-
in https://plaso.readthedocs.io/en/latest/sources/user/Event-filters.html
* Document use of `PATH` value type helpers - https://github.com/log2timeline/plaso/pull/4141
* using `contains` on lists
…
-
**Describe the problem:**
Plaso parses Windows sdb shim database files as utmp files. This false positive produces false `linux:utmp:event` events that look like e.g. `User: EXE.AVAJÜ� Hostname: �…
-
-
**Note that Windows Event Log XML output (as exported by Windows EventViewer) is not necessary proper XML.** Also see: https://github.com/dfirlabs/evtx-specimens and https://github.com/log2timeline/pl…
-
While running:
```
psort.py --analysis nsrlsvr --nsrlsvr-hash md5 --nsrlsvr-host 127.0.0.1 --nsrlsvr-port 9120 -w output.log --disable-zeromq test.plaso
```
The export after the analysis is v…
-
**Description of problem:**
Running psteal.py on browser history generates content that is not RFC 4180 valid, as quotes might appear in the URL+title field, without being quoted
`2021-09-07T06:…
-
Unable to decompress zlib compressed stream with error: Error -3 while decompressing: invalid distance too far back.
```
zcat test.gz
...
gzip: test.gz: invalid compressed data--crc error
…
-
I get the following error when uploading an image using the EWF format with more than one file:
[2019-02-10 10:41:10,318] ERROR in app: Exception on / [POST]
Traceback (most recent call last):
…
-
Copied from [add multi volume support #109](https://github.com/log2timeline/plaso/issues/109)
Change tools to support more than 1 source (input) file
* does this require changes to storage to ha…
-
Some binary parsers now define GetFormatSpecification, such as: https://github.com/log2timeline/plaso/blob/master/plaso/parsers/winlnk.py#L87
* [ ] check if files that match the format are ignored …