[NEW] security/py-dfwinreg

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[NEW] security/py-dfwinreg

Remi Pointel
Hi,

attached is dfwinreg: Digital Forensics Windows Registry, provides
read-only access to Windows Registry objects. It's needed for Plaso.

Ok?

Cheers,

Remi.

py-dfwinreg-20160428.tar.gz (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [NEW] security/py-dfwinreg

Remi Pointel
On 01/18/17 21:55, Remi Pointel wrote:

> Hi,
>
> attached is dfwinreg: Digital Forensics Windows Registry, provides
> read-only access to Windows Registry objects. It's needed for Plaso.
>
> Ok?
>
> Cheers,
>
> Remi.

Update depends which are in sysutils now.

Ok?

Cheers,

Remi.

py-dfwinreg-20160428.tar.gz (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [NEW] security/py-dfwinreg

Remi Pointel
On 02/12/17 09:52, Remi Pointel wrote:

> On 01/18/17 21:55, Remi Pointel wrote:
>> Hi,
>>
>> attached is dfwinreg: Digital Forensics Windows Registry, provides
>> read-only access to Windows Registry objects. It's needed for Plaso.
>>
>> Ok?
>>
>> Cheers,
>>
>> Remi.
>
>
> Update depends which are in sysutils now.
>
> Ok?
>
> Cheers,
>
> Remi.

ping

Reply | Threaded
Open this post in threaded view
|

Re: [NEW] security/py-dfwinreg

Stuart Henderson
On 2017/02/21 07:21, Remi Pointel wrote:

> On 02/12/17 09:52, Remi Pointel wrote:
> > On 01/18/17 21:55, Remi Pointel wrote:
> > > Hi,
> > >
> > > attached is dfwinreg: Digital Forensics Windows Registry, provides
> > > read-only access to Windows Registry objects. It's needed for Plaso.
> > >
> > > Ok?
> > >
> > > Cheers,
> > >
> > > Remi.
> >
> >
> > Update depends which are in sysutils now.
> >
> > Ok?
> >
> > Cheers,
> >
> > Remi.
>
> ping
>

I'm finding it difficult to keep track of these spread across a bunch of
mail threads and it's a pain to find the right file to test, could you post
a summary of the remaining deps in one message with a url for the tgz for
each please?  Thanks :)

Reply | Threaded
Open this post in threaded view
|

Re: [NEW] security/py-dfwinreg

Remi Pointel
On 02/21/17 12:03, Stuart Henderson wrote:
> I'm finding it difficult to keep track of these spread across a bunch of
> mail threads and it's a pain to find the right file to test, could you post
> a summary of the remaining deps in one message with a url for the tgz for
> each please?  Thanks :)
>

Hi,

only 5 ports needs to be imported:

- security/py-dfvfs
- devel/py-hachoir-core
- devel/py-hachoir-metadata
- devel/py-hachoir-parser
- security/plaso

and 1 port need to be downgraded:

- devel/py-construct

Attached are the tarball/diff.

Ok?

Cheers,

Remi.


plaso-1.5.1.tar.gz (7K) Download Attachment
py-construct.diff (18K) Download Attachment
py-dfvfs-20160918.tar.gz (4K) Download Attachment
py-hachoir-core_metadata_parser.tar.gz (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [NEW] security/py-dfwinreg

Stuart Henderson
On 2017/02/22 07:12, Remi Pointel wrote:
> On 02/21/17 12:03, Stuart Henderson wrote:
> > I'm finding it difficult to keep track of these spread across a bunch of
> > mail threads and it's a pain to find the right file to test, could you post
> > a summary of the remaining deps in one message with a url for the tgz for
> > each please?  Thanks :)
> >
>

thanks, this is easier :)

> - devel/py-hachoir-core
> - devel/py-hachoir-metadata
> - devel/py-hachoir-parser

a few minor comment tweaks for these, otherwise OK:  (it doesn't need to
be exactly this, but "Package of" etc are redundant)

diff --git a/py-hachoir-core/Makefile b/py-hachoir-core/Makefile
index 4653a0c..08b4116 100644
--- a/py-hachoir-core/Makefile
+++ b/py-hachoir-core/Makefile
@@ -1,6 +1,6 @@
 # $OpenBSD: Makefile.template,v 1.75 2016/03/20 17:19:49 naddy Exp $
 
-COMMENT = Core of Hachoir framework: parse and edit binary files
+COMMENT = framework to parse and edit binary files as a tree of objects
 
 MODPY_EGG_VERSION = 1.3.3
 DISTNAME = hachoir-core-${MODPY_EGG_VERSION}
diff --git a/py-hachoir-metadata/Makefile b/py-hachoir-metadata/Makefile
index c599d94..8c4ec78 100644
--- a/py-hachoir-metadata/Makefile
+++ b/py-hachoir-metadata/Makefile
@@ -1,6 +1,6 @@
 # $OpenBSD: Makefile.template,v 1.75 2016/03/20 17:19:49 naddy Exp $
 
-COMMENT = Program to extract metadata using Hachoir library
+COMMENT = extract metadata using Hachoir library
 
 MODPY_EGG_VERSION = 1.3.3
 DISTNAME = hachoir-metadata-${MODPY_EGG_VERSION}
diff --git a/py-hachoir-parser/Makefile b/py-hachoir-parser/Makefile
index fa6013e..fee0c9b 100644
--- a/py-hachoir-parser/Makefile
+++ b/py-hachoir-parser/Makefile
@@ -1,6 +1,6 @@
 # $OpenBSD: Makefile.template,v 1.75 2016/03/20 17:19:49 naddy Exp $
 
-COMMENT = Package of Hachoir parsers used to open binary files
+COMMENT = Hachoir parsers used to open binary files
 
 MODPY_EGG_VERSION = 1.3.4
 DISTNAME = hachoir-parser-${MODPY_EGG_VERSION}


> - security/plaso

COMMENT =               Python-based backend engine for the tool log2timeline

This (and DESCR) suggests it's just the backend, but it actually
includes tools as well. Does something like this make sense?

                |----------------------------------------------------------------|
COMMENT = engine and tools to analyse events/metadata from computer systems

--/--
plaso is a Python-based framework for computer forensic analysis. It can read
files from many types of filesystem and volume image, has parsers for a huge
number of file types across multiple platforms, and tools to deal with this
information, in particular log2timeline which can use this to produce a single
correlated timeline from a system.
--/--

> and 1 port need to be downgraded:
>
> - devel/py-construct

ok.