EZ Tools Manuals
EZ Tools Manuals
About the Book
The official manual for Eric Zimmerman's Tools. Please watch the the book's GitHub repository to stay updated on the development of this manual! Any suggestions for improvement are welcomed on GitHub!
Table of Contents
- Enabling Update Notifications on Leanpub
-
Introduction to EZ Tools
- What are EZ Tools?
- Download EZ Tools
- CLI vs GUI
- .NET 4 vs .NET 6 EZ Tools
- What is this book?
- Mastering EZ Tools
- Content by Eric Zimmerman
- Content by the DFIR Community about EZ Tools
-
EZ Tools - Common Switches
- Common Switches
-
EZ Tools - PowerShell vs CMD
- Common Scenarios
- EZ Tools - CLI
-
AmcacheParser
- AmcacheParser Introduction
- AmcacheParser Switches
- AmcacheParser Command Examples
- AmcacheParser Output
- AmcacheParser Key Takeaways
- AmcacheParser References
-
AppCompatCacheParser
- AppCompatCacheParser Introduction
- AppCompatCacheParser Switches
- AppCompatCacheParser Command Examples
- AppCompatCacheParser Output
- AppCompatCacheParser Key Takeaways
- AppCompatCacheParser References
-
bstrings
- bstrings Introduction
- bstrings Switches
- bstrings Command Examples
- bstrings References
-
EvtxECmd
- EvtxECmd Introduction
- EvtxECmd Switches
- EvtxECmd Command Examples
- EvtxECmd Output
- EvtxECmd Key Takeaways
- EvtxECmd References
-
IISGeoLocate
- IISGeoLocate Introduction
- IISGeoLocate Switches
- IISGeoLocate Output
- IISGeoLocate References
-
JLECmd
- JLECmd Introduction
- JLECmd Switches
- JLECmd Command Examples
- JLECmd Output
- JLECmd Sample Output
- JLECmd Key Takeaways
- JLECmd References
-
LECmd
- LECmd Introduction
- LECmd Switches
- LECmd Command Examples
- LECmd Sample Output
- LECmd Output
- LECmd Key Takeaways
- LECmd References
-
MFTECmd
- MFTECmd Introduction
- File Types Parsed by MFTECmd
- MFTECmd Switches
- MFTECmd Command Examples
- MFTECmd Output
- MFTECmd References
-
PECmd
- PECmd Introduction
- PECmd Switches
- PECmd Command Examples
- PECmd Output
- PECmd Key Takeaways
- PECmd References
-
RBCmd
- RBCmd Introduction
- RBCmd Switches
- RBCmd Command Examples
- RBCmd Output
- RBCmd Key Takeaways
- RBCmd References
-
RecentFileCacheParser
- RecentFileCacheParser Introduction
- RecentFileCacheParser Switches
- RecentFileCacheParser Command Examples
- RecentFileCacheParser Output
- RecentFileCacheParser References
-
RECmd
- RECmd Introduction
- RECmd Switches
- RECmd Command Examples
- RECmd Output
- RECmd References
-
RLA
- RLA Introduction
- RLA Switches
- RLA Command Examples
- RLA References
-
SBECmd
- SBECmd Introduction
- SBECmd Switches
- SBECmd Command Examples
- SBECmd Output
- SBECmd Key Takeaways
- SBECmd References
-
SQLECmd
- SQLECmd Introduction
- SQLECmd Switches
- SQLECmd Command Examples
- SQLECmd References
-
SrumECmd
- SrumECmd Introduction
- SrumECmd Switches
- SrumECmd Command Examples
- SrumECmd Output
- SrumECmd Sample Data
- SrumECmd References
-
SumECmd
- SumECmd Introduction
- SumECmd Switches
- SumECmd Command Examples
- SumECmd Output
- SumECmd References
-
VSCMount
- VSCMount Introduction
- VSCMount Switches
- VSCMount Command Examples
- VSCMount References
-
WxTCmd
- WxTCmd Introduction
- WxTCmd Switches
- WxTCmd Command Examples
- WxTCmd Output
- WxTCmd Key Takeaways
- WxTCmd References
- EZ Tools - GUI
-
EZViewer
- EZViewer Introduction
- EZViewer Screenshot
- EZViewer Key Takeaways
- EZViewer References
-
Hasher
- Hasher Introduction
- Hasher Screenshot
- Hasher Features
- Hasher References
-
JumpList Explorer
- JumpList Explorer Introduction
- JumpList Explorer Functionality
- JumpList Explorer References
-
MFT Explorer
- MFT Explorer Introduction
- MFT Explorer Features
- MFT Explorer References
-
Registry Explorer
- Registry Explorer Introduction
- RECmd
- Version changes
-
SDB Explorer
- SDB Explorer Introduction
- SDB Explorer References
-
Shellbags Explorer
- Requirements
- What are ShellBags?
- ShellBags location in the registry
- Using RegEdit to view ShellBag data
- Why another ShellBags program?
- ShellBagsExplorer.exe
- Menus
- Workflow overview
- SBECmd.exe
- General usage tips and tricks
- Version changes
-
TimeApp
- TimeApp Introduction
- TimeApp Screenshots
- TimeApp References
-
Timeline Explorer
- Timeline Explorer Introduction
- Timeline Explorer Features
- Timeline Explorer Settings
- Timeline Explorer Layout Files
- Timeline Explorer Plugins
- Timeline Explorer References
-
XWFIM
- Using XWFIM
- XWFIM References
-
Errata
- Reporting Errata
The Leanpub 60 Day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.
You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!
So, there's no reason not to click the Add to Cart button, is there?
See full terms...
Earn $8 on a $10 Purchase, and $16 on a $20 Purchase
We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earnedover $13 millionwriting, publishing and selling on Leanpub.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them