From 6268e1c0b289d46532e6e4bbe594efeb850e5af2 Mon Sep 17 00:00:00 2001 From: reece394 <31659691+reece394@users.noreply.github.com> Date: Sat, 20 Jul 2024 22:24:39 +0100 Subject: [PATCH] Migrate RECmd_Kroll to RECmd_DFIRBatch --- Modules/Compound/!EZParser.mkape | 4 ++-- Modules/Compound/RECmd_AllBatchFiles.mkape | 4 ++-- .../RECmd/{RECmd_Kroll.mkape => RECmd_DFIRBatch.mkape} | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) rename Modules/EZTools/RECmd/{RECmd_Kroll.mkape => RECmd_DFIRBatch.mkape} (76%) diff --git a/Modules/Compound/!EZParser.mkape b/Modules/Compound/!EZParser.mkape index 3d083a7d5..61e0b4796 100644 --- a/Modules/Compound/!EZParser.mkape +++ b/Modules/Compound/!EZParser.mkape @@ -1,7 +1,7 @@ Description: Eric Zimmerman Parsers Category: Modules Author: Phill Moore -Version: 1.4 +Version: 1.5 Id: f531e7cc-c9f3-4d04-881b-dbc89d1e7f38 BinaryUrl: https://ericzimmerman.github.io/ ExportFormat: csv @@ -43,7 +43,7 @@ Processors: CommandLine: "" ExportFormat: "" - - Executable: RECmd_Kroll.mkape + Executable: RECmd_DFIRBatch.mkape CommandLine: "" ExportFormat: "" - diff --git a/Modules/Compound/RECmd_AllBatchFiles.mkape b/Modules/Compound/RECmd_AllBatchFiles.mkape index 43b7dda45..0b04319c3 100644 --- a/Modules/Compound/RECmd_AllBatchFiles.mkape +++ b/Modules/Compound/RECmd_AllBatchFiles.mkape @@ -1,7 +1,7 @@ Description: 'RECmd: All RECmd Batch Output' Category: Registry Author: Andrew Rathbun -Version: 1.1 +Version: 1.2 Id: f2c9c95d-375e-4fb7-b069-7e9b95ea6db5 BinaryUrl: https://f001.backblazeb2.com/file/EricZimmermanTools/RegistryExplorer_RECmd.zip ExportFormat: csv @@ -23,7 +23,7 @@ Processors: CommandLine: "" ExportFormat: "" - - Executable: RECmd_Kroll.mkape + Executable: RECmd_DFIRBatch.mkape CommandLine: "" ExportFormat: "" - diff --git a/Modules/EZTools/RECmd/RECmd_Kroll.mkape b/Modules/EZTools/RECmd/RECmd_DFIRBatch.mkape similarity index 76% rename from Modules/EZTools/RECmd/RECmd_Kroll.mkape rename to Modules/EZTools/RECmd/RECmd_DFIRBatch.mkape index 6b76adc20..16c199ab1 100644 --- a/Modules/EZTools/RECmd/RECmd_Kroll.mkape +++ b/Modules/EZTools/RECmd/RECmd_DFIRBatch.mkape @@ -1,14 +1,14 @@ -Description: 'RECmd: Kroll' +Description: 'RECmd: DFIR' Category: Registry Author: Andrew Rathbun -Version: 1.0 +Version: 1.1 Id: 26e4a8f6-d745-4195-8b8e-563cf32a4952 BinaryUrl: https://f001.backblazeb2.com/file/EricZimmermanTools/RECmd.zip ExportFormat: csv Processors: - Executable: RECmd\RECmd.exe - CommandLine: -d %sourceDirectory% --bn BatchExamples\Kroll_Batch.reb --nl false --csv %destinationDirectory% + CommandLine: -d %sourceDirectory% --bn BatchExamples\DFIRBatch.reb --nl false --csv %destinationDirectory% ExportFormat: csv # Documentation @@ -20,5 +20,5 @@ Processors: # https://www.youtube.com/watch?v=tk9XsMHzPlM # https://www.youtube.com/watch?v=GhCZfCzn2l0 # https://leanpub.com/eztoolsmanuals -# Uses the Kroll batch command file. This file should reside within KAPE\Module\bin\RECmd\BatchExamples. +# Uses the DFIR batch command file. This file should reside within KAPE\Module\bin\RECmd\BatchExamples. # Note: --nl false replays transaction logs. If you don't want to replay transaction logs, change to --nl true.