3.5

pyrco released this 24 Mar 15:03

· 25 commits to main since this release

Highlights

New plugins for parsing:
- Trend Micro Worry-Free AV and firewall logs
- McAfee AV and firewall logs (SQLite)
- Apt, yum and zypper package manager files
- NGINX, Apache and Caddy webserver logs
- Open handles acquired from Windows systems
Updated/improved plugins for:
- Extended zsh history files
- IP adresses on Unix systems
- the Unix audit.log plugin
- the SSH plugin now also exports public keys and outputs more information on private keys
Updated/improved loaders:
- Support for older type Hyper-V hypervisor configuration files
- Support UsnJrnl and Volume Shadow Copy's in the Velociraptor loader
- iTunes backup files
Add zcat & zless commands to target-shell, these commands will transparently decompress gzip and bzip2 compressed files.
target-shell properly displays alternate datastreams again.
A new tool target-info was added, which quickly displays some useful information about the target specified
Support for NTFS reparse points
Acquire was extended to also acquire:
- Windows PCA files
- Linux /proc and /sys filesystems
- McAfee SQLite AV and firewall logs

Contributors

Thanks to our contributors for making this release possible:

@JSCU-CNI
@MrYoranimo
@Zawadidone

Full Changelogs

dissect: 3.4 → 3.5
https://github.com/fox-it/dissect/releases/tag/3.5
dissect.cim: 3.4 → 3.5
https://github.com/fox-it/dissect.cim/releases/tag/3.5
dissect.clfs: 1.3 → 1.4
https://github.com/fox-it/dissect.clfs/releases/tag/1.4
dissect.cstruct: 3.5 → 3.6
https://github.com/fox-it/dissect.cstruct/releases/tag/3.6
dissect.esedb: 3.5 → 3.6
https://github.com/fox-it/dissect.esedb/releases/tag/3.6
dissect.etl: 3.3 → 3.4
https://github.com/fox-it/dissect.etl/releases/tag/3.4
dissect.eventlog: 3.3 → 3.4
https://github.com/fox-it/dissect.eventlog/releases/tag/3.4
dissect.evidence: 3.3 → 3.4
https://github.com/fox-it/dissect.evidence/releases/tag/3.4
dissect.executable: 1.1 → 1.2
https://github.com/fox-it/dissect.executable/releases/tag/1.2
dissect.extfs: 3.3 → 3.4
https://github.com/fox-it/dissect.extfs/releases/tag/3.4
dissect.fat: 3.3 → 3.4
https://github.com/fox-it/dissect.fat/releases/tag/3.4
dissect.ffs: 3.3 → 3.4
https://github.com/fox-it/dissect.ffs/releases/tag/3.4
dissect.hypervisor: 3.5 → 3.6
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.6
dissect.ntfs: 3.3 → 3.4
https://github.com/fox-it/dissect.ntfs/releases/tag/3.4
dissect.ole: 3.3 → 3.4
https://github.com/fox-it/dissect.ole/releases/tag/3.4
dissect.regf: 3.3 → 3.4
https://github.com/fox-it/dissect.regf/releases/tag/3.4
dissect.shellitem: 3.3 → 3.4
https://github.com/fox-it/dissect.shellitem/releases/tag/3.4
dissect.sql: 3.3 → 3.4
https://github.com/fox-it/dissect.sql/releases/tag/3.4
dissect.squashfs: 1.0 → 1.1
https://github.com/fox-it/dissect.squashfs/releases/tag/1.1
dissect.target: 3.7 → 3.8
https://github.com/fox-it/dissect.target/releases/tag/3.8
dissect.thumbcache: 1.2 → 1.3
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.3
dissect.util: 3.6 → 3.7
https://github.com/fox-it/dissect.util/releases/tag/3.7
dissect.vmfs: 3.3 → 3.4
https://github.com/fox-it/dissect.vmfs/releases/tag/3.4
dissect.volume: 3.3 → 3.4
https://github.com/fox-it/dissect.volume/releases/tag/3.4
dissect.xfs: 3.3 → 3.4
https://github.com/fox-it/dissect.xfs/releases/tag/3.4

Contributors

MrYoranimo, Zawadidone, and JSCU-CNI

Assets 3