Top Ad unit 728 × 90

Latest News


Daily Blog #525: Office 2016 Backstage artifact parser

Hello Reader,
            One of the things I love the most is collaboration within the DFIR world. Today I'm happy to link to Brian Gerdon's (of Arsenal Recon) implementation of the Office 2016 backstage artifact into a python parser so you don't have to just stare at a bunch of text files or json files. You can find it here:

There is no better way to learn the details of an artifact that code to a parser for it and learn all the structures and nuances. So if you see something you think is interesting don't feel that you shouldn't try to write a parser for it just because one already exists, the learning experience alone will be worth your effort.
Daily Blog #525: Office 2016 Backstage artifact parser Reviewed by David Cowen on November 01, 2018 Rating: 5

No comments:

All Rights Reserved by Hacking Exposed Computer Forensics Blog © 2014 - 2020
Powered By Blogger, Designed by Sweetheme

Contact Form


Email *

Message *

Powered by Blogger.