diff --git a/home/lucifer/.local/share/nautilus/scripts/05a-Windows/05-E01-pwdump b/home/lucifer/.local/share/nautilus/scripts/05a-Windows/05-E01-pwdump
new file mode 100755
index 0000000..85398ea
--- /dev/null
+++ b/home/lucifer/.local/share/nautilus/scripts/05a-Windows/05-E01-pwdump
@@ -0,0 +1,156 @@
+#!/bin/bash
+#===============================================================================
+#
+# DIRECTORY:
+# /home/*/.local/share/nautilus/scripts/05a-Windows/
+# OR
+# /home/*/.gnome2/nautilus-sctipts/05a-Windows/ (deprecated)
+#
+# FILE:
+# 05-E01-pwdump
+#
+# USAGE:
+# Right click on a EWF image (.E01) and
+# choose this nautilus script from the context menu.
+#
+# OPTIONS:
+# none
+#
+# DESCRIPTION:
+# Extracts the Hashes from older and newer Windows versions in pwdump format.
+#
+# REQUIREMENTS:
+# bash, zenity, awk, sleuthkit and sed
+#
+# BUGS:
+# ---
+#
+# NOTES:
+# Tested on
+# - Debian 8+
+# - Arch Linux
+#
+# AUTHOR:
+# Patrick Neumann, patrick@neumannsland.de
+#
+# COMPANY:
+# (privately)
+#
+# VERSION:
+# 0.9 (beta)
+#
+# LINK TO THE MOST CURRENT VERSIONS:
+# https://...
+#
+# CREATED:
+# 21.03.2020
+#
+# COPYRIGHT (C):
+# 2015-2020 - Patrick Neumann
+#
+# LICENSE:
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# WARRANTY:
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+#
+# TODO:
+# ----
+#
+# HISTORY:
+# 0.9 - Patrick Neumann - Initial (public) release
+#
+#===============================================================================
+
+#-------------------------------------------------------------------------------
+# Additional supported Distribution(s) (add before Library!).
+#-------------------------------------------------------------------------------
+# fred-report-templates have to be copied manually to!
+SUPPORTED_OSR="arch"
+
+#-------------------------------------------------------------------------------
+# Check for library (casualscripter_nautilus-scripts_functions.sh).
+#-------------------------------------------------------------------------------
+readonly LIBRARY="${0%/*/*}/.casualscripter_nautilus-scripts_functions.sh"
+if [ ! -f "${LIBRARY}" ] ; then
+ zenity --error \
+ --text \
+ "ERROR: casualscripter_nautilus-scripts_functions.sh MISSING!"
+ exit 1
+fi
+
+source "${LIBRARY}"
+
+#-------------------------------------------------------------------------------
+# Checks (see library "casualscripter_nautilus-scripts_functions.sh").
+#-------------------------------------------------------------------------------
+check_dep "${AWK_BIN}" "awk"
+check_dep "${FCAT_BIN}" "sleuthkit"
+check_dep "${SED_BIN}" "sed"
+
+# problem:
+# samdump (ophcrack) is not working since Windows 10 1607 anymore!
+# explanation:
+# http://www.insecurity.be/blog/2018/01/21/retrieving-ntlm-hashes-and-what-changed-technical-writeup/
+# solution:
+# https://github.com/ict/creddump7 (incl. Python 3 support!)
+check_dep "${PWDUMP_BIN}" "pwdump.py"
+
+check_ext "${SOURCE}" "[eE]01"
+
+check_tmp
+
+#-------------------------------------------------------------------------------
+# A little bit of configuration before the magic.
+#-------------------------------------------------------------------------------
+readonly OFFSET="$( choose_partition "${SOURCE}" | ${AWK_BIN} -F "_" '{ print $3; }' )"
+
+readonly SYSTEM_HIVE="${TMP}/${OFFSET}-SYSTEM.hive"
+readonly SAM_HIVE="${TMP}/${OFFSET}-SAM.hive"
+readonly PWDUMP="${TMP}/pwdump-${OFFSET}.txt"
+
+#-------------------------------------------------------------------------------
+# ...
+#-------------------------------------------------------------------------------
+if [ ! -f "${PWDUMP}" ] ; then
+ if ! [ -f "${SYSTEM_HIVE}" ] ; then
+ ${FCAT_BIN} -o "${OFFSET}" "/Windows/System32/config/SYSTEM" "${SOURCE}" > "${SYSTEM_HIVE}"
+ fi
+
+ if ! [ -f "${SAM_HIVE}" ] ; then
+ ${FCAT_BIN} -o "${OFFSET}" "/Windows/System32/config/SAM" "${SOURCE}" > "${SAM_HIVE}"
+ fi
+
+ if ! [ -s "${SYSTEM_HIVE}" ] ; then
+ ${RM_BIN} "${SYSTEM_HIVE}" "${SAM_HIVE}"
+ error_exit "no usable registry hives found"
+ fi
+
+ ${PWDUMP_BIN} "${SYSTEM_HIVE}" "${SAM_HIVE}" > "${PWDUMP}"
+
+ # cleanup some default/global/empty accounts...
+ ${SED_BIN} --in-place '/DefaultAccount/ d' "${PWDUMP}"
+ ${SED_BIN} --in-place '/WDAGUtilityAccount/ d' "${PWDUMP}"
+ ${SED_BIN} --in-place '/HomeGroupUser/ d' "${PWDUMP}"
+ ${SED_BIN} --in-place '/UpdatusUser/ d' "${PWDUMP}" # added by older nVidia graphic drivers
+ ${SED_BIN} --in-place '/31d6cfe0d16ae931b73c59d7e0c089c0/ d' "${PWDUMP}" # empty password
+fi | ${ZENITY_BIN} --progress \
+ --title="pwdump" \
+ --text="Please wait..." \
+ --pulsate
+
+#-------------------------------------------------------------------------------
+# Display content of the resultfile "pwdump.txt".
+#-------------------------------------------------------------------------------
+display_resultfile "${PWDUMP}"
+
+exit 0
diff --git a/home/lucifer/.local/share/nautilus/scripts/05a-Windows/06-pwdump-Ophcrack b/home/lucifer/.local/share/nautilus/scripts/05a-Windows/06-pwdump-Ophcrack
new file mode 100755
index 0000000..b2a0c3c
--- /dev/null
+++ b/home/lucifer/.local/share/nautilus/scripts/05a-Windows/06-pwdump-Ophcrack
@@ -0,0 +1,162 @@
+#!/bin/bash
+#===============================================================================
+#
+# DIRECTORY:
+# /home/*/.local/share/nautilus/scripts/05a-Windows/
+# OR
+# /home/*/.gnome2/nautilus-sctipts/05a-Windows/ (deprecated)
+#
+# FILE:
+# 06-pwdump-Ophcrack
+#
+# USAGE:
+# Right click on pwdump-?.txt and
+# choose this nautilus script from the context menu.
+#
+# OPTIONS:
+# none
+#
+# DESCRIPTION:
+# Starts Ophcrack on the choosen pwdump file.
+#
+# REQUIREMENTS:
+# bash, zenity and ophcrack
+#
+# BUGS:
+# ---
+#
+# NOTES:
+# Tested on
+# - Debian 8+
+# - Arch Linux
+#
+# AUTHOR:
+# Patrick Neumann, patrick@neumannsland.de
+#
+# COMPANY:
+# (privately)
+#
+# VERSION:
+# 0.9 (beta)
+#
+# LINK TO THE MOST CURRENT VERSIONS:
+# https://...
+#
+# CREATED:
+# 21.03.2020
+#
+# COPYRIGHT (C):
+# 2015-2020 - Patrick Neumann
+#
+# LICENSE:
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# WARRANTY:
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+#
+# TODO:
+# ----
+#
+# HISTORY:
+# 0.9 - Patrick Neumann - Initial (public) release
+#
+#===============================================================================
+
+#-------------------------------------------------------------------------------
+# Additional supported Distribution(s) (add before Library!).
+#-------------------------------------------------------------------------------
+# fred-report-templates have to be copied manually to!
+SUPPORTED_OSR="arch"
+
+#-------------------------------------------------------------------------------
+# Check for library (casualscripter_nautilus-scripts_functions.sh).
+#-------------------------------------------------------------------------------
+readonly LIBRARY="${0%/*/*}/.casualscripter_nautilus-scripts_functions.sh"
+if [ ! -f "${LIBRARY}" ] ; then
+ zenity --error \
+ --text \
+ "ERROR: casualscripter_nautilus-scripts_functions.sh MISSING!"
+ exit 1
+fi
+
+source "${LIBRARY}"
+
+#-------------------------------------------------------------------------------
+# Checks (see library "casualscripter_nautilus-scripts_functions.sh").
+#-------------------------------------------------------------------------------
+check_dep "${OPHCRACK_BIN}" "ophcrack"
+
+check_ext "${SOURCE}" "txt"
+
+check_tmp
+
+# I use Free Vista Rainbow tables from
+# https://ophcrack.sourceforge.io/tables.php
+#
+# For the Professional Vista Rainbow tables you will need a lot more space!
+readonly RAINBOW_DIR="/home/${USER}/Ophcrack/tables"
+check_dir "${RAINBOW_DIR}"
+
+#-------------------------------------------------------------------------------
+# Collect additional options.
+#-------------------------------------------------------------------------------
+readonly ASK_VF="vista_free"
+readonly ASK_VN="vista_num"
+readonly ASK_VPF="vista_proba_free"
+readonly ASK_VS="vista_special"
+readonly SELECTS="$( ${ZENITY_BIN} --list \
+ --text "Choose rainbow tables:" \
+ --checklist \
+ --height=220 \
+ --column "Pick" \
+ --column "Option" FALSE "${ASK_VF}" \
+ FALSE "${ASK_VN}" \
+ TRUE "${ASK_VPF}" \
+ FALSE "${ASK_VS}" )"
+
+if [ -z "${SELECTS}" ] ; then
+ error_exit "no rainbow table selected"
+fi
+
+#-------------------------------------------------------------------------------
+# A little bit of configuration before the magic.
+#-------------------------------------------------------------------------------
+readonly RAINBOW_TABLES="${SELECTS//|/:}"
+readonly OPH_LOG="${DIRNAME}/$( ${BASENAME_BIN} "${SOURCE}" )-ophcrack.log"
+readonly OPH_CRACKED="${DIRNAME}/$( ${BASENAME_BIN} "${SOURCE}" )-ophcracked.txt"
+
+#-------------------------------------------------------------------------------
+# ...
+#-------------------------------------------------------------------------------
+if [ ! -f "${OPH_CRACKED}" ] ; then
+ ${GTERMINAL_BIN} --geometry=100x10 --hide-menubar -- \
+ ${OPHCRACK_BIN} -e -g -n 6 -u \
+ -d "${RAINBOW_DIR}" \
+ -t "${RAINBOW_TABLES}" \
+ -f "${SOURCE}" \
+ -l "${OPH_LOG}" \
+ -o "${OPH_CRACKED}"
+
+ ${SLEEP_BIN} 3
+
+ # We have to wait until ophcrack has finished...
+ while ${PGREP_BIN} --full "${OPHCRACK_BIN}" > /dev/null 2>&1; do
+ ${SLEEP_BIN} 1
+ done
+fi
+
+#-------------------------------------------------------------------------------
+# Display content of the resultfile "ophcracked.txt".
+#-------------------------------------------------------------------------------
+display_resultfile "${OPH_CRACKED}"
+
+exit 0
diff --git a/home/lucifer/.local/share/nautilus/scripts/05a-Windows/07a-pwdump-hashcat-dictionary b/home/lucifer/.local/share/nautilus/scripts/05a-Windows/07a-pwdump-hashcat-dictionary
new file mode 100755
index 0000000..974ebe7
--- /dev/null
+++ b/home/lucifer/.local/share/nautilus/scripts/05a-Windows/07a-pwdump-hashcat-dictionary
@@ -0,0 +1,148 @@
+#!/bin/bash
+#===============================================================================
+#
+# DIRECTORY:
+# /home/*/.local/share/nautilus/scripts/05a-Windows/
+# OR
+# /home/*/.gnome2/nautilus-sctipts/05a-Windows/ (deprecated)
+#
+# FILE:
+# 07a-pwdump-hashcat-dictionary
+#
+# USAGE:
+# Right click on a ?-pwdump-txt and
+# choose this nautilus script from the context menu.
+#
+# OPTIONS:
+# none
+#
+# DESCRIPTION:
+# Starts hashcat with a dictionary and a rule on the choosen pwdump file.
+#
+# REQUIREMENTS:
+# bash, zenity, coreutils and hashcat
+#
+# BUGS:
+# ---
+#
+# NOTES:
+# Tested on
+# - Debian 8+
+# - Arch Linux
+#
+# AUTHOR:
+# Patrick Neumann, patrick@neumannsland.de
+#
+# COMPANY:
+# (privately)
+#
+# VERSION:
+# 0.9 (beta)
+#
+# LINK TO THE MOST CURRENT VERSIONS:
+# https://...
+#
+# CREATED:
+# 21.03.2020
+#
+# COPYRIGHT (C):
+# 2015-2020 - Patrick Neumann
+#
+# LICENSE:
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# WARRANTY:
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+#
+# TODO:
+# ----
+#
+# HISTORY:
+# 0.9 - Patrick Neumann - Initial (public) release
+#
+#===============================================================================
+
+#-------------------------------------------------------------------------------
+# Additional supported Distribution(s) (add before Library!).
+#-------------------------------------------------------------------------------
+# fred-report-templates have to be copied manually to!
+SUPPORTED_OSR="arch"
+
+#-------------------------------------------------------------------------------
+# Check for library (casualscripter_nautilus-scripts_functions.sh).
+#-------------------------------------------------------------------------------
+readonly LIBRARY="${0%/*/*}/.casualscripter_nautilus-scripts_functions.sh"
+if [ ! -f "${LIBRARY}" ] ; then
+ zenity --error \
+ --text \
+ "ERROR: casualscripter_nautilus-scripts_functions.sh MISSING!"
+ exit 1
+fi
+
+source "${LIBRARY}"
+
+#-------------------------------------------------------------------------------
+# Checks (see library "casualscripter_nautilus-scripts_functions.sh").
+#-------------------------------------------------------------------------------
+check_dep "${CUT_BIN}" "coreutils"
+check_dep "${HASHCAT_BIN}" "hashcat"
+
+check_ext "${SOURCE}" "txt"
+
+# For development I have only used rockyou.txt.
+# TODO: choice of more dictionaties:
+# https://github.com/danielmiessler/SecLists/tree/master/Passwords
+readonly DICTIONARY="/home/${USER}/hashcat/dictionaries/rockyou.txt"
+check_file "${DICTIONARY}" "rockyou.txt"
+
+#-------------------------------------------------------------------------------
+# A little bit of configuration before the magic.
+#-------------------------------------------------------------------------------
+readonly HASHCAT="${DIRNAME}/$( ${BASENAME_BIN} "${SOURCE}" )-hashcat-dictionary.txt"
+
+readonly NTLM="${DIRNAME}/$( ${BASENAME_BIN} "${SOURCE}" )-ntlm.txt"
+if ! [ -f "${NTLM}" ] ; then
+ ${CUT_BIN} -d ":" -f 4 "${SOURCE}" > "${NTLM}"
+fi
+
+#-------------------------------------------------------------------------------
+# ...
+# We need force if we use an intel GPU with "broken" OpenCL!
+#-------------------------------------------------------------------------------
+if [ ! -f "${HASHCAT}" ] ; then
+ ${GTERMINAL_BIN} --hide-menubar -- \
+ ${HASHCAT_BIN} \
+ --potfile-disable \
+ --hash-type 1000 \
+ --attack-mode 0 \
+ --workload-profile 3 \
+ --optimized-kernel-enable \
+ --force \
+ --outfile "${HASHCAT}" \
+ "${NTLM}" \
+ "${DICTIONARY}" \
+ --rules-file /usr/share/doc/hashcat/rules/dive.rule
+
+ ${SLEEP_BIN} 3
+
+ # We have to wait until hashcat has finished...
+ while ${PGREP_BIN} --full "${HASHCAT_BIN}" > /dev/null 2>&1; do
+ ${SLEEP_BIN} 1
+ done
+fi
+
+#-------------------------------------------------------------------------------
+# Display content of the resultfile "hashcat.txt".
+#-------------------------------------------------------------------------------
+display_resultfile "${HASHCAT}"
+
+exit 0
diff --git a/home/lucifer/.local/share/nautilus/scripts/05a-Windows/07b-pwdump-hashcat-brute-force b/home/lucifer/.local/share/nautilus/scripts/05a-Windows/07b-pwdump-hashcat-brute-force
new file mode 100755
index 0000000..af6db5a
--- /dev/null
+++ b/home/lucifer/.local/share/nautilus/scripts/05a-Windows/07b-pwdump-hashcat-brute-force
@@ -0,0 +1,157 @@
+#!/bin/bash
+#===============================================================================
+#
+# DIRECTORY:
+# /home/*/.local/share/nautilus/scripts/05a-Windows/
+# OR
+# /home/*/.gnome2/nautilus-sctipts/05a-Windows/ (deprecated)
+#
+# FILE:
+# 07b-pwdump-hashcat-brute-force
+#
+# USAGE:
+# Right click on a ?-pwdump-txt and
+# choose this nautilus script from the context menu.
+#
+# OPTIONS:
+# none
+#
+# DESCRIPTION:
+# Starts hashcat with a brute force attack on the choosen pwdump file.
+#
+# REQUIREMENTS:
+# bash, zenity, coreutils and hashcat
+#
+# BUGS:
+# ---
+#
+# NOTES:
+# Tested on
+# - Debian 8+
+# - Arch Linux
+#
+# AUTHOR:
+# Patrick Neumann, patrick@neumannsland.de
+#
+# COMPANY:
+# (privately)
+#
+# VERSION:
+# 0.9 (beta)
+#
+# LINK TO THE MOST CURRENT VERSIONS:
+# https://...
+#
+# CREATED:
+# 21.03.2020
+#
+# COPYRIGHT (C):
+# 2015-2020 - Patrick Neumann
+#
+# LICENSE:
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# WARRANTY:
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+#
+# TODO:
+# ----
+#
+# HISTORY:
+# 0.9 - Patrick Neumann - Initial (public) release
+#
+#===============================================================================
+
+#-------------------------------------------------------------------------------
+# Additional supported Distribution(s) (add before Library!).
+#-------------------------------------------------------------------------------
+# fred-report-templates have to be copied manually to!
+SUPPORTED_OSR="arch"
+
+#-------------------------------------------------------------------------------
+# Check for library (casualscripter_nautilus-scripts_functions.sh).
+#-------------------------------------------------------------------------------
+readonly LIBRARY="${0%/*/*}/.casualscripter_nautilus-scripts_functions.sh"
+if [ ! -f "${LIBRARY}" ] ; then
+ zenity --error \
+ --text \
+ "ERROR: casualscripter_nautilus-scripts_functions.sh MISSING!"
+ exit 1
+fi
+
+source "${LIBRARY}"
+
+#-------------------------------------------------------------------------------
+# Checks (see library "casualscripter_nautilus-scripts_functions.sh").
+#-------------------------------------------------------------------------------
+check_dep "${CUT_BIN}" "coreutils"
+check_dep "${HASHCAT_BIN}" "hashcat"
+
+check_ext "${SOURCE}" "txt"
+
+#-------------------------------------------------------------------------------
+# A little bit of configuration before the magic.
+#-------------------------------------------------------------------------------
+readonly HASHCAT="${DIRNAME}/$( ${BASENAME_BIN} "${SOURCE}" )-hashcat-brute-force.txt"
+
+readonly NTLM="${DIRNAME}/$( ${BASENAME_BIN} "${SOURCE}" )-ntlm.txt"
+if ! [ -f "${NTLM}" ] ; then
+ ${CUT_BIN} -d ":" -f 4 "${SOURCE}" > "${NTLM}"
+fi
+
+#-------------------------------------------------------------------------------
+# Select pattern.
+#-------------------------------------------------------------------------------
+readonly PATTERN="$( ${ZENITY_BIN} --list \
+ --text "Please select pattern!" \
+ --radiolist \
+ --column "" \
+ --column "Patterns:" TRUE "?a?a?a?a?a" \
+ FALSE "?a?a?a?a?a?a" \
+ FALSE "?l?l?l?l?l?l?l" \
+ FALSE "?u?u?u?u?u?u?u" \
+ FALSE "?d?d?d?d?d?d?d?d" \
+ --width="240" \
+ --height="280" )"
+
+#-------------------------------------------------------------------------------
+# ...
+# We need force if we use an intel GPU with "broken" OpenCL!
+#-------------------------------------------------------------------------------
+if [ ! -f "${HASHCAT}" ] ; then
+ ${GTERMINAL_BIN} --hide-menubar -- \
+ ${HASHCAT_BIN} \
+ --potfile-disable \
+ --hash-type 1000 \
+ --attack-mode 3 \
+ --increment \
+ --workload-profile 3 \
+ --optimized-kernel-enable \
+ --force \
+ --outfile "${HASHCAT}" \
+ "${NTLM}" \
+ "${PATTERN}"
+
+ ${SLEEP_BIN} 3
+
+ # We have to wait until ewfverify has finished...
+ while ${PGREP_BIN} --full "${HASHCAT_BIN}" > /dev/null 2>&1; do
+ ${SLEEP_BIN} 1
+ done
+fi
+
+#-------------------------------------------------------------------------------
+# Display content of the resultfile "hashcat.txt".
+#-------------------------------------------------------------------------------
+display_resultfile "${HASHCAT}"
+
+exit 0