diff --git a/packages/amcacheparser.vm/amcacheparser.vm.nuspec b/packages/amcacheparser.vm/amcacheparser.vm.nuspec
new file mode 100644
index 000000000..5a31c9534
--- /dev/null
+++ b/packages/amcacheparser.vm/amcacheparser.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>amcacheparser.vm</id>
+    <version>1.5.1.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>Amcache.hve parser with lots of extra features. Handles locked files</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/amcacheparser.vm/tools/chocolateyinstall.ps1 b/packages/amcacheparser.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..c57e60f4e
--- /dev/null
+++ b/packages/amcacheparser.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'AmcacheParser'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/AmcacheParser.zip'
+$zipSha256 = '7b78aa7f26287c6b9b3bf68d3bbccc372687760edf9ae84fafceaed3de535566'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false
diff --git a/packages/amcacheparser.vm/tools/chocolateyuninstall.ps1 b/packages/amcacheparser.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..5dfcb6142
--- /dev/null
+++ b/packages/amcacheparser.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'AmcacheParser'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/appcompatcacheparser.vm/appcompatcacheparser.vm.nuspec b/packages/appcompatcacheparser.vm/appcompatcacheparser.vm.nuspec
new file mode 100644
index 000000000..7e75f011c
--- /dev/null
+++ b/packages/appcompatcacheparser.vm/appcompatcacheparser.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>appcompatcacheparser.vm</id>
+    <version>1.5.0.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>AppCompatCache aka ShimCache parser. Handles locked files</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/appcompatcacheparser.vm/tools/chocolateyinstall.ps1 b/packages/appcompatcacheparser.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..70d77a642
--- /dev/null
+++ b/packages/appcompatcacheparser.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'AppCompatCacheParser'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/AppCompatCacheParser.zip'
+$zipSha256 = '0ef9cc96a0784bc54f79e584f5845f7e3ada703cbfb6e209e9612bf1f7aad6c9'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false
diff --git a/packages/appcompatcacheparser.vm/tools/chocolateyuninstall.ps1 b/packages/appcompatcacheparser.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..657816078
--- /dev/null
+++ b/packages/appcompatcacheparser.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'AppCompatCacheParser'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/bstrings.vm/bstrings.vm.nuspec b/packages/bstrings.vm/bstrings.vm.nuspec
new file mode 100644
index 000000000..6fb959cbb
--- /dev/null
+++ b/packages/bstrings.vm/bstrings.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>bstrings.vm</id>
+    <version>1.5.2.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>Find them strings yo. Built in regex patterns. Handles locked files</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/bstrings.vm/tools/chocolateyinstall.ps1 b/packages/bstrings.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..505134f4d
--- /dev/null
+++ b/packages/bstrings.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'bstrings'
+$category = 'Utilities'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/bstrings.zip'
+$zipSha256 = '1521031bab2843757bb701b75741a24154965ba219a57cbfefddb792c6d5b301'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false
diff --git a/packages/bstrings.vm/tools/chocolateyuninstall.ps1 b/packages/bstrings.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..9000f95b9
--- /dev/null
+++ b/packages/bstrings.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'bstrings'
+$category = 'Utilities'
+
+VM-Uninstall $toolName $category
diff --git a/packages/evtxecmd.vm/evtxecmd.vm.nuspec b/packages/evtxecmd.vm/evtxecmd.vm.nuspec
new file mode 100644
index 000000000..bf542c964
--- /dev/null
+++ b/packages/evtxecmd.vm/evtxecmd.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>evtxecmd.vm</id>
+    <version>1.5.0.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>Event log (evtx) parser with standardized CSV, XML, and json output! Custom maps, locked file support, and more!</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/evtxecmd.vm/tools/chocolateyinstall.ps1 b/packages/evtxecmd.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..41dee8445
--- /dev/null
+++ b/packages/evtxecmd.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'EvtxECmd'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/EvtxECmd.zip'
+$zipSha256 = 'e1b4a5f9b09eca3c057cdc2d0ed1a28fe0c24dc90f9f68b7e0572e373dce86a6'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $true
diff --git a/packages/evtxecmd.vm/tools/chocolateyuninstall.ps1 b/packages/evtxecmd.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..7662f8508
--- /dev/null
+++ b/packages/evtxecmd.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'EvtxECmd'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/ezviewer.vm/ezviewer.vm.nuspec b/packages/ezviewer.vm/ezviewer.vm.nuspec
new file mode 100644
index 000000000..40c7ba792
--- /dev/null
+++ b/packages/ezviewer.vm/ezviewer.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>ezviewer.vm</id>
+    <version>2.0.0.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>Standalone, zero dependency viewer for .doc, .docx, .xls, .xlsx, .txt, .log, .rtf, .otd, .htm, .html, .mht, .csv, and .pdf. Any non-supported files are shown in a hex editor (with data interpreter!)</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/ezviewer.vm/tools/chocolateyinstall.ps1 b/packages/ezviewer.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..38b8b6790
--- /dev/null
+++ b/packages/ezviewer.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'EZViewer'
+$category = 'Office'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/EZViewer.zip'
+$zipSha256 = '86a27bf8f4744d283c33d7321ad8a510e6f4067ec776cfdf1cc4748a0684072d'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $false -innerFolder $true
diff --git a/packages/ezviewer.vm/tools/chocolateyuninstall.ps1 b/packages/ezviewer.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..02536ff44
--- /dev/null
+++ b/packages/ezviewer.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'EZViewer'
+$category = 'Office'
+
+VM-Uninstall $toolName $category
diff --git a/packages/hasher.vm/hasher.vm.nuspec b/packages/hasher.vm/hasher.vm.nuspec
new file mode 100644
index 000000000..90932ee4d
--- /dev/null
+++ b/packages/hasher.vm/hasher.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>hasher.vm</id>
+    <version>2.0.0.20231207</version>
+    <authors>Eric Zimmerman</authors>
+    <description>Hash all the things</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="netfx-4.8" version="[4.8.0.20220524]" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/hasher.vm/tools/chocolateyinstall.ps1 b/packages/hasher.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..c62192c7b
--- /dev/null
+++ b/packages/hasher.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'Hasher'
+$category = 'Utilities'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/hasher.zip'
+$zipSha256 = '1693875e5f830e582dc01778cae34e50c1e28d472ced9fe1caeac89843b58cfa'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $false -innerFolder $true
diff --git a/packages/hasher.vm/tools/chocolateyuninstall.ps1 b/packages/hasher.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..da4e01457
--- /dev/null
+++ b/packages/hasher.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'Hasher'
+$category = 'Utilities'
+
+VM-Uninstall $toolName $category
diff --git a/packages/jlecmd.vm/jlecmd.vm.nuspec b/packages/jlecmd.vm/jlecmd.vm.nuspec
new file mode 100644
index 000000000..08a9776ff
--- /dev/null
+++ b/packages/jlecmd.vm/jlecmd.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>jlecmd.vm</id>
+    <version>1.5.0.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>Jump List parser</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/jlecmd.vm/tools/chocolateyinstall.ps1 b/packages/jlecmd.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..f1654be56
--- /dev/null
+++ b/packages/jlecmd.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'JLECmd'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/JLECmd.zip'
+$zipSha256 = 'b0635517a72d2a7cdfdc92d5161f38e968380ae2ec33673571108bacf31b4480'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false
diff --git a/packages/jlecmd.vm/tools/chocolateyuninstall.ps1 b/packages/jlecmd.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..811ce0c31
--- /dev/null
+++ b/packages/jlecmd.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'JLECmd'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/jumplist_explorer.vm/jumplist_explorer.vm.nuspec b/packages/jumplist_explorer.vm/jumplist_explorer.vm.nuspec
new file mode 100644
index 000000000..73acbe743
--- /dev/null
+++ b/packages/jumplist_explorer.vm/jumplist_explorer.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>jumplist_explorer.vm</id>
+    <version>2.0.0.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>GUI based Jump List viewer</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/jumplist_explorer.vm/tools/chocolateyinstall.ps1 b/packages/jumplist_explorer.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..6f07a9a16
--- /dev/null
+++ b/packages/jumplist_explorer.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'JumpListExplorer'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/JumpListExplorer.zip'
+$zipSha256 = '5543774e73f6c42ece035b95f2e3689a1a52ef89cb04b15512da264c8bc799f9'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $false -innerFolder $true
diff --git a/packages/jumplist_explorer.vm/tools/chocolateyuninstall.ps1 b/packages/jumplist_explorer.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..2bcfaed47
--- /dev/null
+++ b/packages/jumplist_explorer.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'JumpListExplorer'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/lecmd.vm/lecmd.vm.nuspec b/packages/lecmd.vm/lecmd.vm.nuspec
new file mode 100644
index 000000000..2a1e48dc2
--- /dev/null
+++ b/packages/lecmd.vm/lecmd.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>lecmd.vm</id>
+    <version>1.5.0.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>Parse lnk files</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/lecmd.vm/tools/chocolateyinstall.ps1 b/packages/lecmd.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..92be4e0b5
--- /dev/null
+++ b/packages/lecmd.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'LECmd'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/LECmd.zip'
+$zipSha256 = '103bd3f0209c26598718c81585edbd624c4679a3e58ed369ade325e33fb7022a'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false
diff --git a/packages/lecmd.vm/tools/chocolateyuninstall.ps1 b/packages/lecmd.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..506b22d3f
--- /dev/null
+++ b/packages/lecmd.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'LECmd'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/mft_explorer.vm/mft_explorer.vm.nuspec b/packages/mft_explorer.vm/mft_explorer.vm.nuspec
new file mode 100644
index 000000000..8c2b550d3
--- /dev/null
+++ b/packages/mft_explorer.vm/mft_explorer.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>mft_explorer.vm</id>
+    <version>2.0.0.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>Graphical $MFT viewer</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/mft_explorer.vm/tools/chocolateyinstall.ps1 b/packages/mft_explorer.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..e67725ac1
--- /dev/null
+++ b/packages/mft_explorer.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'MFTExplorer'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/MFTExplorer.zip'
+$zipSha256 = '99947e91bbc19e440de7b1ff7a3557beed6ee79a3765eb67d58e4369ac711f1f'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $false -innerFolder $true
diff --git a/packages/mft_explorer.vm/tools/chocolateyuninstall.ps1 b/packages/mft_explorer.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..206202ea0
--- /dev/null
+++ b/packages/mft_explorer.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'MFTExplorer'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/mftecmd.vm/mftecmd.vm.nuspec b/packages/mftecmd.vm/mftecmd.vm.nuspec
new file mode 100644
index 000000000..a974cfaac
--- /dev/null
+++ b/packages/mftecmd.vm/mftecmd.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>mftecmd.vm</id>
+    <version>1.2.2.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>$MFT, $Boot, $J, $SDS, $I30, and $LogFile (coming soon) parser. Handles locked files</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/mftecmd.vm/tools/chocolateyinstall.ps1 b/packages/mftecmd.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..90b233aff
--- /dev/null
+++ b/packages/mftecmd.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'MFTECmd'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/MFTECmd.zip'
+$zipSha256 = 'ce4313e33cf424fd102959d7c687c768c5075bffc4a6536765d017e7d30d443b'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false
diff --git a/packages/mftecmd.vm/tools/chocolateyuninstall.ps1 b/packages/mftecmd.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..33686c4d9
--- /dev/null
+++ b/packages/mftecmd.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'MFTECmd'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/pecmd.vm/pecmd.vm.nuspec b/packages/pecmd.vm/pecmd.vm.nuspec
new file mode 100644
index 000000000..1e6e32db8
--- /dev/null
+++ b/packages/pecmd.vm/pecmd.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>pecmd.vm</id>
+    <version>1.5.0.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>Prefetch parser</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/pecmd.vm/tools/chocolateyinstall.ps1 b/packages/pecmd.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..7a2b73990
--- /dev/null
+++ b/packages/pecmd.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'PECmd'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/PECmd.zip'
+$zipSha256 = 'e20254b2f813e66fe5295488e5a00e9675679c91841f99ddcc8d083299bb55d6'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false
diff --git a/packages/pecmd.vm/tools/chocolateyuninstall.ps1 b/packages/pecmd.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..f6214148b
--- /dev/null
+++ b/packages/pecmd.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'PECmd'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/rbcmd.vm/rbcmd.vm.nuspec b/packages/rbcmd.vm/rbcmd.vm.nuspec
new file mode 100644
index 000000000..cf9788f90
--- /dev/null
+++ b/packages/rbcmd.vm/rbcmd.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>rbcmd.vm</id>
+    <version>1.5.0.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>Recycle Bin artifact (INFO2/$I) parser</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/rbcmd.vm/tools/chocolateyinstall.ps1 b/packages/rbcmd.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..ffdcf07b2
--- /dev/null
+++ b/packages/rbcmd.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'RBCmd'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/RBCmd.zip'
+$zipSha256 = '326b4d77bd2915551b85391bdebf1dc4a32bc5a872a4da0d55af8df657086135'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false
diff --git a/packages/rbcmd.vm/tools/chocolateyuninstall.ps1 b/packages/rbcmd.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..33d8dc6ec
--- /dev/null
+++ b/packages/rbcmd.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'RBCmd'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/recentfilecacheparser.vm/recentfilecacheparser.vm.nuspec b/packages/recentfilecacheparser.vm/recentfilecacheparser.vm.nuspec
new file mode 100644
index 000000000..0ae8fb885
--- /dev/null
+++ b/packages/recentfilecacheparser.vm/recentfilecacheparser.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>recentfilecacheparser.vm</id>
+    <version>1.5.0.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>RecentFileCache parser</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/recentfilecacheparser.vm/tools/chocolateyinstall.ps1 b/packages/recentfilecacheparser.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..25ab718ae
--- /dev/null
+++ b/packages/recentfilecacheparser.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'RecentFileCacheParser'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/RecentFileCacheParser.zip'
+$zipSha256 = '4b9760b75f4e91269e55d9a03b0b0572b3ed90948f2a08cc6c1215e2e00e3353'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false
diff --git a/packages/recentfilecacheparser.vm/tools/chocolateyuninstall.ps1 b/packages/recentfilecacheparser.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..56aa1f412
--- /dev/null
+++ b/packages/recentfilecacheparser.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'RecentFileCacheParser'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/recmd.vm/recmd.vm.nuspec b/packages/recmd.vm/recmd.vm.nuspec
new file mode 100644
index 000000000..7a33ce200
--- /dev/null
+++ b/packages/recmd.vm/recmd.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>recmd.vm</id>
+    <version>2.0.0.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>Powerful command line Registry tool searching, multi-hive support, plugins, and more</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/recmd.vm/tools/chocolateyinstall.ps1 b/packages/recmd.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..acb928db3
--- /dev/null
+++ b/packages/recmd.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'RECmd'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/RECmd.zip'
+$zipSha256 = '53ca90113116ebbf3d14264991318cb4b3c8667a996bba8ba49adcc41032665e'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $true
diff --git a/packages/recmd.vm/tools/chocolateyuninstall.ps1 b/packages/recmd.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..4e1c894be
--- /dev/null
+++ b/packages/recmd.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'RECmd'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/registry_explorer.vm/registry_explorer.vm.nuspec b/packages/registry_explorer.vm/registry_explorer.vm.nuspec
new file mode 100644
index 000000000..c81d0e283
--- /dev/null
+++ b/packages/registry_explorer.vm/registry_explorer.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>registry_explorer.vm</id>
+    <version>2.0.0.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>Registry viewer with searching, multi-hive support, plugins, and more. Handles locked files</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/registry_explorer.vm/tools/chocolateyinstall.ps1 b/packages/registry_explorer.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..d5d2a825f
--- /dev/null
+++ b/packages/registry_explorer.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'RegistryExplorer'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/RegistryExplorer.zip'
+$zipSha256 = '50a11bd0a5e44dcea6469b8564eb3f010b9a8faf323ff6481222d391da26887e'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $false -innerFolder $true
diff --git a/packages/registry_explorer.vm/tools/chocolateyuninstall.ps1 b/packages/registry_explorer.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..c08fb669c
--- /dev/null
+++ b/packages/registry_explorer.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'RegistryExplorer'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/rla.vm/rla.vm.nuspec b/packages/rla.vm/rla.vm.nuspec
new file mode 100644
index 000000000..0458b9366
--- /dev/null
+++ b/packages/rla.vm/rla.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>rla.vm</id>
+    <version>2.0.0.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>Replay transaction logs and update Registry hives so they are no longer dirty. Useful when tools do not know how to handle transaction logs</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/rla.vm/tools/chocolateyinstall.ps1 b/packages/rla.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..7e41b90bc
--- /dev/null
+++ b/packages/rla.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'RLA'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/rla.zip'
+$zipSha256 = '3a67f6aa06f8eef9b60417199dd06b3909ad8c94985180c687ef32468f7710c5'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false
diff --git a/packages/rla.vm/tools/chocolateyuninstall.ps1 b/packages/rla.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..76eb4032b
--- /dev/null
+++ b/packages/rla.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'RLA'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/sbecmd.vm/sbecmd.vm.nuspec b/packages/sbecmd.vm/sbecmd.vm.nuspec
new file mode 100644
index 000000000..1023e06b2
--- /dev/null
+++ b/packages/sbecmd.vm/sbecmd.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>sbecmd.vm</id>
+    <version>2.0.0.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>ShellBags Explorer, command line edition, for exporting shellbag data</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/sbecmd.vm/tools/chocolateyinstall.ps1 b/packages/sbecmd.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..8314ad2c2
--- /dev/null
+++ b/packages/sbecmd.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'SBECmd'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/SBECmd.zip'
+$zipSha256 = '640caf1592daf5a62c4984f50d684f96e69c98c67611742a172f5fd35572ced0'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false
diff --git a/packages/sbecmd.vm/tools/chocolateyuninstall.ps1 b/packages/sbecmd.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..51896988c
--- /dev/null
+++ b/packages/sbecmd.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'SBECmd'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/sdb_explorer.vm/sdb_explorer.vm.nuspec b/packages/sdb_explorer.vm/sdb_explorer.vm.nuspec
new file mode 100644
index 000000000..9ee292f5a
--- /dev/null
+++ b/packages/sdb_explorer.vm/sdb_explorer.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>sdb_explorer.vm</id>
+    <version>2.0.0.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>Shim database GUI</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/sdb_explorer.vm/tools/chocolateyinstall.ps1 b/packages/sdb_explorer.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..d1154b29c
--- /dev/null
+++ b/packages/sdb_explorer.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'SDBExplorer'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/SDBExplorer.zip'
+$zipSha256 = 'c88085e74405801f9d4f2557ce35eaa6316e6fe812e5efd66a6a1d87f1b1cbd6'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $false -innerFolder $true
diff --git a/packages/sdb_explorer.vm/tools/chocolateyuninstall.ps1 b/packages/sdb_explorer.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..89bf2652c
--- /dev/null
+++ b/packages/sdb_explorer.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'SDBExplorer'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/shellbags_explorer.vm/shellbags_explorer.vm.nuspec b/packages/shellbags_explorer.vm/shellbags_explorer.vm.nuspec
new file mode 100644
index 000000000..13fe2f843
--- /dev/null
+++ b/packages/shellbags_explorer.vm/shellbags_explorer.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>shellbags_explorer.vm</id>
+    <version>2.0.0.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>GUI for browsing shellbags data. Handles locked files</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/shellbags_explorer.vm/tools/chocolateyinstall.ps1 b/packages/shellbags_explorer.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..a6a3ae533
--- /dev/null
+++ b/packages/shellbags_explorer.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'ShellBagsExplorer'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/ShellBagsExplorer.zip'
+$zipSha256 = '8f81e32b723115462d6245357d1c3d8a41fff2926c263c857a086765ce3f7ad2'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $false -innerFolder $true
diff --git a/packages/shellbags_explorer.vm/tools/chocolateyuninstall.ps1 b/packages/shellbags_explorer.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..36c4f394d
--- /dev/null
+++ b/packages/shellbags_explorer.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'ShellBagsExplorer'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/sqlecmd.vm/sqlecmd.vm.nuspec b/packages/sqlecmd.vm/sqlecmd.vm.nuspec
new file mode 100644
index 000000000..2f8f3e1e0
--- /dev/null
+++ b/packages/sqlecmd.vm/sqlecmd.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>sqlecmd.vm</id>
+    <version>1.0.0.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>Find and process SQLite files according to your needs with maps!</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/sqlecmd.vm/tools/chocolateyinstall.ps1 b/packages/sqlecmd.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..a29c800d2
--- /dev/null
+++ b/packages/sqlecmd.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'SQLECmd'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/SQLECmd.zip'
+$zipSha256 = '40a23c2bd6855753e5f39a7cb944cd2e13aecb70ae2c5b3db840c959225454be'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $true
diff --git a/packages/sqlecmd.vm/tools/chocolateyuninstall.ps1 b/packages/sqlecmd.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..94c5dd723
--- /dev/null
+++ b/packages/sqlecmd.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'SQLECmd'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/srumecmd.vm/srumecmd.vm.nuspec b/packages/srumecmd.vm/srumecmd.vm.nuspec
new file mode 100644
index 000000000..23c350ef7
--- /dev/null
+++ b/packages/srumecmd.vm/srumecmd.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>srumecmd.vm</id>
+    <version>0.5.1.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>Process SRUDB.dat and (optionally) SOFTWARE hive for network, process, and energy info!</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/srumecmd.vm/tools/chocolateyinstall.ps1 b/packages/srumecmd.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..9b8634b4c
--- /dev/null
+++ b/packages/srumecmd.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'SrumECmd'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/SrumECmd.zip'
+$zipSha256 = 'acfff757f1da4e7cc5c7c521c8fd7eeda938ac9402ae4874f2c8f49239d52dc1'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false
diff --git a/packages/srumecmd.vm/tools/chocolateyuninstall.ps1 b/packages/srumecmd.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..4904a4d8f
--- /dev/null
+++ b/packages/srumecmd.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'SrumECmd'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/sumecmd.vm/sumecmd.vm.nuspec b/packages/sumecmd.vm/sumecmd.vm.nuspec
new file mode 100644
index 000000000..8a0f14abd
--- /dev/null
+++ b/packages/sumecmd.vm/sumecmd.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>sumecmd.vm</id>
+    <version>0.5.2.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>Process Microsoft User Access Logs found under "C:\Windows\System32\LogFiles\SUM"</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/sumecmd.vm/tools/chocolateyinstall.ps1 b/packages/sumecmd.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..870f52a15
--- /dev/null
+++ b/packages/sumecmd.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'SumECmd'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/SumECmd.zip'
+$zipSha256 = '74ed2f833056c2c88ee906fd1cbd8938a1d8f0c2df7e7ce031614858c8d16cb7'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false
diff --git a/packages/sumecmd.vm/tools/chocolateyuninstall.ps1 b/packages/sumecmd.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..1f865b953
--- /dev/null
+++ b/packages/sumecmd.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'SumECmd'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/timeline_explorer.vm/timeline_explorer.vm.nuspec b/packages/timeline_explorer.vm/timeline_explorer.vm.nuspec
new file mode 100644
index 000000000..5db807e93
--- /dev/null
+++ b/packages/timeline_explorer.vm/timeline_explorer.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>timeline_explorer.vm</id>
+    <version>2.0.0.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>View CSV and Excel files, filter, group, sort, etc. with ease</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/timeline_explorer.vm/tools/chocolateyinstall.ps1 b/packages/timeline_explorer.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..eb45f2781
--- /dev/null
+++ b/packages/timeline_explorer.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'TimelineExplorer'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/TimelineExplorer.zip'
+$zipSha256 = '0542e719418d91ee7fa0d62a4b7af6003c72e8bd0ecc572ecd6fc0ab4c3a83e0'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $false -innerFolder $true
diff --git a/packages/timeline_explorer.vm/tools/chocolateyuninstall.ps1 b/packages/timeline_explorer.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..a41397764
--- /dev/null
+++ b/packages/timeline_explorer.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'TimelineExplorer'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/vscmount.vm/tools/chocolateyinstall.ps1 b/packages/vscmount.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..01de42c4b
--- /dev/null
+++ b/packages/vscmount.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'VSCMount'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/VSCMount.zip'
+$zipSha256 = '28927b892af255673432a962ac41f58f9be5cb3c7c0a2444556a01b033f066a7'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false
diff --git a/packages/vscmount.vm/tools/chocolateyuninstall.ps1 b/packages/vscmount.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..3c8a9b377
--- /dev/null
+++ b/packages/vscmount.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'VSCMount'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/vscmount.vm/vscmount.vm.nuspec b/packages/vscmount.vm/vscmount.vm.nuspec
new file mode 100644
index 000000000..10e0f2a6d
--- /dev/null
+++ b/packages/vscmount.vm/vscmount.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>vscmount.vm</id>
+    <version>1.5.0.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>Mount all VSCs on a drive letter to a given mount point</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/wxtcmd.vm/tools/chocolateyinstall.ps1 b/packages/wxtcmd.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..59f7a2d6c
--- /dev/null
+++ b/packages/wxtcmd.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'WxTCmd'
+$category = 'Forensic'
+
+$zipUrl = 'https://f001.backblazeb2.com/file/EricZimmermanTools/net6/WxTCmd.zip'
+$zipSha256 = '87d97c832a6c7d82ca57e2213c6e3416a3b4ea5ff5b54db4cc84e48b1cfc424a'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false
diff --git a/packages/wxtcmd.vm/tools/chocolateyuninstall.ps1 b/packages/wxtcmd.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..9a899f4df
--- /dev/null
+++ b/packages/wxtcmd.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'WxTCmd'
+$category = 'Forensic'
+
+VM-Uninstall $toolName $category
diff --git a/packages/wxtcmd.vm/wxtcmd.vm.nuspec b/packages/wxtcmd.vm/wxtcmd.vm.nuspec
new file mode 100644
index 000000000..155f38a0e
--- /dev/null
+++ b/packages/wxtcmd.vm/wxtcmd.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>wxtcmd.vm</id>
+    <version>1.0.0.20231208</version>
+    <authors>Eric Zimmerman</authors>
+    <description>Windows 10 Timeline database parser</description>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="dotnet-6.vm" />
+    </dependencies>
+  </metadata>
+</package>