===============================================================
history.txt
===============================================================
Windows Forensic Toolchest(TM) (WFT) v3.0.08 (2014_03_16)
Copyright (C) 2003-2014 Monty McDougal. All rights reserved.
URL: http://www.foolmoon.net/security/
EMAIL: wft(at)foolmoon(dot)net
===============================================================
===============================================================
HISTORY
===============================================================
WFT v3.0.08 (2014_03_16)
-- Maintenance release for v3.0.07 expiration.
-- Removing expiration code.
-- Updated copyright in license.

WFT v3.0.07 (2012_09_05)
-- Maintenance release for v3.0.06 expiration.
-- Updated copyright in license.

WFT v3.0.06 (2011_09_17)
-- Maintenance release for v3.0.05 expiration.
-- Updated issues with info on modern OSes.
-- Updated the quickstart guide.
-- Fixed broken -fetchtools urls.
-- Updated checksums for new tool versions.
-- Updated config file urls.
-- Updated copyright in license.

WFT v3.0.05 (2010_07_11)
-- Maintenance release for v3.0.04 expiration.
-- Minor updates to the registration code.

WFT v3.0.04 (2009_07_02)
-- Maintenance release for v3.0.03 expiration.
-- Removed all expirations from registered versions.
-- The -fetchtools option is now only available to
   registered users.
-- Fixed broken -fetchtools urls.
-- The -update option is also now registered only.
-- Updated checksums for new tool versions.
-- Updated config file urls.
-- Updated copyright in license.

WFT v3.0.03 (2008_07_03)
-- Maintenance release for v3.0.01 expiration.
-- Removed bug stopping updates if time was expired.
-- Temporarily removed new fmTools binaries.

WFT v3.0.02 (2008_06_15)
-- Added BETA support for Vista/2003 in config and binary.
-- Added -fetchtools support for Helix 1.9 cd.
-- Added /accepteula hack for psservice.
-- Cleaned up minor errors in config file.
-- Fixed error in -genreport argument parsing.
-- This version was not released publically.

WFT v3.0.01 (2007_06_03)
-- Corrected typo in interactive mode.
-- Updated security resources page.
-- Added registry hack for all sysinternals tools and removed
   the /accepteula arguments within the config file.
-- Altered unzip code in -fetchtools to only run if file was
   downloaded sucessfully.
-- Retired psuptime since it is included in psinfo.
-- Replaced mac.exe Harlan gave me with the older one because
   there seems to be a bug in the new one.
-- Made prompt mode OS-aware to remove double prompting.
-- Altered interactive defaults for -cfg and -reg so it does
   not include full paths.
-- Added 'HOST' as status value for host binaries.

WFT v3.0.00 (2007_05_28)
-- First offical release of the v3.0.xx code base.
-- WFT is no longer donationware.  Unfortunately, that model
   did not work out.  The 3 people who gave donations will be
   given free WFT commercial licenses.  Please read the new 
   license carefully to ensure compliance with the new license
   terms.  Commercial license are available from the WFT website
   http://www.foolmoon.net/security/
-- Added config file hacks for pulist and dd on 2k3.
-- Fixed error in help screen.
-- Added registry hack for listdlls, handle, rootkitrevealer, and
   ntfsinfo which do not support /accepteula.
-- Updated config file and download links for microsoft and
   sysinternal tools.
-- Added support to -fetchtools to also read from helix/wft CDs.
-- Made all tool output write-enabled (fixes dd read-only issue).
-- Added support for registration modes.
-- Fixed error in -genreport where missing help file would
   cause the -genreport option to error out
-- Added -reg option to specify alternate registration file.
-- Added "none" hash.
-- Added "schtasks" as suggested by Jason DePriest.
-- Added "pstoreview" as suggested by Jason DePriest.
-- Added "gpresult" as suggested by Don Murdoch.
-- Added "tasklist" as suggested by Don Murdoch.

WFT v3.0.B1 (2007_04_18)
-- First "private" BETA release of the v3.0.xx code base made
   available to select WFT users.  Registration code is disabled
   in this BETA release.  Beta will expire 2007_06_01.
-- Added -update to perform automated WFT updates.
-- Added -fetchtools to download missing tools from the internet.
-- Revamped the web and console interfaces.  The most notable
   changes are graphics for the HTML and colorized consoles.
-- Added new "interactive mode" interface which is invoked
   by the -interactive argument or when WFT has no arguments.
   People that dislike DOS will be interested in this.  It
   can also be disabled via -nointeractive.
-- Added custom defaults "-def" capability which work in either
   interactive or command-line run modes.
-- Add new -nodefault to override above.
-- Added new -genreport option to handle offline report
   generation using the new xml file produced at run-time.
-- Changed config file structure to include directories.
-- Added new <%os%> macro, and 'O' action to support smart OS
   selection and config file parsing (essentially provides for
   dynamic morphing of config file based on OS).
-- Added new 'I' action to provide info to the user at execution.
-- Made several config file improvements and added a few tools. I
   will be adding additional tools before the official release.
-- Added SHA1 support including -sha1, -hash, and -wfthash.
-- Added -browser option to launch report on run completion.
-- Added new tools page to indicate the source of all tools
   invoked by WFT including the new 'T' action.
-- Added -prunetools -noprunetools to remove tools from non-used
   os lines.
-- Added report, slow, and write as options to override defaults.
-- Moved security resources to a dedicated page.
-- Created a new help page.
-- Modified -fixcfg to support the new hash format.
-- Added -checkcfg to verify cfg file format.
-- Added new wft_hash report which contains all hashes for
   reports output in a easy to read format.
-- Fixed bug in auto directory creation code.
-- Added new -color and -nocolor options to control colors.
-- Added warning for any missing EXEs in -fixcfg.
-- Fixed bug in banner display code when not in main WFT code.
-- Changed <%date%> format to YYYY_MM_DD for macro expansions.
-- Removed the non-existent wft_log.htm checksum error. 
-- Added username to report footers.
-- Added code to -drive option to verify specified drives exist.
-- Added code to detect multiply defined drives.
-- Added code to auto detect fixed disks via 'auto' -drive.
-- Added new option -name which adds name to report footers
   so there is a record of who ran the report (if specified).
-- Added new option -case which adds case info for reports
   so there is a record in the report (if specified).
-- Added -license option to display WFT license.
-- Added -about option to display info about WFT.
-- Corrected minor error in config file pointed out by Don
   Murdoch.
-- Added potential bug fix for previous issue where dd would
   crash on some systems as suggested by Drew Fahey.  I was
   never able to duplicate this crash myself but several people
   reported they had problems with this on some systems.
-- Fixed output filename for dd.
-- Added additional error checking to configuration file parsing
   algorithm in an attempt to detect double TAB delineators.
-- Updated the config file to make it current as of this release.
-- Several documentation cleanups and updates to reflect claimed
   trademarks and updated license / copyrights.

WFT v2.0.00 (2005_05_14)
-- Added a couple new tools.  Attempts to acquire distribution
   permission for Sysinternals tools failed.  Looks like users
   will still have to download tools. 8^(  I know better than
   to even waste my time to ask Microsoft for permission.
-- Corrected errors in config file pointed out by Doug.
-- Cleaned up the documentation.
-- Add proper acknowledgements to those who helped improve WFT.
-- All command line arguments now parsed prior to execution of
   -fixcfg argument so -toolpath argument is now usable.
-- Removed 60-day expiration limitation in Beta versions.
-- WFT is now officially "donationware".  If you find WFT useful
   and would like to support it's development please contribute.
-- WFT v2.0.00 is now officially released!  I hope users find
   it worthy.  Please let me know if you have any problems.

WFT v2.0.B5 (2005_05_01)
-- First "public" BETA release following SANS 2005 BOF
   presentation (which is now available via my website).
-- BETA versions will expire 60 days from date released.
-- Complete from the ground rewrite of WFT to optimize code.
-- Made additional changes to the WFT documentation and license
   to make things more clear based on previous questions.
-- Added -toolpath command line option to specify the base
   path tool the location of all WFT invoked tools.
-- Added -fixcfg command line option to update config files.
-- Added support for new macros in the config file (see the
   wft.cfg file for documentation on the new macros available).
-- Added -drive command line argument to specify drives to be
   used when the <%drive%> macro is expanded.
-- Now writes output out to 'txt' and 'html' directories.
-- Now creates any missing directories.
-- Now escapes HTML characters in output where appropriate.
-- Removed requirement to verify cmd.exe before running to make
   WFT more useful for those using it for auditing purposes.
-- Updated config file incorporating new tools and suggestions
   made by WFT users.  There may be a few updates in this area
   before the official 2.0 release is made.

WFT v2.0.B2 (2005_04_01)
-- First "private" BETA release(s) made available to a few
   people who have supported WFT in the past.
-- Significant rewrite of the v1.0.xx core.

WFT v1.0.03 (2003_09_20)
-- Made the MD5 checksums in the configuration file case 
   insensitive.

WFT v1.0.02 (2003.09.18)
-- Renamed "Toolkit" to "Toolchest" in the tool's name to make
   the folks at AccessData happy.
-- Added required validation check of wft.exe to ensure WFT
   is ok as well as the tools it is invoking.
-- Added printing of log MD5 checksums to stdout so that the
   log integrity can be verified later if they are recorded.
-- Added anti-spam encoding to email address.
-- Started GnuPG signing releases so their integrity can be
   checked.

WFT v1.0.01 (2003_08_25)
-- Initial version of tool released in conjunction with my SANS 
   GCFA practical assignment.

===============================================================
===============================================================
KNOWN ISSUES WITH CURRENT VERSION
===============================================================
I have not updated the config files for recent OSes.

It was always intended this is something the user would do.

The one provided with WFT is meant to be an example for customization.

===============================================================
