Scalpy [bot]
Scalpy [bot]
Should parse the YAML from this repo: hxxps://github.com/ForensicArtifacts/artifacts E.g. hxxps://github.com/ForensicArtifacts/artifacts/blob/main/data/windows.yaml Doesn't look like the FILE ones are too interesting, so maybe on registry stuff.
There are too many registry paths at which you can run something in Windows. Some are already in generic.py, but maybe it's a good idea to just create a autoruns.py...
E.g. HKLM\Software\Classes\Exefile\Shell\Open\Command HKLM\Software\Classes\Htmlfile\Shell\Open\Command HKLM\Software\Classes\Protocol\Filter HKLM\Software\Classes\Protocol\Handler And for all extensions the open command.
Should resolve all possible combinations (including user paths).
Currently the `.map_file()` and `.map_file_fh()` methods only support mapping file entries. This can be extended to also mapping entries representing directories. This would require the creation of a `MappedDirectory` class....
Currently when mounting a Unix-y filesystem (say extfs, ffs etc.) on a windows target there are certain filenames which will lead to issues. Windows targets have `"\"` as an alternate...
Partial support was added in [https://github.com/fox-it/dissect.target/pull/120](https://github.com/fox-it/dissect.target/pull/120|smart-link) remaining artefacts mentioned in [https://github.com/fox-it/dissect.target/issues/119](https://github.com/fox-it/dissect.target/issues/119|smart-link) are still to be implemented. Original post: Program Compatibility Assistant is supposedly a new artefact introduced in Windows 11...
There is nothing specifically Phobos about the Phobos loader. The file extension it is checking on is just one of many possibilities. The rest of the loader is just generic...
Currently, we support the following configurations: ``` /dev/mapper/ /dev/gpt/ /dev/../ UUID= ``` However, linux also has more types of mount options for an fstab file: ``` /dev/disk/by-partuuid/.... /dev/disk/by-path/... /dev/disk/by-uuid/.. ```...
Parse the sudo configuration file (`/etc/sudoers`) into record format.