├── .github └── workflows │ ├── docs-publish.yaml │ ├── docs.yaml │ ├── install.yml │ ├── mypy.yml │ ├── pylint.yml │ ├── pytype.yml │ └── unittests.yml ├── .gitignore ├── .isort.cfg ├── .pylintrc ├── .vscode └── settings.json ├── ACKNOWLEDGEMENTS ├── AUTHORS ├── LICENSE ├── README.md ├── config └── e2e │ ├── e2e_grr_artifact_hosts.sh │ └── jenkins_dftimewolf_install.sh ├── data ├── TelemetryTable.ddl ├── config.json └── recipes │ ├── aws_disk_to_gcp.json │ ├── aws_forensics.json │ ├── aws_logging_collect.json │ ├── aws_logging_ts.json │ ├── aws_turbinia_ts.json │ ├── azure_forensics.json │ ├── azure_logging_collect.json │ ├── azure_logging_ts.json │ ├── bigquery_collect.json │ ├── bigquery_ts.json │ ├── gce_disk_copy.json │ ├── gce_disk_export.json │ ├── gcp_cloud_resource_tree.json │ ├── gcp_cloud_resource_tree_offline.json │ ├── gcp_disk_export_dd.json │ ├── gcp_forensics.json │ ├── gcp_logging_cloudaudit_ts.json │ ├── gcp_logging_cloudsql_ts.json │ ├── gcp_logging_collect.json │ ├── gcp_logging_gce_instance_ts.json │ ├── gcp_logging_gce_ts.json │ ├── gcp_logging_ts.json │ ├── gcp_turbinia_disk_copy_ts.json │ ├── gcp_turbinia_ts.json │ ├── grr_artifact_grep.json │ ├── grr_artifact_ts.json │ ├── grr_files_collect.json │ ├── grr_flow_collect.json │ ├── grr_hunt_artifacts.json │ ├── grr_hunt_file.json │ ├── grr_hunt_osquery.json │ ├── grr_huntresults_ts.json │ ├── grr_osquery_flow.json │ ├── grr_timeline_ts.json │ ├── grr_yarascan.json │ ├── gsheets_ts.json │ ├── openrelik_ts.json │ ├── plaso_ts.json │ ├── recipe-list.md │ ├── ts_collect.json │ ├── upload_ts.json │ ├── upload_turbinia.json │ ├── upload_web_ts.json │ ├── vt_evtx.json │ ├── vt_evtx_ts.json │ ├── vt_pcap.json │ ├── workspace_collect.json │ ├── workspace_meet_ts.json │ ├── workspace_user_activity_ts.json │ ├── workspace_user_device_ts.json │ ├── workspace_user_drive_ts.json │ └── workspace_user_login_ts.json ├── dftimewolf ├── __init__.py ├── cli │ ├── __init__.py │ ├── curses_display_manager.py │ └── dftimewolf_recipes.py ├── config.py └── lib │ ├── __init__.py │ ├── args_validator.py │ ├── collectors │ ├── __init__.py │ ├── audit_log_pb2.py │ ├── aws.py │ ├── aws_logging.py │ ├── aws_snapshot_s3_copy.py │ ├── aws_volume_snapshot.py │ ├── azure.py │ ├── azure_logging.py │ ├── bigquery.py │ ├── filesystem.py │ ├── gce_disk_copy.py │ ├── gcp_logging.py │ ├── grr_base.py │ ├── grr_hosts.py │ ├── grr_hunt.py │ ├── gsheets.py │ ├── osquery.py │ ├── timesketch.py │ ├── virustotal.py │ ├── workspace_audit.py │ └── yara.py │ ├── containers │ ├── __init__.py │ ├── containers.py │ ├── interface.py │ └── manager.py │ ├── enhancers │ └── __init__.py │ ├── errors.py │ ├── exporters │ ├── __init__.py │ ├── df_to_filesystem.py │ ├── gce_disk_export.py │ ├── gce_disk_export_base.py │ ├── gce_disk_export_dd.py │ ├── gce_disk_from_image.py │ ├── gce_image_from_disk.py │ ├── gcs_to_gce_image.py │ ├── local_filesystem.py │ ├── s3_to_gcs.py │ ├── scp_ex.py │ └── timesketch.py │ ├── logging_utils.py │ ├── module.py │ ├── modules │ ├── __init__.py │ └── manager.py │ ├── preflights │ ├── __init__.py │ ├── cloud_token.py │ └── ssh_multiplexer.py │ ├── processors │ ├── __init__.py │ ├── gce_forensics_vm.py │ ├── gcp_cloud_resource_tree.py │ ├── gcp_cloud_resource_tree_helper.py │ ├── gcp_logging_timesketch.py │ ├── grepper.py │ ├── llm_base.py │ ├── llmproviders │ │ ├── __init__.py │ │ ├── gemini.py │ │ ├── interface.py │ │ ├── manager.py │ │ ├── ollama.py │ │ └── vertex_ai.py │ ├── localplaso.py │ ├── openrelik.py │ ├── turbinia_artifact.py │ ├── turbinia_base.py │ ├── turbinia_gcp.py │ ├── workspace_audit_timesketch.py │ └── workspace_format_strings.json │ ├── recipes │ ├── __init__.py │ └── manager.py │ ├── resources.py │ ├── state.py │ ├── telemetry.py │ ├── timesketch_utils.py │ ├── utils.py │ └── validators │ ├── __init__.py │ ├── aws_region.py │ ├── azure_region.py │ ├── datetime_validator.py │ ├── gcp_zone.py │ ├── grr_host.py │ ├── hostname.py │ ├── integer.py │ ├── manager.py │ ├── regex.py │ ├── subnet.py │ └── url.py ├── docker ├── dev │ ├── Dockerfile │ ├── README.md │ ├── docker-compose.yaml │ └── docker-entrypoint.sh ├── dftimewolf-release │ └── README.md └── release │ ├── Dockerfile │ ├── docker-compose.yaml │ └── docker-entrypoint.sh ├── docs ├── _static │ ├── graphviz │ │ ├── aws_disk_to_gcp.png │ │ ├── aws_forensics.png │ │ ├── aws_logging_collect.png │ │ ├── aws_logging_ts.png │ │ ├── aws_turbinia_ts.png │ │ ├── azure_forensics.png │ │ ├── azure_logging_collect.png │ │ ├── azure_logging_ts.png │ │ ├── bigquery_collect.png │ │ ├── bigquery_ts.png │ │ ├── gce_disk_copy.png │ │ ├── gce_disk_export.png │ │ ├── gce_disk_export_dd.png │ │ ├── gcp_cloud_resource_tree.png │ │ ├── gcp_cloud_resource_tree_offline.png │ │ ├── gcp_forensics.png │ │ ├── gcp_logging_cloudaudit_ts.png │ │ ├── gcp_logging_cloudsql_ts.png │ │ ├── gcp_logging_collect.png │ │ ├── gcp_logging_gce_instance_ts.png │ │ ├── gcp_logging_gce_ts.png │ │ ├── gcp_turbinia_disk_copy_ts.png │ │ ├── gcp_turbinia_ts.png │ │ ├── gcp_turbinia_ts_threaded.png │ │ ├── grr_artifact_grep.png │ │ ├── grr_artifact_ts.png │ │ ├── grr_files_collect.png │ │ ├── grr_flow_collect.png │ │ ├── grr_hunt_artifacts.png │ │ ├── grr_hunt_file.png │ │ ├── grr_hunt_osquery.png │ │ ├── grr_huntresults_ts.png │ │ ├── grr_osquery_flow.png │ │ ├── grr_timeline_ts.png │ │ ├── grr_yarascan.png │ │ ├── gsheets_ts.png │ │ ├── plaso_ts.png │ │ ├── upload_ts.png │ │ ├── upload_turbinia.png │ │ ├── upload_web_ts.png │ │ ├── vt_evtx.png │ │ ├── vt_evtx_ts.png │ │ ├── vt_pcap.png │ │ ├── workspace_logging_collect.png │ │ ├── workspace_meet_ts.png │ │ ├── workspace_user_activity_ts.png │ │ ├── workspace_user_drive_ts.png │ │ └── workspace_user_login_ts.png │ └── logo.png ├── architecture.md ├── developers-guide.md ├── generate_recipe_doc.py ├── getting-started.md ├── index.md ├── module-writing-basics.md ├── recipe-caveat.md ├── recipe-list.md └── user-manual.md ├── mkdocs.yml ├── mypy.ini ├── poetry.lock ├── pyproject.toml ├── pytype.conf ├── tests ├── __init__.py ├── cli │ ├── __init__.py │ ├── curses_display_manager.py │ ├── main_tool.py │ └── recipes.py ├── e2e │ ├── aws_disk_forensics.py │ └── gcp_disk_forensics.py ├── lib │ ├── __init__.py │ ├── args_validator.py │ ├── collectors │ │ ├── __init__.py │ │ ├── aws.py │ │ ├── aws_logging.py │ │ ├── aws_snapshot_s3_copy.py │ │ ├── aws_volume_snapshot.py │ │ ├── azure.py │ │ ├── azure_logging.py │ │ ├── bigquery.py │ │ ├── filesystem.py │ │ ├── gce_disk_copy.py │ │ ├── grr_base.py │ │ ├── grr_hosts.py │ │ ├── grr_hunt.py │ │ ├── gsheets.py │ │ ├── osquery.py │ │ ├── stackdriver.py │ │ ├── test_data │ │ │ ├── __init__.py │ │ │ ├── grepper_test_dir │ │ │ │ ├── 1test.pdf │ │ │ │ ├── grepper_test.txt │ │ │ │ └── grepper_test2.txt │ │ │ ├── hunt.zip │ │ │ └── mock_grr_hosts.py │ │ ├── timesketch.py │ │ ├── virustotal.py │ │ ├── workspace_audit.py │ │ └── yara.py │ ├── containers │ │ ├── __init__.py │ │ ├── containers.py │ │ ├── interface.py │ │ └── manager.py │ ├── exporters │ │ ├── __init__.py │ │ ├── df_to_filesystem.py │ │ ├── gce_disk_export.py │ │ ├── gce_disk_export_dd.py │ │ ├── gce_disk_from_image.py │ │ ├── gce_image_from_disk.py │ │ ├── gcs_to_gce_image.py │ │ ├── local_filesystem.py │ │ ├── s3_to_gcs.py │ │ ├── scp_ex.py │ │ └── timesketch.py │ ├── modules │ │ ├── __init__.py │ │ └── manager.py │ ├── modules_test_base.py │ ├── preflights │ │ ├── __init__.py │ │ └── ssh_multiplexer.py │ ├── processors │ │ ├── __init__.py │ │ ├── gce_forensics_vm.py │ │ ├── gcp_cloud_resource_tree.py │ │ ├── gcp_logging_timesketch.py │ │ ├── grepper.py │ │ ├── llm_base.py │ │ ├── llmproviders │ │ │ ├── __init__.py │ │ │ ├── gemini.py │ │ │ ├── manager.py │ │ │ ├── ollama.py │ │ │ └── vertex_ai.py │ │ ├── localplaso.py │ │ ├── openrelik.py │ │ ├── test_data │ │ │ ├── c4e9abd577db475484b2ded34a011b96.tgz │ │ │ ├── compute_api_disk_images_response.jsonl │ │ │ ├── compute_api_disks_response.jsonl │ │ │ ├── compute_api_instance_templates_response.jsonl │ │ │ ├── compute_api_instances_response.jsonl │ │ │ ├── compute_api_machine_images_response.jsonl │ │ │ ├── compute_api_snapshots_response.jsonl │ │ │ ├── empty_file.jsonl │ │ │ ├── gcp-project-logs.jsonl │ │ │ ├── resources_dict_dump.jsonl │ │ │ ├── turbinia.conf │ │ │ └── turbinia_request_status.json │ │ ├── turbinia_base.py │ │ └── workspace_audit_timesketch.py │ ├── recipes │ │ ├── __init__.py │ │ └── manager.py │ ├── resources.py │ ├── state.py │ ├── telemetry.py │ ├── timesketch_utils.py │ ├── utils.py │ └── validators │ │ ├── __init__.py │ │ ├── aws_region.py │ │ ├── azure_region.py │ │ ├── datetime_validator.py │ │ ├── gcp_zone.py │ │ ├── grr_host.py │ │ ├── hostname.py │ │ ├── integer.py │ │ ├── manager.py │ │ ├── regex.py │ │ ├── subnet.py │ │ └── url.py ├── test_dftimewolf.py └── test_modules │ ├── __init__.py │ ├── modules.py │ ├── test_recipe.py │ └── thread_aware_modules.py └── utils ├── __init__.py ├── check_dependencies.py ├── dependencies.py ├── export_machine_startup_script.sh └── utils.py /.github/workflows/docs-publish.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/.github/workflows/docs-publish.yaml -------------------------------------------------------------------------------- /.github/workflows/docs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/.github/workflows/docs.yaml -------------------------------------------------------------------------------- /.github/workflows/install.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/.github/workflows/install.yml -------------------------------------------------------------------------------- /.github/workflows/mypy.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/.github/workflows/mypy.yml -------------------------------------------------------------------------------- /.github/workflows/pylint.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/.github/workflows/pylint.yml -------------------------------------------------------------------------------- /.github/workflows/pytype.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/.github/workflows/pytype.yml -------------------------------------------------------------------------------- /.github/workflows/unittests.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/.github/workflows/unittests.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/.gitignore -------------------------------------------------------------------------------- /.isort.cfg: -------------------------------------------------------------------------------- 1 | [settings] 2 | force_single_line=True 3 | -------------------------------------------------------------------------------- /.pylintrc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/.pylintrc -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/.vscode/settings.json -------------------------------------------------------------------------------- /ACKNOWLEDGEMENTS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/ACKNOWLEDGEMENTS -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/AUTHORS -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/README.md -------------------------------------------------------------------------------- /config/e2e/e2e_grr_artifact_hosts.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/config/e2e/e2e_grr_artifact_hosts.sh -------------------------------------------------------------------------------- /config/e2e/jenkins_dftimewolf_install.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/config/e2e/jenkins_dftimewolf_install.sh -------------------------------------------------------------------------------- /data/TelemetryTable.ddl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/TelemetryTable.ddl -------------------------------------------------------------------------------- /data/config.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/config.json -------------------------------------------------------------------------------- /data/recipes/aws_disk_to_gcp.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/aws_disk_to_gcp.json -------------------------------------------------------------------------------- /data/recipes/aws_forensics.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/aws_forensics.json -------------------------------------------------------------------------------- /data/recipes/aws_logging_collect.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/aws_logging_collect.json -------------------------------------------------------------------------------- /data/recipes/aws_logging_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/aws_logging_ts.json -------------------------------------------------------------------------------- /data/recipes/aws_turbinia_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/aws_turbinia_ts.json -------------------------------------------------------------------------------- /data/recipes/azure_forensics.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/azure_forensics.json -------------------------------------------------------------------------------- /data/recipes/azure_logging_collect.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/azure_logging_collect.json -------------------------------------------------------------------------------- /data/recipes/azure_logging_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/azure_logging_ts.json -------------------------------------------------------------------------------- /data/recipes/bigquery_collect.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/bigquery_collect.json -------------------------------------------------------------------------------- /data/recipes/bigquery_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/bigquery_ts.json -------------------------------------------------------------------------------- /data/recipes/gce_disk_copy.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/gce_disk_copy.json -------------------------------------------------------------------------------- /data/recipes/gce_disk_export.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/gce_disk_export.json -------------------------------------------------------------------------------- /data/recipes/gcp_cloud_resource_tree.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/gcp_cloud_resource_tree.json -------------------------------------------------------------------------------- /data/recipes/gcp_cloud_resource_tree_offline.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/gcp_cloud_resource_tree_offline.json -------------------------------------------------------------------------------- /data/recipes/gcp_disk_export_dd.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/gcp_disk_export_dd.json -------------------------------------------------------------------------------- /data/recipes/gcp_forensics.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/gcp_forensics.json -------------------------------------------------------------------------------- /data/recipes/gcp_logging_cloudaudit_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/gcp_logging_cloudaudit_ts.json -------------------------------------------------------------------------------- /data/recipes/gcp_logging_cloudsql_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/gcp_logging_cloudsql_ts.json -------------------------------------------------------------------------------- /data/recipes/gcp_logging_collect.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/gcp_logging_collect.json -------------------------------------------------------------------------------- /data/recipes/gcp_logging_gce_instance_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/gcp_logging_gce_instance_ts.json -------------------------------------------------------------------------------- /data/recipes/gcp_logging_gce_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/gcp_logging_gce_ts.json -------------------------------------------------------------------------------- /data/recipes/gcp_logging_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/gcp_logging_ts.json -------------------------------------------------------------------------------- /data/recipes/gcp_turbinia_disk_copy_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/gcp_turbinia_disk_copy_ts.json -------------------------------------------------------------------------------- /data/recipes/gcp_turbinia_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/gcp_turbinia_ts.json -------------------------------------------------------------------------------- /data/recipes/grr_artifact_grep.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/grr_artifact_grep.json -------------------------------------------------------------------------------- /data/recipes/grr_artifact_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/grr_artifact_ts.json -------------------------------------------------------------------------------- /data/recipes/grr_files_collect.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/grr_files_collect.json -------------------------------------------------------------------------------- /data/recipes/grr_flow_collect.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/grr_flow_collect.json -------------------------------------------------------------------------------- /data/recipes/grr_hunt_artifacts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/grr_hunt_artifacts.json -------------------------------------------------------------------------------- /data/recipes/grr_hunt_file.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/grr_hunt_file.json -------------------------------------------------------------------------------- /data/recipes/grr_hunt_osquery.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/grr_hunt_osquery.json -------------------------------------------------------------------------------- /data/recipes/grr_huntresults_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/grr_huntresults_ts.json -------------------------------------------------------------------------------- /data/recipes/grr_osquery_flow.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/grr_osquery_flow.json -------------------------------------------------------------------------------- /data/recipes/grr_timeline_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/grr_timeline_ts.json -------------------------------------------------------------------------------- /data/recipes/grr_yarascan.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/grr_yarascan.json -------------------------------------------------------------------------------- /data/recipes/gsheets_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/gsheets_ts.json -------------------------------------------------------------------------------- /data/recipes/openrelik_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/openrelik_ts.json -------------------------------------------------------------------------------- /data/recipes/plaso_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/plaso_ts.json -------------------------------------------------------------------------------- /data/recipes/recipe-list.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/recipe-list.md -------------------------------------------------------------------------------- /data/recipes/ts_collect.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/ts_collect.json -------------------------------------------------------------------------------- /data/recipes/upload_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/upload_ts.json -------------------------------------------------------------------------------- /data/recipes/upload_turbinia.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/upload_turbinia.json -------------------------------------------------------------------------------- /data/recipes/upload_web_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/upload_web_ts.json -------------------------------------------------------------------------------- /data/recipes/vt_evtx.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/vt_evtx.json -------------------------------------------------------------------------------- /data/recipes/vt_evtx_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/vt_evtx_ts.json -------------------------------------------------------------------------------- /data/recipes/vt_pcap.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/vt_pcap.json -------------------------------------------------------------------------------- /data/recipes/workspace_collect.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/workspace_collect.json -------------------------------------------------------------------------------- /data/recipes/workspace_meet_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/workspace_meet_ts.json -------------------------------------------------------------------------------- /data/recipes/workspace_user_activity_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/workspace_user_activity_ts.json -------------------------------------------------------------------------------- /data/recipes/workspace_user_device_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/workspace_user_device_ts.json -------------------------------------------------------------------------------- /data/recipes/workspace_user_drive_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/workspace_user_drive_ts.json -------------------------------------------------------------------------------- /data/recipes/workspace_user_login_ts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/data/recipes/workspace_user_login_ts.json -------------------------------------------------------------------------------- /dftimewolf/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/__init__.py -------------------------------------------------------------------------------- /dftimewolf/cli/__init__.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | -------------------------------------------------------------------------------- /dftimewolf/cli/curses_display_manager.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/cli/curses_display_manager.py -------------------------------------------------------------------------------- /dftimewolf/cli/dftimewolf_recipes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/cli/dftimewolf_recipes.py -------------------------------------------------------------------------------- /dftimewolf/config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/config.py -------------------------------------------------------------------------------- /dftimewolf/lib/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/__init__.py -------------------------------------------------------------------------------- /dftimewolf/lib/args_validator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/args_validator.py -------------------------------------------------------------------------------- /dftimewolf/lib/collectors/__init__.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | -------------------------------------------------------------------------------- /dftimewolf/lib/collectors/audit_log_pb2.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/collectors/audit_log_pb2.py -------------------------------------------------------------------------------- /dftimewolf/lib/collectors/aws.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/collectors/aws.py -------------------------------------------------------------------------------- /dftimewolf/lib/collectors/aws_logging.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/collectors/aws_logging.py -------------------------------------------------------------------------------- /dftimewolf/lib/collectors/aws_snapshot_s3_copy.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/collectors/aws_snapshot_s3_copy.py -------------------------------------------------------------------------------- /dftimewolf/lib/collectors/aws_volume_snapshot.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/collectors/aws_volume_snapshot.py -------------------------------------------------------------------------------- /dftimewolf/lib/collectors/azure.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/collectors/azure.py -------------------------------------------------------------------------------- /dftimewolf/lib/collectors/azure_logging.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/collectors/azure_logging.py -------------------------------------------------------------------------------- /dftimewolf/lib/collectors/bigquery.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/collectors/bigquery.py -------------------------------------------------------------------------------- /dftimewolf/lib/collectors/filesystem.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/collectors/filesystem.py -------------------------------------------------------------------------------- /dftimewolf/lib/collectors/gce_disk_copy.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/collectors/gce_disk_copy.py -------------------------------------------------------------------------------- /dftimewolf/lib/collectors/gcp_logging.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/collectors/gcp_logging.py -------------------------------------------------------------------------------- /dftimewolf/lib/collectors/grr_base.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/collectors/grr_base.py -------------------------------------------------------------------------------- /dftimewolf/lib/collectors/grr_hosts.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/collectors/grr_hosts.py -------------------------------------------------------------------------------- /dftimewolf/lib/collectors/grr_hunt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/collectors/grr_hunt.py -------------------------------------------------------------------------------- /dftimewolf/lib/collectors/gsheets.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/collectors/gsheets.py -------------------------------------------------------------------------------- /dftimewolf/lib/collectors/osquery.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/collectors/osquery.py -------------------------------------------------------------------------------- /dftimewolf/lib/collectors/timesketch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/collectors/timesketch.py -------------------------------------------------------------------------------- /dftimewolf/lib/collectors/virustotal.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/collectors/virustotal.py -------------------------------------------------------------------------------- /dftimewolf/lib/collectors/workspace_audit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/collectors/workspace_audit.py -------------------------------------------------------------------------------- /dftimewolf/lib/collectors/yara.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/collectors/yara.py -------------------------------------------------------------------------------- /dftimewolf/lib/containers/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /dftimewolf/lib/containers/containers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/containers/containers.py -------------------------------------------------------------------------------- /dftimewolf/lib/containers/interface.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/containers/interface.py -------------------------------------------------------------------------------- /dftimewolf/lib/containers/manager.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/containers/manager.py -------------------------------------------------------------------------------- /dftimewolf/lib/enhancers/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/enhancers/__init__.py -------------------------------------------------------------------------------- /dftimewolf/lib/errors.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/errors.py -------------------------------------------------------------------------------- /dftimewolf/lib/exporters/__init__.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | -------------------------------------------------------------------------------- /dftimewolf/lib/exporters/df_to_filesystem.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/exporters/df_to_filesystem.py -------------------------------------------------------------------------------- /dftimewolf/lib/exporters/gce_disk_export.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/exporters/gce_disk_export.py -------------------------------------------------------------------------------- /dftimewolf/lib/exporters/gce_disk_export_base.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/exporters/gce_disk_export_base.py -------------------------------------------------------------------------------- /dftimewolf/lib/exporters/gce_disk_export_dd.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/exporters/gce_disk_export_dd.py -------------------------------------------------------------------------------- /dftimewolf/lib/exporters/gce_disk_from_image.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/exporters/gce_disk_from_image.py -------------------------------------------------------------------------------- /dftimewolf/lib/exporters/gce_image_from_disk.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/exporters/gce_image_from_disk.py -------------------------------------------------------------------------------- /dftimewolf/lib/exporters/gcs_to_gce_image.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/exporters/gcs_to_gce_image.py -------------------------------------------------------------------------------- /dftimewolf/lib/exporters/local_filesystem.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/exporters/local_filesystem.py -------------------------------------------------------------------------------- /dftimewolf/lib/exporters/s3_to_gcs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/exporters/s3_to_gcs.py -------------------------------------------------------------------------------- /dftimewolf/lib/exporters/scp_ex.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/exporters/scp_ex.py -------------------------------------------------------------------------------- /dftimewolf/lib/exporters/timesketch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/exporters/timesketch.py -------------------------------------------------------------------------------- /dftimewolf/lib/logging_utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/logging_utils.py -------------------------------------------------------------------------------- /dftimewolf/lib/module.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/module.py -------------------------------------------------------------------------------- /dftimewolf/lib/modules/__init__.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | -------------------------------------------------------------------------------- /dftimewolf/lib/modules/manager.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/modules/manager.py -------------------------------------------------------------------------------- /dftimewolf/lib/preflights/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/preflights/__init__.py -------------------------------------------------------------------------------- /dftimewolf/lib/preflights/cloud_token.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/preflights/cloud_token.py -------------------------------------------------------------------------------- /dftimewolf/lib/preflights/ssh_multiplexer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/preflights/ssh_multiplexer.py -------------------------------------------------------------------------------- /dftimewolf/lib/processors/__init__.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | -------------------------------------------------------------------------------- /dftimewolf/lib/processors/gce_forensics_vm.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/processors/gce_forensics_vm.py -------------------------------------------------------------------------------- /dftimewolf/lib/processors/gcp_cloud_resource_tree.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/processors/gcp_cloud_resource_tree.py -------------------------------------------------------------------------------- /dftimewolf/lib/processors/gcp_cloud_resource_tree_helper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/processors/gcp_cloud_resource_tree_helper.py -------------------------------------------------------------------------------- /dftimewolf/lib/processors/gcp_logging_timesketch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/processors/gcp_logging_timesketch.py -------------------------------------------------------------------------------- /dftimewolf/lib/processors/grepper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/processors/grepper.py -------------------------------------------------------------------------------- /dftimewolf/lib/processors/llm_base.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/processors/llm_base.py -------------------------------------------------------------------------------- /dftimewolf/lib/processors/llmproviders/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/processors/llmproviders/__init__.py -------------------------------------------------------------------------------- /dftimewolf/lib/processors/llmproviders/gemini.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/processors/llmproviders/gemini.py -------------------------------------------------------------------------------- /dftimewolf/lib/processors/llmproviders/interface.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/processors/llmproviders/interface.py -------------------------------------------------------------------------------- /dftimewolf/lib/processors/llmproviders/manager.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/processors/llmproviders/manager.py -------------------------------------------------------------------------------- /dftimewolf/lib/processors/llmproviders/ollama.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/processors/llmproviders/ollama.py -------------------------------------------------------------------------------- /dftimewolf/lib/processors/llmproviders/vertex_ai.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/processors/llmproviders/vertex_ai.py -------------------------------------------------------------------------------- /dftimewolf/lib/processors/localplaso.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/processors/localplaso.py -------------------------------------------------------------------------------- /dftimewolf/lib/processors/openrelik.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/processors/openrelik.py -------------------------------------------------------------------------------- /dftimewolf/lib/processors/turbinia_artifact.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/processors/turbinia_artifact.py -------------------------------------------------------------------------------- /dftimewolf/lib/processors/turbinia_base.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/processors/turbinia_base.py -------------------------------------------------------------------------------- /dftimewolf/lib/processors/turbinia_gcp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/processors/turbinia_gcp.py -------------------------------------------------------------------------------- /dftimewolf/lib/processors/workspace_audit_timesketch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/processors/workspace_audit_timesketch.py -------------------------------------------------------------------------------- /dftimewolf/lib/processors/workspace_format_strings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/processors/workspace_format_strings.json -------------------------------------------------------------------------------- /dftimewolf/lib/recipes/__init__.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | -------------------------------------------------------------------------------- /dftimewolf/lib/recipes/manager.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/recipes/manager.py -------------------------------------------------------------------------------- /dftimewolf/lib/resources.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/resources.py -------------------------------------------------------------------------------- /dftimewolf/lib/state.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/state.py -------------------------------------------------------------------------------- /dftimewolf/lib/telemetry.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/telemetry.py -------------------------------------------------------------------------------- /dftimewolf/lib/timesketch_utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/timesketch_utils.py -------------------------------------------------------------------------------- /dftimewolf/lib/utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/utils.py -------------------------------------------------------------------------------- /dftimewolf/lib/validators/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/validators/__init__.py -------------------------------------------------------------------------------- /dftimewolf/lib/validators/aws_region.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/validators/aws_region.py -------------------------------------------------------------------------------- /dftimewolf/lib/validators/azure_region.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/validators/azure_region.py -------------------------------------------------------------------------------- /dftimewolf/lib/validators/datetime_validator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/validators/datetime_validator.py -------------------------------------------------------------------------------- /dftimewolf/lib/validators/gcp_zone.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/validators/gcp_zone.py -------------------------------------------------------------------------------- /dftimewolf/lib/validators/grr_host.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/validators/grr_host.py -------------------------------------------------------------------------------- /dftimewolf/lib/validators/hostname.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/validators/hostname.py -------------------------------------------------------------------------------- /dftimewolf/lib/validators/integer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/validators/integer.py -------------------------------------------------------------------------------- /dftimewolf/lib/validators/manager.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/validators/manager.py -------------------------------------------------------------------------------- /dftimewolf/lib/validators/regex.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/validators/regex.py -------------------------------------------------------------------------------- /dftimewolf/lib/validators/subnet.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/validators/subnet.py -------------------------------------------------------------------------------- /dftimewolf/lib/validators/url.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/dftimewolf/lib/validators/url.py -------------------------------------------------------------------------------- /docker/dev/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docker/dev/Dockerfile -------------------------------------------------------------------------------- /docker/dev/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docker/dev/README.md -------------------------------------------------------------------------------- /docker/dev/docker-compose.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docker/dev/docker-compose.yaml -------------------------------------------------------------------------------- /docker/dev/docker-entrypoint.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docker/dev/docker-entrypoint.sh -------------------------------------------------------------------------------- /docker/dftimewolf-release/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docker/dftimewolf-release/README.md -------------------------------------------------------------------------------- /docker/release/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docker/release/Dockerfile -------------------------------------------------------------------------------- /docker/release/docker-compose.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docker/release/docker-compose.yaml -------------------------------------------------------------------------------- /docker/release/docker-entrypoint.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docker/release/docker-entrypoint.sh -------------------------------------------------------------------------------- /docs/_static/graphviz/aws_disk_to_gcp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/aws_disk_to_gcp.png -------------------------------------------------------------------------------- /docs/_static/graphviz/aws_forensics.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/aws_forensics.png -------------------------------------------------------------------------------- /docs/_static/graphviz/aws_logging_collect.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/aws_logging_collect.png -------------------------------------------------------------------------------- /docs/_static/graphviz/aws_logging_ts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/aws_logging_ts.png -------------------------------------------------------------------------------- /docs/_static/graphviz/aws_turbinia_ts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/aws_turbinia_ts.png -------------------------------------------------------------------------------- /docs/_static/graphviz/azure_forensics.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/azure_forensics.png -------------------------------------------------------------------------------- /docs/_static/graphviz/azure_logging_collect.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/azure_logging_collect.png -------------------------------------------------------------------------------- /docs/_static/graphviz/azure_logging_ts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/azure_logging_ts.png -------------------------------------------------------------------------------- /docs/_static/graphviz/bigquery_collect.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/bigquery_collect.png -------------------------------------------------------------------------------- /docs/_static/graphviz/bigquery_ts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/bigquery_ts.png -------------------------------------------------------------------------------- /docs/_static/graphviz/gce_disk_copy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/gce_disk_copy.png -------------------------------------------------------------------------------- /docs/_static/graphviz/gce_disk_export.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/gce_disk_export.png -------------------------------------------------------------------------------- /docs/_static/graphviz/gce_disk_export_dd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/gce_disk_export_dd.png -------------------------------------------------------------------------------- /docs/_static/graphviz/gcp_cloud_resource_tree.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/gcp_cloud_resource_tree.png -------------------------------------------------------------------------------- /docs/_static/graphviz/gcp_cloud_resource_tree_offline.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/gcp_cloud_resource_tree_offline.png -------------------------------------------------------------------------------- /docs/_static/graphviz/gcp_forensics.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/gcp_forensics.png -------------------------------------------------------------------------------- /docs/_static/graphviz/gcp_logging_cloudaudit_ts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/gcp_logging_cloudaudit_ts.png -------------------------------------------------------------------------------- /docs/_static/graphviz/gcp_logging_cloudsql_ts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/gcp_logging_cloudsql_ts.png -------------------------------------------------------------------------------- /docs/_static/graphviz/gcp_logging_collect.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/gcp_logging_collect.png -------------------------------------------------------------------------------- /docs/_static/graphviz/gcp_logging_gce_instance_ts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/gcp_logging_gce_instance_ts.png -------------------------------------------------------------------------------- /docs/_static/graphviz/gcp_logging_gce_ts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/gcp_logging_gce_ts.png -------------------------------------------------------------------------------- /docs/_static/graphviz/gcp_turbinia_disk_copy_ts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/gcp_turbinia_disk_copy_ts.png -------------------------------------------------------------------------------- /docs/_static/graphviz/gcp_turbinia_ts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/gcp_turbinia_ts.png -------------------------------------------------------------------------------- /docs/_static/graphviz/gcp_turbinia_ts_threaded.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/gcp_turbinia_ts_threaded.png -------------------------------------------------------------------------------- /docs/_static/graphviz/grr_artifact_grep.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/grr_artifact_grep.png -------------------------------------------------------------------------------- /docs/_static/graphviz/grr_artifact_ts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/grr_artifact_ts.png -------------------------------------------------------------------------------- /docs/_static/graphviz/grr_files_collect.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/grr_files_collect.png -------------------------------------------------------------------------------- /docs/_static/graphviz/grr_flow_collect.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/grr_flow_collect.png -------------------------------------------------------------------------------- /docs/_static/graphviz/grr_hunt_artifacts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/grr_hunt_artifacts.png -------------------------------------------------------------------------------- /docs/_static/graphviz/grr_hunt_file.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/grr_hunt_file.png -------------------------------------------------------------------------------- /docs/_static/graphviz/grr_hunt_osquery.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/grr_hunt_osquery.png -------------------------------------------------------------------------------- /docs/_static/graphviz/grr_huntresults_ts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/grr_huntresults_ts.png -------------------------------------------------------------------------------- /docs/_static/graphviz/grr_osquery_flow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/grr_osquery_flow.png -------------------------------------------------------------------------------- /docs/_static/graphviz/grr_timeline_ts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/grr_timeline_ts.png -------------------------------------------------------------------------------- /docs/_static/graphviz/grr_yarascan.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/grr_yarascan.png -------------------------------------------------------------------------------- /docs/_static/graphviz/gsheets_ts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/gsheets_ts.png -------------------------------------------------------------------------------- /docs/_static/graphviz/plaso_ts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/plaso_ts.png -------------------------------------------------------------------------------- /docs/_static/graphviz/upload_ts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/upload_ts.png -------------------------------------------------------------------------------- /docs/_static/graphviz/upload_turbinia.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/upload_turbinia.png -------------------------------------------------------------------------------- /docs/_static/graphviz/upload_web_ts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/upload_web_ts.png -------------------------------------------------------------------------------- /docs/_static/graphviz/vt_evtx.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/vt_evtx.png -------------------------------------------------------------------------------- /docs/_static/graphviz/vt_evtx_ts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/vt_evtx_ts.png -------------------------------------------------------------------------------- /docs/_static/graphviz/vt_pcap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/vt_pcap.png -------------------------------------------------------------------------------- /docs/_static/graphviz/workspace_logging_collect.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/workspace_logging_collect.png -------------------------------------------------------------------------------- /docs/_static/graphviz/workspace_meet_ts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/workspace_meet_ts.png -------------------------------------------------------------------------------- /docs/_static/graphviz/workspace_user_activity_ts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/workspace_user_activity_ts.png -------------------------------------------------------------------------------- /docs/_static/graphviz/workspace_user_drive_ts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/workspace_user_drive_ts.png -------------------------------------------------------------------------------- /docs/_static/graphviz/workspace_user_login_ts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/graphviz/workspace_user_login_ts.png -------------------------------------------------------------------------------- /docs/_static/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/_static/logo.png -------------------------------------------------------------------------------- /docs/architecture.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/architecture.md -------------------------------------------------------------------------------- /docs/developers-guide.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/developers-guide.md -------------------------------------------------------------------------------- /docs/generate_recipe_doc.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/generate_recipe_doc.py -------------------------------------------------------------------------------- /docs/getting-started.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/getting-started.md -------------------------------------------------------------------------------- /docs/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/index.md -------------------------------------------------------------------------------- /docs/module-writing-basics.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/module-writing-basics.md -------------------------------------------------------------------------------- /docs/recipe-caveat.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/recipe-caveat.md -------------------------------------------------------------------------------- /docs/recipe-list.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/recipe-list.md -------------------------------------------------------------------------------- /docs/user-manual.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/docs/user-manual.md -------------------------------------------------------------------------------- /mkdocs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/mkdocs.yml -------------------------------------------------------------------------------- /mypy.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/mypy.ini -------------------------------------------------------------------------------- /poetry.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/poetry.lock -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/pyproject.toml -------------------------------------------------------------------------------- /pytype.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/pytype.conf -------------------------------------------------------------------------------- /tests/__init__.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | -------------------------------------------------------------------------------- /tests/cli/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/cli/curses_display_manager.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/cli/curses_display_manager.py -------------------------------------------------------------------------------- /tests/cli/main_tool.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/cli/main_tool.py -------------------------------------------------------------------------------- /tests/cli/recipes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/cli/recipes.py -------------------------------------------------------------------------------- /tests/e2e/aws_disk_forensics.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/e2e/aws_disk_forensics.py -------------------------------------------------------------------------------- /tests/e2e/gcp_disk_forensics.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/e2e/gcp_disk_forensics.py -------------------------------------------------------------------------------- /tests/lib/__init__.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | -------------------------------------------------------------------------------- /tests/lib/args_validator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/args_validator.py -------------------------------------------------------------------------------- /tests/lib/collectors/__init__.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | -------------------------------------------------------------------------------- /tests/lib/collectors/aws.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/aws.py -------------------------------------------------------------------------------- /tests/lib/collectors/aws_logging.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/aws_logging.py -------------------------------------------------------------------------------- /tests/lib/collectors/aws_snapshot_s3_copy.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/aws_snapshot_s3_copy.py -------------------------------------------------------------------------------- /tests/lib/collectors/aws_volume_snapshot.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/aws_volume_snapshot.py -------------------------------------------------------------------------------- /tests/lib/collectors/azure.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/azure.py -------------------------------------------------------------------------------- /tests/lib/collectors/azure_logging.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/azure_logging.py -------------------------------------------------------------------------------- /tests/lib/collectors/bigquery.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/bigquery.py -------------------------------------------------------------------------------- /tests/lib/collectors/filesystem.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/filesystem.py -------------------------------------------------------------------------------- /tests/lib/collectors/gce_disk_copy.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/gce_disk_copy.py -------------------------------------------------------------------------------- /tests/lib/collectors/grr_base.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/grr_base.py -------------------------------------------------------------------------------- /tests/lib/collectors/grr_hosts.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/grr_hosts.py -------------------------------------------------------------------------------- /tests/lib/collectors/grr_hunt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/grr_hunt.py -------------------------------------------------------------------------------- /tests/lib/collectors/gsheets.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/gsheets.py -------------------------------------------------------------------------------- /tests/lib/collectors/osquery.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/osquery.py -------------------------------------------------------------------------------- /tests/lib/collectors/stackdriver.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/stackdriver.py -------------------------------------------------------------------------------- /tests/lib/collectors/test_data/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/lib/collectors/test_data/grepper_test_dir/1test.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/test_data/grepper_test_dir/1test.pdf -------------------------------------------------------------------------------- /tests/lib/collectors/test_data/grepper_test_dir/grepper_test.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/test_data/grepper_test_dir/grepper_test.txt -------------------------------------------------------------------------------- /tests/lib/collectors/test_data/grepper_test_dir/grepper_test2.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/test_data/grepper_test_dir/grepper_test2.txt -------------------------------------------------------------------------------- /tests/lib/collectors/test_data/hunt.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/test_data/hunt.zip -------------------------------------------------------------------------------- /tests/lib/collectors/test_data/mock_grr_hosts.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/test_data/mock_grr_hosts.py -------------------------------------------------------------------------------- /tests/lib/collectors/timesketch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/timesketch.py -------------------------------------------------------------------------------- /tests/lib/collectors/virustotal.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/virustotal.py -------------------------------------------------------------------------------- /tests/lib/collectors/workspace_audit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/workspace_audit.py -------------------------------------------------------------------------------- /tests/lib/collectors/yara.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/collectors/yara.py -------------------------------------------------------------------------------- /tests/lib/containers/__init__.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | -------------------------------------------------------------------------------- /tests/lib/containers/containers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/containers/containers.py -------------------------------------------------------------------------------- /tests/lib/containers/interface.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/containers/interface.py -------------------------------------------------------------------------------- /tests/lib/containers/manager.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/containers/manager.py -------------------------------------------------------------------------------- /tests/lib/exporters/__init__.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | -------------------------------------------------------------------------------- /tests/lib/exporters/df_to_filesystem.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/exporters/df_to_filesystem.py -------------------------------------------------------------------------------- /tests/lib/exporters/gce_disk_export.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/exporters/gce_disk_export.py -------------------------------------------------------------------------------- /tests/lib/exporters/gce_disk_export_dd.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/exporters/gce_disk_export_dd.py -------------------------------------------------------------------------------- /tests/lib/exporters/gce_disk_from_image.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/exporters/gce_disk_from_image.py -------------------------------------------------------------------------------- /tests/lib/exporters/gce_image_from_disk.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/exporters/gce_image_from_disk.py -------------------------------------------------------------------------------- /tests/lib/exporters/gcs_to_gce_image.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/exporters/gcs_to_gce_image.py -------------------------------------------------------------------------------- /tests/lib/exporters/local_filesystem.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/exporters/local_filesystem.py -------------------------------------------------------------------------------- /tests/lib/exporters/s3_to_gcs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/exporters/s3_to_gcs.py -------------------------------------------------------------------------------- /tests/lib/exporters/scp_ex.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/exporters/scp_ex.py -------------------------------------------------------------------------------- /tests/lib/exporters/timesketch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/exporters/timesketch.py -------------------------------------------------------------------------------- /tests/lib/modules/__init__.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | -------------------------------------------------------------------------------- /tests/lib/modules/manager.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/modules/manager.py -------------------------------------------------------------------------------- /tests/lib/modules_test_base.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/modules_test_base.py -------------------------------------------------------------------------------- /tests/lib/preflights/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/lib/preflights/ssh_multiplexer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/preflights/ssh_multiplexer.py -------------------------------------------------------------------------------- /tests/lib/processors/__init__.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | -------------------------------------------------------------------------------- /tests/lib/processors/gce_forensics_vm.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/gce_forensics_vm.py -------------------------------------------------------------------------------- /tests/lib/processors/gcp_cloud_resource_tree.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/gcp_cloud_resource_tree.py -------------------------------------------------------------------------------- /tests/lib/processors/gcp_logging_timesketch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/gcp_logging_timesketch.py -------------------------------------------------------------------------------- /tests/lib/processors/grepper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/grepper.py -------------------------------------------------------------------------------- /tests/lib/processors/llm_base.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/llm_base.py -------------------------------------------------------------------------------- /tests/lib/processors/llmproviders/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/lib/processors/llmproviders/gemini.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/llmproviders/gemini.py -------------------------------------------------------------------------------- /tests/lib/processors/llmproviders/manager.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/llmproviders/manager.py -------------------------------------------------------------------------------- /tests/lib/processors/llmproviders/ollama.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/llmproviders/ollama.py -------------------------------------------------------------------------------- /tests/lib/processors/llmproviders/vertex_ai.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/llmproviders/vertex_ai.py -------------------------------------------------------------------------------- /tests/lib/processors/localplaso.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/localplaso.py -------------------------------------------------------------------------------- /tests/lib/processors/openrelik.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/openrelik.py -------------------------------------------------------------------------------- /tests/lib/processors/test_data/c4e9abd577db475484b2ded34a011b96.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/test_data/c4e9abd577db475484b2ded34a011b96.tgz -------------------------------------------------------------------------------- /tests/lib/processors/test_data/compute_api_disk_images_response.jsonl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/test_data/compute_api_disk_images_response.jsonl -------------------------------------------------------------------------------- /tests/lib/processors/test_data/compute_api_disks_response.jsonl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/test_data/compute_api_disks_response.jsonl -------------------------------------------------------------------------------- /tests/lib/processors/test_data/compute_api_instance_templates_response.jsonl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/test_data/compute_api_instance_templates_response.jsonl -------------------------------------------------------------------------------- /tests/lib/processors/test_data/compute_api_instances_response.jsonl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/test_data/compute_api_instances_response.jsonl -------------------------------------------------------------------------------- /tests/lib/processors/test_data/compute_api_machine_images_response.jsonl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/test_data/compute_api_machine_images_response.jsonl -------------------------------------------------------------------------------- /tests/lib/processors/test_data/compute_api_snapshots_response.jsonl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/test_data/compute_api_snapshots_response.jsonl -------------------------------------------------------------------------------- /tests/lib/processors/test_data/empty_file.jsonl: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/lib/processors/test_data/gcp-project-logs.jsonl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/test_data/gcp-project-logs.jsonl -------------------------------------------------------------------------------- /tests/lib/processors/test_data/resources_dict_dump.jsonl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/test_data/resources_dict_dump.jsonl -------------------------------------------------------------------------------- /tests/lib/processors/test_data/turbinia.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/test_data/turbinia.conf -------------------------------------------------------------------------------- /tests/lib/processors/test_data/turbinia_request_status.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/test_data/turbinia_request_status.json -------------------------------------------------------------------------------- /tests/lib/processors/turbinia_base.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/turbinia_base.py -------------------------------------------------------------------------------- /tests/lib/processors/workspace_audit_timesketch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/processors/workspace_audit_timesketch.py -------------------------------------------------------------------------------- /tests/lib/recipes/__init__.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | -------------------------------------------------------------------------------- /tests/lib/recipes/manager.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/recipes/manager.py -------------------------------------------------------------------------------- /tests/lib/resources.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/resources.py -------------------------------------------------------------------------------- /tests/lib/state.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/state.py -------------------------------------------------------------------------------- /tests/lib/telemetry.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/telemetry.py -------------------------------------------------------------------------------- /tests/lib/timesketch_utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/timesketch_utils.py -------------------------------------------------------------------------------- /tests/lib/utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/utils.py -------------------------------------------------------------------------------- /tests/lib/validators/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/lib/validators/aws_region.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/validators/aws_region.py -------------------------------------------------------------------------------- /tests/lib/validators/azure_region.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/validators/azure_region.py -------------------------------------------------------------------------------- /tests/lib/validators/datetime_validator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/validators/datetime_validator.py -------------------------------------------------------------------------------- /tests/lib/validators/gcp_zone.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/validators/gcp_zone.py -------------------------------------------------------------------------------- /tests/lib/validators/grr_host.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/validators/grr_host.py -------------------------------------------------------------------------------- /tests/lib/validators/hostname.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/validators/hostname.py -------------------------------------------------------------------------------- /tests/lib/validators/integer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/validators/integer.py -------------------------------------------------------------------------------- /tests/lib/validators/manager.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/validators/manager.py -------------------------------------------------------------------------------- /tests/lib/validators/regex.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/validators/regex.py -------------------------------------------------------------------------------- /tests/lib/validators/subnet.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/validators/subnet.py -------------------------------------------------------------------------------- /tests/lib/validators/url.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/lib/validators/url.py -------------------------------------------------------------------------------- /tests/test_dftimewolf.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/test_dftimewolf.py -------------------------------------------------------------------------------- /tests/test_modules/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/test_modules/modules.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/test_modules/modules.py -------------------------------------------------------------------------------- /tests/test_modules/test_recipe.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/test_modules/test_recipe.py -------------------------------------------------------------------------------- /tests/test_modules/thread_aware_modules.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/tests/test_modules/thread_aware_modules.py -------------------------------------------------------------------------------- /utils/__init__.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | -------------------------------------------------------------------------------- /utils/check_dependencies.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/utils/check_dependencies.py -------------------------------------------------------------------------------- /utils/dependencies.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/utils/dependencies.py -------------------------------------------------------------------------------- /utils/export_machine_startup_script.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/utils/export_machine_startup_script.sh -------------------------------------------------------------------------------- /utils/utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/log2timeline/dftimewolf/HEAD/utils/utils.py --------------------------------------------------------------------------------