Update tool description and readme

dfir-dd · Sep 18, 2023 · 83ce64a · 83ce64a
1 parent 264cb35
commit 83ce64a
Show file tree

Hide file tree

Showing 10 changed files with 60 additions and 22 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "dfir-toolkit"
-version = "0.7.6-dev"
+version = "0.7.5-dev"
 edition = "2021"
 authors = ["Jan Starke <jan.starke@posteo.de>", "Deborah Mahn <deborah.mahn@dfir-dd.de>"]
 description = "CLI tools for digital forensics and incident response"

diff --git a/README.md b/README.md
@@ -24,7 +24,7 @@
   - [x] [`regdump`](#regdump)
   - [ ] [`regls`](https://github.com/janstarke/regls)
   - [ ] [`regview`](https://github.com/janstarke/regview)
-  - [ ] [`ts2date`](https://github.com/janstarke/ts2date)
+  - [x] [`ts2date`](#ts2date)
   - [ ] [`usnjrnl_dump`](https://github.com/janstarke/usnjrnl)
 
 # Overview of timelining tools
@@ -94,7 +94,7 @@ This document contains the help content for the `es4forensics` command-line prog
 
 ## `es4forensics`
 
-CLI tools for digital forensics and incident response
+This crates provides structs and functions to insert timeline data into an elasticsearch index
 
 **Usage:** `es4forensics [OPTIONS] --index <INDEX_NAME> --password <PASSWORD> <COMMAND>`
 
@@ -172,7 +172,7 @@ This document contains the help content for the `evtx2bodyfile` command-line pro
 
 ## `evtx2bodyfile`
 
-CLI tools for digital forensics and incident response
+Parses a lot of evtx files and prints a bodyfile
 
 **Usage:** `evtx2bodyfile [OPTIONS] [EVTX_FILES]...`
 
@@ -209,7 +209,7 @@ This document contains the help content for the `evtxanalyze` command-line progr
 
 ## `evtxanalyze`
 
-CLI tools for digital forensics and incident response
+crate provide functions to analyze evtx files
 
 **Usage:** `evtxanalyze [OPTIONS] <COMMAND>`
 
@@ -294,7 +294,7 @@ This document contains the help content for the `evtxcat` command-line program.
 
 ## `evtxcat`
 
-CLI tools for digital forensics and incident response
+Display one or more events from an evtx file
 
 **Usage:** `evtxcat [OPTIONS] <EVTX_FILE>`
 
@@ -336,7 +336,7 @@ This document contains the help content for the `evtxls` command-line program.
 
 ## `evtxls`
 
-CLI tools for digital forensics and incident response
+Display one or more events from an evtx file
 
 **Usage:** `evtxls [OPTIONS] [EVTX_FILES]...`
 
@@ -406,7 +406,7 @@ This document contains the help content for the `evtxscan` command-line program.
 
 ## `evtxscan`
 
-CLI tools for digital forensics and incident response
+Find time skews in an evtx file
 
 **Usage:** `evtxscan [OPTIONS] <EVTX_FILE>`
 
@@ -476,7 +476,7 @@ This document contains the help content for the `ipgrep` command-line program.
 
 ## `ipgrep`
 
-CLI tools for digital forensics and incident response
+search for IP addresses in text files
 
 **Usage:** `ipgrep [OPTIONS] [FILE]...`
 
@@ -518,7 +518,7 @@ This document contains the help content for the `mactime2` command-line program.
 
 ## `mactime2`
 
-CLI tools for digital forensics and incident response
+replacement for `mactime`
 
 **Usage:** `mactime2 [OPTIONS]`
 
@@ -562,7 +562,7 @@ This document contains the help content for the `pol_export` command-line progra
 
 ## `pol_export`
 
-CLI tools for digital forensics and incident response
+Exporter for Windows Registry Policy Files
 
 **Usage:** `pol_export [OPTIONS] <POLFILE>`
 
@@ -594,7 +594,7 @@ This document contains the help content for the `regdump` command-line program.
 
 ## `regdump`
 
-CLI tools for digital forensics and incident response
+parses registry hive files and prints a bodyfile
 
 **Usage:** `regdump [OPTIONS] <HIVE_FILE>`
 
@@ -613,6 +613,43 @@ CLI tools for digital forensics and incident response
 
 
 
+<hr/>
+
+<small><i>
+    This document was generated automatically by
+    <a href="https://crates.io/crates/clap-markdown"><code>clap-markdown</code></a>.
+</i></small>
+
+# Command-Line Help for `ts2date`
+
+This document contains the help content for the `ts2date` command-line program.
+
+**Command Overview:**
+
+* [`ts2date`↴](#ts2date)
+
+## `ts2date`
+
+replaces UNIX timestamps in a stream by a formatted date
+
+**Usage:** `ts2date [OPTIONS] [INPUT_FILE] [OUTPUT_FILE]`
+
+###### **Arguments:**
+
+* `<INPUT_FILE>` — name of the file to read (default from stdin)
+
+  Default value: `-`
+* `<OUTPUT_FILE>` — name of the file to write (default to stdout)
+
+  Default value: `-`
+
+###### **Options:**
+
+* `-v`, `--verbose` — More output per occurrence
+* `-q`, `--quiet` — Less output per occurrence
+
+
+
 <hr/>
 
 <small><i>

diff --git a/scripts/update-md.sh b/scripts/update-md.sh
@@ -29,7 +29,7 @@ cat >README.md <<'EOF'
   - [x] [`regdump`](#regdump)
   - [ ] [`regls`](https://github.com/janstarke/regls)
   - [ ] [`regview`](https://github.com/janstarke/regview)
-  - [x] [`ts2date`](https://github.com/janstarke/ts2date)
+  - [x] [`ts2date`](#ts2date)
   - [ ] [`usnjrnl_dump`](https://github.com/janstarke/usnjrnl)
 
 # Overview of timelining tools

diff --git a/src/bin/evtx2bodyfile/evtx2bodyfile_app.rs b/src/bin/evtx2bodyfile/evtx2bodyfile_app.rs
@@ -10,7 +10,7 @@ use serde_json::Value;
 
 /// Parses a lot of evtx files and prints a bodyfile
 #[derive(Parser, Clone, Getters)]
-#[clap(name=env!("CARGO_BIN_NAME"), author, version, about, long_about = None)]
+#[clap(name=env!("CARGO_BIN_NAME"), author, version, long_about = None)]
 pub(crate) struct Evtx2BodyfileApp {
     /// names of the evtx files
     evtx_files: Vec<String>,

diff --git a/src/bin/evtxanalyze/cli.rs b/src/bin/evtxanalyze/cli.rs
@@ -57,8 +57,9 @@ pub enum Command {
     },
 }
 
+/// crate provide functions to analyze evtx files
 #[derive(Parser)]
-#[clap(name=env!("CARGO_BIN_NAME"), author, version, about, long_about = None)]
+#[clap(name=env!("CARGO_BIN_NAME"), author, version, long_about = None)]
 pub(crate) struct Cli {
     #[command(subcommand)]
     pub(crate) command: Command,

diff --git a/src/bin/evtxcat/cli.rs b/src/bin/evtxcat/cli.rs
@@ -6,7 +6,7 @@ use crate::output_format::OutputFormat;
 
 /// Display one or more events from an evtx file
 #[derive(Parser)]
-#[clap(name=env!("CARGO_BIN_NAME"),author,version,about)]
+#[clap(name=env!("CARGO_BIN_NAME"), author, version)]
 pub (crate) struct Cli {
     /// Name of the evtx file to read from
     pub (crate) evtx_file: String,

diff --git a/src/bin/evtxls/cli.rs b/src/bin/evtxls/cli.rs
@@ -20,7 +20,7 @@ pub(crate) enum SortOrder {
 
 /// Display one or more events from an evtx file
 #[derive(Parser)]
-#[clap(name=env!("CARGO_BIN_NAME"), author,version,about,long_about=None)]
+#[clap(name=env!("CARGO_BIN_NAME"), author, version,long_about=None)]
 pub(crate) struct Cli {
     /// Name of the evtx files to read from
     pub(crate) evtx_files: Vec<String>,

diff --git a/src/bin/evtxscan/cli.rs b/src/bin/evtxscan/cli.rs
@@ -5,7 +5,7 @@ use log::LevelFilter;
 
 /// Find time skews in an evtx file
 #[derive(Parser)]
-#[clap(name=env!("CARGO_BIN_NAME"), author, version, about)]
+#[clap(name=env!("CARGO_BIN_NAME"), author, version)]
 pub (crate) struct Cli {
     /// name of the evtx file to scan
     pub (crate) evtx_file: String,

diff --git a/src/bin/regdump/cli.rs b/src/bin/regdump/cli.rs
@@ -5,9 +5,9 @@ use dfir_toolkit::common::HasVerboseFlag;
 use log::LevelFilter;
 use nt_hive2::{HiveParseMode, Hive};
 
-
+/// parses registry hive files and prints a bodyfile
 #[derive(Parser)]
-#[clap(name=env!("CARGO_BIN_NAME"), author, version, about, long_about = None)]
+#[clap(name=env!("CARGO_BIN_NAME"), author, version, long_about = None)]
 pub (crate) struct Cli {
     /// name of the file to dump
     #[arg(value_parser = validate_file)]