Skip to content

Releases: fox-it/dissect

3.17

18 Nov 15:54
7869cb3
Compare
Choose a tag to compare

Highlights

New projects

  • dissect.fve: access encrypted LUKS and Microsoft Bitlocker volumes

New Containers

  • Support for BSD Vinum volumes in dissect.volume

Plugins

  • New MacOS network interface plugin
  • New Windows network interface plugin
  • The registry plugin now also looks for registry files in places used by legacy Windows versions
  • New Ubuntu snap application package manager plugin
  • New Windows installed applications plugin
  • New Windows MSSQL log

Tools

  • It is now possible to set aliases at runtime in target-shell
  • Add support for an rc start-up file in target-shell
  • target-shell can now be invoked with a -c option to directly execute commands
  • target-query can now output the list of plugins and loaders in json format with the --as-json option

Misc

  • Add birthtime, blocksize and number of blocks to various filesystem's stat output
  • The configuration parser is extended to access binary configurations
  • The configuration parser is extended to parse .env files

Contributors

Thanks to our contributors for making this release possible:

@fox-evv
@h0ckeyst1ck
@JazzCore
@JSCU-CNI

Full Changelogs

dissect: 3.16.1 → 3.17
https://github.com/fox-it/dissect/releases/tag/3.17
dissect.archive: 1.2 → 1.4
https://github.com/fox-it/dissect.archive/releases/tag/1.4
dissect.btrfs: 1.5 → 1.6
https://github.com/fox-it/dissect.btrfs/releases/tag/1.6
dissect.cim: 💤3.10 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.10
dissect.clfs: 💤1.9 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.9
dissect.cstruct: 4.1 → 4.3
https://github.com/fox-it/dissect.cstruct/releases/tag/4.3
dissect.esedb: 💤3.14 (no changes)
https://github.com/fox-it/dissect.esedb/releases/tag/3.14
dissect.etl: 💤3.10 (no changes)
https://github.com/fox-it/dissect.etl/releases/tag/3.10
dissect.eventlog: 💤3.9 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.9
dissect.evidence: 💤3.10 (no changes)
https://github.com/fox-it/dissect.evidence/releases/tag/3.10
dissect.executable: 💤1.7 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.7
dissect.extfs: 3.11 → 3.12
https://github.com/fox-it/dissect.extfs/releases/tag/3.12
dissect.fat: 3.10 → 3.11
https://github.com/fox-it/dissect.fat/releases/tag/3.11
dissect.ffs: 3.9 → 3.10
https://github.com/fox-it/dissect.ffs/releases/tag/3.10
dissect.fve: ✨4.0
https://github.com/fox-it/dissect.fve/releases/tag/4.0
dissect.hypervisor: 3.15 → 3.16
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.16
dissect.jffs: 💤1.3 (no changes)
https://github.com/fox-it/dissect.jffs/releases/tag/1.3
dissect.ntfs: 3.12 → 3.13
https://github.com/fox-it/dissect.ntfs/releases/tag/3.13
dissect.ole: 💤3.9 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.9
dissect.regf: 💤3.11 (no changes)
https://github.com/fox-it/dissect.regf/releases/tag/3.11
dissect.shellitem: 💤3.10 (no changes)
https://github.com/fox-it/dissect.shellitem/releases/tag/3.10
dissect.sql: 💤3.10 (no changes)
https://github.com/fox-it/dissect.sql/releases/tag/3.10
dissect.squashfs: 1.7 → 1.8
https://github.com/fox-it/dissect.squashfs/releases/tag/1.8
dissect.target: 3.19 → 3.20
https://github.com/fox-it/dissect.target/releases/tag/3.20
dissect.thumbcache: 💤1.9 (no changes)
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.9
dissect.util: 3.18 → 3.19
https://github.com/fox-it/dissect.util/releases/tag/3.19
dissect.vmfs: 3.9 → 3.10
https://github.com/fox-it/dissect.vmfs/releases/tag/3.10
dissect.volume: 3.12 → 3.13
https://github.com/fox-it/dissect.volume/releases/tag/3.13
dissect.xfs: 3.10 → 3.11
https://github.com/fox-it/dissect.xfs/releases/tag/3.11

3.16.1: Do not install the lz4 and lzo extras of dissect.util by default (#68)

16 Sep 14:19
5e23a97
Compare
Choose a tag to compare

This release is identical to 3.16.1, except the hard dependencies on the lz4 and lzo extras of dissect.util are turned into extras of the dissect package itself. These extras are not installed by default.
If you want optimized "native" code for lz4 and lzo decompression, you should install dissect using these extras like:

pip install dissect[lz4,lzo]

Highlights

  • Plugins:
    • New libvirt and qemu child plugins
    • New plugin to extract unsaved notepad tabs
    • 90% speedup in walkfs plugin
    • New plugin to extract windows update agent information
    • New plugin to extract Windows Jump List information
    • New MFT segmentation ability
    • Option to use a different starting directory in etc plugin using --root
    • Support for Windows 10 added in Windows USB plugin
    • Yara plugin was separated from target-query into target-yara command
  • Loaders:
    • VirtualBox .vdi files loader now case insensitive for the format attributes
    • Graceful handle for missing physical disks in LVM
    • New support for Android backups
  • OS support:
    • More robust ESXi OS initialization
  • target-tools:
    • New options added to target-fs ls (-l and -h),
    • Cleanup and extension of a number of target-shell commands
    • Shell history added to traget-shell
  • Misc:
    • If a project (currently dissect.target, dissect.squashfs and dissect.target) uses lzo/lz4 it will now automatically fall back to the pure python implementation in dissect.util if no C version is installed
    • cstruct fix for nested structure definitions

Contributors

Thanks to our contributors for making this release possible:

@EmilienCourt
@joost-j
@JSCU-CNI
@M1ra1B0T
@Matthijsy
@michoebey
@mick-314
@OlafHaalstra
@Zawadidone

Full Changelogs

dissect: 3.15 → 3.16
https://github.com/fox-it/dissect/releases/tag/3.16
dissect.archive: 💤1.2 (no changes)
https://github.com/fox-it/dissect.archive/releases/tag/1.2
dissect.btrfs: 1.4 → 1.5
https://github.com/fox-it/dissect.btrfs/releases/tag/1.5
dissect.cim: 💤3.10 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.10
dissect.clfs: 💤1.9 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.9
dissect.cstruct: 4.0 → 4.1
https://github.com/fox-it/dissect.cstruct/releases/tag/4.1
dissect.esedb: 💤3.14 (no changes)
https://github.com/fox-it/dissect.esedb/releases/tag/3.14
dissect.etl: 💤3.10 (no changes)
https://github.com/fox-it/dissect.etl/releases/tag/3.10
dissect.eventlog: 💤3.9 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.9
dissect.evidence: 💤3.10 (no changes)
https://github.com/fox-it/dissect.evidence/releases/tag/3.10
dissect.executable: 💤1.7 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.7
dissect.extfs: 💤3.11 (no changes)
https://github.com/fox-it/dissect.extfs/releases/tag/3.11
dissect.fat: 💤3.10 (no changes)
https://github.com/fox-it/dissect.fat/releases/tag/3.10
dissect.ffs: 💤3.9 (no changes)
https://github.com/fox-it/dissect.ffs/releases/tag/3.9
dissect.hypervisor: 3.14 → 3.15
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.15
dissect.jffs: 💤1.3 (no changes)
https://github.com/fox-it/dissect.jffs/releases/tag/1.3
dissect.ntfs: 3.11 → 3.12
https://github.com/fox-it/dissect.ntfs/releases/tag/3.12
dissect.ole: 💤3.9 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.9
dissect.regf: 💤3.11 (no changes)
https://github.com/fox-it/dissect.regf/releases/tag/3.11
dissect.shellitem: 3.9 → 3.10
https://github.com/fox-it/dissect.shellitem/releases/tag/3.10
dissect.sql: 💤3.10 (no changes)
https://github.com/fox-it/dissect.sql/releases/tag/3.10
dissect.squashfs: 1.6 → 1.7
https://github.com/fox-it/dissect.squashfs/releases/tag/1.7
dissect.target: 3.18 → 3.19
https://github.com/fox-it/dissect.target/releases/tag/3.19
dissect.thumbcache: 💤1.9 (no changes)
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.9
dissect.util: 3.17 → 3.18
https://github.com/fox-it/dissect.util/releases/tag/3.18
dissect.vmfs: 💤3.9 (no changes)
https://github.com/fox-it/dissect.vmfs/releases/tag/3.9
dissect.volume: 3.11 → 3.12
https://github.com/fox-it/dissect.volume/releases/tag/3.12
dissect.xfs: 💤3.10 (no changes)
https://github.com/fox-it/dissect.xfs/releases/tag/3.10

3.16

10 Sep 12:52
a1aeaa7
Compare
Choose a tag to compare

Highlights

  • Plugins:
    • new libvirt and qemu child plugins,
    • new plugin to extract unsaved notepad tabs,
    • large speedup in the walkfs plugin,
    • new plugin to extract windows update agent information,
    • new plugin to extract Windows Jump List information.
  • Loaders:
    • the loader for VirtualBox .vdi files now ignores the case of this extension,
    • graceful handle missing physical disks in LVM.
  • OS support:
    • more robust ESXi OS initialization.
  • misc:
    • if a project (currently dissect.target, dissect.squashfs and dissect.target) uses lzo/lz4 it will now automatically fall back to the pure python implementation in dissect.util if no C version is installed,
    • cstruct fix for nested structure definitions,
    • new options added to target-fs ls (-l and -h),
    • cleanup and extension of a number of target-shell commands,
    • added shell history to traget-shell.

Contributors

Thanks to our contributors for making this release possible:

@EmilienCourt
@joost-j
@JSCU-CNI
@M1ra1B0T
@Matthijsy
@michoebey
@mick-314
@OlafHaalstra
@Zawadidone

Full Changelogs

dissect: 3.15 → 3.16
https://github.com/fox-it/dissect/releases/tag/3.16
dissect.archive: 💤1.2 (no changes)
https://github.com/fox-it/dissect.archive/releases/tag/1.2
dissect.btrfs: 1.4 → 1.5
https://github.com/fox-it/dissect.btrfs/releases/tag/1.5
dissect.cim: 💤3.10 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.10
dissect.clfs: 💤1.9 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.9
dissect.cstruct: 4.0 → 4.1
https://github.com/fox-it/dissect.cstruct/releases/tag/4.1
dissect.esedb: 💤3.14 (no changes)
https://github.com/fox-it/dissect.esedb/releases/tag/3.14
dissect.etl: 💤3.10 (no changes)
https://github.com/fox-it/dissect.etl/releases/tag/3.10
dissect.eventlog: 💤3.9 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.9
dissect.evidence: 💤3.10 (no changes)
https://github.com/fox-it/dissect.evidence/releases/tag/3.10
dissect.executable: 💤1.7 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.7
dissect.extfs: 💤3.11 (no changes)
https://github.com/fox-it/dissect.extfs/releases/tag/3.11
dissect.fat: 💤3.10 (no changes)
https://github.com/fox-it/dissect.fat/releases/tag/3.10
dissect.ffs: 💤3.9 (no changes)
https://github.com/fox-it/dissect.ffs/releases/tag/3.9
dissect.hypervisor: 3.14 → 3.15
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.15
dissect.jffs: 💤1.3 (no changes)
https://github.com/fox-it/dissect.jffs/releases/tag/1.3
dissect.ntfs: 3.11 → 3.12
https://github.com/fox-it/dissect.ntfs/releases/tag/3.12
dissect.ole: 💤3.9 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.9
dissect.regf: 💤3.11 (no changes)
https://github.com/fox-it/dissect.regf/releases/tag/3.11
dissect.shellitem: 3.9 → 3.10
https://github.com/fox-it/dissect.shellitem/releases/tag/3.10
dissect.sql: 💤3.10 (no changes)
https://github.com/fox-it/dissect.sql/releases/tag/3.10
dissect.squashfs: 1.6 → 1.7
https://github.com/fox-it/dissect.squashfs/releases/tag/1.7
dissect.target: 3.18 → 3.19
https://github.com/fox-it/dissect.target/releases/tag/3.19
dissect.thumbcache: 💤1.9 (no changes)
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.9
dissect.util: 3.17 → 3.18
https://github.com/fox-it/dissect.util/releases/tag/3.18
dissect.vmfs: 💤3.9 (no changes)
https://github.com/fox-it/dissect.vmfs/releases/tag/3.9
dissect.volume: 3.11 → 3.12
https://github.com/fox-it/dissect.volume/releases/tag/3.12
dissect.xfs: 💤3.10 (no changes)
https://github.com/fox-it/dissect.xfs/releases/tag/3.10

3.15

01 Jul 09:33
2ac8c15
Compare
Choose a tag to compare

Highlights

  • Release of dissect.cstruct V.4.0 - major rewrite of dissect core engine! Further details
  • target tools usability:
    • Improved error description
    • Indication for cache use
    • Configurations query plugin including the use of glob patterns in searches
  • MPLog parser added to Windows Defender plugin
  • Identification of Windows 11 build improved

Contributors

Thanks to our contributors for making this release possible:

@JSCU-CNI

Full Changelogs

dissect: 3.14 → 3.15
https://github.com/fox-it/dissect/releases/tag/3.15
dissect.archive: 1.1 → 1.2
https://github.com/fox-it/dissect.archive/releases/tag/1.2
dissect.btrfs: 1.3 → 1.4
https://github.com/fox-it/dissect.btrfs/releases/tag/1.4
dissect.cim: 3.9 → 3.10
https://github.com/fox-it/dissect.cim/releases/tag/3.10
dissect.clfs: 1.8 → 1.9
https://github.com/fox-it/dissect.clfs/releases/tag/1.9
dissect.cstruct: 3.14 → 4.0
https://github.com/fox-it/dissect.cstruct/releases/tag/4.0
dissect.esedb: 3.13 → 3.14
https://github.com/fox-it/dissect.esedb/releases/tag/3.14
dissect.etl: 3.9 → 3.10
https://github.com/fox-it/dissect.etl/releases/tag/3.10
dissect.eventlog: 3.8 → 3.9
https://github.com/fox-it/dissect.eventlog/releases/tag/3.9
dissect.evidence: 3.9 → 3.10
https://github.com/fox-it/dissect.evidence/releases/tag/3.10
dissect.executable: 1.6 → 1.7
https://github.com/fox-it/dissect.executable/releases/tag/1.7
dissect.extfs: 3.10 → 3.11
https://github.com/fox-it/dissect.extfs/releases/tag/3.11
dissect.fat: 3.9 → 3.10
https://github.com/fox-it/dissect.fat/releases/tag/3.10
dissect.ffs: 3.8 → 3.9
https://github.com/fox-it/dissect.ffs/releases/tag/3.9
dissect.hypervisor: 3.13 → 3.14
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.14
dissect.jffs: 1.2 → 1.3
https://github.com/fox-it/dissect.jffs/releases/tag/1.3
dissect.ntfs: 3.10 → 3.11
https://github.com/fox-it/dissect.ntfs/releases/tag/3.11
dissect.ole: 3.8 → 3.9
https://github.com/fox-it/dissect.ole/releases/tag/3.9
dissect.regf: 3.10 → 3.11
https://github.com/fox-it/dissect.regf/releases/tag/3.11
dissect.shellitem: 3.8 → 3.9
https://github.com/fox-it/dissect.shellitem/releases/tag/3.9
dissect.sql: 3.9 → 3.10
https://github.com/fox-it/dissect.sql/releases/tag/3.10
dissect.squashfs: 1.5 → 1.6
https://github.com/fox-it/dissect.squashfs/releases/tag/1.6
dissect.target: 3.17 → 3.18
https://github.com/fox-it/dissect.target/releases/tag/3.18
dissect.thumbcache: 1.8 → 1.9
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.9
dissect.util: 3.16 → 3.17
https://github.com/fox-it/dissect.util/releases/tag/3.17
dissect.vmfs: 3.8 → 3.9
https://github.com/fox-it/dissect.vmfs/releases/tag/3.9
dissect.volume: 3.10 → 3.11
https://github.com/fox-it/dissect.volume/releases/tag/3.11
dissect.xfs: 3.9 → 3.10
https://github.com/fox-it/dissect.xfs/releases/tag/3.10

Release dissect 3.14

08 May 12:56
3da3d70
Compare
Choose a tag to compare

Highlights

New project created:

  • dissect.archive: Adds parsers for various archive and backup formats
    • Support for WIM format (except for split files)

Notable changes:

  • Acquire:
    • Better de-duplication of paths
    • Consistent casing of drive letters in windows acquires
    • You can now target multiple targets!
    • Addtional AnyDesk paths collected
  • dissect.ntfs:
    • Ability to yield MFT segments in specified ranges
  • dissect.target:
    • Uses new flow.record v.3.15
    • Added a layer filesystem that extends the root filesystem
    • Support for TOML in Unix Config Parser
    • target-dump supports namespace plugins
    • Support for Fortinet FW files
    • Catroot plugin refactored and improved
  • flow.record: Changes to the TCP Splunk adapter:
    • type field renamed rdtype
    • Additional internal record fields added:
      • rd__source from _source
      • rd__classification from _classification
      • rd_generated from _generated

Contributors

Thanks to our contributors for making this release possible:

@Bopobopob
@d3dave
@joost-j
@JSCU-CNI
@M1ra1B0T
@MaxGroot
@mnrkbys
@Zawadidone

Full Changelogs

dissect: 3.13 → 3.14
https://github.com/fox-it/dissect/releases/tag/3.14
dissect.archive: ✨1.1
https://github.com/fox-it/dissect.archive/releases/tag/1.1
dissect.btrfs: 1.2 → 1.3
https://github.com/fox-it/dissect.btrfs/releases/tag/1.3
dissect.cim: 3.8 → 3.9
https://github.com/fox-it/dissect.cim/releases/tag/3.9
dissect.clfs: 1.7 → 1.8
https://github.com/fox-it/dissect.clfs/releases/tag/1.8
dissect.cstruct: 3.13 → 3.14
https://github.com/fox-it/dissect.cstruct/releases/tag/3.14
dissect.esedb: 3.12 → 3.13
https://github.com/fox-it/dissect.esedb/releases/tag/3.13
dissect.etl: 3.8 → 3.9
https://github.com/fox-it/dissect.etl/releases/tag/3.9
dissect.eventlog: 3.7 → 3.8
https://github.com/fox-it/dissect.eventlog/releases/tag/3.8
dissect.evidence: 3.8 → 3.9
https://github.com/fox-it/dissect.evidence/releases/tag/3.9
dissect.executable: 1.5 → 1.6
https://github.com/fox-it/dissect.executable/releases/tag/1.6
dissect.extfs: 3.9 → 3.10
https://github.com/fox-it/dissect.extfs/releases/tag/3.10
dissect.fat: 3.8 → 3.9
https://github.com/fox-it/dissect.fat/releases/tag/3.9
dissect.ffs: 3.7 → 3.8
https://github.com/fox-it/dissect.ffs/releases/tag/3.8
dissect.hypervisor: 3.12 → 3.13
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.13
dissect.jffs: 1.1 → 1.2
https://github.com/fox-it/dissect.jffs/releases/tag/1.2
dissect.ntfs: 3.9 → 3.10
https://github.com/fox-it/dissect.ntfs/releases/tag/3.10
dissect.ole: 3.7 → 3.8
https://github.com/fox-it/dissect.ole/releases/tag/3.8
dissect.regf: 3.9 → 3.10
https://github.com/fox-it/dissect.regf/releases/tag/3.10
dissect.shellitem: 3.7 → 3.8
https://github.com/fox-it/dissect.shellitem/releases/tag/3.8
dissect.sql: 3.8 → 3.9
https://github.com/fox-it/dissect.sql/releases/tag/3.9
dissect.squashfs: 1.4 → 1.5
https://github.com/fox-it/dissect.squashfs/releases/tag/1.5
dissect.target: 3.16 → 3.17
https://github.com/fox-it/dissect.target/releases/tag/3.17
dissect.thumbcache: 1.7 → 1.8
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.8
dissect.util: 3.15 → 3.16
https://github.com/fox-it/dissect.util/releases/tag/3.16
dissect.vmfs: 3.7 → 3.8
https://github.com/fox-it/dissect.vmfs/releases/tag/3.8
dissect.volume: 3.9 → 3.10
https://github.com/fox-it/dissect.volume/releases/tag/3.10
dissect.xfs: 3.8 → 3.9
https://github.com/fox-it/dissect.xfs/releases/tag/3.9

Release dissect 3.13 (#48)

08 Mar 08:58
97ced28
Compare
Choose a tag to compare

Highlights

New filesystem support

  • vmtar (archive based filesystem)
  • cpio (archive based filesystem)

New plugins

  • Brave browser plugin as apps.browser.brave
  • Docker logs plugin as apps.container.docker.logs
  • Linux locate plugin as os.unix.locate

Plugin improvements

  • The Firefox and Chromium-based browser plugins now support reporting cookie data
  • In absence of configuration files, the IIS plugin wil try to find logs in default directories
  • The Windows Error Report Plugin is made more robust against keys that clash with restricted record names
  • The Windows Defender plugin now properly sets the ts (timestamp) field

Misc changes

  • Windows installations on drive letters other than C:\ are now supported
  • On Linux systems mounts by label are now supported
  • The unified configuration parser now supports JSON, YAML and XML
  • Integrated test runs on Windows in the CI pipeline
  • Support TPM encrypted ESXi "local state" filesystem

Contributors

Thanks to our contributors for making this release possible:

@florisvanstal
@JSCU-CNI
@YoeriNijs
@Zawadidone

Full Changelogs

dissect: 3.12 → 3.13
https://github.com/fox-it/dissect/releases/tag/3.13
dissect.btrfs: 1.1 → 1.2
https://github.com/fox-it/dissect.btrfs/releases/tag/1.2
dissect.cim: 3.7 → 3.8
https://github.com/fox-it/dissect.cim/releases/tag/3.8
dissect.clfs: 1.6 → 1.7
https://github.com/fox-it/dissect.clfs/releases/tag/1.7
dissect.cstruct: 3.12 → 3.13
https://github.com/fox-it/dissect.cstruct/releases/tag/3.13
dissect.esedb: 3.11 → 3.12
https://github.com/fox-it/dissect.esedb/releases/tag/3.12
dissect.etl: 3.7 → 3.8
https://github.com/fox-it/dissect.etl/releases/tag/3.8
dissect.eventlog: 3.6 → 3.7
https://github.com/fox-it/dissect.eventlog/releases/tag/3.7
dissect.evidence: 3.7 → 3.8
https://github.com/fox-it/dissect.evidence/releases/tag/3.8
dissect.executable: 1.4 → 1.5
https://github.com/fox-it/dissect.executable/releases/tag/1.5
dissect.extfs: 3.8 → 3.9
https://github.com/fox-it/dissect.extfs/releases/tag/3.9
dissect.fat: 3.7 → 3.8
https://github.com/fox-it/dissect.fat/releases/tag/3.8
dissect.ffs: 3.6 → 3.7
https://github.com/fox-it/dissect.ffs/releases/tag/3.7
dissect.hypervisor: 3.11 → 3.12
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.12
dissect.jffs: 1.0 → 1.1
https://github.com/fox-it/dissect.jffs/releases/tag/1.1
dissect.ntfs: 3.8 → 3.9
https://github.com/fox-it/dissect.ntfs/releases/tag/3.9
dissect.ole: 3.6 → 3.7
https://github.com/fox-it/dissect.ole/releases/tag/3.7
dissect.regf: 3.8 → 3.9
https://github.com/fox-it/dissect.regf/releases/tag/3.9
dissect.shellitem: 3.6 → 3.7
https://github.com/fox-it/dissect.shellitem/releases/tag/3.7
dissect.sql: 3.7 → 3.8
https://github.com/fox-it/dissect.sql/releases/tag/3.8
dissect.squashfs: 1.3 → 1.4
https://github.com/fox-it/dissect.squashfs/releases/tag/1.4
dissect.target: 3.15 → 3.16
https://github.com/fox-it/dissect.target/releases/tag/3.16
dissect.thumbcache: 1.6 → 1.7
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.7
dissect.util: 3.14 → 3.15
https://github.com/fox-it/dissect.util/releases/tag/3.15
dissect.vmfs: 3.6 → 3.7
https://github.com/fox-it/dissect.vmfs/releases/tag/3.7
dissect.volume: 3.8 → 3.9
https://github.com/fox-it/dissect.volume/releases/tag/3.9
dissect.xfs: 3.7 → 3.8
https://github.com/fox-it/dissect.xfs/releases/tag/3.8

Release dissect 3.12 (#45)

26 Jan 13:45
2109b5d
Compare
Choose a tag to compare

Highlights

New platforms

  • The FortiOS platform is now supported as a Linux sub-OS

New filesystem support

  • jffs is now also available in dissect.target

Filesystem improvements

  • Sparse indirect blocks in ExtFS now work properly
  • Improved parsing of complex ACLs in NTFS

New plugins

  • A PuTTY plugin is added to the apps/ssh section
  • A Citrix Netscaler webserver logs plugin is added to the apps/webservers section
  • A SchedLgU plugin to parse SchedLgU.txt logs is added to the os/windows/log section

Misc changes

  • Speed improvements in reading esedb records
  • Virtual NTFS filesystems are now acquired properly
  • Acquired files from case insensitive filesystems are now correctly de-duplicated
  • Numerous miscellaneous Linux and Windows artifacts are added to acquire to be collected
  • TargetPath now supports Python 3.12 (and as a consequence so does the whole of dissect)
  • The Yara plugin is now supported by using our own pre-build yara-python-wheel pypi repository
  • target-shell now has more cyber
  • fuse3 support is added to target-mount

Contributors

Thanks to our contributors for making this release possible:

@burneykb
@diversenok
@JSCU-CNI
@MaxGroot
@Repsay
@JazzCore
@ydkhatri
@Zawadidone

Full Changelogs

dissect: 3.11 → 3.12
https://github.com/fox-it/dissect/releases/tag/3.12
dissect.btrfs: 💤1.1 (no changes)
https://github.com/fox-it/dissect.btrfs/releases/tag/1.1
dissect.cim: 💤3.7 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.7
dissect.clfs: 💤1.6 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.6
dissect.cstruct: 3.11 → 3.12
https://github.com/fox-it/dissect.cstruct/releases/tag/3.12
dissect.esedb: 3.10 → 3.11
https://github.com/fox-it/dissect.esedb/releases/tag/3.11
dissect.etl: 💤3.7 (no changes)
https://github.com/fox-it/dissect.etl/releases/tag/3.7
dissect.eventlog: 💤3.6 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.6
dissect.evidence: 💤3.7 (no changes)
https://github.com/fox-it/dissect.evidence/releases/tag/3.7
dissect.executable: 💤1.4 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.4
dissect.extfs: 3.7 → 3.8
https://github.com/fox-it/dissect.extfs/releases/tag/3.8
dissect.fat: 💤3.7 (no changes)
https://github.com/fox-it/dissect.fat/releases/tag/3.7
dissect.ffs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ffs/releases/tag/3.6
dissect.hypervisor: 3.10 → 3.11
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.11
dissect.jffs: 💤1.0 (no changes)
https://github.com/fox-it/dissect.jffs/releases/tag/1.0
dissect.ntfs: 3.7 → 3.8
https://github.com/fox-it/dissect.ntfs/releases/tag/3.8
dissect.ole: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.6
dissect.regf: 💤3.8 (no changes)
https://github.com/fox-it/dissect.regf/releases/tag/3.8
dissect.shellitem: 💤3.6 (no changes)
https://github.com/fox-it/dissect.shellitem/releases/tag/3.6
dissect.sql: 💤3.7 (no changes)
https://github.com/fox-it/dissect.sql/releases/tag/3.7
dissect.squashfs: 💤1.3 (no changes)
https://github.com/fox-it/dissect.squashfs/releases/tag/1.3
dissect.target: 3.14 → 3.15
https://github.com/fox-it/dissect.target/releases/tag/3.15
dissect.thumbcache: 💤1.6 (no changes)
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.6
dissect.util: 3.13 → 3.14
https://github.com/fox-it/dissect.util/releases/tag/3.14
dissect.vmfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.vmfs/releases/tag/3.6
dissect.volume: 3.7 → 3.8
https://github.com/fox-it/dissect.volume/releases/tag/3.8
dissect.xfs: 3.6 → 3.7
https://github.com/fox-it/dissect.xfs/releases/tag/3.7

Release dissect 3.11 (#41)

18 Dec 12:54
2b5d9a6
Compare
Choose a tag to compare

Highlights

New filesystem support

  • btrfs
  • jffs (not yet available in dissect.target)

Improved plugins

  • Unix acitivity robustness
  • Windows CIM (consumerbindings) database robustness
  • Windows MRUList robustness
  • Windows teamviewer robustness in datetime parsing
  • Windows iexplore.downloads robustness
  • sshd.config proper config parsing of multiple values for the same key
  • walkfs now walks the target's root filesystem instead of all the separate filesystems

Misc changes

  • Most unit tests should now also run on windows
  • Improved output for the --hash option of target-query
  • Previously detected but unmounted filesystems are now mounted under $fs$/fs<idx>
  • Improved support for Alpine Linux
  • target-shell deals better with unicode characters in path and file names

Contributors

Thanks to our contributors for making this release possible:

@JSCU-CNI
@Paradoxis
@Zawadidone

Full Changelogs

dissect: 3.10 → 3.11
https://github.com/fox-it/dissect/releases/tag/3.11
dissect.btrfs: ✨1.1
https://github.com/fox-it/dissect.btrfs/releases/tag/1.1
dissect.cim: 💤3.7 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.7
dissect.clfs: 💤1.6 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.6
dissect.cstruct: 3.10 → 3.11
https://github.com/fox-it/dissect.cstruct/releases/tag/3.11
dissect.esedb: 3.9 → 3.10
https://github.com/fox-it/dissect.esedb/releases/tag/3.10
dissect.etl: 💤3.7 (no changes)
https://github.com/fox-it/dissect.etl/releases/tag/3.7
dissect.eventlog: 💤3.6 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.6
dissect.evidence: 💤3.7 (no changes)
https://github.com/fox-it/dissect.evidence/releases/tag/3.7
dissect.executable: 💤1.4 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.4
dissect.extfs: 3.6 → 3.7
https://github.com/fox-it/dissect.extfs/releases/tag/3.7
dissect.fat: 💤3.7 (no changes)
https://github.com/fox-it/dissect.fat/releases/tag/3.7
dissect.ffs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ffs/releases/tag/3.6
dissect.hypervisor: 💤3.10 (no changes)
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.10
dissect.jffs: ✨1.0
https://github.com/fox-it/dissect.jffs/releases/tag/1.0
dissect.ntfs: 💤3.7 (no changes)
https://github.com/fox-it/dissect.ntfs/releases/tag/3.7
dissect.ole: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.6
dissect.regf: 💤3.8 (no changes)
https://github.com/fox-it/dissect.regf/releases/tag/3.8
dissect.shellitem: 💤3.6 (no changes)
https://github.com/fox-it/dissect.shellitem/releases/tag/3.6
dissect.sql: 💤3.7 (no changes)
https://github.com/fox-it/dissect.sql/releases/tag/3.7
dissect.squashfs: 💤1.3 (no changes)
https://github.com/fox-it/dissect.squashfs/releases/tag/1.3
dissect.target: 3.13 → 3.14
https://github.com/fox-it/dissect.target/releases/tag/3.14
dissect.thumbcache: 💤1.6 (no changes)
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.6
dissect.util: 3.12 → 3.13
https://github.com/fox-it/dissect.util/releases/tag/3.13
dissect.vmfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.vmfs/releases/tag/3.6
dissect.volume: 💤3.7 (no changes)
https://github.com/fox-it/dissect.volume/releases/tag/3.7
dissect.xfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.xfs/releases/tag/3.6

Release dissect 3.10 (#39)

08 Nov 14:50
515c2e0
Compare
Choose a tag to compare

Highlights

Misc Changes

  • target-info is made more robust against missing information in a target.
  • A unified configuration parser to parse configuration files is added. For now it parses:
    • .ini files,
    • files with key<separator>value entries,
    • plain text files (like shell scripts as configuration),
    • systemd type configuration files,
    • ssh(d) type configuration files.
  • target-shell on unix type systems got a registry command, which will use the etc plugin which builds on top of the unified configuration parser.
  • target-query got a --dry-run option to show which functions (specified by -f) would have been executed on a target.
  • target-query got a -xf option to exclude functions sepcified by -f. This is useful to exclude certain functions when wildcards are used in the -f option.
  • The --hash option of target-query is fixed, as it was broken after last release.

New loaders

  • Open Virtual Appliance (OVA) files.

New volumes

  • LUKS v2 volumes are now supported.
  • DDF (Disk Data Format, the RAID disk format used by for Dell systems) volumes are now supported.

New Plugins

  • An etc plugin is added for unix type systems which uses the unified configuration parser.

Updated Plugins

  • The wireguard plugin is more robust against missing data in configuration files, which can happen on Windows systems.
  • The linux _os plugin now supports /dev/disk/by-uuid fstab entries.

Contributors

Thanks to our contributors for making this release possible:

@JSCU-CNI

Full Changelogs

dissect: 3.9 → 3.10
https://github.com/fox-it/dissect/releases/tag/3.10
dissect.cim: 💤3.7 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.7
dissect.clfs: 💤1.6 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.6
dissect.cstruct: 💤3.10 (no changes)
https://github.com/fox-it/dissect.cstruct/releases/tag/3.10
dissect.esedb: 💤3.9 (no changes)
https://github.com/fox-it/dissect.esedb/releases/tag/3.9
dissect.etl: 💤3.7 (no changes)
https://github.com/fox-it/dissect.etl/releases/tag/3.7
dissect.eventlog: 💤3.6 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.6
dissect.evidence: 💤3.7 (no changes)
https://github.com/fox-it/dissect.evidence/releases/tag/3.7
dissect.executable: 💤1.4 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.4
dissect.extfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.extfs/releases/tag/3.6
dissect.fat: 3.6 → 3.7
https://github.com/fox-it/dissect.fat/releases/tag/3.7
dissect.ffs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ffs/releases/tag/3.6
dissect.hypervisor: 3.9 → 3.10
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.10
dissect.ntfs: 💤3.7 (no changes)
https://github.com/fox-it/dissect.ntfs/releases/tag/3.7
dissect.ole: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.6
dissect.regf: 3.7 → 3.8
https://github.com/fox-it/dissect.regf/releases/tag/3.8
dissect.shellitem: 💤3.6 (no changes)
https://github.com/fox-it/dissect.shellitem/releases/tag/3.6
dissect.sql: 3.6 → 3.7
https://github.com/fox-it/dissect.sql/releases/tag/3.7
dissect.squashfs: 💤1.3 (no changes)
https://github.com/fox-it/dissect.squashfs/releases/tag/1.3
dissect.target: 3.12 → 3.13
https://github.com/fox-it/dissect.target/releases/tag/3.13
dissect.thumbcache: 💤1.6 (no changes)
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.6
dissect.util: 3.11 → 3.12
https://github.com/fox-it/dissect.util/releases/tag/3.12
dissect.vmfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.vmfs/releases/tag/3.6
dissect.volume: 💤3.7 (no changes)
https://github.com/fox-it/dissect.volume/releases/tag/3.7
dissect.xfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.xfs/releases/tag/3.6

Release dissect 3.9 (#38)

26 Sep 15:19
5411f06
Compare
Choose a tag to compare

Highlights

Misc changes:

  • dissect.cstruct has a new and vastly improved expression parser
  • Support for various RAID formats and LVM variants
  • Volatile directories are now mounted when running on a local target
  • Add support for decrypting and using System DPAPI secrets on Windows

New loaders:

  • Add a new SMB loader and filesystem to use an SMB share as target

New plugins:

  • cPanel lastlogin files
  • Symantic Secure Endpoint
  • Windows 10 notifications from appdb.dat file
  • multiple plugins for volatile Linux artifacts (sockets, processes)
  • Linux modules and lsmod plugin

Updated plugins

  • IPv6 adresses in UTMP logs are now interpreted correctly
  • ufw firewall configuration support added to the Linux firewall plugin

Acquire changes:

  • Add collection of OSX DHCP settings and application's Info.plist paths
  • Improved collection of Linux volatile paths (/proc & /sys)
  • Add collection of paths related to Windows memoy
  • IIS artefacts are now collected by default in the "full" profile

Contributors

Thanks to our contributors for making this release possible:

@0x49736b
@cobyge
@idem-s1n
@JSCU-CNI
@OlafHaalstra
@Paradoxis
@RGlintmeijer
@sMezaOrellana
@Zawadidone

Full Changelogs

dissect: 3.8.1 → 3.9
https://github.com/fox-it/dissect/releases/tag/3.9
dissect.cim: 💤3.7 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.7
dissect.clfs: 💤1.6 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.6
dissect.cstruct: 3.9 → 3.10
https://github.com/fox-it/dissect.cstruct/releases/tag/3.10
dissect.esedb: 3.8 → 3.9
https://github.com/fox-it/dissect.esedb/releases/tag/3.9
dissect.etl: 💤3.7 (no changes)
https://github.com/fox-it/dissect.etl/releases/tag/3.7
dissect.eventlog: 💤3.6 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.6
dissect.evidence: 3.6 → 3.7
https://github.com/fox-it/dissect.evidence/releases/tag/3.7
dissect.executable: 💤1.4 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.4
dissect.extfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.extfs/releases/tag/3.6
dissect.fat: 💤3.6 (no changes)
https://github.com/fox-it/dissect.fat/releases/tag/3.6
dissect.ffs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ffs/releases/tag/3.6
dissect.hypervisor: 3.8 → 3.9
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.9
dissect.ntfs: 💤3.7 (no changes)
https://github.com/fox-it/dissect.ntfs/releases/tag/3.7
dissect.ole: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.6
dissect.regf: 💤3.7 (no changes)
https://github.com/fox-it/dissect.regf/releases/tag/3.7
dissect.shellitem: 💤3.6 (no changes)
https://github.com/fox-it/dissect.shellitem/releases/tag/3.6
dissect.sql: 💤3.6 (no changes)
https://github.com/fox-it/dissect.sql/releases/tag/3.6
dissect.squashfs: 💤1.3 (no changes)
https://github.com/fox-it/dissect.squashfs/releases/tag/1.3
dissect.target: 3.11.1 → 3.12
https://github.com/fox-it/dissect.target/releases/tag/3.12
dissect.thumbcache: 1.5 → 1.6
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.6
dissect.util: 3.10 → 3.11
https://github.com/fox-it/dissect.util/releases/tag/3.11
dissect.vmfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.vmfs/releases/tag/3.6
dissect.volume: 3.6 → 3.7
https://github.com/fox-it/dissect.volume/releases/tag/3.7
dissect.xfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.xfs/releases/tag/3.6