forensics

package

v1.0.0 Latest Latest Go to latest Published: Mar 25, 2026 License: GPL-3.0 Imports: 4 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/hsqbyte/protospec

Links

Open Source Insights

Documentation ¶

Overview ¶

Package forensics provides network forensics analysis capabilities.

Index ¶

func FormatReport(r *ForensicsReport) string
type Analyzer
- func NewAnalyzer() *Analyzer
- func (a *Analyzer) AnalyzeData(data []byte) *ForensicsReport
type Credential
type DNSQuery
type FileExtract
type ForensicsReport
type TimelineEvent

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func FormatReport ¶

func FormatReport(r *ForensicsReport) string

FormatReport formats a forensics report as text.

Types ¶

type Analyzer ¶

type Analyzer struct{}

Analyzer performs forensics analysis.

func NewAnalyzer ¶

func NewAnalyzer() *Analyzer

NewAnalyzer creates a new forensics analyzer.

func (*Analyzer) AnalyzeData ¶

func (a *Analyzer) AnalyzeData(data []byte) *ForensicsReport

AnalyzeData performs forensics analysis on raw packet data.

type Credential ¶

type Credential struct {
	Protocol string `json:"protocol"`
	Type     string `json:"type"` // "basic_auth", "form", "ftp", "telnet"
	Source   string `json:"source"`
	Details  string `json:"details"`
}

Credential represents a detected credential in traffic.

type DNSQuery ¶

type DNSQuery struct {
	Timestamp time.Time `json:"timestamp"`
	Domain    string    `json:"domain"`
	Type      string    `json:"type"` // "A", "AAAA", "CNAME", "MX"
	Response  string    `json:"response,omitempty"`
}

DNSQuery represents a DNS query found in traffic.

type FileExtract ¶

type FileExtract struct {
	Filename string `json:"filename"`
	MimeType string `json:"mime_type"`
	Size     int64  `json:"size"`
	Hash     string `json:"hash"`
}

FileExtract represents a file extracted from traffic.

type ForensicsReport ¶

type ForensicsReport struct {
	Title        string          `json:"title"`
	GeneratedAt  time.Time       `json:"generated_at"`
	Hash         string          `json:"hash"`
	Timeline     []TimelineEvent `json:"timeline"`
	Credentials  []Credential    `json:"credentials,omitempty"`
	DNSQueries   []DNSQuery      `json:"dns_queries,omitempty"`
	FileExtracts []FileExtract   `json:"file_extracts,omitempty"`
	Summary      string          `json:"summary"`
}

ForensicsReport holds the complete forensics analysis report.

type TimelineEvent ¶

type TimelineEvent struct {
	Timestamp time.Time `json:"timestamp"`
	Protocol  string    `json:"protocol"`
	Source    string    `json:"source"`
	Dest      string    `json:"dest"`
	EventType string    `json:"event_type"` // "connection", "data", "credential", "file", "dns"
	Details   string    `json:"details"`
	Severity  string    `json:"severity"` // "info", "warning", "critical"
}

TimelineEvent represents an event in the forensics timeline.

Source Files ¶

View all Source files

forensics.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL