DoubleCommander

Appsv1.2

Author: Andrew Rathbun

description

Double Commander

paths

7 paths

› paths use Windows environment syntax

collection commands

source:

destination:

# PowerShell Artifact Collection Script
# Target: DoubleCommander
# Run as Administrator

#Requires -RunAsAdministrator

$ErrorActionPreference = "SilentlyContinue"
$DestBase = "D:\Evidence"

# Function to handle artifact collection with robocopy
function Collect-Artifact {
    param (
        [string]$SourceDir,
        [string]$FolderName,
        [string]$FileMask = "*"
    )
    $FullDest = Join-Path -Path $DestBase -ChildPath $FolderName
    robocopy "$SourceDir" "$FullDest" "$FileMask" /E /COPY:DAT /R:0 /W:0 /NP /NFL /NDL /NJH /NJS | Out-Null
}

# 1. Double Commander - history.xml
$UserPath = Join-Path $env:USERPROFILE "AppData\Roaming\doublecmd\"
Collect-Artifact -SourceDir "$UserPath" -FileMask "history.xml" -FolderName "Double_Commander___history_xml"

# 2. Double Commander - doublecmd.xml
$UserPath = Join-Path $env:USERPROFILE "AppData\Roaming\doublecmd\"
Collect-Artifact -SourceDir "$UserPath" -FileMask "doublecmd.xml" -FolderName "Double_Commander___doublecmd_xml"

# 3. Double Commander - FTP Log
$UserPath = Join-Path $env:USERPROFILE "AppData\Roaming\doublecmd\"
Collect-Artifact -SourceDir "$UserPath" -FileMask "doublecmd*.log" -FolderName "Double_Commander___FTP_Log"

# 4. Double Commander - multiarc.ini
$UserPath = Join-Path $env:USERPROFILE "AppData\Roaming\doublecmd\"
Collect-Artifact -SourceDir "$UserPath" -FileMask "multiarc.ini" -FolderName "Double_Commander___multiarc_ini"

# 5. Double Commander - session.ini
$UserPath = Join-Path $env:USERPROFILE "AppData\Roaming\doublecmd\"
Collect-Artifact -SourceDir "$UserPath" -FileMask "session.ini" -FolderName "Double_Commander___session_ini"

# 6. Double Commander - pixmaps.txt
$UserPath = Join-Path $env:USERPROFILE "AppData\Roaming\doublecmd\"
Collect-Artifact -SourceDir "$UserPath" -FileMask "pixmaps.txt" -FolderName "Double_Commander___pixmaps_txt"

# 7. Double Commander - shortcuts.scf
$UserPath = Join-Path $env:USERPROFILE "AppData\Roaming\doublecmd\"
Collect-Artifact -SourceDir "$UserPath" -FileMask "shortcuts.scf" -FolderName "Double_Commander___shortcuts_scf"

Write-Host "Collection complete!" -ForegroundColor Green

› Save as .ps1 and run as Administrator. Use: powershell -ExecutionPolicy Bypass -File script.ps1