Trufflepig Logo

De­vel­op­ment

  • Is­sues
  • 9
  • This Sprint
  • Is­sues
  • 9
  • Within 3 Months
  • Is­sues
  • 10
  • Within 6 Months
  • Is­sues
  • 12
  • On our ToDo List

Com­ing
This
Sprint

We are cur­rently work­ing on it

Tar­get re­lease date

2021-08-06

Ar­ti­factsUs­abil­itySta­bil­ityFile & Op­er­a­tion Sys­tem Sup­port
  • Shim­cache
    Shim­cache is ex­tracted from reg­istry and dis­played in the UI
  • Events View
    A new table view for the ex­tracted events (e.g. from shim­cache) is in­te­grated (ac­tual data will fol­low in the next sprint)
  • Reg­istry Key Ex­trac­tion
    A fix for a prob­lem where not all reg­istry keys were found in an analy­sis
  • Show Li­cense In­for­ma­tion
    Show li­cense in­for­ma­tion (es­pe­cially end date) in the fron­tend
  • Ex­ited Par­ent Process Vis­i­bil­ity
    When a par­ent process was found but ex­ited their child processes should dis­play that in the process de­tails ac­cord­ingly
  • Start and Exit Time of Processes
    A bug where the start and exit time of win­dows 7 processes were wrong is fixed
  • Stack De­tec­tion Im­prove­ments
    A bug where not all stack VAD re­gions were rec­og­nized is fixed
  • VMware Snap­shot Sup­port
    VMEM snap­shots can be analysed
  • Win­dows 7 Sup­port
    Win­dows 7 is fully sup­ported for the ar­ti­facts that are cur­rently dis­played

Com­ing
Hope­fully
Soon

Within 3 Months
Ar­ti­factsUs­abil­itySta­bil­ityFile & Op­er­a­tion Sys­tem Sup­port
  • Tor IPs API
    Via our API you can find out whether any found IP ad­dress is or was part of the Tor net­work
  • Win­dows Clip­board
    Win­dows clip­board con­tent is ex­tracted and dis­played in the UI
  • Win­dows Heap Struc­ture In­for­ma­tion
    All al­lo­ca­tion in­for­ma­tion from process heaps is ex­tracted
  • Process Mem­ory Ex­port
    The en­tire process mem­ory can be ex­ported as a crash dump
  • Data­base
    Analy­sis ar­ti­facts are stored in the data­base for fil­ter­ing, sort­ing, search­ing and per­sis­tence
  • IoC Vis­i­bil­ity
    The found IoCs are shown in the IoC view for all kinds of ar­ti­facts (cur­rently only process-re­lated IoCs are dis­played)
    • Hi­ber­na­tion File Sup­port
      Hi­ber­na­tion files can be an­a­lyzed
    • Win­dows 11 Sup­port
      Win­dows 11 is fully sup­ported for the ar­ti­facts that are cur­rently dis­played
    • Frag­mented Disk Im­ages
      Frag­mented disk im­ages can be added and an­a­lyzed

    Com­ing
    Hope­fully
    Later

    Within 6 Months
    Ar­ti­factsUs­abil­itySta­bil­ityFile & Op­er­a­tion Sys­tem Sup­port
    • Virus­To­tal API
    • Win­dows Cre­den­tials Ex­trac­tion
      Ex­ctract­ing pass­words and hashes from lsass.exe
    • User and Ses­sion In­for­ma­tion
      In­for­ma­tion on cur­rently logged in users is ex­tracted
    • Truf­flepig IoC Heuris­tics
      Cus­tom Truf­flepig heuris­tics can be used to find IoCs
    • Knowl­edge­base Ar­ti­cles
      Ar­ti­cles about processes, IoCs, (Win­dows) in­ter­nals etc.
    • Fron­tend Im­age Up­load
      For server in­stal­la­tions im­ages can now be up­loaded in the fron­tend
    • Crypto Con­tainer De­cryp­tion
      Crypto con­tain­ers for which the re­spec­tive keys have been found can be de­crypted
    • Process Icon Vis­i­bil­ity
      All sup­ported browsers can dis­play the process icons
    • Mod­u­lar Min­ion
      File parser plu­g­ins can be im­ple­mented
    • Win­dows 8 + 8.1 Sup­port
      Win­dows 8 and 8.1 are fully sup­ported for the ar­ti­facts that are cur­rently dis­played

    Time­line
    Not
    Spec­i­fied

    Will be added to the time­line
    Ar­ti­factsUs­abil­itySta­bil­ityFile & Op­er­a­tion Sys­tem Sup­port
    • Re­port Gen­er­a­tion
      Re­ports of the find­ings can be gen­er­ated from tem­plates
    • So­cial Me­dia Ar­ti­facts
      Chat his­to­ries/​ses­sion to­kens/​so­cial me­dia/​emails can be ex­tracted
    • Time­line View
      New time­line view to dis­play the or­der of events in­tu­itively
    • Col­lab­o­ra­tive Work
      Users can cre­ate ac­counts and work col­lab­o­ra­tively on cases
    • Nexus SaaS
      Truf­flepig Nexus can be used as SaaS
    • Process Tree Pre­view
      A pre­view of the process tree is shown whithin the process de­tails
    • Mitre Att&ck In­te­gra­tion
      IoCs are dis­played in the Mitre Att&ck ma­trix
    • IoC Ed­i­tor
      Cus­tom rules for IoCs can be cre­ated in an in­tu­itive UI
      • STIX/​TAXI In­te­gra­tion
        STIX IoCs can be im­ported via TAXI
      • Linux Sup­port
        Linux is fully sup­ported for the ar­ti­facts that are cur­rently dis­played
      • OSX Sup­port
        OSX is fully sup­ported for the ar­ti­facts that are cur­rently dis­played
      • FreeBSD Sup­port
        FreeBSD is fully sup­ported for the ar­ti­facts that are cur­rently dis­played