profile
viewpoint

log2timeline/dftimewolf 176

A framework for orchestrating forensic collection, processing and data export

ramo-j/fanotify 2

My fanotify implementation

ramo-j/tor_nagios 2

A nagios plugin for checking a tor server status

ramo-j/tinderbot 1

Tinder trolling bot

ramo-j/cloud-forensics-utils 0

Python library to carry out DFIR analysis on the Cloud

ramo-j/dftimewolf 0

A framework for orchestrating forensic collection, processing and data export

ramo-j/enigma 0

My CPP enigma implementation

ramo-j/genmake 0

Perl script for generating makefiles

ramo-j/grr 0

GRR Rapid Response: remote live forensics for incident response

push eventramo-j/dftimewolf

ramo-j

commit sha 06b3d099550a10dca32f90c9aab7e3735da877e7

rm dftimewolf/lib/exporters/timesketch_tam.py

view details

push time in 14 hours

push eventramo-j/dftimewolf

Ramo

commit sha 25aaa6e07ffc5187f3fa8f7eea5808bf67ab9595

Consolidate TimesketchExporter and TimesketchExporterThreaded (#494) * Consolidate TimesketchExporter and TimesketchExporterThreaded * Linter appeasement * PR suggestions * PR suggestions

view details

Theo

commit sha 18b4d0760d6a6ca378ac06c2242d04a0d8caf072

Update metawolf's doc (#497) * Update metawolf's doc Signed-off-by: Theo Giovanna <gtheo@google.com> * Fix transcripts Signed-off-by: Theo Giovanna <gtheo@google.com> * pylint Signed-off-by: Theo Giovanna <gtheo@google.com>

view details

Ramo

commit sha 58e51fbbe8125c1aa71d3e7fd67f1629d95af4a6

Removed Pre&PostSetup from threadawaremodule (#501)

view details

ramo-j

commit sha 5f1f6bf6cba39790960ed10c2a58e1a7107dc51d

In progress

view details

ramo-j

commit sha d673e5a00617913fd261185ad0cc717e0b4a32cf

In progress

view details

ramo-j

commit sha a88647ee5c7e28010b2a88041866c2034982b34f

In progress

view details

ramo-j

commit sha 1b5c73a9986e00a19f13ca44865a453cd974d15a

Merge branch 'turbs_tam' of github.com:ramo-j/dftimewolf into turbs_tam

view details

push time in 14 hours

push eventramo-j/dftimewolf

Ramo

commit sha 58e51fbbe8125c1aa71d3e7fd67f1629d95af4a6

Removed Pre&PostSetup from threadawaremodule (#501)

view details

push time in 14 hours

delete branch ramo-j/dftimewolf

delete branch : i500

delete time in 14 hours

issue closedlog2timeline/dftimewolf

Remove Pre & PostSetUp for ThreadAwareModules

Not sure why I thought it was a useful inclusion. Lets clear it out to remove excess unneeded code.

closed time in 14 hours

ramo-j

push eventlog2timeline/dftimewolf

Ramo

commit sha 58e51fbbe8125c1aa71d3e7fd67f1629d95af4a6

Removed Pre&PostSetup from threadawaremodule (#501)

view details

push time in 14 hours

PR merged log2timeline/dftimewolf

Removed Pre&PostSetup from ThreadAwareModule

These two methods don't provide any value, and so just create unneeded empty method stubs in TAM implementations.

Closes #500.

+5 -136

0 comment

11 changed files

ramo-j

pr closed time in 14 hours

PR opened log2timeline/dftimewolf

Removed Pre&PostSetup from ThreadAwareModule

These two methods don't provide any value, and so just create unneeded empty method stubs in TAM implementations.

Closes #500.

+5 -136

0 comment

11 changed files

pr created time in 15 hours

create barnchramo-j/dftimewolf

branch : i500

created branch time in 15 hours

issue openedlog2timeline/dftimewolf

Remove Pre & PostSetUp for ThreadAwareModules

Not sure why I thought it was a useful inclusion. Lets clear it out to remove excess unneeded code.

created time in 15 hours

PR closed ramo-j/dftimewolf

merge from upstream
+309 -670

0 comment

22 changed files

ramo-j

pr closed time in 15 hours

PR opened ramo-j/dftimewolf

merge from upstream
+309 -670

0 comment

22 changed files

pr created time in 15 hours

push eventramo-j/dftimewolf

Ramo

commit sha 25aaa6e07ffc5187f3fa8f7eea5808bf67ab9595

Consolidate TimesketchExporter and TimesketchExporterThreaded (#494) * Consolidate TimesketchExporter and TimesketchExporterThreaded * Linter appeasement * PR suggestions * PR suggestions

view details

Theo

commit sha 18b4d0760d6a6ca378ac06c2242d04a0d8caf072

Update metawolf's doc (#497) * Update metawolf's doc Signed-off-by: Theo Giovanna <gtheo@google.com> * Fix transcripts Signed-off-by: Theo Giovanna <gtheo@google.com> * pylint Signed-off-by: Theo Giovanna <gtheo@google.com>

view details

push time in 15 hours

PullRequestReviewEvent

push eventtomchop/dftimewolf

ramo-j

commit sha 7ffe02443354e722757d688c645fc776ac33a1e5

Linter appeasement

view details

push time in 19 hours

PullRequestReviewEvent
PullRequestReviewEvent

delete branch ramo-j/dftimewolf

delete branch : ts_tam

delete time in 3 days

push eventramo-j/dftimewolf

ramo-j

commit sha 583993d7a8f5877248be18c027391f06966189a5

In progress

view details

push time in 6 days

push eventramo-j/dftimewolf

ramo-j

commit sha a9e20403d1ebbe46f1bc923b287978a5ae24ed6b

In progress

view details

push time in 6 days

create barnchramo-j/dftimewolf

branch : turbs_tam

created branch time in 6 days

push eventramo-j/dftimewolf

Thomas Chopitea

commit sha 2cf0b38c432d79efaf717ba6c103179f76dd249b

Send YaraRule containers to Turbinia (#495) * Send YaraRule containers to Turbinia * Fix linter.

view details

Daniel White

commit sha 7b6da4cd36fd4b61a748320b99ed99a4f7763eaa

Improve handling of workspace logs with unknown types and Workspace log timeline names (#434) * Changes after review * Fix import * Always downcase parameter names * Always downcase parameter names * Handle Workspace logs with unknown types, improve naming of Workspace log timelines in Timesketch * Fix typing * Changes after review * Force convert actor and value strings

view details

push time in 6 days

push eventramo-j/dftimewolf

ramo-j

commit sha e20a22a3534c70856e0fe59d0ff5aa89bbfb9202

PR suggestions

view details

push time in 6 days

PR opened google/timesketch

Added permissions change to opensearch data directory

Fix for permissions on opensearch's data directory, data/opensearch that prevents opensearch from starting properly.

Closes #2109 2109

+2 -1

0 comment

1 changed file

pr created time in 6 days

create barnchramo-j/timesketch

branch : i2109

created branch time in 6 days

issue openedgoogle/timesketch

Incorrect permissions on directory data/opensearch

Describe the bug The permissions on directory data/opensearch are root:root 0755 by default. Opensearch in the opensearch container will fail if it cannot write to this directory, which as user 1000 it cannot do.

To Reproduce Steps to reproduce the behaviour:

  1. Follow instructions at https://timesketch.org/guides/admin/install/ to start the containers
  2. Create a sketch, navigate to sketch page
  3. Observe Internal Server Error.

I verified by listing listening ports inside the container. On timesketch host:

$ docker exec -u root -it opensearch /bin/bash
bash-4.2# cat /proc/net/tcp
  sl  local_address rem_address   st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout inode                                                     
   0: 00000000:25B2 00000000:0000 0A <snip>
   1: 0B00007F:A859 00000000:0000 0A <snip> 
   2: 00000000:2580 00000000:0000 0A <snip>

(Those ports need to be converted from hex, but 9200 is not listed)

Expected behaviour Opensearch starts and is listening on port 9200.

Desktop (please complete the following information):

  • OS: Ubuntu 20.04.3 LTS
  • Browser Firefox
  • Version 91.4.1esr (64-bit)

created time in 6 days

PullRequestReviewEvent

push eventramo-j/timesketch

Thomas Chopitea

commit sha 5d4d8d1b42944f9cb41a40eb642a9d0b2339a9a6

Add intelligence to the navbar (#2106) Co-authored-by: Johan Berggren <jberggren@gmail.com>

view details

push time in 6 days

fork ramo-j/timesketch

Collaborative forensic timeline analysis

fork in 7 days

more