scudette
commented
2 years ago This is a duplicate of #319
Open mgreen27 opened 2 years ago
scudette
commented
2 years ago This is a duplicate of #319
H3kc
commented
2 years ago This is a duplicate of #319
We would like a VQL native EVTX carver.
Scan logical disk using yara for file type headers. Extract bytes and use binary parser for parsing out records/part records.
Windows.Carving.USN is a similar example.