Skip to content

Changes to validator to warn about sort order #597

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
joachimmetz merged 1 commit into from
Jan 10, 2024
Merged

Changes to validator to warn about sort order #597

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 11 additions & 11 deletions artifacts/data/applications.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,16 @@
# Application artifacts.
---
name: GnomeEvolution
doc: Gnome Evolution files.
sources:
- type: FILE
attributes:
paths:
- '%%users.homedir%%/.cache/evolution/**'
- '%%users.homedir%%/.config/evolution/**'
- '%%users.homedir%%/.local/share/evolution/**'
supported_os: [Linux]
---
name: MicrosoftOfficeAutosave
aliases: [WindowsMsOfficeAutosave]
doc: Automatically created Microsoft Office recovery files.
Expand Down Expand Up @@ -122,14 +133,3 @@ sources:
- type: FILE
attributes: {paths: ['%%users.homedir%%/.thunderbird/**']}
supported_os: [Linux]
---
name: GnomeEvolution
doc: Gnome Evolution files.
sources:
- type: FILE
attributes:
paths:
- '%%users.homedir%%/.cache/evolution/**'
- '%%users.homedir%%/.config/evolution/**'
- '%%users.homedir%%/.local/share/evolution/**'
supported_os: [Linux]
16 changes: 8 additions & 8 deletions artifacts/data/file_systems.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,23 +1,23 @@
# File system artifacts.
---
name: NTFSMFTFiles
doc: The NTFS $MFT and $MFTMirr file system metadata files.
name: NTFSLogFile
doc: The NTFS $LogFile file system metadata file.
sources:
- type: FILE
attributes:
paths:
- '%%environ_systemdrive%%\$MFT'
- '%%environ_systemdrive%%\$MFTMirr'
paths: ['%%environ_systemdrive%%\$LogFile']
separator: '\'
urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/file_systems/NTFS.html']
supported_os: [Windows]
---
name: NTFSLogFile
doc: The NTFS $LogFile file system metadata file.
name: NTFSMFTFiles
doc: The NTFS $MFT and $MFTMirr file system metadata files.
sources:
- type: FILE
attributes:
paths: ['%%environ_systemdrive%%\$LogFile']
paths:
- '%%environ_systemdrive%%\$MFT'
- '%%environ_systemdrive%%\$MFTMirr'
separator: '\'
urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/file_systems/NTFS.html']
supported_os: [Windows]
Expand Down
24 changes: 12 additions & 12 deletions artifacts/data/hadoop.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,17 @@
# Hadoop artifacts
---
name: HadoopAppLogs
doc: Location where Hadoop application logs are stored
sources:
- type: FILE
attributes:
paths:
- '/hadoop/logs/*'
- '/hadoop/logs/userlogs/application_*/container_*/*'
- '/**2/hadoop/logs/*'
- '/**2/hadoop/logs/userlogs/application_*/container_*/*'
supported_os: [Linux]
---
name: HadoopAppRoot
doc: Location where Hadoop application files are stored
sources:
Expand All @@ -23,15 +35,3 @@ sources:
- '/**2/hadoop/yarn/timeline/leveldb-timeline-store.ldb/*'
- '/**2/hadoop/*/yarn/timeline/leveldb-timeline-store.ldb/*'
supported_os: [Linux]
---
name: HadoopAppLogs
doc: Location where Hadoop application logs are stored
sources:
- type: FILE
attributes:
paths:
- '/hadoop/logs/*'
- '/hadoop/logs/userlogs/application_*/container_*/*'
- '/**2/hadoop/logs/*'
- '/**2/hadoop/logs/userlogs/application_*/container_*/*'
supported_os: [Linux]
42 changes: 21 additions & 21 deletions artifacts/data/instant_messaging.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,26 @@
# Instant Messaging applications specific artifacts.
---
name: SignalApplicationContent
doc: Signal Application Content and Configuration
sources:
- type: FILE
attributes:
paths:
- '%%users.homedir%%/.var/app/org.signal.Signal/*/attachments.noindex/*'
- '%%users.homedir%%/.var/app/org.signal.Signal/*/Cache/*'
- '%%users.homedir%%/.var/app/org.signal.Signal/*/logs/*'
- '%%users.homedir%%/.var/app/org.signal.Signal/config.json'
supported_os: [Linux]
supported_os: [Linux]
---
name: SignalDatabase
doc: Signal Database file.
sources:
- type: FILE
attributes: {paths: ['%%users.homedir%%/.var/app/org.signal.Signal/db.sqlite']}
supported_os: [Linux]
supported_os: [Linux]
---
name: SkypeChatSync
doc: Chat Sync Directory
sources:
Expand Down Expand Up @@ -49,27 +70,6 @@ sources:
supported_os: [Darwin]
urls: ['https://forensics.wiki/mac_os_x_10.9_artifacts_location#skype']
---
name: SignalApplicationContent
doc: Signal Application Content and Configuration
sources:
- type: FILE
attributes:
paths:
- '%%users.homedir%%/.var/app/org.signal.Signal/*/attachments.noindex/*'
- '%%users.homedir%%/.var/app/org.signal.Signal/*/Cache/*'
- '%%users.homedir%%/.var/app/org.signal.Signal/*/logs/*'
- '%%users.homedir%%/.var/app/org.signal.Signal/config.json'
supported_os: [Linux]
supported_os: [Linux]
---
name: SignalDatabase
doc: Signal Database file.
sources:
- type: FILE
attributes: {paths: ['%%users.homedir%%/.var/app/org.signal.Signal/db.sqlite']}
supported_os: [Linux]
supported_os: [Linux]
---
name: XChatLogs
doc: XChat Log Files
sources:
Expand Down
14 changes: 7 additions & 7 deletions artifacts/data/kubernetes.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,5 @@
# Kubernetes artifacts
---
name: KubernetesLogs
doc: Log files that contain information about the Kubernetes installation of a node.
sources:
- type: FILE
attributes: {paths: ['/var/log/syslog*']}
supported_os: [Linux]
---
name: KubernetesCertificates
doc: |
Certificate files that are used for a Kubernetes cluster.
Expand Down Expand Up @@ -148,3 +141,10 @@ supported_os: [Linux]
urls:
- 'https://github.com/kubernetes/kubernetes/pull/74441'
- 'https://kubernetes.io/docs/concepts/cluster-administration/logging/'
---
name: KubernetesLogs
doc: Log files that contain information about the Kubernetes installation of a node.
sources:
- type: FILE
attributes: {paths: ['/var/log/syslog*']}
supported_os: [Linux]
74 changes: 37 additions & 37 deletions artifacts/data/macos.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,50 @@ sources:
- '%%users.homedir%%/Library/Developer/CoreSimulator/Devices/*/data/Library/AddressBook/AddressBookImages.sqlitedb'
supported_os: [Darwin]
---
name: MacOSAirportPreferencesPlistFile
aliases: [MacOSWirelessNetworks]
doc: Airport (wireless networking) preferences property list (plist) file.
sources:
- type: FILE
attributes: {paths: ['/Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist']}
supported_os: [Darwin]
urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/macos/NetworkSettings.html']
---
name: MacOSApplePushServiceSQLiteDatabaseFile
doc: Apple push service SQLite database file.
sources:
- type: FILE
attributes: {paths: ['/Library/Application Support/ApplePushService/aps.db']}
supported_os: [Darwin]
---
name: MacOSAppleSetupDoneFile
aliases: [MacOSSystemInstallationTime]
doc: Mac OS .AppleSetupDone file that hints to the system installation date and time.
sources:
- type: FILE
attributes:
paths:
- '/private/var/db/.AppleSetupDone'
- '/var/db/.AppleSetupDone'
supported_os: [Darwin]
urls: ['https://forensics.wiki/mac_os_x_10.9_artifacts_location#system-settings-and-informations']
---
name: MacOSAppleSystemLogFile
aliases: [MacOSAppleSystemLogFiles]
doc: Apple system log (ASL) files.
sources:
- type: FILE
attributes:
paths:
- '/private/var/log/asl/*.asl'
- '/private/var/log/DiagnosticMessages/*.asl'
- '/var/log/asl/*.asl'
- '/var/log/DiagnosticMessages/*.asl'
supported_os: [Darwin]
urls:
- 'https://forensics.wiki/mac_os_x_10.9_artifacts_location#system-logs'
- 'https://support.apple.com/guide/console/reports-cnsl664be99a/mac'
---
name: MacOSApplicationBundleCacheSQLiteDatabaseFile
doc: Application bundle cache SQLite database file.
sources:
Expand Down Expand Up @@ -58,43 +95,6 @@ sources:
attributes: {paths: ['%%users.homedir%%/Library/Application Support/CallHistoryDB/CallHistory.storedata']}
supported_os: [Darwin]
---
name: MacOSAirportPreferencesPlistFile
aliases: [MacOSWirelessNetworks]
doc: Airport (wireless networking) preferences property list (plist) file.
sources:
- type: FILE
attributes: {paths: ['/Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist']}
supported_os: [Darwin]
urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/macos/NetworkSettings.html']
---
name: MacOSAppleSetupDoneFile
aliases: [MacOSSystemInstallationTime]
doc: Mac OS .AppleSetupDone file that hints to the system installation date and time.
sources:
- type: FILE
attributes:
paths:
- '/private/var/db/.AppleSetupDone'
- '/var/db/.AppleSetupDone'
supported_os: [Darwin]
urls: ['https://forensics.wiki/mac_os_x_10.9_artifacts_location#system-settings-and-informations']
---
name: MacOSAppleSystemLogFile
aliases: [MacOSAppleSystemLogFiles]
doc: Apple system log (ASL) files.
sources:
- type: FILE
attributes:
paths:
- '/private/var/log/asl/*.asl'
- '/private/var/log/DiagnosticMessages/*.asl'
- '/var/log/asl/*.asl'
- '/var/log/DiagnosticMessages/*.asl'
supported_os: [Darwin]
urls:
- 'https://forensics.wiki/mac_os_x_10.9_artifacts_location#system-logs'
- 'https://support.apple.com/guide/console/reports-cnsl664be99a/mac'
---
name: MacOSApplicationsDirectory
aliases: [MacOSApplications]
doc: Contents of the Applications directory.
Expand Down
20 changes: 10 additions & 10 deletions artifacts/data/user.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,5 @@
# Operating system independent user artifact definitions.
---
name: UsersDirectory
aliases: [MacOSUsers, MacOSUsersDirectory, OSXUsers, UserHomeDirectory]
doc: Contents of the Users directory.
sources:
- type: PATH
attributes: {paths: ['/Users/*']}
supported_os: [Darwin]
provides: [users.username]
urls: ['https://forensics.wiki/mac_os_x_10.9_artifacts_location#users']
---
name: UserDownloadsDirectory
aliases: [MacOSUserDownloadsDirectory, UserDownloads, WindowsUserDownloadsDirectory]
doc: Contents of user Downloads directories.
Expand All @@ -25,3 +15,13 @@ sources:
supported_os: [Windows]
supported_os: [Darwin, Linux, Windows]
urls: ['https://forensics.wiki/mac_os_x_10.9_artifacts_location#user-directories']
---
name: UsersDirectory
aliases: [MacOSUsers, MacOSUsersDirectory, OSXUsers, UserHomeDirectory]
doc: Contents of the Users directory.
sources:
- type: PATH
attributes: {paths: ['/Users/*']}
supported_os: [Darwin]
provides: [users.username]
urls: ['https://forensics.wiki/mac_os_x_10.9_artifacts_location#users']
Loading