Add log2timeline, a log file parser for computer forensic investigations.

svn path=/head/; revision=266855
2010-12-24 19:10:30 +00:00 · 2010-12-24 19:10:30 +00:00 · b65cfef8d1 · 2021-03-31 03:12:20 +00:00
commit b65cfef8d1
parent 0007f908ef
5 changed files with 201 additions and 0 deletions
--- a/security/Makefile
+++ b/security/Makefile
@ -282,6 +282,7 @@
    SUBDIR += linux-openssl
    SUBDIR += linux-pam-docs
    SUBDIR += lockdown
+    SUBDIR += log2timeline
    SUBDIR += logcheck
    SUBDIR += lsh
    SUBDIR += luasec
--- a/security/log2timeline/Makefile
+++ b/security/log2timeline/Makefile
@ -0,0 +1,76 @@
+# New ports collection makefile for:	log2timeline
+# Date created:	24 December 2010
+# Whom:		Nobutaka Mantani <nobutaka@FreeBSD.org>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	log2timeline
+PORTVERSION=	0.51
+CATEGORIES=	security
+MASTER_SITES=	http://log2timeline.net/files/
+DISTNAME=	${PORTNAME}_${PORTVERSION}
+EXTRACT_SUFX=	.tgz
+
+MAINTAINER=	nobutaka@FreeBSD.org
+COMMENT=	A log file parser for computer forensic investigations
+
+LICENSE=	GPLv3
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+BUILD_DEPENDS=	${SITE_PERL}/Archive/Zip.pm:${PORTSDIR}/archivers/p5-Archive-Zip \
+		${SITE_PERL}/${PERL_ARCH}/DBD/SQLite.pm:${PORTSDIR}/databases/p5-DBD-SQLite \
+		${SITE_PERL}/${PERL_ARCH}/DBI/DBD.pm:${PORTSDIR}/databases/p5-DBI \
+		${SITE_PERL}/Carp/Assert.pm:${PORTSDIR}/devel/p5-Carp-Assert \
+		${SITE_PERL}/Data/Hexify.pm:${PORTSDIR}/devel/p5-Data-Hexify \
+		${SITE_PERL}/Date/Manip.pm:${PORTSDIR}/devel/p5-Date-Manip \
+		${SITE_PERL}/${PERL_ARCH}/DateTime.pm:${PORTSDIR}/devel/p5-DateTime \
+		${SITE_PERL}/DateTime/Format/Strptime.pm:${PORTSDIR}/devel/p5-DateTime-Format-Strptime \
+		${SITE_PERL}/DateTime/TimeZone.pm:${PORTSDIR}/devel/p5-DateTime-TimeZone \
+		${SITE_PERL}/${PERL_ARCH}/Glib.pm:${PORTSDIR}/devel/p5-Glib2 \
+		${SITE_PERL}/${PERL_ARCH}/Params/Validate.pm:${PORTSDIR}/devel/p5-Params-Validate \
+		${SITE_PERL}/Mac/PropertyList.pm:${PORTSDIR}/devel/p5-Mac-PropertyList \
+		${SITE_PERL}/Parse/Win32Registry.pm:${PORTSDIR}/devel/p5-Parse-Win32Registry \
+		${SITE_PERL}/Image/ExifTool.pm:${PORTSDIR}/graphics/p5-Image-ExifTool \
+		${SITE_PERL}/${PERL_ARCH}/Net/Pcap.pm:${PORTSDIR}/net/p5-Net-Pcap \
+		${SITE_PERL}/NetPacket.pm:${PORTSDIR}/net/p5-NetPacket \
+		${SITE_PERL}/${PERL_ARCH}/Digest/CRC.pm:${PORTSDIR}/security/p5-Digest-CRC \
+		${SITE_PERL}/${PERL_ARCH}/XML/LibXML.pm:${PORTSDIR}/textproc/p5-XML-LibXML \
+		${SITE_PERL}/File/Mork.pm:${PORTSDIR}/www/p5-File-Mork \
+		${SITE_PERL}/${PERL_ARCH}/HTML/Parser.pm:${PORTSDIR}/www/p5-HTML-Parser \
+		${SITE_PERL}/HTML/Scrubber.pm:${PORTSDIR}/www/p5-HTML-Scrubber \
+		${SITE_PERL}/LWP/UserAgent.pm:${PORTSDIR}/www/p5-libwww \
+		${SITE_PERL}/${PERL_ARCH}/Gtk2.pm:${PORTSDIR}/x11-toolkits/p5-Gtk2
+RUN_DEPENDS=	${BUILD_DEPENDS}
+
+PERL_CONFIGURE=	yes
+WRKSRC=	${WRKDIR}/${PORTNAME}
+
+MAN1=	log2timeline.1 \
+	timescanner.1 \
+	timescanner_threaded.1
+MAN3=	Log2t::BinRead.3 \
+	Log2t::Numbers.3 \
+	Log2t::Time.3 \
+	Log2t::input::evt.3 \
+	Log2t::input::evtx.3 \
+	Log2t::input::ff_bookmark.3 \
+	Log2t::input::firefox2.3 \
+	Log2t::input::ftk_dirlisting.3 \
+	Log2t::input::mcafee.3 \
+	Log2t::input::opera.3 \
+	Log2t::input::pcap.3 \
+	Log2t::input::pdf.3 \
+	Log2t::input::setupapi.3 \
+	Log2t::input::sol.3 \
+	Log2t::input::volatility.3 \
+	Log2t::input::wmiprov.3 \
+	Log2t::output::beedocs.3 \
+	Log2t::output::cef.3 \
+	Log2t::output::cftl.3 \
+	Log2t::output::csv.3 \
+	Log2t::output::tab.3 \
+	Parse::Evtx.3 \
+	Parse::Evtx::Chunk.3 \
+
+.include <bsd.port.mk>
--- a/security/log2timeline/distinfo
+++ b/security/log2timeline/distinfo
@ -0,0 +1,2 @@
+SHA256 (log2timeline_0.51.tgz) = b6b360e3460f7a2cd525be637468d9d68ad8a1bcde40c2b7639ed9c2adc225b9
+SIZE (log2timeline_0.51.tgz) = 295594
--- a/security/log2timeline/pkg-descr
+++ b/security/log2timeline/pkg-descr
@ -0,0 +1,5 @@
+log2timeline is a computer forensic tool to parse various log files and
+artifacts found on suspect systems and produce a timeline that can be
+analyzed by computer forensic examiners.
+
+WWW: http://log2timeline.net/
--- a/security/log2timeline/pkg-plist
+++ b/security/log2timeline/pkg-plist
@ -0,0 +1,117 @@
+bin/glog2timeline
+bin/log2timeline
+bin/timescanner
+bin/timescanner_threaded
+bin/update_log2timeline
+%%SITE_PERL%%/Log2t/BinRead.pm
+%%SITE_PERL%%/Log2t/Common.pm
+%%SITE_PERL%%/Log2t/Network.pm
+%%SITE_PERL%%/Log2t/Numbers.pm
+%%SITE_PERL%%/Log2t/Time.pm
+%%SITE_PERL%%/Log2t/Time.pm.orig
+%%SITE_PERL%%/Log2t/Win.pm
+%%SITE_PERL%%/Log2t/input/apache2_access.pm
+%%SITE_PERL%%/Log2t/input/apache2_error.pm
+%%SITE_PERL%%/Log2t/input/chrome.pm
+%%SITE_PERL%%/Log2t/input/evt.pm
+%%SITE_PERL%%/Log2t/input/evtx.pm
+%%SITE_PERL%%/Log2t/input/exif.pm
+%%SITE_PERL%%/Log2t/input/ff_bookmark.pm
+%%SITE_PERL%%/Log2t/input/firefox2.pm
+%%SITE_PERL%%/Log2t/input/firefox3.pm
+%%SITE_PERL%%/Log2t/input/ftk_dirlisting.pm
+%%SITE_PERL%%/Log2t/input/iehistory.pm
+%%SITE_PERL%%/Log2t/input/iis.pm
+%%SITE_PERL%%/Log2t/input/isatxt.pm
+%%SITE_PERL%%/Log2t/input/linux.lst
+%%SITE_PERL%%/Log2t/input/mactime.pm
+%%SITE_PERL%%/Log2t/input/mcafee.pm
+%%SITE_PERL%%/Log2t/input/opera.pm
+%%SITE_PERL%%/Log2t/input/oxml.pm
+%%SITE_PERL%%/Log2t/input/pcap.pm
+%%SITE_PERL%%/Log2t/input/pdf.pm
+%%SITE_PERL%%/Log2t/input/prefetch.pm
+%%SITE_PERL%%/Log2t/input/recycler.pm
+%%SITE_PERL%%/Log2t/input/restore.pm
+%%SITE_PERL%%/Log2t/input/safari.pm
+%%SITE_PERL%%/Log2t/input/setupapi.pm
+%%SITE_PERL%%/Log2t/input/sol.pm
+%%SITE_PERL%%/Log2t/input/squid.pm
+%%SITE_PERL%%/Log2t/input/syslog.pm
+%%SITE_PERL%%/Log2t/input/tln.pm
+%%SITE_PERL%%/Log2t/input/userassist.pm
+%%SITE_PERL%%/Log2t/input/volatility.pm
+%%SITE_PERL%%/Log2t/input/web.lst
+%%SITE_PERL%%/Log2t/input/win_link.pm
+%%SITE_PERL%%/Log2t/input/winvista.lst
+%%SITE_PERL%%/Log2t/input/winxp.lst
+%%SITE_PERL%%/Log2t/input/wmiprov.pm
+%%SITE_PERL%%/Log2t/input/xpfirewall.pm
+%%SITE_PERL%%/Log2t/output/beedocs.pm
+%%SITE_PERL%%/Log2t/output/cef.pm
+%%SITE_PERL%%/Log2t/output/cftl.pm
+%%SITE_PERL%%/Log2t/output/csv.pm
+%%SITE_PERL%%/Log2t/output/mactime.pm
+%%SITE_PERL%%/Log2t/output/mactime_l.pm
+%%SITE_PERL%%/Log2t/output/simile.pm
+%%SITE_PERL%%/Log2t/output/sqlite.pm
+%%SITE_PERL%%/Log2t/output/tab.pm
+%%SITE_PERL%%/Log2t/output/tln.pm
+%%SITE_PERL%%/Log2t/output/tlnx.pm
+%%SITE_PERL%%/Parse/Evtx.pm
+%%SITE_PERL%%/Parse/Evtx/BXmlNode.pm
+%%SITE_PERL%%/Parse/Evtx/BXmlNode/NameString.pm
+%%SITE_PERL%%/Parse/Evtx/BXmlNode/Node0x00.pm
+%%SITE_PERL%%/Parse/Evtx/BXmlNode/Node0x01.pm
+%%SITE_PERL%%/Parse/Evtx/BXmlNode/Node0x02.pm
+%%SITE_PERL%%/Parse/Evtx/BXmlNode/Node0x03.pm
+%%SITE_PERL%%/Parse/Evtx/BXmlNode/Node0x04.pm
+%%SITE_PERL%%/Parse/Evtx/BXmlNode/Node0x05.pm
+%%SITE_PERL%%/Parse/Evtx/BXmlNode/Node0x06.pm
+%%SITE_PERL%%/Parse/Evtx/BXmlNode/Node0x0c.pm
+%%SITE_PERL%%/Parse/Evtx/BXmlNode/Node0x0d.pm
+%%SITE_PERL%%/Parse/Evtx/BXmlNode/Node0x0e.pm
+%%SITE_PERL%%/Parse/Evtx/BXmlNode/Node0x0f.pm
+%%SITE_PERL%%/Parse/Evtx/BXmlNode/Root.pm
+%%SITE_PERL%%/Parse/Evtx/BXmlNode/SubstArray.pm
+%%SITE_PERL%%/Parse/Evtx/BXmlNode/Template.pm
+%%SITE_PERL%%/Parse/Evtx/Chunk.pm
+%%SITE_PERL%%/Parse/Evtx/Const.pm
+%%SITE_PERL%%/Parse/Evtx/Event.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x00.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x01.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x02.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x03.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x04.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x05.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x06.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x07.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x08.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x09.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x0a.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x0b.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x0c.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x0d.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x0e.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x0f.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x10.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x11.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x12.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x13.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x14.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x15.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x21.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x81.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x94.pm
+%%SITE_PERL%%/Parse/Evtx/VariantType/Type0x95.pm
+%%SITE_PERL%%/mach/auto/Log2t/.packlist
+@dirrm %%SITE_PERL%%/Log2t/input
+@dirrm %%SITE_PERL%%/Log2t/output
+@dirrm %%SITE_PERL%%/Log2t
+@dirrm %%SITE_PERL%%/Parse/Evtx/BXmlNode
+@dirrm %%SITE_PERL%%/Parse/Evtx/VariantType
+@dirrm %%SITE_PERL%%/Parse/Evtx
+@dirrm %%SITE_PERL%%/mach/auto/Log2t
+@dirrmtry %%SITE_PERL%%/Parse
+@dirrmtry %%SITE_PERL%%/mach/auto/Parse/Win32Registry