zwass
commented
6 years ago No, it is not currently possible.
Open reynas opened 6 years ago
zwass
commented
6 years ago No, it is not currently possible.
reynas
commented
6 years ago Any short term plans to add this functionality?
zwass
commented
6 years ago It's something we would like to support, but there are no short term plans for doing so.
jacknagz
commented
6 years ago Having carving support would be great! I'd love to be able to put the files in a configurable S3 bucket as well
reynas
commented
6 years ago Do you have an update on this? thx!
lctrcl
commented
5 years ago Having this feature would greatly benefit incident response and forensics use cases.
benbasscom
commented
5 years ago I am also interested in file carves. We haven't needed the functionality yet, but there are cases where it could have been extremely handy in IR.
arimb00r
commented
4 years ago is this feature available now on kolide?
sanjakum-zz
commented
4 years ago Is file carving available now on Kolide fleet?
anelshaer
commented
4 years ago @zwass Can this be turned into a feature request and considered in future updates please ?
Is it possible, with the current version of Fleet, to use the carving options of osquery?