├── .gitignore ├── Authors.md ├── FastIR.conf.sample ├── LICENSE ├── README.md ├── _analyzemft ├── __init__.py ├── bitparse.py ├── mft.py ├── mftsession.py └── mftutils.py ├── _x64 ├── CheckSignFromCat.dll ├── __init__.py ├── boost_python-vc120-gd-1_55.dll ├── libregf.dll ├── msvcp120d.dll ├── msvcr120.dll └── pyregf.pyd ├── _x86 ├── CheckSignFromCat.dll ├── __init__.py ├── boost_python-vc120-gd-1_55.dll ├── libregf.dll ├── msvcp120d.dll ├── msvcr120.dll └── pyregf.pyd ├── documentation ├── 2015-10-29-HES-SEKOIA-FastIR Collector on advanced threats-v1.1.pdf ├── FastIR-Collector-on-advanced-threats_v1.5.pdf ├── FastIR-Collector_v1.0_20160106_EN.pdf ├── FastIR-Collector_v1.0_20160106_FR.pdf └── FastIR_Documentation.pdf ├── dump ├── __init__.py ├── disk_analysis.py ├── dump.py ├── environment_settings.py ├── mbr.py ├── vbr.py ├── windows10Dump.py ├── windows2003ServerDump.py ├── windows2003ServerR2Dump.py ├── windows2008ServerDump.py ├── windows2008ServerR2Dump.py ├── windows2012ServerDump.py ├── windows2012ServerR2Dump.py ├── windows7Dump.py ├── windows8Dump.py ├── windows8_1Dump.py ├── windowsVistaDump.py ├── windowsXPDump.py └── winpmem.py ├── evt ├── __init__.py ├── logs.py ├── windows10Evt.py ├── windows2003ServerEvt.py ├── windows2003ServerR2Evt.py ├── windows2008R2ServerEvt.py ├── windows2008ServerEvt.py ├── windows2012ServerEvt.py ├── windows2012ServerR2Evt.py ├── windows7Evt.py ├── windows8Evt.py ├── windows8_1Evt.py ├── windowsVistaEvt.py └── windowsXPEvt.py ├── factory ├── __init__.py └── factory.py ├── filecatcher ├── __init__.py ├── archives.py ├── fileCatcher.py ├── listfiles.py ├── modules │ ├── PE.py │ ├── __init__.py │ ├── base_modules.py │ └── intel.py ├── windows10Files.py ├── windows2003ServerFiles.py ├── windows2003ServerR2Files.py ├── windows2008ServerFiles.py ├── windows2008ServerR2Files.py ├── windows2012ServerFiles.py ├── windows2012ServerR2Files.py ├── windows7Files.py ├── windows8Files.py ├── windows8_1Files.py ├── windowsVistaFiles.py └── windowsXPFiles.py ├── fs ├── __init__.py ├── fs.py ├── windows10Files.py ├── windows2003ServerFiles.py ├── windows2003ServerR2Files.py ├── windows2008ServerFiles.py ├── windows2008ServerR2Files.py ├── windows2012ServerFiles.py ├── windows2012ServerR2Files.py ├── windows7Files.py ├── windows8Files.py ├── windows8_1Files.py ├── windowsVistaFiles.py └── windowsXPFiles.py ├── health ├── __init__.py ├── statemachine.py ├── windows10StateMachine.py ├── windows2003ServerR2StateMachine.py ├── windows2003ServerStateMachine.py ├── windows2008ServerR2StateMachine.py ├── windows2008ServerStateMachine.py ├── windows2012ServerR2StateMachine.py ├── windows2012ServerStateMachine.py ├── windows7StateMachine.py ├── windows8StateMachine.py ├── windows8_1StateMachine.py ├── windowsVistaStateMachine.py └── windowsXPStateMachine.py ├── hooks ├── hook-cachedns.py ├── hook-distorm3.py └── hook-dump.py ├── main.py ├── memory ├── __init__.py ├── mem.py ├── windows10Memory.py ├── windows2003ServerMemory.py ├── windows2003ServerR2Memory.py ├── windows2008ServerMemory.py ├── windows2008ServerR2Memory.py ├── windows2012Memory.py ├── windows2012ServerMemory.py ├── windows2012ServerR2Memory.py ├── windows7Memory.py ├── windows8Memory.py ├── windows8_1Memory.py ├── windowsVistaMemory.py └── windowsXPMemory.py ├── msvcr100.dll ├── pyinstaller.spec ├── registry ├── __init__.py ├── reg.py ├── registry_obj.py ├── windows10Users.py ├── windows2003ServerR2Users.py ├── windows2003ServerUsers.py ├── windows2008ServerR2Users.py ├── windows2008ServerUsers.py ├── windows2012ServerR2Users.py ├── windows2012ServerUsers.py ├── windows7Users.py ├── windows8Users.py ├── windows8_1Users.py ├── windowsVistaUsers.py └── windowsXPUsers.py ├── reqs.pip ├── sekoia.ico ├── settings.py ├── settings_rawstring.py ├── utils ├── __init__.py ├── utils.py ├── utils_rawstring.py └── vss.py ├── winpmem_x64.sys └── winpmem_x86.sys /.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | *.conf 3 | build/pyinstaller/* 4 | .idea/* 5 | -------------------------------------------------------------------------------- /Authors.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/Authors.md -------------------------------------------------------------------------------- /FastIR.conf.sample: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/FastIR.conf.sample -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/README.md -------------------------------------------------------------------------------- /_analyzemft/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/_analyzemft/__init__.py -------------------------------------------------------------------------------- /_analyzemft/bitparse.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/_analyzemft/bitparse.py -------------------------------------------------------------------------------- /_analyzemft/mft.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/_analyzemft/mft.py -------------------------------------------------------------------------------- /_analyzemft/mftsession.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/_analyzemft/mftsession.py -------------------------------------------------------------------------------- /_analyzemft/mftutils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/_analyzemft/mftutils.py -------------------------------------------------------------------------------- /_x64/CheckSignFromCat.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/_x64/CheckSignFromCat.dll -------------------------------------------------------------------------------- /_x64/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /_x64/boost_python-vc120-gd-1_55.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/_x64/boost_python-vc120-gd-1_55.dll -------------------------------------------------------------------------------- /_x64/libregf.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/_x64/libregf.dll -------------------------------------------------------------------------------- /_x64/msvcp120d.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/_x64/msvcp120d.dll -------------------------------------------------------------------------------- /_x64/msvcr120.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/_x64/msvcr120.dll -------------------------------------------------------------------------------- /_x64/pyregf.pyd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/_x64/pyregf.pyd -------------------------------------------------------------------------------- /_x86/CheckSignFromCat.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/_x86/CheckSignFromCat.dll -------------------------------------------------------------------------------- /_x86/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /_x86/boost_python-vc120-gd-1_55.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/_x86/boost_python-vc120-gd-1_55.dll -------------------------------------------------------------------------------- /_x86/libregf.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/_x86/libregf.dll -------------------------------------------------------------------------------- /_x86/msvcp120d.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/_x86/msvcp120d.dll -------------------------------------------------------------------------------- /_x86/msvcr120.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/_x86/msvcr120.dll -------------------------------------------------------------------------------- /_x86/pyregf.pyd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/_x86/pyregf.pyd -------------------------------------------------------------------------------- /documentation/2015-10-29-HES-SEKOIA-FastIR Collector on advanced threats-v1.1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/documentation/2015-10-29-HES-SEKOIA-FastIR Collector on advanced threats-v1.1.pdf -------------------------------------------------------------------------------- /documentation/FastIR-Collector-on-advanced-threats_v1.5.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/documentation/FastIR-Collector-on-advanced-threats_v1.5.pdf -------------------------------------------------------------------------------- /documentation/FastIR-Collector_v1.0_20160106_EN.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/documentation/FastIR-Collector_v1.0_20160106_EN.pdf -------------------------------------------------------------------------------- /documentation/FastIR-Collector_v1.0_20160106_FR.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/documentation/FastIR-Collector_v1.0_20160106_FR.pdf -------------------------------------------------------------------------------- /documentation/FastIR_Documentation.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/documentation/FastIR_Documentation.pdf -------------------------------------------------------------------------------- /dump/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /dump/disk_analysis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/dump/disk_analysis.py -------------------------------------------------------------------------------- /dump/dump.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/dump/dump.py -------------------------------------------------------------------------------- /dump/environment_settings.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/dump/environment_settings.py -------------------------------------------------------------------------------- /dump/mbr.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/dump/mbr.py -------------------------------------------------------------------------------- /dump/vbr.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/dump/vbr.py -------------------------------------------------------------------------------- /dump/windows10Dump.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/dump/windows10Dump.py -------------------------------------------------------------------------------- /dump/windows2003ServerDump.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/dump/windows2003ServerDump.py -------------------------------------------------------------------------------- /dump/windows2003ServerR2Dump.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/dump/windows2003ServerR2Dump.py -------------------------------------------------------------------------------- /dump/windows2008ServerDump.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/dump/windows2008ServerDump.py -------------------------------------------------------------------------------- /dump/windows2008ServerR2Dump.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/dump/windows2008ServerR2Dump.py -------------------------------------------------------------------------------- /dump/windows2012ServerDump.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/dump/windows2012ServerDump.py -------------------------------------------------------------------------------- /dump/windows2012ServerR2Dump.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/dump/windows2012ServerR2Dump.py -------------------------------------------------------------------------------- /dump/windows7Dump.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/dump/windows7Dump.py -------------------------------------------------------------------------------- /dump/windows8Dump.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/dump/windows8Dump.py -------------------------------------------------------------------------------- /dump/windows8_1Dump.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/dump/windows8_1Dump.py -------------------------------------------------------------------------------- /dump/windowsVistaDump.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/dump/windowsVistaDump.py -------------------------------------------------------------------------------- /dump/windowsXPDump.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/dump/windowsXPDump.py -------------------------------------------------------------------------------- /dump/winpmem.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/dump/winpmem.py -------------------------------------------------------------------------------- /evt/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /evt/logs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/evt/logs.py -------------------------------------------------------------------------------- /evt/windows10Evt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/evt/windows10Evt.py -------------------------------------------------------------------------------- /evt/windows2003ServerEvt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/evt/windows2003ServerEvt.py -------------------------------------------------------------------------------- /evt/windows2003ServerR2Evt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/evt/windows2003ServerR2Evt.py -------------------------------------------------------------------------------- /evt/windows2008R2ServerEvt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/evt/windows2008R2ServerEvt.py -------------------------------------------------------------------------------- /evt/windows2008ServerEvt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/evt/windows2008ServerEvt.py -------------------------------------------------------------------------------- /evt/windows2012ServerEvt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/evt/windows2012ServerEvt.py -------------------------------------------------------------------------------- /evt/windows2012ServerR2Evt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/evt/windows2012ServerR2Evt.py -------------------------------------------------------------------------------- /evt/windows7Evt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/evt/windows7Evt.py -------------------------------------------------------------------------------- /evt/windows8Evt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/evt/windows8Evt.py -------------------------------------------------------------------------------- /evt/windows8_1Evt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/evt/windows8_1Evt.py -------------------------------------------------------------------------------- /evt/windowsVistaEvt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/evt/windowsVistaEvt.py -------------------------------------------------------------------------------- /evt/windowsXPEvt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/evt/windowsXPEvt.py -------------------------------------------------------------------------------- /factory/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /factory/factory.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/factory/factory.py -------------------------------------------------------------------------------- /filecatcher/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/filecatcher/__init__.py -------------------------------------------------------------------------------- /filecatcher/archives.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/filecatcher/archives.py -------------------------------------------------------------------------------- /filecatcher/fileCatcher.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/filecatcher/fileCatcher.py -------------------------------------------------------------------------------- /filecatcher/listfiles.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/filecatcher/listfiles.py -------------------------------------------------------------------------------- /filecatcher/modules/PE.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/filecatcher/modules/PE.py -------------------------------------------------------------------------------- /filecatcher/modules/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /filecatcher/modules/base_modules.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/filecatcher/modules/base_modules.py -------------------------------------------------------------------------------- /filecatcher/modules/intel.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/filecatcher/modules/intel.py -------------------------------------------------------------------------------- /filecatcher/windows10Files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/filecatcher/windows10Files.py -------------------------------------------------------------------------------- /filecatcher/windows2003ServerFiles.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/filecatcher/windows2003ServerFiles.py -------------------------------------------------------------------------------- /filecatcher/windows2003ServerR2Files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/filecatcher/windows2003ServerR2Files.py -------------------------------------------------------------------------------- /filecatcher/windows2008ServerFiles.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/filecatcher/windows2008ServerFiles.py -------------------------------------------------------------------------------- /filecatcher/windows2008ServerR2Files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/filecatcher/windows2008ServerR2Files.py -------------------------------------------------------------------------------- /filecatcher/windows2012ServerFiles.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/filecatcher/windows2012ServerFiles.py -------------------------------------------------------------------------------- /filecatcher/windows2012ServerR2Files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/filecatcher/windows2012ServerR2Files.py -------------------------------------------------------------------------------- /filecatcher/windows7Files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/filecatcher/windows7Files.py -------------------------------------------------------------------------------- /filecatcher/windows8Files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/filecatcher/windows8Files.py -------------------------------------------------------------------------------- /filecatcher/windows8_1Files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/filecatcher/windows8_1Files.py -------------------------------------------------------------------------------- /filecatcher/windowsVistaFiles.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/filecatcher/windowsVistaFiles.py -------------------------------------------------------------------------------- /filecatcher/windowsXPFiles.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/filecatcher/windowsXPFiles.py -------------------------------------------------------------------------------- /fs/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /fs/fs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/fs/fs.py -------------------------------------------------------------------------------- /fs/windows10Files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/fs/windows10Files.py -------------------------------------------------------------------------------- /fs/windows2003ServerFiles.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/fs/windows2003ServerFiles.py -------------------------------------------------------------------------------- /fs/windows2003ServerR2Files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/fs/windows2003ServerR2Files.py -------------------------------------------------------------------------------- /fs/windows2008ServerFiles.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/fs/windows2008ServerFiles.py -------------------------------------------------------------------------------- /fs/windows2008ServerR2Files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/fs/windows2008ServerR2Files.py -------------------------------------------------------------------------------- /fs/windows2012ServerFiles.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/fs/windows2012ServerFiles.py -------------------------------------------------------------------------------- /fs/windows2012ServerR2Files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/fs/windows2012ServerR2Files.py -------------------------------------------------------------------------------- /fs/windows7Files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/fs/windows7Files.py -------------------------------------------------------------------------------- /fs/windows8Files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/fs/windows8Files.py -------------------------------------------------------------------------------- /fs/windows8_1Files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/fs/windows8_1Files.py -------------------------------------------------------------------------------- /fs/windowsVistaFiles.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/fs/windowsVistaFiles.py -------------------------------------------------------------------------------- /fs/windowsXPFiles.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/fs/windowsXPFiles.py -------------------------------------------------------------------------------- /health/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /health/statemachine.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/health/statemachine.py -------------------------------------------------------------------------------- /health/windows10StateMachine.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/health/windows10StateMachine.py -------------------------------------------------------------------------------- /health/windows2003ServerR2StateMachine.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/health/windows2003ServerR2StateMachine.py -------------------------------------------------------------------------------- /health/windows2003ServerStateMachine.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/health/windows2003ServerStateMachine.py -------------------------------------------------------------------------------- /health/windows2008ServerR2StateMachine.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/health/windows2008ServerR2StateMachine.py -------------------------------------------------------------------------------- /health/windows2008ServerStateMachine.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/health/windows2008ServerStateMachine.py -------------------------------------------------------------------------------- /health/windows2012ServerR2StateMachine.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/health/windows2012ServerR2StateMachine.py -------------------------------------------------------------------------------- /health/windows2012ServerStateMachine.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/health/windows2012ServerStateMachine.py -------------------------------------------------------------------------------- /health/windows7StateMachine.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/health/windows7StateMachine.py -------------------------------------------------------------------------------- /health/windows8StateMachine.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/health/windows8StateMachine.py -------------------------------------------------------------------------------- /health/windows8_1StateMachine.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/health/windows8_1StateMachine.py -------------------------------------------------------------------------------- /health/windowsVistaStateMachine.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/health/windowsVistaStateMachine.py -------------------------------------------------------------------------------- /health/windowsXPStateMachine.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/health/windowsXPStateMachine.py -------------------------------------------------------------------------------- /hooks/hook-cachedns.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/hooks/hook-cachedns.py -------------------------------------------------------------------------------- /hooks/hook-distorm3.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/hooks/hook-distorm3.py -------------------------------------------------------------------------------- /hooks/hook-dump.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/hooks/hook-dump.py -------------------------------------------------------------------------------- /main.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/main.py -------------------------------------------------------------------------------- /memory/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /memory/mem.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/memory/mem.py -------------------------------------------------------------------------------- /memory/windows10Memory.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/memory/windows10Memory.py -------------------------------------------------------------------------------- /memory/windows2003ServerMemory.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/memory/windows2003ServerMemory.py -------------------------------------------------------------------------------- /memory/windows2003ServerR2Memory.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/memory/windows2003ServerR2Memory.py -------------------------------------------------------------------------------- /memory/windows2008ServerMemory.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/memory/windows2008ServerMemory.py -------------------------------------------------------------------------------- /memory/windows2008ServerR2Memory.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/memory/windows2008ServerR2Memory.py -------------------------------------------------------------------------------- /memory/windows2012Memory.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/memory/windows2012Memory.py -------------------------------------------------------------------------------- /memory/windows2012ServerMemory.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/memory/windows2012ServerMemory.py -------------------------------------------------------------------------------- /memory/windows2012ServerR2Memory.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/memory/windows2012ServerR2Memory.py -------------------------------------------------------------------------------- /memory/windows7Memory.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/memory/windows7Memory.py -------------------------------------------------------------------------------- /memory/windows8Memory.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/memory/windows8Memory.py -------------------------------------------------------------------------------- /memory/windows8_1Memory.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/memory/windows8_1Memory.py -------------------------------------------------------------------------------- /memory/windowsVistaMemory.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/memory/windowsVistaMemory.py -------------------------------------------------------------------------------- /memory/windowsXPMemory.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/memory/windowsXPMemory.py -------------------------------------------------------------------------------- /msvcr100.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/msvcr100.dll -------------------------------------------------------------------------------- /pyinstaller.spec: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/pyinstaller.spec -------------------------------------------------------------------------------- /registry/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /registry/reg.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/registry/reg.py -------------------------------------------------------------------------------- /registry/registry_obj.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/registry/registry_obj.py -------------------------------------------------------------------------------- /registry/windows10Users.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/registry/windows10Users.py -------------------------------------------------------------------------------- /registry/windows2003ServerR2Users.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/registry/windows2003ServerR2Users.py -------------------------------------------------------------------------------- /registry/windows2003ServerUsers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/registry/windows2003ServerUsers.py -------------------------------------------------------------------------------- /registry/windows2008ServerR2Users.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/registry/windows2008ServerR2Users.py -------------------------------------------------------------------------------- /registry/windows2008ServerUsers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/registry/windows2008ServerUsers.py -------------------------------------------------------------------------------- /registry/windows2012ServerR2Users.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/registry/windows2012ServerR2Users.py -------------------------------------------------------------------------------- /registry/windows2012ServerUsers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/registry/windows2012ServerUsers.py -------------------------------------------------------------------------------- /registry/windows7Users.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/registry/windows7Users.py -------------------------------------------------------------------------------- /registry/windows8Users.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/registry/windows8Users.py -------------------------------------------------------------------------------- /registry/windows8_1Users.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/registry/windows8_1Users.py -------------------------------------------------------------------------------- /registry/windowsVistaUsers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/registry/windowsVistaUsers.py -------------------------------------------------------------------------------- /registry/windowsXPUsers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/registry/windowsXPUsers.py -------------------------------------------------------------------------------- /reqs.pip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/reqs.pip -------------------------------------------------------------------------------- /sekoia.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/sekoia.ico -------------------------------------------------------------------------------- /settings.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/settings.py -------------------------------------------------------------------------------- /settings_rawstring.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/settings_rawstring.py -------------------------------------------------------------------------------- /utils/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /utils/utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/utils/utils.py -------------------------------------------------------------------------------- /utils/utils_rawstring.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/utils/utils_rawstring.py -------------------------------------------------------------------------------- /utils/vss.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/utils/vss.py -------------------------------------------------------------------------------- /winpmem_x64.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/winpmem_x64.sys -------------------------------------------------------------------------------- /winpmem_x86.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SekoiaLab/Fastir_Collector/HEAD/winpmem_x86.sys --------------------------------------------------------------------------------