Skip to content

3.21

Latest
Latest

Choose a tag to compare

View all tags
@Miauwkeru Miauwkeru released this 25 Nov 15:18
· 2 commits to main since this release
3.21
5fa5aba
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Highlights

We moved to python3.10 as our minimum python version

New projects

  • dissect.apfs: Initial macOS support! Only available through the API for now
  • dissect.database: Supersedes the old dissect.esedb and dissect.sql projects going forward

New/enhanced plugins

  • New Windows Search Index plugin. You can use it with -f search
  • Firefox browser plugin is now reworked / updated to support the latest Firefox version
  • mft plugin now uses the volume serial number if there was no UUID available for a volume
  • yara plugin output now contains the modification timestamp of the file it checks
  • ESXi OSPlugin now contains better detection checks for live collections of an ESXi system
  • New plugin showing the parsed VMWare Workstation inventory. Accessible through -f vmware.config
  • Registry modification timestamp added to the MUIcache plugin

New container and filesystems

We now have support for some additional formats

  • CramFS implementation, used in linux systems
  • Apple Sparse Image Format (ASIF) support
  • Support for KAPE files in the VHD format

Usability improvements

  • We added output redirection to target-shell. Now you can use > inside target-shell to write the output of a command to a file
  • Syslog parsing added to network.interfaces for linux. Access these functions by using -f network.interfaces --syslog for it to look through syslog entries too.
  • Added support for more nested targets in our target-* tooling and acquire.
    • --list-children shows the child targets of a target. e.g., 
      $ target-query --list-children /path/to/vm -q
[0]: type='qemu' name='alpinelinux3.21' path='/etc/libvirt/qemu/alpinelinux3.21.xml'
    • Using --recursive will query the targets within those child targets until there are no targets left. e.g., 
      $ target-query --list-children /path/to/vm -q --recursive
[0]: type='qemu' name='alpinelinux3.21' path='/etc/libvirt/qemu/alpinelinux3.21.xml'
- [0.0]: type='qemu' name='alpinelinux3.21' path='/etc/libvirt/qemu/alpinelinux3.21.xml'
    • --child now enables you to access a specific nested target. e.g., 
      $ target-query -f services --child 0.0 /path/to/vm
  • Enabled using the local loader when using dissect within a KVM/Qemu VM

Performance improvements

  • New decompression support for LZFSE, LZBITMAP, LZVN
  • Several improvements in error handling and memory consumption for the XFS filesystem and tests

Acquire

  • Raised the memory limit when running on an ESXi machine before any target gets loaded
  • Addtional HitmanPRO logs added to the AV module

Contributors

Thanks to our contributors for making this release possible:

@Aevyz
@JSCU-CNI
@loaflover
@Matthijsy
@qmadev
@respondersGY
@william-billaud

Full Changelogs

dissect: 3.20.1 → 3.21
https://github.com/fox-it/dissect/releases/tag/3.21
dissect.apfs: ✨1.0.1
https://github.com/fox-it/dissect.apfs/releases/tag/1.0.1
dissect.archive: 1.7 → 1.8
https://github.com/fox-it/dissect.archive/releases/tag/1.8
dissect.btrfs: 1.8 → 1.9
https://github.com/fox-it/dissect.btrfs/releases/tag/1.9
dissect.cim: 3.12 → 3.13
https://github.com/fox-it/dissect.cim/releases/tag/3.13
dissect.clfs: 1.10 → 1.11
https://github.com/fox-it/dissect.clfs/releases/tag/1.11
dissect.cramfs: 1.0 → 1.1
https://github.com/fox-it/dissect.cramfs/releases/tag/1.1
dissect.cstruct: 4.6 → 4.7
https://github.com/fox-it/dissect.cstruct/releases/tag/4.7
dissect.database: ✨1.0
https://github.com/fox-it/dissect.database/releases/tag/1.0
dissect.etl: 3.13 → 3.14
https://github.com/fox-it/dissect.etl/releases/tag/3.14
dissect.eventlog: 3.10 → 3.11
https://github.com/fox-it/dissect.eventlog/releases/tag/3.11
dissect.evidence: 3.11 → 3.12
https://github.com/fox-it/dissect.evidence/releases/tag/3.12
dissect.executable: 1.10 → 1.11
https://github.com/fox-it/dissect.executable/releases/tag/1.11
dissect.extfs: 3.14 → 3.15
https://github.com/fox-it/dissect.extfs/releases/tag/3.15
dissect.fat: 3.12 → 3.13
https://github.com/fox-it/dissect.fat/releases/tag/3.13
dissect.ffs: 3.11 → 3.12
https://github.com/fox-it/dissect.ffs/releases/tag/3.12
dissect.fve: 4.4 → 4.5
https://github.com/fox-it/dissect.fve/releases/tag/4.5
dissect.hypervisor: 3.19 → 3.20
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.20
dissect.jffs: 1.5 → 1.6
https://github.com/fox-it/dissect.jffs/releases/tag/1.6
dissect.ntfs: 3.14 → 3.15
https://github.com/fox-it/dissect.ntfs/releases/tag/3.15
dissect.ole: 3.11 → 3.12
https://github.com/fox-it/dissect.ole/releases/tag/3.12
dissect.qnxfs: 1.1 → 1.2
https://github.com/fox-it/dissect.qnxfs/releases/tag/1.2
dissect.regf: 3.13 → 3.14
https://github.com/fox-it/dissect.regf/releases/tag/3.14
dissect.shellitem: 3.12 → 3.13
https://github.com/fox-it/dissect.shellitem/releases/tag/3.13
dissect.squashfs: 1.10 → 1.11
https://github.com/fox-it/dissect.squashfs/releases/tag/1.11
dissect.target: 3.23.1 → 3.24
https://github.com/fox-it/dissect.target/releases/tag/3.24
dissect.thumbcache: 1.10 → 1.11
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.11
dissect.util: 3.22 → 3.23
https://github.com/fox-it/dissect.util/releases/tag/3.23
dissect.vmfs: 3.12 → 3.13
https://github.com/fox-it/dissect.vmfs/releases/tag/3.13
dissect.volume: 3.16 → 3.17
https://github.com/fox-it/dissect.volume/releases/tag/3.17
dissect.xfs: 3.12 → 3.13
https://github.com/fox-it/dissect.xfs/releases/tag/3.13

Contributors

Matthijsy, Aevyz, and 5 other contributors
Assets 2
Loading