plaso
plaso copied to clipboard
log2timeline
Super timeline all the things
Description of problem: Add a parser for GTK Recently Used Database Path: %%users.homedir%%/.local/share/recently-used.xbel
Description of problem: Add a parser for Gnome Tracker Path: - '%%users.homedir%%/.cache/tracker/*' - '%%users.homedir%%/.local/share/tracker/data/*' Reference: https://wiki.gnome.org/Projects/Tracker/Documentation/GettingStarted
Description of problem: Add a parser for Gnome Application State Path: %%users.homedir%%/.local/share/gnome-shell/application_state Reference: https://forensicswiki.xyz/wiki/index.php?title=Gnome_Desktop_Environment
## One line description of pull request This fixes parsing of launchd plists that are missing optional fields. ## Description: I noticed many launchd plists failing to emit any events....
* [x] data_files is deprecated migrate to package data https://setuptools.pypa.io/en/latest/userguide/datafiles.html * ~~and migrate to data path resolving to use importlib.resources~~ - not widely available (yet?) * https://github.com/log2timeline/plaso/pull/4810 * [x] change...
## One line description of pull request Implemented DateLessLogFormatHelper to retreive a date based on the modified, changed and creation time of a file. ## Description: Implemented DateLessLogFormatHelper to retreive...
Currently (sometimes) hard to determine which test file is used by which parser / test. Ideas * have a sub directory per parser/plugin * what about test data of more...
improve text file detection based on: - [x] ~~a header if applicable~~ - [x] ~~added sigscan based literal scan~~ - https://github.com/log2timeline/plaso/pull/4549 - [x] ~~distribution of specific textual strings?~~ covered by...
As a follow up of https://github.com/log2timeline/plaso/pull/4527 * [ ] add end-to-end test with a larger data set