Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update NTFS Log Tracker Modules #843

Merged
merged 3 commits into from
Jul 31, 2023
Merged

Update NTFS Log Tracker Modules #843

merged 3 commits into from
Jul 31, 2023

Conversation

vxsh4d0w
Copy link
Contributor

Description

Please include a summary of the change and (if applicable) which issue is fixed.

Checklist:

Please replace every instance of [ ] with [X] OR click on the checkboxes after you submit your PR

  • I have generated a unique GUID for my Target(s)/Module(s)
  • I have placed the Target(s)/Module(s) in an appropriate subfolder in Targets or Modules. If one doesn't exist, I have either added it to the Misc folder or created a relevant subfolder with justification
  • I have set or updated the version of my Target(s)/Module(s)
  • I have verified that KAPE parses the Target(s)/Module(s) successfully via kape.exe, using --tlist/--mlist and corrected any errors
  • I have validated my Target(s)/Module(s) against test data and verified they are working as intended
  • I have made an attempt to document the artifacts within the Target(s) or Module(s) I am submitting. If documentation doesn't exist, I have placed N/A underneath the Documentation header
  • For Targets, I have consulted either the Target Guide, Target Template, Compound Target Guide, or Compound Target Template to ensure my Target(s) follow the same format
  • For Modules, I have consulted either the Module Guide, Module Template, Compound Module Guide, or Compound Module Template to ensure my Module(s) follow the same format

If your submission involves an SQLite database, have you considered making an SQLECmd Map for the SQLite database? If you make a Map, please add the SQLite database to the SQLiteDatabases.tkape Compound Target.

Thank you for your submission and for contributing to the DFIR community!

@AndrewRathbun AndrewRathbun self-assigned this Jul 31, 2023
vxsh4d0w
vxsh4d0w commented Jul 31, 2023
View reviewed changes
Copy link
Contributor Author

@vxsh4d0w vxsh4d0w left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed typo error related NTFS Log Tracker source

@AndrewRathbun
Copy link
Collaborator

@vxsh4d0w this Google Drive URL, is this an official link? Or is this self-hosted? Just curious if it's an official link or if there's documentation pointing to that particular URL.

@AndrewRathbun
Copy link
Collaborator

Also, if it's self-hosted, maybe we'd want to include the old URL in the Documentation below should the link ever expire. GitHub links are a lot more dependable as I don't think GitHub is going anywhere anytime soon, so I just want to avoid possible issues in the future with people being suspicious of a Drive link or the link becoming invalid eventually.

@vxsh4d0w
Copy link
Contributor Author

vxsh4d0w commented Jul 31, 2023
edited
Loading

@AndrewRathbun yep, it's the download link provided within official website: https://sites.google.com/site/forensicnote/ntfs-log-tracker

@AndrewRathbun
Copy link
Collaborator

@AndrewRathbun yep, it's the download link provided within official website: https://sites.google.com/site/forensicnote/ntfs-log-tracker

Okay, thank you. I am unfamiliar with this tool's documentation, etc, so I just wanted to double-check before merging. Cheers!

@vxsh4d0w
Copy link
Contributor Author

@AndrewRathbun yep, it's the download link provided within official website: https://sites.google.com/site/forensicnote/ntfs-log-tracker

Okay, thank you. I am unfamiliar with this tool's documentation, etc, so I just wanted to double-check before merging. Cheers!

You're right. I checked on GitHub and I didn't find any repo except something that was empty. Maybe I could create a repo in my account and coy next versions of this tool.

@AndrewRathbun
Copy link
Collaborator

@AndrewRathbun yep, it's the download link provided within official website: https://sites.google.com/site/forensicnote/ntfs-log-tracker

Okay, thank you. I am unfamiliar with this tool's documentation, etc, so I just wanted to double-check before merging. Cheers!

You're right. I checked on GitHub and I didn't find any repo except something that was empty. Maybe I could create a repo in my account and coy next versions of this tool.

As long as you have permission from the developer, I don't see an issue with that. Ideally, it would be nice if the tool is on GitHub but I don't expect either you or I to have much influence over that 😆

@AndrewRathbun AndrewRathbun merged commit de41751 into EricZimmerman:master Jul 31, 2023
1 check passed
@vxsh4d0w
Copy link
Contributor Author

@AndrewRathbun yep, it's the download link provided within official website: https://sites.google.com/site/forensicnote/ntfs-log-tracker

Okay, thank you. I am unfamiliar with this tool's documentation, etc, so I just wanted to double-check before merging. Cheers!

You're right. I checked on GitHub and I didn't find any repo except something that was empty. Maybe I could create a repo in my account and coy next versions of this tool.

As long as you have permission from the developer, I don't see an issue with that. Ideally, it would be nice if the tool is on GitHub but I don't expect either you or I to have much influence over that 😆

So true :D

@AndrewRathbun
Copy link
Collaborator

@AndrewRathbun yep, it's the download link provided within official website: https://sites.google.com/site/forensicnote/ntfs-log-tracker

Okay, thank you. I am unfamiliar with this tool's documentation, etc, so I just wanted to double-check before merging. Cheers!

You're right. I checked on GitHub and I didn't find any repo except something that was empty. Maybe I could create a repo in my account and coy next versions of this tool.

As long as you have permission from the developer, I don't see an issue with that. Ideally, it would be nice if the tool is on GitHub but I don't expect either you or I to have much influence over that 😆

So true :D

I will say, the answer is "no" if you don't ask, but absolutely no obligation to reach out to the developer.

Thanks for the PR!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@AndrewRathbun AndrewRathbun

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vxsh4d0w @AndrewRathbun