cit.telemetry#
$ target-query <path/to/target> -f cit.telemetry
Module |
|
Output |
|
Module documentation
Plugin that parses CIT data from the registry.
Reference: - https://dfir.ru/2018/12/02/the-cit-database-and-the-syscache-hive/
Function documentation
Parse CIT process telemetry answers from the registry.
In some versions of Windows, processes would get “telemetry answers” set on their process struct, based on if certain events happened.
Generally only available before Windows 10.