valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 18:08:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
ec7e1cb518
osquery-1/specs/carves.table
Mitchell Grenier 6065c26f1d Make all descriptions use periods consistently. (#3324)
2017-05-25 12:43:58 -07:00

18 lines
783 B
Plaintext
Raw Blame History

table_name("carves")
description("Forensic Carves.")
schema([
Column("time", BIGINT, "Time at which the carve was kicked off"),
Column("sha256", TEXT, "A SHA256 sum of the carved archive"),
Column("size", INTEGER, "Size of the carved archive"),
Column("path", TEXT, "The path of the requested carve"),
Column("status", TEXT, "Status of the carve, can be STARTING, PENDING, SUCCESS, or FAILED"),
Column("carve_guid", TEXT, "Identifying value of the carve session"),
Column("carve", INTEGER, "Set this value to '1' to start a file carve")
])
attributes(user_data=True)
implementation("forensic/carves@genCarves")
examples([
"select * from carves where status like '%FAIL%'",
"select * from carves where path like '/Users/%/Downloads/%' and carve=1",
])
Reference in New Issue View Git Blame Copy Permalink