source: trunk/bin/reglookup-timeline @ 63

Last change on this file since 63 was 62, checked in by tim, 18 years ago

Added initial version of reglookup-timeline

  • Property svn:executable set to *
  • Property svn:keywords set to Id
File size: 1.1 KB
Line 
1#!/bin/sh
2
3# This script is a wrapper for reglookup, and reads one or more registry
4# files to produce an MTIME sorted output.  This is helpful when building
5# timelines for investigations.
6#
7# Copyright (C) 2005-2006 Timothy D. Morgan
8#
9# This program is free software; you can redistribute it and/or modify
10# it under the terms of the GNU General Public License as published by
11# the Free Software Foundation; version 2 of the License.
12#
13# This program is distributed in the hope that it will be useful,
14# but WITHOUT ANY WARRANTY; without even the implied warranty of
15# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16# GNU General Public License for more details.
17#
18# You should have received a copy of the GNU General Public License
19# along with this program; if not, write to the Free Software
20# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 
21#
22# $Id: reglookup-timeline 62 2006-07-18 01:58:26Z tim $
23
24
25usage()
26{
27  echo "ERROR in usage"
28}
29
30if [ $# -eq 0 ]; then
31  usage
32  exit 1
33fi
34
35echo "MTIME,FILE,PATH"
36for F in $@; do
37  reglookup -t KEY -H "$F" | awk -F',' '{ printf "%s,'"$F"',%s\n",$4,$1; }'
38done | sort
Note: See TracBrowser for help on using the repository browser.