profile
viewpoint

google/cloud-forensics-utils 194

Python library to carry out DFIR analysis on the Cloud

log2timeline/dftimewolf 176

A framework for orchestrating forensic collection, processing and data export

giovannt0/battleship 0

Simple battleship game in Java

giovannt0/BurpEvidenceCollector 0

An evidence collection module for Burp Suite

giovannt0/dftimewolf 0

A framework for orchestrating forensic collection, processing and data export

giovannt0/DPBoost 0

Differentially Private Gradient Boosting Decision Trees

giovannt0/ml-privacy-csf18 0

Code for the CSF 2018 paper "Privacy Risk in Machine Learning: Analyzing the Connection to Overfitting"

push eventgiovannt0/dftimewolf

Theo Giovanna

commit sha 1bd90c1d158eb9d1ea7af437e0783df7611737f3

pylint Signed-off-by: Theo Giovanna <gtheo@google.com>

view details

push time in 3 days

push eventgiovannt0/dftimewolf

Theo Giovanna

commit sha 94bce6891fc00edbda329df7be28ffb48d608d9f

Fix transcripts Signed-off-by: Theo Giovanna <gtheo@google.com>

view details

push time in 3 days

PR opened log2timeline/dftimewolf

Update metawolf's doc

Signed-off-by: Theo Giovanna gtheo@google.com

+17 -17

0 comment

4 changed files

pr created time in 3 days

create barnchgiovannt0/dftimewolf

branch : metawolf-doc

created branch time in 3 days

push eventgiovannt0/dftimewolf

Thomas Chopitea

commit sha 855d70f6c84686aeccf62f40596e02936aae4cec

Add test to check that modules are invoked with the expected parameters. (#413) * Add test to check that modules are invoked with the expected parameters. * Fix formatting * Add missing attribute from docstring * Try having pipfile follow turbinia/master * Fix tests * Update pipfile and AWS mocks * Update requirements

view details

Theo

commit sha b26ba55aef593a7e2170d6143825bac6a68d7794

Metawolf: A meterpreter-like shell for DFTimewolf (#412) * Initial commit for metawolf Signed-off-by: Theo Giovanna <gtheo@google.com> * Type annotations (#411) * pytype annotations * First pass * mypy.ini file * Second pass * Add github action * Fix tests * Update requirements * Add req to pipfile * Fix bad imports * Fix broken test * Strict type checking is stricter * isort config for imports * Python is nice because it's dynamically typed #not * Ignore protobuf files * Remove superfluous params from Github action * Bugfix * Fix cyclic dependency * Fix Github action syntax * Disable cyclic import linter warning * Fix mypy * Add PyYAML types * Metawolf part 2 Signed-off-by: Theo Giovanna <gtheo@google.com> * Type annotations (#411) * pytype annotations * First pass * mypy.ini file * Second pass * Add github action * Fix tests * Update requirements * Add req to pipfile * Fix bad imports * Fix broken test * Strict type checking is stricter * isort config for imports * Python is nice because it's dynamically typed #not * Ignore protobuf files * Remove superfluous params from Github action * Bugfix * Fix cyclic dependency * Fix Github action syntax * Disable cyclic import linter warning * Fix mypy * Add PyYAML types * cleanup PR Signed-off-by: Theo Giovanna <gtheo@google.com> * Add missing commands to docs Signed-off-by: Theo Giovanna <gtheo@google.com> * Fix requirements Signed-off-by: Theo Giovanna <gtheo@google.com> * More missing docs Signed-off-by: Theo Giovanna <gtheo@google.com> * ooops Signed-off-by: Theo Giovanna <gtheo@google.com> * Add space for pylint Signed-off-by: Theo Giovanna <gtheo@google.com> * Show current session in show sessions Signed-off-by: Theo Giovanna <gtheo@google.com> * Fix reload boolean Signed-off-by: Theo Giovanna <gtheo@google.com> * Make metawolf testable: migrate to poutput for printing output, and add a test case Signed-off-by: Theo Giovanna <gtheo@google.com> * Add various scenario-based tests to metawolf Signed-off-by: Theo Giovanna <gtheo@google.com> * Bad copy pasta (typo) Signed-off-by: Theo Giovanna <gtheo@google.com> * PR comments (excluding tests) Signed-off-by: Theo Giovanna <gtheo@google.com> * PR comments (tests) Signed-off-by: Theo Giovanna <gtheo@google.com> * Fetch short desc Signed-off-by: Theo Giovanna <gtheo@google.com> * Fix prepare cmd test Signed-off-by: Theo Giovanna <gtheo@google.com> * Remove unused import Signed-off-by: Theo Giovanna <gtheo@google.com> * fix linter et al. Signed-off-by: Theo Giovanna <gtheo@google.com> * Add missing dependencies * Missing deps Signed-off-by: Theo Giovanna <gtheo@google.com> * Missing deps Signed-off-by: Theo Giovanna <gtheo@google.com> * Update deps * fix path Signed-off-by: Theo Giovanna <gtheo@google.com> * forgot one Signed-off-by: Theo Giovanna <gtheo@google.com> Co-authored-by: Thomas Chopitea <tomchop@gmail.com>

view details

Thomas Chopitea

commit sha cd70972acd7a2ce72309d881dd96948a78fbe16e

Minor tweaks (#424) * Move logging to init * Better error messages

view details

Thomas Chopitea

commit sha f853731fb05aa05f088e12e886bc7f595e19c14c

Tweaks in SSH multiplexer / exporter (#416) * Fix protocol error when downloading multiple files * Add extra SSH options to SCPExporter and SSHMultiplexer * Silence mypy * Make type checking more consistent

view details

Thomas Chopitea

commit sha 7feed81821f7083d5b886d6ef0b46d7a3f135824

Add custom logging class to be able to log "success" messages (#425) * Add new logging class * Adjust modules to log success error messages * Silence mypy * Better mypy * Cast logger to our custom Class * Fix linter

view details

Daniel White

commit sha 15e771be2159c4948c8db9fa09b0832883c9551d

Fixes for workspace audit logs (#426) * Add collector, processor and recipes for Google Workspace logs * Update dftimewolf/lib/containers/containers.py Co-authored-by: Thomas Chopitea <tomchop@gmail.com> * Changes after review * Misc fixes for workspace audit logs * Misc fixes for workspace audit logs * Fix import * Always downcase parameter names * Always downcase parameter names Co-authored-by: Thomas Chopitea <tomchop@gmail.com>

view details

Thomas Chopitea

commit sha 720cbcd5ee20b498ea1b88fe23a0f9fe64c4a48b

Update dependencies (#428) * Update deps * Update test turbinia config * Fix some linter errors * Update test turbinia config * Disable encoding linter message * Ignore typing in logging libs as it is a hot mess

view details

Thomas Chopitea

commit sha 9f055033cfd866f76ad94891354f7e9db4b74528

Also check preflight setup args (#427)

view details

Thomas Chopitea

commit sha 9f7ec0e5200f097a603f7f08ab8df7f5df1ee00f

Delete .travis.yml

view details

Alexander J

commit sha 51d896ba08844f46e9fc61de6fd695e08f4e1ce3

remove stale travis config file (#430) Co-authored-by: Thomas Chopitea <tomchop@gmail.com>

view details

Thomas Chopitea

commit sha c7a558f3f6be1063731566e7db970a460b852b4e

Update README badges (#429)

view details

Aaron Peterson

commit sha 2f048984bbc181a84922fb8cfcbe07a21f683c12

Move Turbinia recipe variables (#431) * Move Turbinia recipe variables * Fix tests

view details

Ramo

commit sha 4e901450828b022bd5f57f842dec0be10d554d2a

Support for dynamic horizontal scaling of modules (#423) * Threaded module base class added, plus tests * Sequential processing of thread aware modules * Linter appeasement * Add return containers back into state after processing * Moved the container storage for thread aware modules int the module itself. Updated tests * Linter appeasement * Updated tests for containers through a thread aware module * Linter appeasement * Implemented threading. * Linter appeasement * Linter appeasement * Inline doco for implementing the thread aware module * Doc updates * Pool threads rather than unlimited thread count * linter appeasement * Inline doc update * PR suggestions, round 1 * PR suggestions part 2 * Simplified container handling * Small style change * Linter appeasement * Added option for threadawaremodules to decide on keeping or popping the thread on containers in the state * Add a few comments Co-authored-by: Thomas Chopitea <tomchop@gmail.com>

view details

Johan Berggren

commit sha 7055ea71b2884ede47070a08d3c248d69e7c1f65

Remove quotes from timeline name

view details

Theo

commit sha b239622322cab4a2436cf4487ac3ac2ee5d6767a

[Metawolf] Use Metawolf's utils in process class and add option to hide read errors (#418) * [Metawolf] Add option to hide read error warning Signed-off-by: Theo Giovanna <gtheo@google.com> * Use Metawolf's utils in MetawolfProcess by default Signed-off-by: Theo Giovanna <gtheo@google.com>

view details

itsmvd

commit sha ae363de1997102ec18fc8d9856def09806880728

Update interface.py (#436) Fix typo

view details

Ramo

commit sha 02b5c60ffffed1029213ac85f569981f3ccfbbc8

Threaded Modules for TurbiniaGCPProcessor and TimesketchExporter (#432) * Created threaded versions of Turbinia GCP and Timesketch exporter * timeline name correction * Added some testing around errors * Notes from PR * Linter appeasement * PR suggestions

view details

Thomas Chopitea

commit sha 13c984fded95f5cc970e2b028149006ffa8f3d5e

Skip checks if no project name specified. (#438)

view details

Romain Gayon

commit sha 2f1a6484695f77ed6878e1754b0ce08f6128a664

set stdout as default output stream for logging.StreamHandler (#439)

view details

Theo

commit sha bb7ae49f8031c4e5cc6cdae6fbe00c07d24acd19

Metawolf: add `exit` command (#444) Signed-off-by: Theo Giovanna <gtheo@google.com>

view details

push time in 3 days

Pull request review commentgoogle/cloud-forensics-utils

Add getIamPolicy functionality to GCP cloudresourcemanager module

 def DeleteResource(self, name: str) -> Dict[str, Any]:     response = common.ExecuteRequest(resource_client, 'delete', request)[0]     logger.info("Resource {0:s} was set for deletion.".format(name))     return response++  def GetIamPolicy(self, name: str) -> Dict[str, Any]:+    """Get IAM policy bindings for a resource.++    Args:+      name (str): a resource identifier in the format+        resource_type/resource_number e.g. projects/123456789012 where+        project_type is one of projects, folders or organizations.+    Returns:+      Dict[str, Any]: The policy bindings for the resource.+    """+    resource_type = name.split('/')[0]+    if resource_type not in self.RESOURCE_TYPES:+      raise TypeError('Invalid resource type "{0:s}", resource must be one of '

Can you update the docstring to surface that a TypeError error can be raised?

jonathan-greig

comment created time in 4 days

PullRequestReviewEvent
PullRequestReviewEvent

push eventgoogle/cloud-forensics-utils

Diana Kramer

commit sha c5f4d5edd525a702f7d953b4bc3a9ee62be53334

Add BigQuery Jobs functionality and tests (#424) * Add BigQuery Jobs functionality and tests * Remove type annotations from docs * Define BIGQUERY_API_VERSION as module variable * Update libcloudforensics/providers/gcp/internal/project.py Co-authored-by: Said Eid <46205691+sa3eed3ed@users.noreply.github.com> * Update tools/gcp_cli.py Co-authored-by: Said Eid <46205691+sa3eed3ed@users.noreply.github.com> * Update libcloudforensics/providers/gcp/internal/bigquery.py Co-authored-by: Said Eid <46205691+sa3eed3ed@users.noreply.github.com> * Update libcloudforensics/providers/gcp/internal/project.py Co-authored-by: Theo <theo.giovanna@gmail.com> Co-authored-by: Said Eid <46205691+sa3eed3ed@users.noreply.github.com> Co-authored-by: Theo <gtheo@google.com> Co-authored-by: Theo <theo.giovanna@gmail.com>

view details

push time in 10 days

issue closedgoogle/cloud-forensics-utils

Add BigQuery Functionalities to GCP

expected 07/08 2020

closed time in 10 days

sa3eed3ed

PR merged google/cloud-forensics-utils

Reviewers
Add BigQuery Jobs functionality and tests

Resolves #184

+198 -0

2 comments

6 changed files

dianakramer

pr closed time in 10 days

PullRequestReviewEvent
PullRequestReviewEvent

Pull request review commentgoogle/cloud-forensics-utils

Add BigQuery Jobs functionality and tests

 def serviceusage(self) -> serviceusage_module.GoogleServiceUsage:     self._serviceusage = serviceusage_module.GoogleServiceUsage(         self.project_id)     return self._serviceusage++  @property+  def bigquery(self) -> bigquery_module.GoogleBigQuery:+    """Get a GoogleBigQuery object for the project.++    Returns:+      GoogleBigQuery: Object that represents Google BigQuery.+    """++    if self._bigquery:+      return self._bigquery+    self._bigquery = bigquery_module.CloudBigQuery(
    self._bigquery = bigquery_module.GoogleBigQuery(

Should fix pylint

dianakramer

comment created time in 10 days

PullRequestReviewEvent

push eventdianakramer/cloud-forensics-utils

Theo

commit sha 8f4bf84c1aab4e4dd7600aa93d95a5805e2c861b

Add method to delete cloud project (#423) * Add method to delete cloud project Signed-off-by: Theo Giovanna <gtheo@google.com> * Fix docstring Signed-off-by: Theo Giovanna <gtheo@google.com> * Fix docstring Signed-off-by: Theo Giovanna <gtheo@google.com>

view details

Theo Giovanna

commit sha 922cec6a95395a17a97dd4e4c7c5715b42c820b3

Fix Azure tests Signed-off-by: Theo Giovanna <gtheo@google.com>

view details

Theo

commit sha 37a9de774d7453b66e91fcdb0c340edcd20c4217

Pin Azure deps until GH workflow install the same version and fix mypy (#425)

view details

Theo

commit sha b494e366f7738a6a8f4c75b3424906a57228b4d4

Merge branch 'main' into main

view details

push time in 10 days

push eventgoogle/cloud-forensics-utils

Theo

commit sha 37a9de774d7453b66e91fcdb0c340edcd20c4217

Pin Azure deps until GH workflow install the same version and fix mypy (#425)

view details

push time in 10 days

push eventgiovannt0/cloud-forensics-utils

Theo Giovanna

commit sha e9dd29e59748e0dc40bd3d8ac03850e668c9ce2b

New version of mypy trckery Signed-off-by: Theo Giovanna <gtheo@google.com>

view details

push time in 10 days

push eventgiovannt0/cloud-forensics-utils

Theo Giovanna

commit sha 5fead24958ee24573e88b3e2034cc8fff957654d

24.0.0 doesn't exist on Ubuntu-latest 3.6 Signed-off-by: Theo Giovanna <gtheo@google.com>

view details

push time in 10 days

push eventgiovannt0/cloud-forensics-utils

Theo Giovanna

commit sha 4a502df3479fa56bc596d44e1d1416ae8dfc7ca9

Pin Azure deps until GH workflow install the same version Signed-off-by: Theo Giovanna <gtheo@google.com>

view details

push time in 10 days

push eventgiovannt0/cloud-forensics-utils

push time in 10 days

push eventgiovannt0/cloud-forensics-utils

Theo

commit sha dafbb0ed482b45311efca55d6e59460343b3130f

Azure shenanigans (#303) * Fix Azure tests Signed-off-by: Theo Giovanna <gtheo@google.com> * Respectful code cleanup Signed-off-by: Theo Giovanna <gtheo@google.com> * Fix azure versionning Signed-off-by: Theo Giovanna <gtheo@google.com>

view details

push time in 10 days

push eventgiovannt0/cloud-forensics-utils

Theo

commit sha 223558bbdb1a2386eb7359afb05d1c01ac701dc2

Query GCP logs with multiple projects (#335) * Azure shenanigans (#303) * Fix Azure tests Signed-off-by: Theo Giovanna <gtheo@google.com> * Respectful code cleanup Signed-off-by: Theo Giovanna <gtheo@google.com> * Fix azure versionning Signed-off-by: Theo Giovanna <gtheo@google.com> * Allow GCP CLI tool to query multiple log sources for multiple project IDs Signed-off-by: Theo Giovanna <gtheo@google.com> * good linter Signed-off-by: Theo Giovanna <gtheo@google.com> * PR comments Signed-off-by: Theo Giovanna <gtheo@google.com> * PR comments Signed-off-by: Theo Giovanna <gtheo@google.com>

view details

Theo

commit sha 71436eec289aee17fc72fd9968b3b7c6c24d20bf

Cleanup GCP e2e CLI tests (#336) * Azure shenanigans (#303) * Fix Azure tests Signed-off-by: Theo Giovanna <gtheo@google.com> * Respectful code cleanup Signed-off-by: Theo Giovanna <gtheo@google.com> * Fix azure versionning Signed-off-by: Theo Giovanna <gtheo@google.com> * Adapt e2e for the CLI to recent comments Signed-off-by: Theo Giovanna <gtheo@google.com> Co-authored-by: Thomas Chopitea <tomchop@gmail.com>

view details

Thomas Chopitea

commit sha 9522eee8519b6c4096d870c361ab0043ea4437bf

Do not cache the result of CreateService (#342) * Do not cache the result of CreateService * Same for other Functions * Remove unused attribute

view details

Jonathan Greig

commit sha d8467a487a4d1ab188efa4f5146b219ef36c3159

Fix pylint no-member (#344) * Comment only change * Disable no-member in pylintrc * Revert pylintrc changes * Add pylint disable comments where issues occur

view details

Theo

commit sha ccf87973129806345a0bcdd52ebedaabd13a7158

Increase throttle sleep time (#334) * Azure shenanigans (#303) * Fix Azure tests Signed-off-by: Theo Giovanna <gtheo@google.com> * Respectful code cleanup Signed-off-by: Theo Giovanna <gtheo@google.com> * Fix azure versionning Signed-off-by: Theo Giovanna <gtheo@google.com> * Increase throttle sleep Signed-off-by: Theo Giovanna <gtheo@google.com> Co-authored-by: Thomas Chopitea <tomchop@gmail.com>

view details

Ramo

commit sha 5dcbba6e20ffbea1421a45bcc6511103e7c8c44b

AWS: Copy an EBS snapshot into S3 (#323) * EBS snapshot copy to S3 * In progress commit * More for EBS image copy * Doc/comment fixes * Added comment * Remove testing line * PR suggestions part 1 - Next time, it's personal * PR suggestions part 2 * userdata script fix * PR Suggestions * PR suggestions * Optional rollback of creation IAM elements * Missed a spot * Add random tail to ec2 instance name in snapshot copy To allow for multiple to be created at the same time * Added in an e2e test * Linter appeasement * Apply suggestions from code review Co-authored-by: Thomas Chopitea <tomchop@gmail.com> * PR suggestions * PR suggestions * Linter appeasement Co-authored-by: Thomas Chopitea <tomchop@gmail.com>

view details

Jonathan Greig

commit sha 0bab3d4576aa60786782aef02aa7be94c1d85938

Add GCP CPU usage (#343) * Add new functionality to libcloudforensics/providers/gcp/internal/monitoring.py * Add test data and mocks * Add unit test

view details

Thomas Chopitea

commit sha 732052d4f70e9d633b0077aa1a78a4e972f4feae

Version bump for new release (#346)

view details

Ramo

commit sha 52b90bc9808f37d1a805f02c8aa087931d8a7808

Implement quarantinevm for AWS - issues/340 (#345)

view details

Theo

commit sha b442f2f2c24d3a96e75261c6e49e0cab71c16692

Fix Azure tests (#355) Signed-off-by: Theo Giovanna <gtheo@google.com>

view details

Ramo

commit sha eb46a2958bc3996cddd463db96081cca519f80d1

Change exponential backoff to calculated timeout for Snapshot S3 copy (#357) * Issue #354 * small fix * Logging line addition * Adjusted transfer speed value based on speed test * Added in handling for invalid snapshot id

view details

Ramo

commit sha 7653dcdaefd2068f1ce9f7acd53efa21210ad246

S3 E2E test (#356)

view details

Zak Cook

commit sha ca8fae803b3b5dfdb373d29e148d76cb03c29333

Remove external IPs when putting an instance into network quarantine (GCP) (#351) * Add method to remove an instance's external IPs * Add a method to list external IPs * Fix a couple of bugs * Add IP re-assignment after being removed * Add docstrings to new methods * Typos and argument check * Adhere to the LCF's string conventions * Address more points of PR review * Documentation changes * Wrap requests in try/catch blocks and document * Wrap requests with ExecuteRequest() * Apply suggestions from code review Co-authored-by: Theo <theo.giovanna@gmail.com> * Remove trailing whitespace Co-authored-by: Theo <gtheo@google.com> Co-authored-by: Theo <theo.giovanna@gmail.com>

view details

Ramo

commit sha 1b7b07cde3857e0b8be357df7d9452762a09e29b

Adjusted ebs snapshot s3 copy to wait for the instance health check (#358)

view details

Ramo

commit sha 259f70e5dbc870422301dc63b31113201cf44ce0

Revert 358, add wait for copy instance launch (#359)

view details

Ramo

commit sha c780fa971d831ade13a259d77d8ed0e8877269ed

Version bump for release (#360)

view details

Fryyyyy

commit sha 745a23db37861a8e1d949f1668cab167b1e3bf1f

Run mypy/pylint and tests on all pushes (#367) * Run workflows on local branch actions * Syntax

view details

Fryyyyy

commit sha ef026edce6de9791ea637d98862338d02b6cc0c3

Print an int (fixes #363) (#365) Co-authored-by: Theo <gtheo@google.com>

view details

Jonathan Greig

commit sha f10086d1b485b9d14744b37667f9450b2c40779e

GCP effective firewall listing (#361) * Add firewall listing * Code tidy + documentation * Add unit test * Whitespace fix * Mypy fix * Code review changes * Code review comments Co-authored-by: Theo <gtheo@google.com>

view details

Ramo

commit sha 71b33eaf14afeb4a2ba53ac96d2b55dc9efc0918

Instance profile mitigations for AWS * Issue 341 - Instance profile mitigations for AWS * Undo comment out * Added in some loggin messages * PR suggestions

view details

push time in 10 days

push eventgoogle/cloud-forensics-utils

Theo Giovanna

commit sha 922cec6a95395a17a97dd4e4c7c5715b42c820b3

Fix Azure tests Signed-off-by: Theo Giovanna <gtheo@google.com>

view details

push time in 10 days

Pull request review commentgoogle/cloud-forensics-utils

[azure] add image_reference option, fix multi-subscriptions bug, docs

 class AZAccount:   """    def __init__(self,-               default_resource_group_name: str,+               default_resource_group_name: str = '',

Can you update the docstring to reflect that this parameter is now Optional?

juju4

comment created time in 10 days

PullRequestReviewEvent
PullRequestReviewEvent

pull request commentgoogle/cloud-forensics-utils

Add BigQuery Jobs functionality and tests

Thanks @dianakramer, can you fix the tests before we merge this?

dianakramer

comment created time in 10 days

more