/usr/share/artifacts/applications.yaml is in forensic-artifacts 20161022-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 | # Application artifacts.
name: NodeJSPackageManagerCacheFiles
doc: Node JS package manager (NPM) cache files
sources:
- type: FILE
attributes:
paths: ['%%users.homedir%%/.npm/*']
supported_os: [Darwin, Linux]
- type: FILE
attributes:
paths: ['%%users.appdata%%\npm-cache\*']
separator: '\'
supported_os: [Windows]
supported_os: [Darwin, Linux, Windows]
urls: ['https://docs.npmjs.com/cli/cache']
---
name: MicrosoftOfficeMRU
doc: Microsoft Office Most Recently Used
sources:
- type: FILE
attributes:
paths:
- '%%users.homedir%%/Library/Preferences/com.microsoft.office.plist'
- '%%users.homedir%%/Library/Containers/com.microsoft.*/Data/Library/Preferences/com.microsoft.*.securebookmarks.plist'
separator: '/'
supported_os: [Darwin]
- type: REGISTRY_VALUE
attributes:
key_value_pairs:
- {key: 'HKEY_USERS\%%users.sid%%\Software\Microsoft\Office\*\*\File MRU', value: 'Item *'}
- {key: 'HKEY_USERS\%%users.sid%%\Software\Microsoft\Office\*\*\Place MRU', value: 'Item *'}
supported_os: [Windows]
supported_os: [Darwin, Windows]
urls: ['https://github.com/mac4n6/macMRU-Parser']
---
name: WinRARExternalViewer
doc: Executable run when a file is opened by WinRAR inside an archive.
sources:
- type: REGISTRY_VALUE
attributes: {key_value_pairs: [{key: 'HKEY_USERS\%%users.sid%%\Software\WinRAR\Viewer\', value: 'ExternalViewer'}]}
supported_os: [Windows]
urls:
- 'http://www.hexacorn.com/blog/2012/09/16/beyond-good-ol-run-key-part-2/'
- 'http://acritum.com/software/manuals/winrar/html/helpinterfaceviewing.htm'
---
name: WinRARAVScan
doc: Executable run to scan a file when it is opened by WinRAR.
sources:
- type: REGISTRY_VALUE
attributes: {key_value_pairs: [{key: 'HKEY_USERS\%%users.sid%%\Software\WinRAR\VirusScan\', value: 'Name'}]}
supported_os: [Windows]
urls:
- 'http://www.hexacorn.com/blog/2012/09/16/beyond-good-ol-run-key-part-2/'
- 'http://acritum.com/software/manuals/winrar/html/helpcommandsvirusscan.htm'
|