reg_hunter icon indicating copy to clipboard operation
reg_hunter copied to clipboard

Published 20 hours ago verified publisher icon theflakes

Detect and report on alternate data streams

Open theflakes opened this issue 4 years ago • 0 comments

For any file examined, look for alternate data streams and also pull the first X bytes of the stream. Running hunts on the first X bytes would help determine if its a binary, script, or other forensically interesting stuff.

Fields: timestamp device_domain device_name default_hash path size stream_name

theflakes avatar Dec 12 '20 13:12 theflakes