01Parses forensic timestamps for accurate timeline reconstruction
024,121 GitHub stars
03Extracts target file paths and working directories from shortcut files
04Detects indicators of data exfiltration to USB devices or network shares
05Analyzes Jump Lists for recently and frequently accessed applications
06Identifies volume serial numbers and hardware identifiers like Machine IDs