# windows forensics

## filesystem timeline
### plaso

## fileystem known data check

https://www.nist.gov/itl/ssd/software-quality-group/national-software-reference-library-nsrl/nsrl-download/current-rds

## fragments
#### chrome parser
https://github.com/obsidianforensics/hindsightkali

## malware runtime analysis
-  ProcDot compines procmon and wireshark dumps into a GUI-based graph
https://cert.at/en/downloads/software/software-procdot