Initial commit - 611 cybersecurity skills across all subdomains

This commit is contained in:
mukul975
2026-02-25 10:47:44 +01:00
commit 22a7ab1462
1765 changed files with 280648 additions and 0 deletions
@@ -0,0 +1,14 @@
# Standards - Shellbag Forensics
## Standards
- NIST SP 800-86: Guide to Integrating Forensic Techniques
- SWGDE Best Practices for Computer Forensics
## Tools
- SBECmd (Eric Zimmerman): Command-line shellbag parser
- ShellBags Explorer (Eric Zimmerman): GUI shellbag viewer
- Registry Explorer (Eric Zimmerman): Registry hive analysis
## Registry Locations
- NTUSER.DAT: Software\Microsoft\Windows\Shell\BagMRU and Bags
- UsrClass.dat: Local Settings\Software\Microsoft\Windows\Shell\BagMRU and Bags
## MITRE ATT&CK
- T1083 - File and Directory Discovery
- T1005 - Data from Local System
@@ -0,0 +1,15 @@
# Workflows - Shellbag Analysis
## Workflow 1: Folder Access Investigation
```
Extract NTUSER.DAT and UsrClass.dat from evidence
|
Parse with SBECmd to CSV
|
Open in Timeline Explorer
|
Filter by path patterns (USB drives, network shares)
|
Correlate with MFT and LNK file timestamps
|
Document folder access timeline
```