From c0651ae6d2440f15408448fcd5e1013af551fc1d Mon Sep 17 00:00:00 2001 From: Patrick Neumann Date: Mon, 30 Nov 2020 18:40:19 +0100 Subject: [PATCH] Added Nautilus scripts for fred --- .../scripts/05a-Windows/03a-WindowsDir-fred | 130 ++++++++++++++++++ .../scripts/05a-Windows/03b-NTUSER.DAT-fred | 110 +++++++++++++++ 2 files changed, 240 insertions(+) create mode 100755 home/lucifer/.local/share/nautilus/scripts/05a-Windows/03a-WindowsDir-fred create mode 100755 home/lucifer/.local/share/nautilus/scripts/05a-Windows/03b-NTUSER.DAT-fred diff --git a/home/lucifer/.local/share/nautilus/scripts/05a-Windows/03a-WindowsDir-fred b/home/lucifer/.local/share/nautilus/scripts/05a-Windows/03a-WindowsDir-fred new file mode 100755 index 0000000..0e2594d --- /dev/null +++ b/home/lucifer/.local/share/nautilus/scripts/05a-Windows/03a-WindowsDir-fred @@ -0,0 +1,130 @@ +#!/bin/bash +#=============================================================================== +# +# DIRECTORY: +# /home/*/.local/share/nautilus/scripts/05a-Windows/ +# OR +# /home/*/.gnome2/nautilus-sctipts/05a-Windows/ (deprecated) +# +# FILE: +# 03a-WindowsDir-fred +# +# USAGE: +# Right click on a Windows directory and +# choose this nautilus script from the context menu. +# +# OPTIONS: +# none +# +# DESCRIPTION: +# Ask for a Windows registry hive and open it with the +# Forensic Registry EDitor (fred). +# +# REQUIREMENTS: +# bash, zenity and fred +# +# BUGS: +# --- +# +# NOTES: +# Tested on +# - Debian 8+ +# - Arch Linux +# +# AUTHOR: +# Patrick Neumann, patrick@neumannsland.de +# +# COMPANY: +# (privately) +# +# VERSION: +# 0.9 (beta) +# +# LINK TO THE MOST CURRENT VERSIONS: +# https://... +# +# CREATED: +# 21.03.2020 +# +# COPYRIGHT (C): +# 2015-2020 - Patrick Neumann +# +# LICENSE: +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# WARRANTY: +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# TODO: +# ---- +# +# HISTORY: +# 0.9 - Patrick Neumann - Initial (public) release +# +#=============================================================================== + +#------------------------------------------------------------------------------- +# Additional supported Distribution(s) (add before Library!). +#------------------------------------------------------------------------------- +# fred-report-templates have to be copied manually to! +SUPPORTED_OSR="arch" + +#------------------------------------------------------------------------------- +# Check for library (casualscripter_nautilus-scripts_functions.sh). +#------------------------------------------------------------------------------- +readonly LIBRARY="${0%/*/*}/.casualscripter_nautilus-scripts_functions.sh" +if [ ! -f "${LIBRARY}" ] ; then + zenity --error \ + --text \ + "ERROR: casualscripter_nautilus-scripts_functions.sh MISSING!" + exit 1 +fi + +source "${LIBRARY}" + +#------------------------------------------------------------------------------- +# Checks (see library "casualscripter_nautilus-scripts_functions.sh"). +#------------------------------------------------------------------------------- +# I maintain an AUR package especially for this! +check_dep "${FRED_BIN}" "fred" + +# Windows: Vista, 7, 8, 8.1, 8.1U1 and 10 +# WINDOWS: XP +check_dir "${SOURCE}" "W(indows|INDOWS)" + +#------------------------------------------------------------------------------- +# Select hive. +#------------------------------------------------------------------------------- +readonly HIVE="$( ${ZENITY_BIN} --list \ + --text "Please select a windows registry hive!" \ + --radiolist \ + --column "" \ + --column "Hives:" TRUE SYSTEM FALSE SOFTWARE FALSE SAM \ + --width="320" \ + --height="320" )" + +#------------------------------------------------------------------------------- +# Open hive with the "Forensic Registry EDitor" (fred) +#------------------------------------------------------------------------------- +if [ -n "${HIVE}" ] ; then + if [ -f "${SOURCE}/System32/config/${HIVE}" ] ; then + # Windows Vista, 7, 8, 8.1, 8.1U1 and 10 + ${FRED_BIN} "${SOURCE}/System32/config/${HIVE}" + else + # Windows XP + ${FRED_BIN} "${SOURCE}/system32/config/${HIVE}" + fi +else + error_exit "no hive selected" +fi + +exit 0 diff --git a/home/lucifer/.local/share/nautilus/scripts/05a-Windows/03b-NTUSER.DAT-fred b/home/lucifer/.local/share/nautilus/scripts/05a-Windows/03b-NTUSER.DAT-fred new file mode 100755 index 0000000..9f76fa1 --- /dev/null +++ b/home/lucifer/.local/share/nautilus/scripts/05a-Windows/03b-NTUSER.DAT-fred @@ -0,0 +1,110 @@ +#!/bin/bash +#=============================================================================== +# +# DIRECTORY: +# /home/*/.local/share/nautilus/scripts/05a-Windows/ +# OR +# /home/*/.gnome2/nautilus-sctipts/05a-Windows/ (deprecated) +# +# FILE: +# 03b-NTUSER.DAT-fred +# +# USAGE: +# Right klick on a NTUSER.DAT and +# choose this nautilus script from the context menu. +# +# OPTIONS: +# none +# +# DESCRIPTION: +# Open the NTUSER.DAT with the Forensic Registry EDitor (fred). +# +# REQUIREMENTS: +# bash, zenity and fred +# +# BUGS: +# --- +# +# NOTES: +# Tested on +# - Debian 8+ +# - Arch Linux +# +# AUTHOR: +# Patrick Neumann, patrick@neumannsland.de +# +# COMPANY: +# (privately) +# +# VERSION: +# 0.9 (beta) +# +# LINK TO THE MOST CURRENT VERSIONS: +# https://... +# +# CREATED: +# 21.03.2020 +# +# COPYRIGHT (C): +# 2015-2020 - Patrick Neumann +# +# LICENSE: +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# WARRANTY: +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# TODO: +# ---- +# +# HISTORY: +# 0.9 - Patrick Neumann - Initial (public) release +# +#=============================================================================== + +#------------------------------------------------------------------------------- +# Additional supported Distribution(s) (add before Library!). +#------------------------------------------------------------------------------- +# fred-report-templates have to be copied manually to! +SUPPORTED_OSR="arch" + +#------------------------------------------------------------------------------- +# Check for library (casualscripter_nautilus-scripts_functions.sh). +#------------------------------------------------------------------------------- +readonly LIBRARY="${0%/*/*}/.casualscripter_nautilus-scripts_functions.sh" +if [ ! -f "${LIBRARY}" ] ; then + zenity --error \ + --text \ + "ERROR: casualscripter_nautilus-scripts_functions.sh MISSING!" + exit 1 +fi + +source "${LIBRARY}" + +#------------------------------------------------------------------------------- +# Checks (see library "casualscripter_nautilus-scripts_functions.sh"). +#------------------------------------------------------------------------------- +# I maintain an AUR package especially for this! +check_dep "${FRED_BIN}" "fred" + +check_file "${SOURCE}" "NTUSER.DAT" + +#------------------------------------------------------------------------------- +# Open hive with the "Forensic Registry EDitor" (fred). +#------------------------------------------------------------------------------- +if [ -n "${USER}" ] ; then + ${FRED_BIN} "${SOURCE}" +else + error_exit "no hive selected" +fi + +exit 0