List of all items

Structs

• artifact::ArtifactDescriptor
• artifact::ArtifactQuery
• artifact::ArtifactRecord
• artifact::BinaryField
• artifact::FieldSchema
• artifact::ForensicCatalog
• references::ModuleReference

Enums

• artifact::ArtifactType
• artifact::ArtifactValue
• artifact::BinaryFieldType
• artifact::DataScope
• artifact::DecodeError
• artifact::Decoder
• artifact::HiveTarget
• artifact::OsScope
• artifact::TriagePriority
• artifact::ValueType

Functions

• antiforensics::is_known_rootkit
• antiforensics::is_log_wipe_command
• antiforensics::is_timestomp_indicator
• commands::is_download_tool_usage
• commands::is_powershell_abuse
• commands::is_reverse_shell_pattern
• encryption::all_encryption_paths
• encryption::is_encryption_tool_path
• lolbins::is_linux_lolbin
• lolbins::is_windows_lolbin
• paths::is_suspicious_temp_path
• paths::is_trusted_linux_lib_path
• paths::is_trusted_windows_lib_path
• pca::decode_pca_utf16le
• pca::is_pca_file
• pca::parse_pca_line
• persistence::all_windows_persistence_paths
• persistence::is_persistence_location
• persistence::is_persistence_path
• persistence::is_suspicious_ifeo_debugger
• ports::is_suspicious_port
• processes::is_known_malware_process
• processes::is_masquerade_target
• references::all_module_references
• references::module_references
• remote_access::all_lolrmm_paths
• remote_access::identify_remote_access_tool
• remote_access::is_remote_access_tool_path
• third_party::all_third_party_paths
• third_party::identify_application
• third_party::is_third_party_artifact_path

Statics

• artifact::ACTIVE_SETUP_HKCU
• artifact::ACTIVE_SETUP_HKLM
• artifact::AMCACHE_APP_FILE
• artifact::APPCERT_DLLS
• artifact::APPINIT_DLLS
• artifact::APPSHIM_DB
• artifact::BAM_USER
• artifact::BITS_DB
• artifact::BOOT_EXECUTE
• artifact::BROWSER_HELPER_OBJECTS
• artifact::CATALOG
• artifact::CHROME_COOKIES
• artifact::CHROME_LOGIN_DATA
• artifact::COM_HIJACK_CLSID_HKCU
• artifact::DAM_USER
• artifact::DCC2_CACHE
• artifact::DPAPI_CREDHIST
• artifact::DPAPI_CRED_ROAMING
• artifact::DPAPI_CRED_USER
• artifact::DPAPI_MASTERKEY_USER
• artifact::DPAPI_SYSTEM_MASTERKEY
• artifact::EDGE_WEBCACHE
• artifact::EVTX_DIR
• artifact::EVTX_POWERSHELL
• artifact::EVTX_SECURITY
• artifact::EVTX_SYSMON
• artifact::EVTX_SYSTEM
• artifact::FIREFOX_LOGINS
• artifact::IFEO_DEBUGGER
• artifact::JUMP_LIST_AUTO
• artifact::JUMP_LIST_CUSTOM
• artifact::JUMP_LIST_SYSTEM
• artifact::LASTVISITED_MRU
• artifact::LINUX_ANACRONTAB
• artifact::LINUX_APT_HOOKS
• artifact::LINUX_AT_QUEUE
• artifact::LINUX_AUTH_LOG
• artifact::LINUX_AWS_CREDENTIALS
• artifact::LINUX_AZURE_CREDENTIALS
• artifact::LINUX_BASHRC_USER
• artifact::LINUX_BASH_HISTORY
• artifact::LINUX_BASH_PROFILE_USER
• artifact::LINUX_BTMP
• artifact::LINUX_CHROME_LOGIN_LINUX
• artifact::LINUX_CRONTAB_SYSTEM
• artifact::LINUX_CRON_D
• artifact::LINUX_CRON_PERIODIC
• artifact::LINUX_DOCKER_CONFIG
• artifact::LINUX_ETC_ENVIRONMENT
• artifact::LINUX_ETC_GROUP
• artifact::LINUX_FIREFOX_LOGINS_LINUX
• artifact::LINUX_GCP_CREDENTIALS
• artifact::LINUX_GIT_CREDENTIALS
• artifact::LINUX_GNOME_KEYRING
• artifact::LINUX_GNUPG_PRIVATE
• artifact::LINUX_INIT_D
• artifact::LINUX_JOURNAL_DIR
• artifact::LINUX_KDE_KWALLET
• artifact::LINUX_KUBE_CONFIG
• artifact::LINUX_LASTLOG
• artifact::LINUX_LD_SO_CONF_D
• artifact::LINUX_LD_SO_PRELOAD
• artifact::LINUX_MODULES_LOAD_D
• artifact::LINUX_MOTD_D
• artifact::LINUX_NETRC
• artifact::LINUX_NETWORKMANAGER_DISPATCHER
• artifact::LINUX_PAM_D
• artifact::LINUX_PASSWD
• artifact::LINUX_PROFILE_D
• artifact::LINUX_PROFILE_SYSTEM
• artifact::LINUX_PROFILE_USER
• artifact::LINUX_RC_LOCAL
• artifact::LINUX_SHADOW
• artifact::LINUX_SSHD_CONFIG
• artifact::LINUX_SSH_AUTHORIZED_KEYS
• artifact::LINUX_SSH_KNOWN_HOSTS
• artifact::LINUX_SSH_PRIVATE_KEY
• artifact::LINUX_SUDOERS_D
• artifact::LINUX_SYSTEMD_SYSTEM_UNIT
• artifact::LINUX_SYSTEMD_TIMER
• artifact::LINUX_SYSTEMD_USER_UNIT
• artifact::LINUX_UDEV_RULES_D
• artifact::LINUX_USER_CRONTAB
• artifact::LINUX_UTMP
• artifact::LINUX_WTMP
• artifact::LINUX_XDG_AUTOSTART_SYSTEM
• artifact::LINUX_XDG_AUTOSTART_USER
• artifact::LINUX_ZSHRC_USER
• artifact::LINUX_ZSH_HISTORY
• artifact::LNK_FILES
• artifact::LNK_FILES_OFFICE
• artifact::LOGON_SCRIPTS
• artifact::LSA_AUTH_PKGS
• artifact::LSA_SECRETS
• artifact::LSA_SECURITY_PKGS
• artifact::MACHINE_CERT_STORE
• artifact::MRU_RECENT_DOCS
• artifact::MUICACHE
• artifact::NETSH_HELPER_DLLS
• artifact::NTDS_DIT
• artifact::OFFICE_NORMAL_DOTM
• artifact::OPENSAVE_MRU
• artifact::PASSWORD_FILTER_DLL
• artifact::PCA_APPLAUNCH_DIC
• artifact::POWERSHELL_HISTORY
• artifact::POWERSHELL_PROFILE_ALL
• artifact::PREFETCH_DIR
• artifact::PREFETCH_FILE
• artifact::PRINT_MONITORS
• artifact::RDP_CLIENT_DEFAULT
• artifact::RDP_CLIENT_SERVERS
• artifact::RECYCLE_BIN
• artifact::RUN_KEY_HKCU_RUN
• artifact::RUN_KEY_HKCU_RUNONCE
• artifact::RUN_KEY_HKLM_RUN
• artifact::RUN_KEY_HKLM_RUNONCE
• artifact::SAM_USERS
• artifact::SCHEDULED_TASKS_DIR
• artifact::SCREENSAVER_EXE
• artifact::SEARCH_DB_USER
• artifact::SERVICES_IMAGEPATH
• artifact::SHELLBAGS_USER
• artifact::SHIMCACHE
• artifact::SRUM_APP_RESOURCE
• artifact::SRUM_DB
• artifact::SRUM_ENERGY_USAGE
• artifact::SRUM_NETWORK_USAGE
• artifact::SRUM_PUSH_NOTIFICATION
• artifact::STARTUP_FOLDER_SYSTEM
• artifact::STARTUP_FOLDER_USER
• artifact::THUMBCACHE
• artifact::TIME_PROVIDERS
• artifact::TYPED_URLS
• artifact::TYPED_URLS_TIME
• artifact::USB_ENUM
• artifact::USERASSIST_EXE
• artifact::USERASSIST_FOLDER
• artifact::USER_CERT_PRIVATE_KEY
• artifact::USN_JOURNAL
• artifact::VPN_RAS_PHONEBOOK
• artifact::WDIGEST_CACHING
• artifact::WIFI_PROFILES
• artifact::WINDOWS_HELLO_NGC
• artifact::WINDOWS_TIMELINE
• artifact::WINDOWS_VAULT_SYSTEM
• artifact::WINDOWS_VAULT_USER
• artifact::WINLOGON_SHELL
• artifact::WINLOGON_USERINIT
• artifact::WINSOCK_LSP
• artifact::WMI_MOF_DIR
• artifact::WMI_SUBSCRIPTIONS
• artifact::WORDWHEEL_QUERY

Constants

• antiforensics::KNOWN_ROOTKIT_NAMES
• antiforensics::LOG_WIPE_COMMANDS
• antiforensics::TIMESTOMP_INDICATORS
• commands::DOWNLOAD_TOOL_PATTERNS
• commands::POWERSHELL_ABUSE_PATTERNS
• commands::REVERSE_SHELL_PATTERNS
• encryption::BITLOCKER_PATHS
• encryption::EFS_PATHS
• encryption::SEVENZIP_PATHS
• encryption::TOR_PATHS
• encryption::VERACRYPT_PATHS
• encryption::WINRAR_PATHS
• lolbins::LINUX_LOLBINS
• lolbins::WINDOWS_LOLBINS
• pca::PCA_ALL_PATHS
• pca::PCA_APPLAUNCH_DIC_PATH
• pca::PCA_DIR
• pca::PCA_GENERAL_DB0_PATH
• pca::PCA_GENERAL_DB1_PATH
• persistence::ACTIVE_SETUP_PATHS
• persistence::APPINIT_PATHS
• persistence::COM_HIJACK_PATHS
• persistence::IFEO_PATHS
• persistence::LINUX_PERSISTENCE_PATHS
• persistence::MACOS_PERSISTENCE_PATHS
• persistence::SCREENSAVER_PATHS
• persistence::SESSION_MANAGER_PATHS
• persistence::WINDOWS_RUN_KEYS
• persistence::WINLOGON_PATHS
• ports::SUSPICIOUS_PORTS
• processes::KNOWN_MALWARE_PROCESS_NAMES
• processes::WINDOWS_MASQUERADE_TARGETS
• references::ANTIFORENSICS_REFERENCES
• references::ARTIFACT_REFERENCES
• references::COMMANDS_REFERENCES
• references::ENCRYPTION_REFERENCES
• references::LOLBINS_REFERENCES
• references::MODULE_REFERENCES
• references::PATHS_REFERENCES
• references::PCA_REFERENCES
• references::PERSISTENCE_REFERENCES
• references::PORTS_REFERENCES
• references::PROCESSES_REFERENCES
• references::REMOTE_ACCESS_REFERENCES
• references::THIRD_PARTY_REFERENCES
• remote_access::ACTION1_PATHS
• remote_access::ANYDESK_PATHS
• remote_access::ATERA_PATHS
• remote_access::GOTOASSIST_PATHS
• remote_access::MANAGEENGINE_PATHS
• remote_access::SPLASHTOP_PATHS
• remote_access::TEAMVIEWER_PATHS
• third_party::CHROME_PATHS
• third_party::DROPBOX_PATHS
• third_party::KITTY_PATHS
• third_party::ONEDRIVE_PATHS
• third_party::PUTTY_PATHS
• third_party::WINSCP_PATHS