fls feature request - malware triage

Tool requests, development, and troubleshooting topics related to TSK.

Moderator: carrier

fls feature request - malware triage

Postby stumpyuk » Fri Jun 26, 2015 3:21 pm

I would like a quick way to triage Windows systems for artifacts associated with malware. Currently, I can run fls on a running file system and dump the contents of the MFT to a file, I then have to manually filter for interesting artifacts - which isn't easy in the Windows terminal. Would it be possible to have a "malware" option in fls that will just list .exe, .vbs .scr .dll files in non standard locations, i.e those residing outside of the following directories:
Program Files
ProgramData
System32
WinSxS
SysWOW64
Microsoft.NET

Thanks!
stumpyuk
 
Posts: 1
Joined: Fri Jun 26, 2015 3:13 pm

Return to The Sleuth Kit (TSK)

Who is online

Users browsing this forum: No registered users and 1 guest

cron