Reverse Engineering the Windowstate files for Windows Notepad
-
Updated
May 1, 2024 - C#
Reverse Engineering the Windowstate files for Windows Notepad
C# Library and research notes for Windows 11 Notepad State Files
Python script for outputting PCAPs as JSON as well as extracting attachments within the traffic stream
Forensic Artifacts Collecting Toolkit
Reverse Engineering the Tabstate files for Windows Notepad
Analysis or research tools for digital forensics
Sigma detection rules for hunting with the threathunting-keywords project
📇 Digital Forensics Artifact Repository (forensicanalysis edition)
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
Add a description, image, and links to the forensicartifacts topic page so that developers can more easily learn about it.
To associate your repository with the forensicartifacts topic, visit your repo's landing page and select "manage topics."