mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-11 13:44:56 +03:00
mukul975
16 lines
342 B
Markdown
16 lines
342 B
Markdown
# Workflows - Shellbag Analysis
|
|
## Workflow 1: Folder Access Investigation
|
|
```
|
|
Extract NTUSER.DAT and UsrClass.dat from evidence
|
|
|
|
|
Parse with SBECmd to CSV
|
|
|
|
|
Open in Timeline Explorer
|
|
|
|
|
Filter by path patterns (USB drives, network shares)
|
|
|
|
|
Correlate with MFT and LNK file timestamps
|
|
|
|
|
Document folder access timeline
|
|
```
|