Skip to content

log2timeline/l2tscaffolder

Repository files navigation

l2tscaffolder

l2tscaffolder is a tool that provides scaffolders for various open source projects. It can be used to bootstrap plugin or parser generation for tools like plaso, to make development work easier.

Project status

Travis-CI Codecov ReadTheDocs PyPi
Build Status codecov Doc Status PyPi Status

Documentation

The purpose of the l2t scaffolder tool is to simplify development of various open source forensics tools, eg. plaso, timesketch, turbinia, etc.

The tool simply provides a UI prompting the user to answer few questions, and then generates templates for all files needed to write a parser or a plugin for the appropriate tool, that is it provides scaffolding for the necessary boiler plate code that is sometimes associated with creating new plugins or parsers.

Usage

In essence the tool can be simply run as:

$ l2t_scaffolder.py

The tool will then guide you towards creating all the necessary files to generate a parser, plugin or a module for the given tool. Another way to run the tool is:

$ l2t_scaffolder.py <PROJECT>

eg:

$ l2t_scaffolder.py plaso

This will run the scaffolder tool to generate a plugin or a parser for plaso.

Also see:

Requirements

Python 3.6+, Python 2 is not supported.

Installation

The simple mechanism is to use pip within a virtualenv setup.

Setup virtualenv.

And then use pip3 inside the virtualenv:

$ pip3 install l2tscaffolder

Background

The original tool was called PlasoScaffolder, which was written by Claudia Saxer as part of her BSc and integrated into the log2timeline organization for purpose of maintenance.

l2tscaffolder is a rewrite of the original PlasoScaffolder tool, reusing parts of it, and rewriting other parts to make the tool easier to extend to other open source projects and scaffolders, the original tool was written for plaso and only supported SQLite plugins.