Release dissect 3.9 (#38)

pyrco released this 26 Sep 15:19

· 15 commits to main since this release

Highlights

Misc changes:

dissect.cstruct has a new and vastly improved expression parser
Support for various RAID formats and LVM variants
Volatile directories are now mounted when running on a local target
Add support for decrypting and using System DPAPI secrets on Windows

New loaders:

Add a new SMB loader and filesystem to use an SMB share as target

New plugins:

cPanel lastlogin files
Symantic Secure Endpoint
Windows 10 notifications from appdb.dat file
multiple plugins for volatile Linux artifacts (sockets, processes)
Linux modules and lsmod plugin

Updated plugins

IPv6 adresses in UTMP logs are now interpreted correctly
ufw firewall configuration support added to the Linux firewall plugin

Acquire changes:

Add collection of OSX DHCP settings and application's Info.plist paths
Improved collection of Linux volatile paths (/proc & /sys)
Add collection of paths related to Windows memoy
IIS artefacts are now collected by default in the "full" profile

Contributors

Thanks to our contributors for making this release possible:

@0x49736b
@cobyge
@idem-s1n
@JSCU-CNI
@OlafHaalstra
@Paradoxis
@RGlintmeijer
@sMezaOrellana
@Zawadidone

Full Changelogs

dissect: 3.8.1 → 3.9
https://github.com/fox-it/dissect/releases/tag/3.9
dissect.cim: 💤3.7 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.7
dissect.clfs: 💤1.6 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.6
dissect.cstruct: 3.9 → 3.10
https://github.com/fox-it/dissect.cstruct/releases/tag/3.10
dissect.esedb: 3.8 → 3.9
https://github.com/fox-it/dissect.esedb/releases/tag/3.9
dissect.etl: 💤3.7 (no changes)
https://github.com/fox-it/dissect.etl/releases/tag/3.7
dissect.eventlog: 💤3.6 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.6
dissect.evidence: 3.6 → 3.7
https://github.com/fox-it/dissect.evidence/releases/tag/3.7
dissect.executable: 💤1.4 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.4
dissect.extfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.extfs/releases/tag/3.6
dissect.fat: 💤3.6 (no changes)
https://github.com/fox-it/dissect.fat/releases/tag/3.6
dissect.ffs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ffs/releases/tag/3.6
dissect.hypervisor: 3.8 → 3.9
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.9
dissect.ntfs: 💤3.7 (no changes)
https://github.com/fox-it/dissect.ntfs/releases/tag/3.7
dissect.ole: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.6
dissect.regf: 💤3.7 (no changes)
https://github.com/fox-it/dissect.regf/releases/tag/3.7
dissect.shellitem: 💤3.6 (no changes)
https://github.com/fox-it/dissect.shellitem/releases/tag/3.6
dissect.sql: 💤3.6 (no changes)
https://github.com/fox-it/dissect.sql/releases/tag/3.6
dissect.squashfs: 💤1.3 (no changes)
https://github.com/fox-it/dissect.squashfs/releases/tag/1.3
dissect.target: 3.11.1 → 3.12
https://github.com/fox-it/dissect.target/releases/tag/3.12
dissect.thumbcache: 1.5 → 1.6
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.6
dissect.util: 3.10 → 3.11
https://github.com/fox-it/dissect.util/releases/tag/3.11
dissect.vmfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.vmfs/releases/tag/3.6
dissect.volume: 3.6 → 3.7
https://github.com/fox-it/dissect.volume/releases/tag/3.7
dissect.xfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.xfs/releases/tag/3.6

Contributors

OlafHaalstra, Paradoxis, and 7 other contributors

Assets 2