WMI_Forensics: find evidence in WMI repositories

WMI_Forensics This repository contains scripts used to find evidence in WMI repositories, specifically OBJECTS.DATA files located at: C:\WINDOWS\system32\wbem\Repository\OBJECTS.DATA C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Download CCM_RUA_Finder.py CCM_RUA_finder.py extracts SCCM software metering RecentlyUsedApplication logs from OBJECTS.DATA files. Usage The output...