Skip to content

This PR tracks the v2.3.4 polish release. #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
LuCamachoJr merged 7 commits into from
Nov 4, 2025
Merged

This PR tracks the v2.3.4 polish release. #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
2abaa4c
v2.3.4 Polish: visuals, donuts+heatmap, evidence CSV, README/CHANGELO…
LuCamachoJr Nov 3, 2025
b957949
fix: remove stray Unicode banner line; format v2.3.3 for CI
LuCamachoJr Nov 3, 2025
a37451d
chore: auto-fix with ruff/black and remove unicode banner (#3)
LuCamachoJr Nov 3, 2025
1d8b3f6
fix: resolve merge conflicts keeping ours (ruff-formatted visual.py a…
LuCamachoJr Nov 3, 2025
cff7ab9
Update ForenSynth_ai_v2_3_3_visual.py
LuCamachoJr Nov 3, 2025
6682cb1
style: apply ruff/black after rebase
LuCamachoJr Nov 3, 2025
3c51cfe
Merge branch 'feature/poc-sampling' into main
LuCamachoJr Nov 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .gitattributes
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
*.json filter=lfs diff=lfs merge=lfs -text
samples/runs/ filter=lfs diff=lfs merge=lfs -text
3 changes: 3 additions & 0 deletions examples/2025-11-2-polish-run/detections.json
View file
Open in desktop
Git LFS file not shown
1,017 changes: 1,017 additions & 0 deletions examples/2025-11-2-polish-run/evidence_2025-11-02.csv
View file
Open in desktop

Large diffs are not rendered by default.

896 changes: 896 additions & 0 deletions examples/2025-11-2-polish-run/forensynth_report_2025-11-02.html
View file
Open in desktop

Large diffs are not rendered by default.

713 changes: 713 additions & 0 deletions examples/2025-11-2-polish-run/forensynth_summary_2025-11-02.md
View file
Open in desktop

Large diffs are not rendered by default.

8 changes: 3 additions & 5 deletions examples/sample_detections.json
View file
Open in desktop
Git LFS file not shown
Binary file added samples/runs/2025-11-2/2025-11-02 ForenSynth_AI_V2_3_4.jpg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added samples/runs/2025-11-2/2025-11-02 Random_DFIR_Noise_Simulator_LOLBIN.jpg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
32 changes: 23 additions & 9 deletions src/v2.3.3/ForenSynth_ai_v2_3_3_visual.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -209,10 +209,18 @@ def parse_args() -> AppConfig:

p.add_argument("--export-evidence-csv", action="store_true")
p.add_argument("--chart-style", choices=["heatmap", "pies", "both", "off"], default="both")
p.add_argument("--limit-detections", type=int, default=0,
help="If > 0, limit the number of detections processed after loading (applied post- Chainsaw).")
p.add_argument("--sample-step", type=int, default=0,
help="If > 1, keep every Nth detection before applying the limit (simple stratified sample).")
p.add_argument(
"--limit-detections",
type=int,
default=0,
help="If > 0, limit the number of detections processed after loading (applied post- Chainsaw).",
)
p.add_argument(
"--sample-step",
type=int,
default=0,
help="If > 1, keep every Nth detection before applying the limit (simple stratified sample).",
)

a = p.parse_args()
prefer = [s.strip() for s in a.prefer.split(",") if s.strip()]
Expand Down Expand Up @@ -259,7 +267,7 @@ def parse_args() -> AppConfig:
export_evidence_csv=a.export_evidence_csv,
chart_style=a.chart_style,
limit_detections=a.limit_detections,
sample_step=a.sample_step
sample_step=a.sample_step,
)


Expand Down Expand Up @@ -832,10 +840,13 @@ def write_ioc(name: str, items: List[str]):
write_ioc("md5", iocs.get("md5", []))
write_ioc("paths", iocs.get("paths", []))

# ──────────────────────────────────────────────────────────────────────────

# ────────────────────────────────────────────────────────────────────────────
# Sampling Helper
# ──────────────────────────────────────────────────────────────────────────
def apply_sampling(dets: List[Dict[str, Any]], limit: int = 0, step: int = 0, sort_time: bool = False) -> List[Dict[str, Any]]:
# ────────────────────────────────────────────────────────────────────────────
def apply_sampling(
dets: List[Dict[str, Any]], limit: int = 0, step: int = 0, sort_time: bool = False
) -> List[Dict[str, Any]]:
"""
Optionally sub-sample and/or cap detections before the LLM phases.
- step > 1 → keep every Nth record (0, N, 2N, ...)
Expand All @@ -857,9 +868,12 @@ def apply_sampling(dets: List[Dict[str, Any]], limit: int = 0, step: int = 0, so
dets = dets[:limit]

if len(dets) != original:
info(f"Sampling applied: {original} → {len(dets)} (step={step or 1}, limit={limit or 'none'})")
info(
f"Sampling applied: {original} → {len(dets)} (step={step or 1}, limit={limit or 'none'})"
)
return dets


# ────────────────────────────────────────────────────────────────────────────
# Heatmap & Donut helpers + HTML
# ────────────────────────────────────────────────────────────────────────────
Expand Down
Loading