The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets).
There are too many registry paths at which you can run something in Windows. Some are already in generic.py, but maybe it's a good idea to just create a autoruns.py which houses most of those. Maybe a utility function to easily add a new function, because it could still be nice to have a separate callable function for some of those. If it's a namespace, you could also call the namespace and return everything.
There are too many registry paths at which you can run something in Windows. Some are already in generic.py, but maybe it's a good idea to just create a autoruns.py which houses most of those. Maybe a utility function to easily add a new function, because it could still be nice to have a separate callable function for some of those. If it's a namespace, you could also call the namespace and return everything.
hxxps://gist.github.com/GlebSukhodolskiy/0fc5fa5f482903064b448890db1eaf9d
DIS-176 as other reference.
Some suggestions: