Releases: fox-it/dissect
Release dissect 3.8
Highlights
New plugins:
- Generic:
- OpenVPN configuration plugin for client and server configuration - OSX:
- User plugin, which shows all the users on osx machines
- IPs plugin, allows the ips to work on osx targets
Updated plugins:
- ETL: Now decompresses compressed buffers
- Unix services: Improved the systemd service parsing
Loader:
- DirLoader: functions with directories made using acquire
- MultiRawLoader: Allows you to load multiple disks into one target.
This has to be a + separated string containing absolute or relative path to the disks. (/path/to/disk1+/path/to/disk2)
Misc changes/fixes:
- Target-shell
- Use
enter <path>to open a target inside of another target. - No duplicate files when saving a directory using the
savecommand.
- Use
- Registry improvements: Allows for globbing through the windows registry
Contributors
Thanks to our contributors for making this release possible:
@cobyge
@nrhtr
@JSCU-CNI
@sMezaOrellana
@sulonl
@Zawadidone
Full Changelogs
dissect: 3.7 → 3.8
https://github.com/fox-it/dissect/releases/tag/3.8
dissect.cim: 💤3.7 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.7
dissect.clfs: 💤1.6 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.6
dissect.cstruct: 3.8 → 3.9
https://github.com/fox-it/dissect.cstruct/releases/tag/3.9
dissect.esedb: 💤3.8 (no changes)
https://github.com/fox-it/dissect.esedb/releases/tag/3.8
dissect.etl: 3.6 → 3.7
https://github.com/fox-it/dissect.etl/releases/tag/3.7
dissect.eventlog: 💤3.6 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.6
dissect.evidence: 💤3.6 (no changes)
https://github.com/fox-it/dissect.evidence/releases/tag/3.6
dissect.executable: 💤1.4 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.4
dissect.extfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.extfs/releases/tag/3.6
dissect.fat: 💤3.6 (no changes)
https://github.com/fox-it/dissect.fat/releases/tag/3.6
dissect.ffs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ffs/releases/tag/3.6
dissect.hypervisor: 💤3.8 (no changes)
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.8
dissect.ntfs: 3.6 → 3.7
https://github.com/fox-it/dissect.ntfs/releases/tag/3.7
dissect.ole: 💤3.6 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.6
dissect.regf: 3.6 → 3.7
https://github.com/fox-it/dissect.regf/releases/tag/3.7
dissect.shellitem: 💤3.6 (no changes)
https://github.com/fox-it/dissect.shellitem/releases/tag/3.6
dissect.sql: 💤3.6 (no changes)
https://github.com/fox-it/dissect.sql/releases/tag/3.6
dissect.squashfs: 💤1.3 (no changes)
https://github.com/fox-it/dissect.squashfs/releases/tag/1.3
dissect.target: 3.10 → 3.11
https://github.com/fox-it/dissect.target/releases/tag/3.11
dissect.thumbcache: 💤1.5 (no changes)
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.5
dissect.util: 3.9 → 3.10
https://github.com/fox-it/dissect.util/releases/tag/3.10
dissect.vmfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.vmfs/releases/tag/3.6
dissect.volume: 💤3.6 (no changes)
https://github.com/fox-it/dissect.volume/releases/tag/3.6
dissect.xfs: 💤3.6 (no changes)
https://github.com/fox-it/dissect.xfs/releases/tag/3.6
Contributors
Assets 2
Release dissect 3.7 (#33)
Highlights
- Windows plugin additions and improvements:
at.exejobs are now emitted by the tasks plugin.- Tasks from AD Group Policy Objects are now emitted by the tasks plugin.
- Tasks within a ScheduledTask.xml file are not parsed when nested in a
<ScheduledTask>element. This will be supported in the next release.
- Tasks within a ScheduledTask.xml file are not parsed when nested in a
- A new AppX debug information plugin
appxdebugkeysis added. - The Windows defender plugin can now also emit exclusions.
amcachenow returns the proper arp created install records.- A new shophos plugin supporting Sophos Home and Sophos Hitman has been added.
- Linux plugin additions and improvements:
- A new systemd journal plugin is added.
- Loader additions and improvements:
- The
LogLoadercan now handle IIS logs.
- The
- Misc improvements:
- Cleaner handling of
KeyboardInterrupsandOSErrorsin the various target tools. - Compatibility for
TargetPathandFilesystemEntrywith Python 3.11.4. - The LZO decompressor now handles bitstream compressed data properly.
target-infonow handles time zones properly for older Windows versions.
- Cleaner handling of
Contributors
Thanks to our contributors for making this release possible:
Full Changelogs
dissect: 3.6 → 3.7
https://github.com/fox-it/dissect/releases/tag/3.7
dissect.cim: 3.6 → 3.7
https://github.com/fox-it/dissect.cim/releases/tag/3.7
dissect.clfs: 1.5 → 1.6
https://github.com/fox-it/dissect.clfs/releases/tag/1.6
dissect.cstruct: 3.7 → 3.8
https://github.com/fox-it/dissect.cstruct/releases/tag/3.8
dissect.esedb: 3.7 → 3.8
https://github.com/fox-it/dissect.esedb/releases/tag/3.8
dissect.etl: 3.5 → 3.6
https://github.com/fox-it/dissect.etl/releases/tag/3.6
dissect.eventlog: 3.5 → 3.6
https://github.com/fox-it/dissect.eventlog/releases/tag/3.6
dissect.evidence: 3.5 → 3.6
https://github.com/fox-it/dissect.evidence/releases/tag/3.6
dissect.executable: 1.3 → 1.4
https://github.com/fox-it/dissect.executable/releases/tag/1.4
dissect.extfs: 3.5 → 3.6
https://github.com/fox-it/dissect.extfs/releases/tag/3.6
dissect.fat: 3.5 → 3.6
https://github.com/fox-it/dissect.fat/releases/tag/3.6
dissect.ffs: 3.5 → 3.6
https://github.com/fox-it/dissect.ffs/releases/tag/3.6
dissect.hypervisor: 3.7 → 3.8
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.8
dissect.ntfs: 3.5 → 3.6
https://github.com/fox-it/dissect.ntfs/releases/tag/3.6
dissect.ole: 3.5 → 3.6
https://github.com/fox-it/dissect.ole/releases/tag/3.6
dissect.regf: 3.5 → 3.6
https://github.com/fox-it/dissect.regf/releases/tag/3.6
dissect.shellitem: 3.5 → 3.6
https://github.com/fox-it/dissect.shellitem/releases/tag/3.6
dissect.sql: 3.5 → 3.6
https://github.com/fox-it/dissect.sql/releases/tag/3.6
dissect.squashfs: 1.2 → 1.3
https://github.com/fox-it/dissect.squashfs/releases/tag/1.3
dissect.target: 3.9 → 3.10
https://github.com/fox-it/dissect.target/releases/tag/3.10
dissect.thumbcache: 1.4 → 1.5
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.5
dissect.util: 3.8 → 3.9
https://github.com/fox-it/dissect.util/releases/tag/3.9
dissect.vmfs: 3.5 → 3.6
https://github.com/fox-it/dissect.vmfs/releases/tag/3.6
dissect.volume: 3.5 → 3.6
https://github.com/fox-it/dissect.volume/releases/tag/3.6
dissect.xfs: 3.5 → 3.6
https://github.com/fox-it/dissect.xfs/releases/tag/3.6
Contributors
Assets 2
Release dissect 3.6 (#30)
Highlights
- New filesystems:
- Parallels disk images
- New plugins:
- Chromium based browser extensions
- Updated/improved plugins:
- Unix auth: fix log parsing bug
- Unix services
- Unix network_managers: better IP parsing from logs
- Windows adpolicy: output info about Windows GPOs (Group Policy Objects)
- powershell: now also works on Linux
- firefox: look for files in more locations
- Updated/improved loaders:
- ASDF
- Filesystem fixes/improvements for:
- xfs
- ntfs
- extfs
Contributors
Thanks to our contributors for making this release possible:
Full Changelogs
dissect: 3.5 → 3.6
https://github.com/fox-it/dissect/releases/tag/3.6
dissect.cim: 3.5 → 3.6
https://github.com/fox-it/dissect.cim/releases/tag/3.6
dissect.clfs: 1.4 → 1.5
https://github.com/fox-it/dissect.clfs/releases/tag/1.5
dissect.cstruct: 3.6 → 3.7
https://github.com/fox-it/dissect.cstruct/releases/tag/3.7
dissect.esedb: 3.6 → 3.7
https://github.com/fox-it/dissect.esedb/releases/tag/3.7
dissect.etl: 3.4 → 3.5
https://github.com/fox-it/dissect.etl/releases/tag/3.5
dissect.eventlog: 3.4 → 3.5
https://github.com/fox-it/dissect.eventlog/releases/tag/3.5
dissect.evidence: 3.4 → 3.5
https://github.com/fox-it/dissect.evidence/releases/tag/3.5
dissect.executable: 1.2 → 1.3
https://github.com/fox-it/dissect.executable/releases/tag/1.3
dissect.extfs: 3.4 → 3.5
https://github.com/fox-it/dissect.extfs/releases/tag/3.5
dissect.fat: 3.4 → 3.5
https://github.com/fox-it/dissect.fat/releases/tag/3.5
dissect.ffs: 3.4 → 3.5
https://github.com/fox-it/dissect.ffs/releases/tag/3.5
dissect.hypervisor: 3.6 → 3.7
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.7
dissect.ntfs: 3.4 → 3.5
https://github.com/fox-it/dissect.ntfs/releases/tag/3.5
dissect.ole: 3.4 → 3.5
https://github.com/fox-it/dissect.ole/releases/tag/3.5
dissect.regf: 3.4 → 3.5
https://github.com/fox-it/dissect.regf/releases/tag/3.5
dissect.shellitem: 3.4 → 3.5
https://github.com/fox-it/dissect.shellitem/releases/tag/3.5
dissect.sql: 3.4 → 3.5
https://github.com/fox-it/dissect.sql/releases/tag/3.5
dissect.squashfs: 1.1 → 1.2
https://github.com/fox-it/dissect.squashfs/releases/tag/1.2
dissect.target: 3.8 → 3.9
https://github.com/fox-it/dissect.target/releases/tag/3.9
dissect.thumbcache: 1.3 → 1.4
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.4
dissect.util: 3.7 → 3.8
https://github.com/fox-it/dissect.util/releases/tag/3.8
dissect.vmfs: 3.4 → 3.5
https://github.com/fox-it/dissect.vmfs/releases/tag/3.5
dissect.volume: 3.4 → 3.5
https://github.com/fox-it/dissect.volume/releases/tag/3.5
dissect.xfs: 3.4 → 3.5
https://github.com/fox-it/dissect.xfs/releases/tag/3.5
Contributors
Assets 2
3.5
Highlights
- New plugins for parsing:
- Trend Micro Worry-Free AV and firewall logs
- McAfee AV and firewall logs (SQLite)
- Apt, yum and zypper package manager files
- NGINX, Apache and Caddy webserver logs
- Open handles acquired from Windows systems
- Updated/improved plugins for:
- Extended zsh history files
- IP adresses on Unix systems
- the Unix audit.log plugin
- the SSH plugin now also exports public keys and outputs more information on private keys
- Updated/improved loaders:
- Support for older type Hyper-V hypervisor configuration files
- Support UsnJrnl and Volume Shadow Copy's in the Velociraptor loader
- iTunes backup files
- Add
zcat&zlesscommands totarget-shell, these commands will transparently decompress gzip and bzip2 compressed files. target-shellproperly displays alternate datastreams again.- A new tool
target-infowas added, which quickly displays some useful information about the target specified - Support for NTFS reparse points
- Acquire was extended to also acquire:
- Windows PCA files
- Linux
/procand/sysfilesystems - McAfee SQLite AV and firewall logs
Contributors
Thanks to our contributors for making this release possible:
@JSCU-CNI
@MrYoranimo
@Zawadidone
Full Changelogs
dissect: 3.4 → 3.5
https://github.com/fox-it/dissect/releases/tag/3.5
dissect.cim: 3.4 → 3.5
https://github.com/fox-it/dissect.cim/releases/tag/3.5
dissect.clfs: 1.3 → 1.4
https://github.com/fox-it/dissect.clfs/releases/tag/1.4
dissect.cstruct: 3.5 → 3.6
https://github.com/fox-it/dissect.cstruct/releases/tag/3.6
dissect.esedb: 3.5 → 3.6
https://github.com/fox-it/dissect.esedb/releases/tag/3.6
dissect.etl: 3.3 → 3.4
https://github.com/fox-it/dissect.etl/releases/tag/3.4
dissect.eventlog: 3.3 → 3.4
https://github.com/fox-it/dissect.eventlog/releases/tag/3.4
dissect.evidence: 3.3 → 3.4
https://github.com/fox-it/dissect.evidence/releases/tag/3.4
dissect.executable: 1.1 → 1.2
https://github.com/fox-it/dissect.executable/releases/tag/1.2
dissect.extfs: 3.3 → 3.4
https://github.com/fox-it/dissect.extfs/releases/tag/3.4
dissect.fat: 3.3 → 3.4
https://github.com/fox-it/dissect.fat/releases/tag/3.4
dissect.ffs: 3.3 → 3.4
https://github.com/fox-it/dissect.ffs/releases/tag/3.4
dissect.hypervisor: 3.5 → 3.6
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.6
dissect.ntfs: 3.3 → 3.4
https://github.com/fox-it/dissect.ntfs/releases/tag/3.4
dissect.ole: 3.3 → 3.4
https://github.com/fox-it/dissect.ole/releases/tag/3.4
dissect.regf: 3.3 → 3.4
https://github.com/fox-it/dissect.regf/releases/tag/3.4
dissect.shellitem: 3.3 → 3.4
https://github.com/fox-it/dissect.shellitem/releases/tag/3.4
dissect.sql: 3.3 → 3.4
https://github.com/fox-it/dissect.sql/releases/tag/3.4
dissect.squashfs: 1.0 → 1.1
https://github.com/fox-it/dissect.squashfs/releases/tag/1.1
dissect.target: 3.7 → 3.8
https://github.com/fox-it/dissect.target/releases/tag/3.8
dissect.thumbcache: 1.2 → 1.3
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.3
dissect.util: 3.6 → 3.7
https://github.com/fox-it/dissect.util/releases/tag/3.7
dissect.vmfs: 3.3 → 3.4
https://github.com/fox-it/dissect.vmfs/releases/tag/3.4
dissect.volume: 3.3 → 3.4
https://github.com/fox-it/dissect.volume/releases/tag/3.4
dissect.xfs: 3.3 → 3.4
https://github.com/fox-it/dissect.xfs/releases/tag/3.4
Contributors
Assets 3
3.4
Contributors
Thanks to our contributors for making this release possible:
@JSCU-CNI
@MrYoranimo
@skarnproject
@Zawadidone
Full Changelogs
dissect: 3.3 → 3.4
https://github.com/fox-it/dissect/releases/tag/3.4
dissect.cim: 3.3 → 3.4
https://github.com/fox-it/dissect.cim/releases/tag/3.4
dissect.clfs: 1.2 → 1.3
https://github.com/fox-it/dissect.clfs/releases/tag/1.3
dissect.cstruct: 3.3 → 3.5
https://github.com/fox-it/dissect.cstruct/releases/tag/3.5
https://github.com/fox-it/dissect.cstruct/releases/tag/3.4
dissect.esedb: 3.3 → 3.5
https://github.com/fox-it/dissect.esedb/releases/tag/3.5
https://github.com/fox-it/dissect.esedb/releases/tag/3.4
dissect.etl: 3.2 → 3.3
https://github.com/fox-it/dissect.etl/releases/tag/3.3
dissect.eventlog: 3.2 → 3.3
https://github.com/fox-it/dissect.eventlog/releases/tag/3.3
dissect.evidence: 3.2 → 3.3
https://github.com/fox-it/dissect.evidence/releases/tag/3.3
dissect.executable: ✨1.1
https://github.com/fox-it/dissect.executable/releases/tag/1.1
dissect.extfs: 3.2 → 3.3
https://github.com/fox-it/dissect.extfs/releases/tag/3.3
dissect.fat: 3.2 → 3.3
https://github.com/fox-it/dissect.fat/releases/tag/3.3
dissect.ffs: 3.2 → 3.3
https://github.com/fox-it/dissect.ffs/releases/tag/3.3
dissect.hypervisor: 3.3 → 3.5
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.5
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.4
dissect.ntfs: 3.2 → 3.3
https://github.com/fox-it/dissect.ntfs/releases/tag/3.3
dissect.ole: 3.2 → 3.3
https://github.com/fox-it/dissect.ole/releases/tag/3.3
dissect.regf: 3.2 → 3.3
https://github.com/fox-it/dissect.regf/releases/tag/3.3
dissect.shellitem: 3.2 → 3.3
https://github.com/fox-it/dissect.shellitem/releases/tag/3.3
dissect.sql: 3.2 → 3.3
https://github.com/fox-it/dissect.sql/releases/tag/3.3
dissect.squashfs: ✨1.0
https://github.com/fox-it/dissect.squashfs/releases/tag/1.0
dissect.target: 3.4 → 3.7
https://github.com/fox-it/dissect.target/releases/tag/3.7
https://github.com/fox-it/dissect.target/releases/tag/3.6
https://github.com/fox-it/dissect.target/releases/tag/3.5
dissect.thumbcache: 1.1 → 1.2
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.2
dissect.util: 3.3 → 3.6
https://github.com/fox-it/dissect.util/releases/tag/3.6
https://github.com/fox-it/dissect.util/releases/tag/3.5
https://github.com/fox-it/dissect.util/releases/tag/3.4
dissect.vmfs: 3.2 → 3.3
https://github.com/fox-it/dissect.vmfs/releases/tag/3.3
dissect.volume: 3.2 → 3.3
https://github.com/fox-it/dissect.volume/releases/tag/3.3
dissect.xfs: 3.2 → 3.3
https://github.com/fox-it/dissect.xfs/releases/tag/3.3
Contributors
Assets 2
3.3
Contributors
Thanks to our contributors for making this release possible:
@Ad-Blokker
@cobyge
@goosvorbook
@lesander
@Zawadidone
Full Changelogs
dissect: 3.2 → 3.3
https://github.com/fox-it/dissect/releases/tag/3.3
dissect.cim: 3.2 → 3.3
https://github.com/fox-it/dissect.cim/releases/tag/3.3
dissect.clfs: 1.1 → 1.2
https://github.com/fox-it/dissect.clfs/releases/tag/1.2
dissect.cstruct: 3.2 → 3.3
https://github.com/fox-it/dissect.cstruct/releases/tag/3.3
dissect.esedb: 3.2 → 3.3
https://github.com/fox-it/dissect.esedb/releases/tag/3.3
dissect.etl: 3.1 → 3.2
https://github.com/fox-it/dissect.etl/releases/tag/3.2
dissect.eventlog: 3.1 → 3.2
https://github.com/fox-it/dissect.eventlog/releases/tag/3.2
dissect.evidence: 3.1 → 3.2
https://github.com/fox-it/dissect.evidence/releases/tag/3.2
dissect.extfs: 3.1 → 3.2
https://github.com/fox-it/dissect.extfs/releases/tag/3.2
dissect.fat: 3.1 → 3.2
https://github.com/fox-it/dissect.fat/releases/tag/3.2
dissect.ffs: 3.1 → 3.2
https://github.com/fox-it/dissect.ffs/releases/tag/3.2
dissect.hypervisor: 3.2 → 3.3
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.3
dissect.ntfs: 3.1 → 3.2
https://github.com/fox-it/dissect.ntfs/releases/tag/3.2
dissect.ole: 3.1 → 3.2
https://github.com/fox-it/dissect.ole/releases/tag/3.2
dissect.regf: 3.1 → 3.2
https://github.com/fox-it/dissect.regf/releases/tag/3.2
dissect.shellitem: 3.1 → 3.2
https://github.com/fox-it/dissect.shellitem/releases/tag/3.2
dissect.sql: 3.1 → 3.2
https://github.com/fox-it/dissect.sql/releases/tag/3.2
dissect.target: 3.3 → 3.4
https://github.com/fox-it/dissect.target/releases/tag/3.4
dissect.thumbcache: ✨1.1
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.1
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.0
dissect.util: 3.2 → 3.3
https://github.com/fox-it/dissect.util/releases/tag/3.3
dissect.vmfs: 3.1 → 3.2
https://github.com/fox-it/dissect.vmfs/releases/tag/3.2
dissect.volume: 3.1 → 3.2
https://github.com/fox-it/dissect.volume/releases/tag/3.2
dissect.xfs: 3.1 → 3.2
https://github.com/fox-it/dissect.xfs/releases/tag/3.2
