velociraptor icon indicating copy to clipboard operation
velociraptor copied to clipboard

Published 20 hours ago verified publisher icon Velocidex

FR: Add a timesketch pipeline artifact

Open scudette opened this issue 6 months ago • 0 comments

We should be able to parse the output of Windows.KapeFiles.Targets directly into elastic in a format that Time Sketch understands

Currently people do this via moving the bulk data to another system and using plaso to parse the same data - we need to make this process smoother and faster (and also somewhat officially supported so it doesn't break in future).

This is also a good opportunity to officially support Time Sketch and investigate how to feed it data in the best way - maybe we can add a standard Velociraptor uploader?

scudette avatar Aug 09 '24 01:08 scudette