Usage

This section provides a detailed guide on how to use Aralez, the Windows triage tool, including available options, commands, and example workflows to maximize its utility.

Basic Command #

The tool can be executed with the following syntax:

aralez.exe [OPTIONS]

The OPTIONS parameter allows you to customize the behavior of the tool, such as enabling debug mode, displaying configuration details, or modifying the embedded configuration.

Important: Aralez should be executed with administrator privilege with PowerShell or CMD on Windows.

Options #

`--debug` #

Description: Activates debug mode to provide detailed logs and verbose output during execution. This option is useful for troubleshooting and monitoring the internal workings of the tool.

Example Usage:

aralez.exe --debug

Behavior: Outputs additional runtime information, including executed tasks, configuration details, and potential issues on the console.

`--show_config` #

Description: Displays the current embedded configuration file in YAML format without executing any tasks.

Example Usage:

aralez.exe --show_config

Behavior: Loads the embedded configuration and prints it to the console for review or debugging.

`--change_config` #

Structure: –change_config <CONFIG_FILE> <OUTPUT_FILE>

Description: Updates the embedded configuration in the executable using CONFIG_FILE and saves the updated version to OUTPUT_FILE.

Important: If the new config is not valid, an error will be raised and the config won’t be updated.

Required Parameters:

CONFIG_FILE: Path to the new configuration file (in YAML format).

Example Usage:

aralez.exe --change_config new_config.yml new_aralez.exe

Behavior: Creates a new_aralez.exe binary with the updated configuration embedded, leaving the original executable untouched.

`--check_config` #

Description: Validates the current configuration file for correctness and potential errors.

Example Usage:

aralez.exe --check_config

Behavior: Loads and parses the configuration file, checking for syntax or logical errors. Prints the validation result to the console.

`--add_tool` #

Structure: --add_tool <EXECUTABLE_TOOL_PATH> <OUTPUT_FILE>

Description: Adds a new external executable tool to the Aralez resource set.

Required Parameters:

EXECUTABLE_TOOL_PATH: Path to the external executable tool you want to add.
OUTPUT_FILE: Path to the output binary with the new tool embedded.

Example Usage:

aralez.exe --add_tool tool.exe updated_aralez.exe

Behavior: Creates updated_aralez.exe, embedding the specified tool inside the binary.

`--remove_tool` #

Structure: --remove_tool <EXECUTABLE_TOOL_NAME> <OUTPUT_FILE>

Description: Removes an external tool from the Aralez resource set.

Required Parameters:

EXECUTABLE_TOOL_NAME: Name of the tool to be removed.
OUTPUT_FILE: Path to the output binary without the specified tool.

Example Usage:

aralez.exe --remove_tool tool.exe updated_aralez.exe

Behavior: Creates updated_aralez.exe, removing the specified tool from the embedded resources.

`--list_tools` #

Description: Lists all external tools currently embedded in Aralez.

Example Usage:

aralez.exe --list_tools

Behavior: Prints the list of embedded external tools to the console.

Workflows #

Running a Data Collection Task #

Scenario: You want to collect system and file data with the default configuration.

Steps:

Ensure the configuration is correctly set up. Display the config of Aralez and check the content.

aralez.exe --show_config

Check the config before executing Aralez

aralez.exe --check_config

Run Aralez without additional flags:

aralez.exe

Output:

Collected data is saved in the directory specified in the configuration file.
The directory is compressed into a ZIP archive for convenience.

Updating and Validating Configuration #

Scenario: You need to modify the configuration for a specific use case.

Steps:

Edit or create a new custom_config.yml file.

Embed the new configuration into a custom executable:

aralez.exe --change_config custom_config.yml custom_aralez.exe

If the configuration file is valid, custom_aralez.exe will be created.

Output:

If the configuration file is valid, custom_aralez.exe will be created with the updated configuration.

Debugging Task Execution #

Scenario: You encounter unexpected behavior during a task and want detailed logs.

Steps:

Run the tool in debug mode:

aralez.exe --debug

Output:

Detailed information about task progression, including configuration parsing, data collection, and errors are displayed to the console.

1. Introduction

2. Getting Started

3. Core Functionality

4. Configuration and Customization

5. Advanced Usage

6. Appendix

Usage

Basic Command #

Options #

`--debug` #

`--show_config` #

`--change_config` #

`--check_config` #

`--add_tool` #

`--remove_tool` #

`--list_tools` #

Workflows #

Running a Data Collection Task #

Updating and Validating Configuration #

Debugging Task Execution #

Basic Command #

Options #

--debug #

--show_config #

--change_config #

--check_config #

--add_tool #

--remove_tool #

--list_tools #

Workflows #

Running a Data Collection Task #

Updating and Validating Configuration #

Debugging Task Execution #

`--debug` #

`--show_config` #

`--change_config` #

`--check_config` #

`--add_tool` #

`--remove_tool` #

`--list_tools` #