Jurelou Sauron Save Abandoned

All-in-one forensics

Project README

Sauron is a forensics ETL (extract - transform - load) that focuses on processing digital forensics artefacts

Usage • Installation • Configuration • Documentation

Key Features

⚡ Blazingly fast - Horizontal scaling and high performance parallelism
? Ingest DFIR-ORC archives with ease
?️ Works with splunk right off the bat
⚙️ Modular - Add your own artefacts processors easily

Installation

Sauron must meet the following requirements:

Install sauron stack

make stack

Usage

$ ./bin/sauron --help
Usage: sauron [OPTIONS] COMMAND [ARGS]...

  Command-line interface for sauron.

Options:
  --version  Show the version and exit.
  --help     Show this message and exit.

Commands:
  evtx  Parse raw windows event logs.
  orc   Parse DFIR-ORC files.

Examples

Parse windows event logs, run sigma rules then sends the results to a custom splunk index

./bin/sauron evtx <evtx_folder> --splunk-index evtx_idx

Run sigma rules against a folder of windows event logs

./bin/sauron evtx <evtx_folder> --chainsaw

Parse a `DFIR-ORC` archive from a given path

./bin/sauron orc <orc_folder>

Only parse `user_hives` and `ntfs_info` from a `DFIR-ORC` archive

./bin/sauron orc <orc_folder> --user_hives --ntfs_info

Configuration

License

Usage is provided under the GNU General Public License v3.0. See LICENSE for the full details.

Open Source Agenda is not affiliated with "Jurelou Sauron" Project. README Source: jurelou/sauron

Stars

Open Issues

Last Commit

1 year ago

License

GPL-3.0

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/jurelou-sauron"><img src="https://www.opensourceagenda.com/projects/jurelou-sauron/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog