Install Eric Zimmerman's forensics toolkit

Oct 4, 2023 by Thibault Debatty | 2474 views

Forensics Windows

https://cylab.be/blog/290/install-eric-zimmermans-forensics-toolkit

Eric Zimmerman has written a collection of powerful forensics analysis tools. The installation process requires some work, but here is a step by step guide to install the tools on a Windows 11 computer.

https://ericzimmerman.github.io/

There are actually 2 caveats for installation:

  1. You must first install .NET Desktop Runtime 6.0 and
  2. Eric Zimmerman has written a powershell script to download and update the tools, but to run the installation script you will first have to change PowerShell Execution policy

Install .NET Desktop Runtime 6.0

Download and install the latest version of .NET Desktop Runtime environment from

https://dotnet.microsoft.com/en-us/download/dotnet/6.0

Make sure you download the Desktop Runtime. It’s located on the right on the page, as illustrated below…

download-dot-net-6.png

Change PowerShell Execution Policy

To change the PowerShelle Execution Policy, open Windows PowerShell as Administrator.

run-powershell.png

Then type the following command, and hit Y to accept the change:

Set-ExecutionPolicy RemoteSigned

powershell-policy.png

Download and run installation script

Now you can download the installation script from

https://f001.backblazeb2.com/file/EricZimmermanTools/Get-ZimmermanTools.zip

Extract the ZIP archive, open the folder in a terminal, and execute the script with

.\Get-ZimmermanTools.ps1

When asked, you can accept to always execute the script (A):

eric-zimmerman-installation.png

The installer shows you the progress…

eric-zimmerman-progress.png

Usage

After download and installation, the tools will be available in the net6 directory, like the RegistryExplorer

registry-explorer.png

%PATH%

Some of the tools are actually command line tools, that are easier to use if their directory is added to the %PATH% environment variable. To modify your PATH:

  1. Open the Advanced System Settings

advanced-settings.png

  1. Click on the Environment variables button

environment-variables.png

  1. Select the Path variable and click on Edit

environemnt-variable-path.png

  1. Finally, add to the list the full path to Zimmerman’s tools directory

path.png

Troubleshooting

If, during installation, you get the error message running scripts is disabled on this system, it means you forgot to Change PowerShell Execution Policy

installation-error-running-scripts-disabled.png

This blog post is licensed under CC BY-SA 4.0

Elaborated new phishing method targeting Belgian people -- Part 1

Forensics Phishing Cyber-Wise

Dec 10, 2024 | 267 views
Dump the memory of a VirtualBox VM for Volatility3

Forensics

Dec 2, 2024 | 228 views
Install Autopsy on Linux and on the SIFT workstation

Forensics

Oct 16, 2024 | 403 views
This website uses cookies. More information about the use of cookies is available in the cookies policy.
Accept