https://github.com/foxforensics/flog
Log forensic artifacts as JSON in ECS format. Part of the Forensic Artifacts Collecting Toolkit.
https://github.com/foxforensics/flog
artifacts dfir ecs fact flog forensic forensic-tool forensic-tools go pipeline
Last synced: 16 days ago
JSON representation
Log forensic artifacts as JSON in ECS format. Part of the Forensic Artifacts Collecting Toolkit.
- Host: GitHub
- URL: https://github.com/foxforensics/flog
- Owner: foxforensics
- License: mit
- Created: 2025-07-27T16:42:42.000Z (11 months ago)
- Default Branch: main
- Last Pushed: 2026-03-28T20:02:02.000Z (3 months ago)
- Last Synced: 2026-05-18T23:30:54.745Z (about 2 months ago)
- Topics: artifacts, dfir, ecs, fact, flog, forensic, forensic-tool, forensic-tools, go, pipeline
- Language: Go
- Homepage: https://pkg.go.dev/go.foxforensics.dev/flog
- Size: 587 KB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
README
# flog
Log forensic artifacts as JSON in [ECS](https://www.elastic.co/guide/en/ecs/current/index.html) format.
```console
go install go.foxforensics.eu/flog@latest
```
## Usage
```console
$ flog [-pqhv] [-D DIRECTORY] [FILE ...]
```
Available options:
- `-D` Log directory
- `-p` Pretty JSON
- `-q` Quiet mode
- `-h` Show usage
- `-v` Show version
Required system commands:
- [dotnet](https://dotnet.microsoft.com/en-us/download/dotnet/9.0)
> Use `scripts/eztools.sh` to install [Eric Zimmerman's Tools](https://ericzimmerman.github.io/#!index.md).
## Artifacts
Supported artifacts for Windows 7+ systems:
- [System Event Logs](https://forensics.wiki/windows_event_log_%28evt%29/)
- [User JumpLists](https://forensics.wiki/jump_lists/)
- [User ShellBags](https://forensics.wiki/shell_item/)
- [User Browser Histories](https://forensics.wiki/google_chrome/)
## License
Released under the [MIT License](LICENSE.md).