Skip to content

Commit

Permalink
Merge fix for ntfs library, add back KapeTriage SDS target (#2849)
Browse files Browse the repository at this point in the history
  • Loading branch information
@scudette
scudette authored Jul 28, 2023
1 parent 9b5879b commit 833aa0f
Show file tree
Hide file tree
Showing 5 changed files with 1,802 additions and 1,790 deletions.
1,790 changes: 898 additions & 892 deletions artifacts/definitions/Linux/KapeFiles/CollectFromDirectory.yaml
View file

Large diffs are not rendered by default.

1,791 changes: 899 additions & 892 deletions artifacts/definitions/Windows/KapeFiles/Targets.yaml
View file

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ require (
howett.net/plist v1.0.0
www.velocidex.com/golang/evtx v0.2.1-0.20220404133451-1fdf8be7325e
www.velocidex.com/golang/go-ese v0.1.1-0.20220107095505-c38622559671
www.velocidex.com/golang/go-ntfs v0.1.2-0.20230711020831-c55236b39682
www.velocidex.com/golang/go-ntfs v0.1.2-0.20230728152253-4d399c766ed6
www.velocidex.com/golang/go-pe v0.1.1-0.20230228112150-ef2eadf34bc3
www.velocidex.com/golang/go-prefetch v0.0.0-20220801101854-338dbe61982a
www.velocidex.com/golang/oleparse v0.0.0-20230217092320-383a0121aafe
Expand All @@ -120,6 +120,7 @@ require (
github.com/go-errors/errors v1.4.2
github.com/golang-jwt/jwt/v4 v4.4.3
github.com/golang/protobuf v1.5.3
github.com/hashicorp/go-retryablehttp v0.7.2
github.com/hillu/go-archive-zip-crypto v0.0.0-20200712202847-bd5cf365dd44
github.com/hirochachacha/go-smb2 v1.1.0
github.com/lpar/gzipped v1.1.0
Expand Down Expand Up @@ -170,7 +171,6 @@ require (
github.com/gorilla/securecookie v1.1.1 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/hashicorp/go-retryablehttp v0.7.2 // indirect
github.com/hashicorp/golang-lru v0.5.4 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
Expand Down
5 changes: 3 additions & 2 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -408,6 +408,7 @@ github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY
github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxCsHI=
github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
Expand Down Expand Up @@ -1230,8 +1231,8 @@ www.velocidex.com/golang/evtx v0.2.1-0.20220404133451-1fdf8be7325e h1:AhcXPgNKhJ
www.velocidex.com/golang/evtx v0.2.1-0.20220404133451-1fdf8be7325e/go.mod h1:ykEQ7AUF9AL+mfCefDmLwmZOnU2So6wM3qKM8xdsHhU=
www.velocidex.com/golang/go-ese v0.1.1-0.20220107095505-c38622559671 h1:pfvo7NFo0eJj6Zr7d+4vMx/Zr2JriMMPEWRHUf1YjUw=
www.velocidex.com/golang/go-ese v0.1.1-0.20220107095505-c38622559671/go.mod h1:qnzHyB9yD2khtYO+wf3ck9FQxX3wFhXeJHFBnuUIZcc=
www.velocidex.com/golang/go-ntfs v0.1.2-0.20230711020831-c55236b39682 h1:Qs8QBcLcT38bG9TSceABN7RSB6u49Ol+i18VsSTeBcE=
www.velocidex.com/golang/go-ntfs v0.1.2-0.20230711020831-c55236b39682/go.mod h1:itvbHQcnLdTVIDY6fI3lR0zeBwXwBYBdUFtswE0x1vc=
www.velocidex.com/golang/go-ntfs v0.1.2-0.20230728152253-4d399c766ed6 h1:CQTXpiMZ01PJIvpelSzpWJlZEUoQM831YgHEVdaZic4=
www.velocidex.com/golang/go-ntfs v0.1.2-0.20230728152253-4d399c766ed6/go.mod h1:itvbHQcnLdTVIDY6fI3lR0zeBwXwBYBdUFtswE0x1vc=
www.velocidex.com/golang/go-pe v0.1.1-0.20220107093716-e91743c801de/go.mod h1:j9Xy8Z9wxzY2SCB8CqDkkoSzy+eUwevnOrRm/XM2q/A=
www.velocidex.com/golang/go-pe v0.1.1-0.20230228112150-ef2eadf34bc3 h1:W394TEIFuHFxHY8mzTJPHI5v+M+NLKEHmHn7KY/VpEM=
www.velocidex.com/golang/go-pe v0.1.1-0.20230228112150-ef2eadf34bc3/go.mod h1:agYwYzeeytVtdwkRrvxZAjgIA8SCeM/Tg7Ym2/jBwmA=
Expand Down
2 changes: 0 additions & 2 deletions scripts/kape_files.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,6 @@
from collections import OrderedDict

BLACKLISTED = ["!ALL.tkape",
"$SDS.tkape", # This one should be fetched via the
# Windows.Triage.SDS
]

# The following paths are not NTFS files, so they can be read normally.
Expand Down

0 comments on commit 833aa0f

Please sign in to comment.