package collector
import "github.com/forensicanalysis/artifactcollector/collector"
Package collector provides functions to collect forensicartifacts into a forensicstore.
Index ¶
- func WMIQuery(_ string) (wmiResult []map[string]interface{}, err error)
- type Collector
- func NewCollector(store Store, tempDir string, definitions []artifacts.ArtifactDefinition) (*Collector, error)
- func (c *Collector) Collect(name string, source artifacts.Source)
- func (c *Collector) FS() fs.FS
- func (c *Collector) Prefixes() []string
- func (c *Collector) Registry() fs.FS
- func (c *Collector) Resolve(parameter string) ([]string, error)
- type Configuration
- type Directory
- type File
- type Process
- type RegistryKey
- type RegistryValue
- type Resetter
- type Store
Functions ¶
func WMIQuery ¶
WMIQuery is a dummy function for non windows systems.
Types ¶
type Collector ¶
type Collector struct {
SourceFS fs.FS
Store Store
TempDir string
// contains filtered or unexported fields
}
The Collector can resolve and collect artifact on live systems.
func NewCollector ¶
func NewCollector(store Store, tempDir string, definitions []artifacts.ArtifactDefinition) (*Collector, error)
NewCollector creates a new Collector that collects the given ArtifactDefinitions.
func (*Collector) Collect ¶
Collect dispatches specific collection functions for different sources.
func (*Collector) FS ¶
FS returns the used FileSystem.
func (*Collector) Prefixes ¶
Prefixes returns the prefixes of the source filesystem.
func (*Collector) Registry ¶
Registry returns the used Registry.
func (*Collector) Resolve ¶
Resolve returns a list of values that can be used for the placeholder parameter.
type Configuration ¶
type Configuration struct {
Artifacts []string `yaml:"artifacts"`
User bool `yaml:"user"`
Case string `yaml:"case"`
OutputDir string `yaml:"output_dir"`
}
Configuration defines the parameters of an artifactcollector.
type Directory ¶
type Directory struct {
ID string `json:"id"`
Artifact string `json:"artifact,omitempty"`
Type string `json:"type"`
Path string `json:"path"`
Ctime string `json:"ctime,omitempty"`
Mtime string `json:"mtime,omitempty"`
Atime string `json:"atime,omitempty"`
Errors []interface{} `json:"errors,omitempty"`
}
Directory implements a STIX 2.1 Directory Object.
func NewDirectory ¶
func NewDirectory() *Directory
NewDirectory creates a new STIX 2.1 Directory Object.
func (*Directory) AddError ¶
AddError adds an error string to a Directory and returns this Directory.
type File ¶
type File struct {
ID string `json:"id"`
Artifact string `json:"artifact,omitempty"`
Type string `json:"type"`
Hashes map[string]interface{} `json:"hashes,omitempty"`
Size float64 `json:"size,omitempty"`
Name string `json:"name"`
Ctime string `json:"ctime,omitempty"`
Mtime string `json:"mtime,omitempty"`
Atime string `json:"atime,omitempty"`
Origin map[string]interface{} `json:"origin,omitempty"`
ExportPath string `json:"export_path,omitempty"`
Errors []interface{} `json:"errors,omitempty"`
Attributes map[string]interface{} `json:"attributes,omitempty"`
}
File implements a STIX 2.1 File Object.
func NewFile ¶
func NewFile() *File
NewFile creates a new STIX 2.1 File Object.
func (*File) AddError ¶
AddError adds an error string to a File and returns this File.
type Process ¶
type Process struct {
ID string `json:"id"`
Artifact string `json:"artifact,omitempty"`
Type string `json:"type"`
Name string `json:"name,omitempty"`
CreatedTime string `json:"created_time,omitempty"`
Cwd string `json:"cwd,omitempty"`
CommandLine string `json:"command_line,omitempty"`
StdoutPath string `json:"stdout_path,omitempty"`
StderrPath string `json:"stderr_path,omitempty"`
WMI []interface{} `json:"wmi,omitempty"`
ReturnCode float64 `json:"return_code,omitempty"`
Errors []interface{} `json:"errors,omitempty"`
}
Process implements a STIX 2.1 Process Object.
func NewProcess ¶
func NewProcess() *Process
NewProcess creates a new STIX 2.1 Process Object.
func (*Process) AddError ¶
AddError adds an error string to a Process and returns this Process.
type RegistryKey ¶
type RegistryKey struct {
ID string `json:"id"`
Artifact string `json:"artifact,omitempty"`
Type string `json:"type"`
Key string `json:"key"`
Values []RegistryValue `json:"values,omitempty"`
ModifiedTime string `json:"modified_time,omitempty"`
Errors []interface{} `json:"errors,omitempty"`
}
RegistryKey implements a STIX 2.1 Windows™ Registry Key Object.
func NewRegistryKey ¶
func NewRegistryKey() *RegistryKey
NewRegistryKey creates a new STIX 2.1 Windows™ Registry Key Object.
func (*RegistryKey) AddError ¶
func (i *RegistryKey) AddError(err string) *RegistryKey
AddError adds an error string to a RegistryKey and returns this RegistryKey.
type RegistryValue ¶
type RegistryValue struct {
Name string `json:"name"`
Data string `json:"data,omitempty"`
DataType string `json:"data_type,omitempty"`
Errors []interface{} `json:"errors,omitempty"`
}
RegistryValue implements a STIX 2.1 Windows™ Registry Value Type.
func NewRegistryValue ¶
func NewRegistryValue() *RegistryValue
NewRegistryValue creates a new STIX 2.1 Windows™ Registry Value Type.
func (*RegistryValue) AddError ¶
func (i *RegistryValue) AddError(err string) *RegistryValue
AddError adds an error string to a RegistryValue and returns this RegistryValue.
type Resetter ¶
type Resetter interface {
Reset()
}
type Store ¶
type Store interface {
InsertStruct(artifact, id string, data interface{}) error
StoreFile(filePath string) (storePath string, file io.Writer, err error)
LoadFile(filePath string) (file io.Reader, err error)
}
Source Files ¶
collector.go configuration.go file.go process.go registrydummy_unix.go resolve.go types.go wmi.go wmi_unix.go
- Version
- v0.17.1 (latest)
- Published
- Oct 19, 2024
- Platform
- linux/amd64
- Imports
- 23 packages
- Last checked
- 2 days ago –
Tools for package owners.