|
Maresware Programs T through Z
Includes:
Total /
Touch /
Truetime /
U_to_A /
Unique /
Unsplit /
Upcopy /
Url_Srch /
Verticle /
Vss /
X-Ways_metadata
All programs are command line programs.
Total
Total fields in a file
Be sure to check the help file for additional information about this program. Total performs several useful functions. Use it to: total fields in succeeding records which have the same sort key; total an entire file on one field; count occurrences of records containing the same sort key; total a common field throughout the entire file. Touch
Touch a file changing filetimes
Be sure to check the help file for additional information about this program. Touch actually called touchme.exe operates similar to the Linux touch program. It is designed to change the file date and times of a file(s) depending on the users input on the command line. Can change one or all of the MAC date/times to those specifiec by the user.
Truetime
Provides a way of correctly recording CMOS and real time
Be sure to check the help file for additional information about this program. This program will ask the operator to input correct date, time and timezone. Then it will obtain the current computer time as recorded in the CMOS setup, and echo the information to the screen. By redirecting (>) to an output file, the user can capture and record this for future reference. | View the html help file. |
U_TO_A
Convert Linux Text to DOS text, or DOS to Linux
Be sure to check the help file for additional information about this program. This program will take a text file that was created either on a Linux system or on a DOS system, and convert the carriage returns to the other operating system format. Linux carriage returns are 0x0a, and DOS are 0x0d0x0a. | View the html help file. |
Unique
Eliminate duplicate records in a file
Be sure to check the help file for additional information about this program. This program will take a sorted input file and copy records to the output for which it finds a unique occurrence of the sort key. The program passes the input file, and when it finds a new/unique sort key in a record it copies that record to the output, and disregards all subsequent records that contain that same sort key. Therefore, only a single record per sort key is copied to the output file.
Unsplit
Reverses operation of split
See the Maresware Split program.
Be sure to check the help file for additional information about this program.
| View the html help file. |
Upcopy
Performs an "intelligent" file COPY operation and is an excellent forensics and
eDiscovery file copy tool.
Be sure to check the help file for additional information about this program. Upcopy works a lot like ROBOCOPY and XCOPY except that is has many more options. And because it is a command line tool, it allows you to literally program its operation. Upcopy can copy entire paths (drives) from one location to another while maintaining tree structure and file attributes. You can specify specific file type, file ages, sizes, and files to exclude from the copy process. The 32 bit version also maintains long (>255 characters up to 32000 characters) filenames. Upcopy can perform hash of the files (source and destination), maintains ALL three source dates and can maintain the dates on destination directories, as well as maintaining (creating) empty directories. Upcopy (as of January 2009), can also process a mounted Shadow Copy File. See the FAQ page for some very unusual and unique things you can do with Upcopy.
| View the html help file. |
Url_Srch
Performs a "keyword" search of files (and image files) to find email addresses,
IP numbers and domain names.
The URL_SRCH program is designed to search files and produce a fixed length output record which contains the filename, location in the file, surrounding text, and the item itself. It can search for IP addresses (nnn.nnn.nnn.nnn), email addresses (dmares@dmares.com), and domain names (http://www.domain.xyz). By default it produces output containing all three format type hits. But with command line options it can look for any one type, two, or all three. Its output is similar to the strsrch program and it can delimit the fields for import to spreadsheets. It cannot be programmed to search for specific values. Although once the output is available, other means such as grep or the search program can eliminate eroneous items. Use the command: url_srch -? to get a list of all the available options.
Verticle
Converts tab delimeted records to multi line records
This program takes tab delimeted records in files like those exported from X-Ways export list and converts each record field to a seperate line by itself. Easier to import into a report rather than a spreasheet type layout.
Vss
Mounts Volume Shadow Copies as drive letters.
The VSS program is designed to allow you to mount as a drive letter, the Volume Shadow copy. By default it mounts a single drive letter. But has capability to mount more than one at the same time.
X-Ways Metadata
Takes a tab delimited X-Ways export and parses out a specified field from the metadata field.
The "Export List" processing executable name is
X-Ways_Meta_Processing.exe
This has two versions. The X-Ways exported metadata fields are actually a field which itself contains semi-colon (;) delimited fields. These fields are the individual items extracted from within the various files' metadata. Some important key fields might be the "Last Printed:" date, Exif, Digitized data, or other fields such as Author, Number of edits, etc. Loading this metadata field into Excel and trying to parse out a specific sub-field (Last Printed, etc), is a time consuming task. This program, will take the X-Ways tab delimited file, and parse the metadata field into its sub-fields, and create a new field containing the "user selected" sub-field. That new field can now easily be imported into Excel. When dealing with the X-Ways report.html file, the Metadata: item may contain many sub-fields which are either needed, or can be ignored. But viewing the Metadata field within the html report is cumbersome. The report version of this program, allows the user to select which sub-fields will be isolated and printed in the modified html output file. This program has been tried on Exif, Link, Office and email metadata. It appears to work consistantly along all the metadata items providing the metadata field is consistantly formatted as semi-colon delimited subfields. The one caveat is that X-Ways allows carriage returns to be embedded within this metadata field. Thus when importing the data file into Excel, these embedded carriage returns cause havoc with the Excel parsing process. With the latest version of this program, these embedded carriage returns are converted to spaces, thus eliminating a lot of the Excel parsing problems. As of April 2013, there is another X-Ways "filter" program called: X-Ways_ID.exe. The program is designed to take the "TAB" delimeted file created by X-ways "export list" operation and rename the files that were exported by X-Ways using the recover option. The renaming of each "recovered" file uses "user selected" fields within the export list to "add" items to the recovered filename. This additional item may be the Internal ID, or Evidence object field within the export list. Thus the renaming by adding a unique field to the filename may make a reviewers job of identifying the source of the file, a little easier. If you think you would like to test out this files capability to "rename" files, send me a request, and an explanation of what you expect it to accomplish. As of April 2013, I have created a batch file script which uses the sed.exe program, and the Maresware no_html program to convert the X-Ways copylog.html to a usable pipe (|) delimited file which can be imported into Excel. Once in Excel, you can add another column with a sequential number, or other information for the reviewers needs.
|