Home Software WMI Forensics

WMI Forensics


There are two scripts by David Pany, which can help an analyst to find evidence in WMI repositories: CCM_RUA_finder.py and PyWMIPersistenceFinder.py. The first script extracts SCCM software metering RecentlyUsedApplication logs from OBJECTS.DATA files, the second – finds WMI persistence via FitlerToConsumerBindings solely by keyword searching the OBJECTS.DATA file without parsing the full WMI repository.

Load More Related Articles
  • Malcom: Malware Communication Analyzer

    Malcom is a tool designed to analyze a system’s network communication using graphica…
  • PasteHunter

    PasteHunter is a Python3 application that is designed to query a collection of sites that …
  • Open Forensic Images with Forensic7z

    Forensic7z is a plugin for 7-Zip archiver that can be used for opening and browsing disk i…
Load More In Software

Leave a Reply

Your email address will not be published. Required fields are marked *