2026-03-16

Author: evild3ad

BTM-Analyzer.ps1

@@ -4,7 +4,7 @@
 # @copyright: Copyright (c) 2025 Martin Willing. All rights reserved. Licensed under the MIT license.
 # @contact:   Any feedback or suggestions are always welcome and much appreciated - mwilling@lethal-forensics.com
 # @url:       https://lethal-forensics.com/
-# @date:      2025-11-20
+# @date:      2026-03-16
 #
 #
 # ██╗     ███████╗████████╗██╗  ██╗ █████╗ ██╗      ███████╗ ██████╗ ██████╗ ███████╗███╗   ██╗███████╗██╗ ██████╗███████╗
@@ -28,7 +28,7 @@
 #
 #
 # Tested on Windows 10 Pro (x64) Version 22H2 (10.0.19045.6456) and PowerShell 5.1 (5.1.19041.6456)
-# Tested on Windows 10 Pro (x64) Version 22H2 (10.0.19045.6456) and PowerShell 7.5.4
+# Tested on Windows 10 Pro (x64) Version 22H2 (10.0.19045.6456) and PowerShell 7.5.5
 #
 #
 #############################################################################################################################################################################################
@@ -342,7 +342,7 @@ Write-Output "[Info]  SHA256 Hash: $SHA256"
 $InputSize = Get-FileSize((Get-Item "$LogFile").Length)
 Write-Output "[Info]  Total Input Size: $InputSize"
 
-# Count rows of CSV (w/ thousands separators)
+# Count rows of TXT (w/ thousands separators)
 [int]$TotalLines = 0
 $Reader = New-Object IO.StreamReader "$LogFile"
 while($Reader.ReadLine() -ne $null){ $TotalLines++ }
@@ -367,9 +367,9 @@ ForEach ($Object in $Objects) {
 }
 
 # User ID's (UID)
-#  -2 = Appears to be a composite covering most Machgrount Items
-#   0 = root
-# 501 = primary admin user
+#  -2 = Appears to be a composite covering most Background Items
+#   0 = Root
+# 501 = Primary Admin User
 
 # List all UIDs
 # dscl . -list /Users UniqueID
@@ -588,8 +588,8 @@ Footer
 # SIG # Begin signature block
 # MIIrywYJKoZIhvcNAQcCoIIrvDCCK7gCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB
 # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR
-# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUOpZyU2AmLj6299THFqk4AN3P
-# Mv6ggiUEMIIFbzCCBFegAwIBAgIQSPyTtGBVlI02p8mKidaUFjANBgkqhkiG9w0B
+# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUeaXfYn6IjFEEB8gT4ibf9hi/
+# sdWggiUEMIIFbzCCBFegAwIBAgIQSPyTtGBVlI02p8mKidaUFjANBgkqhkiG9w0B
 # AQwFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVy
 # MRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEh
 # MB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTIxMDUyNTAwMDAw
@@ -791,33 +791,33 @@ Footer
 # Z28gUHVibGljIENvZGUgU2lnbmluZyBDQSBSMzYCEQCMQZ6TvyvOrIgGKDt2Gb08
 # MAkGBSsOAwIaBQCgeDAYBgorBgEEAYI3AgEMMQowCKACgAChAoAAMBkGCSqGSIb3
 # DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEV
-# MCMGCSqGSIb3DQEJBDEWBBRj3baSlfpetKAlhOmmn5D0lLt+3jANBgkqhkiG9w0B
-# AQEFAASCAgAIMzJbj6ZweU6PRfKHCady2ptfDQvVOl0ZjAacisRBR+hetgcMX40u
-# C4PJBmUei/VXI4w8BbDd6CE0zqlVV3kJfoN8xbyEbK9aAi3q6+yhEISLUWoFk2s9
-# QrjjMP6+jpSMpid0QRXmAlKRTms48bGjzdBsWy4d4IjQS22tFXr2pjaqCPp0F+DN
-# 8tRPU2tWwmmINDcg9A2MxVrioKUZ2g/YSdIXRkuFh08iVLvySDkcaDyqHPgoPL2G
-# 1c/63VYhFnyVx6OviBxCK+Q4G2iZGacBX3UScZSwiL0WsW/A1hvTg21gFlvc1qTP
-# VW/CmKf4tTPKKH23LSG1RUGY+AWxFkvYBoldkZ1LJl5Z9njmR362inisNjCbk1bY
-# XaEvpuEQA1sOllpVq0tEC1c7BhKZnotX8+YN722RX+rS6iFwhY+2McQKrZGgBjOh
-# lN5WR5yG8faBvM/qp4QSLzJI6OcT0/zjQX335uizEvgd0suBmU0gYd7CJxh0fJsf
-# Iac2uTgQkNNwnoPaqFw7j5Va2960BVtpvO5C+/mF31kEgKMESkHC9LRaSP1/L1+D
-# TdfL3/IjupdLWkpNPtzZS08lrKjbEskWYC2uXO+swjnENIyonpSDI4S5U4Tgq2xg
-# Ah0EBy1o3Q1MROgZmNw/astxosEwnHud6wTcSCy24g/8Rk6Py9WCsaGCAyMwggMf
+# MCMGCSqGSIb3DQEJBDEWBBS+txLCjf7/xTkouF4j0dLGvCUXyzANBgkqhkiG9w0B
+# AQEFAASCAgB79BbH6eB1xjCfGmeDb5FSmbItakPMHqeIjtNQI1vji3qCj8GId5Eo
+# +YoXhGGVaVfB6c+TdScqUpkLCYU0XqgHPZzjbI9X91LhiPBh1P6BBW3Gx34FqVCs
+# OqyOKy/nGjbSaPB0Hl7LxuGUTcgxJmDFYjTdZMtzAycyzwGhq5wfHm7ssTUK2xKs
+# uhAItkBwjb1nYB5gW6GHWOdK1kZBkIaYXq3nauSCgTXHqxjLHFi2lte1BB9YvBGZ
+# v6kTz4qM8a8KBv0x5QQ3WMI2sWqOuRVkgc9ZNQh5REgAVgllhtezAppCMDBan0L4
+# pyL7S47K3G9MKMDbSmbz93B4IL0oRbHpp6z5+NWsHCoZuJlscuDe4ByLFMwTmTzw
+# pHJla5ycTZTg+bCLtatO2IAmHYim4A7WLoSGySbYuu7QgRpXrfyEQhOWeFPiVYa9
+# wnKoJj3G5Emd2766Lod8GQsHGj2YuLgrbHTQ5IP8zSONV13XHFLXTCIWWt3YSJi6
+# kWRZ71+2gd3Z8PrHQs5oCwVicpA5UQCO8JaBwlu0dO+XLnk2NtN2W5yDwhECR2xv
+# ZzsU11uyvBGpndiVuigi0PmbbV+fjcUqWWqcPfWlLdWrGD5iCfY8tI6HVkvU3G3s
+# 7CZ/3aaBBSzX6QJT85BjI1Zj33yB1Si7Ta/GuNFoc4APzwJyGFhS0KGCAyMwggMf
 # BgkqhkiG9w0BCQYxggMQMIIDDAIBATBqMFUxCzAJBgNVBAYTAkdCMRgwFgYDVQQK
 # Ew9TZWN0aWdvIExpbWl0ZWQxLDAqBgNVBAMTI1NlY3RpZ28gUHVibGljIFRpbWUg
 # U3RhbXBpbmcgQ0EgUjM2AhEApCk7bh7d16c0CIetek63JDANBglghkgBZQMEAgIF
-# AKB5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTI1
-# MTEyMDA2NTgzNFowPwYJKoZIhvcNAQkEMTIEMIrf3XLNVAUG2kct9US1UXLohH7R
-# UPhIrZijiPcCpGkP8uNbja9ZOp24j9Ivg0+RvDANBgkqhkiG9w0BAQEFAASCAgDE
-# V2TkyhF5OkB4N0i8ZW8okqH5nTCVszwOYhpAjm9LYAQ5jHnTlYvMFsvVF4r97txT
-# MtROjmlQ3+Y2/vq5HnmKcaKLuCaH6klz12mVEe8dZjsjBv9MduGNwov3g6LYnxWS
-# /92CVjt7HHraon+DLRWsc/j0IVWVSI9GzxKF4Vjd4OtA+1aYkL/kWbYr738Fxbpr
-# x1cwLR9esBTsLad5eiYmwBHz3Ok4HGUBWi7sF/Q4HuVneNZiQtWLRLpa0GOpaVK6
-# j+VFqe8fNal/X7f8T7+NCyTMlCFh48bR10vDAZzOnmOskk7Vq6g5YzFQVZFlhqRp
-# vRViVrOcGwurWy0LX7y8JtZAaDgYBfLOzyfN3BFZt1rWP0W1x8UNrUWtSl7+wqrv
-# +a42s8MaMVo2Rq6pB4TYiuo4KZYERIcvn3bladIThdGZKAnGBX/PvhhRAcZO0eB0
-# jNIJHIE4JrsFO+797wLXdCZv5tRtdStJy53k3/SCgkUhbgLidEGCtSe1pCydAS1V
-# 6vmosTbdICamH63pQv3cv4q8uO/HybUz0nxVScNI63eTl5mJDVs4DWMh7FLlTE4L
-# ae/GAHKR/kWAOz+Vj0OBzRMg6o5D+KGgArHcSDBg7eeixHdmbiJEmOe5KdKBgFUv
-# A6MLTQx9Ji32lMl6PDJ1DxVQ6jH/lq9SixTwZR+8YQ==
+# AKB5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTI2
+# MDMxNjA2NDQ1NFowPwYJKoZIhvcNAQkEMTIEMOGdnsWwhLxaeXThoy/6alNbbsnf
+# PDFGXa+6xj0NMBN4e7c8hTVJZyuHglibRp2pyjANBgkqhkiG9w0BAQEFAASCAgBm
+# 9+SG0SHlaOcv7TPgLO9JtEwjfanuAY5W72BBohhM9GvLVqTtPMgAS9I9HLIWmb58
+# NGBb+zpQs4UbOZcuY9bohM+JuOttBxjt8/720cPBODMR0HMdE466Vno4CDixRQgA
+# HTAYhY2kfSBtz3xBLRNxlk/xMyjEMGzo2tvcnu9QzLZLyNTea+nxDSyJtj1KeQbe
+# 66uCMzv0ajHSNq38EK9w+6M+aPkKNsk8GY3XInJ3mAaMaFro64eO7rks6xfDHNQi
+# mB16XHoQZTZxVTA6rIuHbCR+UhVRhx5k8/vgr35iMBeFYDxU+OwRBaeMSXjduwAL
+# yiJYlQMeEHhqg2Mp0vWukfQ8G4qLlhOthQovC2qOHDUZMI/+exQRIqNYVZcY/RJ4
+# 76ZYQPuwC1bJaog8oTBgn+Io5LNGHHZuz0gB/4CHYeqzlSMDAEZZBlPLu0e9LyVY
+# /qxvXECuns3a1cdd5/J4r8LsY/MD6T7rPJbKm+sya7Du/6/JXWX1ISrNIz71le20
+# +JnERjhP2hxDU7jazSnqVusDnCXDued3QmISesvWahlFTgVAd7kXI2v9IY1bDZL/
+# zj7Ls/R/yck/y3C4tEvq4SfVilw64lKm2fbFwwtLuU+qBB1dt42LUSLnMfzB81xO
+# T3dxWkqlMtR8aH5U9barGvXi31r+ACoCsKYFLGvM4Q==
 # SIG # End signature block

CHANGELOG.md

@@ -2,14 +2,22 @@
 
 All changes to the MacOS-Analyzer-Suite will be documented in this file.  
 
+## [1.2.0] - 2026-03-16
+### Added
+- KnockKnock-Analyzer
+- VirusTotal-Analyzer
+
+### Fixed
+- Minor fixes and improvements
+
 ## [1.1.0] - 2025-11-20
 ### Added
 - BTM-Analyzer
 - DSStore-Analyzer
 - Storyline-Analyzer (Aftermath)
 - Timeline-Analyzer (Aftermath)
 
-## Fixed
+### Fixed
 - Minor fixes and improvements
 
 ## [1.0.0] - 2025-11-10
@@ -19,5 +27,5 @@ All changes to the MacOS-Analyzer-Suite will be documented in this file.
 - TCC-Analyzer
 - XProtect-Analyzer
 
-## Changed
+### Changed
 - CHANGELOG.md

Config.json

@@ -7,5 +7,13 @@
             "BackgroundColor": "50,60,220",
             "FontColor": "White"
         }
+    ],
+    "VirusTotal": [
+        {
+            "Name": "VirusTotal CLI - API Key",
+            "URL": "https://www.virustotal.com/#/join-us --> Join the community for free",
+            "Note": "Please insert your API Key here (Default: api_key)",
+            "APIKey": "api_key"
+        }
     ]
 }

DSStore-Analyzer.ps1

@@ -1,10 +1,10 @@
 # DSStore-Analyzer v0.1
 #
 # @author:    Martin Willing
-# @copyright: Copyright (c) 2025 Martin Willing. All rights reserved. Licensed under the MIT license.
+# @copyright: Copyright (c) 2026 Martin Willing. All rights reserved. Licensed under the MIT license.
 # @contact:   Any feedback or suggestions are always welcome and much appreciated - mwilling@lethal-forensics.com
 # @url:       https://lethal-forensics.com/
-# @date:      2025-11-20
+# @date:      2026-03-16
 #
 #
 # ██╗     ███████╗████████╗██╗  ██╗ █████╗ ██╗      ███████╗ ██████╗ ██████╗ ███████╗███╗   ██╗███████╗██╗ ██████╗███████╗
@@ -37,7 +37,7 @@
 #
 #
 # Tested on Windows 10 Pro (x64) Version 22H2 (10.0.19045.6456) and PowerShell 5.1 (5.1.19041.6456)
-# Tested on Windows 10 Pro (x64) Version 22H2 (10.0.19045.6456) and PowerShell 7.5.4
+# Tested on Windows 10 Pro (x64) Version 22H2 (10.0.19045.6456) and PowerShell 7.5.5
 #
 #
 #############################################################################################################################################################################################
@@ -55,7 +55,7 @@
 
   Note: The subdirectory 'DSStore-Analyzer' is automatically created.
 
-.PARAMETER Path
+.PARAMETER InputDir
   Specifies the path to the input directory.
 
 .EXAMPLE
@@ -303,7 +303,7 @@ Write-Output ""
 
 # Header
 Write-Output "DSStore-Analyzer v0.1 - Automated Forensic Analysis of DS_Store Files for DFIR"
-Write-Output "(c) 2025 Martin Willing at Lethal-Forensics (https://lethal-forensics.com/)"
+Write-Output "(c) 2026 Martin Willing at Lethal-Forensics (https://lethal-forensics.com/)"
 Write-Output ""
 
 # Analysis date (ISO 8601)
@@ -684,8 +684,8 @@ Footer
 # SIG # Begin signature block
 # MIIrywYJKoZIhvcNAQcCoIIrvDCCK7gCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB
 # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR
-# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUV5dMx0Qv8fEKEUYmERscuIwG
-# HTCggiUEMIIFbzCCBFegAwIBAgIQSPyTtGBVlI02p8mKidaUFjANBgkqhkiG9w0B
+# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUVvbi0VEnzktMWa6kF9LbjC1N
+# dqaggiUEMIIFbzCCBFegAwIBAgIQSPyTtGBVlI02p8mKidaUFjANBgkqhkiG9w0B
 # AQwFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVy
 # MRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEh
 # MB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTIxMDUyNTAwMDAw
@@ -887,33 +887,33 @@ Footer
 # Z28gUHVibGljIENvZGUgU2lnbmluZyBDQSBSMzYCEQCMQZ6TvyvOrIgGKDt2Gb08
 # MAkGBSsOAwIaBQCgeDAYBgorBgEEAYI3AgEMMQowCKACgAChAoAAMBkGCSqGSIb3
 # DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEV
-# MCMGCSqGSIb3DQEJBDEWBBRsCJ31zbVsE8L82l/TvVNZplrKMzANBgkqhkiG9w0B
-# AQEFAASCAgC8A0T26eVqKZGDdIVhXop86GPwuzWMwcnpVicCGLO6aI5MU15cz4C2
-# 3SQmfAthoW2Phjwg/HtQkaQVfB+QmyDxK+w+Ihnl0s3AiCKx4LPx4JkzuElQHooL
-# uuOo2C98Htkt9skQY3deojo5VHsC483QUtMQUMI8W9LmzYDVLOgKVgGM5NZcpjyG
-# eaqYCbUgAk6wDqg6mDwc24BEbyRIqQh09BrASR5Sbx2xLcjvKw1iGKtWYo13LoJZ
-# PpWK9PTRbXfFjUL89tkZjJo82aazQoCPL4LR50JguuY/MskSjqyJGW4lSME+6jVA
-# rKtD+MRv8cJpJeljhjcsEypNJWpOe9fQVAoUX/hlMhGv3oPJ18eh1r0E4ZOR88fz
-# 9HyfW1nrmN3/NwITnD+Fv8avL8sODMsmV3csaiCQRoEkn+xZdL0D241zO2y7UcyE
-# 9xO9ryQhdE5mPembD5RfXAMcGMWK4HYOYS5YzRmt5YYT3EwyWZU4QTpz+dtJvJc5
-# G9Ah4/AQhEBOqAVBgUQZB39oiANfsBIuaBIBubaXBCW5G00e7XHG5/e0waQ7Jwcg
-# JBvuSQV56iqiJPlTZ7tI3dY2KlfTWyWXzySC7oTKh1cvSkIeuL105lVjfgUD/IOT
-# DiVrLK+PP/6iLMKlJVA/+UxZ79gbxMEm+XeM+3186/8Y3gKyXGdIrKGCAyMwggMf
+# MCMGCSqGSIb3DQEJBDEWBBTRGF2kdz6eE5jx9XjyeuCcq6AL3jANBgkqhkiG9w0B
+# AQEFAASCAgAmLh2ixje5Ssqr5iuUdQFMPiGPj64kDoXrKZrs1hLGalidHvDLLzRp
+# Bjr7Koo8VlnV6eItjQzsDrROngfib5KveJnSykQDOL1RJ3UenpgDSXu/X7IXrcAq
+# vS9k8gnbh7Vuu6BfvQo5USEBKgFRcGcIQVvwEMtFfO4Ka/YbT6t6t4fswhhKkOuR
+# AgFoJ3wvaZGbY4BDV+o2cGn1vttx7j2xBiM7grxEWlF4pQ/utMsNZOsanLvXCuC8
+# QAVL3M9z2qMrqVr1hB8D1sfFV62HjtP31OHlMioDYsJ18zLDmKTfuGDmpb/b/eN0
+# KK9RJx7hk1WtlMGPyLUC6rl2WxfeygUV8C8GHlgVZloLmsi6+0NYbmCSc9uicMtL
+# XH1+4OiLU2gYhtt8VnX6ry2eIiOfE8cmf3RxRtxyhA3x0KJDp6pjYEUzr01hy3aO
+# CvaWMZlQlbDB1ZLqsU8gNzFwcswATP9ONPNlYWW+BJoWTPBt9lpmmN5PhtFluYyU
+# LtTA8XiTBU+E08NoxwubqXwMqIc3nAqU/01R6Av6RoHN/DEKUhUKrwwjRn0OlMDM
+# TR63LNkFykM2L+POxIfYewwWrkYb5pFsoBWNOWcTW8T4X/088oH0xklzp44SYlxc
+# iohe+9LcJDQq8FHmk0OZXSZxZLcZRw8l79WYJj9IBLH4B6NqsMU1laGCAyMwggMf
 # BgkqhkiG9w0BCQYxggMQMIIDDAIBATBqMFUxCzAJBgNVBAYTAkdCMRgwFgYDVQQK
 # Ew9TZWN0aWdvIExpbWl0ZWQxLDAqBgNVBAMTI1NlY3RpZ28gUHVibGljIFRpbWUg
 # U3RhbXBpbmcgQ0EgUjM2AhEApCk7bh7d16c0CIetek63JDANBglghkgBZQMEAgIF
-# AKB5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTI1
-# MTEyMDA2MTcyN1owPwYJKoZIhvcNAQkEMTIEMNKPv9G0l6WYxfzUc/JDpSg7Ofpy
-# 3DWB9u2Lpqi1Q2wpJY8wjgRCVX7e/scgQywqhTANBgkqhkiG9w0BAQEFAASCAgBh
-# EQAYwVCnNJZKiFpvlfRYu/R6kRernh8i1iaRN49vEiYfa0+Qg6aR6vC+w0jOXISo
-# PihFpjV9wMaF8A3maNU8Vn8SufbJiQKieTOAEnEYfpemsDOfk5V4O1TuQfG10kEL
-# K/BuKqlUsmTUOjHegB+rb9akj54wBeFcl4I1bLkzyum/dNQ9XmSmiTYTos4wA2cO
-# TAY5X8R7iQM+UyfmpgOtwgt9WAPOtGLJKXMS28hLfIgSxx+P3RKcUAqNIq/bsYXV
-# 3RL+XBxxvpuQ3c1YwMSA00oVQItOgTmFIr2mxR3Vpl10eXQ6JP7u5lynLJZZDxxy
-# lTm66cj1h6tR7q0r9Z7jKyusR8eVbK7vX9ONELEnMk0iWy6a9sDHpTssTjq3gh6n
-# ZgxJhje1JyXmuflVmBulKbP4fP91HIHZYPLXWv72vw7EmmOZEWe5ZRvk0VJn2V3r
-# zNMeAdBmDEfdLQBxI6I4jHzT4gdjHnC21D7Amk4xAst/jRQZbaD3bitGJ19Uj4qO
-# N2ulSxA1QPJc0tArjC0mHRdKrRS3ZXfoIWvkPmxj1cSYFJ62TF8iEf2HJPIIEVCw
-# puiBbW1ADE1Os0kWahnAcxjRyEAvp7C6nHUB+Q3THLzWMo2gzaVJN+wfnc6/xoau
-# Hg3hD3EoQSlvIWupMlXcjYZyy5qPgREnLfmB1KZkFw==
+# AKB5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTI2
+# MDMxNjA2NDQ1N1owPwYJKoZIhvcNAQkEMTIEMDP3ZbIcI2JN42k3gnVxki+q9WbD
+# qYis5SplXdlu4zCwLAF8oFOEpWDtrxSe6lrVOzANBgkqhkiG9w0BAQEFAASCAgCs
+# YgAQRJj14XsfR256A0o3oXsDgOPTC7yYwd0nA7ZBaSzFNrS3XLj42GKie8MIehoN
+# moyvq45plIx3DzV+py3BSYOQYO8PFDRdDOWzYyJzTJ0yj0HzvvNaIPYwgHWxqLHz
+# /ox0JCrB/JSVgw0fpTqb8w+iXSeBA2hO1+mTgTfkM1BDhDYFR7KQ3w8jJGsn2CyG
+# axBQTOwLNTzkpcz5csgRMkUlRKsKFeFU86aIdOheAl8KKszNFKc2y506Gr8Guu16
+# 93hu7WRktGcPGNtHkPXyhK4hnl2YWQL291w/gzNDZtHwRIhBKb32pK5Sm6shlUc8
+# sLM5h4Fm37HavajGQ2uihgNvsq2/WNk0OGXDgQd0SF1xOJOp+Xf/xZwTgRR1QPJn
+# 3BrGR6Yah9IzAD4jstsLqeiWRDmORj4Lcm9riRu5ZUx/KRvwtjrNdAowSsAryT1G
+# /Cl7TmqghEoZ9S0Sahsepz470LzOvTx2VnZhPTCZxgpYrPzis//C45I4x/vyEFUb
+# Dx4VEH1p+gqX9fyJkhU7ydJkJpA2LwBuVdlXJQ2SkGjf8kx2oxoAiTesDtfXnvvI
+# TfugQSvNvviKxcdaKfqkLUYUqk5QmODcLO1y7TYBV2SAyJw1lUUau/9fxMwdN1pe
+# CeSNFjm6l7V2rrHVoPBN6+lOaQIrVLfibdMHVwfN2w==
 # SIG # End signature block

FSEvents-Analyzer.ps1

@@ -1,10 +1,10 @@
 # FSEvents-Analyzer v0.1
 #
 # @author:    Martin Willing
-# @copyright: Copyright (c) 2025 Martin Willing. All rights reserved. Licensed under the MIT license.
+# @copyright: Copyright (c) 2026 Martin Willing. All rights reserved. Licensed under the MIT license.
 # @contact:   Any feedback or suggestions are always welcome and much appreciated - mwilling@lethal-forensics.com
 # @url:       https://lethal-forensics.com/
-# @date:      2025-11-20
+# @date:      2026-03-16
 #
 #
 # ██╗     ███████╗████████╗██╗  ██╗ █████╗ ██╗      ███████╗ ██████╗ ██████╗ ███████╗███╗   ██╗███████╗██╗ ██████╗███████╗
@@ -43,7 +43,7 @@
 #
 #
 # Tested on Windows 10 Pro (x64) Version 22H2 (10.0.19045.6456) and PowerShell 5.1 (5.1.19041.6456)
-# Tested on Windows 10 Pro (x64) Version 22H2 (10.0.19045.6456) and PowerShell 7.5.4
+# Tested on Windows 10 Pro (x64) Version 22H2 (10.0.19045.6456) and PowerShell 7.5.5
 #
 #
 #############################################################################################################################################################################################
@@ -314,7 +314,7 @@ Write-Output ""
 
 # Header
 Write-Output "FSEvents-Analyzer v0.1 - Automated Forensic Analysis of FSEvents Logs for DFIR"
-Write-Output "(c) 2025 Martin Willing at Lethal-Forensics (https://lethal-forensics.com/)"
+Write-Output "(c) 2026 Martin Willing at Lethal-Forensics (https://lethal-forensics.com/)"
 Write-Output ""
 
 # Analysis date (ISO 8601)
@@ -1392,8 +1392,8 @@ Footer
 # SIG # Begin signature block
 # MIIrywYJKoZIhvcNAQcCoIIrvDCCK7gCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB
 # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR
-# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUZni9NYhv1OlkbCzUKt5L0jcB
-# SsyggiUEMIIFbzCCBFegAwIBAgIQSPyTtGBVlI02p8mKidaUFjANBgkqhkiG9w0B
+# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUeCP4g4qpKiKnt34nmXpT4Uvn
+# UdGggiUEMIIFbzCCBFegAwIBAgIQSPyTtGBVlI02p8mKidaUFjANBgkqhkiG9w0B
 # AQwFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVy
 # MRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEh
 # MB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTIxMDUyNTAwMDAw
@@ -1595,33 +1595,33 @@ Footer
 # Z28gUHVibGljIENvZGUgU2lnbmluZyBDQSBSMzYCEQCMQZ6TvyvOrIgGKDt2Gb08
 # MAkGBSsOAwIaBQCgeDAYBgorBgEEAYI3AgEMMQowCKACgAChAoAAMBkGCSqGSIb3
 # DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEV
-# MCMGCSqGSIb3DQEJBDEWBBRvmGdMO/4+uN1rth1HhPB+vGBCNzANBgkqhkiG9w0B
-# AQEFAASCAgA++da0DVSikQBlMtvt5IPLxNkEcwLKe6EwCLLFKK/GDU2pOR6z8Yqn
-# RzxDSKlDGxEAIghCmrFiz+7EFcw7ddmJC4GqbmCsfC6KpmDqY0RYs9VdPCWuAqq6
-# 8AHgjWb2UyabVa02LYt/U50II2Z+bwGjw9B9W4myBPxOjhcHrEFN83asUNdYzQOa
-# 1YbbOo/IUHYiaDci8UwAOaT6gXGQykgt/rTtHy3nFQGRfwkkxjTT+MpAf+NC4kqJ
-# +4dcFVEUs+065PuU7lxrY1wNEgfwEmKAytiwAwp3yQli8ghRF95ZtegHb1INGocP
-# 8aCJgGS82r/LjBsEREgGm1zQk9Bm66oeFPsrWLvuFSO3RBgjqOXJpAsuxHZNsWl1
-# Fn1s7KeGyb4htuuVr6iDppffzXccUEuDILZcS/WztXURZlRm7vGqpPPMhx56wzJy
-# UnQ/OhmFdFjUXqELpPIquZRoKzWpT+Ju+aqvdLZLMwE3nx9sp7nj7ID8vr97iqWR
-# XvYLX+rO8K+3HBc4QQeyW2UOMIaaM0ztJeBMAuXJPRxAbnZjLKxLsiV7Zul56KEg
-# ZREk/JR4wks8SAYxyTktGbD6ODgcyrsfn91bM1s+WVVkGnuauKBmh9CUUoLBxOAc
-# jqWEwg30BPwUTqaSwjTCbxAkznCqHrSq24QweEZPmXLxzb0s4fWXOqGCAyMwggMf
+# MCMGCSqGSIb3DQEJBDEWBBQwH3rAYkdtxcX23d/cCkTh/dQN+DANBgkqhkiG9w0B
+# AQEFAASCAgAmzfqTTOqUSGv5Zd+HYTMoCRUOkTXp6MPSNneZWtIE6KKzB5QsmlW3
+# CZF8QDzayuDHoEmTpYpiBw9xDpdwLQDXf07iaGPcm3otK7MS09qxO4ieSWXEBTKM
+# uVH5CmIk3W1dIxSybON05dyIaKcsfCX4WRU3oj+qfD1ZOBDFnPO2vg8xZOWR8NJH
+# p6Dq67P1euX/cr/o5U5yZNXCY45PnRX1md3Yg5/nYdIN6KGS2iF0p58SVSIg04De
+# dyCKvdcEBc4Ptv4rb0S/R7F/rsMpnm0ZPifYrkWVQ0T9DFoUqoqvAnLtrFAvST/+
+# Uj01FmGohkiaQj39Mf9AMNqGlMXGFsEjMvdAwGK59U7bKsxtfrQm+eNZgucI+c7I
+# 17PtI71iWP8JyWF3v/no3w02qZbJLuqZzZ9suqc1guruhypYK5FVxXoatpdiRwN5
+# NGzJzxEBZxpi9Lt6ECfSZMv2Uv4+958s0yXO95qtaAfxKsCzRk7lkpoDSU0bVg9C
+# t3+Hph+3FLZt3KeJWWOKvOROZdXjaakV5NwEp43NA/4vb592/XuzzlcJygL0E6RR
+# tSAJvUMPKGVcNN/06GZbT0SZguiTMlEvJdoBSxq9rAiFD6300IZyhlOAb7ovjE5c
+# FRftXksAsIE/hVKgEK4RIjfpkabCsgG4sHUo4QvGBeDX1yZZ+BpZtaGCAyMwggMf
 # BgkqhkiG9w0BCQYxggMQMIIDDAIBATBqMFUxCzAJBgNVBAYTAkdCMRgwFgYDVQQK
 # Ew9TZWN0aWdvIExpbWl0ZWQxLDAqBgNVBAMTI1NlY3RpZ28gUHVibGljIFRpbWUg
 # U3RhbXBpbmcgQ0EgUjM2AhEApCk7bh7d16c0CIetek63JDANBglghkgBZQMEAgIF
-# AKB5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTI1
-# MTEyMDA2MTczMFowPwYJKoZIhvcNAQkEMTIEMLYKzW7LjBZ0WZQ3lQF+tJZ8/7zt
-# jXkDC2prFaqOHhTSK8Uk19xD6GihPfDa9RSQljANBgkqhkiG9w0BAQEFAASCAgAY
-# lIjWc2GGjn2deq3KFO4TkoFWFiqPB7gZ5ytNTG2GSMVeVkqgZ9k+nJ6Qb6nq8wjL
-# Pbr//y9ZvQ4vMDl1l4NTZ3gMtsnzxPpebcfOwSj0YvaLnXZhPmL053VKIns1z/7c
-# JxhIP+o9zRLMFUf7GrLHsL/UYan/Lw0/47jCL+MZUDqWluTa7ZH9rWiMGceGhX2A
-# 61KDk6Q+e1e9IwOdYN61A8cSfomKrLa4QuDqlF1UBi6rfYTJXFU0VVrQL9f9agBu
-# OeR0haVtgkccoqsPTLG3jpiSk4zMY8peGXdzmueSn1wVo/ydhodR0Eu8PyvRgWkp
-# kfoEX2dmuTEiLopj1ngQ3Dk6ag//uuU4mJhKGAfXPGJQ+84DcCVCnYWXVSRP9o/4
-# vFBe6nEFgo0jjZwqdUbEff7ROQvFBcjt1GL6gvsEpzQi1/A79nmBPXaJVqddvJXB
-# bDWuxPBcxkx6mcRRHyeElxKvfTLT+iOyb2Yjir8dkpJ+955c6Qzhs8Wp+/B4uM7z
-# 1AeIx3VT6vhZi/fcuUbq+/Ojr9sPIwnARduamfgTvX4vj2OGybI9c9T+sjY37ehI
-# ghUPOm5JvMlu3HfObfJNw9FFPVyMQ1D3TrDwKfHqsP3EqbTQO9Fc+kxwI8kCpIsp
-# wpMZq99UoZgSD7XrN0XmDAUOib4qXUk6iZW6vyO3Ag==
+# AKB5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTI2
+# MDMxNjA2NDUwMVowPwYJKoZIhvcNAQkEMTIEMN06MXNY5cRdTlTD8L7oxCw2j2Te
+# dZllJ0u5rPEhBS6/rVMGQaydWwjqJrPiA2+VLTANBgkqhkiG9w0BAQEFAASCAgAF
+# BJ75Cmw2a5Qfu79/3++zaAozGNLoLiJ6tFHJFt29ZhkfwXkInpRNIbxZdjIkQlRZ
+# +BR/w4FwkGuxE81d77bpE2XtGbMpzszT7xeJYy/K1ALUsGvWjjHaVpWrqTWmYzeC
+# yhStQ6PobbOeZHTq0qjuqbT1t7sQZO8dUJJWrSY/wci3qutE4NR2UttM3XDVELPy
+# WsVjg9/+5R7zJArDJEmTtYlzVT/2jkO4w+tm0vOpd3/f0MeWJHZqeKmrhhuDE9BO
+# Jwvc9yl/7juV3rkRRih+TL+WY2dlGXt+HoC6ETofbLU7V8L427TI4aRya9U4myZ3
+# 82To56kMiH6pVzwnJcpdckXSvZUBNblegYJUnUdrxcJ6kCgG+ReGw3EQirOTapYZ
+# HzC2BlQ3aM1rdqOidud4Sf0eCDfVh46fiepGepBc8LEHwB9VOc9Sl4iDAF+/bp1T
+# HRlpUSF6vZ0piIncGuBByycQbsOgEipzy9UCYrmOu0JqFFuDAQ3MQWutxx2G1l2X
+# zEqiJJd/4nkGUebPI6/xYiVAflFFlw5VUSFsZL9Nm0LCr4274mhXVt/jhmQ5gqho
+# 8nqCLwMeHIMAf4OXrAaqlwOlvERZ8X052DsJIv3DwC81SiwzA/haQZX1xFyuz4IH
+# O3fZ0tBVesO3ZqGMO5aDkI8QFGwU27c3xYglli9ECA==
 # SIG # End signature block