Cargo Features
[dependencies]
dfir-toolkit = { version = "0.11.2", default-features = false, features = ["mactime2", "gzip", "elastic", "evtxtools", "pol_export", "evtxscan", "evtxcat", "evtxls", "evtxanalyze", "evtx2bodyfile", "ipgrep", "ts2date", "lnk2bodyfile", "pf2bodyfile", "zip2bodyfile", "regdump", "hivescan", "cleanhive", "phf"] }- default = cleanhive, evtxtools, hivescan, ipgrep, lnk2bodyfile, mactime2, pf2bodyfile, pol_export, regdump, ts2date, zip2bodyfile
-
These default features are set whenever
dfir-toolkitis added withoutdefault-features = false - mactime2 default = bitflags, chrono-tz, color-print, elastic, encoding_rs_io, gzip, thiserror
-
Required by the mactime2 binary
- gzip mactime2 = flate2
- elastic mactime2 = base64, elasticsearch, futures, num-derive, num-traits, serde_json, sha2, strum, strum_macros, tokio, tokio-async-drop
-
Affects
dfir-toolkit::es4forensics…Required by the es4forensics binary
- evtxtools default = evtx2bodyfile, evtxanalyze, evtxcat, evtxls, evtxscan
- pol_export default
-
Required by the pol_export binary
- evtxscan evtxtools = evtx
-
Required by the evtxscan binary
- evtxcat evtxtools = colored_json, evtx, term-table, termsize
-
Required by the evtxcat binary
- evtxls evtxtools = colored, dfirtk-eventdata, evtx, lazy-regex, regex, sigpipe
-
Required by the evtxls binary
- evtxanalyze evtxtools = dfirtk-eventdata, dfirtk-sessionevent-derive, evtx, exitcode, walkdir
-
Required by the evtxanalyze binary
- evtx2bodyfile evtxtools = evtx, getset, indicatif, ouroboros
-
Required by the evtx2bodyfile binary
- ipgrep default
-
Required by the ipgrep binary
- ts2date default = regex
-
Required by the ts2date binary
- lnk2bodyfile default = lnk
-
Required by the lnk2bodyfile binary
- pf2bodyfile default = forensic-rs, frnsc-prefetch, libc, num
-
Required by the pf2bodyfile binary
- zip2bodyfile default = time, zip
-
Required by the zip2bodyfile binary
- regdump default = nt_hive2
-
Required by the regdump binary
- hivescan default = nt_hive2
-
Required by the hivescan binary
- cleanhive default = nt_hive2
-
Required by the cleanhive binary
Features from optional dependencies
In crates that don't use the dep: syntax, optional dependencies automatically become Cargo features. These features may have been created by mistake, and this functionality may be removed in the future.
- regex evtxls? ts2date
- chrono-tz mactime2
-
Enables chrono-tz ^0.8
mactime2
- serde_json elastic?
- flate2 gzip?
- thiserror mactime2
-
Enables thiserror ^1
- bitflags mactime2
- encoding_rs_io mactime2
- color-print mactime2
- dfirtk-eventdata evtxanalyze? evtxls?
-
Enables dfirtk-eventdata
evtxtools
- dfirtk-sessionevent-derive evtxanalyze?
- evtx evtx2bodyfile? evtxanalyze? evtxcat? evtxls? evtxscan?
- colored_json evtxcat?
-
Enables colored_json ^3
- term-table evtxcat?
- termsize evtxcat?
- colored evtxls?
- lazy-regex evtxls?
- sigpipe evtxls?
- phf implicit feature
-
Enables phf
phf:
Runtime support for perfect hash function data structures
- exitcode evtxanalyze?
- walkdir evtxanalyze?
- indicatif evtx2bodyfile?
-
Enables indicatif
evtx2bodyfile
- getset evtx2bodyfile?
- ouroboros evtx2bodyfile?
- elasticsearch elastic?
-
Enables elasticsearch ^8.4.0-alpha.1
es4forensics
requires libssl-dev - tokio elastic?
- tokio-async-drop elastic?
- futures elastic?
- sha2 elastic?
- base64 elastic?
-
Enables base64 ^0.21
- num-traits elastic?
- num-derive elastic?
- strum elastic?
- strum_macros elastic?
- nt_hive2 cleanhive hivescan regdump
-
Enables nt_hive2
nt-hive2
- lnk lnk2bodyfile
-
Enables lnk
lnk2bodyfile
- libc pf2bodyfile
-
Enables libc
pf2bodyfile
- num pf2bodyfile
- frnsc-prefetch pf2bodyfile
- forensic-rs pf2bodyfile
- zip zip2bodyfile
-
Enables zip
zip2bodyfile
- time zip2bodyfile