Leanpub Header

Skip to main content
Go to Leanpub.comLeanpub

EZ Tools Manuals

Andrew Rathbun and Eric Zimmerman

Eric Zimmerman's Tools are free, open-source, and widely taught around the world. This is the official manual for all of his command line and GUI tools.

Minimum price

Free!

$35.00

You pay

$35.00

Authors earn

$28.00
$

...Or Buy With Credits!

You can get credits monthly with a Reader Membership
PDF
EPUB
WEB
4,208
Readers
378
Pages
46,548Words
About

About

About the Book

The official manual for Eric Zimmerman's Tools. Please watch the the book's GitHub repository to stay updated on the development of this manual! Any suggestions for improvement are welcomed on GitHub!

Share this book

Categories

Digital Forensics

Feedback

Email the Authors

Author

About the Authors

Andrew Rathbun

Andrew Rathbun is a DFIR professional with multiple years of experience in law enforcement (sworn and civilian) and the private sector. Andrew is involved in multiple community projects, including but not limited to: the Digital Forensics Discord Server and multiple GitHub repositories.

Leanpub Podcast

Episode 241

An Interview with Andrew Rathbun

Eric Zimmerman

Eric Zimmerman is a former FBI Special Agent and C# developer of various open source, forensic tools targeting Windows host based artifacts. Eric is a certified SANS instructor and co-author of FOR498.

Contents

Table of Contents

Enabling Update Notifications on Leanpub

Introduction to EZ Tools

  1. What are EZ Tools?
  2. Download EZ Tools
  3. CLI vs GUI
  4. .NET 4 vs .NET 6 EZ Tools
  5. What is this book?
  6. Mastering EZ Tools
  7. Content by Eric Zimmerman
  8. Content by the DFIR Community about EZ Tools

EZ Tools - Common Switches

  1. Common Switches

EZ Tools - PowerShell vs CMD

  1. Common Scenarios

EZ Tools - CLI

AmcacheParser

  1. AmcacheParser Introduction
  2. AmcacheParser Switches
  3. AmcacheParser Command Examples
  4. AmcacheParser Output
  5. AmcacheParser Key Takeaways
  6. AmcacheParser References

AppCompatCacheParser

  1. AppCompatCacheParser Introduction
  2. AppCompatCacheParser Switches
  3. AppCompatCacheParser Command Examples
  4. AppCompatCacheParser Output
  5. AppCompatCacheParser Key Takeaways
  6. AppCompatCacheParser References

bstrings

  1. bstrings Introduction
  2. bstrings Switches
  3. bstrings Command Examples
  4. bstrings References

EvtxECmd

  1. EvtxECmd Introduction
  2. EvtxECmd Switches
  3. EvtxECmd Command Examples
  4. EvtxECmd Output
  5. EvtxECmd Key Takeaways
  6. EvtxECmd References

IISGeoLocate

  1. IISGeoLocate Introduction
  2. IISGeoLocate Switches
  3. IISGeoLocate Output
  4. IISGeoLocate References

JLECmd

  1. JLECmd Introduction
  2. JLECmd Switches
  3. JLECmd Command Examples
  4. JLECmd Output
  5. JLECmd Sample Output
  6. JLECmd Key Takeaways
  7. JLECmd References

LECmd

  1. LECmd Introduction
  2. LECmd Switches
  3. LECmd Command Examples
  4. LECmd Sample Output
  5. LECmd Output
  6. LECmd Key Takeaways
  7. LECmd References

MFTECmd

  1. MFTECmd Introduction
  2. File Types Parsed by MFTECmd
  3. MFTECmd Switches
  4. MFTECmd Command Examples
  5. MFTECmd Output
  6. MFTECmd References

PECmd

  1. PECmd Introduction
  2. PECmd Switches
  3. PECmd Command Examples
  4. PECmd Output
  5. PECmd Key Takeaways
  6. PECmd References

RBCmd

  1. RBCmd Introduction
  2. RBCmd Switches
  3. RBCmd Command Examples
  4. RBCmd Output
  5. RBCmd Key Takeaways
  6. RBCmd References

RecentFileCacheParser

  1. RecentFileCacheParser Introduction
  2. RecentFileCacheParser Switches
  3. RecentFileCacheParser Command Examples
  4. RecentFileCacheParser Output
  5. RecentFileCacheParser References

RECmd

  1. RECmd Introduction
  2. RECmd Switches
  3. RECmd Command Examples
  4. RECmd Output
  5. RECmd References

RLA

  1. RLA Introduction
  2. RLA Switches
  3. RLA Command Examples
  4. RLA References

SBECmd

  1. SBECmd Introduction
  2. SBECmd Switches
  3. SBECmd Command Examples
  4. SBECmd Output
  5. SBECmd Key Takeaways
  6. SBECmd References

SQLECmd

  1. SQLECmd Introduction
  2. SQLECmd Switches
  3. SQLECmd Command Examples
  4. SQLECmd References

SrumECmd

  1. SrumECmd Introduction
  2. SrumECmd Switches
  3. SrumECmd Command Examples
  4. SrumECmd Output
  5. SrumECmd Sample Data
  6. SrumECmd References

SumECmd

  1. SumECmd Introduction
  2. SumECmd Switches
  3. SumECmd Command Examples
  4. SumECmd Output
  5. SumECmd References

VSCMount

  1. VSCMount Introduction
  2. VSCMount Switches
  3. VSCMount Command Examples
  4. VSCMount References

WxTCmd

  1. WxTCmd Introduction
  2. WxTCmd Switches
  3. WxTCmd Command Examples
  4. WxTCmd Output
  5. WxTCmd Key Takeaways
  6. WxTCmd References

EZ Tools - GUI

EZViewer

  1. EZViewer Introduction
  2. EZViewer Screenshot
  3. EZViewer Key Takeaways
  4. EZViewer References

Hasher

  1. Hasher Introduction
  2. Hasher Screenshot
  3. Hasher Features
  4. Hasher References

JumpList Explorer

  1. JumpList Explorer Introduction
  2. JumpList Explorer Functionality
  3. JumpList Explorer References

MFT Explorer

  1. MFT Explorer Introduction
  2. MFT Explorer Features
  3. MFT Explorer References

Registry Explorer

  1. Registry Explorer Introduction
  2. RECmd
  3. Version changes

SDB Explorer

  1. SDB Explorer Introduction
  2. SDB Explorer References

Shellbags Explorer

  1. Requirements
  2. What are ShellBags?
  3. ShellBags location in the registry
  4. Using RegEdit to view ShellBag data
  5. Why another ShellBags program?
  6. ShellBagsExplorer.exe
  7. Menus
  8. Workflow overview
  9. SBECmd.exe
  10. General usage tips and tricks
  11. Version changes

TimeApp

  1. TimeApp Introduction
  2. TimeApp Screenshots
  3. TimeApp References

Timeline Explorer

  1. Timeline Explorer Introduction
  2. Timeline Explorer Features
  3. Timeline Explorer Settings
  4. Timeline Explorer Layout Files
  5. Timeline Explorer Plugins
  6. Timeline Explorer References

XWFIM

  1. Using XWFIM
  2. XWFIM References

Errata

  1. Reporting Errata

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $14 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub