bodyfile

package module

v0.0.0-...-ff7c66e Latest Latest Go to latest Published: Aug 21, 2023 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/airbus-cert/bodyfile

Links

Open Source Insights

README ¶

bodyfile

bodyfile is a Golang library used to parse and process bodyfile that can be generated by various tools like list_mft.py, regrippy and so on (mostly Forensics tools).

This library was built to support timeliner, an enhanced mactime-like.

Documentation ¶

Index ¶

Constants
type Entry
type Reader
- func NewReader(r io.Reader) *Reader
- func NewStrictReader(r io.Reader) *Reader
type TimeStampedEntry

Constants ¶

View Source

const (
	AccessTime = 1 << iota
	ModificationTime
	ChangeTime
	CreationTime
)

These constants are used as a bitmap in Entry.MatchingTimestamps, it is useful to know which timestamp matched the filter.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Entry ¶

type Entry struct {
	// MD5|name|inode|mode_as_string|UID|GID|size|atime|mtime|ctime|crtime
	MD5              string
	Name             string
	Inode            int
	Mode             string
	UID              int
	GID              int
	Size             int64
	AccessTime       time.Time
	ModificationTime time.Time
	ChangeTime       time.Time
	CreationTime     time.Time

	MatchingTimestamp int
}

Entry represents one line of the bodyfile

type Reader ¶

type Reader struct {
	Strict bool
	// contains filtered or unexported fields
}

Reader is the reading object

func NewReader ¶

func NewReader(r io.Reader) *Reader

NewReader instantiates a Reader object

func NewStrictReader ¶

func NewStrictReader(r io.Reader) *Reader

NewStrictReader instantiates a new Reader object with the Strict mode enabled

func (*Reader) AddFilter ¶

func (r *Reader) AddFilter(filter string) (err error)

AddFilter adds a date restriction to filter the bodyfile

func (*Reader) Match ¶

func (r *Reader) Match(entry *Entry) (bool, error)

Match filters the events

func (*Reader) Next ¶

func (r *Reader) Next() (*TimeStampedEntry, error)

Next returns the next sorted elements

func (*Reader) Read ¶

func (r *Reader) Read() (*Entry, error)

Read consumes CSV objects, instantiates them to Entry objects and applies filter

func (*Reader) Slurp ¶

func (r *Reader) Slurp() (int, error)

Slurp reads all the content of the file in memory, filter out the non-matching events

type TimeStampedEntry ¶

type TimeStampedEntry struct {
	Time  time.Time
	Entry *Entry
}

TimeStampedEntry is a wrapper around Entry to add an outer timestamp used for the sorted array

Source Files ¶

View all Source files

bodyfile.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL