mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-11 21:54:56 +03:00
mukul975
15 lines
589 B
Markdown
15 lines
589 B
Markdown
# Standards - Shellbag Forensics
|
|
## Standards
|
|
- NIST SP 800-86: Guide to Integrating Forensic Techniques
|
|
- SWGDE Best Practices for Computer Forensics
|
|
## Tools
|
|
- SBECmd (Eric Zimmerman): Command-line shellbag parser
|
|
- ShellBags Explorer (Eric Zimmerman): GUI shellbag viewer
|
|
- Registry Explorer (Eric Zimmerman): Registry hive analysis
|
|
## Registry Locations
|
|
- NTUSER.DAT: Software\Microsoft\Windows\Shell\BagMRU and Bags
|
|
- UsrClass.dat: Local Settings\Software\Microsoft\Windows\Shell\BagMRU and Bags
|
|
## MITRE ATT&CK
|
|
- T1083 - File and Directory Discovery
|
|
- T1005 - Data from Local System
|