1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
|
data_type short_source source
android:event:call LOG Android Call History
android:event:last_resume_time LOG Android App Usage
android:messaging:hangouts HANGOUTS Google Hangouts Message
android:messaging:sms LOG Android SMS messages
android:webviewcache WebViewCache Android WebViewCache
apache:access LOG Apache Access
apt:history:line LOG APT History Log
av:mcafee:accessprotectionlog LOG McAfee Access Protection Log
av:symantec:scanlog LOG Symantec AV Log
av:trendmicro:scan LOG Trend Micro Office Scan Virus Detection Log
av:trendmicro:webrep LOG Trend Micro Office Scan Virus Detection Log
bash:history:command LOG Bash History
bsm:event LOG BSM entry
ccleaner:configuration REG Registry Key - CCleaner Registry key
ccleaner:update LOG System
chrome:autofill:entry WEBHIST Chrome Autofill
chrome:cache:entry WEBHIST Chrome Cache
chrome:cookie:entry WEBHIST Chrome Cookies
chrome:extension_activity:activity_log WEBHIST Chrome Extension Activity
chrome:history:file_downloaded WEBHIST Chrome History
chrome:history:page_visited WEBHIST Chrome History
chrome:preferences:clear_history LOG Chrome History Deletion
chrome:preferences:content_settings:exceptions LOG Chrome Permission Event
chrome:preferences:extension_installation LOG Chrome Extension Installation
chrome:preferences:extensions_autoupdater LOG Chrome Extensions Autoupdater
cookie:google:analytics:utma WEBHIST Google Analytics Cookies
cookie:google:analytics:utmb WEBHIST Google Analytics Cookies
cookie:google:analytics:utmt WEBHIST Google Analytics Cookies
cookie:google:analytics:utmz WEBHIST Google Analytics Cookies
cups:ipp:event LOG CUPS IPP Log
docker:json:container DOCKER Docker Container
docker:json:container:log DOCKER Docker Container Logs
docker:json:layer DOCKER Docker Layer
dpkg:line LOG dpkg log file
file_history:namespace:event LOG File History Namespace
firefox:cache:record WEBHIST Firefox Cache
firefox:cookie:entry WEBHIST Firefox Cache
firefox:downloads:download WEBHIST Firefox History
firefox:places:bookmark_annotation WEBHIST Firefox History
firefox:places:bookmark_folder WEBHIST Firefox History
firefox:places:bookmark WEBHIST Firefox History
firefox:places:page_visited WEBHIST Firefox History
fs:mactime:line FILE Mactime Bodyfile
fs:ntfs:usn_change FILE NTFS USN change
fs:stat FILE File stat
fs:stat:ntfs FILE NTFS file stat
gdrive:snapshot:cloud_entry LOG Google Drive (cloud entry)
gdrive:snapshot:local_entry LOG Google Drive (local entry)
gdrive_sync:log:line LOG GoogleDriveSync Log File
googlelog:log LOG Google Log
iis:log:line LOG IIS Log
imessage:event:chat iMessage Apple iMessage Application
ios:kik:messaging Kik iOS Kik iOS messages
ipod:device:entry LOG iPod Connections
java:download:idx JAVA_IDX Java Cache IDX
kodi:videos:viewing KODI Kodi Video Viewed
linux:utmp:event LOG UTMP session
mac:appfirewall:line LOG Mac AppFirewall Log
mac:asl:event LOG ASL entry
mac:document_versions:file HISTORY Document Versions
mackeeper:cache LOG MacKeeper Cache
mac:keychain:application LOG Keychain Application password
mac:keychain:internet LOG Keychain Internet password
mac:knowledgec:application LOG KnowledgeC Application
mac:knowledgec:safari WEBHIST KnowledgeC Safari
mac:notes:note Mac Note Mac Notes
mac:notificationcenter:db NOTIFICATION Notification Center
macos:fseventsd:record FSEVENT File System Events Disk Log Stream
macos:tcc_entry macOS TCC macOS Transparenty, Control and Consent logs
macosx:application_usage LOG Application Usage
macosx:lsquarantine LOG LS Quarantine Event
mac:securityd:line LOG Mac Securityd Log
mac:utmpx:event LOG UTMPX session
mac:wifilog:line LOG Mac Wifi Log
metadata:openxml META Open XML Metadata
msiecf:leak WEBHIST MSIE Cache File leak record
msiecf:redirected WEBHIST MSIE Cache File redirected record
msiecf:url WEBHIST MSIE Cache File URL record
msie:webcache:containers WEBHIST MSIE WebCache containers record
msie:webcache:container WEBHIST MSIE WebCache container record
msie:webcache:leak_file WEBHIST MSIE WebCache leak file record
msie:webcache:partitions WEBHIST MSIE WebCache partitions record
networkminer:fileinfos:file NetworkMiner NetworkMiner fileinfos
olecf:dest_list:entry OLECF OLECF Dest list entry
olecf:document_summary_info OLECF OLECF Document Summary Info
olecf:item OLECF OLECF Item
olecf:summary_info OLECF OLECF Summary Info
opera:history:entry WEBHIST Opera Browser History
opera:history:typed_entry WEBHIST Opera Browser History
p2p:bittorrent:transmission TORRENT Transmission Active Torrents
p2p:bittorrent:utorrent TORRENT uTorrent Active Torrents
pe:compilation:compilation_time PE PE Compilation time
pe:delay_import:import_time PE PE Delay Import Time
pe:import:import_time PE PE Import Time
pe:load_config:modification_time PE PE Load Configuration Table Time
pe PE PE Event
pe:resource:creation_time PE PE Resource Creation Time
plist:key PLIST Plist Entry
PLSRecall:event PLSRecall PL/SQL Developer Recall file
popularity_contest:log:event LOG Popularity Contest Log
popularity_contest:session:event LOG Popularity Contest Session
safari:cookie:entry WEBHIST Safari Cookies
safari:history:visit_sqlite WEBHIST Safari History
safari:history:visit WEBHIST Safari History
santa:diskmount LOG Santa disk mount
santa:execution LOG Santa Execution
santa:file_system_event LOG Santa FSEvent
selinux:line LOG Audit log File
setupapi:log:line LOG Windows Setupapi Log
shell:zsh:history HIST Zsh Extended History
skydrive:log:line LOG SkyDrive Log File
skydrive:log:old:line LOG SkyDrive Log File
skype:event:account LOG Skype Account
skype:event:call LOG Skype Call
skype:event:chat LOG Skype Chat MSG
skype:event:sms LOG Skype SMS
skype:event:transferfile LOG Skype Transfer Files
software_management:sccm:log LOG SCCM Event
sophos:av:log LOG Sophos Anti-Virus log
spotlight:metadata_item SPOTLIGHT Spotlight store database
syslog:comment LOG Log File
syslog:cron:task_run LOG Cron log
syslog:line LOG Log File
syslog:ssh:failed_connection LOG SSH log
syslog:ssh:login LOG SSH log
syslog:ssh:opened_connection LOG SSH log
systemd:journal:dirty LOG systemd-journal-dirty
systemd:journal LOG systemd-journal
tango:android:contact Tango Android Tango Android Contact
tango:android:conversation Tango Android Tango Android Conversation
tango:android:message Tango Android Tango Android Message
task_scheduler:task_cache:entry REG Task Cache
text:entry LOG Text File
twitter:android:contact Twitter Android Twitter Android Contacts
twitter:android:search Twitter Android Twitter Android Search
twitter:android:status Twitter Android Twitter Android Status
twitter:ios:contact Twitter iOS Twitter iOS Contacts
twitter:ios:status Twitter iOS Twitter iOS Status
vsftpd:log LOG vsftpd log
webview:cookie WebView Android WebView
windows:distributed_link_tracking:creation LOG System
windows:evt:record EVT WinEVT
windows:evtx:record EVT WinEVTX
windows:firewall:log_entry LOG Windows Firewall Log
windows:lnk:link LNK Windows Shortcut
windows:metadata:deleted_item RECBIN Recycle Bin
windows:prefetch:execution LOG WinPrefetch
windows:registry:amcache AMCACHE Amcache Registry Entry
windows:registry:amcache:programs AMCACHEPROGRAM Amcache Programs Registry Entry
windows:registry:appcompatcache REG AppCompatCache Registry Entry
windows:registry:bagmru REG Registry Key - BagMRU
windows:registry:bam REG Background Activity Moderator Registry Entry
windows:registry:boot_execute REG Registry Key
windows:registry:boot_verification REG Registry Key
windows:registry:explorer:programcache REG Registry Key
windows:registry:installation LOG System
windows:registry:key_value REG Registry Key
windows:registry:mount_points2 REG Registry Key
windows:registry:mrulistex REG Registry Key - MRUListEx
windows:registry:mrulist REG Registry Key - MRUList
windows:registry:msie_zone_settings REG Registry Key
windows:registry:mstsc:connection REG Registry Key - RDP Connection
windows:registry:mstsc:mru REG Registry Key - RDP Connection
windows:registry:network_drive REG Registry Key - Network Drive
windows:registry:network LOG System - Network Connection
windows:registry:office_mru_list REG Registry Key - Microsoft Office MRU
windows:registry:office_mru REG Registry Key - Microsoft Office MRU
windows:registry:outlook_search_mru REG Registry Key - PST Paths
windows:registry:run REG Registry Key - Run Key
windows:registry:sam_users REG Registry Key - User Account Information
windows:registry:service REG Registry Key - Service
windows:registry:shutdown REG Registry Key Shutdown Entry
windows:registry:timezone REG Registry Key
windows:registry:typedurls REG Registry Key - Typed URLs
windows:registry:usb REG Registry Key - USB Entries
windows:registry:usbstor REG Registry Key - USBStor Entries
windows:registry:userassist REG Registry Key - UserAssist
windows:registry:winlogon REG Registry Key - Winlogon
windows:restore_point:info RP Windows Restore Point
windows:shell_item:file_entry FILE File entry shell item
windows:srum:application_usage LOG System Resource Usage Monitor
windows:srum:network_connectivity LOG System Resource Usage Monitor
windows:srum:network_usage LOG System Resource Usage Monitor
windows:tasks:job JOB Windows Scheduled Task Job
windows:timeline:generic Windows Timeline Windows Timeline - Generic
windows:timeline:user_engaged Windows Timeline Windows Timeline - User Engaged
windows:volume:creation LOG System
winrar:history REG Registry Key - WinRAR History
xchat:log:line LOG XChat Log File
xchat:scrollback:line LOG XChat Scrollback File
zeitgeist:activity LOG Zeitgeist activity log
|
