fleet icon indicating copy to clipboard operation
fleet copied to clipboard
verified publisher icon kolide

Add File Carving Support

Open reynas opened this issue 8 years ago • 10 comments

Is it possible, with the current version of Fleet, to use the carving options of osquery?

reynas avatar Feb 23 '18 08:02 reynas

No, it is not currently possible.

zwass avatar Feb 23 '18 17:02 zwass

Any short term plans to add this functionality?

reynas avatar Feb 24 '18 21:02 reynas

It's something we would like to support, but there are no short term plans for doing so.

zwass avatar Feb 26 '18 18:02 zwass

Having carving support would be great! I'd love to be able to put the files in a configurable S3 bucket as well

jacknagz avatar Jun 21 '18 23:06 jacknagz

Do you have an update on this? thx!

reynas avatar Oct 18 '18 09:10 reynas

Having this feature would greatly benefit incident response and forensics use cases.

lctrcl avatar Nov 18 '18 16:11 lctrcl

I am also interested in file carves. We haven't needed the functionality yet, but there are cases where it could have been extremely handy in IR.

benbasscom avatar Jan 22 '19 20:01 benbasscom

is this feature available now on kolide?

arimb00r avatar Feb 17 '20 15:02 arimb00r

Is file carving available now on Kolide fleet?

sanjakum-zz avatar Aug 20 '20 07:08 sanjakum-zz

@zwass Can this be turned into a feature request and considered in future updates please ?

anelshaer avatar Oct 12 '20 09:10 anelshaer