Thumbcache_*.db and iconcache_*.db database files Timesketch is an open-source tool for collaborative forensic timeline analysis. NTUser.dat, System.dat, Security,dat, Software.dat, SAM.dat Memory Baselining tool with Volatility 3 and standaloneįind Windows registry files in a blob of data The LSA secrets key is located under HKEY_LOCAL_MACHINE\Security\Policy\Secrets and may contain a user's Autologon password, RAS and/or VPN passwords, and other system passwords/keys. Jump lists in depth: Understand the format to better understand what your tools are (or aren't) doing Windows event log fast forensics timeline generator and threat hunting tool Blog Post Explainer Hashtopolis is a multi-platform client-server tool for distributing Hashcat tasks to multiple computers. Generate full memory crash dumps of Windows machines.įree Windows tool - Tool explanation (Part 1) (Part 2) (Part 3)Ĭmdlets for capturing Windows Events - Tool explanation (here)Ĭomprised of 2 back-end Extensible Storage Engine (ESE) databases and other configuration files.įorensically sound logical file/folder acquisition Click here for an intro video from 13Cubed.ĭumpIt is a fast memory acquisition tool for Windows (x86, 圆4, ARM64). Toolĭissect is a collection of Python libraries and tools to facilitate enterprise-scale incident response and forensics.
0 Comments
Leave a Reply. |