Open RaiseiX opened 20 hours ago
jeanga
commented
18 hours ago Not an actual 'problem' but a 'feature' 😅 We 'sanitize' file names to prevent mishandling of collected files. You have getthis.csv in the archive to map original file names and collected samples.
jeanga
commented
17 hours ago For more context on this design, getthis does collect 'more' than just files but also alternate data stream, extended attributes etc... Mapping those artefact in 'foreign' file systems to ntfs (say fat32, ext4,...) would make no sense.
Hello, thanks you for your incredible tools. I have issue with your tools when the collect is finished, I have multiple files in .data format for example : "9666F8F366F8D549_200000001AD7B_1D000000053932_4DFIR-ORC.EXE-C5311128.pf{00000000-0000-0000-0000-000000000000}.data"
It is the same case for all artefacts collected. Do you have any idea to fix this problem ?