-
Notifications
You must be signed in to change notification settings - Fork 22
/
ChangeLog
192 lines (118 loc) · 8.48 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
2015-01-21 <a.nelson@prometheuscomputing.com>
* Python: Prevent accidental error conditions on missing a Python 3 version.
2015-01-20 <a.nelson@prometheuscomputing.com>
* Objects.py: Fix extraction of fill bytes.
2015-01-13 <a.nelson@prometheuscomputing.com>
* Objects.py: Add FileObject.is_allocated().
2014-10-16 <a.nelson@prometheuscomputing.com>
* make_differential_dfxml.py: Fix configuration parameter usage.
* Objects.py: Define RegXML properties; add 'filename' to FileObject property functions.
2014-09-29 <a.nelson@prometheuscomputing.com>
* Unit tests: Fix test using an openssl call.
2014-09-19 <a.nelson@prometheuscomputing.com>
* Objects.py: Allow iterparse() to run a user-specified Fiwalk build.
2014-09-16 <a.nelson@prometheuscomputing.com>
* Objects.py: Add interface for interacting with external-namespace elements (e.g. antivirus scans per file, slackspace statistics per volume).
2014-08-21 <a.nelson@prometheuscomputing.com>
* python: Restore Python-choosing mechanism for OS X.
2014-08-18 <a.nelson@prometheuscomputing.com>
* Objects.py: Implement RegXML objects and differencing mechanisms. Add unit tests.
* python: Correct some issues with unit tests.
2014-06-04 <a.nelson@prometheuscomputing.com>
* hash_sectors.py: Add optional tail padding.
2014-05-07 <a.nelson@prometheuscomputing.com>
* Objects.py: Corrected buffering return rate for "fill" byte runs.
2014-04-17 <a.nelson@prometheuscomputing.com>
* Demos: Added a new demonstration program showing construction of a MACCr timeline with the Objects interface. Unit tests updated.
* Objects.py: Updated documentation.
2014-03-07 <a.nelson@prometheuscomputing.com>
* Objects.py: API change - switched "meta" byte run facet to "inode", keeping in line with "alloc_inode". Unit tests updated.
2014-03-06 <a.nelson@prometheuscomputing.com>
* Objects.py: Created. New object-oriented bindings for DFXML. Primary usage difference is better in-memory manipulation, including entire DFXML document creation without using a DFXML file; property getters and setters, instead of function calls; and a different approach to serializers and de-serializers from DFXML files.
* make_differential_dfxml.py: Created. Revised approach to taking differences of disk images. Creates a differential DFXML file, or an in-memory DFXML Object if imported as a library.
* summarize_differential_dfxml.py: Created. Reports on disk image differences, as previously done by idifference.py.
* idifference2.py: Created. A re-implementation of idifference.py, using the new Object bindings, make_differential_dfxml.py, and summarize_differential_dfxml.py.
* Differential analysis scripts: Created allocation_counter.py, break_out_diffs_by_anno.py, report_silent_changes.py
* cat_partitions.py: Created. Concatenates single-partition DFXML files into one DFXML file.
* hash_sectors.py: Created. Hashes sectors of files, storing output in a SQLite database.
* Extractor.py: Created. Library for general file extraction from a disk image. A more modular iextract.py.
* Makefile: Unit tests added.
* test_Objects: Created. Unit test directory for new Object bindings.
* samples: More DFXML samples added for differencing tests.
* Logging: Modules using the logging module now report the file that contained the call to each log message. Previously, all calls were done with the 'root' logger.
* dfxml_tool.py: Unit test now runs on a smaller directory tree.
* idifference.py: Corrected a counting bug.
* dfxml.py: Time objects can now be instantiated from floats.
* dfxml.py: Allocation can now be parsed at a more granular level - inode and name, instead of simply "allocated."
* dfxml.py: DFXML files with "original_fileobject" elements attached to fileobject elements can now be parsed.
2013-11-02 <a.nelson@prometheuscomputing.com>
* idifference.py: Imported null-variable tests, and corrected a variable reference, to help idifference to be used as a module
* idifference.py: Imported extra, granular counters on disk state changes
2013-11-01 <a.nelson@prometheuscomputing.com>
* cat_fileobjects.py: Allow for differential DFXML repeating
* Unit tests: Adjusted cleanup, and tested differential DFXML repeating
2013-10-24 <a.nelson@prometheuscomputing.com>
* dfxml.py: Add null-argument test on content_for_run
* dfxml.py: Add image reference to iterative reader
* idifference.py: Promote delta namespace to DFXML library
2013-09-19 <a.nelson@prometheuscomputing.com>
* idifference: Remove redundant, faulty annotation attempt
2013-09-18 <a.nelson@prometheuscomputing.com>
* Python: Run timeline test on differencing input XML; add hand-validated line count check
* fiwalk.py: Correct Fiwalk fallback call
2013-09-17 <a.nelson@prometheuscomputing.com>
* dfxml: Add an ElementTree tostring() function wrapper that removes redundant namespace declarations, with unit tests for new regular expression
* idifference: Update unit tests to include vetted count of fileobjects generated
* idifference: Correct a fileobject counting bug (where a counter reset was forgotten)
* idifference, icat: Add some XML namespace handling logic, found necessary but missed until the last unit test updates
* cat_fileobjects.py: Add debug flag
2013-09-13 <a.nelson@prometheuscomputing.com>
* idifference.py: Switch XML namespace for differencing to forensicswiki page
2013-09-12 <a.nelson@prometheuscomputing.com>
* idifference.py: Adjust XML output, along with sample data, to validate against DFXML schema (v1.1.0rfc0; at least, everything except the differential annotations not yet in the schema validates)
2013-08-15 <a.nelson@prometheuscomputing.com>
* Regression testing: Make demo_mac_timeline.py into regression check
* dfxml.py: Add iterative interface for fileobjects
* Regression testing: Add iterative version of demo_mac_timeline.py
* Python: Add demo program for repeating fileobject with XML Python objects
* idifference.py: Have idifference.py --xml generate DFXML with differential annotations
* idifference.py: Add test for XML output of idifference
2013-08-13 <a.nelson@prometheuscomputing.com>
* idifference.py: Remove requirement for a fileobject's partition to be defined
2013-06-24 <a.nelson@prometheuscomputing.com>
* fiwalk.py: Give standalone usage slightly nicer error handling
2013-06-21 <a.nelson@prometheuscomputing.com>
* dfxml_tool.py: Assign a version to this script (as it works pretty well now, I chose "1.0.0") - necessary for some provenance information
* dfxml_tool.py: Optionally include provenance information (similar to Fiwalk)
* dfxml_tool.py: Clean file-not-found error output (found on broken symlinks)
* Python: Add 'make check' invocation for unit tests
2013-06-12 <a.nelson@prometheuscomputing.com>
* dfxml_tool.py: Report file creation and metadata-change time, when available
* dfxml_tool.py: Optionally output file system timestamps in ISO-8601
* dfxml_tool.py: Optionally include directories in output listing
* dfxml_tool.py: Include additional file metadata (partition and inode numbers)
* dfxml_tool.py: Add alternative filename simplifier
2013-06-11 <a.nelson@prometheuscomputing.com>
* dfxml_tool.py: Report file read failures
2013-05-28 <a.nelson@prometheuscomputing.com>
* python: Integrated three changesets from end of 2012
* dfxml.py, rdifference.py: Change interface of RegXML cell type
* dfxml.py: Revise method of hashing data of Registry "value" cells
* dfxml.py: Trim superfluous code
2013-04-23 <a.nelson@prometheuscomputing.com>
* idifference.py: Relax input name requirements; passing a ".dfxml" file silently failed.
2013-04-08 <a.nelson@prometheuscomputing.com>
* dfxml_tool.py (class fileobject): add filename simplifier
2012-12-18 <ajnelson@cs.ucsc.edu>
* dfxml.py (class fileobject): correct file extraction in Python 3
2012-12-17 <ajnelson@cs.ucsc.edu>
* dfxml.py (class dftime): add parser and tests for email timestamp format
* dfxml.py (class fileobject): correct 'allocation' interpretation
2012-11-24 <ajnelson@cs.ucsc.edu>
* dfxml.py (class byte_runs): change comparator methods (Python 3 doesn't use __cmp__)
2012-10-31 <simsong@ncr.nps.edu>
* deidentify_xml.py (xml_sanitizer._start_element): fixed problem quoting attributes
2012-04-03 Simson Garfinkel <simsong@mncrnpsedu.local>
* dfxml.py: globally changed .data to .cdata for consistency.
2012-02-23 Simson Garfinkel <simsong@Mucha.local>
* dfxml.py (fileobject_reader._start_element): claned up handling of byte runs within fileobjects