aftermath and KnockKnock need chmod

[chipriley]

Great work! Just a note: in my experience just now, you have to run chmod +x on both the aftermath executable as well as the KnockKnock executable within the KnockKnock.app to get both to run. Not sure if you want to do that within the script or if you want to provide instructions for the user in the README.

Also, maybe clarify that the tool will place the output of the command wherever the tool is run from so that less technical/less DFIR folks can know to run it from a remote location or external device to reduce writing to the actual disk on the target endpoint?

Again, very helpful tool!

[evild3ad]

Thank you very much for your feedback!

I will see that I preserve the executable permissions via tar -p.

I will update the README.md and possibly add an option argument to choose the output directory in the near future.

[evild3ad]

Keep it simple ;-)