Joost Jansen

Refactored the code to work with cstruct v3 after https://github.com/fox-it/dissect.cstruct/pull/73 has been merged.

Hi @Nordgaren, I think it's a great idea to collaborate on this! I have observed different storage formats as well, but could not yet link them to any action with...

Hi @ogmini, @daddycocoaman, @JustArion , thanks for all the suggestions and tips! The PR was aimed at getting initial support for unsaved tabs into dissect. Then the John Hammond video...

Fixed the remaining code comments as of now @Schamper @Horofic. However, will include more functionality later this week, as a lot more about this file format is now known.

Added some more test cases, including some with the application closed/opened and including some with character deletions. Also simplified the code a bit; refactored some unnecessary complex operations and reduced...

Looking at your screenshots @ogmini, the byte at offset `0A` is different between the versions and may indicate some kind of `optionsVersion` number. Thank you both again for the updates,...

I added the `optionsVersion` field in the latest commit. Although we might not be 100% sure if this is correct, we can always fill in these gaps later on. At...

I remember looking into this a while ago, but it seems that the Zeek part of Defender publishes these network events via Windows Event Tracing (ETW) to some kind of...

Can confirm this is still an issue. Encountered various `/var/log/lastlog` sparse files that the `tarfile` library apparently can't write to an archive, even when selecting the GNU_FORMAT: From https://docs.python.org/3/library/tarfile.html >...

Regarding this PR, I've managed to get it to work with my own PR (https://github.com/fox-it/dissect.database/pull/8) by changing a few things: In the `__init__()`: ```python ntds_path_key = target.registry.value( key="HKLM\\SYSTEM\\CurrentControlSet\\Services\\NTDS\\Parameters", value="DSA Database...