Add support for Windows 10 push notification database

[sydp]

Some open source research:

https://inc0x0.com/2018/10/windows-10-notification-database/

[joachimmetz]

@sydp which version/database do you have in mind appdb.dat or wpndatabase.db ?

[joachimmetz]

Related refrences to wpndatabase.db

• https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-admx-wpn
• Payload https://learn.microsoft.com/en-us/windows/apps/design/shell/tiles-and-notifications/toast-schema
• WNFEventName https://blog.quarkslab.com/playing-with-the-windows-notification-facility-wnf.html, https://github.com/sbousseaden/injection-1/blob/master/wnf/wnfscan.c#L461, https://redplait.blogspot.com/2018/07/wnf-ids-from-perfntcdll-adk-version.html

[joachimmetz]

Payload can contain custom timestamp https://learn.microsoft.com/en-us/windows/apps/design/shell/tiles-and-notifications/adaptive-interactive-toasts?tabs=xml#custom-timestamp

[joachimmetz]

First iteration of wpndatabase.db support in https://github.com/log2timeline/plaso/pull/4780 can benefit from improved format support.

[sydp]

@sydp which version/database do you have in mind appdb.dat or wpndatabase.db ?

Hey @joachimmetz, apologies I missed this question.

I was interested in the latter which is the sqlite3 based version.

this was also on my to have a read list - https://www.mdpi.com/2673-6756/2/1/7