Description
Parses BagMRU keys from online or offline registry hives and displays them in an Explorer like interface.
| Platform | Windows |
| Author | Eric Zimmerman |
| License | MIT License |
| URL | https://ericzimmerman.github.io/#!index.md |
Usage
SBECmd version 1.4.0.0
Author: Eric Zimmerman (saericzimmerman@gmail.com)
https://github.com/EricZimmerman
d Directory to look for registry hives. This or -l is required
l Process live registry. This or -d is required
csv Directory to save output to. Required
dedupe When true, SBECmd processes all hives in -d <directory> and removes duplicates. See manual for details
dt Date/time format string to use. Default is 'yyyy-MM-dd HH:mm:ss'
tz Time zone to use (Default = UTC). Enclose in quotes. Use '--tz list' for options
nl When true, ignore transaction log files for dirty hives. Default is FALSE
Examples: SBECmd.exe -d c:\temp\hives --csv c:\temp\sbeout
SBECmd.exe -d c:\temp\hives --csv c:\temp\sbeout --tz "US Eastern Standard Time"
SBECmd.exe -d c:\temp\hives --csv c:\temp\sbeout --dedupe
Short options (single letter) are prefixed with a single dash. Long commands are prefixed with two dashesExamples
Blog Posts