Andrew Rathbun

icon company Unit 42 icon location Michigan icon location DFIR @ Unit 42, Admin of the Digital Forensics Discord Server, USMC Veteran, Former LE.

Results 65 issues of Andrew Rathbun

Add IEF

Some people still use IEF and don't have AXIOM licenses. https://www.magnetforensics.com/downloadief/

Add SQLECmd

Relatively new EZ Tool https://ericzimmerman.github.io/#!index.md

Added Edit Pad Pro to Text Editors, added Directory Opus to Productivity

Add Magnet Forensics CTF artifacts

https://cfreds.nist.gov/search/author/MagnetForensics Permission granted by Magnet Forensics on today's date. Please provide short description (authors) and long description for each image used. Example: ![image](https://user-images.githubusercontent.com/36825567/172244148-35fffdca-6422-4af0-ba47-3f68b2f2a909.png)

new artifact request

ShimCache/AppCompatCache

Grab a version from every major version of Windows so we can figure out what changes when - [ ] Windows 7 - [ ] Windows 8 - [ ]...

new artifact request

Run APTSimulator with different AV products installed

2 comment

- [X] Windows Defender - https://github.com/AndrewRathbun/DFIRArtifactMuseum/commit/8d15f00de0445fba1ce71585c80b6f15e861e920 - [ ] Symantec (need trial EXE) - [x] Sophos - https://github.com/AndrewRathbun/DFIRArtifactMuseum/commit/4ff8da981897815e209446ae3465da4d1c0645ee - [x] TrendMicro - https://github.com/AndrewRathbun/DFIRArtifactMuseum/commit/4ff8da981897815e209446ae3465da4d1c0645ee - [x] Kaspersky - https://github.com/AndrewRathbun/DFIRArtifactMuseum/commit/4ff8da981897815e209446ae3465da4d1c0645ee - [x]...

enhancement

Overhaul READMEs for each artifact

1 comment

I really want to spruce up the READMEs for each artifact. A general description, links to blog posts, and anything else that can provide added value without going too overboard.

documentation
good first issue

Sort A-Z, dedupe, delete blank lines

Update README.md

Chapter K: jball77-git

3 comment

writing not yet started
future version