Re: [sleuthkit-users] Views area of Autopsy Question
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Views area of Autopsy Question
|
From: Stuart M. <st...@ap...> - 2016-11-03 21:08:44
|
Hi Brian, all, not sure if this is relevant, but I am finishing up some work on a Java-based Windows registry hive parser. A test to see if a file F 'is a hive' I added was based on file content, not extension, since hive files don't have any extension. In the general case, what with malicious software renaming files, I would have thought that content-based checks are a must, though I concede they slow things down. Haven't we all renamed a .tgz file to .txt to get it past a mail attachment blocker ;) Stuart |
