Daily Blog #525: Office 2016 Backstage Artifact Parser

Office 2016 Backstage Artifact Parser by David Cowen - Hacking Exposed Computer Forensics Blog

Hello Reader,
            One of the things I love the most is collaboration within the DFIR world. Today I'm happy to link to Brian Gerdon's (of Arsenal Recon) implementation of the Office 2016 backstage artifact into a python parser so you don't have to just stare at a bunch of text files or json files. You can find it here:


There is no better way to learn the details of an artifact that code to a parser for it and learn all the structures and nuances. So if you see something you think is interesting don't feel that you shouldn't try to write a parser for it just because one already exists, the learning experience alone will be worth your effort.

Also Read: Daily Blog #524

Post a Comment