This repo contain report templates for the FRED forensics tool found at https://www.pinguin.lu/fred.
NOTE These report templates are developed for the Windows version. It seems that there are a few differences between Windows and Linux and though I have tried to make some provisions of hitting both targets but a few minor issues may appear. Overall, however, the templates work on both targets.
For now, following report templates are available:
- SAM_Accounts.qs - List user accounts and group memberships (From the SAM hive).
- SAM_AccountsCompact.qs - Compact list of user accounts and group memberships (From the SAM hive).
- SAM_Groups.qs - List group information (From the SAM hive).
- SOFTWARE_OSVersion.qs - List OS information (From the SOFTWARE hive).
- SOFTWARE_InstalledApplications.qs - List current installed application.
- SOFTWARE_UninstalledApplications.qs - List known uninstalled application.
- SYSTEM_MountedDevices.qs - List the devices mounted.
- SYSTEM_UsbDevices.qs - List the USB devices attached (work in progress).
The script are simply copyied to the report_template directory and FRED is re-started.
Windows: Default installation path is C:\Program Files (x86)\fred\
Linux: Default installation path is /usr/share/fred User specific templates in ~/.fred/report_templates