Giter VIP home page Giter VIP logo

redlinebodyfile's Introduction

redlineBodyFile

While testing Fireeye's Redline, I noticed that the 'files-api.urn-UUID.xml' file has enough information to allow creating a body file so you can create a timeline. This program will allow specifiying a path from the tag for each FileItem (see the example below).

<?xml version="1.0" encoding="UTF-8"?>
<itemList generator="files-api" generatorVersion="30.19.0" itemSchemaLocation="http://schemas.mandiant.com/2013/11/fileitem.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 <FileItem created="2023-09-11T02:36:57Z" uid="UUID">
  <FullPath>/lib64</FullPath>
  <FilePath />
  <FileName>lib64</FileName>
  <FileExtension />
  <SizeInBytes>9</SizeInBytes>
  <Modified>2022-02-06T15:05:00Z</Modified>
  <Accessed>2023-09-11T00:34:45Z</Accessed>
  <Changed>2022-02-06T15:05:00Z</Changed>
  <Username>root</Username>
  <SecurityID>0</SecurityID>
  <Group>root</Group>
  <GroupID>0</GroupID>
  <Permissions>777</Permissions>
  <FileAttributes>Symlink</FileAttributes>
 </FileItem>
</itemList>

Running the program:

Help option:

redlineBodyFile -h
-----
Usage of redlineBodyFile:

-d string
      The directory to scan (no trailing slash) or full file path.
-f string
      The RedLine Audit file.

Example:

redlineBodyFile -f redline_audit.xml -d "c:\\documents"

Depending on the size of the XML file, this may take a while to run.

Then you can parse it with your normal tool to create a timeline.

redlinebodyfile's People

Contributors

thedunston avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.