Some checkups off my wishlist. (these could be separate issues, but they just seem so small... Tell me if y'all want them split up:
[ ] Time and clock skew. We keep wondering about this, I imagine something that:
a. notes the time
b. compares to a time authority (I'd suggest using a rfc3161 server, like http://sha256timestamp.ws.symantec.com/sha256/timestamp maybe?)
[ ] List the quarantined files for known AV tools. Crowdstrike is \Windows\System32\Drivers\CrowdStrike\Quarantine and /Library/Application Support/CrowdStrike/Falcon/Quarantine. I don't know others, but just having a place to hang them is handy. (I don't think we know enough to parse these, but even just having a file list with timestamps would be helpful)
directionless
commented
9 months ago
Some checkups off my wishlist. (these could be separate issues, but they just seem so small... Tell me if y'all want them split up:
http://sha256timestamp.ws.symantec.com/sha256/timestampmaybe?)\Windows\System32\Drivers\CrowdStrike\Quarantineand/Library/Application Support/CrowdStrike/Falcon/Quarantine. I don't know others, but just having a place to hang them is handy. (I don't think we know enough to parse these, but even just having a file list with timestamps would be helpful)