What new feature do you think would be cool to add to artemis?
Currently artemis is configured to only parser artifacts associated with the system it is running on.
Ex: artemis.exe can parse Windows EventLogs but not macOS MACHO binaries.
However, technically there is nothing preventing us from adding MACHO parsing to artemis.exe. Since we dont use any API calls for parsing artifacts.
We just need to remove #[cfg(target_os = "")] options and just recompile.
However, there is currently a limitation for 2? Windows artifacts.
NTFS and Prefetch both support decomressing compressed LZXPress+Huffman data.
Both currently use the Windows API to decompress it.
We would need to add decompression support for both artifacts, without using the Windows API.
Based on my searching/googling there are no crates that support decompressing LZXPress+Huffman data without using the Windows API.
Describe the solution you'd like
Support all artifacts on all binaries.
What new feature do you think would be cool to add to artemis? Currently artemis is configured to only parser artifacts associated with the system it is running on.
Ex: artemis.exe can parse Windows EventLogs but not macOS MACHO binaries.
However, technically there is nothing preventing us from adding MACHO parsing to artemis.exe. Since we dont use any API calls for parsing artifacts. We just need to remove
#[cfg(target_os = "")]options and just recompile.However, there is currently a limitation for 2? Windows artifacts. NTFS and Prefetch both support decomressing compressed LZXPress+Huffman data. Both currently use the Windows API to decompress it.
We would need to add decompression support for both artifacts, without using the Windows API. Based on my searching/googling there are no crates that support decompressing LZXPress+Huffman data without using the Windows API.
Describe the solution you'd like Support all artifacts on all binaries.
Additional context N/A