PATRICK DALLA BERNARDINA
PATRICK DALLA BERNARDINA
Extracts some info from LNK to save as metadata. They are useful to order and groups LNK files. Also, some info is used to make the reference to the original...
Extracts specific metadata from LNK files, like local path, volumelabel and networkshare. Also, some info can be used to local the referenced file, and register the reference to in "linkedItems"...
Identify Jumplist app name based on know list of IDs. I put this in DRAFT because I used back tick to declare a var from a multiline literal (the list...
The filter Hash\ Alert\ (Child\ Porn) in top left combo filters list, lists some CarveLed* files, but not all of them. Maybe this happens because not the entire file was...
EricZimmerman maintains a list of known APP IDs and their names used to name automatic and custom destinations files in https://github.com/EricZimmerman/JumpList/blob/master/JumpList/Resources/AppIDs.txt. This list could be used to add a metadata...
I detected that LNK files are extracted from automaticDestinations and customDestinations. As far as I could understand, they are extracted by "iped.parsers.misc.GenericOLEParser". But they are presented mixed with other LINK...
Add some configs to classify LNK extracted from automatic and custom destinations in respective category bellow Windows Artifacts. Closes #2277
I've noted that the partial hash info of filed carved by LedCarveTask is only stored in fields hashDB:md5_512 and hashDB:md5_64k if its integral hash matches with some hash in configured...
I'm having difficulty in figuring out how to implement an transaction send and later spend with time lock using P2SH. I could send a transaction, but I don't know how...
I use IPED in my workflow in different environments. The evidence first processing is done on a container prepared based on https://github.com/iped-docker/iped in a linux server (with --portable cmd arg)....