Standard collection of rules for capa: the tool for enumerating the capabilities of programs
514
stars
157
forks
source link
rule idea: modify PendingFileRenameOperations to delete, rename, or move file across reboots #911
Open
mike-hunhoff opened 1 month ago
https://forensicatorj.wordpress.com/2014/06/25/interpreting-the-pendingfilerenameoperations-registry-key-for-forensics/