Skip to content

Releases: SekoiaLab/Fastir_Collector

V1.1 Release

16 May 08:44
Compare
Choose a tag to compare

N.B. : Binaries have been moved from the git repository to this page.

Additions

  • When available, scheduled jobs will now use at
  • fs module will now report startup directories content
  • New cli option : --output_type to choose between a csv or json output

Bugfixes

  • Fixed unpack size in timestamps for Windows < 7
  • Eased compilation (Bugfixes + doc)
  • Health module was off for several modules, fixed
  • Several JSON modes bugs fixed, now also generate sha256 of log files
  • Generated JSON files are now standard-compliant
  • _firefox_history.csv, _Filecatcher.csv and _evts.csv now have headers
  • In hash_processes, type is now "hash processes"
  • In network_list, type is now network_list
  • Network timestamps are properly formatted
  • All Windows versions should output scheduled jobs now
  • Fixed HOMEDRIVE not being set
  • Fixed the detection of NTUSER.DAT files
  • Registry module should work more consistently across Windows versions
  • UserAssist count is no longer 1 time ahead for Win7 and above
  • Filecatcher will now scan a directory only once

Values changed

  • Registries module now uses hexadecimal notation for values it can not decode rather than skipping them
  • Filecatcher will now use real path rather than VSS path

Output paths changes

  • _tasks.* is removed, as it was a poorly formatted equivalent of _scheduled_jobs.*.

N.B. Those changes fix mostly differences between JSON and CSV outputs for the same information.

  • _list_running.json is now _processes.json
  • _list_shares.json is now _shares.json
  • _networks_drives.json is now _list_networks_drives.json
  • _list_services.json is now _services.json
  • _shellbag.json is now _shellbags.json
  • _run_mru_start.json is now _run_MRU_start.json
  • _custom_registry.json is now _custom_registry_keys.json
  • _processes_dlls.json is now correctly generated
  • _hash_processes.json is now correctly generated

RMLL Releases

06 Jul 13:12
Compare
Choose a tag to compare

We have add new features and decide to make a release:

  • Dump raw registry, SAM
  • Networks lists registry
  • Export MFT raw only
  • Collects system information with SeDebugPrivilege
  • Collect files recorded in autorun registry
  • Collect specify keys
  • Export json for all artefacts