# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO # # When uploading crates to the registry Cargo will automatically # "normalize" Cargo.toml files for maximal compatibility # with all versions of Cargo and also rewrite `path` dependencies # to registry (e.g., crates.io) dependencies. # # If you are reading this file be aware that the original Cargo.toml # will likely look very different (and much more reasonable). # See Cargo.toml.orig for the original contents. [package] edition = "2021" rust-version = "1.78" name = "dfir-toolkit" version = "0.11.2" authors = [ "Jan Starke ", "Deborah Mahn ", ] build = false autobins = false autoexamples = false autotests = false autobenches = false description = "CLI tools for digital forensics and incident response" readme = "README.md" license = "GPL-3.0" repository = "https://github.com/dfir-dd/dfir-toolkit" [package.metadata.deb] maintainer-scripts = "scripts/maintainer" [lib] name = "dfir_toolkit" path = "src/lib.rs" [[bin]] name = "cleanhive" path = "src/bin/cleanhive/main.rs" required-features = ["cleanhive"] [[bin]] name = "es4forensics" path = "src/bin/es4forensics/main.rs" required-features = ["elastic"] [[bin]] name = "evtx2bodyfile" path = "src/bin/evtx2bodyfile/main.rs" required-features = ["evtx2bodyfile"] [[bin]] name = "evtxanalyze" path = "src/bin/evtxanalyze/main.rs" required-features = ["evtxanalyze"] [[bin]] name = "evtxcat" path = "src/bin/evtxcat/main.rs" required-features = ["evtxcat"] [[bin]] name = "evtxls" path = "src/bin/evtxls/main.rs" required-features = ["evtxls"] [[bin]] name = "evtxscan" path = "src/bin/evtxscan/main.rs" required-features = ["evtxscan"] [[bin]] name = "hivescan" path = "src/bin/hivescan/main.rs" required-features = ["hivescan"] [[bin]] name = "ipgrep" path = "src/bin/ipgrep/main.rs" required-features = ["ipgrep"] [[bin]] name = "lnk2bodyfile" path = "src/bin/lnk2bodyfile/main.rs" required-features = ["lnk2bodyfile"] [[bin]] name = "mactime2" path = "src/bin/mactime2/main.rs" required-features = ["mactime2"] [[bin]] name = "pf2bodyfile" path = "src/bin/pf2bodyfile/main.rs" required-features = ["pf2bodyfile"] [[bin]] name = "pol_export" path = "src/bin/pol_export/main.rs" required-features = ["pol_export"] [[bin]] name = "regdump" path = "src/bin/regdump/main.rs" required-features = ["regdump"] [[bin]] name = "ts2date" path = "src/bin/ts2date/main.rs" required-features = ["ts2date"] [[bin]] name = "zip2bodyfile" path = "src/bin/zip2bodyfile/main.rs" required-features = ["zip2bodyfile"] [[test]] name = "mod" path = "tests/mod.rs" [[test]] name = "ts2date" path = "tests/ts2date.rs" [[test]] name = "zip2bodyfile" path = "tests/zip2bodyfile.rs" [dependencies.anyhow] version = "1.0" [dependencies.base64] version = "0.21" optional = true [dependencies.binread] version = "2.2.0" [dependencies.bitflags] version = "2" optional = true [dependencies.chrono] version = "0.4" [dependencies.chrono-tz] version = "0.8" optional = true [dependencies.clap] version = "4.5" features = [ "derive", "wrap_help", "cargo", ] [dependencies.clap-markdown-dfir] version = "0.2.0" [dependencies.clap-verbosity-flag] version = "2.0.0" [dependencies.clap_complete] version = "4" [dependencies.clio] version = "0.3" features = ["clap-parse"] [dependencies.color-print] version = "0.3.6" optional = true [dependencies.colored] version = "2" optional = true [dependencies.colored_json] version = "3" optional = true [dependencies.csv] version = "1.2.2" [dependencies.dfirtk-eventdata] version = "0.1.3" optional = true [dependencies.dfirtk-sessionevent-derive] version = "0.1" optional = true [dependencies.duplicate] version = "1" [dependencies.elasticsearch] version = "8.4.0-alpha.1" optional = true [dependencies.encoding_rs] version = "0.8" [dependencies.encoding_rs_io] version = "0.1" optional = true [dependencies.evtx] version = "0.8" optional = true [dependencies.exitcode] version = "1.1.2" optional = true [dependencies.flate2] version = "1" optional = true [dependencies.forensic-rs] version = "0.13" optional = true [dependencies.frnsc-prefetch] version = "0.13" optional = true [dependencies.futures] version = "0.3" optional = true [dependencies.getset] version = "0.1" optional = true [dependencies.indicatif] version = "0.17" optional = true [dependencies.lazy-regex] version = "3.0.0" optional = true [dependencies.lazy_static] version = "1.4" [dependencies.libc] version = "0.2" optional = true [dependencies.lnk] version = "0.5.1" optional = true [dependencies.log] version = "0.4" [dependencies.nt_hive2] version = "4.2.3" optional = true [dependencies.num] version = "0" optional = true [dependencies.num-derive] version = "0" optional = true [dependencies.num-traits] version = "0.2" optional = true [dependencies.ouroboros] version = "0.18" optional = true [dependencies.phf] version = "0.11" optional = true [dependencies.regex] version = "1" optional = true [dependencies.serde] version = "1.0" features = ["derive"] [dependencies.serde_json] version = "1" optional = true [dependencies.sha2] version = "0.10" optional = true [dependencies.sigpipe] version = "0" optional = true [dependencies.simplelog] version = "0.12" [dependencies.strum] version = "0" features = ["derive"] optional = true [dependencies.strum_macros] version = "0" optional = true [dependencies.term-table] version = "1.3" optional = true [dependencies.termsize] version = "0.1" optional = true [dependencies.thiserror] version = "1" optional = true [dependencies.time] version = "0.3.36" optional = true [dependencies.tokio] version = "1" features = ["full"] optional = true [dependencies.tokio-async-drop] version = "0" optional = true [dependencies.walkdir] version = "2.5.0" optional = true [dependencies.winstructs] version = "0.3.0" [dependencies.zip] version = "2.1.3" features = ["time"] optional = true [dev-dependencies.assert-json-diff] version = "2.0" [dev-dependencies.assert_cmd] version = "2" [dev-dependencies.matches] version = "0.1" [dev-dependencies.more-asserts] version = "0.3" [dev-dependencies.rand] version = "0.8" [features] cleanhive = ["nt_hive2"] default = [ "pol_export", "mactime2", "evtxtools", "regdump", "hivescan", "cleanhive", "ipgrep", "ts2date", "lnk2bodyfile", "pf2bodyfile", "zip2bodyfile", ] elastic = [ "elasticsearch", "tokio", "futures", "serde_json", "sha2", "base64", "num-traits", "num-derive", "strum", "strum_macros", "tokio-async-drop", ] evtx2bodyfile = [ "evtx", "getset", "ouroboros", "indicatif", ] evtxanalyze = [ "evtx", "dfirtk-sessionevent-derive", "dfirtk-eventdata", "exitcode", "walkdir", ] evtxcat = [ "evtx", "colored_json", "term-table", "termsize", ] evtxls = [ "evtx", "colored", "lazy-regex", "regex", "sigpipe", "dfirtk-eventdata", ] evtxscan = ["evtx"] evtxtools = [ "evtxscan", "evtxcat", "evtxls", "evtxanalyze", "evtx2bodyfile", ] gzip = ["flate2"] hivescan = ["nt_hive2"] ipgrep = [] lnk2bodyfile = ["lnk"] mactime2 = [ "gzip", "elastic", "chrono-tz", "thiserror", "bitflags", "encoding_rs_io", "color-print", ] pf2bodyfile = [ "num", "libc", "frnsc-prefetch", "forensic-rs", ] pol_export = [] regdump = ["nt_hive2"] ts2date = ["regex"] zip2bodyfile = [ "zip", "time", ]