{"width":"100%","height":"190","title":"SANS \u30dd\u30b9\u30bf\u30fc\uff1aWindows Artifact Analysis(7) Windows Shell Item","url":"https://port139.hatenablog.com/entry/2014/06/11/061220","type":"rich","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fport139.hatenablog.com%2Fentry%2F2014%2F06%2F11%2F061220\" title=\"SANS \u30dd\u30b9\u30bf\u30fc\uff1aWindows Artifact Analysis(7) Windows Shell Item - @port139 Blog\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","author_name":"hideakii","published":"2014-06-11 06:12:20","blog_title":"@port139 Blog","provider_name":"Hatena Blog","image_url":null,"categories":["\u30d5\u30a9\u30ec\u30f3\u30b8\u30c3\u30af"],"author_url":"https://blog.hatena.ne.jp/hideakii/","blog_url":"https://port139.hatenablog.com/","provider_url":"https://hatena.blog","description":"SANS Windows Artifact Analysis: Evidence of..\u30dd\u30b9\u30bf\u30fc\u306e\u6700\u521d\u306e\u9805\u76ee\u306f File Download \u3068\u306a\u3063\u3066\u304a\u308a\u3001Open/Save MRU \u306b\u542b\u307e\u308c\u3066\u3044\u308b OpenSavePIDlMRU \u3092\u78ba\u8a8d\u3057\u3066\u307f\u307e\u3057\u305f\u3002 \u30d5\u30a1\u30a4\u30eb\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u30ab\u30c6\u30b4\u30ea\u306b\u306f\u542b\u307e\u308c\u3066\u3044\u307e\u305b\u3093\u304c\u3001\u4f3c\u305f\u30ab\u30c6\u30b4\u30ea\u306b\u30d5\u30a1\u30a4\u30eb\u30aa\u30fc\u30d7\u30f3\u30fb\u4f5c\u6210\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u306e\u4e2d\u306b\u3001OpenSavePIDlMRU \u3068\u540c\u69d8\u306b\u767a\u751f\u3059\u308b\u30ec\u30b8\u30b9\u30c8\u30ea\u30ad\u30fc\u3068\u3057\u3066 LastVisitedPidlMRU \u304c\u8a18\u8f09\u3055\u308c\u3066\u3044\u307e\u3059\u3002 LastVisitedPidlMRU \u3082 Windows 7 \u3067\u306f Windows Shell Item \u2026","version":"1.0"}