sonofagl1tch
commented
7 years ago I did find the answer in the .py file but it might be good to have that in the readme file as well.
Closed sonofagl1tch closed 7 years ago
sonofagl1tch
commented
7 years ago I did find the answer in the .py file but it might be good to have that in the readme file as well.
Rurik
commented
7 years ago Thanks! The Readme is an issue, and it's been on my list to get updated. It's long, rambles on, and has too many points that don't flow well.
I'll be working here shortly on that, but please feel free to reach out with any questions until that happens.
sonofagl1tch
commented
7 years ago I have a few remaining questions. Would you like them through this thread or would you prefer to start a separate email thread? I plan on turning the usage of noriben into an automated installer script for me to use on new systems when I'm in the field and then doing a chained analysis with multiple vm's eventually for my lab. I'll share all my code to the project when i get it working if you're interested.
sent from my mobile device
On Dec 29, 2016 9:21 PM, "Brian Baskin" notifications@github.com wrote:
Thanks! The Readme is an issue, and it's been on my list to get updated. It's long, rambles on, and has too many points that don't flow well.
I'll be working here shortly on that, but please feel free to reach out with any questions until that happens.
— You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub https://github.com/Rurik/Noriben/issues/12#issuecomment-269723278, or mute the thread https://github.com/notifications/unsubscribe-auth/ATOMUvWJroLz70NSGKFYY4aNUiJor3l1ks5rNGqNgaJpZM4LX5sE .
Rurik
commented
7 years ago Feel free to hit me up directly on email, brian@thebaskins.com. That'll be easier.
Emails may be sporadic, busy time at a new job. (or hit me up on FlowDock (wink wink))
I have read your readme file on github as well as the blogs on ghettoforensics but I have a few open questions. I would like to request clarification in the documentation for the software required to be installed on the vm versus what needs to be in the directory with the noriben python file. For example, you mention the usage of procmon a bunch as it is used heavily. It is not mentioned whether or not procmon should be installed on the vm prior to usage or if the binary should be in the directory with Noriben.py. How is procmon used? is it executed at the point of execution of the vm or somewhere else?
btw great work on noriben! I can't wait to start using it once i get clarification so i can finish setup on my vm.
-sonofagl1tch