Releases: SekoiaLab/Fastir_Collector
Releases · SekoiaLab/Fastir_Collector
V1.1 Release
N.B. : Binaries have been moved from the git repository to this page.
Additions
- When available, scheduled jobs will now use
at
- fs module will now report
startup
directories content - New cli option :
--output_type
to choose between a csv or json output
Bugfixes
- Fixed unpack size in timestamps for Windows < 7
- Eased compilation (Bugfixes + doc)
- Health module was off for several modules, fixed
- Several JSON modes bugs fixed, now also generate sha256 of log files
- Generated JSON files are now standard-compliant
_firefox_history.csv
,_Filecatcher.csv
and_evts.csv
now have headers- In
hash_processes
, type is now"hash processes"
- In
network_list
, type is nownetwork_list
- Network timestamps are properly formatted
- All Windows versions should output scheduled jobs now
- Fixed HOMEDRIVE not being set
- Fixed the detection of NTUSER.DAT files
- Registry module should work more consistently across Windows versions
- UserAssist count is no longer 1 time ahead for Win7 and above
- Filecatcher will now scan a directory only once
Values changed
- Registries module now uses hexadecimal notation for values it can not decode rather than skipping them
- Filecatcher will now use real path rather than VSS path
Output paths changes
_tasks.*
is removed, as it was a poorly formatted equivalent of_scheduled_jobs.*
.
N.B. Those changes fix mostly differences between JSON and CSV outputs for the same information.
_list_running.json
is now_processes.json
_list_shares.json
is now_shares.json
_networks_drives.json
is now_list_networks_drives.json
_list_services.json
is now_services.json
_shellbag.json
is now_shellbags.json
_run_mru_start.json
is now_run_MRU_start.json
_custom_registry.json
is now_custom_registry_keys.json
_processes_dlls.json
is now correctly generated_hash_processes.json
is now correctly generated
RMLL Releases
We have add new features and decide to make a release:
- Dump raw registry, SAM
- Networks lists registry
- Export MFT raw only
- Collects system information with SeDebugPrivilege
- Collect files recorded in autorun registry
- Collect specify keys
- Export json for all artefacts