The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets).
GNU Affero General Public License v3.0
44
stars
44
forks
source link
Create Windows 11 Program Compatibility Assistant plugin #609
Original post:
Program Compatibility Assistant is supposedly a new artefact introduced in Windows 11 pro 2h22. Contains evidence of execution of binaries. Really nice to have as an additional plugin for investigators and IOC checks.
More research could done on our end to figure out the nitty gritty. But an initial implementation would be a nice to have
Partial support was added in https://github.com/fox-it/dissect.target/pull/120 remaining artefacts mentioned in https://github.com/fox-it/dissect.target/issues/119 are still to be implemented.
Original post: Program Compatibility Assistant is supposedly a new artefact introduced in Windows 11 pro 2h22. Contains evidence of execution of binaries. Really nice to have as an additional plugin for investigators and IOC checks.
More research could done on our end to figure out the nitty gritty. But an initial implementation would be a nice to have
source: https://aboutdfir.com/new-windows-11-pro-22h2-evidence-of-execution-artifact/