forensics

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 25, 2026 License: GPL-3.0 Imports: 4 Imported by: 0

Documentation

Overview

Package forensics provides network forensics analysis capabilities.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func FormatReport 

func FormatReport(r *ForensicsReport) string

FormatReport formats a forensics report as text.

Types

type Analyzer 

type Analyzer struct{}

Analyzer performs forensics analysis.

func NewAnalyzer 

func NewAnalyzer() *Analyzer

NewAnalyzer creates a new forensics analyzer.

func (*Analyzer) AnalyzeData 

func (a *Analyzer) AnalyzeData(data []byte) *ForensicsReport

AnalyzeData performs forensics analysis on raw packet data.

type Credential 

type Credential struct {
	Protocol string `json:"protocol"`
	Type     string `json:"type"` // "basic_auth", "form", "ftp", "telnet"
	Source   string `json:"source"`
	Details  string `json:"details"`
}

Credential represents a detected credential in traffic.

type DNSQuery 

type DNSQuery struct {
	Timestamp time.Time `json:"timestamp"`
	Domain    string    `json:"domain"`
	Type      string    `json:"type"` // "A", "AAAA", "CNAME", "MX"
	Response  string    `json:"response,omitempty"`
}

DNSQuery represents a DNS query found in traffic.

type FileExtract 

type FileExtract struct {
	Filename string `json:"filename"`
	MimeType string `json:"mime_type"`
	Size     int64  `json:"size"`
	Hash     string `json:"hash"`
}

FileExtract represents a file extracted from traffic.

type ForensicsReport 

type ForensicsReport struct {
	Title        string          `json:"title"`
	GeneratedAt  time.Time       `json:"generated_at"`
	Hash         string          `json:"hash"`
	Timeline     []TimelineEvent `json:"timeline"`
	Credentials  []Credential    `json:"credentials,omitempty"`
	DNSQueries   []DNSQuery      `json:"dns_queries,omitempty"`
	FileExtracts []FileExtract   `json:"file_extracts,omitempty"`
	Summary      string          `json:"summary"`
}

ForensicsReport holds the complete forensics analysis report.

type TimelineEvent 

type TimelineEvent struct {
	Timestamp time.Time `json:"timestamp"`
	Protocol  string    `json:"protocol"`
	Source    string    `json:"source"`
	Dest      string    `json:"dest"`
	EventType string    `json:"event_type"` // "connection", "data", "credential", "file", "dns"
	Details   string    `json:"details"`
	Severity  string    `json:"severity"` // "info", "warning", "critical"
}

TimelineEvent represents an event in the forensics timeline.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.