Skip to content

Releases: orlikoski/CDQR

CDQR 3.1.2

17 Feb 02:56
@orlikoski orlikoski
3.1.2
a6350cd
Compare
Choose a tag to compare
CDQR 3.1.2

What's New

  • Added descriptions for security related EID's in the Event Log Report
Loading

CDQR 3.1.1

16 Feb 00:36
@orlikoski orlikoski
3.1.1
a7110d9
Compare
Choose a tag to compare
CDQR 3.1.1

What's New

  • Optimized the final report parsing algorithm to decrease report generation time
  • Fixed a bug where some event log reports had an extra carriage return causing blank lines to appear between actual lines
Loading

CDQR 3.1

13 Feb 05:27
@orlikoski orlikoski
3.1
fdb664e
Compare
Choose a tag to compare
CDQR 3.1

What's New

  • New "Appcompat" Report that seperates the Appcompat results into a dedicated report
  • Improved report format for appcompat, event log, file system, mft, prefetch, and scheduled tasks reports
  • Easier to read
  • More pivot points
  • Allows additional sorting options (looking at you Appcompat entry order)
Loading

CDQR 3.0.1

03 Feb 00:41
@orlikoski orlikoski
3.0.1
fd55bb7
Compare
Choose a tag to compare
CDQR 3.0.1

Bug fixed that was removing leading forward slash "/"

Loading

Version 3.00

01 Jan 00:55
@orlikoski orlikoski
3.00
181df10
Compare
Choose a tag to compare
Version 3.00

What's New

  • Supports Plaso 1.5.x!!
  • New "Login" Report that incorporates login information for Windows and Linux
  • ElasticSearch output mode supported
  • Supports .zip file source input detection and handling
  • Python version works on Windows, Linux and Mac
  • Improvements to support the CCF-VM release
  • NOTE: Ensure line endings are correct
Loading

Version 2.01

22 Mar 14:58
@orlikoski orlikoski
2.01
a66a30c
Compare
Choose a tag to compare
Version 2.01

What's New

  • Ability to parse Mac images
  • Ability to parse Linux images
  • 14 Reports for DATT:
    Event Logs, File System, MFT, UsnJrnl, Internet History, Prefetch, Registry, Scheduled Tasks, Persistence, System Information, AntiVirus, Firewall, Mac, and Linux
  • 12 Reports for Win:
    Event Logs, File System, MFT, UsnJrnl, Internet History, Prefetch, Registry, Scheduled Tasks, Persistence, System Information, AntiVirus, Firewall
  • 7 Reports for Mac and Lin:
    File System, Internet History, System Information, AntiVirus, Firewall, Mac, and Linux
  • Improved the way existing log files and results directories are handled
  • Ability to create an export file
Loading

Version 1.05

22 Mar 14:57
@orlikoski orlikoski
1.05
8378014
Compare
Choose a tag to compare
Version 1.05

What's New

Added Do All The Things! parser (datt)

  • This enables all parsers for Plaso (version appropriate) and disables the partion/shadow copy options. This is meant to assist in processing extracted artifacts and not entire images.
  • This can be used on individual files as well as all files in a folder
  • example: "cdqr.exe -p datt c:\logs\eventlogs" or "cdqr.exe -p datt c:\logs\eventlogs\security.evt"

Now supports Plaso 1.4!

  • Adjusted default parsers for Plaso 1.4
  • Added compatibility for Plaso 1.3 and Plaso 1.4
  • Removes references to parsers no longer found in Plaso
  • Includes the new MFT, USNJRNL, and Fire_fox_cache version 2 parsers found in Plaso 1.4
Loading