dumpers

package

v0.0.0-...-0b02afc Latest Latest Go to latest Published: May 13, 2020 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/CptOfEvilMinions/osquery-memory-forensics

Links

Open Source Insights

Documentation ¶

Index ¶

func CreateForensicsDirectory(directoryPath string) (bool, error)
func MemoryDump(foresincDataDirectory string, pid int, verification int, ...) (bool, string, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CreateForensicsDirectory ¶

func CreateForensicsDirectory(directoryPath string) (bool, error)

CreateForensicsDirectory input: Path to direcctory to save forensic data If directory exists it skips, else create it. CreateForensicsDirectory output: Return boolean reult and on failure return error

func MemoryDump ¶

func MemoryDump(foresincDataDirectory string, pid int, verification int, winAppDataDirPath string, dumpItExecutable *byteexec.Exec, procDumpExecutable *byteexec.Exec) (bool, string, error)

MemoryDump input: foresincDataDirectory, pid If PID is provided it will proceed with a memory dump of that process, else will default to a full memory dump MemoryDump output: Returns result, name of new dump (if sucessful), and status

Types ¶

This section is empty.

Source Files ¶

View all Source files

dumpers.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL