The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets).
When we collect the /proc file system during acquisition we also collect /proc/kmsg the equivalent of dmesg command can be parsed out of this file. This is a somewhat nice to have plugin, since the contents of dmesg (kmsg) reflect that of syslog and/or messages. Though, we might find some messages here that are not committed to disk yet.
When we collect the
/procfile system during acquisition we also collect/proc/kmsgthe equivalent ofdmesgcommand can be parsed out of this file. This is a somewhat nice to have plugin, since the contents ofdmesg(kmsg) reflect that ofsyslogand/ormessages. Though, we might find some messages here that are not committed to disk yet.