Windows Capability Access Manager database parser #976
Labels
enhancement
New feature or request
epic:windows capabilities
good first issue
Good for newcomers
plugin
Related to a plugin
windows
Related to Windows support/features
Comments
|
Hey @qmadev thanks for creating this issue! Seems like a cool new artefact, and a good addition to Dissect. Is this something you are willing to contribute in the form of a Pull Request? |
Horofic
added
enhancement
|
Thank you for the initial PR, I will take a look at it tomorrow! As far as the separate parser goes, I took a cursory look at the link you provided. The database seems to be SQLite based, we have a separate project dissect.sql that is able to parse SQLite databases. This should help if you decide to pick up that part! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The Capability Access Manager database is an artifact that stores information about which apps used which resources. An example would be which apps used the webcam or microphone. This database is present as of Windows 11.
References
The text was updated successfully, but these errors were encountered: