From b65cfef8d1f8489e0c93a2ac3052ad5a28cea20a Mon Sep 17 00:00:00 2001 From: MANTANI Nobutaka Date: Fri, 24 Dec 2010 19:10:30 +0000 Subject: [PATCH] Add log2timeline, a log file parser for computer forensic investigations. --- security/Makefile | 1 + security/log2timeline/Makefile | 76 +++++++++++++++++++++ security/log2timeline/distinfo | 2 + security/log2timeline/pkg-descr | 5 ++ security/log2timeline/pkg-plist | 117 ++++++++++++++++++++++++++++++++ 5 files changed, 201 insertions(+) create mode 100644 security/log2timeline/Makefile create mode 100644 security/log2timeline/distinfo create mode 100644 security/log2timeline/pkg-descr create mode 100644 security/log2timeline/pkg-plist diff --git a/security/Makefile b/security/Makefile index b0815373604f..192f12a3b533 100644 --- a/security/Makefile +++ b/security/Makefile @@ -282,6 +282,7 @@ SUBDIR += linux-openssl SUBDIR += linux-pam-docs SUBDIR += lockdown + SUBDIR += log2timeline SUBDIR += logcheck SUBDIR += lsh SUBDIR += luasec diff --git a/security/log2timeline/Makefile b/security/log2timeline/Makefile new file mode 100644 index 000000000000..380ae10f33c7 --- /dev/null +++ b/security/log2timeline/Makefile @@ -0,0 +1,76 @@ +# New ports collection makefile for: log2timeline +# Date created: 24 December 2010 +# Whom: Nobutaka Mantani +# +# $FreeBSD$ +# + +PORTNAME= log2timeline +PORTVERSION= 0.51 +CATEGORIES= security +MASTER_SITES= http://log2timeline.net/files/ +DISTNAME= ${PORTNAME}_${PORTVERSION} +EXTRACT_SUFX= .tgz + +MAINTAINER= nobutaka@FreeBSD.org +COMMENT= A log file parser for computer forensic investigations + +LICENSE= GPLv3 +LICENSE_FILE= ${WRKSRC}/LICENSE + +BUILD_DEPENDS= ${SITE_PERL}/Archive/Zip.pm:${PORTSDIR}/archivers/p5-Archive-Zip \ + ${SITE_PERL}/${PERL_ARCH}/DBD/SQLite.pm:${PORTSDIR}/databases/p5-DBD-SQLite \ + ${SITE_PERL}/${PERL_ARCH}/DBI/DBD.pm:${PORTSDIR}/databases/p5-DBI \ + ${SITE_PERL}/Carp/Assert.pm:${PORTSDIR}/devel/p5-Carp-Assert \ + ${SITE_PERL}/Data/Hexify.pm:${PORTSDIR}/devel/p5-Data-Hexify \ + ${SITE_PERL}/Date/Manip.pm:${PORTSDIR}/devel/p5-Date-Manip \ + ${SITE_PERL}/${PERL_ARCH}/DateTime.pm:${PORTSDIR}/devel/p5-DateTime \ + ${SITE_PERL}/DateTime/Format/Strptime.pm:${PORTSDIR}/devel/p5-DateTime-Format-Strptime \ + ${SITE_PERL}/DateTime/TimeZone.pm:${PORTSDIR}/devel/p5-DateTime-TimeZone \ + ${SITE_PERL}/${PERL_ARCH}/Glib.pm:${PORTSDIR}/devel/p5-Glib2 \ + ${SITE_PERL}/${PERL_ARCH}/Params/Validate.pm:${PORTSDIR}/devel/p5-Params-Validate \ + ${SITE_PERL}/Mac/PropertyList.pm:${PORTSDIR}/devel/p5-Mac-PropertyList \ + ${SITE_PERL}/Parse/Win32Registry.pm:${PORTSDIR}/devel/p5-Parse-Win32Registry \ + ${SITE_PERL}/Image/ExifTool.pm:${PORTSDIR}/graphics/p5-Image-ExifTool \ + ${SITE_PERL}/${PERL_ARCH}/Net/Pcap.pm:${PORTSDIR}/net/p5-Net-Pcap \ + ${SITE_PERL}/NetPacket.pm:${PORTSDIR}/net/p5-NetPacket \ + ${SITE_PERL}/${PERL_ARCH}/Digest/CRC.pm:${PORTSDIR}/security/p5-Digest-CRC \ + ${SITE_PERL}/${PERL_ARCH}/XML/LibXML.pm:${PORTSDIR}/textproc/p5-XML-LibXML \ + ${SITE_PERL}/File/Mork.pm:${PORTSDIR}/www/p5-File-Mork \ + ${SITE_PERL}/${PERL_ARCH}/HTML/Parser.pm:${PORTSDIR}/www/p5-HTML-Parser \ + ${SITE_PERL}/HTML/Scrubber.pm:${PORTSDIR}/www/p5-HTML-Scrubber \ + ${SITE_PERL}/LWP/UserAgent.pm:${PORTSDIR}/www/p5-libwww \ + ${SITE_PERL}/${PERL_ARCH}/Gtk2.pm:${PORTSDIR}/x11-toolkits/p5-Gtk2 +RUN_DEPENDS= ${BUILD_DEPENDS} + +PERL_CONFIGURE= yes +WRKSRC= ${WRKDIR}/${PORTNAME} + +MAN1= log2timeline.1 \ + timescanner.1 \ + timescanner_threaded.1 +MAN3= Log2t::BinRead.3 \ + Log2t::Numbers.3 \ + Log2t::Time.3 \ + Log2t::input::evt.3 \ + Log2t::input::evtx.3 \ + Log2t::input::ff_bookmark.3 \ + Log2t::input::firefox2.3 \ + Log2t::input::ftk_dirlisting.3 \ + Log2t::input::mcafee.3 \ + Log2t::input::opera.3 \ + Log2t::input::pcap.3 \ + Log2t::input::pdf.3 \ + Log2t::input::setupapi.3 \ + Log2t::input::sol.3 \ + Log2t::input::volatility.3 \ + Log2t::input::wmiprov.3 \ + Log2t::output::beedocs.3 \ + Log2t::output::cef.3 \ + Log2t::output::cftl.3 \ + Log2t::output::csv.3 \ + Log2t::output::tab.3 \ + Parse::Evtx.3 \ + Parse::Evtx::Chunk.3 \ + +.include diff --git a/security/log2timeline/distinfo b/security/log2timeline/distinfo new file mode 100644 index 000000000000..e9edf93ba624 --- /dev/null +++ b/security/log2timeline/distinfo @@ -0,0 +1,2 @@ +SHA256 (log2timeline_0.51.tgz) = b6b360e3460f7a2cd525be637468d9d68ad8a1bcde40c2b7639ed9c2adc225b9 +SIZE (log2timeline_0.51.tgz) = 295594 diff --git a/security/log2timeline/pkg-descr b/security/log2timeline/pkg-descr new file mode 100644 index 000000000000..46efbd9928cd --- /dev/null +++ b/security/log2timeline/pkg-descr @@ -0,0 +1,5 @@ +log2timeline is a computer forensic tool to parse various log files and +artifacts found on suspect systems and produce a timeline that can be +analyzed by computer forensic examiners. + +WWW: http://log2timeline.net/ diff --git a/security/log2timeline/pkg-plist b/security/log2timeline/pkg-plist new file mode 100644 index 000000000000..db1397e4a5fb --- /dev/null +++ b/security/log2timeline/pkg-plist @@ -0,0 +1,117 @@ +bin/glog2timeline +bin/log2timeline +bin/timescanner +bin/timescanner_threaded +bin/update_log2timeline +%%SITE_PERL%%/Log2t/BinRead.pm +%%SITE_PERL%%/Log2t/Common.pm +%%SITE_PERL%%/Log2t/Network.pm +%%SITE_PERL%%/Log2t/Numbers.pm +%%SITE_PERL%%/Log2t/Time.pm +%%SITE_PERL%%/Log2t/Time.pm.orig +%%SITE_PERL%%/Log2t/Win.pm +%%SITE_PERL%%/Log2t/input/apache2_access.pm +%%SITE_PERL%%/Log2t/input/apache2_error.pm +%%SITE_PERL%%/Log2t/input/chrome.pm +%%SITE_PERL%%/Log2t/input/evt.pm +%%SITE_PERL%%/Log2t/input/evtx.pm +%%SITE_PERL%%/Log2t/input/exif.pm +%%SITE_PERL%%/Log2t/input/ff_bookmark.pm +%%SITE_PERL%%/Log2t/input/firefox2.pm +%%SITE_PERL%%/Log2t/input/firefox3.pm +%%SITE_PERL%%/Log2t/input/ftk_dirlisting.pm +%%SITE_PERL%%/Log2t/input/iehistory.pm +%%SITE_PERL%%/Log2t/input/iis.pm +%%SITE_PERL%%/Log2t/input/isatxt.pm +%%SITE_PERL%%/Log2t/input/linux.lst +%%SITE_PERL%%/Log2t/input/mactime.pm +%%SITE_PERL%%/Log2t/input/mcafee.pm +%%SITE_PERL%%/Log2t/input/opera.pm +%%SITE_PERL%%/Log2t/input/oxml.pm +%%SITE_PERL%%/Log2t/input/pcap.pm +%%SITE_PERL%%/Log2t/input/pdf.pm +%%SITE_PERL%%/Log2t/input/prefetch.pm +%%SITE_PERL%%/Log2t/input/recycler.pm +%%SITE_PERL%%/Log2t/input/restore.pm +%%SITE_PERL%%/Log2t/input/safari.pm +%%SITE_PERL%%/Log2t/input/setupapi.pm +%%SITE_PERL%%/Log2t/input/sol.pm +%%SITE_PERL%%/Log2t/input/squid.pm +%%SITE_PERL%%/Log2t/input/syslog.pm +%%SITE_PERL%%/Log2t/input/tln.pm +%%SITE_PERL%%/Log2t/input/userassist.pm +%%SITE_PERL%%/Log2t/input/volatility.pm +%%SITE_PERL%%/Log2t/input/web.lst +%%SITE_PERL%%/Log2t/input/win_link.pm +%%SITE_PERL%%/Log2t/input/winvista.lst +%%SITE_PERL%%/Log2t/input/winxp.lst +%%SITE_PERL%%/Log2t/input/wmiprov.pm +%%SITE_PERL%%/Log2t/input/xpfirewall.pm +%%SITE_PERL%%/Log2t/output/beedocs.pm +%%SITE_PERL%%/Log2t/output/cef.pm +%%SITE_PERL%%/Log2t/output/cftl.pm +%%SITE_PERL%%/Log2t/output/csv.pm +%%SITE_PERL%%/Log2t/output/mactime.pm +%%SITE_PERL%%/Log2t/output/mactime_l.pm +%%SITE_PERL%%/Log2t/output/simile.pm +%%SITE_PERL%%/Log2t/output/sqlite.pm +%%SITE_PERL%%/Log2t/output/tab.pm +%%SITE_PERL%%/Log2t/output/tln.pm +%%SITE_PERL%%/Log2t/output/tlnx.pm +%%SITE_PERL%%/Parse/Evtx.pm +%%SITE_PERL%%/Parse/Evtx/BXmlNode.pm +%%SITE_PERL%%/Parse/Evtx/BXmlNode/NameString.pm +%%SITE_PERL%%/Parse/Evtx/BXmlNode/Node0x00.pm +%%SITE_PERL%%/Parse/Evtx/BXmlNode/Node0x01.pm +%%SITE_PERL%%/Parse/Evtx/BXmlNode/Node0x02.pm +%%SITE_PERL%%/Parse/Evtx/BXmlNode/Node0x03.pm +%%SITE_PERL%%/Parse/Evtx/BXmlNode/Node0x04.pm +%%SITE_PERL%%/Parse/Evtx/BXmlNode/Node0x05.pm +%%SITE_PERL%%/Parse/Evtx/BXmlNode/Node0x06.pm +%%SITE_PERL%%/Parse/Evtx/BXmlNode/Node0x0c.pm +%%SITE_PERL%%/Parse/Evtx/BXmlNode/Node0x0d.pm +%%SITE_PERL%%/Parse/Evtx/BXmlNode/Node0x0e.pm +%%SITE_PERL%%/Parse/Evtx/BXmlNode/Node0x0f.pm +%%SITE_PERL%%/Parse/Evtx/BXmlNode/Root.pm +%%SITE_PERL%%/Parse/Evtx/BXmlNode/SubstArray.pm +%%SITE_PERL%%/Parse/Evtx/BXmlNode/Template.pm +%%SITE_PERL%%/Parse/Evtx/Chunk.pm +%%SITE_PERL%%/Parse/Evtx/Const.pm +%%SITE_PERL%%/Parse/Evtx/Event.pm +%%SITE_PERL%%/Parse/Evtx/VariantType.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x00.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x01.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x02.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x03.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x04.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x05.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x06.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x07.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x08.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x09.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x0a.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x0b.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x0c.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x0d.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x0e.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x0f.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x10.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x11.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x12.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x13.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x14.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x15.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x21.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x81.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x94.pm +%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x95.pm +%%SITE_PERL%%/mach/auto/Log2t/.packlist +@dirrm %%SITE_PERL%%/Log2t/input +@dirrm %%SITE_PERL%%/Log2t/output +@dirrm %%SITE_PERL%%/Log2t +@dirrm %%SITE_PERL%%/Parse/Evtx/BXmlNode +@dirrm %%SITE_PERL%%/Parse/Evtx/VariantType +@dirrm %%SITE_PERL%%/Parse/Evtx +@dirrm %%SITE_PERL%%/mach/auto/Log2t +@dirrmtry %%SITE_PERL%%/Parse +@dirrmtry %%SITE_PERL%%/mach/auto/Parse/Win32Registry