Skip to content

3.19

Latest
Latest
Compare
Choose a tag to compare
@Miauwkeru Miauwkeru released this 26 May 09:33
3.19
4512f2a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Highlights

New features

  • A new and exciting feature - single file as a target!
       - Use target-query with the flag --direct
  • NFS support!
       - run acquire with the flags --children and --enable-nfs
  • Reloading targets: use the reload function in target-shell to see if anything changed on disk
  • Python stubfiles for cstruct definitions (beta)
       - We added cstruct-stubgen to dissect.cstruct. This tool generates python stub files (*.pyi). These allow an LSP to understand what is inside a cstruct definition. This also means you have code completion in the IDE's that support that.

New Plugins

  • Amcache Pca function -f amcache.general,amcache.applaunches
  • Rustdesk plugin -f rustdesk.logs
  • Anydesk plugin -f anydesk.logs,anydesk.filetransfer
  • Capability history plugin -f cam.history
  • Windows MSN plugin -f msn.history
  • Windows RDP bitmap cache plugin -f rdpcache.paths,rdpcache.recover
  • mft.body plugin -f mft.body
  • Rapid7 Velociraptor artifacts plugin -f velociraptor.results,acquire.hashes,acquire.handles
  • Colima children plugin - Adds the ability to acquire the colima container runtime for macos.

New loaders, containers and filesystem formats

  • Cellebrite UFDX and UFD loader
  • Docker container image support
  • New module and filesystem for QNXFS support
  • loader for VBK files
  • Apache VirtualHost parsing
  • Oracle VirtualBox child support

Improvements/ Technical

  • Add --children argument to target-info tool
  • support for decrypting Chrome and Edge v20 cookies and passwords
  • Support for systemd drop files
  • Added the option to add benchmarks for the code. So we can see whether a change has a big impact on performance.
  • vmtar tool added in dissect.hypervisor to unpack visor tar files
  • Make chunk size configurable in dissect.archive
  • Testing improvements: Clear cached functions on every test

Bugs

  • Fix regression for reading unknown data types
  • Fix multiple namespace plugins in same file
  • Improvement for JFFS support
  • Complete stream IDs handling for the Dissect Windows Defender quarantine implementation

Contributors

Thanks to our contributors for making this release possible:

@JSCU-CNI
@lhaagsma
@Matthijsy
@qmadev
@skepppy
@william-billaud
@Zawadidone

Full Changelogs

dissect: 3.18 → 3.19
https://github.com/fox-it/dissect/releases/tag/3.19
dissect.archive: 1.5 → 1.6
https://github.com/fox-it/dissect.archive/releases/tag/1.6
dissect.btrfs: 💤1.7 (no changes)
https://github.com/fox-it/dissect.btrfs/releases/tag/1.7
dissect.cim: 3.11 → 3.12
https://github.com/fox-it/dissect.cim/releases/tag/3.12
dissect.clfs: 💤1.10 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.10
dissect.cstruct: 4.4 → 4.5
https://github.com/fox-it/dissect.cstruct/releases/tag/4.5
dissect.esedb: 3.15 → 3.16
https://github.com/fox-it/dissect.esedb/releases/tag/3.16
dissect.etl: 💤3.11 (no changes)
https://github.com/fox-it/dissect.etl/releases/tag/3.11
dissect.eventlog: 💤3.10 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.10
dissect.evidence: 💤3.11 (no changes)
https://github.com/fox-it/dissect.evidence/releases/tag/3.11
dissect.executable: 💤1.8 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.8
dissect.extfs: 💤3.13 (no changes)
https://github.com/fox-it/dissect.extfs/releases/tag/3.13
dissect.fat: 💤3.12 (no changes)
https://github.com/fox-it/dissect.fat/releases/tag/3.12
dissect.ffs: 💤3.11 (no changes)
https://github.com/fox-it/dissect.ffs/releases/tag/3.11
dissect.fve: 4.1 → 4.2
https://github.com/fox-it/dissect.fve/releases/tag/4.2
dissect.hypervisor: 3.17 → 3.18
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.18
dissect.jffs: 1.4 → 1.5
https://github.com/fox-it/dissect.jffs/releases/tag/1.5
dissect.ntfs: 💤3.14 (no changes)
https://github.com/fox-it/dissect.ntfs/releases/tag/3.14
dissect.ole: 3.10 → 3.11
https://github.com/fox-it/dissect.ole/releases/tag/3.11
dissect.qnxfs: ✨1.0
https://github.com/fox-it/dissect.qnxfs/releases/tag/1.0
dissect.regf: 3.12 → 3.13
https://github.com/fox-it/dissect.regf/releases/tag/3.13
dissect.shellitem: 💤3.11 (no changes)
https://github.com/fox-it/dissect.shellitem/releases/tag/3.11
dissect.sql: 💤3.11 (no changes)
https://github.com/fox-it/dissect.sql/releases/tag/3.11
dissect.squashfs: 💤1.9 (no changes)
https://github.com/fox-it/dissect.squashfs/releases/tag/1.9
dissect.target: 3.21 → 3.22
https://github.com/fox-it/dissect.target/releases/tag/3.22
dissect.thumbcache: 💤1.10 (no changes)
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.10
dissect.util: 3.20 → 3.21
https://github.com/fox-it/dissect.util/releases/tag/3.21
dissect.vmfs: 💤3.11 (no changes)
https://github.com/fox-it/dissect.vmfs/releases/tag/3.11
dissect.volume: 3.14 → 3.15
https://github.com/fox-it/dissect.volume/releases/tag/3.15
dissect.xfs: 💤3.12 (no changes)
https://github.com/fox-it/dissect.xfs/releases/tag/3.12

Contributors

Matthijsy, lhaagsma, and 5 other contributors
Assets 2
Loading