Having fun while learning about and pivoting into the world of DFIR.
by ogmini
Submitted my pull request to the KapeFiles Repository to add a Module that leverages my Windows Notepad Parser in a Live Response situation. First time writing a Module and hopefully won’t be my last contribution to that project. One of my favorite tools to use in my coursework and CTFs. Fingers crossed that it gets accepted and merged.
I’ve actually been using it to do regression testing on previous and new versions of Windows Notepad as time permits. Makes it very easy to grab all the important files using a Target and run my application using a Module. Once that is done, I can examine and compare them to the expected results.
tags: DFIR - Windows Notepad - KapeFiles