updates

Author: puffyCid

artemis-docs/docs/Apollo/README.md

@@ -0,0 +1,54 @@
+---
+sidebar_position: 1
+---
+
+# Introduction
+
+Apollo is an **experimental** cross platform timelining GUI tool to review
+artemis data. It is heavily inspired by the
+[Timesketch](https://timesketch.org/) project. However, Apollo uses the
+[Tauri](https://tauri.app) GUI framework and is _not_ a web app.
+
+Similar to Timesketch, apollo uses [OpenSearch](https://opensearch.org/) to
+store and query data.
+
+# How to build
+
+Apollo requires a OpenSearch instance in order to store and query data. Podman
+or docker is the easiest way to setup OpenSearch
+
+1. Install Podman or Docker on your system. Podman is recommended
+2. You can use the
+   [setup scripts](https://github.com/puffyCid/artemis/tree/main/apollo) in the
+   artemis repo to quickly spin up a Podman OpenSearch container
+3. Install NodeJS and npm
+4. Clone the [artemis](https://github.com/puffyCid/artemis) repo
+5. Navigate to apollo directory
+6. Setup TailwindCSS: `npm run tailwind`
+7. Run `npm run tauri dev` to start a local instance or use
+   `npm run tauri build` to compile a release binary
+
+# Uploading data
+
+Apollo uses the same timeline format as Timesketch. Timelined data must have the
+following fields:
+
+1. Datetime (datetime)
+2. Timestamp Description (timestamp_desc)
+3. Message (message)
+4. Data type (data_type)
+
+Apollo supports timelining JSONL output from artemis. For example, if you
+collect and parse Windows Registry data
+(`artemis acquire --format jsonl registry --alt-file <path to NTUSER.DAT>`).
+
+Apollo can timeline and upload the data to OpenSearch
+
+# Screenshots
+
+Timeline View ![timeline screen](./images/image1.png "Timeline View")
+
+Timeline Entry Details ![entry view](./images/image2.png "Entry View")
+
+Timeline Additional Details
+![entry additional view](./images/image3.png "Entry Additional Details")

artemis-docs/docs/Apollo/images/image1.png

@@ -4,14 +4,14 @@ sidebar_position: 1
 
 # Introduction
 
-**Artemis** is a powerful command line digital forensic and incident response
-(DFIR) tool that collects forensic data from Windows, macOS, and Linux
-endpoints. Its primary focus is: speed, ease of use, and low resource usage.
+Artemis is a powerful command line digital forensic and incident response (DFIR)
+tool that collects forensic data from Windows, macOS, and Linux endpoints. Its
+primary focus is: speed, ease of use, and low resource usage.
 
 Notable features _so far_:
 
 - Setup collections using basic TOML files
-- Parsing support for large amount of forensic artifacts (25+)
+- Parsing support for large amount of forensic artifacts (40+)
 - Output to JSON or JSONL or CSV file(s)
 - Can output results to local system or upload to cloud services.
 - Embedded JavaScript runtime via [Deno](https://deno.land/)

artemis-docs/docs/Apollo/images/image2.png

@@ -96,6 +96,12 @@ const config = {
             position: "left",
             label: "Contributing",
           },
+          {
+            type: "docSidebar",
+            sidebarId: "apollo",
+            position: "left",
+            label: "Apollo",
+          },
           {
             href: "https://github.com/puffyCid/artemis",
             label: "GitHub",

artemis-docs/docs/Apollo/images/image3.png

@@ -18,6 +18,7 @@ const sidebars = {
   artemisAPI: [{ type: "autogenerated", dirName: "API" }],
   artemisStart: [{ type: "autogenerated", dirName: "Intro" }],
   artemisContributing: [{ type: "autogenerated", dirName: "Contributing" }],
+  apollo: [{ type: "autogenerated", dirName: "Apollo" }],
 };
 
 module.exports = sidebars;