digital-forensics-labs/digital-forensics-lab
1
0
Fork 0
mirror of https://github.com/frankwxu/digital-forensics-lab.git synced 2026-04-10 12:13:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

new script for tool installation

Browse Source
This commit is contained in:
Frank Xu
2021-12-05 23:31:59 -05:00
parent c8f7b4f5d3
commit c5c3b04e8c
5 changed files with 357 additions and 257 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
Help/Tool_installation.pptx
View File

Binary file not shown.

BIN
Help/Wine_installation.pptx
View File

Binary file not shown.

117
Help/tool-install-bash.sh
View File

@@ -1,117 +0,0 @@
#!/bin/bash
echo 'This might take a while. Please wait...'
# Update apt first
# Note: -y means the install will go through without user input
sudo apt update -y
# Install Python-related tools first
sudo apt install python-setuptools python3-pip -y
# Install software that can be installed from the repository
sudo apt install vinetto tree python3-evtx xmlstarlet libhivex-bin python3-hivex libesedb-utils pasco pff-tools libnl-utils libvshadow-utils -y
pip3 install time-decode
sudo apt install npm -y
sudo npm install -g imgclip
# Installing Regripper
cd ~/Downloads
wget https://raw.githubusercontent.com/siftgrab/siftgrab/master/regripper.conf/RegRipper30-apt-git-Install.sh
sudo bash RegRipper30-apt-git-Install.sh
# Git clone other tools
mkdir ~/UB-730-Tools
cd ~/UB-730-Tools
git clone https://github.com/PoorBillionaire/USN-Record-Carver.git
git clone https://github.com/dkovar/analyzeMFT.git
git clone https://github.com/PoorBillionaire/USN-Journal-Parser.git
git clone https://github.com/PoorBillionaire/Windows-Prefetch-Parser.git
git clone https://github.com/prolsen/recentfilecache-parser.git
# Installing JLEC
cd ~/Downloads
wget https://f001.backblazeb2.com/file/EricZimmermanTools/JLECmd.zip
unzip JLECmd.zip && mkdir ~/UB-730-Tools/JLEC && mv JLECmd.exe ~/UB-730-Tools/JLEC
# Installing wine
sudo apt install wine wine64 -y
cd ~/Downloads
wget https://dl.winehq.org/wine/wine-mono/5.0.0/wine-mono-5.0.0-x86.msi
# Create .bash_aliases file. .bashrc is set to run this file by default.
# This will allow you to call the git cloned programs anywhere in the terminal. Current solution anyway.
touch ~/.bash_aliases
echo "alias prefetch.py='python2 ~/UB-730-Tools/Windows-Prefetch-Parser/windowsprefetch/prefetch.py'" >> ~/.bash_aliases
echo "alias rfcparse.py='python2 ~/UB-730-Tools/recentfilecache-parser/rfcparse.py'" >> ~/.bash_aliases
echo "alias usn.py='python2 ~/UB-730-Tools/USN-Journal-Parser/usnparser/usn.py'">> ~/.bash_aliases
echo "alias usncarve.py='python2 ~/UB-730-Tools/USN-Record-Carver/usncarve.py'" >> ~/.bash_aliases
echo "alias analyzeMFT.py='python2 ~/UB-730-Tools/analyzeMFT/analyzeMFT.py'" >> ~/.bash_aliases
echo "alias JLECmd.exe='wine64 ~/UB-730-Tools/JLEC/JLECmd.exe'" >> ~/.bash_aliases
# Creating reference file in case user doesn't know how to call these commands
touch ~/UB-730-Tools/Tools-Reference.txt
echo 'This is a reference for all of the programs installed via the script.' >> ~/UB-730-Tools/Tools-Reference.txt
echo "" >> ~/UB-730-Tools/Tools-Reference.txt
echo "" >> ~/UB-730-Tools/Tools-Reference.txt
echo 'Key: Program --> Command' >> ~/UB-730-Tools/Tools-Reference.txt
echo '-------------------------' >> ~/UB-730-Tools/Tools-Reference.txt
echo '' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'AnalyzeMFT --> analyzeMFT.py' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'Hivex --> hivexsh' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'libesedb --> esedbinfo, esedbexport' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'libpff --> pffinfo, pffexport' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'libvshadow --> vshadowdebug, vshadowinfo, vshadowmount' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'libnl --> nl, nl-* (There are many different commands; type in nl- and press TAB key twice to see)' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'Pasco --> pasco' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'Python-evtx --> evtx_info.py, evtx_dump.py (There are other commands; type in evtx_ and press TAB key twice to see)' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'Regripper --> rip.pl' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'RecentFileCacheParser --> rfcparse.py' >>~/UB-730-Tools/Tools-Reference.txt
echo 'Tree --> tree' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'Time-Decode --> time_decode.py' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'USNJournalParser --> usn.py' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'USNRecordCarver --> usncarve.py'>> ~/UB-730-Tools/Tools-Reference.txt
echo 'Vinetto --> vinetto' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'WindowsPrefetchParser --> prefetch.py' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'Xmlstarlet --> xmlstarlet' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'JLECmd --> JLECmd.exe' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'Imgclip --> imgclip' >> ~/UB-730-Tools/Tools-Reference.txt
# Creating README.txt
touch ~/UB-730-Tools/README.txt
echo "Warning: If you move any of the tools' folders, the settings I put may/will break. If you know everything I did, great, if not, be careful." >> ~/UB-730-Tools/README.txt
echo "" >> ~/UB-730-Tools/README.txt
echo "As of now, you do not have to type in the full path to use any of these programs. I took care of that for you. See Tools-Reference.txt." >> ~/UB-730-Tools/README.txt
echo "" >> ~/UB-730-Tools/README.txt
echo "With that said, if you want to set it up on your own or have a better way of doing it, then feel free to change what you want." >> ~/UB-730-Tools/README.txt
echo "That is only for JLECmd though. If there are any other Windows programs you want to run, you WILL have to use wine <command>, because I did not set an alias for any other .exe except for JLEC." >> ~/UB-730-Tools/READforWineIssues.txt
echo "Malcolm Hayward (malcolm.hayward@ubalt.edu)" >> ~/UB-730-Tools/README.txt
# Instructions for troubleshooting wine
touch ~/UB-730-Tools/READforWineIssues.txt
echo "On my systems, Wine would not work unless wine-mono was installed." >> ~/UB-730-Tools/READforWineIssues.txt
echo "" >> ~/UB-730-Tools/READforWineIssues.txt
echo "Make sure that your Wine version is 5.0." >> ~/UB-730-Tools/READforWineIssues.txt
echo " Commands to check Wine version: wine --version OR wine64 --version." >> ~/UB-730-Tools/READforWineIssues.txt
echo "" >> ~/UB-730-Tools/READforWineIssues.txt
echo "I will assume that your version is 5.0. I already downloaded Wine Mono for you. You just have to do three things." >> ~/UB-730-Tools/READforWineIssues.txt
echo "" >> ~/UB-730-Tools/READforWineIssues.txt
echo "1. Run this command: wine64 uninstaller" >> ~/UB-730-Tools/READforWineIssues.txt
echo "2. You will see a menu. There is an install button. Click that." >> ~/UB-730-Tools/READforWineIssues.txt
echo "3. A file explorer will appear. The mono file is in your Downloads directory (/home/<user>/Downloads). Install it." >> ~/UB-730-Tools/READforWineIssues.txt
echo "" >> ~/UB-730-Tools/READforWineIssues.txt
echo "Both wine and wine64 should work after that. You do not have to type in wine <command> when you run Windows programs like JLECmd. I made an alias so that you only need to type in JLECmd.exe to run it." >> ~/UB-730-Tools/READforWineIssues.txt
echo "" >> ~/UB-730-Tools/READforWineIssues.txt
echo "If there are any questions or problems, send me an email (malcolm.hayward@ubalt.edu) and/or invite me to a Zoom meeting, and I'll help." >> ~/UB-730-Tools/READforWineIssues.txt
# Finish message
echo "Done! Please restart the terminal for some settings to take effect."

393
Help/tool-install-zsh.sh
View File

@@ -1,127 +1,298 @@
#!/bin/bash
#! /bin/bash
echo 'This might take a while. Please wait...'
cd ~
[ ! -d "lab" ] && mkdir lab || cd lab
##############################################
# Tool Installation Report Summary
##############################################
[ -f ~/installation-report.txt ] && sudo rm ~/installation-report.txt
touch ~/installation-report.txt
echo -e "\e[1;32m " >> ~/installation-report.txt
echo -e "\e[1;32m " >> ~/installation-report.txt
echo -e "\e[1;32m*******************************" >> ~/installation-report.txt
echo -e "\e[1;32m* University of Baltimore *" >> ~/installation-report.txt
echo -e "\e[1;32m* Frank Xu wxu@ubalt.edu *" >> ~/installation-report.txt
echo -e "\e[1;32m*******************************" >> ~/installation-report.txt
message(){
(eval "$2") | grep -iq "$3" &> /dev/null
if [ $? == 1 ]; then
echo -e "\e[1;31mTool $1: \"$2\" installation Failed!" >> ~/installation-report.txt
else
echo -e "\e[1;32mTool $1: \"$2\" installation successed!" >> ~/installation-report.txt
fi
}
#############################################
# Lab tools: NIST Data Leakage
##############################################
#install wine
#https://linuxhint.com/install_wine_-ubuntu_20-24/
sudo apt -y update
sudo apt -y upgrade
# install both boot
sudo dpkg --add-architecture i386
sudo apt -y update
sudo apt -y install wine64 wine32
tool_name="wine"
command_string="wine --version"
sudo apt -y install $tool_name
key_str="wine-"
message $tool_name "$command_string" "$key_str"
# Update apt first
sudo apt update -y
#install other packages
sudo apt -y install python3-pip
sudo apt -y install leafpad
sudo apt -y install terminator
sudo apt -y install sqlite3
sudo apt -y install tree
sudo apt -y install xmlstarlet
sudo apt -y install libhivex-bin
sudo apt -y install pasco
sudo apt -y install npm
sudo apt -y install binwalk
sudo apt -y install foremost
sudo apt -y install hashdeep
sudo apt -y install ewf-tools
sudo apt -y install nautilus
#Install pff-tools
tool_name="pff-tools"
command_string="pffexport -h"
sudo apt -y install $tool_name
key_str="usage"
message $tool_name "$command_string" "$key_str"
#Install libesedb-utils
tool_name="libesedb-utils"
command_string="esedbexport -h"
sudo apt -y install $tool_name
key_str="usage"
message $tool_name "$command_string" "$key_str"
#Install liblnk-utils
tool_name="liblnk-utils"
command_string="lnkinfo -h"
sudo apt -y install $tool_name
key_str="usage"
message $tool_name "$command_string" "$key_str"
# Install Python-related tools first
# Note: -y means the install will go through without user input
sudo apt install python-setuptools python3-pip -y
#Install usncarve
tool_name="usncarve"
command_string="usncarve.py -h"
sudo pip install $tool_name
key_str="usage"
message $tool_name "$command_string" "$key_str"
#Install usnparser
tool_name="usnparser"
command_string="usn.py -h"
sudo pip install $tool_name
key_str="usage"
message $tool_name "$command_string" "$key_str"
# install RegRipper
cd ~/lab
tool_name="RegRipper30"
command_string="rip.pl -h"
key_str="RegRipper tool"
[ -d "tools/RegRipper30/" ] && sudo rm -rf tools/RegRipper30
sudo mkdir tools/RegRipper30
sudo wget -q https://raw.githubusercontent.com/frankwxu/digital-forensics-lab/main/Help/scripts/RegRipper30-apt-git-Install.sh -P tools/RegRipper30/
sudo chmod 755 tools/RegRipper30/RegRipper30-apt-git-Install.sh
sudo tools/RegRipper30/RegRipper30-apt-git-Install.sh
message $tool_name "$command_string" "$key_str"
#Install Vinetto for Thumbcache
cd ~/lab
tool_name="Vinetto"
command_string="vinetto -h"
key_str="usage"
[ -d "tools/Vinetto/" ] && sudo rm -rf tools/Vinetto
sudo git clone https://github.com/AtesComp/Vinetto.git tools/Vinetto
cd tools/Vinetto
sudo pip install .
message $tool_name "$command_string" "$key_str"
#Install time_decode
cd ~/lab
tool_name="time_decode"
command_string="time_decode.py -h"
key_str="usage"
[ -d "tools/time_decode/" ] && sudo rm -rf tools/time_decode
sudo git clone https://github.com/digitalsleuth/time_decode.git tools/time_decode
sudo mv tools/time_decode/time_decode/time_decode.py /usr/local/bin/.
message $tool_name "$command_string" "$key_str"
#Install windowsprefetch
cd ~/lab
tool_name="windowsprefetch"
command_string="prefetch.py -h"
key_str="usage"
sudo pip install $tool_name
sudo cp /home/kali/.local/bin/prefetch.py /usr/local/bin/.
message $tool_name "$command_string" "$key_str"
#Install evtx_dump
cd ~/lab
tool_name="python3-evtx"
command_string="evtx_dump.py -h"
sudo apt -y install $tool_name
key_str="usage"
message $tool_name "$command_string" "$key_str"
#Install INDXParse
cd ~/lab
tool_name="INDXParse"
command_string="INDXParse.py -h"
key_str="usage"
[ -d "tools/INDXParse/" ] && sudo rm -rf tools/INDXParse
sudo wget https://raw.githubusercontent.com/frankwxu/digital-forensics-lab/main/NIST_Data_Leakage_Case/tools/INDXParse.7z -P tools
sudo 7z x tools/INDXParse.7z -aoa -otools
sudo sh -c 'chmod +x tools/INDXParse/*.py'
sudo sh -c 'mv tools/INDXParse/*.py /usr/local/bin/.'
message $tool_name "$command_string" "$key_str"
#Install
cd ~/lab
tool_name="analyzeMFT"
command_string="analyzeMFT.py -h"
key_str="usage"
[ -d "tools/analyzeMFT/" ] && sudo rm -rf tools/analyzeMFT
sudo git clone https://github.com/dkovar/analyzeMFT.git tools/analyzeMFT
cd tools/analyzeMFT
alias python=/usr/bin/python2
sudo python setup.py install
unalias python
message $tool_name "$command_string" "$key_str"
#Install imgclip
cd ~/lab
tool_name="imgclip"
command_string="imgclip -h"
sudo npm install -g $tool_name
key_str="usage"
message $tool_name "$command_string" "$key_str"
#Install libvshadow-alpha-20210425
#https://github.com/libyal/libvshadow/wiki/Building
cd ~/lab
tool_name="libvshadow-alpha-20210425"
command_string="vshadowinfo -h"
key_str="usage"
sudo apt install -y libfuse-dev
sudo apt install -y git autoconf automake autopoint libtool pkg-config
[ -d "tools/libvshadow-20210425" ] && sudo rm -ft tools/libvshadow-20210425
sudo wget -q wget https://github.com/libyal/libvshadow/releases/download/20210425/libvshadow-alpha-20210425.tar.gz -P tools
cd tools
sudo tar -xf libvshadow-alpha-20210425.tar.gz
[ -f "libvshadow-alpha-20210425.tar.gz" ] && sudo rm libvshadow-alpha-20210425.tar.gz
cd libvshadow-20210425
./configure
sudo make
sudo make install
sudo ./configure --prefix=/usr
sudo ldconfig
message $tool_name "$command_string" "$key_str"
#Install undark for carving sqlite .db
cd ~/lab
tool_name="undark"
command_string="undark -h"
key_str="SQLite3"
[ -d "tools/undark/" ] && sudo rm -rf tools/undark
sudo git clone https://github.com/inflex/undark.git tools/undark
cd tools/undark
sudo make
sudo mv undark /usr/local/bin/.
message $tool_name "$command_string" "$key_str"
cd ~/lab
#Install LogFileParser
cd ~/lab
[ -d "LogFileParser/" ] && sudo rm -rf LogFileParser
sudo git clone https://github.com/jschicht/LogFileParser.git
#Install UsnJrnl2Csv
cd ~/lab
[ -d "UsnJrnl2Csv/" ] && sudo rm -rf UsnJrnl2Csv
sudo git clone https://github.com/jschicht/UsnJrnl2Csv.git
#Install JLECmd
cd ~/lab
[ -f "JLECmd.exe" ] && sudo rm JLECmd.exe
wget -q https://f001.backblazeb2.com/file/EricZimmermanTools/JLECmd.zip
unzip JLECmd.zip
sudo rm JLECmd.zip
# Install software that can be installed from the repository
sudo apt install vinetto tree python3-evtx xmlstarlet libhivex-bin python3-hivex libesedb-utils pasco pff-tools libnl-utils libvshadow-utils -y
pip3 install time-decode
sudo apt install npm -y
sudo npm install -g imgclip
#############################################
# Lab Tools: Illegal Possession Images
#############################################
#install stegdetect
cd ~/lab
tool_name="stegdetect"
command_string="stegdetect -V"
key_str="Stegdetect Version"
[ -d "tools/stegdetect/" ] && sudo rm -rf tools/stegdetect
sudo wget https://raw.githubusercontent.com/frankwxu/digital-forensics-lab/main/Illegal_Possession_Images/tools/stegdetect.7z -P tools
sudo 7z x tools/stegdetect.7z -aoa -otools
[ -f "tools/stegdetect.7z" ] && sudo rm -rf tools/stegdetect.7z
sudo cp tools/stegdetect/stegdetect /usr/bin/.
message $tool_name "$command_string" "$key_str"
sudo cp tools/stegdetect/stegbreak /usr/bin/.
tool_name="stegbreak"
command_string="stegbreak -V"
key_str="stegbreak Version"
message $tool_name "$command_string" "$key_str"
# Installing Regripper
cd ~/Downloads
wget https://raw.githubusercontent.com/siftgrab/siftgrab/master/regripper.conf/RegRipper30-apt-git-Install.sh
sudo bash RegRipper30-apt-git-Install.sh
#install stego-toolkit
cd ~/lab
tool_name="stego-toolkit "
command_string="jphide"
key_str="jphide"
[ -d "tools/stego-toolkit/" ] && sudo rm -rf tools/stego-toolkit
sudo git clone https://github.com/DominicBreuker/stego-toolkit.git tools/stego-toolkit
cd tools/stego-toolkit/install
sudo chmod +x jphide.sh
sudo ./jphide.sh
message $tool_name "$command_string" "$key_str"
command_string="jpseek"
key_str="jpseek"
message $tool_name "$command_string" "$key_str"
#############################################
# Lab Tools: Memory Forensics
# https://seanthegeek.net/1172/how-to-install-volatility-2-and-volatility-3-on-debian-ubuntu-or-kali-linux/
#############################################
cd ~/lab
sudo apt install -y build-essential git libdistorm3-dev yara libraw1394-11 libcapstone-dev capstone-tool tzdata
# Git clone other tools
mkdir ~/UB-730-Tools
cd ~/UB-730-Tools
git clone https://github.com/PoorBillionaire/USN-Record-Carver.git
git clone https://github.com/dkovar/analyzeMFT.git
git clone https://github.com/PoorBillionaire/USN-Journal-Parser.git
git clone https://github.com/PoorBillionaire/Windows-Prefetch-Parser.git
git clone https://github.com/prolsen/recentfilecache-parser.git
sudo apt install -y python2 python2.7-dev libpython2-dev
curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py
sudo python2 get-pip.py
sudo python2 -m pip install -U setuptools wheel
# Installing JLEC
cd ~/Downloads
wget https://f001.backblazeb2.com/file/EricZimmermanTools/JLECmd.zip
unzip JLECmd.zip && mkdir ~/UB-730-Tools/JLEC && mv JLECmd.exe ~/UB-730-Tools/JLEC
python2 -m pip install -U distorm3 yara pycrypto pillow openpyxl ujson pytz ipython capstone
sudo python2 -m pip install yara
sudo ln -s /usr/local/lib/python2.7/dist-packages/usr/lib/libyara.so /usr/lib/libyara.so
python2 -m pip install -U git+https://github.com/volatilityfoundation/volatility.git
echo 'export PATH=/home/kali/.local/bin:$PATH' >> ~/.zshrc
tool_name="volatility-2"
command_string="vol.py -h"
key_str="usage"
message $tool_name "$command_string" "$key_str"
# Installing wine
sudo apt install wine wine64 -y
cd ~/Downloads
wget https://dl.winehq.org/wine/wine-mono/5.0.0/wine-mono-5.0.0-x86.msi
# Delete all downloaded source code
[ -d "tools" ] && sudo rm -rf tools
# Show report
echo -e "\e[1;31mNeed to reboot the VM to execute some commands, e.g., volatility2 \"vol.py -h\" with Kali account" >> ~/installation-report.txt
# Create .zsh_aliases file. .bashrc is set to run this file by default.
# This will allow you to call the git cloned programs anywhere in the terminal. Current solution anyway.
touch ~/.zsh_aliases
echo "alias prefetch.py='python2 ~/UB-730-Tools/Windows-Prefetch-Parser/windowsprefetch/prefetch.py'" >> ~/.zsh_aliases
echo "alias rfcparse.py='python2 ~/UB-730-Tools/recentfilecache-parser/rfcparse.py'" >> ~/.zsh_aliases
echo "alias usn.py='python2 ~/UB-730-Tools/USN-Journal-Parser/usnparser/usn.py'">> ~/.zsh_aliases
echo "alias usncarve.py='python2 ~/UB-730-Tools/USN-Record-Carver/usncarve.py'" >> ~/.zsh_aliases
echo "alias analyzeMFT.py='python2 ~/UB-730-Tools/analyzeMFT/analyzeMFT.py'" >> ~/.zsh_aliases
echo "alias JLECmd.exe='wine64 ~/UB-730-Tools/JLEC/JLECmd.exe'" >> ~/.zsh_aliases
# Allow .zshrc to run .zshaliases
echo "" >> ~/.zshrc
echo '# Alias definitions' >> ~/.zshrc
echo 'if [ -f ~/.zsh_aliases ]; then' >> ~/.zshrc
echo ' . ~/.zsh_aliases' >> ~/.zshrc
echo 'fi' >> ~/.zshrc
# Creating reference file in case user doesn't know how to call these commands
touch ~/UB-730-Tools/Tools-Reference.txt
echo 'This is a reference for all of the programs installed via the script.' >> ~/UB-730-Tools/Tools-Reference.txt
echo "" >> ~/UB-730-Tools/Tools-Reference.txt
echo "" >> ~/UB-730-Tools/Tools-Reference.txt
echo 'Key: Program --> Command' >> ~/UB-730-Tools/Tools-Reference.txt
echo '-------------------------' >> ~/UB-730-Tools/Tools-Reference.txt
echo '' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'AnalyzeMFT --> analyzeMFT.py' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'Hivex --> hivexsh' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'libesedb --> esedbinfo, esedbexport' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'libpff --> pffinfo, pffexport' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'libvshadow --> vshadowdebug, vshadowinfo, vshadowmount' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'libnl --> nl, nl-* (There are many different commands; type in nl- and press TAB key twice to see)' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'Pasco --> pasco' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'Python-evtx --> evtx_info.py, evtx_dump.py (There are other commands; type in evtx_ and press TAB key twice to see)' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'Regripper --> rip.pl' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'RecentFileCacheParser --> rfcparse.py' >>~/UB-730-Tools/Tools-Reference.txt
echo 'Tree --> tree' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'Time-Decode --> time_decode.py' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'USNJournalParser --> usn.py' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'USNRecordCarver --> usncarve.py'>> ~/UB-730-Tools/Tools-Reference.txt
echo 'Vinetto --> vinetto' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'WindowsPrefetchParser --> prefetch.py' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'Xmlstarlet --> xmlstarlet' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'JLECmd --> JLECmd.exe' >> ~/UB-730-Tools/Tools-Reference.txt
echo 'Imgclip --> imgclip' >> ~/UB-730-Tools/Tools-Reference.txt
# Creating README.txt
touch ~/UB-730-Tools/README.txt
echo "Warning: If you move any of the tools' folders, the settings I put may/will break. If you know everything I did, great, if not, be careful." >> ~/UB-730-Tools/README.txt
echo "" >> ~/UB-730-Tools/README.txt
echo "As of now, you do not have to type in the full path to use any of these programs. I took care of that for you. See Tools-Reference.txt." >> ~/UB-730-Tools/README.txt
echo "" >> ~/UB-730-Tools/README.txt
echo "With that said, if you want to set it up on your own or have a better way of doing it, then feel free to change what you want." >> ~/UB-730-Tools/README.txt
echo "" >> ~/UB-730-Tools/README.txt
echo "Malcolm Hayward (malcolm.hayward@ubalt.edu)" >> ~/UB-730-Tools/README.txt
# Instructions for troubleshooting wine
touch ~/UB-730-Tools/READforWineIssues.txt
echo "On my systems, Wine would not work unless wine-mono was installed." >> ~/UB-730-Tools/READforWineIssues.txt
echo "" >> ~/UB-730-Tools/READforWineIssues.txt
echo "Make sure that your Wine version is 5.0." >> ~/UB-730-Tools/READforWineIssues.txt
echo " Commands to check Wine version: wine --version OR wine64 --version." >> ~/UB-730-Tools/READforWineIssues.txt
echo "" >> ~/UB-730-Tools/READforWineIssues.txt
echo "I will assume that your version is 5.0. I already downloaded Wine Mono for you. You just have to do three things." >> ~/UB-730-Tools/READforWineIssues.txt
echo "" >> ~/UB-730-Tools/READforWineIssues.txt
echo "1. Run this command: wine64 uninstaller" >> ~/UB-730-Tools/READforWineIssues.txt
echo "2. You will see a menu. There is an install button. Click that." >> ~/UB-730-Tools/READforWineIssues.txt
echo "3. A file explorer will appear. The mono file is in your Downloads directory (/home/<user>/Downloads). Install it." >> ~/UB-730-Tools/READforWineIssues.txt
echo "" >> ~/UB-730-Tools/READforWineIssues.txt
echo "Both wine and wine64 should work after that. You do not have to type in wine <command> when you run JLECmd. I made an alias so that you only need to type in JLECmd.exe to run it." >> ~/UB-730-Tools/READforWineIssues.txt
echo "That is only for JLECmd though. If there are any other Windows programs you want to run, you WILL have to use wine <command>, because I did not set an alias for any other .exe except for JLEC." >> ~/UB-730-Tools/READforWineIssues.txt
echo "If there are any questions or problems, send me an email (malcolm.hayward@ubalt.edu) and/or invite me to a Zoom meeting, and I'll help." >> ~/UB-730-Tools/READforWineIssues.txt
# Finish message
echo "Done! Please restart the terminal for some settings to take effect."
cat ~/installation-report.txt