Add parser for WMI CIM

[kiddinn]

We need a parser for the WMI CIM

From: https://msdn.microsoft.com/en-us/library/ms974579.aspx

objects.data. CIM repository where managed resource definitions are stored.

File typically found in: "C:\WINDOWS\System32\wbem\repository\fs\objects.data"

See more details here (although no structural details): https://dl.mandiant.com/EE/library/MIRcon2014/MIRcon_2014_IR_Track_There%27s_Something_About_WMI.pdf

[tomchop]

Pure-python parser for WMI databases: https://github.com/fireeye/flare-wmi/tree/master/python-cim

[joachimmetz]

Unfortunately some of the dependencies of python-cim have incompatible licenses for plaso. Also see: https://github.com/log2timeline/plaso/wiki/Adding-a-new-dependency.

Also unclear if some of them are Python 3 compatible and maintained.

[moxilo]

@joachimmetz is someone working on this? Can I work on this? I am interested in create an open source plugin to parse this database.

[joachimmetz]

@moxilo I started working on this format a while ago https://github.com/libyal/dtformats/blob/master/documentation/WMI%20repository%20file%20format.asciidoc https://github.com/libyal/dtformats/blob/master/scripts/wmi_repository.py https://github.com/libyal/dtformats/blob/master/dtformats/wmi_repository.py https://github.com/libyal/dtformats/blob/master/dtformats/wmi_repository.yaml

Unfortunately I currently lack the time.

Feel free to write an implementation that is compatible with plaso or extend the dtformats one and integrate it into plaso.