Morphie is a tool that uses graphs to analyze and summarize the content of formatted input data in JSON or CSV format. The primary use case is to analyze supertimelines generated by Plaso, which is an open source, forensic analysis tool . Morphie currently parses supertimelines and constructs labeled graphs from them. There is support for visualization using GraphViz.
-
Morphie is not an official Google product.
-
Development is at an early stage.
Morphie uses graph transformations to reduce the amount of structure and complexity in a graph constructed from log data. It morphs graphs and more precisely, the relationships between the graphs before and after a transformation are given by a kind of homomorphism.
In order to build, the following packages must be available in the system.
- The CMake build system, version 2.8.12 or higher.
- The Google Protocol Buffer compiler, version 2.6.1 or higher.
- Some Debian repositories are still at version 2.5.0, in which case, the compiler can be installed from GitHub.
- The build currently requires a system-wide install.
- If you system has multiple versions, check that
protoc
resolves to the 2.6.1 version.
- The Boost C++ libraries.
- The Boost Graph Library.
- The Boost String Algorithms Library.
- Boost Regex, version 1.43.0 or higher.
Network access is required to build because the following packages will be downloaded.
- The Google Test libraries.
- The JsonCpp JSON parser.
- The gflags package. (An explanation of how Google flags became gflags).
To install, run the following commands:
# Get the code from GitHub
git clone git@github.com:google/morphie.git
# Create a directory in which CMake can do its magic
cd morphie
mkdir build
# Create a directory in which CMake can do its magic
cd build
cmake ..
make