foxforensics/corpus

# Forensic Corpus A corpus of various file formats for (mostly) forensic tool testing. Sources: * Sample Active Directory from [Didier Stevens](https://blog.didierstevens.com/2016/07/12/practice-ntds-dit-file-part-1/) * Sample Outlook file from [DFRWS Rodeo 2009](https://web.archive.org/web/20160402173454/http://dfrws.org/2009/rodeo.shtml) * Sample PE files from [Corkamis PE File Corpus](https://github.com/corkami/pocs/tree/master/PE) * Sample Windows artifacts from [NIST Computer Forensic Reference Data Sets](https://cfreds.nist.gov/all/DFIR_AB/ForensicsImageTestimage)

标签：EVTX分析