[package] name = "dfir-toolkit" version = "0.11.2" edition = "2021" authors = ["Jan Starke ", "Deborah Mahn "] description = "CLI tools for digital forensics and incident response" repository = "https://github.com/dfir-dd/dfir-toolkit" license = "GPL-3.0" # this version is required, because earlier versions handle missing `created` # timestamps as `Uncategorized`, instead of `Unsupported` rust-version = "1.78" [package.metadata.deb] maintainer-scripts = "scripts/maintainer" [[bin]] name = "mactime2" path = "src/bin/mactime2/main.rs" required-features = ["mactime2"] [[bin]] name = "evtxscan" path = "src/bin/evtxscan/main.rs" required-features = ["evtxscan"] [[bin]] name = "evtxcat" path = "src/bin/evtxcat/main.rs" required-features = ["evtxcat"] [[bin]] name = "evtxls" path = "src/bin/evtxls/main.rs" required-features = ["evtxls"] [[bin]] name = "evtxanalyze" path = "src/bin/evtxanalyze/main.rs" required-features = ["evtxanalyze"] [[bin]] name = "evtx2bodyfile" path = "src/bin/evtx2bodyfile/main.rs" required-features = ["evtx2bodyfile"] [[bin]] name = "pol_export" path = "src/bin/pol_export/main.rs" required-features = ["pol_export"] [[bin]] name = "es4forensics" path = "src/bin/es4forensics/main.rs" required-features = ["elastic"] [[bin]] name = "regdump" path = "src/bin/regdump/main.rs" required-features = ["regdump"] [[bin]] name = "hivescan" path = "src/bin/hivescan/main.rs" required-features = ["hivescan"] [[bin]] name = "cleanhive" path = "src/bin/cleanhive/main.rs" required-features = ["cleanhive"] [[bin]] name = "ipgrep" path = "src/bin/ipgrep/main.rs" required-features = ["ipgrep"] [[bin]] name = "ts2date" path = "src/bin/ts2date/main.rs" required-features = ["ts2date"] [[bin]] name = "lnk2bodyfile" path = "src/bin/lnk2bodyfile/main.rs" required-features = ["lnk2bodyfile"] [[bin]] name = "pf2bodyfile" path = "src/bin/pf2bodyfile/main.rs" required-features = ["pf2bodyfile"] [[bin]] name = "zip2bodyfile" path = "src/bin/zip2bodyfile/main.rs" required-features = ["zip2bodyfile"] # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [features] default = ["pol_export", "mactime2", "evtxtools", "regdump", "hivescan", "cleanhive", "ipgrep", "ts2date", "lnk2bodyfile", "pf2bodyfile", "zip2bodyfile"] mactime2 = ["gzip", "elastic", "chrono-tz", "thiserror", "bitflags", "encoding_rs_io", "color-print"] gzip = ["flate2"] elastic = ["elasticsearch", "tokio", "futures", "serde_json", "sha2", "base64", "num-traits", "num-derive", "strum", "strum_macros", "tokio-async-drop"] evtxtools = ["evtxscan", "evtxcat", "evtxls", "evtxanalyze", "evtx2bodyfile"] pol_export = [] evtxscan = ["evtx"] evtxcat = ["evtx", "colored_json", "term-table", "termsize"] evtxls = ["evtx", "colored", "lazy-regex", "regex", "sigpipe", "dfirtk-eventdata"] evtxanalyze = ["evtx", "dfirtk-sessionevent-derive", "dfirtk-eventdata", "exitcode", "walkdir"] evtx2bodyfile = ["evtx", "getset", "ouroboros", "indicatif"] ipgrep = [] ts2date = ["regex"] lnk2bodyfile = ["lnk"] pf2bodyfile = ["num", "libc", "frnsc-prefetch", "forensic-rs"] zip2bodyfile = ["zip", "time"] regdump = ["nt_hive2"] hivescan = ["nt_hive2"] cleanhive = ["nt_hive2"] [dependencies] anyhow = "1.0" binread = "2.2.0" chrono = "0.4" clap = {version = "4.5", features = ["derive", "wrap_help", "cargo"] } clap-verbosity-flag = "2.0.0" csv = "1.2.2" encoding_rs = "0.8" ## setting release_max_level_info conflicts with evtx # log = {version = "0.4", features = [ "release_max_level_info" ]} log = {version = "0.4"} serde = { version = "1.0", features = ["derive"] } simplelog = "0.12" winstructs = "0.3.0" lazy_static = "1.4" regex = {version = "1", optional=true} clap-markdown-dfir = "0.2.0" clap_complete = "4" clio = {version="0.3", features=["clap-parse"] } #clio = {path="../clio", features=["clap-parse"]} # mactime2 chrono-tz = {version="0.8", optional=true} serde_json = {version = "1", optional=true} flate2 = {version="1", optional=true} thiserror = {version="1", optional=true} bitflags = {version="2", optional=true} encoding_rs_io = {version="0.1", optional=true} color-print = {version="0.3.6", optional=true} # evtxtools dfirtk-eventdata = {version="0.1.3", optional=true} dfirtk-sessionevent-derive = {version="0.1", optional=true} evtx={version="0.8", optional=true} colored_json = {version="3", optional=true} term-table = {version = "1.3", optional=true} termsize = {version = "0.1", optional=true} colored = {version = "2", optional=true} lazy-regex = {version = "3.0.0", optional=true} sigpipe = {version = "0", optional=true} phf = {version = "0.11", optional=true} exitcode = {version="1.1.2", optional=true} walkdir = {version="2.5.0", optional=true} # evtx2bodyfile indicatif = {version="0.17", optional=true} getset = {version="0.1", optional=true} ouroboros = {version="0.18", optional=true} # bodyfile, es4forensics duplicate = "1" # es4forensics # requires libssl-dev elasticsearch = {version="8.4.0-alpha.1", optional=true} tokio = { version = "1", features = ["full"], optional=true } tokio-async-drop = {version="0", optional=true} futures = {version="0.3", optional=true } sha2 = {version="0.10", optional=true} base64 = {version="0.21", optional=true} num-traits = {version="0.2", optional=true} num-derive = {version="0", optional=true} strum = { version = "0", features = ["derive"], optional=true } strum_macros = {version="0", optional=true} # nt-hive2 nt_hive2 = {version="4.2.3", optional=true} #nt_hive2 = {path="../nt-hive2", optional=true} # lnk2bodyfile lnk = {version="0.5.1", optional=true} # pf2bodyfile libc = {version="0.2", optional=true} num = {version="0", optional=true} frnsc-prefetch = {version="0.13", optional=true} forensic-rs = {version="0.13", optional=true} # zip2bodyfile zip = {version="2.1.3", optional=true, features=["time"]} time = {version="0.3.36", optional=true} [dev-dependencies] # mactime2 more-asserts = "0.3" rand = "0.8" # bodyfile matches = "0.1" # es4forensics assert-json-diff = "2.0" assert_cmd = "2"