-
Notifications
You must be signed in to change notification settings - Fork 197
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'EricZimmerman:master' into master
- Loading branch information
Showing
6 changed files
with
352 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,94 @@ | ||
| Description: Robo-FTP | ||
| Author: Thomas Burnette | ||
| Version: 1.0 | ||
| Id: d23bbad5-8c40-407f-9224-8a8e613f9730 | ||
| RecreateDirectories: true | ||
| Targets: | ||
| - | ||
| Name: Robo-FTP User Scripts | ||
| Category: Apps | ||
| Path: C:\Program Files\Robo-FTP 3.12\UserData\*\Scripts\ | ||
| FileMask: "*.s" | ||
| Comment: "Custom scripts created by each user" | ||
| - | ||
| Name: Robo-FTP User Debug Logs | ||
| Category: Apps | ||
| Path: C:\Program Files\Robo-FTP 3.12\UserData\*\Debug\ | ||
| FileMask: "*.log" | ||
| Comment: "Debug logs generated for each user, if enabled" | ||
| - | ||
| Name: Robo-FTP User Script/Trace Logs | ||
| Category: Apps | ||
| Path: C:\Program Files\Robo-FTP 3.12\UserData\*\Logs\ | ||
| FileMask: "*" | ||
| Comment: "Script and Trace logs generated for each user" | ||
| - | ||
| Name: Robo-FTP User XML Config | ||
| Category: Apps | ||
| Path: C:\Program Files\Robo-FTP 3.12\UserData\*\ | ||
| FileMask: "config.xml" | ||
| Comment: "Config.xml unique to each user. Contains list of custom scripts and ftp sites" | ||
| - | ||
| Name: Robo-FTP User SSH Keys | ||
| Category: Apps | ||
| Path: C:\Program Files\Robo-FTP 3.12\UserData\*\SSH Keys\ | ||
| FileMask: "*" | ||
| Comment: "Saved SSH keys for each user" | ||
| - | ||
| Name: Robo-FTP User SSL Certificates | ||
| Category: Apps | ||
| Path: C:\Program Files\Robo-FTP 3.12\UserData\*\SSL Certificates\ | ||
| FileMask: "*" | ||
| Comment: "Saved SSL Certificates for each user" | ||
| - | ||
| Name: Robo-FTP User PGP Keys | ||
| Category: Apps | ||
| Path: C:\Program Files\Robo-FTP 3.12\UserData\*\PGP Keys\ | ||
| FileMask: "*" | ||
| Comment: "Saved PGP Keys for each user" | ||
| - | ||
| Name: Robo-FTP SSH Keys | ||
| Category: Apps | ||
| Path: C:\Program Files\Robo-FTP 3.12\ProgramData\SSH Keys\ | ||
| FileMask: "*" | ||
| Comment: "Shared SSH keys" | ||
| - | ||
| Name: Robo-FTP SSL Certificates | ||
| Category: Apps | ||
| Path: C:\Program Files\Robo-FTP 3.12\ProgramData\SSL Certificates\ | ||
| FileMask: "*" | ||
| Comment: "Shared SSL Certificates" | ||
| - | ||
| Name: Robo-FTP PGP Keys | ||
| Category: Apps | ||
| Path: C:\Program Files\Robo-FTP 3.12\ProgramData\PGP Keys\ | ||
| FileMask: "*" | ||
| Comment: "Shared PGP Keys" | ||
| - | ||
| Name: Robo-FTP Debug Logs | ||
| Category: Apps | ||
| Path: C:\Program Files\Robo-FTP 3.12\ProgramData\Debug\ | ||
| FileMask: "*" | ||
| Comment: "Debug logs generated by Robo-FTP" | ||
| - | ||
| Name: Robo-FTP Script/Trace Logs | ||
| Category: Apps | ||
| Path: C:\Program Files\Robo-FTP 3.12\ProgramData\Logs\ | ||
| FileMask: "*" | ||
| Comment: "Script and Trace logs generated by Robo-FTP" | ||
| - | ||
| Name: Robo-FTP XML Config | ||
| Category: Apps | ||
| Path: C:\Program Files\Robo-FTP 3.12\ProgramData\ | ||
| FileMask: "config.xml" | ||
| Comment: "Config.xml. Contains list of custom scripts and ftp sites" | ||
| - | ||
| Name: Robo-FTP Jobs | ||
| Category: Apps | ||
| Path: C:\Program Files\Robo-FTP 3.12\ProgramData\ | ||
| FileMask: "SchedulerService.sqlite" | ||
| Comment: "Contains details of scheduled jobs" | ||
|
|
||
| # Documentation | ||
| # https://www.robo-ftp.com/ | ||
| # Robo-FTP is an FTP client that is focused on automation through the use of scripts. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| Description: Visual Studio Code artifacts | ||
| Author: Sebastian Søgaard | ||
| Version: 1.0 | ||
| Id: f90fe4ce-b349-4010-8d41-3b7b8273e5fe | ||
| RecreateDirectories: true | ||
| Targets: | ||
| - | ||
| Name: VSCode Opened Files | ||
| Category: Apps | ||
| Path: C:\Users\%user%\AppData\Roaming\Code\User\History\*\ | ||
| Recursive: true | ||
| Comment: "Grabs the files in the VSCode history. These are files the user has opened with VSCode" | ||
| - | ||
| Name: VSCode Workspaces | ||
| Category: Apps | ||
| Path: C:\Users\%user%\AppData\Roaming\Code\User\globalStorage\ | ||
| FileMask: storage.json* | ||
| Comment: "Grabs the file containing information about the users workspaces" | ||
| - | ||
| Name: VSCode User extensions | ||
| Category: Apps | ||
| Path: C:\Users\%user%\AppData\Roaming\Code\CachedExtensions\ | ||
| FileMask: user* | ||
| Comment: "Grabs the files relating to the users installed extensions" | ||
| - | ||
| Name: VSCode User settings | ||
| Category: Apps | ||
| Path: C:\Users\%user%\AppData\Roaming\Code\User\ | ||
| FileMask: settings.json* | ||
| Comment: "Grabs the file containing the settings the user has set." | ||
| - | ||
| Name: VSCode User Preferences | ||
| Category: Apps | ||
| Path: C:\Users\%user%\AppData\Roaming\Code\ | ||
| FileMask: preferences* | ||
| Comment: "Grabs the file containing the preferences the user has set." | ||
| - | ||
| Name: VSCode Network Cookies | ||
| Category: Apps | ||
| Path: C:\Users\%user%\AppData\Roaming\Code\Network\ | ||
| FileMask: Cookies* | ||
| Comment: "Grabs the cookie files. Same format as Chromium Cookies" | ||
| - | ||
| Name: VSCode Network Persistent State | ||
| Category: Apps | ||
| Path: C:\Users\%user%\AppData\Roaming\Code\Network\ | ||
| FileMask: Network Persistent State* | ||
| Comment: "Grabs the Network Persistent State file. Same format as in Chromium" | ||
| - | ||
| Name: VSCode Logs | ||
| Category: Apps | ||
| Path: C:\Users\%user%\AppData\Roaming\Code\logs\ | ||
| Recursive: true | ||
| Comment: "Grabs the VSCode logs. Further analysis is needed to determine which logs are junk, and which can be vital." | ||
|
|
||
| # Documentation | ||
| # N/A |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,99 @@ | ||
| Description: Vivaldi Artifacts | ||
| Author: Sebastian Søgaard | ||
| Version: 1.0 | ||
| Id: 27893cda-f3c7-47df-aacd-2682d49a19e5 | ||
| RecreateDirectories: true | ||
| Targets: | ||
| - | ||
| Name: Vivaldi Cookies | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Vivaldi\User Data\*\ | ||
| Recursive: true | ||
| FileMask: Cookies* | ||
| - | ||
| Name: Vivaldi Network Persistent State | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Vivaldi\User Data\*\ | ||
| Recursive: true | ||
| FileMask: Network Persistent State | ||
| - | ||
| Name: Vivaldi Favicons | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Vivaldi\User Data\*\ | ||
| FileMask: Favicons* | ||
| - | ||
| Name: Vivaldi History | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Vivaldi\User Data\*\ | ||
| FileMask: History* | ||
| - | ||
| Name: Vivaldi Sessions Folder | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Vivaldi\User Data\*\Sessions\ | ||
| Recursive: false | ||
| - | ||
| Name: Vivaldi Login Data | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Vivaldi\User Data\*\ | ||
| FileMask: Login Data | ||
| - | ||
| Name: Vivaldi Network Action Predictor | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Vivaldi\User Data\*\ | ||
| FileMask: Network Action Predictor | ||
| - | ||
| Name: Vivaldi Preferences | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Vivaldi\User Data\*\ | ||
| FileMask: Preferences | ||
| - | ||
| Name: Vivaldi Top Sites | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Vivaldi\User Data\*\ | ||
| FileMask: Top Sites* | ||
| - | ||
| Name: Vivaldi Bookmarks | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Vivaldi\User Data\*\ | ||
| FileMask: Bookmarks* | ||
| - | ||
| Name: Vivaldi Visited Links | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Vivaldi\User Data\*\ | ||
| FileMask: Visited Links | ||
| - | ||
| Name: Vivaldi Web Data | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Vivaldi\User Data\*\ | ||
| FileMask: Web Data* | ||
| - | ||
| Name: Vivaldi User Tracking | ||
| Category: Communications | ||
| Path: C:\Users\%user%\ | ||
| FileMask: .vivaldi_reporting_data* | ||
| - | ||
| Name: Vivaldi Calendar | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Vivaldi\User Data\*\ | ||
| FileMask: Calendar* | ||
| - | ||
| Name: Vivaldi Contacts | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Vivaldi\User Data\*\ | ||
| FileMask: Contacts* | ||
| - | ||
| Name: Vivaldi Notes | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Vivaldi\User Data\*\ | ||
| FileMask: Notes* | ||
| - | ||
| Name: Vivaldi Download Metadata | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Vivaldi\User Data\*\ | ||
| FileMask: DownloadMetadata* | ||
|
|
||
|
|
||
| # Documentation | ||
| # For vivaldi user tracking, see here: https://vivaldi.com/blog/how-we-count-our-users/ | ||
| # Vivaldi is Chromium, so the same artifacts can be found, however Vivaldi has a few unique ones | ||
| # Like "Notes" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,86 @@ | ||
| Description: Yandex Artifacts | ||
| Author: Sebastian Søgaard | ||
| Version: 1.0 | ||
| Id: 32399a9d-d891-49cc-9919-fa45cbe63683 | ||
| RecreateDirectories: true | ||
| Targets: | ||
| - | ||
| Name: Yandex Cookies | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Yandex\YandexBrowser\User Data\*\ | ||
| Recursive: true | ||
| FileMask: Cookies* | ||
| - | ||
| Name: Yandex Network Persistent State | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Yandex\YandexBrowser\User Data\*\ | ||
| Recursive: true | ||
| FileMask: Network Persistent State | ||
| - | ||
| Name: Yandex Favicons | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Yandex\YandexBrowser\User Data\*\ | ||
| FileMask: Favicons* | ||
| - | ||
| Name: Yandex History | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Yandex\YandexBrowser\User Data\*\ | ||
| FileMask: History* | ||
| - | ||
| Name: Yandex Sessions Folder | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Yandex\YandexBrowser\User Data\*\Sessions\ | ||
| Recursive: false | ||
| - | ||
| Name: Yandex Login Data | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Yandex\YandexBrowser\User Data\*\ | ||
| FileMask: Ya Passman Data* | ||
| - | ||
| Name: Yandex Network Action Predictor | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Yandex\YandexBrowser\User Data\*\ | ||
| FileMask: Network Action Predictor | ||
| - | ||
| Name: Yandex Preferences | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Yandex\YandexBrowser\User Data\*\ | ||
| FileMask: Preferences | ||
| - | ||
| Name: Yandex Top Sites | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Yandex\YandexBrowser\User Data\*\ | ||
| FileMask: Top Sites* | ||
| - | ||
| Name: Yandex Bookmarks | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Yandex\YandexBrowser\User Data\*\ | ||
| FileMask: Bookmarks* | ||
| - | ||
| Name: Yandex Visited Links | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Yandex\YandexBrowser\User Data\*\ | ||
| FileMask: Visited Links | ||
| - | ||
| Name: Yandex Web Data | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Yandex\YandexBrowser\User Data\*\ | ||
| FileMask: Web Data* | ||
| - | ||
| Name: Yandex Autofill data | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Yandex\YandexBrowser\User Data\*\ | ||
| FileMask: Ya Autofill Data* | ||
| - | ||
| Name: Yandex Passman logs | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Yandex\YandexBrowser\User Data\*\ | ||
| FileMask: Passman Logs* | ||
| - | ||
| Name: Yandex Shortcuts | ||
| Category: Communications | ||
| Path: C:\Users\%user%\AppData\Local\Yandex\YandexBrowser\User Data\*\ | ||
| FileMask: Shortcuts* | ||
|
|
||
| # Documentation | ||
| # N/A |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters