-
Unclear why this issue is surfacing
```
Traceback (most recent call last):
File "plaso/multi_processing/worker_process.py", line 176, in _Main
self._ProcessTask(task)
File "plaso/multi_…
-
**summary:** parse_evtx does not create a Message column when parsing `C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx`
**environment:**
- Microsoft Windows [Version 10.0.19041.572]
- v…
-
**Describe the bug**
windows.registry.printkey.PrintKey does not correctly display the value of all registry keys. Specific example below is for a Win7PS1x64 host infected with Kotver malware. When u…
-
Can we uncoment the install_requires in setup.py? (https://github.com/log2timeline/plaso/blob/master/setup.py#L116)
All of the neccessary dependencies for plaso are available on pypi. I don't see w…
-
Release URL for curl under releases is incorrect for RC2.
Current: `curl -Lo /usr/local/bin/sift https://github.com/sans-dfir/sift-cli/releases/download/**v1.8.1-rc1**/sift-cli-linux`
Correct: `c…
-
On first glance, it looks like the timeline script collects similar fields to admon which is already commonly deployed. Could admon be used instead of the new script which would commonly be resisted b…
-
### Description
I am working with a memory dump from a physical Android device running Android 9 (kernel 4.9).
I built the kernel and OS myself, and managed to build a profile and do a memory dump…
-
When running tests with tox:
```
Python 3.4 support has been deprecated. pip 19.1 will be the last one supporting it.
Please upgrade your Python as Python 3.4 won't be maintained after March 2019
…
-
I tested installation on Ubuntu 18.04. Before Installing I updated and upgraded Ubuntu.
I ran command from repository.
```
curl -Lo /usr/local/bin/sift https://github.com/sans-dfir/sift-cli/relea…
-
There is a new EZ-Tools poster, which is the first of what will be a series of three. Could you please add that to the mix? @mark-hallman has the details and PDF file.