source: releases/0.3.0/bin/reglookup-timeline @ 285

Last change on this file since 285 was 68, checked in by tim, 18 years ago

added usage printout to reglookup-timeline

cut left over unused junk from smb_deps.h

  • Property svn:executable set to *
  • Property svn:keywords set to Id
File size: 1.2 KB
Line 
1#!/bin/sh
2
3# This script is a wrapper for reglookup, and reads one or more registry
4# files to produce an MTIME sorted output.  This is helpful when building
5# timelines for investigations.
6#
7# Copyright (C) 2005-2006 Timothy D. Morgan
8#
9# This program is free software; you can redistribute it and/or modify
10# it under the terms of the GNU General Public License as published by
11# the Free Software Foundation; version 2 of the License.
12#
13# This program is distributed in the hope that it will be useful,
14# but WITHOUT ANY WARRANTY; without even the implied warranty of
15# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16# GNU General Public License for more details.
17#
18# You should have received a copy of the GNU General Public License
19# along with this program; if not, write to the Free Software
20# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 
21#
22# $Id: reglookup-timeline 68 2006-07-30 13:41:24Z tim $
23
24
25usage()
26{
27  echo "Usage: $0 <REGISTRY_FILE> [<REGISTRY_FILE> ...]" 1>&2
28}
29
30if [ $# -eq 0 ]; then
31  usage
32  echo "ERROR: requires at least one parameter" 1>&2
33  exit 1
34fi
35
36echo "MTIME,FILE,PATH"
37for F in $@; do
38  reglookup -t KEY -H "$F" | awk -F',' '{ printf "%s,'"$F"',%s\n",$4,$1; }'
39done | sort
Note: See TracBrowser for help on using the repository browser.