2019-05-17

LECmd: Add NetworkPath column to CSV and json output that pulls
NetworkShareInfo.NetworkShareName out of the lnk file (if present)
Timeline Explorer: Handle new column in LECmd
RBCmd: Tweaked error handling when paths do not exist after searching
VSCMount: Updated VSC discovery method, improved timestamp resolution, updated
controls

2019-05-16
MFTECmd: Fix bodyfile output when using --bodyf

2019-05-15
JumpListExplorer: Control updates, add CTRL-R to Reload all jump lists

2019-05-14
MFTECmd: Fix for processing loose files when vss is not in use
EvtxECmd: Add --vss switch that finds and extracts evtx from all available VSCs on
drive letter specified by -f or -d. Note the same path is used when looking in
VSCs. Also added --dedupe which is ON by default
RECmd: Add --vss switch that finds and extracts Registry hives from all available
VSCs on drive letter specified by -f or -d. Note the same path is used when looking
in VSCs. Also added --dedupe which is ON by default
PECmd: Add --vss switch that finds and extracts prefetch hives from all available
VSCs on drive letter specified by -f or -d. Note the same path is used when looking
in VSCs. Also added --dedupe which is ON by default

2019-05-13
MFTECmd: Add --vss switch that finds and extracts data from all available VSCs on
drive letter specified by -f. Also added --dedupe which is OFF by default

2019-05-08
EvtxECmd: Added --sd and --ed for timestamp filtering. use the same format to pass
in strings as --dt

2019-05-06
Timeline Explorer: Handle Payload column in EvtxECmd CSV output

2019-05-04
RECmd: Honor datetime format when saving out plugin details in batch mode

2019-05-03
EvtxECmd: Add --pj switch to include event payload (only the payload) as json in
CSV export. it is ON by default.

2019-05-01
LECmd: Better json output, updated MAC vendor list, nuget
MFTECmd: Better json output, nuget

2019-04-30
EvtxECmd: New maps

2019-04-29
EvtxECmd: For json, use ISO8601 format

2019-04-28
SBE: Fix SBECmd not liking relative paths in some cases, updated controls

2019-04-27
Timeline Explorer: More screen real estate, more search options, consolidated
search interface, support for EvtxECmd CSV output

2019-04-26
EvtxECmd: Added maps, make timestamp in CSV show up with full sub-second precision

2019-04-26
EvtxECmd: Beta release

2019-04-10
MFTECmd: Handle case where --csv .\foo is used vs using full path

2019-04-02
Registry Explorer: New plugin for Taskband, updated controls

2019-03-28
LECmd, JLECmd, JumpList Explorer: Updated Property store GUID/ID pairings (thanks
David Via!), improved Guid to folder lookups, nuget updates

2019-03-27
AmcacheParser: fix issue with Shortcuts key in new format when value is missing,
nuget updates, add --debug and --trace switches

2019-03-24
MFTECmd: Swap out --vl switch for --debug and --trace, fix for rare issue when
reading USN to find starting point where the data actually starts

2019-03-18
MFTECmd: Fix issue with --de complaining about destination path

2019-03-16
Registry Explorer: Updated controls, more batch mode examples for RECmd
Get-ZimmermanTools.ps1: Add missing period

2019-03-15
ShellBags Explorer: Fix issue with csv exports, updated controls, new guids

2019-03-04
MFTECmd: Handle case where a file with same name as directory being created already
exists
bstrings: Add crypto wallet regex patterns

2019-03-13
PECmd: Add initial support for new Windows 10 prefetch format
AppCompatCacheParser: Handle locked files to include LOG files
AmcacheParser: More properties from different keys

2019-03-11
MFTECmd: Verify drive letter exists for --csv, --json, etc before running. Show
more details about MFT processed (FILE record count, size) when running

2019-03-09
MFTECmd: MUCH improved handling of giant files, locked or otherwise

2019-03-08
Timeline Explorer: In FLS timelines, treat the meta column as a number for sorting
purposes
bstrings: Handle \ at end of -o as it expects a FILE, not a directory
2019-03-06
EZViewer: Fix issue with not showing PDFs

2019-03-04
MFTECmd: Handle missing time in extended EA

2019-03-03
EZViewer:Add Extensions.yaml which lets end user control which extenions get opened
by which viewer.

2019-02-28
Get-ZimmermanTools.ps1: Add -UseBasicParsing to all Invoke-WebRequest calls
RegistryExplorer: RECmd batch mode matching rewritten. Much faster and more
accurate. GUI tweaks in Registry Explorer
MFTECmd: Dependencies and handle some input errors
ShellBags Explorer: control update, nuget, some new GUIDs
bstrings: Tweak input validation

2019-02-26
SBDExplorer: Updated controls, File | Open set to CTRL-o
Timeline Explorer: File | Open set to CTRL-o, Add Option to tontrol if headers are
copied to clipboard on CTRL-C (See Tools menu)
Registry Explorer: File | Open set to CTRL-o
ShellBags Explorer: File | Open set to CTRL-o
JumpList Explorer: File | Open set to CTRL-o
EZViewer: File | Open set to CTRL-o

2019-02-23
LECmd: Update shell item
Registry Explorer: Show RegMultiSz values split up, one string on a line, vs all on
one
Jumplist Explorer: Lnk dependency bump
JLECmd: Lnk dependency bump

2019-02-21
bstrings: relative path tweak, nuget, and fody
EZViewer: Fix issue creating context menus in Explorer

2019-02-19
AmcacheParser: Handle more value names, clean up errors with free records

2019-02-18
- PECmd: Recursive search fixes for permission issues.

2019-02-15
- RECmd: Use case-insensitive comparisons in batch mode

2019-02-09
- Timeline Explorer: Update to handle ($&*#^*&^%%$ column header changes in pescan,
nuget updates

2019-02-06
- EZViewer: Allow resizeing rows and columns in spreadsheets

2019-02-06
- EZViewer: Add options to add/remove context menu "Open with EZViewer" entry

2019-02-06
- EZViewer: Add Hex view that allows you to see the loaded file in a hex viewer.
Use button in lower right to load.

2019-02-05
- EZViewer: INITIAL RELEASE!! Standalone, zero dependency viewer
for .doc, .docx, .xls, .xlsx, .txt, .log, .rtf, .otd, .htm, .html, .mht, .csv,
and .pdf. Any non-supported files are shown in a hex editor (with data
interpreter!)

2019-02-04
- LECmd: Update to handle MTP devices better
- JLECmd: : Update to handle lnk files for MTP devices better. nuget updates
- Jumplist Explorer: : Update to handle lnk files for MTP devices better, nuget,
3rd party controls

2019-01-29
- MFTECmd: add jsonf and nuget

2019-01-28
- AppCompatCacheParser, AmcacheParser: nuget updates
- MFTECmd: Add --fls option (used in conjuction with --de) and 5 extended
attributes decoded
- LECmd: Better recursive searching when using -d option (faster, ignore reparse
points, etc) and nuget updates
- JLECmd: Better recursive searching when using -d option (faster, ignore reparse
points, etc) and nuget updates

2019-01-25
- AppCompatCacheParser: Fix bug related to reading offline hive on SAMBA share

2019-01-24
- Registry Explorer: Fix bug when opening offline hives and not prompting for LOG
files
- RBCmd: When a directory is deleted, show all child files in output vs just top
level directory

case ".DOC":
case ".DOCX":
case ".TXT":
case ".RTF":
case ".ODT":
case ".LOG":
case ".HTM":
case ".HTML":
case ".MHT":
case ".XLS":
case ".XLSX":
case ".CSV":
case ".PDF":