martin kormaninDFIR DudesAmCache is not alone; Using .WER files to hunt evilTL;DR — Starting Windows 10, most of *.WER files include the process’ hash, which can be used for hunting in the same way that AmCache is…Jun 26, 20191Jun 26, 20191
martin kormaninDFIR DudesRegipy: Automating registry forensics with pythonI’m releasing Regipy: an OS independent python library for parsing offline registry hives, with a lot of awesome features!Mar 6, 2019Mar 6, 2019