Mike Pilkington

Note that you can still interact with the $MFT without needing to copy it first. Just escape it on the command line. For example: ``` ls -lh /path/to/mount/\$MFT md5sum /path/to/mount/\$MFT...

Zimmerman tools would be a nice addition. We did it manually for FOR508. One thing to consider including is a set of aliases to make it easier to run the...

The wrapper seems like the better approach. It also probably has the benefit that it works better inside other shell scripts. I created a bash script for some automation recently...

Thanks Zach. If it's easy, it would be nice. However, I was able to compile it on 20.04, so it's not that big of a deal.

Hi @fukusuket, here's the error it shows when running the binary from `takajo-2.3.1-linux.zip`: ``` $ ./takajo --help ./takajo: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by ./takajo) ./takajo: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33'...

Thanks for the input @digitalsleuth. Is there an ETA on a new OVA? And in general, how do we know when the OVA gets updated? Could we get the OVA...

Hi All, I happened to see this post and thought I'd chime in on an option to send the event logs directly via Elastic's Winlogbeat agent. I'm a big fan...

I just thought of one more point to add. To forward the events into Elasticsearch in SOF-ELK from a Windows VM and use the config as-is pointing to localhost IP...

EvtxECmd does and admirable job parsing raw event logs and normalizing them in a way we can't do with native Windows events. Normalization is a problem because different developers are...

FYI, here's a good article about this issue from Mike Cohen on the Velociraptor site: https://docs.velociraptor.app/blog/2019/2019-11-12_windows-event-logs-d8d8e615c9ca/