Glenn
Defined in "decodeFNAttribute()", the value for the file size derives from "d['real_fsize'] = struct.unpack("
Looks like the RH profile uploaded to Linux/RedHat/x86/RedHat56.zip is x64 instead of x86
Ideally, this would be used in conjunction with Issue #6 so when something of interest is found within a plugins output, that row/data can be exported from the web interface...
I ran into some issues using the latest commit but had mixed results using a previous version. I received the following IndexError on the first image: ``` (test)root@heyWilli:~/python-ntfs-master# python examples/indxparse/indxparse.py...
Would be useful to have IP/Domain/Adapter info pulled from images in addition to hostname/product details in https://github.com/hiddenillusion/IR/blob/master/Disk_Analysis/get_system_details_from_image.py functions already written : https://github.com/williballenthin/python-registry/blob/master/samples/forensicating.py#L202
Other files to grab during Linux triage: - [ ] .viminfo - ssh - [ ] authorized_keys - [ ] .ssh/*
not sure it's needed for triaging but if you only have one shot I guess it could be useful: via Ian: for i in `echo $PATH | sed "s/:/ /g"`;...
Having the `analyze` output filter is useful for summarizing the events from the triage collection; however, a timeline view would also be extremely beneficial. There are plenty of timestamps being...