Jan Starke
Jan Starke
Hi, I currently try to use this library in a tool of mine (https://github.com/janstarke/regview). However, I've a lot of trouble while storing KeyNodes in a datastructure, because they need to...
nt-hive depends on `zerocopy::ByteSlice`, which seemed to be a good idea. Unfortunately, `zerocopy::ByteSlice` is `Sealed`, which means that no one can implement that `trait` for oneself. Especially for Windows registry...
This happens when I try to parse some carved evtx file
This PR provides a generic access to the parsed evtx structure, without a need to parse json (which would make everything very slow) Usage example: ```rust struct MySpecialEvtxDataStructure {} struct...
Those (or a similar) messages are created when `evtx` reads a boolean value (type code `0x0d` with a length of `4` which has a value different from `0x00` or `0x01`....
The cause is that `samples_dir()` assumes that the project dir is the current working dir, which is not the case when a workspace is being used. Solution: ``` diff --git...
https://github.com/sleuthkit/sleuthkit/blob/7867797649f68edb46c14fe95c1fa10a4d058bc6/tools/timeline/mactime.base#L560 For incident response, especially in a global context, it is important to have comparable timestamps. If I run `mactime` somewhere in Europe on a certain sample, I should get...
In some cases, UTF16 decoding errors may lead to a program abort. I'd prefer to have a more soft information about the failed characters, instead of simply a stack trace....