sc-anssi

Hi ! You were almost there, you were missing the `input` element: https://dfir-orc.github.io/wolf_config.html#input-element Try something like this: #### process.ps1 ```powershell param([String]$ProcessName) Get-Process -Name $ProcessName | ConvertTo-Csv -NoTypeInformation ``` #### embed.xml...

Hi @qlemaire , I cannot reproduce your behaviour with one of our tool using a directory as output and DFIR-Orc v10.0.22. Could you give us the following information to help...

Hi, You are right, `source="Directory"` does not support recursive collection of files and directories. This was originally intended as a safeguard against unwanted/accidental recursive deletion during clean up. We might...

Hi, Thanks for the report, we can reproduce the second issue and it will be fixed in an upcoming release. However we cannot reproduce the first one so this might...

> I assume you are requesting xml local configuration file as json file ? You can give us the local configuration as well, but we are especially interested in the...

Having a signature for OpenBSD makes perfect sense from what I can understand of its boot process. You'll need to reverse engineer the MBR and PBR to properly whitelist its...

Hi all ! The CRCError is raised on the EventConsumer.txt file (non-empty), not EventConsumer.log (empty). I don't know if this changes anything, but I was just checking we were on...

Hi, We fixed (DFIR-ORC/dfir-orc@7d8bf430cb8cc22216d1f788ef41a3a42fbf0d97) the handling of empty streams added to an archive to match what is done for empty files. However, 7z does not really specify that it should...

Hi, Sorry for the late reply. I believe the configuration was tested with DumpIt v3.0.20200902.2 and winpmem v3.3-rc2. Regards.

Hi, The documentation mentions Apache and Nginx but I've not seen any reference to IIS in /docs/security.rst. But I don't think the webserver acting as reverse proxy is responsible for...