-
Hi,
I would like create ORC config for extract ADS infos from all mounted NTFS, like this:
`
Get-Wmiobject -Class Win32_Logicaldisk | foreach-object {
$vol=$_.deviceID
if ($_.FileSyste…
lprat updated
4 years ago
-
https://attack.mitre.org/techniques/T1038/
and
https://attack.mitre.org/techniques/T1073/ (specifically see some of the APT group examples)
Also investigate: HKEY_LOCAL_MACHINE\SYSTEM\Cur…
ION28 updated
4 years ago
-
### Community Note
* Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the…
-
https://github.com/msuhanov/dfir_ntfs
-
All text copied from https://www.crowdstrike.com/blog/how-to-employ-featureusage-for-windows-10-taskbar-forensics/. My question is, would it be better to have one artifact for the whole key `FeatureUs…
-
I am trying to install SIFT and am getting this error. Please help.
>> Running: sift-config-tools
Update returned exit code not zero
Error: Update returned exit code not zero
at ChildProc…
-
**Context**
* Volatility Version: Volatility 3 Framework 1.0.0-beta.1 - 83ef338a6e35222ffabffd2c2cf4eb00436e270e
* Operating System: Debian GNU/Linux 10 (buster)
* Python Version: Python 3.7…
-
Hi,
Right now, `libcloudforensics` only supports credentials read from the `~/.aws/config` file.
Would you consider adding support for other sources ?
[This page](https://boto3.amazonaws.com/…
-
this arises from the Samsung Galaxy S5 Android v5 evidence in SANS DFIR NetWars 19.2, attached below, for your convenience:
[History.zip](https://github.com/abrignoni/ALEAPP/files/4663383/History.zip…
-
Currently radare2 relies on GPL-only code from GRUB for any of the "mount" commands (`m`). On the other hand, most users don't need this feature, moreover it uses quite outdated code (from GRUB).
My …