Project for NetWire Stack Forensics.
Please read the article “Forensic Analysis of the NetWire Stack” published in Digital Forensics Magazine Issue 52 (https://www.digitalforensicsmagazine.com) to understand this project.
We have analyzed NetWire 1.7 on the following operating systems:
- Windows 7 32-bit
- Windows 7 64-bit
- Windows 8.1 64-bit
- Windows 10 64-bit
Content
NwStacks
A PoC tool for scanning and analyzing NetWire 1.7 stacks.
Latest builds
https://github.com/ArsenalRecon/NetWireStackForensics/releases
SampleFilesUploaded
The files used for uploads during genration of test material.
SampleStackSnapshots
A collection of stack snapshots taken after a sequence of events.
- win7-32
- win7-32(article)
- win7-64
- win81-64
- win10-64
Artifacts-matrix.xlsx
Spreadsheet with supplemental data to assist in analysis.
Decrypted-payloads.txt
Collection of decrypted payloads and associated controls.
NetWire1.7-controls.txt
List of valid controls.
License
MIT
