Skip to content

Commit

Permalink
Merge pull request #84 from reece394/master
Browse files Browse the repository at this point in the history
Add WinSCP DEFAULT Artifact back and Advanced Port Scanner and Advanced IP Scanner
  • Loading branch information
AndrewRathbun authored Dec 7, 2024
2 parents 67c75ac + 5c2aac2 commit 212e31a
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 1 deletion.
1 change: 1 addition & 0 deletions BatchExamples/DFIRBatch.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ Example entry, please follow this format:
| 2.05 | 2024-09-01 | Added new artifacts related to the third party application MobaTek MobaXTerm |
| 2.06 | 2024-09-06 | Added various JPCert artifacts around remote access tools, Added LogonStats and an example of DEFAULT registry hive use with WinSCP |
| 2.07 | 2024-11-26 | Added new artifacts from the DEFAULT registry hive |
| 2.08 | 2024-12-07 | Added WinSCP DEFAULT artifact back and added Advanced IP Scanner and Advanced Port Scanner Artifacts |

# Documentation

Expand Down
45 changes: 44 additions & 1 deletion BatchExamples/DFIRBatch.reb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
Description: DFIR RECmd Batch File
Author: Andrew Rathbun
Version: 2.07
Version: 2.08
Id: 2e1589f5-e31a-4bef-822f-075d56afdddd
Keys:
#

Check warning on line 6 in BatchExamples/DFIRBatch.reb

View workflow job for this annotation

GitHub Actions / lintAllTheThings

6:1 [comments-indentation] comment not indented like content
Expand Down Expand Up @@ -2617,6 +2617,13 @@ Keys:
KeyPath: WOW6432Node\Martin Prikryl
Recursive: true
Comment: "WinSCP"
-
Description: WinSCP
HiveType: DEFAULT
Category: Third Party Applications
KeyPath: Software\Martin Prikryl
Recursive: true
Comment: "WinSCP"

# Third Party Applications -> Ares - https://www.ares.net/

Expand Down Expand Up @@ -2922,6 +2929,42 @@ Keys:

# https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_1_1_yamashige-nakatani-tanaka_en.pdf

# Third Party Applications -> Advanced Port Scanner - https://www.advanced-port-scanner.com/

-
Description: Advanced Port Scanner
HiveType: NTUSER
Category: Third Party Applications
KeyPath: Software\Famatech\advanced_port_scanner
Recursive: true
Comment: "Displays artifacts relating to Advanced Port Scanner"

-
Description: Advanced Port Scanner
HiveType: DEFAULT
Category: Third Party Applications
KeyPath: Software\Famatech\advanced_port_scanner
Recursive: true
Comment: "Displays artifacts relating to Advanced Port Scanner"

# Third Party Applications -> Advanced IP Scanner - https://www.advanced-ip-scanner.com/

-
Description: Advanced IP Scanner
HiveType: NTUSER
Category: Third Party Applications
KeyPath: Software\Famatech\advanced_ip_scanner
Recursive: true
Comment: "Displays artifacts relating to Advanced IP Scanner"

-
Description: Advanced IP Scanner
HiveType: DEFAULT
Category: Third Party Applications
KeyPath: Software\Famatech\advanced_ip_scanner
Recursive: true
Comment: "Displays artifacts relating to Advanced IP Scanner"

# --------------------
# CLOUD STORAGE
# --------------------
Expand Down

0 comments on commit 212e31a

Please sign in to comment.