cit.dp
#
$ target-query <path/to/target> -f cit.dp
Module |
|
Output |
|
Module documentation
Plugin that parses CIT data from the registry.
Reference: - https://dfir.ru/2018/12/02/the-cit-database-and-the-syscache-hive/
Function documentation
Parse CIT DP data from the registry.
Generally only available since Windows 10.