Merge pull request #84 from reece394/master

AndrewRathbun · web-flow · commit 212e31a714fe · 2024-12-07T17:08:54.000-05:00
Add WinSCP DEFAULT Artifact back and Advanced Port Scanner and Advanced IP Scanner
diff --git a/BatchExamples/DFIRBatch.md b/BatchExamples/DFIRBatch.md
@@ -54,6 +54,7 @@ Example entry, please follow this format:
 | 2.05 | 2024-09-01 | Added new artifacts related to the third party application MobaTek MobaXTerm |
 | 2.06 | 2024-09-06 | Added various JPCert artifacts around remote access tools, Added LogonStats and an example of DEFAULT registry hive use with WinSCP  |
 | 2.07 | 2024-11-26 | Added new artifacts from the DEFAULT registry hive  |
+| 2.08 | 2024-12-07 | Added WinSCP DEFAULT artifact back and added Advanced IP Scanner and Advanced Port Scanner Artifacts |
 
 # Documentation
 
diff --git a/BatchExamples/DFIRBatch.reb b/BatchExamples/DFIRBatch.reb
@@ -1,6 +1,6 @@
 Description: DFIR RECmd Batch File
 Author: Andrew Rathbun
-Version: 2.07
+Version: 2.08
 Id: 2e1589f5-e31a-4bef-822f-075d56afdddd
 Keys:
 #
@@ -2617,6 +2617,13 @@ Keys:
         KeyPath: WOW6432Node\Martin Prikryl
         Recursive: true
         Comment: "WinSCP"
+    -
+        Description: WinSCP
+        HiveType: DEFAULT
+        Category: Third Party Applications
+        KeyPath: Software\Martin Prikryl
+        Recursive: true
+        Comment: "WinSCP"
 
 # Third Party Applications -> Ares - https://www.ares.net/
 
@@ -2922,6 +2929,42 @@ Keys:
 
 # https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_1_1_yamashige-nakatani-tanaka_en.pdf
 
+# Third Party Applications -> Advanced Port Scanner - https://www.advanced-port-scanner.com/
+
+    -
+        Description: Advanced Port Scanner
+        HiveType: NTUSER
+        Category: Third Party Applications
+        KeyPath: Software\Famatech\advanced_port_scanner
+        Recursive: true
+        Comment: "Displays artifacts relating to Advanced Port Scanner"
+
+    -
+        Description: Advanced Port Scanner
+        HiveType: DEFAULT
+        Category: Third Party Applications
+        KeyPath: Software\Famatech\advanced_port_scanner
+        Recursive: true
+        Comment: "Displays artifacts relating to Advanced Port Scanner"
+
+# Third Party Applications -> Advanced IP Scanner - https://www.advanced-ip-scanner.com/
+
+    -
+        Description: Advanced IP Scanner
+        HiveType: NTUSER
+        Category: Third Party Applications
+        KeyPath: Software\Famatech\advanced_ip_scanner
+        Recursive: true
+        Comment: "Displays artifacts relating to Advanced IP Scanner"
+
+    -
+        Description: Advanced IP Scanner
+        HiveType: DEFAULT
+        Category: Third Party Applications
+        KeyPath: Software\Famatech\advanced_ip_scanner
+        Recursive: true
+        Comment: "Displays artifacts relating to Advanced IP Scanner"
+
 # --------------------
 # CLOUD STORAGE
 # --------------------
