search

puffyCid / artemis

A cross platform forensic parser written in Rust!
MIT License
59 stars 6 forks source link

Support ESE parsing without NTFS access #118

Closed puffyCid closed 4 months ago

puffyCid commented 4 months ago

This PR improves the ESE parser by supporting non-NTFS filesystems. Also other Windows improvements

codecov[bot] commented 4 months ago

Codecov Report

Attention: Patch coverage is 77.65668% with 82 lines in your changes are missing coverage. Please review.

Project coverage is 83.87%. Comparing base (b6bff3e) to head (3f84e96).

Files Patch % Lines
...core/src/artifacts/os/windows/shimcache/os/shim.rs 60.78% 20 Missing :warning:
artemis-core/src/filesystem/ntfs/reader.rs 71.15% 15 Missing :warning:
...rtemis-core/src/artifacts/os/windows/ese/tables.rs 68.00% 8 Missing :warning:
...is-core/src/artifacts/os/windows/usnjrnl/parser.rs 61.11% 7 Missing :warning:
...emis-core/src/artifacts/os/windows/usnjrnl/ntfs.rs 85.71% 6 Missing :warning:
artemis-core/src/runtime/windows/usnjrnl.rs 0.00% 5 Missing :warning:
artemis-core/src/artifacts/os/windows/artifacts.rs 0.00% 4 Missing :warning:
artemis-core/src/utils/compression/xpress/lznt.rs 0.00% 4 Missing :warning:
cli/src/collector/windows.rs 0.00% 4 Missing :warning:
...core/src/artifacts/os/windows/shimcache/os/win7.rs 88.88% 3 Missing :warning:
... and 3 more
Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #118 +/- ## ========================================== - Coverage 84.06% 83.87% -0.19% ========================================== Files 471 470 -1 Lines 53387 53668 +281 ========================================== + Hits 44880 45015 +135 - Misses 8507 8653 +146 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.