Integration with Timesketch

Navaneetha sankar

unread,

Jun 1, 2020, 8:50:35 PM6/1/20

to velociraptor-discuss

Hi,
Can I integrate velociraptor with Timesketch for automatic timeline generation?
Is there any dftimewolf recipie that is available for such automation?

Mike Cohen

unread,

Jun 1, 2020, 9:30:24 PM6/1/20

to Navaneetha sankar, velociraptor-discuss

Thats a great idea - we just produce JSON files and so I guess integration should be trivial. How do you see the integration working? Which artifact specifically would you use timesketch with?

--

Mike Cohen

Digital Paleontologist

Velocidex Enterprises

https://www.velocidex.com

+61.470238491

Navaneetha sankar

unread,

Jun 2, 2020, 5:25:21 AM6/2/20

to velociraptor-discuss

If I can run a list of per-defined artifact collection and upload the timeline to timesketch, that will be easy to analyze.

For example, the following recipe collects predefined artifacts and creates a sketch.

https://pydoc.net/dftimewolf/2017.6/dftimewolf.cli.recipes.grr_artifact_hosts/

scoobydoo

unread,

Sep 21, 2021, 5:13:01 PM9/21/21

to velociraptor-discuss

Hey guys/girls

Any update on this one, also interested. If not having integrations yet, can we upload artifact results (kape files) to a folder using the upload_directory? Any example using upload_directory?

Thanks!

Eric Capuano

unread,

Sep 21, 2021, 5:35:40 PM9/21/21

to scoobydoo, velociraptor-discuss

Not sure if this helps, but Whitney and I did a talk at DFIR summit about this.

https://www.youtube.com/watch?v=AuOWMz1nXqk

https://github.com/ReconInfoSec/velociraptor-to-timesketch

--

ERIC CAPUANO

CTO // FOUNDER

RECONINFOSEC.COM

O: 800-618-7080 ext. 101

C: 512-557-1885

--
You received this message because you are subscribed to the Google Groups "velociraptor-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to velociraptor-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/velociraptor-discuss/0d156400-2111-4107-86eb-1f2ac3dea6cdn%40googlegroups.com.

NOTICE

Trust but verify!

A Recon employee will never request sensitive information or access to systems via email or any other insecure means of communication. Please never send sensitive information to Recon via email or any other insecure channel.

If ever in doubt about the integrity of any communications claiming to be from Recon, immediately forward it to s...@reconinfosec.com and/or call the contact number on our website as soon as possible.

Reply all

Reply to author

Forward