Tools for parsing Forensic images
PowerShell script that automates the use of Eric Zimmerman's cmd line tools (https://ericzimmerman.github.io/) against a mounted forensic image. The following tools are run where applicable to the image being processed:
- JLECmd.exe
- LEcmd.exe
- PEcmd.exe
- SBECmd.exe
- AppCompatParser.exe
- AmcacheParser.exe
- RecentFileCacheParser.exe
- WxTCmd.exe
- MFTECmd.exe
Category: Triage
Category URL: http://www.dfir.training/component/mtree/forensic-utilities/triage?Itemid=
