Constants§
- BITLOCKER_
PATHS - BitLocker-related registry evidence.
- EFS_
PATHS - EFS (Encrypting File System) policy paths.
- SEVENZIP_
PATHS - 7-Zip MRU and settings paths.
- TOR_
PATHS - Tor Browser / Tor Project registry paths.
- VERACRYPT_
PATHS - Registry paths that indicate presence of VeraCrypt encryption tool.
- WINRAR_
PATHS - WinRAR MRU paths (archive access evidence).
Functions§
- all_
encryption_ paths - Returns an iterator over all encryption tool indicator paths.
- is_
encryption_ tool_ path - Returns true if the given registry path matches a known encryption tool indicator (case-insensitive contains match).