source: releases/0.4.0/bin/reglookup-timeline @ 296

Last change on this file since 296 was 91, checked in by tim, 17 years ago

added documentation for reglookup-timeline's -H option.

  • Property svn:executable set to *
  • Property svn:keywords set to Id
File size: 1.3 KB
Line 
1#!/bin/sh
2
3# This script is a wrapper for reglookup, and reads one or more registry
4# files to produce an MTIME sorted output.  This is helpful when building
5# timelines for investigations.
6#
7# Copyright (C) 2005-2007 Timothy D. Morgan
8#
9# This program is free software; you can redistribute it and/or modify
10# it under the terms of the GNU General Public License as published by
11# the Free Software Foundation; version 2 of the License.
12#
13# This program is distributed in the hope that it will be useful,
14# but WITHOUT ANY WARRANTY; without even the implied warranty of
15# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16# GNU General Public License for more details.
17#
18# You should have received a copy of the GNU General Public License
19# along with this program; if not, write to the Free Software
20# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 
21#
22# $Id: reglookup-timeline 91 2007-03-28 19:26:37Z tim $
23
24
25usage()
26{
27  echo "Usage: $0 [-H] <REGISTRY_FILE> [<REGISTRY_FILE> ...]" 1>&2
28  echo "   -H  Omit header line" 1>&2
29}
30
31if [ $# -eq 0 ]; then
32  usage
33  echo "ERROR: requires at least one parameter" 1>&2
34  exit 1
35fi
36
37PRINT_HEADER=true
38if [ "$1" = "-H" ]; then
39  PRINT_HEADER=false
40  shift
41fi
42
43if [ "$PRINT_HEADER" = "true" ]; then
44  echo "MTIME,FILE,PATH"
45fi
46
47for F in $@; do
48  reglookup -t KEY -H "$F" | awk -F',' '{ printf "%s,'"$F"',%s\n",$4,$1; }'
49done | sort
Note: See TracBrowser for help on using the repository browser.