Home Software WMI Forensics

WMI Forensics


There are two scripts by David Pany, which can help an analyst to find evidence in WMI repositories: CCM_RUA_finder.py and PyWMIPersistenceFinder.py. The first script extracts SCCM software metering RecentlyUsedApplication logs from OBJECTS.DATA files, the second – finds WMI persistence via FitlerToConsumerBindings solely by keyword searching the OBJECTS.DATA file without parsing the full WMI repository.

Load More Related Articles
Load More In Software
Comments are closed.