Releases: fox-it/dissect
3.17
Highlights
New projects
- dissect.fve: access encrypted LUKS and Microsoft Bitlocker volumes
New Containers
- Support for BSD Vinum volumes in dissect.volume
Plugins
- New MacOS network interface plugin
- New Windows network interface plugin
- The registry plugin now also looks for registry files in places used by legacy Windows versions
- New Ubuntu snap application package manager plugin
- New Windows installed applications plugin
- New Windows MSSQL log
Tools
- It is now possible to set aliases at runtime in
target-shell
- Add support for an rc start-up file in
target-shell
target-shell
can now be invoked with a-c
option to directly execute commandstarget-query
can now output the list of plugins and loaders in json format with the--as-json
option
Misc
- Add birthtime, blocksize and number of blocks to various filesystem's stat output
- The configuration parser is extended to access binary configurations
- The configuration parser is extended to parse .env files
Contributors
Thanks to our contributors for making this release possible:
@fox-evv
@h0ckeyst1ck
@JazzCore
@JSCU-CNI
Full Changelogs
dissect: 3.16.1 → 3.17
https://github.com/fox-it/dissect/releases/tag/3.17
dissect.archive: 1.2 → 1.4
https://github.com/fox-it/dissect.archive/releases/tag/1.4
dissect.btrfs: 1.5 → 1.6
https://github.com/fox-it/dissect.btrfs/releases/tag/1.6
dissect.cim: 💤3.10 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.10
dissect.clfs: 💤1.9 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.9
dissect.cstruct: 4.1 → 4.3
https://github.com/fox-it/dissect.cstruct/releases/tag/4.3
dissect.esedb: 💤3.14 (no changes)
https://github.com/fox-it/dissect.esedb/releases/tag/3.14
dissect.etl: 💤3.10 (no changes)
https://github.com/fox-it/dissect.etl/releases/tag/3.10
dissect.eventlog: 💤3.9 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.9
dissect.evidence: 💤3.10 (no changes)
https://github.com/fox-it/dissect.evidence/releases/tag/3.10
dissect.executable: 💤1.7 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.7
dissect.extfs: 3.11 → 3.12
https://github.com/fox-it/dissect.extfs/releases/tag/3.12
dissect.fat: 3.10 → 3.11
https://github.com/fox-it/dissect.fat/releases/tag/3.11
dissect.ffs: 3.9 → 3.10
https://github.com/fox-it/dissect.ffs/releases/tag/3.10
dissect.fve: ✨4.0
https://github.com/fox-it/dissect.fve/releases/tag/4.0
dissect.hypervisor: 3.15 → 3.16
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.16
dissect.jffs: 💤1.3 (no changes)
https://github.com/fox-it/dissect.jffs/releases/tag/1.3
dissect.ntfs: 3.12 → 3.13
https://github.com/fox-it/dissect.ntfs/releases/tag/3.13
dissect.ole: 💤3.9 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.9
dissect.regf: 💤3.11 (no changes)
https://github.com/fox-it/dissect.regf/releases/tag/3.11
dissect.shellitem: 💤3.10 (no changes)
https://github.com/fox-it/dissect.shellitem/releases/tag/3.10
dissect.sql: 💤3.10 (no changes)
https://github.com/fox-it/dissect.sql/releases/tag/3.10
dissect.squashfs: 1.7 → 1.8
https://github.com/fox-it/dissect.squashfs/releases/tag/1.8
dissect.target: 3.19 → 3.20
https://github.com/fox-it/dissect.target/releases/tag/3.20
dissect.thumbcache: 💤1.9 (no changes)
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.9
dissect.util: 3.18 → 3.19
https://github.com/fox-it/dissect.util/releases/tag/3.19
dissect.vmfs: 3.9 → 3.10
https://github.com/fox-it/dissect.vmfs/releases/tag/3.10
dissect.volume: 3.12 → 3.13
https://github.com/fox-it/dissect.volume/releases/tag/3.13
dissect.xfs: 3.10 → 3.11
https://github.com/fox-it/dissect.xfs/releases/tag/3.11
3.16.1: Do not install the lz4 and lzo extras of dissect.util by default (#68)
This release is identical to 3.16.1, except the hard dependencies on the lz4
and lzo
extras of dissect.util
are turned into extras of the dissect
package itself. These extras are not installed by default.
If you want optimized "native" code for lz4 and lzo decompression, you should install dissect using these extras like:
pip install dissect[lz4,lzo]
Highlights
- Plugins:
- New libvirt and qemu child plugins
- New plugin to extract unsaved notepad tabs
- 90% speedup in walkfs plugin
- New plugin to extract windows update agent information
- New plugin to extract Windows Jump List information
- New MFT segmentation ability
- Option to use a different starting directory in etc plugin using --root
- Support for Windows 10 added in Windows USB plugin
- Yara plugin was separated from target-query into target-yara command
- Loaders:
- VirtualBox .vdi files loader now case insensitive for the format attributes
- Graceful handle for missing physical disks in LVM
- New support for Android backups
- OS support:
- More robust ESXi OS initialization
- target-tools:
- New options added to
target-fs ls
(-l
and-h
), - Cleanup and extension of a number of target-shell commands
- Shell history added to traget-shell
- New options added to
- Misc:
- If a project (currently dissect.target, dissect.squashfs and dissect.target) uses lzo/lz4 it will now automatically fall back to the pure python implementation in dissect.util if no C version is installed
- cstruct fix for nested structure definitions
Contributors
Thanks to our contributors for making this release possible:
@EmilienCourt
@joost-j
@JSCU-CNI
@M1ra1B0T
@Matthijsy
@michoebey
@mick-314
@OlafHaalstra
@Zawadidone
Full Changelogs
dissect: 3.15 → 3.16
https://github.com/fox-it/dissect/releases/tag/3.16
dissect.archive: 💤1.2 (no changes)
https://github.com/fox-it/dissect.archive/releases/tag/1.2
dissect.btrfs: 1.4 → 1.5
https://github.com/fox-it/dissect.btrfs/releases/tag/1.5
dissect.cim: 💤3.10 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.10
dissect.clfs: 💤1.9 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.9
dissect.cstruct: 4.0 → 4.1
https://github.com/fox-it/dissect.cstruct/releases/tag/4.1
dissect.esedb: 💤3.14 (no changes)
https://github.com/fox-it/dissect.esedb/releases/tag/3.14
dissect.etl: 💤3.10 (no changes)
https://github.com/fox-it/dissect.etl/releases/tag/3.10
dissect.eventlog: 💤3.9 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.9
dissect.evidence: 💤3.10 (no changes)
https://github.com/fox-it/dissect.evidence/releases/tag/3.10
dissect.executable: 💤1.7 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.7
dissect.extfs: 💤3.11 (no changes)
https://github.com/fox-it/dissect.extfs/releases/tag/3.11
dissect.fat: 💤3.10 (no changes)
https://github.com/fox-it/dissect.fat/releases/tag/3.10
dissect.ffs: 💤3.9 (no changes)
https://github.com/fox-it/dissect.ffs/releases/tag/3.9
dissect.hypervisor: 3.14 → 3.15
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.15
dissect.jffs: 💤1.3 (no changes)
https://github.com/fox-it/dissect.jffs/releases/tag/1.3
dissect.ntfs: 3.11 → 3.12
https://github.com/fox-it/dissect.ntfs/releases/tag/3.12
dissect.ole: 💤3.9 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.9
dissect.regf: 💤3.11 (no changes)
https://github.com/fox-it/dissect.regf/releases/tag/3.11
dissect.shellitem: 3.9 → 3.10
https://github.com/fox-it/dissect.shellitem/releases/tag/3.10
dissect.sql: 💤3.10 (no changes)
https://github.com/fox-it/dissect.sql/releases/tag/3.10
dissect.squashfs: 1.6 → 1.7
https://github.com/fox-it/dissect.squashfs/releases/tag/1.7
dissect.target: 3.18 → 3.19
https://github.com/fox-it/dissect.target/releases/tag/3.19
dissect.thumbcache: 💤1.9 (no changes)
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.9
dissect.util: 3.17 → 3.18
https://github.com/fox-it/dissect.util/releases/tag/3.18
dissect.vmfs: 💤3.9 (no changes)
https://github.com/fox-it/dissect.vmfs/releases/tag/3.9
dissect.volume: 3.11 → 3.12
https://github.com/fox-it/dissect.volume/releases/tag/3.12
dissect.xfs: 💤3.10 (no changes)
https://github.com/fox-it/dissect.xfs/releases/tag/3.10
3.16
Highlights
- Plugins:
- new libvirt and qemu child plugins,
- new plugin to extract unsaved notepad tabs,
- large speedup in the walkfs plugin,
- new plugin to extract windows update agent information,
- new plugin to extract Windows Jump List information.
- Loaders:
- the loader for VirtualBox .vdi files now ignores the case of this extension,
- graceful handle missing physical disks in LVM.
- OS support:
- more robust ESXi OS initialization.
- misc:
- if a project (currently dissect.target, dissect.squashfs and dissect.target) uses lzo/lz4 it will now automatically fall back to the pure python implementation in dissect.util if no C version is installed,
- cstruct fix for nested structure definitions,
- new options added to
target-fs ls
(-l
and-h
), - cleanup and extension of a number of target-shell commands,
- added shell history to traget-shell.
Contributors
Thanks to our contributors for making this release possible:
@EmilienCourt
@joost-j
@JSCU-CNI
@M1ra1B0T
@Matthijsy
@michoebey
@mick-314
@OlafHaalstra
@Zawadidone
Full Changelogs
dissect: 3.15 → 3.16
https://github.com/fox-it/dissect/releases/tag/3.16
dissect.archive: 💤1.2 (no changes)
https://github.com/fox-it/dissect.archive/releases/tag/1.2
dissect.btrfs: 1.4 → 1.5
https://github.com/fox-it/dissect.btrfs/releases/tag/1.5
dissect.cim: 💤3.10 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.10
dissect.clfs: 💤1.9 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.9
dissect.cstruct: 4.0 → 4.1
https://github.com/fox-it/dissect.cstruct/releases/tag/4.1
dissect.esedb: 💤3.14 (no changes)
https://github.com/fox-it/dissect.esedb/releases/tag/3.14
dissect.etl: 💤3.10 (no changes)
https://github.com/fox-it/dissect.etl/releases/tag/3.10
dissect.eventlog: 💤3.9 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.9
dissect.evidence: 💤3.10 (no changes)
https://github.com/fox-it/dissect.evidence/releases/tag/3.10
dissect.executable: 💤1.7 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.7
dissect.extfs: 💤3.11 (no changes)
https://github.com/fox-it/dissect.extfs/releases/tag/3.11
dissect.fat: 💤3.10 (no changes)
https://github.com/fox-it/dissect.fat/releases/tag/3.10
dissect.ffs: 💤3.9 (no changes)
https://github.com/fox-it/dissect.ffs/releases/tag/3.9
dissect.hypervisor: 3.14 → 3.15
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.15
dissect.jffs: 💤1.3 (no changes)
https://github.com/fox-it/dissect.jffs/releases/tag/1.3
dissect.ntfs: 3.11 → 3.12
https://github.com/fox-it/dissect.ntfs/releases/tag/3.12
dissect.ole: 💤3.9 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.9
dissect.regf: 💤3.11 (no changes)
https://github.com/fox-it/dissect.regf/releases/tag/3.11
dissect.shellitem: 3.9 → 3.10
https://github.com/fox-it/dissect.shellitem/releases/tag/3.10
dissect.sql: 💤3.10 (no changes)
https://github.com/fox-it/dissect.sql/releases/tag/3.10
dissect.squashfs: 1.6 → 1.7
https://github.com/fox-it/dissect.squashfs/releases/tag/1.7
dissect.target: 3.18 → 3.19
https://github.com/fox-it/dissect.target/releases/tag/3.19
dissect.thumbcache: 💤1.9 (no changes)
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.9
dissect.util: 3.17 → 3.18
https://github.com/fox-it/dissect.util/releases/tag/3.18
dissect.vmfs: 💤3.9 (no changes)
https://github.com/fox-it/dissect.vmfs/releases/tag/3.9
dissect.volume: 3.11 → 3.12
https://github.com/fox-it/dissect.volume/releases/tag/3.12
dissect.xfs: 💤3.10 (no changes)
https://github.com/fox-it/dissect.xfs/releases/tag/3.10
3.15
Highlights
- Release of dissect.cstruct V.4.0 - major rewrite of dissect core engine! Further details
- target tools usability:
- Improved error description
- Indication for cache use
- Configurations query plugin including the use of glob patterns in searches
- MPLog parser added to Windows Defender plugin
- Identification of Windows 11 build improved
Contributors
Thanks to our contributors for making this release possible:
Full Changelogs
dissect: 3.14 → 3.15
https://github.com/fox-it/dissect/releases/tag/3.15
dissect.archive: 1.1 → 1.2
https://github.com/fox-it/dissect.archive/releases/tag/1.2
dissect.btrfs: 1.3 → 1.4
https://github.com/fox-it/dissect.btrfs/releases/tag/1.4
dissect.cim: 3.9 → 3.10
https://github.com/fox-it/dissect.cim/releases/tag/3.10
dissect.clfs: 1.8 → 1.9
https://github.com/fox-it/dissect.clfs/releases/tag/1.9
dissect.cstruct: 3.14 → 4.0
https://github.com/fox-it/dissect.cstruct/releases/tag/4.0
dissect.esedb: 3.13 → 3.14
https://github.com/fox-it/dissect.esedb/releases/tag/3.14
dissect.etl: 3.9 → 3.10
https://github.com/fox-it/dissect.etl/releases/tag/3.10
dissect.eventlog: 3.8 → 3.9
https://github.com/fox-it/dissect.eventlog/releases/tag/3.9
dissect.evidence: 3.9 → 3.10
https://github.com/fox-it/dissect.evidence/releases/tag/3.10
dissect.executable: 1.6 → 1.7
https://github.com/fox-it/dissect.executable/releases/tag/1.7
dissect.extfs: 3.10 → 3.11
https://github.com/fox-it/dissect.extfs/releases/tag/3.11
dissect.fat: 3.9 → 3.10
https://github.com/fox-it/dissect.fat/releases/tag/3.10
dissect.ffs: 3.8 → 3.9
https://github.com/fox-it/dissect.ffs/releases/tag/3.9
dissect.hypervisor: 3.13 → 3.14
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.14
dissect.jffs: 1.2 → 1.3
https://github.com/fox-it/dissect.jffs/releases/tag/1.3
dissect.ntfs: 3.10 → 3.11
https://github.com/fox-it/dissect.ntfs/releases/tag/3.11
dissect.ole: 3.8 → 3.9
https://github.com/fox-it/dissect.ole/releases/tag/3.9
dissect.regf: 3.10 → 3.11
https://github.com/fox-it/dissect.regf/releases/tag/3.11
dissect.shellitem: 3.8 → 3.9
https://github.com/fox-it/dissect.shellitem/releases/tag/3.9
dissect.sql: 3.9 → 3.10
https://github.com/fox-it/dissect.sql/releases/tag/3.10
dissect.squashfs: 1.5 → 1.6
https://github.com/fox-it/dissect.squashfs/releases/tag/1.6
dissect.target: 3.17 → 3.18
https://github.com/fox-it/dissect.target/releases/tag/3.18
dissect.thumbcache: 1.8 → 1.9
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.9
dissect.util: 3.16 → 3.17
https://github.com/fox-it/dissect.util/releases/tag/3.17
dissect.vmfs: 3.8 → 3.9
https://github.com/fox-it/dissect.vmfs/releases/tag/3.9
dissect.volume: 3.10 → 3.11
https://github.com/fox-it/dissect.volume/releases/tag/3.11
dissect.xfs: 3.9 → 3.10
https://github.com/fox-it/dissect.xfs/releases/tag/3.10
Release dissect 3.14
Highlights
New project created:
- dissect.archive: Adds parsers for various archive and backup formats
- Support for WIM format (except for split files)
Notable changes:
- Acquire:
- Better de-duplication of paths
- Consistent casing of drive letters in windows acquires
- You can now target multiple targets!
- Addtional AnyDesk paths collected
- dissect.ntfs:
- Ability to yield MFT segments in specified ranges
- dissect.target:
- Uses new flow.record v.3.15
- Added a layer filesystem that extends the root filesystem
- Support for TOML in Unix Config Parser
- target-dump supports namespace plugins
- Support for Fortinet FW files
- Catroot plugin refactored and improved
- flow.record: Changes to the TCP Splunk adapter:
type
field renamedrdtype
- Additional internal record fields added:
rd__source
from_source
rd__classification
from_classification
rd_generated
from_generated
Contributors
Thanks to our contributors for making this release possible:
@Bopobopob
@d3dave
@joost-j
@JSCU-CNI
@M1ra1B0T
@MaxGroot
@mnrkbys
@Zawadidone
Full Changelogs
dissect: 3.13 → 3.14
https://github.com/fox-it/dissect/releases/tag/3.14
dissect.archive: ✨1.1
https://github.com/fox-it/dissect.archive/releases/tag/1.1
dissect.btrfs: 1.2 → 1.3
https://github.com/fox-it/dissect.btrfs/releases/tag/1.3
dissect.cim: 3.8 → 3.9
https://github.com/fox-it/dissect.cim/releases/tag/3.9
dissect.clfs: 1.7 → 1.8
https://github.com/fox-it/dissect.clfs/releases/tag/1.8
dissect.cstruct: 3.13 → 3.14
https://github.com/fox-it/dissect.cstruct/releases/tag/3.14
dissect.esedb: 3.12 → 3.13
https://github.com/fox-it/dissect.esedb/releases/tag/3.13
dissect.etl: 3.8 → 3.9
https://github.com/fox-it/dissect.etl/releases/tag/3.9
dissect.eventlog: 3.7 → 3.8
https://github.com/fox-it/dissect.eventlog/releases/tag/3.8
dissect.evidence: 3.8 → 3.9
https://github.com/fox-it/dissect.evidence/releases/tag/3.9
dissect.executable: 1.5 → 1.6
https://github.com/fox-it/dissect.executable/releases/tag/1.6
dissect.extfs: 3.9 → 3.10
https://github.com/fox-it/dissect.extfs/releases/tag/3.10
dissect.fat: 3.8 → 3.9
https://github.com/fox-it/dissect.fat/releases/tag/3.9
dissect.ffs: 3.7 → 3.8
https://github.com/fox-it/dissect.ffs/releases/tag/3.8
dissect.hypervisor: 3.12 → 3.13
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.13
dissect.jffs: 1.1 → 1.2
https://github.com/fox-it/dissect.jffs/releases/tag/1.2
dissect.ntfs: 3.9 → 3.10
https://github.com/fox-it/dissect.ntfs/releases/tag/3.10
dissect.ole: 3.7 → 3.8
https://github.com/fox-it/dissect.ole/releases/tag/3.8
dissect.regf: 3.9 → 3.10
https://github.com/fox-it/dissect.regf/releases/tag/3.10
dissect.shellitem: 3.7 → 3.8
https://github.com/fox-it/dissect.shellitem/releases/tag/3.8
dissect.sql: 3.8 → 3.9
https://github.com/fox-it/dissect.sql/releases/tag/3.9
dissect.squashfs: 1.4 → 1.5
https://github.com/fox-it/dissect.squashfs/releases/tag/1.5
dissect.target: 3.16 → 3.17
https://github.com/fox-it/dissect.target/releases/tag/3.17
dissect.thumbcache: 1.7 → 1.8
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.8
dissect.util: 3.15 → 3.16
https://github.com/fox-it/dissect.util/releases/tag/3.16
dissect.vmfs: 3.7 → 3.8
https://github.com/fox-it/dissect.vmfs/releases/tag/3.8
dissect.volume: 3.9 → 3.10
https://github.com/fox-it/dissect.volume/releases/tag/3.10
dissect.xfs: 3.8 → 3.9
https://github.com/fox-it/dissect.xfs/releases/tag/3.9
Release dissect 3.13 (#48)
Highlights
New filesystem support
- vmtar (archive based filesystem)
- cpio (archive based filesystem)
New plugins
- Brave browser plugin as apps.browser.brave
- Docker logs plugin as apps.container.docker.logs
- Linux locate plugin as os.unix.locate
Plugin improvements
- The Firefox and Chromium-based browser plugins now support reporting cookie data
- In absence of configuration files, the IIS plugin wil try to find logs in default directories
- The Windows Error Report Plugin is made more robust against keys that clash with restricted record names
- The Windows Defender plugin now properly sets the ts (timestamp) field
Misc changes
- Windows installations on drive letters other than C:\ are now supported
- On Linux systems mounts by label are now supported
- The unified configuration parser now supports JSON, YAML and XML
- Integrated test runs on Windows in the CI pipeline
- Support TPM encrypted ESXi "local state" filesystem
Contributors
Thanks to our contributors for making this release possible:
@florisvanstal
@JSCU-CNI
@YoeriNijs
@Zawadidone
Full Changelogs
dissect: 3.12 → 3.13
https://github.com/fox-it/dissect/releases/tag/3.13
dissect.btrfs: 1.1 → 1.2
https://github.com/fox-it/dissect.btrfs/releases/tag/1.2
dissect.cim: 3.7 → 3.8
https://github.com/fox-it/dissect.cim/releases/tag/3.8
dissect.clfs: 1.6 → 1.7
https://github.com/fox-it/dissect.clfs/releases/tag/1.7
dissect.cstruct: 3.12 → 3.13
https://github.com/fox-it/dissect.cstruct/releases/tag/3.13
dissect.esedb: 3.11 → 3.12
https://github.com/fox-it/dissect.esedb/releases/tag/3.12
dissect.etl: 3.7 → 3.8
https://github.com/fox-it/dissect.etl/releases/tag/3.8
dissect.eventlog: 3.6 → 3.7
https://github.com/fox-it/dissect.eventlog/releases/tag/3.7
dissect.evidence: 3.7 → 3.8
https://github.com/fox-it/dissect.evidence/releases/tag/3.8
dissect.executable: 1.4 → 1.5
https://github.com/fox-it/dissect.executable/releases/tag/1.5
dissect.extfs: 3.8 → 3.9
https://github.com/fox-it/dissect.extfs/releases/tag/3.9
dissect.fat: 3.7 → 3.8
https://github.com/fox-it/dissect.fat/releases/tag/3.8
dissect.ffs: 3.6 → 3.7
https://github.com/fox-it/dissect.ffs/releases/tag/3.7
dissect.hypervisor: 3.11 → 3.12
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.12
dissect.jffs: 1.0 → 1.1
https://github.com/fox-it/dissect.jffs/releases/tag/1.1
dissect.ntfs: 3.8 → 3.9
https://github.com/fox-it/dissect.ntfs/releases/tag/3.9
dissect.ole: 3.6 → 3.7
https://github.com/fox-it/dissect.ole/releases/tag/3.7
dissect.regf: 3.8 → 3.9
https://github.com/fox-it/dissect.regf/releases/tag/3.9
dissect.shellitem: 3.6 → 3.7
https://github.com/fox-it/dissect.shellitem/releases/tag/3.7
dissect.sql: 3.7 → 3.8
https://github.com/fox-it/dissect.sql/releases/tag/3.8
dissect.squashfs: 1.3 → 1.4
https://github.com/fox-it/dissect.squashfs/releases/tag/1.4
dissect.target: 3.15 → 3.16
https://github.com/fox-it/dissect.target/releases/tag/3.16
dissect.thumbcache: 1.6 → 1.7
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.7
dissect.util: 3.14 → 3.15
https://github.com/fox-it/dissect.util/releases/tag/3.15
dissect.vmfs: 3.6 → 3.7
https://github.com/fox-it/dissect.vmfs/releases/tag/3.7
dissect.volume: 3.8 → 3.9
https://github.com/fox-it/dissect.volume/releases/tag/3.9
dissect.xfs: 3.7 → 3.8
https://github.com/fox-it/dissect.xfs/releases/tag/3.8
Release dissect 3.12 (#45)
Highlights
New platforms
- The FortiOS platform is now supported as a Linux sub-OS
New filesystem support
- jffs is now also available in dissect.target
Filesystem improvements
- Sparse indirect blocks in ExtFS now work properly
- Improved parsing of complex ACLs in NTFS
New plugins
- A PuTTY plugin is added to the apps/ssh section
- A Citrix Netscaler webserver logs plugin is added to the apps/webservers section
- A SchedLgU plugin to parse SchedLgU.txt logs is added to the os/windows/log section
Misc changes
- Speed improvements in reading esedb records
- Virtual NTFS filesystems are now acquired properly
- Acquired files from case insensitive filesystems are now correctly de-duplicated
- Numerous miscellaneous Linux and Windows artifacts are added to acquire to be collected
- TargetPath now supports Python 3.12 (and as a consequence so does the whole of dissect)
- The Yara plugin is now supported by using our own pre-build yara-python-wheel pypi repository
target-shell
now has more cyber- fuse3 support is added to
target-mount
Contributors
Thanks to our contributors for making this release possible:
@burneykb
@diversenok
@JSCU-CNI
@MaxGroot
@Repsay
@JazzCore
@ydkhatri
@Zawadidone
Full Changelogs
dissect: 3.11 → 3.12
https://github.com/fox-it/dissect/releases/tag/3.12
dissect.btrfs: 💤1.1 (no changes)
https://github.com/fox-it/dissect.btrfs/releases/tag/1.1
dissect.cim: 💤3.7 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.7
dissect.clfs: 💤1.6 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.6
dissect.cstruct: 3.11 → 3.12
https://github.com/fox-it/dissect.cstruct/releases/tag/3.12
dissect.esedb: 3.10 → 3.11
https://github.com/fox-it/dissect.esedb/releases/tag/3.11
dissect.etl: 💤3.7 (no changes)
https://github.com/fox-it/dissect.etl/releases/tag/3.7
dissect.eventlog: 💤3.6 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.6
dissect.evidence: 💤3.7 (no changes)
https://github.com/fox-it/dissect.evidence/releases/tag/3.7
dissect.executable: 💤1.4 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.4
dissect.extfs: 3.7 → 3.8
https://github.com/fox-it/dissect.extfs/releases/tag/3.8
dissect.fat: 💤3.7 (no changes)
https://github.com/fox-it/dissect.fat/releases/tag/3.7
dissect.ffs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ffs/releases/tag/3.6
dissect.hypervisor: 3.10 → 3.11
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.11
dissect.jffs: 💤1.0 (no changes)
https://github.com/fox-it/dissect.jffs/releases/tag/1.0
dissect.ntfs: 3.7 → 3.8
https://github.com/fox-it/dissect.ntfs/releases/tag/3.8
dissect.ole: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.6
dissect.regf: 💤3.8 (no changes)
https://github.com/fox-it/dissect.regf/releases/tag/3.8
dissect.shellitem: 💤3.6 (no changes)
https://github.com/fox-it/dissect.shellitem/releases/tag/3.6
dissect.sql: 💤3.7 (no changes)
https://github.com/fox-it/dissect.sql/releases/tag/3.7
dissect.squashfs: 💤1.3 (no changes)
https://github.com/fox-it/dissect.squashfs/releases/tag/1.3
dissect.target: 3.14 → 3.15
https://github.com/fox-it/dissect.target/releases/tag/3.15
dissect.thumbcache: 💤1.6 (no changes)
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.6
dissect.util: 3.13 → 3.14
https://github.com/fox-it/dissect.util/releases/tag/3.14
dissect.vmfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.vmfs/releases/tag/3.6
dissect.volume: 3.7 → 3.8
https://github.com/fox-it/dissect.volume/releases/tag/3.8
dissect.xfs: 3.6 → 3.7
https://github.com/fox-it/dissect.xfs/releases/tag/3.7
Release dissect 3.11 (#41)
Highlights
New filesystem support
- btrfs
- jffs (not yet available in dissect.target)
Improved plugins
- Unix acitivity robustness
- Windows CIM (consumerbindings) database robustness
- Windows MRUList robustness
- Windows teamviewer robustness in datetime parsing
- Windows iexplore.downloads robustness
- sshd.config proper config parsing of multiple values for the same key
- walkfs now walks the target's root filesystem instead of all the separate filesystems
Misc changes
- Most unit tests should now also run on windows
- Improved output for the
--hash
option of target-query - Previously detected but unmounted filesystems are now mounted under
$fs$/fs<idx>
- Improved support for Alpine Linux
target-shell
deals better with unicode characters in path and file names
Contributors
Thanks to our contributors for making this release possible:
@JSCU-CNI
@Paradoxis
@Zawadidone
Full Changelogs
dissect: 3.10 → 3.11
https://github.com/fox-it/dissect/releases/tag/3.11
dissect.btrfs: ✨1.1
https://github.com/fox-it/dissect.btrfs/releases/tag/1.1
dissect.cim: 💤3.7 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.7
dissect.clfs: 💤1.6 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.6
dissect.cstruct: 3.10 → 3.11
https://github.com/fox-it/dissect.cstruct/releases/tag/3.11
dissect.esedb: 3.9 → 3.10
https://github.com/fox-it/dissect.esedb/releases/tag/3.10
dissect.etl: 💤3.7 (no changes)
https://github.com/fox-it/dissect.etl/releases/tag/3.7
dissect.eventlog: 💤3.6 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.6
dissect.evidence: 💤3.7 (no changes)
https://github.com/fox-it/dissect.evidence/releases/tag/3.7
dissect.executable: 💤1.4 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.4
dissect.extfs: 3.6 → 3.7
https://github.com/fox-it/dissect.extfs/releases/tag/3.7
dissect.fat: 💤3.7 (no changes)
https://github.com/fox-it/dissect.fat/releases/tag/3.7
dissect.ffs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ffs/releases/tag/3.6
dissect.hypervisor: 💤3.10 (no changes)
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.10
dissect.jffs: ✨1.0
https://github.com/fox-it/dissect.jffs/releases/tag/1.0
dissect.ntfs: 💤3.7 (no changes)
https://github.com/fox-it/dissect.ntfs/releases/tag/3.7
dissect.ole: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.6
dissect.regf: 💤3.8 (no changes)
https://github.com/fox-it/dissect.regf/releases/tag/3.8
dissect.shellitem: 💤3.6 (no changes)
https://github.com/fox-it/dissect.shellitem/releases/tag/3.6
dissect.sql: 💤3.7 (no changes)
https://github.com/fox-it/dissect.sql/releases/tag/3.7
dissect.squashfs: 💤1.3 (no changes)
https://github.com/fox-it/dissect.squashfs/releases/tag/1.3
dissect.target: 3.13 → 3.14
https://github.com/fox-it/dissect.target/releases/tag/3.14
dissect.thumbcache: 💤1.6 (no changes)
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.6
dissect.util: 3.12 → 3.13
https://github.com/fox-it/dissect.util/releases/tag/3.13
dissect.vmfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.vmfs/releases/tag/3.6
dissect.volume: 💤3.7 (no changes)
https://github.com/fox-it/dissect.volume/releases/tag/3.7
dissect.xfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.xfs/releases/tag/3.6
Release dissect 3.10 (#39)
Highlights
Misc Changes
- target-info is made more robust against missing information in a target.
- A unified configuration parser to parse configuration files is added. For now it parses:
- .ini files,
- files with key<separator>value entries,
- plain text files (like shell scripts as configuration),
- systemd type configuration files,
- ssh(d) type configuration files.
- target-shell on unix type systems got a
registry
command, which will use theetc
plugin which builds on top of the unified configuration parser. - target-query got a
--dry-run
option to show which functions (specified by-f
) would have been executed on a target. - target-query got a
-xf
option to exclude functions sepcified by-f
. This is useful to exclude certain functions when wildcards are used in the-f
option. - The
--hash
option of target-query is fixed, as it was broken after last release.
New loaders
- Open Virtual Appliance (OVA) files.
New volumes
- LUKS v2 volumes are now supported.
- DDF (Disk Data Format, the RAID disk format used by for Dell systems) volumes are now supported.
New Plugins
- An
etc
plugin is added for unix type systems which uses the unified configuration parser.
Updated Plugins
- The wireguard plugin is more robust against missing data in configuration files, which can happen on Windows systems.
- The linux _os plugin now supports /dev/disk/by-uuid fstab entries.
Contributors
Thanks to our contributors for making this release possible:
Full Changelogs
dissect: 3.9 → 3.10
https://github.com/fox-it/dissect/releases/tag/3.10
dissect.cim: 💤3.7 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.7
dissect.clfs: 💤1.6 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.6
dissect.cstruct: 💤3.10 (no changes)
https://github.com/fox-it/dissect.cstruct/releases/tag/3.10
dissect.esedb: 💤3.9 (no changes)
https://github.com/fox-it/dissect.esedb/releases/tag/3.9
dissect.etl: 💤3.7 (no changes)
https://github.com/fox-it/dissect.etl/releases/tag/3.7
dissect.eventlog: 💤3.6 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.6
dissect.evidence: 💤3.7 (no changes)
https://github.com/fox-it/dissect.evidence/releases/tag/3.7
dissect.executable: 💤1.4 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.4
dissect.extfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.extfs/releases/tag/3.6
dissect.fat: 3.6 → 3.7
https://github.com/fox-it/dissect.fat/releases/tag/3.7
dissect.ffs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ffs/releases/tag/3.6
dissect.hypervisor: 3.9 → 3.10
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.10
dissect.ntfs: 💤3.7 (no changes)
https://github.com/fox-it/dissect.ntfs/releases/tag/3.7
dissect.ole: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.6
dissect.regf: 3.7 → 3.8
https://github.com/fox-it/dissect.regf/releases/tag/3.8
dissect.shellitem: 💤3.6 (no changes)
https://github.com/fox-it/dissect.shellitem/releases/tag/3.6
dissect.sql: 3.6 → 3.7
https://github.com/fox-it/dissect.sql/releases/tag/3.7
dissect.squashfs: 💤1.3 (no changes)
https://github.com/fox-it/dissect.squashfs/releases/tag/1.3
dissect.target: 3.12 → 3.13
https://github.com/fox-it/dissect.target/releases/tag/3.13
dissect.thumbcache: 💤1.6 (no changes)
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.6
dissect.util: 3.11 → 3.12
https://github.com/fox-it/dissect.util/releases/tag/3.12
dissect.vmfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.vmfs/releases/tag/3.6
dissect.volume: 💤3.7 (no changes)
https://github.com/fox-it/dissect.volume/releases/tag/3.7
dissect.xfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.xfs/releases/tag/3.6
Release dissect 3.9 (#38)
Highlights
Misc changes:
- dissect.cstruct has a new and vastly improved expression parser
- Support for various RAID formats and LVM variants
- Volatile directories are now mounted when running on a local target
- Add support for decrypting and using System DPAPI secrets on Windows
New loaders:
- Add a new SMB loader and filesystem to use an SMB share as target
New plugins:
- cPanel lastlogin files
- Symantic Secure Endpoint
- Windows 10 notifications from appdb.dat file
- multiple plugins for volatile Linux artifacts (sockets, processes)
- Linux modules and lsmod plugin
Updated plugins
- IPv6 adresses in UTMP logs are now interpreted correctly
- ufw firewall configuration support added to the Linux firewall plugin
Acquire changes:
- Add collection of OSX DHCP settings and application's Info.plist paths
- Improved collection of Linux volatile paths (/proc & /sys)
- Add collection of paths related to Windows memoy
- IIS artefacts are now collected by default in the "full" profile
Contributors
Thanks to our contributors for making this release possible:
@0x49736b
@cobyge
@idem-s1n
@JSCU-CNI
@OlafHaalstra
@Paradoxis
@RGlintmeijer
@sMezaOrellana
@Zawadidone
Full Changelogs
dissect: 3.8.1 → 3.9
https://github.com/fox-it/dissect/releases/tag/3.9
dissect.cim: 💤3.7 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.7
dissect.clfs: 💤1.6 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.6
dissect.cstruct: 3.9 → 3.10
https://github.com/fox-it/dissect.cstruct/releases/tag/3.10
dissect.esedb: 3.8 → 3.9
https://github.com/fox-it/dissect.esedb/releases/tag/3.9
dissect.etl: 💤3.7 (no changes)
https://github.com/fox-it/dissect.etl/releases/tag/3.7
dissect.eventlog: 💤3.6 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.6
dissect.evidence: 3.6 → 3.7
https://github.com/fox-it/dissect.evidence/releases/tag/3.7
dissect.executable: 💤1.4 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.4
dissect.extfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.extfs/releases/tag/3.6
dissect.fat: 💤3.6 (no changes)
https://github.com/fox-it/dissect.fat/releases/tag/3.6
dissect.ffs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ffs/releases/tag/3.6
dissect.hypervisor: 3.8 → 3.9
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.9
dissect.ntfs: 💤3.7 (no changes)
https://github.com/fox-it/dissect.ntfs/releases/tag/3.7
dissect.ole: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.6
dissect.regf: 💤3.7 (no changes)
https://github.com/fox-it/dissect.regf/releases/tag/3.7
dissect.shellitem: 💤3.6 (no changes)
https://github.com/fox-it/dissect.shellitem/releases/tag/3.6
dissect.sql: 💤3.6 (no changes)
https://github.com/fox-it/dissect.sql/releases/tag/3.6
dissect.squashfs: 💤1.3 (no changes)
https://github.com/fox-it/dissect.squashfs/releases/tag/1.3
dissect.target: 3.11.1 → 3.12
https://github.com/fox-it/dissect.target/releases/tag/3.12
dissect.thumbcache: 1.5 → 1.6
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.6
dissect.util: 3.10 → 3.11
https://github.com/fox-it/dissect.util/releases/tag/3.11
dissect.vmfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.vmfs/releases/tag/3.6
dissect.volume: 3.6 → 3.7
https://github.com/fox-it/dissect.volume/releases/tag/3.7
dissect.xfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.xfs/releases/tag/3.6