search

Velocidex / go-ntfs

An NTFS file parser in Go
Apache License 2.0
64 stars 24 forks source link

New release? #91

Closed massimiliano-dalcero closed 4 months ago

massimiliano-dalcero commented 4 months ago

Hello :), I'm using the cloned and compiled version of go-ntfs and it works fine even with partition offset in "ls command". I noticed that the current release doesn't work the same way. There is an idea of when we will be able to have the new release based on the current code replacing the current one from 2020 :)

Thanks & Best regards

scudette commented 4 months ago

Thanks for bringing up this issue - this library is used heavily in Velociraptor and does not have a real release cycle as such, we just track master in the Velociraptor project. Therefore this library is extensively tested in the Velociraptor project and in production.

The binaries in this project are for casual testing of the library and are not really used for much else. The binaries are actually built on every commit in the github actions tab above

image

I will update the release notes to make that clearer.

massimiliano-dalcero commented 4 months ago

thank you so much for the quick and kind response 😊. I use ntfs.exe with satisfaction in forensics and live response activities, and for a question of reliability the fact that the .exe was digitally signed was a plus.
I noticed that the current version is no longer signed. Do you know if there will be a plan to release a signed version as well? 😊

Thank you so much for your patience and everything 🖖

scudette commented 4 months ago

Our signing pipeline is a bit different now so it is unlikely that I will be able to sign this binary (without creating a whole new release pipeline). As I mentioned the proper way to use this library is with Velociraptor (which is also signed and much more powerful than this simple exe). I recommend you check out Velociraptor if you had not already :-)

massimiliano-dalcero commented 4 months ago

Hello @scudette , thanks for your kind feedback 😉 I know very well velociraptor and use it too, but for other and more structured purposes.
Ntfs.exe is a tool that I find convenient for more "manual" tasks and that I use as an alternative to sleuthkit 😊 It's a pity that you can no longer have a digitally signed version, because it was really a "plus" feature that proved useful on a formal context 😊

Thank you so much for your patience and everything 🖖