-
Hi Alan,
CDQR Version: 20191226 errors out when used with Plaso Version: 20220428. Replicated on Ubuntu 20.04 and Kali 2022.2.
* Error message: "log2timeline.py: error: unrecognized arguments: Res…
-
**Description of problem:**
The aws cloud trail log parser does not work with current cloudtrail data.
**Source data:**
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-l…
-
add support for HKEY_CURRENT_USER in artifact definitions
* ~~expand HKEY_CURRENT_USER to all HKEY_USERS/%SID%~~
* ~~Added HKEY_CURRENT_USER to supported prefixes https://github.com/log2timeline/p…
-
**Describe the problem:**
On MacOS and iOS devices, some of the artifacts that could be found in the KnowledgeC database have migrated under the biome folders (/private/var/db/biome and /private/va…
-
**Is your feature request related to a problem? Please describe.**
It's very useful to have timestamp_desc as a visible column, but it's not enabled by default. You also can't reorder any column in f…
-
I run image_export.py and log2timeline.py in an automated script and want to use **--partition all** so that I don't have to worry about identifying the correct partition.
When using a filter file, s…
-
I would like to add the ability to dynamically register parsers and plugins developed externally from plaso.
This can be accomplished by taking advantage of the entry_points feature of setuptools …
-
The msie_webcache plugin for the esedb parser finds many fewer deleted records than are theoretically available. In a test I did with an extracted WebCacheV01.dat file I was working on, using the curr…
-
We need a parser for the WMI CIM
From: https://msdn.microsoft.com/en-us/library/ms974579.aspx
```
objects.data. CIM repository where managed resource definitions are stored.
```
File typica…
-
Windows 7 application compatibility db is called RecentFileCache.bcf and is not present in Plaso to-date. It does not exist in Windows before or after 7.
http://www.forensicswiki.org/wiki/Windows_Ap…