{"id":285,"date":"2025-08-28T22:24:05","date_gmt":"2025-08-29T05:24:05","guid":{"rendered":"https:\/\/forrestcook.net\/?p=285"},"modified":"2025-08-28T22:24:05","modified_gmt":"2025-08-29T05:24:05","slug":"ileapp-uleapp-weallleapp-for-theleapps","status":"publish","type":"post","link":"https:\/\/forrestcook.net\/?p=285","title":{"rendered":"iLEAPP, uLEAPP, weallLEAPP for theLEAPPs"},"content":{"rendered":"\n<p>Alexis Brignoni brought us the LEAPP projects; community driven, open source, up-to-date parsers for DFIR practitioners at a price we can all afford. If you haven&#8217;t heard of the LEAPPs by this point, I have absolutely no idea how you came across *this* blog&#8230; I won&#8217;t have much new to say about the tools, but I can&#8217;t exactly write up a &#8220;Resources&#8221; section to the site without mentioning them. <\/p>\n\n\n\n<p>I have far more experience running iLEAPP vs the other three, but the concept is the same. Community developed parsers aggregated into a format that is accessible and effective. Earlier on in the project, there was a bit of a learning curve for those new to command line as certain dependencies needed to be installed, which could get a bit tricky at times. I recall staring blankly at my screen when things refused to launch, only to find that I had a version of Python that was too new at the time to run the tool. You see, kids, when programs start to work *too well*, a new version of Python comes out that wrecks things in the name of progress!<\/p>\n\n\n\n<p>Now, however, the LEAPPs are available as executable releases, removing even that low bar from impeding new examiners as they dip their toes into open source utilities. Whenever I am fortunate enough to lead a class of examiners, these packaged executables find their way into the &#8220;goodies&#8221; folder. <\/p>\n\n\n\n<p>The way I imagine the LEAPP projects keeping up to date is akin to a large cargo ship vs a bunch of little tug boats. Some of the big tools, with their containers full of excellent paid-for goods, are slow to turn the ship when major updates start harshing the mellow around the DFIR office. The little tug-boats who can, the open source community, can be faster to react at times. I have found on several occasions apps that are better (or differently) supported than what is observed in some major tools. <\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"400\" height=\"225\" src=\"https:\/\/forrestcook.net\/wp-content\/uploads\/2025\/08\/bde43302-2667-4960-ae74-bbc6de8b9c33_text.gif\" alt=\"\" class=\"wp-image-287\"\/><\/figure>\n\n\n\n<p>I would never tell someone to depend entirely on one tool for their work. The great thing about the LEAPP project is that it represents a large number of dedicated examiners, adding their individual expertise into one place to benefit the community as a whole. They are absolutely worth your time to check out.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-style-default has-background is-layout-flow wp-block-quote-is-layout-flow\" style=\"background:linear-gradient(135deg,rgb(116,116,116) 0%,rgb(78,60,60) 47%,rgb(96,92,92) 100%);margin-top:0;margin-bottom:0;padding-top:var(--wp--preset--spacing--50);padding-bottom:var(--wp--preset--spacing--50)\">\n<figure class=\"wp-block-image aligncenter size-full has-custom-border wp-duotone-unset-1\"><a href=\"https:\/\/github.com\/abrignoni\/iLEAPP\"><img loading=\"lazy\" decoding=\"async\" width=\"320\" height=\"80\" src=\"https:\/\/forrestcook.net\/wp-content\/uploads\/2025\/08\/iLEAPP_banner.png\" alt=\"\" class=\"wp-image-288\" style=\"border-style:none;border-width:0px;border-radius:0px\" srcset=\"https:\/\/forrestcook.net\/wp-content\/uploads\/2025\/08\/iLEAPP_banner.png 320w, https:\/\/forrestcook.net\/wp-content\/uploads\/2025\/08\/iLEAPP_banner-300x75.png 300w\" sizes=\"auto, (max-width: 320px) 100vw, 320px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full is-resized has-custom-border wp-container-content-69bc4bdf\"><a href=\"https:\/\/github.com\/abrignoni\/ALEAPP\"><img loading=\"lazy\" decoding=\"async\" width=\"268\" height=\"51\" src=\"https:\/\/forrestcook.net\/wp-content\/uploads\/2025\/08\/ALEAPP_logo.png\" alt=\"\" class=\"wp-image-289\" style=\"border-style:none;border-width:0px;border-radius:24px;width:340px;height:auto\"\/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full is-resized\"><a href=\"https:\/\/github.com\/abrignoni\/RLEAPP\"><img loading=\"lazy\" decoding=\"async\" width=\"268\" height=\"51\" src=\"https:\/\/forrestcook.net\/wp-content\/uploads\/2025\/08\/RLEAPP_logo.png\" alt=\"\" class=\"wp-image-291\" style=\"width:332px;height:auto\"\/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full is-resized wp-container-content-69bc4bdf\"><a href=\"https:\/\/github.com\/abrignoni\/VLEAPP\"><img loading=\"lazy\" decoding=\"async\" width=\"280\" height=\"51\" src=\"https:\/\/forrestcook.net\/wp-content\/uploads\/2025\/08\/VLEAPP_logo.png\" alt=\"\" class=\"wp-image-290\" style=\"width:342px;height:auto\"\/><\/a><\/figure>\n<\/blockquote>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Alexis Brignoni brought us the LEAPP projects; community driven, open source, up-to-date parsers for DFIR practitioners at a price we can all afford. If you haven&#8217;t heard of the LEAPPs by this point, I have absolutely no idea how you came across *this* blog&#8230; I won&#8217;t have much new to say about the tools, but [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":286,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23],"tags":[8,9,25,24,13],"class_list":["post-285","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-resources","tag-coding","tag-dfir","tag-github","tag-open-source","tag-python"],"_links":{"self":[{"href":"https:\/\/forrestcook.net\/index.php?rest_route=\/wp\/v2\/posts\/285","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forrestcook.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forrestcook.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forrestcook.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forrestcook.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=285"}],"version-history":[{"count":1,"href":"https:\/\/forrestcook.net\/index.php?rest_route=\/wp\/v2\/posts\/285\/revisions"}],"predecessor-version":[{"id":292,"href":"https:\/\/forrestcook.net\/index.php?rest_route=\/wp\/v2\/posts\/285\/revisions\/292"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forrestcook.net\/index.php?rest_route=\/wp\/v2\/media\/286"}],"wp:attachment":[{"href":"https:\/\/forrestcook.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=285"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forrestcook.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=285"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forrestcook.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=285"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}