Skip to content

@orlikoski orlikoski released this Apr 26, 2019

What's New

  • Removed plaso version compatibility check
  • Added log file names for new Plaso log files
  • Changed processing view mode to None
  • Changed MFT and USNJRNL processing options
    • Removed from win parser default
    • Added --mft and --usnjrnl flags to use with win parser
    • Created mft_usnjrnl parser that only does those things
  • Added Plaso pass through for
    • artifact_filters_file
    • artifact_filters
    • artifact_definitions
    • custom_artifact_definitions
  • Made processing archives disabled by default
  • Updating README
  • Updated Version number
  • Updated Docker build for 5.0
  • Updated Helper script for 5.0
  • Source code formatting updates
Assets 3
You can’t perform that action at this time.