Tips-Of-Mine/PowerHuntShares
Tips-Of-Mine/PowerHuntShares
2
0
Fork 0
mirror of https://github.com/NetSPI/PowerHuntShares.git synced 2025-05-05 03:38:42 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Scott Sutherland 2022-04-05 21:37:53 -05:00 committed by GitHub
parent bb7487f32e
commit 0b01b1aa29
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -194,7 +194,7 @@ Primary Todo
* pull spns and computer description/spn account descriptions to help identify owner/business unit
**Questions**
* under what conditions are "LastAccessTime" and "LastWriteTime" set?
* under what conditions are Creation time, "LastAccessTime" and "LastWriteTime" set? CreationTime is the time that the file was created on a disk partition; Windows doesn't keep track of the last access times for directories since win7?;last accessed timestamp is static unless the feature is enabled; fsutil behavior set disablelastaccess 0 (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate);Registry - default disabled setting: dword:80000003
* what does share owner mean when system, vs trustedinstaller vs administrators vs network service - what can we infer that would be meaningful
* what are some of the most common shares, can we automat profile them and highlight "known" application shars in the data insights?
* can we predict file path with enough collect data to analyze?
@ -212,6 +212,7 @@ Primary Todo
* http://learningpcs.blogspot.com/2011/08/powershell-forensics-analysis-of.html
* https://datadobi.com/blog/the-impact-of-timestamps/
* https://www.forensixchange.com/posts/19_04_22_win10_ntfs_time_rules/
* https://docs.microsoft.com/en-us/dotnet/api/system.io.filesysteminfo.lastwritetime?view=net-6.0