From e30b8638542462aded0bb6d224a36f16f1a8cd53 Mon Sep 17 00:00:00 2001
From: Andrew Rathbun <36825567+AndrewRathbun@users.noreply.github.com>
Date: Thu, 13 Mar 2025 11:42:01 -0400
Subject: [PATCH 1/8] Update BITS.tkape - add more documentation

---
 Targets/Windows/BITS.tkape | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Targets/Windows/BITS.tkape b/Targets/Windows/BITS.tkape
index 00a7bab6e..0aabb9d17 100644
--- a/Targets/Windows/BITS.tkape
+++ b/Targets/Windows/BITS.tkape
@@ -13,3 +13,4 @@ Targets:
 # Documentation
 # https://www.sans.org/reading-room/whitepapers/forensics/bits-forensics-39195
 # https://cyberforensicator.com/2019/05/12/using-mitre-attck-for-forensics-bits-jobs-t1197/
+# https://www.thedfirspot.com/post/a-bits-of-a-problem-investigating-bits-jobs

From 6a20e6520b21f2c0bf2ef7e76277de9fe93b0102 Mon Sep 17 00:00:00 2001
From: Andrew Rathbun <36825567+AndrewRathbun@users.noreply.github.com>
Date: Thu, 13 Mar 2025 11:43:07 -0400
Subject: [PATCH 2/8] Update RDPCache.tkape - add more documentation

---
 Targets/Windows/RDPCache.tkape | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Targets/Windows/RDPCache.tkape b/Targets/Windows/RDPCache.tkape
index 8924cdd9f..5f1a6e18d 100644
--- a/Targets/Windows/RDPCache.tkape
+++ b/Targets/Windows/RDPCache.tkape
@@ -21,3 +21,4 @@ Targets:
 # https://www.youtube.com/watch?v=NnEOk5-Dstw
 # https://cbtgeeks.com/2018/05/22/digital-forensics-on-rdp-cache/
 # https://github.com/BSI-Bund/RdpCacheStitcher
+# https://www.thedfirspot.com/post/rdp-bitmap-cache-piece-s-of-the-puzzle

From 54b865fd4809a8d382c56c1e9c4b0a8f6d865211 Mon Sep 17 00:00:00 2001
From: Andrew Rathbun <36825567+AndrewRathbun@users.noreply.github.com>
Date: Thu, 13 Mar 2025 11:43:33 -0400
Subject: [PATCH 3/8] Update RDPLogs.tkape - add more documentation

---
 Targets/Windows/RDPLogs.tkape | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Targets/Windows/RDPLogs.tkape b/Targets/Windows/RDPLogs.tkape
index 8a18ea120..898d1d3dc 100644
--- a/Targets/Windows/RDPLogs.tkape
+++ b/Targets/Windows/RDPLogs.tkape
@@ -52,3 +52,4 @@ Targets:
 # https://ponderthebits.com/2018/02/windows-rdp-related-event-logs-identification-tracking-and-investigation/
 # https://www.13cubed.com/downloads/rdp_flowchart.pdf
 # https://www.youtube.com/watch?v=myzG11BP3Sk
+# https://www.thedfirspot.com/post/lateral-movement-remote-desktop-protocol-rdp-event-logs

From 0c41a49aa56831e4a4e0fe3042cdb8669e9593d5 Mon Sep 17 00:00:00 2001
From: Andrew Rathbun <36825567+AndrewRathbun@users.noreply.github.com>
Date: Thu, 13 Mar 2025 11:48:39 -0400
Subject: [PATCH 4/8] Update WindowsDefender.tkape - add more documentation

---
 Targets/Antivirus/WindowsDefender.tkape | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Targets/Antivirus/WindowsDefender.tkape b/Targets/Antivirus/WindowsDefender.tkape
index e18d00f36..07252c187 100644
--- a/Targets/Antivirus/WindowsDefender.tkape
+++ b/Targets/Antivirus/WindowsDefender.tkape
@@ -55,3 +55,4 @@ Targets:
 # https://www.crowdstrike.com/blog/how-to-use-microsoft-protection-logging-for-forensic-investigations/
 # https://github.com/jklepsercyber/defender-detectionhistory-parser/blob/main/README.md
 # https://forensafe.com/blogs/windows_defender.html
+# https://www.thedfirspot.com/post/windows-defender-mp-logs-a-story-of-artifacts

From 5d46f54f392dce33af134137eab83d6c8d777dca Mon Sep 17 00:00:00 2001
From: Andrew Rathbun <36825567+AndrewRathbun@users.noreply.github.com>
Date: Thu, 13 Mar 2025 11:49:05 -0400
Subject: [PATCH 5/8] Update SUM.tkape - add more documentation

---
 Targets/Windows/SUM.tkape | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Targets/Windows/SUM.tkape b/Targets/Windows/SUM.tkape
index 88f507fd6..659daddbc 100644
--- a/Targets/Windows/SUM.tkape
+++ b/Targets/Windows/SUM.tkape
@@ -17,4 +17,5 @@ Targets:
 # https://github.com/EricZimmerman/Sum - be sure to follow the guide here for repairing the DB prior to parsing
 # https://github.com/brimorlabs/KStrike
 # https://docs.microsoft.com/en-us/windows-server/administration/user-access-logging/manage-user-access-logging
+# https://www.thedfirspot.com/post/sum-ual-investigating-server-access-with-user-access-logging
 # LogFiles.tkape Target acquires this as well, but this is a more specific Target in that it ONLY grabs the SUM Database artifacts and nothing else, unlike LogFiles.tkape

From 8430111cbcc1ffd1c8c6cde358be7a9ca1f3a6db Mon Sep 17 00:00:00 2001
From: Andrew Rathbun <36825567+AndrewRathbun@users.noreply.github.com>
Date: Thu, 13 Mar 2025 11:49:32 -0400
Subject: [PATCH 6/8] Update Amcache.tkape - add more documentation

---
 Targets/Windows/Amcache.tkape | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Targets/Windows/Amcache.tkape b/Targets/Windows/Amcache.tkape
index d7cc8de1c..eaa9d5768 100644
--- a/Targets/Windows/Amcache.tkape
+++ b/Targets/Windows/Amcache.tkape
@@ -33,3 +33,4 @@ Targets:
 # https://www.andreafortuna.org/2017/10/16/amcache-and-shimcache-in-forensic-analysis/
 # https://www.forensafe.com/blogs/amcache.html
 # https://commons.erau.edu/cgi/viewcontent.cgi?article=1429&context=jdfsl
+# https://www.thedfirspot.com/post/evidence-of-program-existence-amcache

From f58f5374d0b3c536605d2042e7a65af4bf9fb47d Mon Sep 17 00:00:00 2001
From: Andrew Rathbun <36825567+AndrewRathbun@users.noreply.github.com>
Date: Thu, 13 Mar 2025 11:49:59 -0400
Subject: [PATCH 7/8] Update LNKFilesAndJumpLists.tkape - add more
 documentation

---
 Targets/Windows/LNKFilesAndJumpLists.tkape | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Targets/Windows/LNKFilesAndJumpLists.tkape b/Targets/Windows/LNKFilesAndJumpLists.tkape
index 26283b07d..8d1d90f69 100644
--- a/Targets/Windows/LNKFilesAndJumpLists.tkape
+++ b/Targets/Windows/LNKFilesAndJumpLists.tkape
@@ -54,3 +54,4 @@ Targets:
 # https://dfir.pubpub.org/pub/wfuxlu9v
 # https://www.forensafe.com/blogs/jumplist.html
 # https://www.forensafe.com/blogs/lnkfile.html
+# https://www.thedfirspot.com/post/a-lnk-to-the-past-utilizing-lnk-files-for-your-investigations

From f02cd9c8b3ab682c56fe48434de853ca1385b50a Mon Sep 17 00:00:00 2001
From: Andrew Rathbun <36825567+AndrewRathbun@users.noreply.github.com>
Date: Thu, 13 Mar 2025 11:50:24 -0400
Subject: [PATCH 8/8] Update Prefetch.tkape - add more documentation

---
 Targets/Windows/Prefetch.tkape | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Targets/Windows/Prefetch.tkape b/Targets/Windows/Prefetch.tkape
index 241502d87..370711be3 100644
--- a/Targets/Windows/Prefetch.tkape
+++ b/Targets/Windows/Prefetch.tkape
@@ -23,3 +23,4 @@ Targets:
 # https://www.youtube.com/watch?v=prEghfj3bPI
 # https://www.sans.org/security-resources/posters/windows-forensic-analysis/170/download
 # https://www.forensafe.com/blogs/prefetch.html
+# https://www.thedfirspot.com/post/artifacts-of-execution-i-know-what-you-did-last-incident