respondersGY
respondersGY
Just for tracking purposes. I haven't debugged it but memory usage of 20GB+ is to high compared to the results it returns.
## References * [https://www.aon.com/en/insights/cyber-labs/parsing-esxi-logs-for-incident-response?collection=5b76135e-4196-415b-ab1d-f42b6f0abb10](https://www.aon.com/en/insights/cyber-labs/parsing-esxi-logs-for-incident-response?collection=5b76135e-4196-415b-ab1d-f42b6f0abb10) * [https://github.com/strozfriedberg/qelp](https://github.com/strozfriedberg/qelp) * [https://www.synacktiv.com/en/publications/vmware-esxi-forensic-with-velociraptor](https://www.synacktiv.com/en/publications/vmware-esxi-forensic-with-velociraptor)
Opening Acquire container with `target-shell` only shows the files and directories that are part of the container. It would be nice if `target-shell` loads the MFT as a filesystem. This...
The target is a Velociraptor collection of ARM Ubuntu 24.04.2 LTS (Noble Numbat). Executing the following command results in an error because the Netplan configuration contains duplicate keys. ```zsh target-query...
Load GCS object as target. ```zsh target-info gcs://.E01 target-info gcs://.tar target-info gcs://.zip ``` ## References * [https://cloud.google.com/python/docs/reference/storage/latest](https://cloud.google.com/python/docs/reference/storage/latest) * [https://github.com/fox-it/flow.record/pull/84](https://github.com/fox-it/flow.record/pull/84)
Extend the [McAfee plugin](https://github.com/fox-it/dissect.target/blob/2ce41232103f0b43aabf776d28a77b25108bbaee/dissect/target/plugins/apps/av/mcafee.py#L47) with a function that parses the JSON files at the path `sysvol/ProgramData/McAfee/Endpoint Security/ATP`. Please note that these JSON files also contain unnecessary data related to the...
Explore the log formats of the following webservers and if applicable add the HTTP query parameter to the `WebserverAccessLogRecord` * https://github.com/fox-it/dissect.target/blob/main/dissect/target/plugins/apps/webserver/apache.py * https://github.com/fox-it/dissect.target/blob/main/dissect/target/plugins/apps/webserver/caddy.py * https://github.com/fox-it/dissect.target/blob/main/dissect/target/plugins/apps/webserver/citrix.py * https://github.com/fox-it/dissect.target/blob/main/dissect/target/plugins/apps/webserver/nginx.py Related to https://github.com/fox-it/dissect.target/pull/1277
The following Windows Registry locations contain useful information regarding TeamViewer installations: `HKLM\Software\TeamViewer`, `HKLM\Software\WOW6432Node\TeamViewer`. In addition, TeamViewer could be reverse engineered to determine if some of the values of the Registry...
These logs are very useful to detect ToolShell exploitation events. The most useful logs use the following naming scheme: `HOSTNAME-YYYYMMDD-.log`. ``` Timestamp Process TID Area Category EventID Level Message Correlation...