Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

File carving functionality is broken #157

Closed
javuto opened this issue Nov 30, 2021 · 0 comments
Closed

File carving functionality is broken #157

javuto opened this issue Nov 30, 2021 · 0 comments
Assignees
@javuto
Labels
🐛 bug Something isn't working carves File carving related issues 🚨 HIGH PRI 🚨 High Priority issue osctrl-tls osctrl-tls related changes
Milestone
v0.2.6

Comments

@javuto
Copy link
Collaborator

javuto commented Nov 30, 2021

Issue

The file carving functionality in osctrl is broken past stable version 0.2.4. Last commit id with file carving fully working is 25b2b71b07dcfa81749b200b3fcc94a9138808eb.

Most likely the issue started happening after osquery/osquery#6959 landed in osquery, which was version 4.7.0. So any osquery version before that, should work as expected.

Mitigation

  1. Using osquery stable 4.6.0 with osctrl should not be affected with latest code.
  2. Using osctrl 0.2.4 or commit 25b2b71b07dcfa81749b200b3fcc94a9138808eb should work fine, given that osquery is not upgraded.

In order to checkout a specific tag or commit, use the following commands:

git checkout tags/0.2.4 0.2.4

git checkout 25b2b71b07dcfa81749b200b3fcc94a9138808eb
@javuto javuto added 🐛 bug Something isn't working osctrl-tls osctrl-tls related changes carves File carving related issues 🚨 HIGH PRI 🚨 High Priority issue labels Nov 30, 2021
@javuto javuto added this to the v0.2.6 milestone Nov 30, 2021
@javuto javuto self-assigned this Nov 30, 2021
@javuto javuto mentioned this issue Dec 28, 2021
Merged
@javuto javuto closed this as completed Dec 29, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@javuto javuto

Labels
🐛 bug Something isn't working carves File carving related issues 🚨 HIGH PRI 🚨 High Priority issue osctrl-tls osctrl-tls related changes
Projects
None yet
Milestone
v0.2.6
Development

No branches or pull requests
1 participant
@javuto