Skip to content

Commit

Permalink
AChoir v4.4a
Browse files Browse the repository at this point in the history 
Replace Regripper v2.8 with v3.0
  • Loading branch information
@OMENScan
OMENScan committed Aug 8, 2020
1 parent c265a98 commit 48591b2
Show file tree
Hide file tree
Showing 6 changed files with 36 additions and 28 deletions.
Binary file modified AChoir-inst.exe
View file
Binary file not shown.
45 changes: 25 additions & 20 deletions Build.ACQ
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
**********************************************************
********************************************************
** Live Acquisition Downloading Script (2.0) *
** This script uses cURL to get the AChoir Utilities *
** from the owners websites - These are not my utilities *
Expand Down Expand Up @@ -98,16 +98,15 @@ CKN:&Dir\PsLogList.exe
SAY:
END:
END:
SAY:
SAY: --- Getting Prefetch Parser (From Red Wolf) ---
SAY:
FIL:PrefetchParser.zip
EXE:\cURL.exe -L -s -k -o &Dir\&Fil -D &Dir\PrefetchParser.txt http://redwolfcomputerforensics.com/downloads/parse_prefetch_info_v1.4.zip
SAY:
SAY: --- Unzipping Prefetch Parser ---
SAY:
EXE:\unzip.exe -o &Dir\&Fil -d &Dir
SAY:
*** SAY:
*** SAY: --- Getting Prefetch Parser (From Red Wolf) --- No Longer Available (08/07/2020)
*** SAY:
*** FIL:PrefetchParser.zip
*** EXE:\cURL.exe -L -s -k -o &Dir\&Fil -D &Dir\PrefetchParser.txt http://redwolfcomputerforensics.com/downloads/parse_prefetch_info_v1.4.zip
*** SAY:
*** SAY: --- Unzipping Prefetch Parser ---
*** SAY:
*** EXE:\unzip.exe -o &Dir\&Fil -d &Dir
SAY:
SAY: --- Getting WinPreFetchView - 32bit (From Nirsoft) ---
SAY:
Expand Down Expand Up @@ -233,8 +232,6 @@ SAY: --- Unzipping RBCmd ---
SAY:
EXE:\unzip.exe -o &Dir\&Fil -d &Dir
SAY:
SAY: --- Getting RegRipper 2.8 (from GitHub/Keydet89) ---
SAY:
DIR:\SYS\64Bit
SAY:
SAY: --- Getting CurrPorts (From NirSoft) ---
Expand Down Expand Up @@ -265,10 +262,15 @@ SAY:
EXE:\unzip.exe -o &Dir\&Fil -d &Dir
SAY:
DIR:\RRV
SAY:
SAY: --- Getting RegRipper 3.0 (from GitHub/Keydet89) ---
SAY:
FIL:master.zip
EXE:\cURL.exe -L -s -k -o &Dir\&Fil -D &Dir\RegRip.txt https://github.com/keydet89/RegRipper2.8/archive/master.zip
***: Regripper 2.8 - No Longer Available (08/07/2020)
***:\cURL.exe -L -s -k -o &Dir\&Fil -D &Dir\RegRip.txt https://github.com/keydet89/RegRipper2.8/archive/master.zip
EXE:\cURL.exe -L -s -k -o &Dir\&Fil -D &Dir\RegRip.txt https://github.com/omenscan/RegRipper3.0/archive/master.zip
SAY:
SAY: --- Unzipping RegRipper 2.8 ---
SAY: --- Unzipping RegRipper 3.0 ---
SAY:
EXE:\unzip.exe -o &Dir\&Fil -d &Dir
SAY:
Expand All @@ -288,13 +290,16 @@ SAY: --- Unzipping OSFMount 64 Bit ---
SAY:
EXE:\unzip.exe -o &Dir\&Fil -d &Dir\64Bit
SAY:
SAY: --- Getting PSCP 32 and 64 Bit (from the.earth.li) ---
SAY: --- Getting WinSCP Portable (from WinSCP.net) ---
SAY:
DIR:\XFR
FIL:pscp.exe
EXE:\cURL.exe -L -s -k -o &Dir\&Fil -D &Dir\pscp.txt https://the.earth.li/~sgtatham/putty/latest/w32/pscp.exe
FIL:pscp64.exe
EXE:\cURL.exe -L -s -k -o &Dir\&Fil -D &Dir\pscp64.txt https://the.earth.li/~sgtatham/putty/latest/w64/pscp.exe
FIL:WinSCP-5.17.6-Portable.zip
EXE:\cURL.exe -L -s -k -o &Dir\&Fil -D &Dir\WinScp.txt https://winscp.net/download/WinSCP-5.17.6-Portable.zip
SAY:
SAY: --- Unzipping WinSCP Portable ---
SAY:
EXE:\unzip.exe -o &Dir\&Fil -d &Dir
SAY:
SAY: Download and Build Complete...
SAY:
SAY: Now Hashing The Files...
Expand Down
13 changes: 8 additions & 5 deletions Scripts/Build.ACQ
View file
Original file line number Diff line number Diff line change
Expand Up @@ -288,13 +288,16 @@ SAY: --- Unzipping OSFMount 64 Bit ---
SAY:
EXE:\unzip.exe -o &Dir\&Fil -d &Dir\64Bit
SAY:
SAY: --- Getting PSCP 32 and 64 Bit (from the.earth.li) ---
SAY: --- Getting WinSCP Portable (from WinSCP.net) ---
SAY:
DIR:\XFR
FIL:pscp.exe
EXE:\cURL.exe -L -s -k -o &Dir\&Fil -D &Dir\pscp.txt https://the.earth.li/~sgtatham/putty/latest/w32/pscp.exe
FIL:pscp64.exe
EXE:\cURL.exe -L -s -k -o &Dir\&Fil -D &Dir\pscp64.txt https://the.earth.li/~sgtatham/putty/latest/w64/pscp.exe
FIL:WinSCP-5.17.6-Portable.zip
EXE:\cURL.exe -L -s -k -o &Dir\&Fil -D &Dir\WinScp.txt https://winscp.net/download/WinSCP-5.17.6-Portable.zip
SAY:
SAY: --- Unzipping WinSCP Portable ---
SAY:
EXE:\unzip.exe -o &Dir\&Fil -d &Dir
SAY:
SAY: Download and Build Complete...
SAY:
SAY: Now Hashing The Files...
Expand Down
2 changes: 1 addition & 1 deletion Scripts/DeadBox.ACQ
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ EXE:\SYS\RegfileExport.exe &For "&Acq\NTUSER(&Num).EXP"
CPY:"&For" "&Acq\&Fnm(&Num)"
SAY:
SAY: 2b. RegRipping USER Registry Hives/Files...
DIR:\RRV\RegRipper2.8-master
DIR:\RRV\RegRipper3.0-master
CMD:rip.exe -r &FOR -f ntuser > &Acq\NTUSER(&NUM).regrip
SAY:
SAY: 2c. RegRipping Common Hives...
Expand Down
2 changes: 1 addition & 1 deletion Scripts/EWF32.ACQ
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ EXE:\SYS\RegfileExport.exe &For "&Acq\NTUSER(&Num).EXP"
CPY:"&For" "&Acq\&Fnm(&Num)"
SAY:
SAY: 2b. RegRipping USER Registry Hives/Files...
DIR:\RRV\RegRipper2.8-master
DIR:\RRV\RegRipper3.0-master
CMD:rip.exe -r &FOR -f ntuser > &Acq\NTUSER(&NUM).regrip
SAY:
SAY: 2c. RegRipping Common Hives...
Expand Down
2 changes: 1 addition & 1 deletion Scripts/EWF64.ACQ
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ EXE:\SYS\RegfileExport.exe &For "&Acq\NTUSER(&Num).EXP"
CPY:"&For" "&Acq\&Fnm(&Num)"
SAY:
SAY: 2b. RegRipping USER Registry Hives/Files...
DIR:\RRV\RegRipper2.8-master
DIR:\RRV\RegRipper3.0-master
CMD:rip.exe -r &FOR -f ntuser > &Acq\NTUSER(&NUM).regrip
SAY:
SAY: 2c. RegRipping Common Hives...
Expand Down

0 comments on commit 48591b2

Please sign in to comment.