Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Syscache.hve artifact #18

Open
nwf9 opened this issue Dec 23, 2018 · 2 comments
Open

Add Syscache.hve artifact #18

nwf9 opened this issue Dec 23, 2018 · 2 comments
Labels
enhancement

Comments

@nwf9
Copy link

nwf9 commented Dec 23, 2018

Hi Matias,

Do you have plan to add the parsing and analysis for the syscache.hve. You can look into David Cowen research below

https://www.hecfblog.com/2018/12/daily-blog-573-forensic-lunch-test.html?m=1
@mbevilacqua
Copy link
Owner

That definitely sounds like it would be a good source of data for ACP. Looks like there's already some folks investigating the artefact and writing up some python code so will monitor and leverage that when available.
Thanks!

@nwf9
Copy link
Author

nwf9 commented Jan 16, 2019

With my pleasure, it will be very good to hunt with this artifact. You can also add sccm telemetry.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mbevilacqua @nwf9