forensicnomicon 0.5.6

The ForensicNomicon — comprehensive DFIR artifact catalog: UserAssist, Shimcache, Amcache, Prefetch, $MFT, ShellBags, EVTX, NTDS.dit, SAM, SRUM, LNK, Jump Lists + KAPE/Velociraptor/Sigma/MITRE. Zero deps.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

site_name: forensicnomicon
site_url: https://securityronin.github.io/forensicnomicon/
repo_url: https://github.com/SecurityRonin/forensicnomicon
repo_name: SecurityRonin/forensicnomicon
edit_uri: edit/main/docs/

theme:
  name: material
  palette:
    - scheme: default
      primary: indigo
      accent: blue
      toggle:
        icon: material/brightness-7
        name: Switch to dark mode
    - scheme: slate
      primary: indigo
      accent: blue
      toggle:
        icon: material/brightness-4
        name: Switch to light mode
  features:
    - content.code.copy
    - navigation.tabs
    - navigation.sections
    - navigation.top
    - search.highlight

markdown_extensions:
  - admonition
  - attr_list
  - md_in_html
  - pymdownx.superfences
  - pymdownx.tabbed:
      alternate_style: true
  - pymdownx.highlight:
      anchor_linenums: true
  - tables
  - toc:
      permalink: true

nav:
  - Home: index.md
  - DFIR Handbook: dfir-handbook.md
  - Browser Data Structures: browser-data-structures.md
  - Browser Carving Techniques: browser-carving-techniques.md
  - Module Sources: module-sources.md
  - 13cubed IWE Coverage Audit: 13cubed-iwe-coverage-audit.md
  - Privacy Policy: privacy.md
  - Terms of Service: terms.md

plugins:
  - search