windows_artifacts

package

v0.0.0-...-89257ae Latest Latest Go to latest Published: Jun 11, 2023 License: GPL-3.0 Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jurelou/forensibus

Documentation ¶

Index ¶

type AppCompatCacheEntry
type EvtxProcessor
- func (EvtxProcessor) Run(in string, _ *processors.Config, out writer.IManager) processors.PError
type LnkProcessor
- func (LnkProcessor) Configure() error
- func (LnkProcessor) Run(in string, _ *processors.Config, out writer.IManager) processors.PError
type PrefetchEntry
type PrefetchProcessor
- func (proc PrefetchProcessor) Run(in string, _ *processors.Config, out writer.IManager) processors.PError
type PrefetchSingleEntry
type RegistryEntry
type RegistryProcessor
- func (RegistryProcessor) Run(in string, _ *processors.Config, out writer.IManager) processors.PError

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AppCompatCacheEntry ¶

type AppCompatCacheEntry struct {
	LastWriteTime string `json:"last_write_time"`
	FilePath      string `json:"file_path"`
	Id            int    `json:"id"`
}

type EvtxProcessor ¶

type EvtxProcessor struct {
	processors.Default
}

func (EvtxProcessor) Run ¶

func (EvtxProcessor) Run(in string, _ *processors.Config, out writer.IManager) processors.PError

type LnkProcessor ¶

type LnkProcessor struct {
}

func (LnkProcessor) Configure ¶

func (LnkProcessor) Configure() error

func (LnkProcessor) Run ¶

func (LnkProcessor) Run(in string, _ *processors.Config, out writer.IManager) processors.PError

type PrefetchEntry ¶

type PrefetchEntry struct {
	Executable    string      `json:"ExecutableName"`
	FileSize      uint32      `json:"FileSize"`
	Hash          string      `json:"Hash"`
	Version       string      `json:"Version"`
	LastRunTimes  []time.Time `json:"LastRunTimes"`
	FilesAccessed []string    `json:"FilesAccessed"`
	RunCount      uint32      `json:"RunCount"`
}

type PrefetchProcessor ¶

type PrefetchProcessor struct {
	processors.Default
}

func (PrefetchProcessor) Run ¶

func (proc PrefetchProcessor) Run(in string, _ *processors.Config, out writer.IManager) processors.PError

type PrefetchSingleEntry ¶

type PrefetchSingleEntry struct {
	PrefetchUUID  string
	Executable    string
	FileSize      uint32
	Hash          string
	Version       string
	Timestamp     string
	FilesAccessed []string
	RunCount      uint32
}

type RegistryEntry ¶

type RegistryEntry struct {
	LastWriteTime string `json:"last_write_time"`
	Key           string `json:"key"`
	KeyName       string `json:"key_name"`
	Value         string `json:"value"`
	ValueName     string `json:"value_name"`
}

type RegistryProcessor ¶

type RegistryProcessor struct {
	processors.Default
}

func (RegistryProcessor) Run ¶

func (RegistryProcessor) Run(in string, _ *processors.Config, out writer.IManager) processors.PError

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL