valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 10:23:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f88d404e6d
osquery-1/specs/posix/device_hash.table
artemdinaburg d4a3fe2452 Windows Daemon/Shell: Initial support for Windows tables (#2182) 
Preparation for Windows Tables. We need a Windows process table so that the daemon will run
2016-06-23 16:04:11 -07:00

12 lines
582 B
Plaintext
Raw Blame History

table_name("device_hash")
description("Similar to the hash table, but use TSK and allow block address access.")
schema([
Column("device", TEXT, "Absolute file path to device node", required=True),
Column("partition", TEXT, "A partition number", required=True),
Column("inode", BIGINT, "Filesystem inode number", required=True),
Column("md5", TEXT, "MD5 hash of provided inode data"),
Column("sha1", TEXT, "SHA1 hash of provided inode data"),
Column("sha256", TEXT, "SHA256 hash of provided inode data"),
])
implementation("forensic/sleuthkit@genDeviceHash")
Reference in New Issue View Git Blame Copy Permalink