-
Include some information about whether the execution flag is set for executables added to the Cache. I found an edge case where things can be added to the cache, but not executed. Would be good if Pl…
-
Currently credentials are passed around via an attribute on the Evidence objects, but we should probably use the Recipe globals for this so that we can keep all of the data passed around together and …
-
Want to store additional source information, e.g. this file originates from system X
* [ ] Extend source configuration artifact
* [ ] Change pinfo to print (additional) source configuration artifa…
-
* [ ] change 'webview:cookie' to 'android:webview:cookie'
* [ ] change 'winrar:history' to 'windows:registry:winrar:history'
* [ ] change`ccleaner:configuration` to `windows:registry:ccleaner:config…
-
Hashing / parsing of files with large sparse ranges is inefficient. Use information about sparse file extents in hashing / parsing to skip sparse ranges
-
Consider writing a guide "how to apply patches to HEAD" (bleeding edge)
-
Currently the information about the tagging rules is very sparse, extend the documentation with some context of each tagging rule.
-
Generate the "ontology data types" based on the source
- [ ] generate wiki page with overview of time stamp descriptions
- [ ] generate wiki page with overview of event object data types and attribute…
-
Points to cover:
- What level of meaning to aim for in eventdata vs formatter (bool/string)
- Naming conventions
-
**Description of feature request:**
To create a new output module in plaso that can be used to import data directly into [Timesketch](https://github.com/google/timesketch). This output module would…