Update documentation #340
Update documentation #340
Conversation
Codecov Report
@@ Coverage Diff @@
## master #340 +/- ##
=======================================
Coverage 91.19% 91.19%
=======================================
Files 7 7
Lines 420 420
=======================================
Hits 383 383
Misses 37 37Continue to review full report at Codecov.
|
|
Thx for the PR, however there are some changes in the documentation that were deliberate TBD e.g. what to do with DIRECTORY definition type #286 This might take a bit, but I'll have a look what parts of the PR can be merged |
|
Related issue #23 |
|
I'm aware of this upcoming change. Anyway |
| @@ -72,6 +74,12 @@ An object of digital archaeological interest. | |||
| Where digital archaeology roughly refers to computer forensics without the | |||
| forensic (legal) context. | |||
|
|
|||
| === [[knowledge_base]]Knowledge Base | |||
There was a problem hiding this comment.
The Knowledge Base is a GRR implementation detail, not part of the specification. One could use runtime environment variables to expands paths.
There was a problem hiding this comment.
I used it as an easy way to describe provides and parameter expansion. If that should not be part of the spec those parts have to be defined on another way.
There was a problem hiding this comment.
If that should not be part of the spec those parts have to be defined on another way.
that needs to be assessed, currently provides is concept introduced by GRR.
| @@ -207,6 +216,7 @@ Currently the following different source types are defined: | |||
| | Value | Description | |||
| | ARTIFACT_GROUP | A source that consists of a group of other artifacts. | |||
| | COMMAND | A source that consists of the output of a command. | |||
| | DIRECTORY | A source that consists of the contents of directories. | |||
There was a problem hiding this comment.
Future of DIRECTORY depends on #286
There was a problem hiding this comment.
But is it currently part of the spec? It is a used in 14 artifact definitions.
| * [GRR Artifacts](https://www.blackhat.com/docs/us-14/materials/us-14-Castle-GRR-Find-All-The-Badness-Collect-All-The-Things-WP.pdf), by Greg Castle, Blackhat 2014 | ||
|
|
||
| ## Contact | ||
|
|
||
| [[email protected]](https://groups.google.com/forum/#!forum/forensicartifacts) | ||
|
|
||
| [slack](https://open-source-dfir.slack.com/messages/CBSJ9TDR9) |
There was a problem hiding this comment.
[email protected] is still valid, undo remove
There was a problem hiding this comment.
Is it only Google internal? Because I get an access denied (#418) on that page.
There was a problem hiding this comment.
It's a private (external) Google group, you'll need to subscribe to it
|
|
||
| Parameter can also contain regular glob elements (such as `**`, `*`, `?`, `[a-z]`). For | ||
| example, having files `foo`, `bar`, `baz` glob expansion of `ba?` will yield | ||
| `bar` and `baz`. Group expansion allows defining lists of possible artifact locations for example, |
There was a problem hiding this comment.
Group expansion is currently not supported.
There was a problem hiding this comment.
But is it part of the spec?
|
I've merged some of the changes ff2ea0c However some of the proposed changes require a closer look what should and what should not be adopted from the initial implementation in GRR. |
|
Thanks. I needed a more complete spec and I hope the empty spaces will be filled soon. |
Note that this can take some time, due to numerous factors, and things will change over time. I'll try to capture them as much as possible in issues. At the moment we're working on a plaso implementation to surface GRR specific implementation details (assumptions), some which might be tricky to resolve. |
No description provided.