Skip to content

AChoir Version 2.0
Compare
Choose a tag to compare
@OMENScan OMENScan released this 01 Oct 02:22
· 79 commits to master since this release
v2.0
b0e9eef

AChoir Version 2.0 Release

Changes Since Version 1.0

AChoir v1.0

  • Cosmetic USB Message Changes
  • HTTP Get Bug Fixes, Fix &Acq dblSlash
  • Add Optional Case & Evidence Name/Number Input
  • CSE:GET and CSE:SAY
  • /CSE Argument to Get Case Information
  • VCK:(x:) NTFS, FAT32, CDFS, Other, None
  • &VCK - Contains Results of VCK:
  • EQU:(s1) (s2) - Are S1 and S2 Equal?
  • NEQ:(s1) (s2) - Are S1 and S2 NOT Equal?
  • Support Indenting (spaces or Tabs)
  • DSK:<type) Set &DSK looping variable to
    • Types: Removable, Fixed, Remote, CDROM
  • &DSK - Looping Var Contains Disk that match

AChoir v1.1

  • Peppered Flush STDOUT buffers for better PSExec Display (Remote Acq)
  • SHR:(Path) (Name) - Create a Local Share
  • SHD:(Name) - Delete a Local Share

AChoir v1.2

  • Add /USR:? and /PWD:? - Query MAP USR and PWD
  • Replaced getch() with getchar(). This is because PsExec does not work with getch().
    • PsExec also does not work with SetConsoleMode so there is no way to do hidden/masked password input.

AChoir v1.3

  • Implement NTP Client for Querying Time Drift
  • Fix minor display bug when using &Tim

AChoir v1.4

  • New Actions to Hide and Reconnect the Console
    • CON:Hide and CON:Show
  • SLP:(Sec) Sleep for (Sec)Seconds

AChoir v1.5

  • Add /VR0: -/VR9: Command Line Parameters
  • When BaseDir changes, change Windows CWD too
  • New Redaction Routine for PWD: EXE: CMD:

AChoir v1.6

  • Add EXA: and EXB: (Asyn & Background EXe)

AChoir v1.7

  • Fix DSK: &DSK bug for Remote Collections
  • File not being properly closed causes loop.

AChoir v1.8

  • Recognize Compressed Files, and allow them to be copied by the OS API to DeCompress them.
    • The Flag for this behaviour is: SET:NCP=OSCOPY or SET:NCP=RAWONLY
  • Added built in Support for WOW64 file redirection of X86 binCopy of SYSTEM32 (sub) directories. This was needed for switching from rawcopy to bincopy - plus its a good general feature anyway.

AChoir v1.9

  • Recognize Compressed Size

AChoir v1.9a

  • More Comressed Files Support

AChoir v2.0

  • Add LZNT1 Decompress Routine
    • Flag behaviors have changed:
    • SET:NCP=NODCMP - NoDecompression
    • SET:NCP=DECOMP/RAWONLY - LZNT1 Decompress
    • SET:NCP=OSCOPY - Do OS/API copy on Decomp Err
Assets 3