Adding VHD file documentation

ForensicITGuy · Jul 25, 2023 · 3e2321c · 3e2321c
1 parent 62f3d16
commit 3e2321c
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/_posts/2023-07-23-vhd-malware-an-excellent-choice.md b/_posts/2023-07-23-vhd-malware-an-excellent-choice.md
@@ -317,4 +317,13 @@ mal_that_one_persons_vhd invoice.vhd
 0x469000:$guid: {\x00B\x00E\x008\x008\x002\x00B\x000\x007\x00-\x001\x00D\x003\x00C\x00-\x004\x00C\x005\x008\x00-\x009\x00D\x002\x009\x00-\x001\x004\x00A\x008\x00C\x004\x00A\x00E\x003\x005\x00E\x005\x00}\x00
 ```
 
-From here, we can plug that rule into VirusTotal for live or retroactive hunts or we could plug it into other services where we can search a large corpus of malware files. Thanks for reading! 
+From here, we can plug that rule into VirusTotal for live or retroactive hunts or we could plug it into other services where we can search a large corpus of malware files. 
+
+## Learning More About VHD Files
+
+If working with VHDs piqued your interest, here's some documentation to expand your adventure:
+
+- [VHD Format Specification .DOC file](https://download.microsoft.com/download/f/f/e/ffef50a5-07dd-4cf8-aaa3-442c0673a029/Virtual%20Hard%20Disk%20Format%20Spec_10_18_06.doc)
+- [VHDX Format Specification](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-vhdx/83e061f8-f6e2-4de1-91bd-5d518a43d477)
+
+Thanks for reading!