search

DFIR-ORC / dfir-orc

Forensics artefact collection tool for systems running Microsoft Windows
https://dfir-orc.github.io
GNU Lesser General Public License v2.1
370 stars 42 forks source link

Environment variable in command->argument #30

Closed lprat closed 2 years ago

lprat commented 3 years ago

Hi,

ORC don't allow to insert environment variable in command->argument. E.G:

<command keyword="sigcheck.exe system32">
            <execute name="sigcheck.exe" run32="7z:#Tools|sigcheck.exe" run64="7z:#Tools|sigcheck64.exe"/>
            <argument>-accepteula -h -e -a -c %windir%\system32</argument>
            <output name="system32_infos.csv" source="StdOut"/>
            <output name="system32_infos.log" source="StdErr"/>
</command>

Please, can you improve this feature, by allow var env in argument or by directory in "input".

Thanks. Lionel

fabienfl-orc commented 2 years ago

Hi, should be available from 10.0.23. Thank you

lprat commented 2 years ago

Sorry ! It's fixed! Thanks