Mike Cary has written a PowerShell script that automates the use of Eric Zimmerman’s cmd line tools (https://ericzimmerman.github.io/) against a mounted forensic image.
The following tools are run where applicable to the image being processed:
- JLECmd.exe
- LEcmd.exe
- PEcmd.exe
- SBECmd.exe
- AppCompatParser.exe
- AmcacheParser.exe
- RecentFileCacheParser.exe
- WxTCmd.exe
- MFTECmd.exe
- Registry Explorer project file creation
Learn more about the script at Mike’s GitHub.
