-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathconfiguration.html
150 lines (127 loc) · 8.22 KB
/
configuration.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" content="Docutils 0.19: https://docutils.sourceforge.io/" />
<title>Configuration — DFIR ORC documentation</title>
<link rel="stylesheet" type="text/css" href="_static/pygments.css" />
<link rel="stylesheet" type="text/css" href="_static/solar.css" />
<link rel="stylesheet" type="text/css" href="_static/css/custom.css" />
<script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
<script src="_static/jquery.js"></script>
<script src="_static/underscore.js"></script>
<script src="_static/_sphinx_javascript_frameworks_compat.js"></script>
<script src="_static/doctools.js"></script>
<script src="_static/sphinx_highlight.js"></script>
<link rel="index" title="Index" href="genindex.html" />
<link rel="search" title="Search" href="search.html" />
<link rel="next" title="Referencing Resources in Configurations" href="resources.html" />
<link rel="prev" title="Architecture" href="architecture.html" /><link href='http://fonts.googleapis.com/css?family=Source+Code+Pro|Open+Sans:300italic,400italic,700italic,400,300,700' rel='stylesheet' type='text/css'>
<link href="_static/solarized-dark.css" rel="stylesheet">
</head><body>
<div class="related" role="navigation" aria-label="related navigation">
<h3>Navigation</h3>
<ul>
<li class="right" >
<a href="resources.html" title="Referencing Resources in Configurations"
accesskey="N">next</a>
<li class="right" >
<a href="architecture.html" title="Architecture"
accesskey="P">previous</a>
|</li>
<li class="nav-item nav-item-0"><a href="index.html">DFIR ORC documentation</a> »</li>
</ul>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
<div class="sphinxsidebarwrapper">
<p class="logo"><a href="index.html">
<img class="logo" src="_static/logo.jpg" alt="Logo"/>
</a></p>
<h3><a href="index.html">Table of Contents</a></h3>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="index.html">Introduction</a></li>
<li class="toctree-l1"><a class="reference internal" href="tuto.html">Tutorial</a></li>
<li class="toctree-l1"><a class="reference internal" href="platforms.html">Requirements</a></li>
<li class="toctree-l1"><a class="reference internal" href="intro_to_data_collection.html">Design and Architecture</a></li>
<li class="toctree-l1 current"><a class="current reference internal" href="#">Configuration</a><ul>
<li class="toctree-l2"><a class="reference internal" href="resources.html">Referencing Resources in Configurations</a></li>
<li class="toctree-l2"><a class="reference internal" href="cli_options.html">DFIR ORC Command-line Options</a></li>
<li class="toctree-l2"><a class="reference internal" href="wolf_config.html">WolfLauncher Configuration File</a></li>
<li class="toctree-l2"><a class="reference internal" href="ToolEmbed.html">ToolEmbed</a></li>
<li class="toctree-l2"><a class="reference internal" href="orc_local_config.html">DFIR ORC Local Configuration File</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="embedded_tool_suite.html">Embedded Tool Suite</a></li>
<li class="toctree-l1"><a class="reference internal" href="licenses.html">Licenses</a></li>
</ul>
<div id="searchbox" style="display: none" role="search">
<h3 id="searchlabel">Quick search</h3>
<div class="searchformwrapper">
<form class="search" action="search.html" method="get">
<input type="text" name="q" aria-labelledby="searchlabel" />
<input type="submit" value="Go" />
</form>
</div>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
</div>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<section id="configuration">
<h1>Configuration<a class="headerlink" href="#configuration" title="Permalink to this heading">¶</a></h1>
<p>As explained in the section <a class="reference internal" href="intro_to_data_collection.html"><span class="doc">Design and Architecture</span></a>, the configuration of DFIR ORC specify the list of programs to run and the name of the output archive containing the resulting data.</p>
<p>Any functional ready-to-use binary <code class="docutils literal notranslate"><span class="pre">DFIR-Orc.exe</span></code> embeds such a configuration as an XML resource. This latter is referred to as <a class="reference internal" href="wolf_config.html"><span class="doc">a WolfLauncher configuration file</span></a>.</p>
<p>WolfLauncher configuration can be embedded or extracted from <code class="docutils literal notranslate"><span class="pre">DFIR-Orc.exe</span></code> using its own ToolEmbed command, no external tool is required.</p>
<p>It is a usual step to extract a configuration for modification before embedding it back into <code class="docutils literal notranslate"><span class="pre">DFIR-Orc.exe</span></code>. But it is also possible to influence the execution of <code class="docutils literal notranslate"><span class="pre">DFIR-Orc.exe</span></code>, at least to some extent, using two other means.
Firstly, options can be gathered in a local configuration file to add or override embedded configuration elements.
Secondly, command-line options override both other levels of configuration.</p>
<p>Understanding how to configure of DFIR ORC is the key to unleashing its full potential.</p>
<p>To help getting started, a tutorial describes step by step a few scenarios.</p>
<div class="toctree-wrapper compound">
<ul>
<li class="toctree-l1"><a class="reference internal" href="resources.html">Referencing Resources in Configurations</a></li>
<li class="toctree-l1"><a class="reference internal" href="cli_options.html">DFIR ORC Command-line Options</a></li>
<li class="toctree-l1"><a class="reference internal" href="wolf_config.html">WolfLauncher Configuration File</a></li>
<li class="toctree-l1"><a class="reference internal" href="ToolEmbed.html">ToolEmbed</a></li>
<li class="toctree-l1"><a class="reference internal" href="orc_local_config.html">DFIR ORC Local Configuration File</a></li>
</ul>
</div>
</section>
<div class="clearer"></div>
</div>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="related" role="navigation" aria-label="related navigation">
<h3>Navigation</h3>
<ul>
<li class="right" >
<a href="resources.html" title="Referencing Resources in Configurations"
>next</a>
<li class="right" >
<a href="architecture.html" title="Architecture"
>previous</a>
|</li>
<li class="nav-item nav-item-0"><a href="index.html">DFIR ORC documentation</a> »</li>
</ul>
</div>
<div class="footer">
© Copyright 2019, ANSSI. The contents of this documentation is available under the Open License version 2.0 as published by Etalab (French task force for Open Data). The name DFIR ORC and the associated logo belong to ANSSI, no use is permitted without its express approval. Le contenu de cette documentation est disponible sous license Open License version 2.0 telle que publiée par Etalab (organisation francaise pour Open Data). Le nom DFIR ORC et le logo associé appartiennent à l'ANSSI, tout usage doit être expressément autorisé par l'ANSSI..
Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 5.3.0.Theme is <a href="http://github.com/vimalkvn/solar-theme">Solar</a>
</div>
<script type="text/javascript">
$(document).ready(function() {
$(".toggle > *").hide();
$(".toggle .header").show();
$(".toggle .header").click(function() {
$(this).parent().children().not(".header").toggle(400);
$(this).parent().children(".header").toggleClass("open");
})
});
</script>
</body>
</html>