forensicnomicon 0.3.1

The ForensicNomicon — comprehensive DFIR artifact catalog: UserAssist, Shimcache, Amcache, Prefetch, $MFT, ShellBags, EVTX, NTDS.dit, SAM, SRUM, LNK, Jump Lists + KAPE/Velociraptor/Sigma/MITRE. Zero deps.
Documentation 
1
2
3
4

#!/bin/sh
# 4q — short alias for 4n6query
# Installed alongside 4n6query in the same directory.
exec "$(dirname "$0")/4n6query" "$@"