profile
viewpoint

google/docker-explorer 379

A tool to help forensicate offline docker acquisitions

google/cloud-forensics-utils 194

Python library to carry out DFIR analysis on the Cloud

google/GiftStick 114

1-Click push forensics evidence to the cloud

jonathan-greig/Assembly-Examples 0

Some basic x86/x86-64 assembly examples for Linux, macOS and Windows.

jonathan-greig/cloud-forensics-utils 0

Python library to carry out DFIR analysis on the Cloud

jonathan-greig/dftimewolf 0

A framework for orchestrating forensic collection, processing and data export

jonathan-greig/docker-explorer 0

A tool to help forensicate offline docker acquisitions

jonathan-greig/GiftStick 0

1-Click push forensics evidence to the cloud

create barnchjonathan-greig/turbinia

branch : recipes-packaging

created branch time in 2 days

push eventjonathan-greig/turbinia

hacktobeer

commit sha 75a60ee2cfbf0158e642c5d05da2e8a15cad18f6

Add prometheus endpoint to celery worker. (#836)

view details

alimez

commit sha dcff2dd3930fce906feab7a60b3e28c5fa01fdcc

Adding Grafana SMTP config to documentation (#834) * rebasing * change? * resolved conflicts * change? * fixed photorec stuff * fixed photorec stuff * change? * Update evidence.py * fixed photorec stuff * merged all files * did this fix it? * Added smtp config instructions * Remove photorec * Google link fix. * Fixed the typo * rebasing * change? * resolved conflicts * change? * fixed photorec stuff * fixed photorec stuff * change? * Update evidence.py * fixed photorec stuff * merged all files * did this fix it? * Added smtp config instructions * Remove photorec * Google link fix.

view details

Jason

commit sha 66da639f28efa15c607916f4dae130b93720df44

Use DFVFS test data (#832) * Add scripts to generate test data * Use DFVFS test data * Use DFVFS test data * Use DFVFS test data Co-authored-by: js-forensic <52063018+js-forensic@users.noreply.github.com>

view details

Aaron Peterson

commit sha 518b53aaf89f578cee2bde95586d8229e2f42738

Show task name counts (#839)

view details

hacktobeer

commit sha 19f725ebf721f298ea17da57f12792d8e6598fa3

Fix dependency error in google cloud libs. (#842) * Fix dependency error in google cloud libs.

view details

hacktobeer

commit sha fb11ebf2e21741801ec66c4c2d99a73ebefb7017

Upgrade Docker containers to Ubuntu 20.04 and cleanup (#715) Upgrade Docker containers to Ubuntu 20.04 and cleanup Docker build files.

view details

hacktobeer

commit sha a8318dc46ba246b531c4728493df5ac024507849

Add Turbinia GCP management tool. (#830) * First commit * remove old comment * stop/start workers async * tyop * add status command * Last fixes. * Some comments at the top/ * Process review comments. * Parse options better and add function to set env variables. * More error checking.

view details

Aaron Peterson

commit sha c63e5422729c68ffe29d31b729b19ff1f0a68790

Delete travis config (#845)

view details

Aaron Peterson

commit sha 56e397182977718c201a41842c391f0a7419c5d3

Refactor server/worker out of client module (#846) * Refactor server/worker out of client * Fix imports

view details

alimez

commit sha db1ec283f6014b33caa72c3d912c4eedbefd6fa5

Grafana alerts (#840) * rebasing * change? * resolved conflicts * change? * fixed photorec stuff * fixed photorec stuff * change? * Update evidence.py * fixed photorec stuff * merged all files * did this fix it? * Adding alerting to grafana * Adding anomaly detection for task runtime. * Adding the rest of the alerts to the dashboard. * Removing lower bound alerting

view details

Aaron Peterson

commit sha f0898c5cf0d1864c8689ec0cbc88406ef5eff4bf

Only set up file log handlers for server/worker (#847)

view details

Bhushan Borole

commit sha 8cb637886ed384370eaacb7394412f727337ebbb

Run redis-server on subsequent start of devcontainer (#848) * Run redis-server on start of devcontainer(Fixes #819) and remove redis-server from postCreateCommand

view details

hacktobeer

commit sha ff72dddfc34b3e062d6b34e2c01e0f7df635df33

Update GCFs to run with new datastore module and nodejs runtime. (#851)

view details

jorlamd

commit sha d45c62d4a73942654802517253ce664742248a1e

Simple recipes (#579) * adding recipe parser * Initial recipe implementation * removed debugging line * fixed potential bug in selection of paths to mount for docker images, adapted psort to recipes * Comments on new functions. Introduced validation of recipe vs default dynamic task config * simplified config loader, put error handling code in, minor format corrections * Fixes to recipe implementation, minor corrections * changed recipe implementation to support globals recipe item * additional work on globals recipe and small amendments to turbiniactl * minor bug fixes. celery version pinning, new attribute to TurbiniaTask, debugged code that merges globals with individual task recipes * removing debugging lines.. * bugfixes * changed how global recipes are handled, moved file helpers to module, small fixes * minor formatting changes * adding helpers file * minor style changes. corrections after merge * tested e2e recipe implementation. fixed small nit on partition processor. * Moved recipe logic to module. Placed recipe validation on task manager to cover all clients. Documentation and bug-fixes * Implemented abort job and task. Implemented check at the add_evidence stage to ensure the evidence is not processed if the recipe is not valid * Various bugfixes. Tweak to the logic that checks for applicable jobs to acknowledge an abort message * Code review items addressed. Flattening of the recipe object pending. * Update turbinia/lib/recipe_helpers.py Co-authored-by: Aaron Peterson <aaronp@gmail.com> * Removed unnecessary code from task_manager * additional small corrections on recipe helpers * Another small fix in recipe_helpers * bug fix in recipe dict validator * Flattened evidence config dict, linting, removal of debugging code * small changes per code review * merging upstream * malformed recipe leads to abortjob, but no enqueued tasks * Nits add up to nots * resolved bug introduced earlier in the PR, made modifications to add_evidence * Abort tasks remain in server, minor fixes. * style corrections Co-authored-by: jorlamd <jorlamd@nonfreebeast.Home> Co-authored-by: Jorge Lamarca <jorlamd@macbeast.home> Co-authored-by: Jorge Lamarca <jorlamd@macbeast.local> Co-authored-by: Aaron Peterson <aaronp@gmail.com> Co-authored-by: Jorge Lamarca <jorlamd@macbeast.fritz.box>

view details

Aaron Peterson

commit sha 60665f483794ce985aad6e9a8717a9a06af12175

Small fixes after Recipes merge (#854)

view details

Aaron Peterson

commit sha 566c31fdc79270fb3636849df55c3ee7b65d1ab5

Updates for recipes (#855) * Updates for recipes * Rename everything recipe to all * Add comment to all recipe

view details

Aaron Peterson

commit sha 531af31157b4c053fecfbd4cdfae1b6afe0e235e

Update GCF deployment script (#856)

view details

Aaron Peterson

commit sha f01ddd8b0fa1d096147020c84bad68b483277b53

Fix update-gcp-infra.sh image paths (#861)

view details

Fryyyyy

commit sha 73a2182d201e135516007dedd86023dd0321e49a

Shadow cracking worker (#862) * Shadow cracking worker * Not finding a shadow file is still a successful task run * Update summary to be more detailed

view details

Aaron Peterson

commit sha 125696c8c6bd784af435316a020a38fd608dd5e5

Simplify abort task and refactor recipe validation errors (#863) * Add logging and add --unattended flag * debug line * debug print __dict__ * Fix PSQ mock stub for AbortTask * Refactor recipe validation and abort jobs * Fix PSQ side too * Fixes * Fix setting of requester * Set requester properly * Globals key * fix docstrings * fix message * remove debug statement * Remove debug lines

view details

push time in 2 days

push eventjonathan-greig/dftimewolf

Thomas Chopitea

commit sha 9f7ec0e5200f097a603f7f08ab8df7f5df1ee00f

Delete .travis.yml

view details

Alexander J

commit sha 51d896ba08844f46e9fc61de6fd695e08f4e1ce3

remove stale travis config file (#430) Co-authored-by: Thomas Chopitea <tomchop@gmail.com>

view details

Thomas Chopitea

commit sha c7a558f3f6be1063731566e7db970a460b852b4e

Update README badges (#429)

view details

Aaron Peterson

commit sha 2f048984bbc181a84922fb8cfcbe07a21f683c12

Move Turbinia recipe variables (#431) * Move Turbinia recipe variables * Fix tests

view details

Ramo

commit sha 4e901450828b022bd5f57f842dec0be10d554d2a

Support for dynamic horizontal scaling of modules (#423) * Threaded module base class added, plus tests * Sequential processing of thread aware modules * Linter appeasement * Add return containers back into state after processing * Moved the container storage for thread aware modules int the module itself. Updated tests * Linter appeasement * Updated tests for containers through a thread aware module * Linter appeasement * Implemented threading. * Linter appeasement * Linter appeasement * Inline doco for implementing the thread aware module * Doc updates * Pool threads rather than unlimited thread count * linter appeasement * Inline doc update * PR suggestions, round 1 * PR suggestions part 2 * Simplified container handling * Small style change * Linter appeasement * Added option for threadawaremodules to decide on keeping or popping the thread on containers in the state * Add a few comments Co-authored-by: Thomas Chopitea <tomchop@gmail.com>

view details

Johan Berggren

commit sha 7055ea71b2884ede47070a08d3c248d69e7c1f65

Remove quotes from timeline name

view details

Theo

commit sha b239622322cab4a2436cf4487ac3ac2ee5d6767a

[Metawolf] Use Metawolf's utils in process class and add option to hide read errors (#418) * [Metawolf] Add option to hide read error warning Signed-off-by: Theo Giovanna <gtheo@google.com> * Use Metawolf's utils in MetawolfProcess by default Signed-off-by: Theo Giovanna <gtheo@google.com>

view details

itsmvd

commit sha ae363de1997102ec18fc8d9856def09806880728

Update interface.py (#436) Fix typo

view details

Ramo

commit sha 02b5c60ffffed1029213ac85f569981f3ccfbbc8

Threaded Modules for TurbiniaGCPProcessor and TimesketchExporter (#432) * Created threaded versions of Turbinia GCP and Timesketch exporter * timeline name correction * Added some testing around errors * Notes from PR * Linter appeasement * PR suggestions

view details

Thomas Chopitea

commit sha 13c984fded95f5cc970e2b028149006ffa8f3d5e

Skip checks if no project name specified. (#438)

view details

Romain Gayon

commit sha 2f1a6484695f77ed6878e1754b0ce08f6128a664

set stdout as default output stream for logging.StreamHandler (#439)

view details

Theo

commit sha bb7ae49f8031c4e5cc6cdae6fbe00c07d24acd19

Metawolf: add `exit` command (#444) Signed-off-by: Theo Giovanna <gtheo@google.com>

view details

Ramo

commit sha 9f6906967dcd5a3310c5092df1015b3ce87bc832

Documentation update to detail Thread Aware Modules (#446) * Doc Update * Small language change * PR suggestions

view details

Alexander J

commit sha 007cda636572334edc71d0d45199302d7a22ac55

VT Module + vt_evtx vt_evtx_ts vt_pcap recipe (#420)

view details

Thomas Chopitea

commit sha aa938c6fe563bfb4504f06079dc9cf0ed4737ca3

Catch ResourceCreationErrors when disk already exists. (#445) * Catch HTTP 409 errors. * Catch exception

view details

Antti Tikkanen

commit sha 384509eb06d2f5df5167d2e83c56bc676be7b69f

Bigquery collector and related recipes (#447) * BigQuery collector and recipes Added a BigQuery collector and related recipes * Revert changes to test pattern * Fix lint and mypy errors * Removed pyarrow, added test clause * Really remove pyarrow Co-authored-by: Thomas Chopitea <tomchop@gmail.com>

view details

Antti Tikkanen

commit sha 546870016c58005a5d27306cf35acd9e58fb905e

Added 'pandas' extra to google-cloud-bigquery, re-generated requirements. (#453)

view details

Thomas Chopitea

commit sha c0d2dd78a796e8f2584db6e05e5611301b0ad5f6

Skip operations on disk when cannot be created (#451)

view details

Ramo

commit sha 9e275daf0ef9e5211d3b80b4562087b57bcf7042

Fix for failing tests (#454) * Fix for failing tests * Linter appeasement * Undo one thing

view details

Thomas Chopitea

commit sha c8a7a476ed64defea0b2ac439d1cae3c2ee5518a

Update deps, tweak GitHub actions (#452) * Update Pipfile * Add requirements * Update Turbinia * Ignore filelock pylint complaint * Combine github actions in one * Add install test action * Rename mypy / pylint actions * woops * Adjust description * Install through pipenv * Adjust badges * Adjust github action * Test install / linting on less versions / platforms * Adjust install * Tweak files * Instal local package * Update lockfiles * Update deps * Update deps

view details

push time in 3 days

created taggoogle/cloud-forensics-utils

tag20220114

Python library to carry out DFIR analysis on the Cloud

created time in 6 days

release google/cloud-forensics-utils

20220114

released time in 6 days

delete branch jonathan-greig/cloud-forensics-utils

delete branch : 20220114

delete time in 6 days

push eventgoogle/cloud-forensics-utils

Jonathan Greig

commit sha a08a62dbfbc6da9faad5bebbfc63367ee2c650f4

Version Bump (#428)

view details

push time in 6 days

PR opened google/cloud-forensics-utils

Reviewers
Version Bump
+1 -1

0 comment

1 changed file

pr created time in 6 days

push eventjonathan-greig/cloud-forensics-utils

Jonathan Greig

commit sha 6b0de7b14abaf9354d25cfd95c6b00ca3657671d

Fix date

view details

push time in 6 days

create barnchjonathan-greig/cloud-forensics-utils

branch : 20220114

created branch time in 6 days

push eventjonathan-greig/cloud-forensics-utils

Jonathan Greig

commit sha 8e06dd0d2843a5f1b3135410951330b54be67364

Add getIamPolicy functionality to GCP cloudresourcemanager module (#427) * Add projects.getIamPolicy functionality to GCP cloudresourcemanager module

view details

push time in 6 days

push eventjonathan-greig/cloud-forensics-utils

push time in 6 days

push eventjonathan-greig/cloud-forensics-utils

Jonathan Greig

commit sha 2c88407900d5ed8e9806d1202c92341c077d5d53

Version bump

view details

push time in 6 days

delete branch jonathan-greig/cloud-forensics-utils

delete branch : jonathan-greig/issue426

delete time in 6 days

push eventgoogle/cloud-forensics-utils

Jonathan Greig

commit sha 8e06dd0d2843a5f1b3135410951330b54be67364

Add getIamPolicy functionality to GCP cloudresourcemanager module (#427) * Add projects.getIamPolicy functionality to GCP cloudresourcemanager module

view details

push time in 6 days

issue closedgoogle/cloud-forensics-utils

Add projects.getIamPolicy to GCP cloudresourcemanager module

Will enable listing IAM bindings on GCP projects. API reference https://cloud.google.com/resource-manager/reference/rest/v3/projects/getIamPolicy

closed time in 6 days

jonathan-greig
PullRequestReviewEvent

Pull request review commentgoogle/cloud-forensics-utils

Add getIamPolicy functionality to GCP cloudresourcemanager module

 def DeleteResource(self, name: str) -> Dict[str, Any]:     response = common.ExecuteRequest(resource_client, 'delete', request)[0]     logger.info("Resource {0:s} was set for deletion.".format(name))     return response++  def GetIamPolicy(self, name: str) -> Dict[str, Any]:+    """Get IAM policy bindings for a resource.++    Args:+      name (str): a resource identifier in the format+        resource_type/resource_number e.g. projects/123456789012 where+        project_type is one of projects, folders or organizations.+    Returns:+      Dict[str, Any]: The policy bindings for the resource.+    """+    resource_type = name.split('/')[0]+    if resource_type not in self.RESOURCE_TYPES:+      raise TypeError('Invalid resource type "{0:s}", resource must be one of '

Done

jonathan-greig

comment created time in 6 days

push eventjonathan-greig/cloud-forensics-utils

Jonathan Greig

commit sha 9aba1e9691ad49f1774d45645097f776b3d077ce

Added raises to docstring

view details

push time in 6 days

push eventjonathan-greig/cloud-forensics-utils

Jonathan Greig

commit sha b25ac5c2fdf6b5c1da746bf14f6e8b4b0a5af96e

Whitespace

view details

push time in 7 days

create barnchjonathan-greig/cloud-forensics-utils

branch : jonathan-greig/issue426

created branch time in 7 days

issue openedgoogle/cloud-forensics-utils

Add projects.getIamPolicy to GCP cloudresourcemanager module

Will enable listing IAM bindings on GCP projects. API reference https://cloud.google.com/resource-manager/reference/rest/v3/projects/getIamPolicy

created time in 7 days

push eventjonathan-greig/cloud-forensics-utils

Theo

commit sha 8f4bf84c1aab4e4dd7600aa93d95a5805e2c861b

Add method to delete cloud project (#423) * Add method to delete cloud project Signed-off-by: Theo Giovanna <gtheo@google.com> * Fix docstring Signed-off-by: Theo Giovanna <gtheo@google.com> * Fix docstring Signed-off-by: Theo Giovanna <gtheo@google.com>

view details

Theo Giovanna

commit sha 922cec6a95395a17a97dd4e4c7c5715b42c820b3

Fix Azure tests Signed-off-by: Theo Giovanna <gtheo@google.com>

view details

Theo

commit sha 37a9de774d7453b66e91fcdb0c340edcd20c4217

Pin Azure deps until GH workflow install the same version and fix mypy (#425)

view details

Diana Kramer

commit sha c5f4d5edd525a702f7d953b4bc3a9ee62be53334

Add BigQuery Jobs functionality and tests (#424) * Add BigQuery Jobs functionality and tests * Remove type annotations from docs * Define BIGQUERY_API_VERSION as module variable * Update libcloudforensics/providers/gcp/internal/project.py Co-authored-by: Said Eid <46205691+sa3eed3ed@users.noreply.github.com> * Update tools/gcp_cli.py Co-authored-by: Said Eid <46205691+sa3eed3ed@users.noreply.github.com> * Update libcloudforensics/providers/gcp/internal/bigquery.py Co-authored-by: Said Eid <46205691+sa3eed3ed@users.noreply.github.com> * Update libcloudforensics/providers/gcp/internal/project.py Co-authored-by: Theo <theo.giovanna@gmail.com> Co-authored-by: Said Eid <46205691+sa3eed3ed@users.noreply.github.com> Co-authored-by: Theo <gtheo@google.com> Co-authored-by: Theo <theo.giovanna@gmail.com>

view details

push time in 8 days

push eventjonathan-greig/timesketch

Jonathan Greig

commit sha 820909e7247b47ca6f02d4508b3933883d8d0ee7

Add TODOs for not adding duplicate attributes

view details

push time in 8 days

push eventjonathan-greig/timesketch

Jonathan Greig

commit sha f905bf6e68bf04cc7559ac25a3156a4bb906d5f6

Added tags for more method names

view details

push time in 8 days

push eventjonathan-greig/plaso

Joachim Metz

commit sha 54c9b34ee4f248440b6036ec4f13d7419944b22b

Changes for psort list languages (#4024)

view details

Joachim Metz

commit sha 8c74a50ba94a2d39f35cf8b3e37e8e725bf2a31f

Changes for fallback to winevt-rc.db (#4023)

view details

Jonathan Greig

commit sha c59a34e0f1eb57a1d062d2cac63189971c038896

Added parser for GCP cloud logging (#3938)

view details

Daniel White

commit sha 2877758845192cce6476b9683670246211933de2

Corrected various typos and grammatical errors (#4025)

view details

push time in 8 days

push eventjonathan-greig/timesketch

Jonathan Greig

commit sha e67f9655382dd5ef26f8c3df35ad55079409ecd1

Remove Python 2 compatibility import

view details

push time in 8 days

more