📘 📕 Field Manuals

📕 Windows RTFM

This is about … .

📘 Linux BTFM

Variables # no spaces when assigning $0 # the first arg # array array=(1 2 4 5) ${array[0]} ${array[*]} # all items delimited by IFS ${array[@]} # all items ${!

📘 macOS BTFM

python FSEParser_V3.3.py -s -t folder /.fseventsd -o /Users/sentinel/Desktop/FSEvents_Out References

📘 Powershell BTFM

Settings Association It’s better to associate powershell scripts with notepad.exe that PowerShell for security reasons.

📘 SIFT BTFM

Here is the official cheatsheet from SANS. I’ve copied it here for convenience. I will comment some of them after I try each command in the list.

📘 Windows BTFM

FUC (Frequently Used Commands) User Get user’s SID: wmic useraccount where name='veronicazvereva' get sid # or whoami /user # for current user System USB Mounting USB devices on are mounted automatically, but VHD drives might need to be mounted manually.