plaso
plaso copied to clipboard
log2timeline
Super timeline all the things
**Describe the problem:** Chrome notifications database is not parsed **To Reproduce:** Current HEAD **Expected behavior:** Parse the notifications database **Debug output/tracebacks:** N/A **Additional context** Possible reference https://sansorg.egnyte.com/dl/QaoN3qdhig
**Describe the problem:** Kubernetes uses the CRI log format for container stdout/stderr log streams. **Additional context** Per https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/kuberuntime/logs/logs.go#L125, CRI log format example: ``` 2016-10-06T00:17:09.669794202Z stdout P log content 1 2016-10-06T00:17:09.669794203Z...
**Describe the problem:** Add a plist plugin to parse recently opened files in Adobe Acrobat Reader. The plist is located in the user's home directory under `$HOME/Library/Preferences/com.adobe.Reader.plist` and the recently...
For the OpenSearch and Timesketch output modules have SSL/TLS on by default
- [x] ~~[Add ADS stream support](https://codereview.appspot.com/258650043)~~ - ~~Requires dfVFS update: https://codereview.appspot.com/235930043/~~ - [x] ~~[Handle metadata files in special ways](https://github.com/log2timeline/plaso/issues/199)~~ - ~~[Initial changes](https://codereview.appspot.com/258650043)~~ - [x] ~~[Create a $MFT metadata file parser](https://github.com/log2timeline/plaso/issues/124)~~...
NTFS file names can contain unpaired surrogates. It is currently unclear how these should be represented in the format https://github.com/sleuthkit/sleuthkit/issues/2837, however the Python Unicode implementation rejects unpaired surrogates as invalid...
**Describe the problem:** Some log files do not have the date in their timestamp. This is the case for ps.txt log files in MacOS/iOS for example. I wish to create...
As a follow up of https://github.com/log2timeline/plaso/issues/2242 * [ ] add support for plist statedump * [ ] add support for more value decoders * [ ] add support for stream...
The following Windows SCM log file causes GZIP detection to fail `\Windows\System32\LogFiles\Scm\3cbfb495-64a5-482a-8cae-80bc4e93b629` ``` 00000000 1f 8b 0b 81 34 45 cf 01 00 00 00 00 bd 19 2f b3...
**Describe the problem:** It could be useful to have a TightVNC log parser. `/home//.vnc/*.log` https://github.com/TigerVNC/tigervnc/blob/master/common/rfb/Logger_file.cxx