1.0" encoding="utf-8"?> | ||
| <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd"> | ||
| <metadata> | ||
| <id>jumplist_explorer.vm</id> | ||
| <version>2.0.0.20231208</version> | ||
| <authors>Eric Zimmerman</authors> | ||
| <description>GUI based Jump List viewer</description> | ||
| <dependencies> | ||
| <dependency id="common.vm" /> | ||
| <dependency id="dotnet-6.vm" /> | ||
| </dependencies> | ||
| </metadata> | ||
| </package> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| $ErrorActionPreference = 'Stop' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'JumpListExplorer' | ||
| $category = 'Forensic' | ||
|
|
||
| $zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/JumpListExplorer.zip' | ||
| $zipSha256 = '5543774e73f6c42ece035b95f2e3689a1a52ef89cb04b15512da264c8bc799f9' | ||
|
|
||
| VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $false -innerFolder $true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| $ErrorActionPreference = 'Continue' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'JumpListExplorer' | ||
| $category = 'Forensic' | ||
|
|
||
| VM-Uninstall $toolName $category |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| <?xml version="1.0" encoding="utf-8"?> | ||
| <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd"> | ||
| <metadata> | ||
| <id>lecmd.vm</id> | ||
| <version>1.5.0.20231208</version> | ||
| <authors>Eric Zimmerman</authors> | ||
| <description>Parse lnk files</description> | ||
| <dependencies> | ||
| <dependency id="common.vm" /> | ||
| <dependency id="dotnet-6.vm" /> | ||
| </dependencies> | ||
| </metadata> | ||
| </package> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| $ErrorActionPreference = 'Stop' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'LECmd' | ||
| $category = 'Forensic' | ||
|
|
||
| $zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/LECmd.zip' | ||
| $zipSha256 = '103bd3f0209c26598718c81585edbd624c4679a3e58ed369ade325e33fb7022a' | ||
|
|
||
| VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| $ErrorActionPreference = 'Continue' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'LECmd' | ||
| $category = 'Forensic' | ||
|
|
||
| VM-Uninstall $toolName $category |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| <?xml version="1.0" encoding="utf-8"?> | ||
| <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd"> | ||
| <metadata> | ||
| <id>mft_explorer.vm</id> | ||
| <version>2.0.0.20231208</version> | ||
| <authors>Eric Zimmerman</authors> | ||
| <description>Graphical $MFT viewer</description> | ||
| <dependencies> | ||
| <dependency id="common.vm" /> | ||
| <dependency id="dotnet-6.vm" /> | ||
| </dependencies> | ||
| </metadata> | ||
| </package> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| $ErrorActionPreference = 'Stop' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'MFTExplorer' | ||
| $category = 'Forensic' | ||
|
|
||
| $zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/MFTExplorer.zip' | ||
| $zipSha256 = '99947e91bbc19e440de7b1ff7a3557beed6ee79a3765eb67d58e4369ac711f1f' | ||
|
|
||
| VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $false -innerFolder $true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| $ErrorActionPreference = 'Continue' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'MFTExplorer' | ||
| $category = 'Forensic' | ||
|
|
||
| VM-Uninstall $toolName $category |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| <?xml version="1.0" encoding="utf-8"?> | ||
| <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd"> | ||
| <metadata> | ||
| <id>mftecmd.vm</id> | ||
| <version>1.2.2.20231208</version> | ||
| <authors>Eric Zimmerman</authors> | ||
| <description>$MFT, $Boot, $J, $SDS, $I30, and $LogFile (coming soon) parser. Handles locked files</description> | ||
| <dependencies> | ||
| <dependency id="common.vm" /> | ||
| <dependency id="dotnet-6.vm" /> | ||
| </dependencies> | ||
| </metadata> | ||
| </package> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| $ErrorActionPreference = 'Stop' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'MFTECmd' | ||
| $category = 'Forensic' | ||
|
|
||
| $zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/MFTECmd.zip' | ||
| $zipSha256 = 'ce4313e33cf424fd102959d7c687c768c5075bffc4a6536765d017e7d30d443b' | ||
|
|
||
| VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| $ErrorActionPreference = 'Continue' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'MFTECmd' | ||
| $category = 'Forensic' | ||
|
|
||
| VM-Uninstall $toolName $category |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| <?xml version="1.0" encoding="utf-8"?> | ||
| <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd"> | ||
| <metadata> | ||
| <id>pecmd.vm</id> | ||
| <version>1.5.0.20231208</version> | ||
| <authors>Eric Zimmerman</authors> | ||
| <description>Prefetch parser</description> | ||
| <dependencies> | ||
| <dependency id="common.vm" /> | ||
| <dependency id="dotnet-6.vm" /> | ||
| </dependencies> | ||
| </metadata> | ||
| </package> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| $ErrorActionPreference = 'Stop' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'PECmd' | ||
| $category = 'Forensic' | ||
|
|
||
| $zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/PECmd.zip' | ||
| $zipSha256 = 'e20254b2f813e66fe5295488e5a00e9675679c91841f99ddcc8d083299bb55d6' | ||
|
|
||
| VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| $ErrorActionPreference = 'Continue' | ||
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| $toolName = 'PECmd' | ||
| $category = 'Forensic' | ||
|
|
||
| VM-Uninstall $toolName $category |
Oops, something went wrong.