Matthew Seyer forensicmatt

## install-l2tbinaries-win64.py
import os
import requests
import tempfile
import subprocess
import json


def main():
    win64_request = requests.get("https://api.github.com/repos/log2timeline/l2tbinaries/contents/win64")
    contents = json.loads(win64_request.text)

## uninstall-all-python-things.ps1
Get-WmiObject -Query "SELECT * FROM Win32_Product WHERE Name LIKE '%Python%'" | ForEach-Object { $_.Uninstall() }

## decode_objfile.py
# Parse $O File
# Copyright Matthew Seyer 2018
# Apache License Version 2
#
# decode_objfile.py FILE [OUTPUT_TEMPLATE]
#
# Examples:
# Output JSON lines:
# python .\decode_objfile.py '$O'
#

## filetime_parsing.py
import struct
import datetime
import binascii

FILETIME = b"\x19\x81\xE5\xB2\x1F\xDB\xD3\x01"


class FileTime(datetime.datetime):
    """datetime.datetime object is immutable, so we will create a class to inherit
    datetime.datetime so we can set a custom nanosecond.
	import os
	import requests
	import tempfile
	import subprocess
	import json


	def main():
	win64_request = requests.get("https://api.github.com/repos/log2timeline/l2tbinaries/contents/win64")
	contents = json.loads(win64_request.text)
	# Parse $O File
	# Copyright Matthew Seyer 2018
	# Apache License Version 2
	#
	# decode_objfile.py FILE [OUTPUT_TEMPLATE]
	#
	# Examples:
	# Output JSON lines:
	# python .\decode_objfile.py '$O'
	#
	import struct
	import datetime
	import binascii

	FILETIME = b"\x19\x81\xE5\xB2\x1F\xDB\xD3\x01"


	class FileTime(datetime.datetime):
	"""datetime.datetime object is immutable, so we will create a class to inherit
	datetime.datetime so we can set a custom nanosecond.