Having fun while learning about and pivoting into the world of DFIR.
by ogmini
Currently, writing this with no power and internet. Luckily, I made progress earlier in the day with writing a testing/validation UWP application. The 36 data types lines up with what I’m seeing and testing. I’m still working on reverse engineering the Composite Value key.
I’d provide some screenshots of the C# code and the 010 Editor Binary Template if I had power. All my VMs and computers are currently powered off. Guess what tomorrow’s post will be about!
tags: #Registryhive