search

evild3ad / MemProcFS-Analyzer

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
https://lethal-forensics.com
GNU General Public License v3.0
462 stars 53 forks source link

RECmd .reb file missing. #8

Closed antmar904 closed 3 years ago

antmar904 commented 3 years ago

RECmd version 1.6.0.0

Author: Eric Zimmerman (saericzimmerman@gmail.com) https://github.com/EricZimmerman/RECmd

Note: Enclose all strings containing spaces (and all RegEx) with double quotes

Command line: -d E:\MemProcFS-Analyzer-v0.2\2021-06-19T115429-complete\Registry\Registry --bn E:\MemProcFS-Analyzer-v0.2\Tools\RECmd_BatchFiles\RegistryASEPs.reb --csv E:\MemProcFS-Analyzer-v0.2\2021-06-19T115429-complete\Registry\RegistryASEPs\CSV --csvf RegistryASEPs.csv

Batch file 'E:\MemProcFS-Analyzer-v0.2\Tools\RECmd_BatchFiles\RegistryASEPs.reb' does not exist.

evild3ad commented 3 years ago

You need to download the newest release, so that "RECmd_BatchFiles" directory exists in your "Tools" directory. https://github.com/evild3ad/MemProcFS-Analyzer/releases

antmar904 commented 3 years ago

ah. I was using v0.3 but just copied the ps script. thank you