plaso
plaso copied to clipboard
log2timeline
Super timeline all the things
newsyslog adds a header ``` Mar 31 06:30:02 hostname newsyslog[10904]: logfile turned over due to size>25000K [2023-03-31T06:29:57.423Z] I santad: action=EXIT|pid=10897|pidversion=2243287|ppid=1|uid=262|gid=262 [2023-03-31T06:29:57.883Z] I santad: action=FORK|pid=10898|pidversion=2243288|ppid=1|uid=0|gid=0 ``` newsyslog adds and a footer...
I would like to add the ability to dynamically register parsers and plugins developed externally from plaso. This can be accomplished by taking advantage of the entry_points feature of setuptools...
add test case for partitioned image with single volume
Originally from https://github.com/log2timeline/plaso/issues/109 print overview of volumes to be processed * [ ] print volumes with a file system that is going to be processed * [ ] print system...
Originally from: https://github.com/log2timeline/plaso/pull/4168 Note to self add footer support / incomplete file warning
Asses if it would be beneficial to merge DSV parser with text plugin, given overlapping functionality. * [ ] also look into fast fail format verification Also see: https://github.com/log2timeline/plaso/issues/1971
Sample format: ``` 1677971734.079 1234 1.2.3.4 TCP_TUNNEL/200 39 CONNECT domain.xyz:443 - HIER_DIRECT/1.2.3.4 - 1677971734.079 1234 1.2.3.4 TCP_TUNNEL/200 39 CONNECT domain.xyz:443 - HIER_DIRECT/1.2.3.4 - 1677971734.079 1234 1.2.3.4 TCP_TUNNEL/200 39 CONNECT domain.xyz:443...
Add profiler to track source read CPU times * proxy FileIO seeks and reads through profiling wrapper object ? * this approach makes it hard to catch all FileIO seeks...
**Description of problem:** I'd like Plaso to be able to parse a group file like that found on linux or mac systems **Command line and arguments:** `psteal.py --parsers "!filestat" **Source...
Part of adding ADS support means revising the parser application strategy. In line of that have a look at the current parser application strategy and improve the current approach. -...