2022-07-05 13:45:28 +00:00
|
|
|
# windows forensics
|
|
|
|
|
|
|
|
## filesystem timeline
|
|
|
|
### plaso
|
|
|
|
|
|
|
|
## fileystem known data check
|
|
|
|
|
|
|
|
https://www.nist.gov/itl/ssd/software-quality-group/national-software-reference-library-nsrl/nsrl-download/current-rds
|
|
|
|
|
|
|
|
## fragments
|
|
|
|
#### chrome parser
|
2022-11-15 14:02:49 +00:00
|
|
|
https://github.com/obsidianforensics/hindsightkali
|
|
|
|
|
|
|
|
## malware runtime analysis
|
|
|
|
- ProcDot compines procmon and wireshark dumps into a GUI-based graph
|
|
|
|
https://cert.at/en/downloads/software/software-procdot
|