This repo contain report templates for the FRED forensics tool found at https://www.pinguin.lu/fred.

NOTE These report templates are developed for the Windows version. It seems that there are a few differences between Windows and Linux and though I have tried to make some provisions of hitting both targets but a few minor issues may appear. Overall, however, the templates work on both targets.

For now, following report templates are available:

• SAM_Accounts.qs - List user accounts and group memberships (From the SAM hive).
• SAM_AccountsCompact.qs - Compact list of user accounts and group memberships (From the SAM hive).
• SAM_Groups.qs - List group information (From the SAM hive).
• SOFTWARE_OSVersion.qs - List OS information (From the SOFTWARE hive).
• SOFTWARE_InstalledApplications.qs - List current installed application.
• SOFTWARE_UninstalledApplications.qs - List known uninstalled application.
• SYSTEM_MountedDevices.qs - List the devices mounted.
• SYSTEM_UsbDevices.qs - List the USB devices attached (work in progress).

The script are simply copyied to the report_template directory and FRED is re-started.

Windows: Default installation path is C:\Program Files (x86)\fred\

Linux: Default installation path is /usr/share/fred User specific templates in ~/.fred/report_templates