EricZimmerman
Missing type 10, clipboard contents
Great tool!
Appears to be missing ActivityType 10, which is the clipboard contents, base64 encoded:
I'd like to have those contents too. Is the concern about the file size if it's binary data? I wouldn't expect the contents to be displayed in the table, necessarily. Some ideas:
- A download link if it's above a certain size
- Decode it and just give the first XXX bytes.
- Decode it and only output the strings
I know we can use a SQLite DB browser to examine this information, but it'd be helpful if wxtcmd were more complete in this way.
Easier said than done. How do I know what it is? Do I have to check for 800 file type signatures to know if it's text?
A download link to what? Possible, but again, decode to what? Hex Chars? I can strings this but then again so can bstrings
It's definitely not lost on me that there's some complexity here and decisions to be made.
How do I know what it is? Do I have to check for 800 file type signatures to know if it's text? >> You could! But, I'd rather just have the full contents, which avoids this sort of thing.
A download link to what? >> The whole file so you're not just displaying the contents in the window.
Possible, but again, decode to what? Hex Chars? >> Referring to decoding the base64 to either hex or ASCII depending on what decisions are being made elsewhere.