ufrisk
commented
6 months ago The Rust API isn't being overlooked.
There is no API for getting FindEvil results other than the VFS API in any of the supported languages.
If you wish to get fairly structured results you could grab the FindEvil CSV or get the files from FindEvil directly.
FindEvil results aren't super structured internally either so it wouldn't make much sense for me to add a separate API for it I think. Grabbing the basic results from the CSV should already be structured enough I hope. If there really is the need to add some kind of API for it, it could be done I guess, but it wouldn't really be more structured than the CSV.
For general questions (i.e. not bugs and improvement suggestions) it may be easier to stop by the Discord Server:
kaarposoft
I would like to get "findevil" results from the Rust API. I know that the results are available when the memory image is mounted from the commandline, under the
forensicdirectory. Presumably I could useVmm::vfs_readonforensics/findevil/findevil.txt, but then I would have to parse text which is not very structured. Better yet I could useVmm::vfs_read on forensics/json/general.json, then I only have to parse json which would be much more reliable than text parsing. But the best would be to get the results directly from the Rust API in structured form. However, I do not see any methods to do that underVmm: https://docs.rs/memprocfs/5.9.0/memprocfs/struct.Vmm.html Am I missing something here; is there a Rust API I have overlooked? What would you recommend as the best way to get "findevil" results from the Rust API?