3.12

What's Changed

• Add cPanel lastlogin parser by @Zawadidone in #317
• Update EWF container to reflect library updates by @Schamper in #343
• Add NamespacePlugin by @cecinestpasunepipe in #334
• Generic config_tree implementation by @Miauwkeru in #354
• Update Carbon Black loader to latest API by @sud0woodo in #244
• Added SMB filesystem support by @Paradoxis in #331
• Use lstat instead of stat in target-mount by @Schamper in #360
• Add additional AnyDesk paths by @DevJoost in #362
• Update Citrix _os.py for correct timezone detection by @RGlintmeijer in #363
• Fix Citrix NetScaler version check by @yunzheng in #365
• Update VelociraptorLoader based on version 0.7.0 by @Zawadidone in #358
• Add support for ufw by @JSCU-CNI in #366
• Improve tar loader for windows by @JSCU-CNI in #353
• Handle hardlink or regular file for /etc/localtime by @yunzheng in #367
• Fix UTMP misinterpretation of IPv6 addresses by @Zawadidone in #292
• Fix infinite loop in reverse_readlines by @Schamper in #359
• Fix incorrect record annotation iOS by @cecinestpasunepipe in #372
• Create generic quarantine records for non-files by @MaxGroot in #376
• Zip loader for Velociraptor packages by @OlafHaalstra in #355
• Fix/make journal plugin compatible with new expression parser by @cecinestpasunepipe in #377
• Add support for Symantec SEP by @cecinestpasunepipe in #374
• Fix st_nlinks for all filesystem implementations by @Schamper in #368
• Update to flow.record 3.12 by @pyrco in #378
• Mount volatile Linux directories when running on a local target by @pyrco in #375
• Add support for more history files by @JSCU-CNI in #321
• Add loader for UTM virtual machines by @Schamper in #379
• Change all remaining uri types to path by @Schamper in #373
• Harmonize Compatibility Checks by @cecinestpasunepipe in #382
• Improve remote loader test by @cecinestpasunepipe in #381
• Make Unix home path a Posix path by @Poeloe in #389
• Make source field value a posix path by @Poeloe in #391
• Improve OS X error handling by @Zawadidone in #383
• Prioritize OS specific plugins by @Schamper in #393
• Add support for Linux MD RAID by @Schamper in #327
• Don't warn on empty or missing RegBack hives by @Schamper in #388
• Set UTF-8 as default encoding for open_decompress by @Poeloe in #390
• Fix logging of incompatible plugins by @Schamper in #395
• Add plugins for volatile Linux artefacts by @Horofic in #241
• Add ZipFilesystem as an openable filesystem by @Schamper in #396
• Fix implicit cast in amcache.applications record by @pyrco in #400
• Add support for decrypting System DPAPI secrets by @cobyge in #305
• Dynamic targetd agent support (DIS-1914) by @cecinestpasunepipe in #392
• Get scheduled task display name with filename by @0x49736b in #401
• Allow DefaultOS to access all plugins by @cecinestpasunepipe in #398
• Support duplicate volume names in target-mount by @Schamper in #397
• Add a plugin to parse notifications from Windows appdb.dat by @pyrco in #394
• Update LVM volume system to reflect library update by @Schamper in #371
• Add Modules/Lsmod plugin by @DevJoost in #364

New Contributors

• @Paradoxis made their first contribution in #331
• @DevJoost made their first contribution in #362
• @RGlintmeijer made their first contribution in #363
• @OlafHaalstra made their first contribution in #355
• @0x49736b made their first contribution in #401

Full Changelog: 3.11.1...3.12