plaso_filters icon indicating copy to clipboard operation
plaso_filters copied to clipboard

Published 20 hours ago verified publisher icon mark-hallman

Add periods to user registry section wildcards

Open 0xbc opened this issue 6 years ago • 0 comments

Hi,

Thanks for sharing these plaso filters! I noticed that when I was using the filter_windows.txt list with log2timeline, user registry hives weren't being pulled in. I'm pretty new to this toolset but I assumed it's because it's parsing the filters as regexes... adding periods before each of the *s seemed to fix the issue for me, but perhaps I was just doing something else wrong.

cheers,Ben

0xbc avatar May 06 '19 12:05 0xbc