-
**Describe the problem:**
When I run log2timeline with BrowserHistory artifact I dont get any results nor do I see any error.
**To Reproduce:**
Plaso Version: Latest: 20230717
OS Version; Ub…
-
**Describe the bug**
I'm working in a case that has a lot of logs and it is the third time I have to recreate the timeketch data from zero to start all over again, every time I start to insert more l…
-
First off - cool tool 👍
My hostname has two '-' in it and this causes the cdqr to fail at position 113.
```
skadi@skadi:~$ cdqr in:NOT-MY-HOSTNAME.zip out:Results -p win --max_cpu -z
Assignin…
-
It might be interesting to keep an annotation database for each Sketch. For example, if I have an IP address (192.168.4.55), and I annotate it with its hostname (argv-workstation), you could highligh…
-
![capture](https://cloud.githubusercontent.com/assets/8020510/14811545/43ca3546-0ba1-11e6-9291-328491f9ecd1.PNG)
regview tool opens this file succeessfully :disappointed:
Sample file attached: https:…
azerg updated
5 years ago
-
We should be able to parse the output of `Windows.KapeFiles.Targets` directly into elastic in a format that Time Sketch understands
Currently people do this via moving the bulk data to another sys…
-
- [ ] add extension.autoupdate.next_check timestamp support
- [ ] add extension.install_signature.timestamp timestamp support
- [ ] add extension.settings.[ID].lastpingday timestamp support
- [ ] Addi…
-
Determine how to properly handle CurrentControlSet for Windows NT and 9x/Me Registry Files.
* In Windows 9x/Me CurrentControlSet is a "real" key
* In Windows NT CurrentControlSet is a virtual key
…
-
See Nicole Ibrahim's presentation: "Windows Forensics: Event Trace Logs", presented at the SANS 2018 DFIR Summit. (Posted at
https://www.sans.org/summit-archives/file/summit_archive_1528388048.pdf)
-
We are acquiring a number of dependencies on external, unauditable blobs that are required for using GRR. While its true that we'll always depend on blobs of code, at least if they are tracked in a co…