BrunoFischerGermany
commented
4 days ago Hello @Lazza,
thank you for the reference to the "sysdiagnose" command I'll take a look at it. It sounds very exciting.
Open Lazza opened 4 days ago
BrunoFischerGermany
commented
4 days ago Hello @Lazza,
thank you for the reference to the "sysdiagnose" command I'll take a look at it. It sounds very exciting.
Lazza
commented
3 days ago The new acquisition method is basically ready. I am just hesitant to push it because it takes 2 minutes for sysdiagnose and like 1 hour for the conversion of a logarchive to txt.
I may end up adding two different methods (one for sysdiagnose + logarchive and one for sysdiagnose + txt).
BrunoFischerGermany
commented
2 days ago Hello @Lazza,
if you have finished the function with the conversion to Paintext, I would like to try it out and see how the data is there.
A basic question about the unified logs would be, if the data is also converted to PainText, can't it also be imported into an SQLite database? Would it then be possible to evaluate the data under Windows in a small program (date filter, etc.)? The "log" command is only at home in the MacOS and Linux environment. Of course Fuji doesn't have to do this conversion, but I wonder if you could write a small program that turns these log archives into SQLite-Databases and then make them evaluable in Windows with the same program... Can you understand what I mean?
Regards Bruno
In PR #1, @BrunoFischerGermany suggested to collect unified logs. This was temporarily postponed to evaluted the addition of a new acquisition method.
Sysdiagnose seems to include more logs and data: https://labs.withsecure.com/publications/sysdiag-who