Skip to content

Releases: fox-it/dissect

3.15

01 Jul 09:33
@pyrco pyrco
3.15
2ac8c15
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
3.15 Latest
Latest

Highlights

  • Release of dissect.cstruct V.4.0 - major rewrite of dissect core engine! Further details
  • target tools usability:
    • Improved error description
    • Indication for cache use
    • Configurations query plugin including the use of glob patterns in searches
  • MPLog parser added to Windows Defender plugin
  • Identification of Windows 11 build improved

Contributors

Thanks to our contributors for making this release possible:

@JSCU-CNI

Full Changelogs

dissect: 3.14 → 3.15
https://github.com/fox-it/dissect/releases/tag/3.15
dissect.archive: 1.1 → 1.2
https://github.com/fox-it/dissect.archive/releases/tag/1.2
dissect.btrfs: 1.3 → 1.4
https://github.com/fox-it/dissect.btrfs/releases/tag/1.4
dissect.cim: 3.9 → 3.10
https://github.com/fox-it/dissect.cim/releases/tag/3.10
dissect.clfs: 1.8 → 1.9
https://github.com/fox-it/dissect.clfs/releases/tag/1.9
dissect.cstruct: 3.14 → 4.0
https://github.com/fox-it/dissect.cstruct/releases/tag/4.0
dissect.esedb: 3.13 → 3.14
https://github.com/fox-it/dissect.esedb/releases/tag/3.14
dissect.etl: 3.9 → 3.10
https://github.com/fox-it/dissect.etl/releases/tag/3.10
dissect.eventlog: 3.8 → 3.9
https://github.com/fox-it/dissect.eventlog/releases/tag/3.9
dissect.evidence: 3.9 → 3.10
https://github.com/fox-it/dissect.evidence/releases/tag/3.10
dissect.executable: 1.6 → 1.7
https://github.com/fox-it/dissect.executable/releases/tag/1.7
dissect.extfs: 3.10 → 3.11
https://github.com/fox-it/dissect.extfs/releases/tag/3.11
dissect.fat: 3.9 → 3.10
https://github.com/fox-it/dissect.fat/releases/tag/3.10
dissect.ffs: 3.8 → 3.9
https://github.com/fox-it/dissect.ffs/releases/tag/3.9
dissect.hypervisor: 3.13 → 3.14
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.14
dissect.jffs: 1.2 → 1.3
https://github.com/fox-it/dissect.jffs/releases/tag/1.3
dissect.ntfs: 3.10 → 3.11
https://github.com/fox-it/dissect.ntfs/releases/tag/3.11
dissect.ole: 3.8 → 3.9
https://github.com/fox-it/dissect.ole/releases/tag/3.9
dissect.regf: 3.10 → 3.11
https://github.com/fox-it/dissect.regf/releases/tag/3.11
dissect.shellitem: 3.8 → 3.9
https://github.com/fox-it/dissect.shellitem/releases/tag/3.9
dissect.sql: 3.9 → 3.10
https://github.com/fox-it/dissect.sql/releases/tag/3.10
dissect.squashfs: 1.5 → 1.6
https://github.com/fox-it/dissect.squashfs/releases/tag/1.6
dissect.target: 3.17 → 3.18
https://github.com/fox-it/dissect.target/releases/tag/3.18
dissect.thumbcache: 1.8 → 1.9
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.9
dissect.util: 3.16 → 3.17
https://github.com/fox-it/dissect.util/releases/tag/3.17
dissect.vmfs: 3.8 → 3.9
https://github.com/fox-it/dissect.vmfs/releases/tag/3.9
dissect.volume: 3.10 → 3.11
https://github.com/fox-it/dissect.volume/releases/tag/3.11
dissect.xfs: 3.9 → 3.10
https://github.com/fox-it/dissect.xfs/releases/tag/3.10

Contributors

JSCU-CNI
Assets 2
Loading

Release dissect 3.14

08 May 12:56
@narimantos narimantos
3.14
3da3d70
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Release dissect 3.14

Highlights

New project created:

  • dissect.archive: Adds parsers for various archive and backup formats
    • Support for WIM format (except for split files)

Notable changes:

  • Acquire:
    • Better de-duplication of paths
    • Consistent casing of drive letters in windows acquires
    • You can now target multiple targets!
    • Addtional AnyDesk paths collected
  • dissect.ntfs:
    • Ability to yield MFT segments in specified ranges
  • dissect.target:
    • Uses new flow.record v.3.15
    • Added a layer filesystem that extends the root filesystem
    • Support for TOML in Unix Config Parser
    • target-dump supports namespace plugins
    • Support for Fortinet FW files
    • Catroot plugin refactored and improved
  • flow.record: Changes to the TCP Splunk adapter:
    • type field renamed rdtype
    • Additional internal record fields added:
      • rd__source from _source
      • rd__classification from _classification
      • rd_generated from _generated

Contributors

Thanks to our contributors for making this release possible:

@Bopobopob
@d3dave
@joost-j
@JSCU-CNI
@M1ra1B0T
@MaxGroot
@mnrkbys
@Zawadidone

Full Changelogs

dissect: 3.13 → 3.14
https://github.com/fox-it/dissect/releases/tag/3.14
dissect.archive: ✨1.1
https://github.com/fox-it/dissect.archive/releases/tag/1.1
dissect.btrfs: 1.2 → 1.3
https://github.com/fox-it/dissect.btrfs/releases/tag/1.3
dissect.cim: 3.8 → 3.9
https://github.com/fox-it/dissect.cim/releases/tag/3.9
dissect.clfs: 1.7 → 1.8
https://github.com/fox-it/dissect.clfs/releases/tag/1.8
dissect.cstruct: 3.13 → 3.14
https://github.com/fox-it/dissect.cstruct/releases/tag/3.14
dissect.esedb: 3.12 → 3.13
https://github.com/fox-it/dissect.esedb/releases/tag/3.13
dissect.etl: 3.8 → 3.9
https://github.com/fox-it/dissect.etl/releases/tag/3.9
dissect.eventlog: 3.7 → 3.8
https://github.com/fox-it/dissect.eventlog/releases/tag/3.8
dissect.evidence: 3.8 → 3.9
https://github.com/fox-it/dissect.evidence/releases/tag/3.9
dissect.executable: 1.5 → 1.6
https://github.com/fox-it/dissect.executable/releases/tag/1.6
dissect.extfs: 3.9 → 3.10
https://github.com/fox-it/dissect.extfs/releases/tag/3.10
dissect.fat: 3.8 → 3.9
https://github.com/fox-it/dissect.fat/releases/tag/3.9
dissect.ffs: 3.7 → 3.8
https://github.com/fox-it/dissect.ffs/releases/tag/3.8
dissect.hypervisor: 3.12 → 3.13
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.13
dissect.jffs: 1.1 → 1.2
https://github.com/fox-it/dissect.jffs/releases/tag/1.2
dissect.ntfs: 3.9 → 3.10
https://github.com/fox-it/dissect.ntfs/releases/tag/3.10
dissect.ole: 3.7 → 3.8
https://github.com/fox-it/dissect.ole/releases/tag/3.8
dissect.regf: 3.9 → 3.10
https://github.com/fox-it/dissect.regf/releases/tag/3.10
dissect.shellitem: 3.7 → 3.8
https://github.com/fox-it/dissect.shellitem/releases/tag/3.8
dissect.sql: 3.8 → 3.9
https://github.com/fox-it/dissect.sql/releases/tag/3.9
dissect.squashfs: 1.4 → 1.5
https://github.com/fox-it/dissect.squashfs/releases/tag/1.5
dissect.target: 3.16 → 3.17
https://github.com/fox-it/dissect.target/releases/tag/3.17
dissect.thumbcache: 1.7 → 1.8
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.8
dissect.util: 3.15 → 3.16
https://github.com/fox-it/dissect.util/releases/tag/3.16
dissect.vmfs: 3.7 → 3.8
https://github.com/fox-it/dissect.vmfs/releases/tag/3.8
dissect.volume: 3.9 → 3.10
https://github.com/fox-it/dissect.volume/releases/tag/3.10
dissect.xfs: 3.8 → 3.9
https://github.com/fox-it/dissect.xfs/releases/tag/3.9

Contributors

d3dave, joost-j, and 6 other contributors
Assets 2
Loading

Release dissect 3.13 (#48)

08 Mar 08:58
@pyrco pyrco
3.13
97ced28
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Release dissect 3.13 (#48)

Highlights

New filesystem support

  • vmtar (archive based filesystem)
  • cpio (archive based filesystem)

New plugins

  • Brave browser plugin as apps.browser.brave
  • Docker logs plugin as apps.container.docker.logs
  • Linux locate plugin as os.unix.locate

Plugin improvements

  • The Firefox and Chromium-based browser plugins now support reporting cookie data
  • In absence of configuration files, the IIS plugin wil try to find logs in default directories
  • The Windows Error Report Plugin is made more robust against keys that clash with restricted record names
  • The Windows Defender plugin now properly sets the ts (timestamp) field

Misc changes

  • Windows installations on drive letters other than C:\ are now supported
  • On Linux systems mounts by label are now supported
  • The unified configuration parser now supports JSON, YAML and XML
  • Integrated test runs on Windows in the CI pipeline
  • Support TPM encrypted ESXi "local state" filesystem

Contributors

Thanks to our contributors for making this release possible:

@florisvanstal
@JSCU-CNI
@YoeriNijs
@Zawadidone

Full Changelogs

dissect: 3.12 → 3.13
https://github.com/fox-it/dissect/releases/tag/3.13
dissect.btrfs: 1.1 → 1.2
https://github.com/fox-it/dissect.btrfs/releases/tag/1.2
dissect.cim: 3.7 → 3.8
https://github.com/fox-it/dissect.cim/releases/tag/3.8
dissect.clfs: 1.6 → 1.7
https://github.com/fox-it/dissect.clfs/releases/tag/1.7
dissect.cstruct: 3.12 → 3.13
https://github.com/fox-it/dissect.cstruct/releases/tag/3.13
dissect.esedb: 3.11 → 3.12
https://github.com/fox-it/dissect.esedb/releases/tag/3.12
dissect.etl: 3.7 → 3.8
https://github.com/fox-it/dissect.etl/releases/tag/3.8
dissect.eventlog: 3.6 → 3.7
https://github.com/fox-it/dissect.eventlog/releases/tag/3.7
dissect.evidence: 3.7 → 3.8
https://github.com/fox-it/dissect.evidence/releases/tag/3.8
dissect.executable: 1.4 → 1.5
https://github.com/fox-it/dissect.executable/releases/tag/1.5
dissect.extfs: 3.8 → 3.9
https://github.com/fox-it/dissect.extfs/releases/tag/3.9
dissect.fat: 3.7 → 3.8
https://github.com/fox-it/dissect.fat/releases/tag/3.8
dissect.ffs: 3.6 → 3.7
https://github.com/fox-it/dissect.ffs/releases/tag/3.7
dissect.hypervisor: 3.11 → 3.12
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.12
dissect.jffs: 1.0 → 1.1
https://github.com/fox-it/dissect.jffs/releases/tag/1.1
dissect.ntfs: 3.8 → 3.9
https://github.com/fox-it/dissect.ntfs/releases/tag/3.9
dissect.ole: 3.6 → 3.7
https://github.com/fox-it/dissect.ole/releases/tag/3.7
dissect.regf: 3.8 → 3.9
https://github.com/fox-it/dissect.regf/releases/tag/3.9
dissect.shellitem: 3.6 → 3.7
https://github.com/fox-it/dissect.shellitem/releases/tag/3.7
dissect.sql: 3.7 → 3.8
https://github.com/fox-it/dissect.sql/releases/tag/3.8
dissect.squashfs: 1.3 → 1.4
https://github.com/fox-it/dissect.squashfs/releases/tag/1.4
dissect.target: 3.15 → 3.16
https://github.com/fox-it/dissect.target/releases/tag/3.16
dissect.thumbcache: 1.6 → 1.7
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.7
dissect.util: 3.14 → 3.15
https://github.com/fox-it/dissect.util/releases/tag/3.15
dissect.vmfs: 3.6 → 3.7
https://github.com/fox-it/dissect.vmfs/releases/tag/3.7
dissect.volume: 3.8 → 3.9
https://github.com/fox-it/dissect.volume/releases/tag/3.9
dissect.xfs: 3.7 → 3.8
https://github.com/fox-it/dissect.xfs/releases/tag/3.8

Contributors

YoeriNijs, Zawadidone, and 2 other contributors
Assets 2
Loading

Release dissect 3.12 (#45)

26 Jan 13:45
@pyrco pyrco
3.12
2109b5d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Release dissect 3.12 (#45)

Highlights

New platforms

  • The FortiOS platform is now supported as a Linux sub-OS

New filesystem support

  • jffs is now also available in dissect.target

Filesystem improvements

  • Sparse indirect blocks in ExtFS now work properly
  • Improved parsing of complex ACLs in NTFS

New plugins

  • A PuTTY plugin is added to the apps/ssh section
  • A Citrix Netscaler webserver logs plugin is added to the apps/webservers section
  • A SchedLgU plugin to parse SchedLgU.txt logs is added to the os/windows/log section

Misc changes

  • Speed improvements in reading esedb records
  • Virtual NTFS filesystems are now acquired properly
  • Acquired files from case insensitive filesystems are now correctly de-duplicated
  • Numerous miscellaneous Linux and Windows artifacts are added to acquire to be collected
  • TargetPath now supports Python 3.12 (and as a consequence so does the whole of dissect)
  • The Yara plugin is now supported by using our own pre-build yara-python-wheel pypi repository
  • target-shell now has more cyber
  • fuse3 support is added to target-mount

Contributors

Thanks to our contributors for making this release possible:

@burneykb
@diversenok
@JSCU-CNI
@MaxGroot
@Repsay
@JazzCore
@ydkhatri
@Zawadidone

Full Changelogs

dissect: 3.11 → 3.12
https://github.com/fox-it/dissect/releases/tag/3.12
dissect.btrfs: 💤1.1 (no changes)
https://github.com/fox-it/dissect.btrfs/releases/tag/1.1
dissect.cim: 💤3.7 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.7
dissect.clfs: 💤1.6 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.6
dissect.cstruct: 3.11 → 3.12
https://github.com/fox-it/dissect.cstruct/releases/tag/3.12
dissect.esedb: 3.10 → 3.11
https://github.com/fox-it/dissect.esedb/releases/tag/3.11
dissect.etl: 💤3.7 (no changes)
https://github.com/fox-it/dissect.etl/releases/tag/3.7
dissect.eventlog: 💤3.6 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.6
dissect.evidence: 💤3.7 (no changes)
https://github.com/fox-it/dissect.evidence/releases/tag/3.7
dissect.executable: 💤1.4 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.4
dissect.extfs: 3.7 → 3.8
https://github.com/fox-it/dissect.extfs/releases/tag/3.8
dissect.fat: 💤3.7 (no changes)
https://github.com/fox-it/dissect.fat/releases/tag/3.7
dissect.ffs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ffs/releases/tag/3.6
dissect.hypervisor: 3.10 → 3.11
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.11
dissect.jffs: 💤1.0 (no changes)
https://github.com/fox-it/dissect.jffs/releases/tag/1.0
dissect.ntfs: 3.7 → 3.8
https://github.com/fox-it/dissect.ntfs/releases/tag/3.8
dissect.ole: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.6
dissect.regf: 💤3.8 (no changes)
https://github.com/fox-it/dissect.regf/releases/tag/3.8
dissect.shellitem: 💤3.6 (no changes)
https://github.com/fox-it/dissect.shellitem/releases/tag/3.6
dissect.sql: 💤3.7 (no changes)
https://github.com/fox-it/dissect.sql/releases/tag/3.7
dissect.squashfs: 💤1.3 (no changes)
https://github.com/fox-it/dissect.squashfs/releases/tag/1.3
dissect.target: 3.14 → 3.15
https://github.com/fox-it/dissect.target/releases/tag/3.15
dissect.thumbcache: 💤1.6 (no changes)
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.6
dissect.util: 3.13 → 3.14
https://github.com/fox-it/dissect.util/releases/tag/3.14
dissect.vmfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.vmfs/releases/tag/3.6
dissect.volume: 3.7 → 3.8
https://github.com/fox-it/dissect.volume/releases/tag/3.8
dissect.xfs: 3.6 → 3.7
https://github.com/fox-it/dissect.xfs/releases/tag/3.7

Contributors

JazzCore, burneykb, and 6 other contributors
Assets 2
Loading

Release dissect 3.11 (#41)

18 Dec 12:54
@pyrco pyrco
3.11
2b5d9a6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release dissect 3.11 (#41)

Highlights

New filesystem support

  • btrfs
  • jffs (not yet available in dissect.target)

Improved plugins

  • Unix acitivity robustness
  • Windows CIM (consumerbindings) database robustness
  • Windows MRUList robustness
  • Windows teamviewer robustness in datetime parsing
  • Windows iexplore.downloads robustness
  • sshd.config proper config parsing of multiple values for the same key
  • walkfs now walks the target's root filesystem instead of all the separate filesystems

Misc changes

  • Most unit tests should now also run on windows
  • Improved output for the --hash option of target-query
  • Previously detected but unmounted filesystems are now mounted under $fs$/fs<idx>
  • Improved support for Alpine Linux
  • target-shell deals better with unicode characters in path and file names

Contributors

Thanks to our contributors for making this release possible:

@JSCU-CNI
@Paradoxis
@Zawadidone

Full Changelogs

dissect: 3.10 → 3.11
https://github.com/fox-it/dissect/releases/tag/3.11
dissect.btrfs: ✨1.1
https://github.com/fox-it/dissect.btrfs/releases/tag/1.1
dissect.cim: 💤3.7 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.7
dissect.clfs: 💤1.6 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.6
dissect.cstruct: 3.10 → 3.11
https://github.com/fox-it/dissect.cstruct/releases/tag/3.11
dissect.esedb: 3.9 → 3.10
https://github.com/fox-it/dissect.esedb/releases/tag/3.10
dissect.etl: 💤3.7 (no changes)
https://github.com/fox-it/dissect.etl/releases/tag/3.7
dissect.eventlog: 💤3.6 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.6
dissect.evidence: 💤3.7 (no changes)
https://github.com/fox-it/dissect.evidence/releases/tag/3.7
dissect.executable: 💤1.4 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.4
dissect.extfs: 3.6 → 3.7
https://github.com/fox-it/dissect.extfs/releases/tag/3.7
dissect.fat: 💤3.7 (no changes)
https://github.com/fox-it/dissect.fat/releases/tag/3.7
dissect.ffs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ffs/releases/tag/3.6
dissect.hypervisor: 💤3.10 (no changes)
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.10
dissect.jffs: ✨1.0
https://github.com/fox-it/dissect.jffs/releases/tag/1.0
dissect.ntfs: 💤3.7 (no changes)
https://github.com/fox-it/dissect.ntfs/releases/tag/3.7
dissect.ole: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.6
dissect.regf: 💤3.8 (no changes)
https://github.com/fox-it/dissect.regf/releases/tag/3.8
dissect.shellitem: 💤3.6 (no changes)
https://github.com/fox-it/dissect.shellitem/releases/tag/3.6
dissect.sql: 💤3.7 (no changes)
https://github.com/fox-it/dissect.sql/releases/tag/3.7
dissect.squashfs: 💤1.3 (no changes)
https://github.com/fox-it/dissect.squashfs/releases/tag/1.3
dissect.target: 3.13 → 3.14
https://github.com/fox-it/dissect.target/releases/tag/3.14
dissect.thumbcache: 💤1.6 (no changes)
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.6
dissect.util: 3.12 → 3.13
https://github.com/fox-it/dissect.util/releases/tag/3.13
dissect.vmfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.vmfs/releases/tag/3.6
dissect.volume: 💤3.7 (no changes)
https://github.com/fox-it/dissect.volume/releases/tag/3.7
dissect.xfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.xfs/releases/tag/3.6

Contributors

Paradoxis, Zawadidone, and JSCU-CNI
Assets 2
Loading

Release dissect 3.10 (#39)

08 Nov 14:50
@pyrco pyrco
3.10
515c2e0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release dissect 3.10 (#39)

Highlights

Misc Changes

  • target-info is made more robust against missing information in a target.
  • A unified configuration parser to parse configuration files is added. For now it parses:
    • .ini files,
    • files with key<separator>value entries,
    • plain text files (like shell scripts as configuration),
    • systemd type configuration files,
    • ssh(d) type configuration files.
  • target-shell on unix type systems got a registry command, which will use the etc plugin which builds on top of the unified configuration parser.
  • target-query got a --dry-run option to show which functions (specified by -f) would have been executed on a target.
  • target-query got a -xf option to exclude functions sepcified by -f. This is useful to exclude certain functions when wildcards are used in the -f option.
  • The --hash option of target-query is fixed, as it was broken after last release.

New loaders

  • Open Virtual Appliance (OVA) files.

New volumes

  • LUKS v2 volumes are now supported.
  • DDF (Disk Data Format, the RAID disk format used by for Dell systems) volumes are now supported.

New Plugins

  • An etc plugin is added for unix type systems which uses the unified configuration parser.

Updated Plugins

  • The wireguard plugin is more robust against missing data in configuration files, which can happen on Windows systems.
  • The linux _os plugin now supports /dev/disk/by-uuid fstab entries.

Contributors

Thanks to our contributors for making this release possible:

@JSCU-CNI

Full Changelogs

dissect: 3.9 → 3.10
https://github.com/fox-it/dissect/releases/tag/3.10
dissect.cim: 💤3.7 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.7
dissect.clfs: 💤1.6 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.6
dissect.cstruct: 💤3.10 (no changes)
https://github.com/fox-it/dissect.cstruct/releases/tag/3.10
dissect.esedb: 💤3.9 (no changes)
https://github.com/fox-it/dissect.esedb/releases/tag/3.9
dissect.etl: 💤3.7 (no changes)
https://github.com/fox-it/dissect.etl/releases/tag/3.7
dissect.eventlog: 💤3.6 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.6
dissect.evidence: 💤3.7 (no changes)
https://github.com/fox-it/dissect.evidence/releases/tag/3.7
dissect.executable: 💤1.4 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.4
dissect.extfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.extfs/releases/tag/3.6
dissect.fat: 3.6 → 3.7
https://github.com/fox-it/dissect.fat/releases/tag/3.7
dissect.ffs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ffs/releases/tag/3.6
dissect.hypervisor: 3.9 → 3.10
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.10
dissect.ntfs: 💤3.7 (no changes)
https://github.com/fox-it/dissect.ntfs/releases/tag/3.7
dissect.ole: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.6
dissect.regf: 3.7 → 3.8
https://github.com/fox-it/dissect.regf/releases/tag/3.8
dissect.shellitem: 💤3.6 (no changes)
https://github.com/fox-it/dissect.shellitem/releases/tag/3.6
dissect.sql: 3.6 → 3.7
https://github.com/fox-it/dissect.sql/releases/tag/3.7
dissect.squashfs: 💤1.3 (no changes)
https://github.com/fox-it/dissect.squashfs/releases/tag/1.3
dissect.target: 3.12 → 3.13
https://github.com/fox-it/dissect.target/releases/tag/3.13
dissect.thumbcache: 💤1.6 (no changes)
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.6
dissect.util: 3.11 → 3.12
https://github.com/fox-it/dissect.util/releases/tag/3.12
dissect.vmfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.vmfs/releases/tag/3.6
dissect.volume: 💤3.7 (no changes)
https://github.com/fox-it/dissect.volume/releases/tag/3.7
dissect.xfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.xfs/releases/tag/3.6

Contributors

JSCU-CNI
Assets 2
Loading

Release dissect 3.9 (#38)

26 Sep 15:19
@pyrco pyrco
3.9
5411f06
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release dissect 3.9 (#38)

Highlights

Misc changes:

  • dissect.cstruct has a new and vastly improved expression parser
  • Support for various RAID formats and LVM variants
  • Volatile directories are now mounted when running on a local target
  • Add support for decrypting and using System DPAPI secrets on Windows

New loaders:

  • Add a new SMB loader and filesystem to use an SMB share as target

New plugins:

  • cPanel lastlogin files
  • Symantic Secure Endpoint
  • Windows 10 notifications from appdb.dat file
  • multiple plugins for volatile Linux artifacts (sockets, processes)
  • Linux modules and lsmod plugin

Updated plugins

  • IPv6 adresses in UTMP logs are now interpreted correctly
  • ufw firewall configuration support added to the Linux firewall plugin

Acquire changes:

  • Add collection of OSX DHCP settings and application's Info.plist paths
  • Improved collection of Linux volatile paths (/proc & /sys)
  • Add collection of paths related to Windows memoy
  • IIS artefacts are now collected by default in the "full" profile

Contributors

Thanks to our contributors for making this release possible:

@0x49736b
@cobyge
@idem-s1n
@JSCU-CNI
@OlafHaalstra
@Paradoxis
@RGlintmeijer
@sMezaOrellana
@Zawadidone

Full Changelogs

dissect: 3.8.1 → 3.9
https://github.com/fox-it/dissect/releases/tag/3.9
dissect.cim: 💤3.7 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.7
dissect.clfs: 💤1.6 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.6
dissect.cstruct: 3.9 → 3.10
https://github.com/fox-it/dissect.cstruct/releases/tag/3.10
dissect.esedb: 3.8 → 3.9
https://github.com/fox-it/dissect.esedb/releases/tag/3.9
dissect.etl: 💤3.7 (no changes)
https://github.com/fox-it/dissect.etl/releases/tag/3.7
dissect.eventlog: 💤3.6 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.6
dissect.evidence: 3.6 → 3.7
https://github.com/fox-it/dissect.evidence/releases/tag/3.7
dissect.executable: 💤1.4 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.4
dissect.extfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.extfs/releases/tag/3.6
dissect.fat: 💤3.6 (no changes)
https://github.com/fox-it/dissect.fat/releases/tag/3.6
dissect.ffs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ffs/releases/tag/3.6
dissect.hypervisor: 3.8 → 3.9
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.9
dissect.ntfs: 💤3.7 (no changes)
https://github.com/fox-it/dissect.ntfs/releases/tag/3.7
dissect.ole: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.6
dissect.regf: 💤3.7 (no changes)
https://github.com/fox-it/dissect.regf/releases/tag/3.7
dissect.shellitem: 💤3.6 (no changes)
https://github.com/fox-it/dissect.shellitem/releases/tag/3.6
dissect.sql: 💤3.6 (no changes)
https://github.com/fox-it/dissect.sql/releases/tag/3.6
dissect.squashfs: 💤1.3 (no changes)
https://github.com/fox-it/dissect.squashfs/releases/tag/1.3
dissect.target: 3.11.1 → 3.12
https://github.com/fox-it/dissect.target/releases/tag/3.12
dissect.thumbcache: 1.5 → 1.6
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.6
dissect.util: 3.10 → 3.11
https://github.com/fox-it/dissect.util/releases/tag/3.11
dissect.vmfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.vmfs/releases/tag/3.6
dissect.volume: 3.6 → 3.7
https://github.com/fox-it/dissect.volume/releases/tag/3.7
dissect.xfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.xfs/releases/tag/3.6

Contributors

OlafHaalstra, Paradoxis, and 7 other contributors
Assets 2
Loading

Release dissect 3.8.1

14 Aug 14:58
@Miauwkeru Miauwkeru
3.8.1
6320ef1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release dissect 3.8.1

Highlights

  • Fixed issue in registry plugin where the root key could not be fetched, which impacted the regf plugin and target-regf.
  • Add a OSPlugin for citrix netscalers

Full Changelogs

dissect: 3.8 → 3.8.1
https://github.com/fox-it/dissect/releases/tag/3.8.1
dissect.cim: 💤3.7 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.7
dissect.clfs: 💤1.6 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.6
dissect.cstruct: 💤3.9 (no changes)
https://github.com/fox-it/dissect.cstruct/releases/tag/3.9
dissect.esedb: 💤3.8 (no changes)
https://github.com/fox-it/dissect.esedb/releases/tag/3.8
dissect.etl: 💤3.7 (no changes)
https://github.com/fox-it/dissect.etl/releases/tag/3.7
dissect.eventlog: 💤3.6 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.6
dissect.evidence: 💤3.6 (no changes)
https://github.com/fox-it/dissect.evidence/releases/tag/3.6
dissect.executable: 💤1.4 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.4
dissect.extfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.extfs/releases/tag/3.6
dissect.fat: 💤3.6 (no changes)
https://github.com/fox-it/dissect.fat/releases/tag/3.6
dissect.ffs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ffs/releases/tag/3.6
dissect.hypervisor: 💤3.8 (no changes)
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.8
dissect.ntfs: 💤3.7 (no changes)
https://github.com/fox-it/dissect.ntfs/releases/tag/3.7
dissect.ole: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.6
dissect.regf: 💤3.7 (no changes)
https://github.com/fox-it/dissect.regf/releases/tag/3.7
dissect.shellitem: 💤3.6 (no changes)
https://github.com/fox-it/dissect.shellitem/releases/tag/3.6
dissect.sql: 💤3.6 (no changes)
https://github.com/fox-it/dissect.sql/releases/tag/3.6
dissect.squashfs: 💤1.3 (no changes)
https://github.com/fox-it/dissect.squashfs/releases/tag/1.3
dissect.target: 3.11 → 3.11.1
https://github.com/fox-it/dissect.target/releases/tag/3.11.1
dissect.thumbcache: 💤1.5 (no changes)
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.5
dissect.util: 💤3.10 (no changes)
https://github.com/fox-it/dissect.util/releases/tag/3.10
dissect.vmfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.vmfs/releases/tag/3.6
dissect.volume: 💤3.6 (no changes)
https://github.com/fox-it/dissect.volume/releases/tag/3.6
dissect.xfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.xfs/releases/tag/3.6

Assets 2
Loading

Release dissect 3.8

10 Aug 12:52
@Miauwkeru Miauwkeru
3.8
c8483bc
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release dissect 3.8

Highlights

New plugins:

  • Generic:
    - OpenVPN configuration plugin for client and server configuration
  • OSX:
    - User plugin, which shows all the users on osx machines
    - IPs plugin, allows the ips to work on osx targets

Updated plugins:

  • ETL: Now decompresses compressed buffers
  • Unix services: Improved the systemd service parsing

Loader:

  • DirLoader: functions with directories made using acquire
  • MultiRawLoader: Allows you to load multiple disks into one target.
    This has to be a + separated string containing absolute or relative path to the disks. (/path/to/disk1+/path/to/disk2)

Misc changes/fixes:

  • Target-shell
    • Use enter <path> to open a target inside of another target.
    • No duplicate files when saving a directory using the save command.
  • Registry improvements: Allows for globbing through the windows registry

Contributors

Thanks to our contributors for making this release possible:

@cobyge
@nrhtr
@JSCU-CNI
@sMezaOrellana
@sulonl
@Zawadidone

Full Changelogs

dissect: 3.7 → 3.8
https://github.com/fox-it/dissect/releases/tag/3.8
dissect.cim: 💤3.7 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.7
dissect.clfs: 💤1.6 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.6
dissect.cstruct: 3.8 → 3.9
https://github.com/fox-it/dissect.cstruct/releases/tag/3.9
dissect.esedb: 💤3.8 (no changes)
https://github.com/fox-it/dissect.esedb/releases/tag/3.8
dissect.etl: 3.6 → 3.7
https://github.com/fox-it/dissect.etl/releases/tag/3.7
dissect.eventlog: 💤3.6 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.6
dissect.evidence: 💤3.6 (no changes)
https://github.com/fox-it/dissect.evidence/releases/tag/3.6
dissect.executable: 💤1.4 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.4
dissect.extfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.extfs/releases/tag/3.6
dissect.fat: 💤3.6 (no changes)
https://github.com/fox-it/dissect.fat/releases/tag/3.6
dissect.ffs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ffs/releases/tag/3.6
dissect.hypervisor: 💤3.8 (no changes)
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.8
dissect.ntfs: 3.6 → 3.7
https://github.com/fox-it/dissect.ntfs/releases/tag/3.7
dissect.ole: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.6
dissect.regf: 3.6 → 3.7
https://github.com/fox-it/dissect.regf/releases/tag/3.7
dissect.shellitem: 💤3.6 (no changes)
https://github.com/fox-it/dissect.shellitem/releases/tag/3.6
dissect.sql: 💤3.6 (no changes)
https://github.com/fox-it/dissect.sql/releases/tag/3.6
dissect.squashfs: 💤1.3 (no changes)
https://github.com/fox-it/dissect.squashfs/releases/tag/1.3
dissect.target: 3.10 → 3.11
https://github.com/fox-it/dissect.target/releases/tag/3.11
dissect.thumbcache: 💤1.5 (no changes)
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.5
dissect.util: 3.9 → 3.10
https://github.com/fox-it/dissect.util/releases/tag/3.10
dissect.vmfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.vmfs/releases/tag/3.6
dissect.volume: 💤3.6 (no changes)
https://github.com/fox-it/dissect.volume/releases/tag/3.6
dissect.xfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.xfs/releases/tag/3.6

Contributors

nrhtr, cobyge, and 4 other contributors
Assets 2
Loading

Release dissect 3.7 (#33)

06 Jul 09:29
@pyrco pyrco
3.7
b165378
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release dissect 3.7 (#33)

Highlights

  • Windows plugin additions and improvements:
    • at.exe jobs are now emitted by the tasks plugin.
    • Tasks from AD Group Policy Objects are now emitted by the tasks plugin.
      • Tasks within a ScheduledTask.xml file are not parsed when nested in a <ScheduledTask> element. This will be supported in the next release.
    • A new AppX debug information plugin appxdebugkeys is added.
    • The Windows defender plugin can now also emit exclusions.
    • amcache now returns the proper arp created install records.
    • A new shophos plugin supporting Sophos Home and Sophos Hitman has been added.
  • Linux plugin additions and improvements:
    • A new systemd journal plugin is added.
  • Loader additions and improvements:
    • The LogLoader can now handle IIS logs.
  • Misc improvements:
    • Cleaner handling of KeyboardInterrups and OSErrors in the various target tools.
    • Compatibility for TargetPath and FilesystemEntry with Python 3.11.4.
    • The LZO decompressor now handles bitstream compressed data properly.
    • target-info now handles time zones properly for older Windows versions.

Contributors

Thanks to our contributors for making this release possible:

@cobyge
@JSCU-CNI
@Zawadidone

Full Changelogs

dissect: 3.6 → 3.7
https://github.com/fox-it/dissect/releases/tag/3.7
dissect.cim: 3.6 → 3.7
https://github.com/fox-it/dissect.cim/releases/tag/3.7
dissect.clfs: 1.5 → 1.6
https://github.com/fox-it/dissect.clfs/releases/tag/1.6
dissect.cstruct: 3.7 → 3.8
https://github.com/fox-it/dissect.cstruct/releases/tag/3.8
dissect.esedb: 3.7 → 3.8
https://github.com/fox-it/dissect.esedb/releases/tag/3.8
dissect.etl: 3.5 → 3.6
https://github.com/fox-it/dissect.etl/releases/tag/3.6
dissect.eventlog: 3.5 → 3.6
https://github.com/fox-it/dissect.eventlog/releases/tag/3.6
dissect.evidence: 3.5 → 3.6
https://github.com/fox-it/dissect.evidence/releases/tag/3.6
dissect.executable: 1.3 → 1.4
https://github.com/fox-it/dissect.executable/releases/tag/1.4
dissect.extfs: 3.5 → 3.6
https://github.com/fox-it/dissect.extfs/releases/tag/3.6
dissect.fat: 3.5 → 3.6
https://github.com/fox-it/dissect.fat/releases/tag/3.6
dissect.ffs: 3.5 → 3.6
https://github.com/fox-it/dissect.ffs/releases/tag/3.6
dissect.hypervisor: 3.7 → 3.8
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.8
dissect.ntfs: 3.5 → 3.6
https://github.com/fox-it/dissect.ntfs/releases/tag/3.6
dissect.ole: 3.5 → 3.6
https://github.com/fox-it/dissect.ole/releases/tag/3.6
dissect.regf: 3.5 → 3.6
https://github.com/fox-it/dissect.regf/releases/tag/3.6
dissect.shellitem: 3.5 → 3.6
https://github.com/fox-it/dissect.shellitem/releases/tag/3.6
dissect.sql: 3.5 → 3.6
https://github.com/fox-it/dissect.sql/releases/tag/3.6
dissect.squashfs: 1.2 → 1.3
https://github.com/fox-it/dissect.squashfs/releases/tag/1.3
dissect.target: 3.9 → 3.10
https://github.com/fox-it/dissect.target/releases/tag/3.10
dissect.thumbcache: 1.4 → 1.5
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.5
dissect.util: 3.8 → 3.9
https://github.com/fox-it/dissect.util/releases/tag/3.9
dissect.vmfs: 3.5 → 3.6
https://github.com/fox-it/dissect.vmfs/releases/tag/3.6
dissect.volume: 3.5 → 3.6
https://github.com/fox-it/dissect.volume/releases/tag/3.6
dissect.xfs: 3.5 → 3.6
https://github.com/fox-it/dissect.xfs/releases/tag/3.6

Contributors

cobyge, Zawadidone, and JSCU-CNI
Assets 2
Loading