Extended Binary Coded Decimal Interchange Code (EBCDIC; /ˈɛbsɪdɪk/) is an eight-bit character encoding used mainly on IBM mainframe and IBM midrange computer operating systems. It descended from the code used with punched cards and the corresponding six-bit binary-coded decimal code used with most of IBM's computer peripherals of the late 1950s and early 196

It'd be helpful if there was a check for ELB and ALBs that have either no listeners or no instances in their target pool. The check is similar to an unused security group although their are more financial penalties for having idle ELB and ALBs.

fls -m "" defaults to / without warning or mention in documentation

[-m dir/]

	-m: Display output in mactime input format with
	      dir/ as the actual mount point of the image

With #1159 the ability to click parts of a chart and create a search in explore opens up the possibility to define an aggregation ID as well in the URL, eg: https://<TS_HOST>/sketch/<SKETCH_ID>/explore?q=my_search_query&a=132 - would point to a saved aggregation with an aggregation id 132... so clicking a bar (or data point) on the chart would bring you to explore, displaying that filtered view

In the documentation https://github.com/decalage2/oletools/wiki/olevba, it says "MS Office files encrypted with a password are also supported, because VBA macro code is never encrypted, only the content of the document". This makes me think, for an encrypted office file, olevba can extract the macro with or without a password provided. However, this is not the case. olevba seems only extracts the

It has been asked before so I ask again. Currently it is guesswork to find the two flows of a bidirectional tcp stream. It would be nice if they could be related through some information in report.xml.

For instance give each flow an ID and have pairs relate to each other in additional XML sections. Or give each TCP connection a unique ID and add the ID of the connection to each flow.

All other text/fonts in the GUI are easy to read. Text viewed in "Strings" is legible, but when switching to Text/Indexed Text or File Metadata/ istat Tool text is too small and hard to read. Is there a way to customize the font and/or size used to display this data? Is there a setting on the local Win10 machine I can make to change the font and/or size?

I have attached screen captures for refe

The project works with 8 modules < reference source/Module >

• Creating issue to accelerate/track test frame building of each module
• The test folder has a very basic example to start with.
• Feel free to make a pull request for the test cases

Current documentation on parsers and presets appears to be https://plaso.readthedocs.io/en/latest/sources/user/Parsers-and-plugins.html

Extend it with

• a description of how log2timeline parser and presets work
• preset.yaml configuration file

I was wondering if you had any updated documentation that could be added. The most current documentation is for version 1.3.0 4 years ago, and I know there has been a lot of things added since then.

Thanks!

Right now a lot of the logging from the tasks does not get propagated back to the user, so we should make sure that all of the tasks are adding logs and errors to the results so that at minimum the data gets put into the worker-log.txt. Ideally we would store this info in datastore so that the clients could query it later (this part is in #115).

error while trying to get gosint on blackarch

Would be great if the CLI was updated during "sift upgrade" also.
Or just a hint that you are using an old CLI.