SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for plaso-1.3.0-1.fc19.i686.rpm :
Wed Jul 22 14:00:00 2015 Lawrence R. Rogers 1.3.0-1

* Release 1.3.0-1
Version 1.3.0 - see http://blog.kiddaland.net/2015/07/bringing-end-to-sorrow-new-plaso-release.html for details.

Wed Dec 24 13:00:00 2014 Lawrence R. Rogers 1.2.0-2

* Release 1.2.0-2
Patch to bring up to date to the development release dated 2014-12-24.

Sat Dec 20 13:00:00 2014 Lawrence R. Rogers 1.2.0-1
Version 1.2.0 - see http://blog.kiddaland.net/2014/12/hey-kids-i-heard-on-news-that-airline.html for details.

Tue Sep 23 14:00:00 2014 Lawrence R. Rogers 1.1.0-2
Added correct ipython dependencies

Fri Jun 6 14:00:00 2014 Lawrence R. Rogers 1.1.0-1
See http://blog.kiddaland.net/2014/06/what-is-one-to-say-about-june-time-of.html for the list of changes

Thu May 22 14:00:00 2014 Lawrence R. Rogers 1.0.2-1
See http://blog.kiddaland.net/2013/10/halloween-brings-with-it-riding-witches.html for more details.

New Shiny Parsers
Java IDX.
LS Quarantine.
MacKeeper cache.
OLECF (think .doc and so many other OLE compound files on any given Windows system).
OpenXML.
Pcap files.
Plist parser (generic and a plugin interface for new parsers).
Apple Safari history parser.
SkyDrive log files.
Skype text conversations.
Windows Firewall.
Windows Job files (think at jobs).
Windows Prefetch files (supports all versions of Windows).
Windows Recycle bin (INFO2 and $I/$R).
Xchat Scroll back files.
Zeitgeist parser (Linux).
Several new Windows Registry plugins.
New Output Modules
MySQL db output for 4n6time (still an experimental feature and mostly applicable in 4n6time).
Dynamic. The new default output module for psort. In short this is a simple CSV file that has
configurable fields to make output more flexible. See additional information here.
Pstorage - The ability to output again into another instance of a plaso storage.
This is mainly if you want to keep events fully sorted and filtered out for a new instance.
New Features
There are plenty of new features, some of which are listed here:
New front-end called plasm that as of now takes care of tagging/categorization of your output data.
New script included called \"image_export\" that can be used to export files out of an image file (including within VSS)
either by supplying it with a list of paths or file extensions.
A PoC tool called \"plaso_extract_search_history.py\" (not included in the build files) that can read over a plaso storage
file and extract all search history from it (this will be incorporated into the tool in the next version).
The ability to define \"time slices\" in psort. That is if you have a specific pivot point into the data set (as in a time)
you can define it and get all the surrounding events that occurred on the timeline for X minutes before and after
(X is configurable but defaults to 5 minutes).
The ability to include surrounding events for filter hits. That is to create a time slice for every filter hit. Let\'s say
you want to filter the timeline for every time a particular web site was visited and at the same time you would like
to X number of events that led up to that web site visit and the next X subsequent events as well, now that can be easily done.
Psort now removes duplicate entries.
You can now bypass the storage mechanism and directly output to file. Before that you had to first store all events into a plaso storage
file (still default and still recommended). However the option of bypassing the storage mechanism and directly storing the data
into whatever available output module has been added.
A new front-end called preg added that can be used to directly parse registry files and present the output in a different manner than is
done in the main front-end log2timeline/psort (and even works on live machines).
Back-end Changes
A timestamp index was added to the backend storage (pstorage) making date based filtering considerably faster.
Registry plugin infrastructure received a healthy code refactor.
A new text based assistant added (using pyparsing).
A new binary assistant added.
TSK updated to 4.1.x (used to be dependent on 3.x).
Protobufs updated to version 2.5 (used to be 2.4).
Quite a few re-factors on various pieces of the codebase.

Thu Feb 13 13:00:00 2014 Lawrence R. Rogers 1.0.1alpha-1
Initial version


  
ICM