search

fox-it / dissect.target

The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets).
GNU Affero General Public License v3.0
38 stars 42 forks source link

Add Windows Jumplist plugin #669

Open Zawadidone opened 3 months ago

Zawadidone commented 3 months ago 
target-query -t TARGET -f jumplist  --limit 1 | rdump -L
[reading from stdin]
--[ RECORD 1 ]--
          hostname = WINDEV2401EVAL
            domain = None
              type = customDestinations
    application_id = 590aee7bdd69b59b
  application_name = Powershell Windows 10
          lnk_path = C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
          lnk_name = None
         lnk_mtime = 2024-03-21 17:16:41.027615+00:00
         lnk_atime = 2024-03-21 17:16:40.997318+00:00
         lnk_ctime = 2024-03-21 17:16:29.070940+00:00
  lnk_relativepath = None
       lnk_workdir = None
     lnk_arguments = None
  lnk_iconlocation = %windir%\System32\WindowsPowerShell\v1.0\powershell.exe
   local_base_path = C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
common_path_suffix = 
      lnk_net_name = None
   lnk_device_name = None
     lnk_full_path = C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
        machine_id = windev2401eval
      target_mtime = 2022-05-07 05:22:32.504461+00:00
      target_atime = 2024-03-21 17:16:28.045404+00:00
      target_ctime = 2024-03-21 17:16:20.202059+00:00
          username = User
           user_id = S-1-5-21-147454635-2304731113-4176578439-1000
        user_group = None
         user_home = C:\Users\User
[...]