Computer Network Investigation
Computer Network Investigation
This PR adds `keyword` indices for certain fields in the `analysis` collection. This massively improves load time when accessing an individual analysis result in CAPE on large MongoDB instances. CAPE...
This PR aims to improve the YARA plugin. - `dissect.target.plugins.filesystem.yara` is now an `InternalPlugin` - `target-yara` is now a command which calls the `filesystem.yara` plugin - it is now possible...
This PR aims to improve DHCP parsing logic introduced in #550. Unfortunately the previous approach makes interactive commands such as `target-info` slow. We have opted to only parse the first...
This PR improves the AnyDesk plugin: * add try/except handler for malformed log lines * add more trace log paths * improve accuracy of record timestamps * better handle decode...
This PR improves several DPAPI related features: * move LSA logic from DPAPI to separate plugin * move SAM and CREDHIST plugins to `dissect.target.plugins.os.windows.credential` * add Windows XP support to...
This PR adds the command `target-diff`, which can be used to compare two or more targets against one another: ```bash $ target-diff --help target-diff positional arguments: {shell,fs,query} Mode for differentiating...
Currently most `dissect.\*` filesystem projects have their own `exceptions.py` defintions for e.g. `FileNotFoundError` classes. These classes are often sub-classed by a local `Error` class, which in turn is sub-classed by...
When using PyPy to run dissect, we encountered two issues: - Autocomplete is not working in target-shell - The performance of `reverse_readlines` ([dissect/target/helpers/fsutil:1011](https://github.com/fox-it/dissect.target/blob/main/dissect/target/helpers/fsutil.py#L1011)) is terrible For both issues, we haven't...
A target system can contain non-utf-8 characters in a shellbag volume `volume_name`. This would break the `shellbags` plugin and is now fixed by escaping using `backslashreplace`.
Thank you for the hard work on v4 @Schamper. We were wondering if some documentation could be produced which highlights the changes between v3 and v4, in particular breaking changes...