File: interesting_files.xml

package info (click to toggle)
sleuthkit 4.6.5-1%2Bdeb10u1
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 39,264 kB
  • sloc: ansic: 171,812; cpp: 44,216; sh: 31,364; java: 17,674; makefile: 1,241; xml: 838; perl: 797; python: 707; sed: 16
file content (29 lines) | stat: -rw-r--r-- 1,503 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
<?xml version="1.0" encoding="utf-8"?>
<INTERESTING_FILES>
    <INTERESTING_FILE_SET name="HTMLFilesType" description="Files with extension .htm*">
        <EXTENSION typeFilter="file">.htm*</EXTENSION>
    </INTERESTING_FILE_SET>
    <INTERESTING_FILE_SET name="Password" description="Files with password in the name">
        <NAME typeFilter="file">*password*</NAME>
    </INTERESTING_FILE_SET>
    <INTERESTING_FILE_SET name="HTMLFiles" description="Files named file.htm or file.html">
        <NAME typeFilter="file">file.htm</NAME>
        <NAME typeFilter="file">file.html</NAME>
    </INTERESTING_FILE_SET>
    <INTERESTING_FILE_SET name="TextFiles" description="Files with .txt extensions">
        <EXTENSION typeFilter="file">.txt</EXTENSION>
    </INTERESTING_FILE_SET>
    <INTERESTING_FILE_SET name="JPEGFiles" description="JPEG files">
        <EXTENSION typeFilter="file">.jpg</EXTENSION>
        <EXTENSION typeFilter="file">.jpeg</EXTENSION>
    </INTERESTING_FILE_SET>
    <INTERESTING_FILE_SET name="SuspiciousFolders" description="Contents of suspicious folders">
        <NAME typeFilter="dir">/DIR1/</NAME>
        <NAME typeFilter="dir">/DIR2/</NAME>
      </INTERESTING_FILE_SET>
    <INTERESTING_FILE_SET name="SuspiciousDocs" description="Suspicious files">
        <NAME typeFilter="file">readme.txt</NAME>
        <NAME typeFilter="file" pathFilter="installer\installs">install.doc</NAME>
        <EXTENSION>.bak</EXTENSION>
    </INTERESTING_FILE_SET>
</INTERESTING_FILES>