nwf9
nwf9
Hi Diogo, Use memtriage to grab all the relevant info without dumping memory.
Hi Willi, You will find below the traceback i met with the last release. Scenario : Windows 2008 traceback evtxtract : ``` evtxtract raw_image.001 > evtxcarving.xml INFO:evtxtract.carvers:Unknown exception processing record...
Hi Matias, Do you have plan to add the parsing and analysis for the syscache.hve. You can look into David Cowen research below https://www.hecfblog.com/2018/12/daily-blog-573-forensic-lunch-test.html?m=1
Hi guys, Amcache parser did not works because of the new structure. Can you update the parser ? Regards