Merge pull request #1133 from mandiant/zimmerman-tools-update

Update Zimmerman's Tools

packages/common.vm/common.vm.nuspec

@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>common.vm</id>
-    <version>0.0.0.20240826</version>
+    <version>0.0.0.20240913</version>
     <description>Common libraries for VM-packages</description>
     <authors>Mandiant</authors>
   </metadata>

packages/common.vm/tools/vm.common/vm.common.psm1

@@ -1800,3 +1800,19 @@ function VM-Set-Legal-Notice {
     New-ItemProperty -Path $RegistryPath -Name legalnoticetext -Value $legalnoticetext -Force
 }
 
+# Converts image file to .ico needed for file icons
+function VM-Create-Ico {
+    param (
+        [string]$imagePath
+    )
+    Add-Type -AssemblyName System.Drawing
+    $imageDirPath = Split-Path -Path $imagePath -Parent
+    $filenameWithoutExtension = [System.IO.Path]::GetFileNameWithoutExtension($imagePath)
+    $iconLocation = Join-Path $imageDirPath "$($filenameWithoutExtension).ico"
+    $bitmap = [System.Drawing.Bitmap]::FromFile($imagePath)
+    $icon = [System.Drawing.Icon]::FromHandle($bitmap.GetHicon())
+    $fs = New-Object System.IO.FileStream($iconLocation, 'OpenOrCreate')
+    $icon.Save($fs)
+    $fs.Close()
+    return $iconLocation
+}

packages/cyberchef.vm/cyberchef.vm.nuspec

@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>cyberchef.vm</id>
-    <version>10.19.0</version>
+    <version>10.19.0.20240913</version>
     <authors>GCHQ</authors>
     <description>The Cyber Swiss Army Knife - a web app for encryption, encoding, compression, data analysis, and more.</description>
     <dependencies>

packages/cyberchef.vm/tools/chocolateyinstall.ps1

@@ -25,7 +25,7 @@ try {
   $htmlPath = Join-Path $toolDir "CyberChef_v10.19.0.html" -Resolve
   $arguments = "start chrome $htmlPath && exit"
   $executableArgs = "/C $arguments"
-  $iconLocation = "%ProgramFiles%\Google\Chrome\Application\chrome.exe"
+  $iconLocation = VM-Create-Ico (Join-Path $toolDir "images\cyberchef-128x128.png") # Create .ico for cyberchef icon
 
   Install-ChocolateyShortcut -ShortcutFilePath $shortcut -TargetPath $executableCmd -Arguments $executableArgs -WorkingDirectory $toolDir -WindowStyle 7 -IconLocation $iconLocation
 

packages/mftecmd.vm/mftecmd.vm.nuspec

@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>mftecmd.vm</id>
-    <version>1.2.2.20240826</version>
+    <version>1.2.2.20240908</version>
     <authors>Eric Zimmerman</authors>
     <description>$MFT, $Boot, $J, $SDS, $I30, and $LogFile (coming soon) parser. Handles locked files</description>
     <dependencies>

packages/mftecmd.vm/tools/chocolateyinstall.ps1

@@ -5,6 +5,6 @@ $toolName = 'MFTECmd'
 $category = 'Forensic'
 
 $zipUrl = 'https://download.mikestammer.com/net6/MFTECmd.zip'
-$zipSha256 = '9beb6bb054df4806023937548bec212177cb8967f6f4d84b73a4e35fb13b8a50'
+$zipSha256 = '705cebd566987e815c7e2ac6d0159d200223065817a6f115b4ce5ba61a22b424'
 
 VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false

packages/recmd.vm/recmd.vm.nuspec

@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>recmd.vm</id>
-    <version>2.0.0.20240826</version>
+    <version>2.0.0.20240908</version>
     <authors>Eric Zimmerman</authors>
     <description>Powerful command line Registry tool searching, multi-hive support, plugins, and more</description>
     <dependencies>

packages/recmd.vm/tools/chocolateyinstall.ps1

@@ -5,6 +5,6 @@ $toolName = 'RECmd'
 $category = 'Forensic'
 
 $zipUrl = 'https://download.mikestammer.com/net6/RECmd.zip'
-$zipSha256 = '58d1884c5f0ff5b1564220377630316303adc5a0840126921c93139f618e2e61'
+$zipSha256 = '90a1c5be877c3a50294a134b81fe26755980a70e6b9d914e444b43c1e205b0f3'
 
 VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $true

packages/rla.vm/rla.vm.nuspec

@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>rla.vm</id>
-    <version>2.0.0.20240826</version>
+    <version>2.0.0.20240908</version>
     <authors>Eric Zimmerman</authors>
     <description>Replay transaction logs and update Registry hives so they are no longer dirty. Useful when tools do not know how to handle transaction logs</description>
     <dependencies>

packages/rla.vm/tools/chocolateyinstall.ps1

@@ -5,6 +5,6 @@ $toolName = 'RLA'
 $category = 'Forensic'
 
 $zipUrl = 'https://download.mikestammer.com/net6/rla.zip'
-$zipSha256 = 'F30F9EF4F2E6BA8A002F8A799851D4173D85D5784FC3E388FBE1CFD525D20333'
+$zipSha256 = '1017f1d19d57665afd8fdfb13955a8280708931cb5cd75eca45ae28e23756b16'
 
 VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false

packages/timeline_explorer.vm/timeline_explorer.vm.nuspec

@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>timeline_explorer.vm</id>
-    <version>2.0.0.20240826</version>
+    <version>2.0.0.20240908</version>
     <authors>Eric Zimmerman</authors>
     <description>View CSV and Excel files, filter, group, sort, etc. with ease</description>
     <dependencies>

packages/timeline_explorer.vm/tools/chocolateyinstall.ps1

@@ -5,6 +5,6 @@ $toolName = 'TimelineExplorer'
 $category = 'Forensic'
 
 $zipUrl = 'https://download.mikestammer.com/net6/TimelineExplorer.zip'
-$zipSha256 = '9e6f008102fcf62148856dad03f310b11b4c586495985fd3d3e333497c6fee2b'
+$zipSha256 = '0ca64b7ad955ed9c0eb867d9313fccf6ef34b236aa3122e09fc2517dcf381852'
 
 VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $false -innerFolder $true