dftimewolf
dftimewolf copied to clipboard
log2timeline
A framework for orchestrating forensic collection, processing and data export
It's probably a good idea to have a github action that calculates unit test coverage. Raising this issue to track ideas and any implementation.
The instructions in [docs/recipe-list.md](https://github.com/log2timeline/dftimewolf/blob/main/docs/recipe-list.md) generated by [docs/generate_recipe_doc.py](https://github.com/log2timeline/dftimewolf/blob/main/docs/generate_recipe_doc.py) say to generate the recipe list by running: ``` poetry install -d python docs/generate_recipe_doc.py data/recipes ``` But neither of these commands work: ```...
When running the gcp_logging_collect recipe, the collection will fail silently if it exceeds the cloud logging API quota limit. Based on my testing, this will first issue a 'google_api_exceptions.TooManyRequests' exception....
ref: https://github.com/log2timeline/dftimewolf/pull/673#discussion_r1031905743
Adds a new workspace mobile/device recipe to pull these logs and put them into Timesketch.
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.3 to 3.1.4. Release notes Sourced from jinja2's releases. 3.1.4 This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Possible GCP logging API change (libcloudforensics?) breaking gcp-logging_collect recipe. ``` $ dftimewolf gcp_logging_collect glassbro-production 'resource.type="gce_instance" resource.labels.instance_id="5406509864760928785" log_name="projects/glassbro-production/logs/cloudaudit.googleapis.com%2Factivity" timestamp>="2023-09-25" timestamp
Metadata
Owner
Metadata
A framework for orchestrating forensic collection, processing and data export