├── .gitattributes ├── .gitignore ├── .idea ├── .gitignore ├── modules.xml ├── vcs.xml └── velo-timeline-creator.iml ├── LICENSE ├── README.md ├── artifact_structs ├── Custom.Windows.Eventlog.Evtx.go ├── Custom.Windows.Mft.go ├── DetectRaptor.Detections.go ├── Exchange.Custom.Windows.Nirsoft.LastActivityView.go ├── Exchange.HashRunKeys.go ├── Exchange.Windows.Applications.DefenderDHParser.go ├── Exchange.Windows.Applications.LECmd.go ├── Exchange.Windows.Applications.OfficeServerCache.go ├── Exchange.Windows.Detection.Malfind.go ├── Exchange.Windows.Detection.PipeHunter.go ├── Exchange.Windows.Detection.PrefetchHunter.go ├── Exchange.Windows.Detection.ScmanagerBackdoor.go ├── Exchange.Windows.EventLogs.Bitsadmin.go ├── Exchange.Windows.EventLogs.Chainsaw.go ├── Exchange.Windows.EventLogs.CondensedAccountUsage.go ├── Exchange.Windows.EventLogs.EvtxHussar.go ├── Exchange.Windows.EventLogs.Hayabusa.go ├── Exchange.Windows.EventLogs.LogonSessions.go ├── Exchange.Windows.EventLogs.RDPClientActivity.go ├── Exchange.Windows.Forensics.Clipboard.go ├── Exchange.Windows.Forensics.FileZilla.go ├── Exchange.Windows.Forensics.Jumplists_JLECmd.go ├── Exchange.Windows.Forensics.PersistenceSniper.go ├── Exchange.Windows.Forensics.ThumbCache.go ├── Exchange.Windows.Forensics.Trawler.go ├── Exchange.Windows.Forensics.UEFI.BootApplication.go ├── Exchange.Windows.Forensics.UEFI.go ├── Exchange.Windows.Memory.InjectedThreadEx.go ├── Exchange.Windows.NTFS.Timestomp.go ├── Exchange.Windows.Office.MRU.go ├── Exchange.Windows.Registry.BackupRestore.go ├── Exchange.Windows.Registry.COMAutoApprovalList.go ├── Exchange.Windows.Registry.CapabilityAccessManager.go ├── Exchange.Windows.Registry.Domain.go ├── Exchange.Windows.Registry.NetshHelperDLLs.go ├── Exchange.Windows.Registry.ScheduledTasks.go ├── Exchange.Windows.Sys.LoggedInUsers.go ├── Exchange.Windows.System.BinaryVersion.go ├── Exchange.Windows.System.Powershell.ISEAutoSave.go ├── Exchange.Windows.System.PrinterDriver.go ├── Exchange.Windows.System.WMIProviders.go ├── Exchange.Windows.System.WindowsErrorReporting.go ├── Exchange.Windows.Timeline.Prefetch.Improved.go ├── Generic.Applications.Chrome.SessionStorage.go ├── Generic.Applications.Office.Keywords.go ├── Generic.Client.DiskSpace.go ├── Generic.Client.DiskUsage.go ├── Generic.Client.Info.go ├── Generic.Detection.Yara.Zip.go ├── Generic.Forensic.SQLiteHunter.go ├── Generic.Forensic.Timeline.go ├── Generic.Network.InterfaceAddresses.go ├── Generic.System.ProcessSiblings.go ├── Generic.System.Pstree.go ├── Generic_Artifact_Parser.go ├── Network.ExternalIpAddress.go ├── Windows.Analysis.EvidenceOfDownload.go ├── Windows.Applications.ChocolateyPackages.go ├── Windows.Applications.Chrome.Extensions.go ├── Windows.Applications.Chromium.History.go ├── Windows.Applications.Firefox.go ├── Windows.Applications.NirsoftBrowserViewer.go ├── Windows.Applications.OfficeMacros.go ├── Windows.Carving.USN.go ├── Windows.Detection.Amcache.go ├── Windows.Detection.BinaryHunter.go ├── Windows.Detection.EnvironmentVariables.go ├── Windows.Detection.ForwardedImports.go ├── Windows.Detection.Impersonation.go ├── Windows.Detection.Mutants.go ├── Windows.EventLogs.AlternateLogon.go ├── Windows.EventLogs.Evtx.go ├── Windows.EventLogs.Modifications.go ├── Windows.EventLogs.PowerShellScriptblock.go ├── Windows.EventLogs.PowershellModule.go ├── Windows.EventLogs.RDPAuth.go ├── Windows.Forensics.Bam.go ├── Windows.Forensics.CertUtil.go ├── Windows.Forensics.Lnk.go ├── Windows.Forensics.PartitionTable.go ├── Windows.Forensics.RDPCache.go ├── Windows.Forensics.RecycleBin.go ├── Windows.Forensics.SAM.go ├── Windows.Forensics.SRUM.go ├── Windows.Forensics.Shellbags.go ├── Windows.Forensics.Timeline.go ├── Windows.Forensics.Usn.go ├── Windows.KapeFiles.Targets.go ├── Windows.Memory.ProcessInfo.go ├── Windows.NTFS.MFT.go ├── Windows.Network.ArpCache.go ├── Windows.Network.ListeningPorts.go ├── Windows.Network.Netstat.go ├── Windows.Network.NetstatEnriched.go ├── Windows.Persistence.PermanentWMIEvents.go ├── Windows.Registry.AppCompatCache.go ├── Windows.Registry.NTUser.go ├── Windows.Registry.PuttyHostKeys.go ├── Windows.Registry.RDP.go ├── Windows.Registry.RecentDocs.go ├── Windows.Registry.Sysinternals.Eulacheck.go ├── Windows.Registry.UserAssist.go ├── Windows.Registry.WDigest.go ├── Windows.Sys.AllUsers.go ├── Windows.Sys.CertificateAuthorities.go ├── Windows.Sys.DiskInfo.go ├── Windows.Sys.Drivers.go ├── Windows.Sys.FirewallRules.go ├── Windows.Sys.Interfaces.go ├── Windows.Sys.PhysicalMemoryRanges.go ├── Windows.Sys.Programs.go ├── Windows.Sys.StartupItems.go ├── Windows.Sys.Users.go ├── Windows.Sysinternals.Autoruns.go ├── Windows.System.Amcache.go ├── Windows.System.AuditPolicy.go ├── Windows.System.CatFiles.go ├── Windows.System.DLLs.go ├── Windows.System.DNSCache.go ├── Windows.System.Handles.go ├── Windows.System.HostsFile.go ├── Windows.System.LocalAdmins.go ├── Windows.System.Powershell.ModuleAnalysisCache.go ├── Windows.System.Powershell.PSReadline.go ├── Windows.System.Pslist.go ├── Windows.System.RootCAStore.go ├── Windows.System.Services.go ├── Windows.System.Shares.go ├── Windows.System.Signers.go ├── Windows.System.TaskScheduler.go ├── Windows.System.WMIQuery.go ├── Windows.Timeline.MFT.go ├── Windows.Timeline.Prefetch.go └── Windows.Timeline.Registry.RunMRU.go ├── go.mod ├── go.sum ├── helpers └── base.go ├── images ├── columnExamples.png ├── dataExamples.png ├── example1.png └── example2.png ├── main.go └── vars ├── globalVars.go └── types.go /.gitattributes: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/.gitattributes -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/.gitignore -------------------------------------------------------------------------------- /.idea/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/.idea/.gitignore -------------------------------------------------------------------------------- /.idea/modules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/.idea/modules.xml -------------------------------------------------------------------------------- /.idea/vcs.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/.idea/vcs.xml -------------------------------------------------------------------------------- /.idea/velo-timeline-creator.iml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/.idea/velo-timeline-creator.iml -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/README.md -------------------------------------------------------------------------------- /artifact_structs/Custom.Windows.Eventlog.Evtx.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Custom.Windows.Eventlog.Evtx.go -------------------------------------------------------------------------------- /artifact_structs/Custom.Windows.Mft.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Custom.Windows.Mft.go -------------------------------------------------------------------------------- /artifact_structs/DetectRaptor.Detections.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/DetectRaptor.Detections.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Custom.Windows.Nirsoft.LastActivityView.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Custom.Windows.Nirsoft.LastActivityView.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.HashRunKeys.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.HashRunKeys.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Applications.DefenderDHParser.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Applications.DefenderDHParser.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Applications.LECmd.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Applications.LECmd.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Applications.OfficeServerCache.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Applications.OfficeServerCache.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Detection.Malfind.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Detection.Malfind.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Detection.PipeHunter.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Detection.PipeHunter.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Detection.PrefetchHunter.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Detection.PrefetchHunter.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Detection.ScmanagerBackdoor.go: -------------------------------------------------------------------------------- 1 | package artifact_structs 2 | -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.EventLogs.Bitsadmin.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.EventLogs.Bitsadmin.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.EventLogs.Chainsaw.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.EventLogs.Chainsaw.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.EventLogs.CondensedAccountUsage.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.EventLogs.CondensedAccountUsage.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.EventLogs.EvtxHussar.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.EventLogs.EvtxHussar.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.EventLogs.Hayabusa.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.EventLogs.Hayabusa.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.EventLogs.LogonSessions.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.EventLogs.LogonSessions.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.EventLogs.RDPClientActivity.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.EventLogs.RDPClientActivity.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Forensics.Clipboard.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Forensics.Clipboard.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Forensics.FileZilla.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Forensics.FileZilla.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Forensics.Jumplists_JLECmd.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Forensics.Jumplists_JLECmd.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Forensics.PersistenceSniper.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Forensics.PersistenceSniper.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Forensics.ThumbCache.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Forensics.ThumbCache.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Forensics.Trawler.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Forensics.Trawler.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Forensics.UEFI.BootApplication.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Forensics.UEFI.BootApplication.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Forensics.UEFI.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Forensics.UEFI.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Memory.InjectedThreadEx.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Memory.InjectedThreadEx.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.NTFS.Timestomp.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.NTFS.Timestomp.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Office.MRU.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Office.MRU.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Registry.BackupRestore.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Registry.BackupRestore.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Registry.COMAutoApprovalList.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Registry.COMAutoApprovalList.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Registry.CapabilityAccessManager.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Registry.CapabilityAccessManager.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Registry.Domain.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Registry.Domain.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Registry.NetshHelperDLLs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Registry.NetshHelperDLLs.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Registry.ScheduledTasks.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Registry.ScheduledTasks.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Sys.LoggedInUsers.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Sys.LoggedInUsers.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.System.BinaryVersion.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.System.BinaryVersion.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.System.Powershell.ISEAutoSave.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.System.Powershell.ISEAutoSave.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.System.PrinterDriver.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.System.PrinterDriver.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.System.WMIProviders.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.System.WMIProviders.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.System.WindowsErrorReporting.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.System.WindowsErrorReporting.go -------------------------------------------------------------------------------- /artifact_structs/Exchange.Windows.Timeline.Prefetch.Improved.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Exchange.Windows.Timeline.Prefetch.Improved.go -------------------------------------------------------------------------------- /artifact_structs/Generic.Applications.Chrome.SessionStorage.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Generic.Applications.Chrome.SessionStorage.go -------------------------------------------------------------------------------- /artifact_structs/Generic.Applications.Office.Keywords.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Generic.Applications.Office.Keywords.go -------------------------------------------------------------------------------- /artifact_structs/Generic.Client.DiskSpace.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Generic.Client.DiskSpace.go -------------------------------------------------------------------------------- /artifact_structs/Generic.Client.DiskUsage.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Generic.Client.DiskUsage.go -------------------------------------------------------------------------------- /artifact_structs/Generic.Client.Info.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Generic.Client.Info.go -------------------------------------------------------------------------------- /artifact_structs/Generic.Detection.Yara.Zip.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Generic.Detection.Yara.Zip.go -------------------------------------------------------------------------------- /artifact_structs/Generic.Forensic.SQLiteHunter.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Generic.Forensic.SQLiteHunter.go -------------------------------------------------------------------------------- /artifact_structs/Generic.Forensic.Timeline.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Generic.Forensic.Timeline.go -------------------------------------------------------------------------------- /artifact_structs/Generic.Network.InterfaceAddresses.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Generic.Network.InterfaceAddresses.go -------------------------------------------------------------------------------- /artifact_structs/Generic.System.ProcessSiblings.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Generic.System.ProcessSiblings.go -------------------------------------------------------------------------------- /artifact_structs/Generic.System.Pstree.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Generic.System.Pstree.go -------------------------------------------------------------------------------- /artifact_structs/Generic_Artifact_Parser.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Generic_Artifact_Parser.go -------------------------------------------------------------------------------- /artifact_structs/Network.ExternalIpAddress.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Network.ExternalIpAddress.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Analysis.EvidenceOfDownload.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Analysis.EvidenceOfDownload.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Applications.ChocolateyPackages.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Applications.ChocolateyPackages.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Applications.Chrome.Extensions.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Applications.Chrome.Extensions.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Applications.Chromium.History.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Applications.Chromium.History.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Applications.Firefox.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Applications.Firefox.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Applications.NirsoftBrowserViewer.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Applications.NirsoftBrowserViewer.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Applications.OfficeMacros.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Applications.OfficeMacros.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Carving.USN.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Carving.USN.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Detection.Amcache.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Detection.Amcache.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Detection.BinaryHunter.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Detection.BinaryHunter.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Detection.EnvironmentVariables.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Detection.EnvironmentVariables.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Detection.ForwardedImports.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Detection.ForwardedImports.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Detection.Impersonation.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Detection.Impersonation.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Detection.Mutants.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Detection.Mutants.go -------------------------------------------------------------------------------- /artifact_structs/Windows.EventLogs.AlternateLogon.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.EventLogs.AlternateLogon.go -------------------------------------------------------------------------------- /artifact_structs/Windows.EventLogs.Evtx.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.EventLogs.Evtx.go -------------------------------------------------------------------------------- /artifact_structs/Windows.EventLogs.Modifications.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.EventLogs.Modifications.go -------------------------------------------------------------------------------- /artifact_structs/Windows.EventLogs.PowerShellScriptblock.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.EventLogs.PowerShellScriptblock.go -------------------------------------------------------------------------------- /artifact_structs/Windows.EventLogs.PowershellModule.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.EventLogs.PowershellModule.go -------------------------------------------------------------------------------- /artifact_structs/Windows.EventLogs.RDPAuth.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.EventLogs.RDPAuth.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Forensics.Bam.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Forensics.Bam.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Forensics.CertUtil.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Forensics.CertUtil.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Forensics.Lnk.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Forensics.Lnk.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Forensics.PartitionTable.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Forensics.PartitionTable.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Forensics.RDPCache.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Forensics.RDPCache.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Forensics.RecycleBin.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Forensics.RecycleBin.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Forensics.SAM.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Forensics.SAM.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Forensics.SRUM.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Forensics.SRUM.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Forensics.Shellbags.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Forensics.Shellbags.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Forensics.Timeline.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Forensics.Timeline.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Forensics.Usn.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Forensics.Usn.go -------------------------------------------------------------------------------- /artifact_structs/Windows.KapeFiles.Targets.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.KapeFiles.Targets.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Memory.ProcessInfo.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Memory.ProcessInfo.go -------------------------------------------------------------------------------- /artifact_structs/Windows.NTFS.MFT.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.NTFS.MFT.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Network.ArpCache.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Network.ArpCache.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Network.ListeningPorts.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Network.ListeningPorts.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Network.Netstat.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Network.Netstat.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Network.NetstatEnriched.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Network.NetstatEnriched.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Persistence.PermanentWMIEvents.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Persistence.PermanentWMIEvents.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Registry.AppCompatCache.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Registry.AppCompatCache.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Registry.NTUser.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Registry.NTUser.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Registry.PuttyHostKeys.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Registry.PuttyHostKeys.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Registry.RDP.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Registry.RDP.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Registry.RecentDocs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Registry.RecentDocs.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Registry.Sysinternals.Eulacheck.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Registry.Sysinternals.Eulacheck.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Registry.UserAssist.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Registry.UserAssist.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Registry.WDigest.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Registry.WDigest.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Sys.AllUsers.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Sys.AllUsers.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Sys.CertificateAuthorities.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Sys.CertificateAuthorities.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Sys.DiskInfo.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Sys.DiskInfo.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Sys.Drivers.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Sys.Drivers.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Sys.FirewallRules.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Sys.FirewallRules.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Sys.Interfaces.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Sys.Interfaces.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Sys.PhysicalMemoryRanges.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Sys.PhysicalMemoryRanges.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Sys.Programs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Sys.Programs.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Sys.StartupItems.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Sys.StartupItems.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Sys.Users.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Sys.Users.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Sysinternals.Autoruns.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Sysinternals.Autoruns.go -------------------------------------------------------------------------------- /artifact_structs/Windows.System.Amcache.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.System.Amcache.go -------------------------------------------------------------------------------- /artifact_structs/Windows.System.AuditPolicy.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.System.AuditPolicy.go -------------------------------------------------------------------------------- /artifact_structs/Windows.System.CatFiles.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.System.CatFiles.go -------------------------------------------------------------------------------- /artifact_structs/Windows.System.DLLs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.System.DLLs.go -------------------------------------------------------------------------------- /artifact_structs/Windows.System.DNSCache.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.System.DNSCache.go -------------------------------------------------------------------------------- /artifact_structs/Windows.System.Handles.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.System.Handles.go -------------------------------------------------------------------------------- /artifact_structs/Windows.System.HostsFile.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.System.HostsFile.go -------------------------------------------------------------------------------- /artifact_structs/Windows.System.LocalAdmins.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.System.LocalAdmins.go -------------------------------------------------------------------------------- /artifact_structs/Windows.System.Powershell.ModuleAnalysisCache.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.System.Powershell.ModuleAnalysisCache.go -------------------------------------------------------------------------------- /artifact_structs/Windows.System.Powershell.PSReadline.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.System.Powershell.PSReadline.go -------------------------------------------------------------------------------- /artifact_structs/Windows.System.Pslist.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.System.Pslist.go -------------------------------------------------------------------------------- /artifact_structs/Windows.System.RootCAStore.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.System.RootCAStore.go -------------------------------------------------------------------------------- /artifact_structs/Windows.System.Services.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.System.Services.go -------------------------------------------------------------------------------- /artifact_structs/Windows.System.Shares.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.System.Shares.go -------------------------------------------------------------------------------- /artifact_structs/Windows.System.Signers.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.System.Signers.go -------------------------------------------------------------------------------- /artifact_structs/Windows.System.TaskScheduler.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.System.TaskScheduler.go -------------------------------------------------------------------------------- /artifact_structs/Windows.System.WMIQuery.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.System.WMIQuery.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Timeline.MFT.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Timeline.MFT.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Timeline.Prefetch.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Timeline.Prefetch.go -------------------------------------------------------------------------------- /artifact_structs/Windows.Timeline.Registry.RunMRU.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/artifact_structs/Windows.Timeline.Registry.RunMRU.go -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/go.mod -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/go.sum -------------------------------------------------------------------------------- /helpers/base.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/helpers/base.go -------------------------------------------------------------------------------- /images/columnExamples.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/images/columnExamples.png -------------------------------------------------------------------------------- /images/dataExamples.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/images/dataExamples.png -------------------------------------------------------------------------------- /images/example1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/images/example1.png -------------------------------------------------------------------------------- /images/example2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/images/example2.png -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/main.go -------------------------------------------------------------------------------- /vars/globalVars.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/vars/globalVars.go -------------------------------------------------------------------------------- /vars/types.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joeavanzato/velociraptor-timeline-creator/HEAD/vars/types.go --------------------------------------------------------------------------------