The FTimes Project The HashDig Project The WebJob Project The PaD Project
Location: / Home / FTimes / Cookbook
FTimes
Home
Cooking with FTimes

This section is dedicated to capturing, in the form of recipes, information about how FTimes can be used, how its data may be processed and analyzed, and any other related topics. Each recipe attempts to solve a particular task or objective and is designed, if possible, to be scripted. The goal of this effort is to create an electronic cookbook that allows the practitioner to benefit directly from the past experiences of others.

All recipes and the scripts or programs contained within them are distributed under same terms and conditions as FTimes.

Compiling and Testing
  1. Compile OpenSSL for use with FTimes using MinGW/MSYS
  2. Compile PCRE for use with FTimes using MinGW/MSYS
Decoder - Decode encoded/compressed snapshots
  1. Decode and/or compare an encoded (or natively compressed) snapshot
DigMode - Dig (Search) for Hex/ASCII/Combo strings in specified files or devices
  1. Dig for strings on a remote system over ssh
  2. Extract (ftimes-dig2ctx.pl) context surrounding specified DigStrings
  3. Extract JPEG files from a pile of bits
  4. Extract PNG files from a pile of bits
  5. Extract a zip file from an iso image
GetMode - Get (Download) Map/Dig config files from an Integrity Server
  1. Download a config file to the local file system
  2. Download a config file to stdout
  3. Download a config file to stdout, map files, and upload results using a command pipeline
MapMode - Map (File Topography) specified files, directories, links, devices, or alternate data streams
  1. Map selected directories and files on a remote system over ssh
  2. Little ditties based around the size attribute
  3. Verify the integrity of a backup (e.g., tar ball)
HashDig - Perform hash resolution on unknown hashes
  1. Build and maintain HashDig reference database
Analysis - Process/Analyze FTimes data using various techniques
  1. Preprocess map data, load it into MySQL, and run analysis queries
  2. Create a MAC timeline using MySQL and SQL queries
  3. Create a MAC/MACH timeline (ftimes-map2mac.pl) and analyze the results
Integrity Monitoring - Various integrity monitoring frameworks, techniques, and tools
  1. Basic Integrity Monitoring Via SSH -- or BIMVS for short
  2. Basic Integrity Monitoring Via WebJob -- or BIMVW for short
  3. Process BIMVW output and create a set of browsable HTML reports
Copyright 2000-2014 The FTimes Project, All Rights Reserved.
The FreeBSD Project SourceForge Logo KoreLogic, Inc.