16 lines
443 B
Markdown
16 lines
443 B
Markdown
# windows forensics
|
|
|
|
## filesystem timeline
|
|
### plaso
|
|
|
|
## fileystem known data check
|
|
|
|
https://www.nist.gov/itl/ssd/software-quality-group/national-software-reference-library-nsrl/nsrl-download/current-rds
|
|
|
|
## fragments
|
|
#### chrome parser
|
|
https://github.com/obsidianforensics/hindsightkali
|
|
|
|
## malware runtime analysis
|
|
- ProcDot compines procmon and wireshark dumps into a GUI-based graph
|
|
https://cert.at/en/downloads/software/software-procdot |