dissect.target 3.17.dev36__py3-none-any.whl → 3.18__py3-none-any.whl

Sign up to get free protection for your applications and to get access to all the features.
Files changed (80) hide show
  1. dissect/target/exceptions.py +4 -0
  2. dissect/target/filesystem.py +0 -10
  3. dissect/target/helpers/cache.py +3 -1
  4. dissect/target/helpers/hashutil.py +0 -40
  5. dissect/target/helpers/protobuf.py +6 -10
  6. dissect/target/helpers/record_modifier.py +4 -1
  7. dissect/target/helpers/ssh.py +3 -4
  8. dissect/target/loaders/mqtt.py +147 -2
  9. dissect/target/loaders/raw.py +7 -0
  10. dissect/target/plugins/apps/av/mcafee.py +3 -0
  11. dissect/target/plugins/apps/av/sophos.py +6 -0
  12. dissect/target/plugins/apps/av/symantec.py +6 -0
  13. dissect/target/plugins/apps/av/trendmicro.py +8 -3
  14. dissect/target/plugins/apps/browser/chromium.py +12 -0
  15. dissect/target/plugins/apps/browser/firefox.py +13 -1
  16. dissect/target/plugins/apps/browser/iexplore.py +6 -0
  17. dissect/target/plugins/apps/container/docker.py +1 -1
  18. dissect/target/plugins/os/unix/etc/__init__.py +0 -0
  19. dissect/target/plugins/os/unix/etc/etc.py +77 -0
  20. dissect/target/plugins/os/unix/history.py +1 -1
  21. dissect/target/plugins/os/unix/linux/cmdline.py +3 -0
  22. dissect/target/plugins/os/unix/linux/environ.py +3 -0
  23. dissect/target/plugins/os/unix/linux/processes.py +3 -0
  24. dissect/target/plugins/os/unix/linux/sockets.py +15 -0
  25. dissect/target/plugins/os/unix/locate/gnulocate.py +1 -2
  26. dissect/target/plugins/os/unix/locate/mlocate.py +3 -4
  27. dissect/target/plugins/os/unix/locate/plocate.py +34 -25
  28. dissect/target/plugins/os/unix/log/atop.py +6 -4
  29. dissect/target/plugins/os/unix/log/journal.py +5 -4
  30. dissect/target/plugins/os/unix/log/lastlog.py +2 -3
  31. dissect/target/plugins/os/unix/log/utmp.py +6 -7
  32. dissect/target/plugins/os/windows/_os.py +17 -6
  33. dissect/target/plugins/os/windows/activitiescache.py +3 -0
  34. dissect/target/plugins/os/windows/adpolicy.py +3 -4
  35. dissect/target/plugins/os/windows/catroot.py +6 -0
  36. dissect/target/plugins/os/windows/credhist.py +1 -2
  37. dissect/target/plugins/os/windows/datetime.py +3 -4
  38. dissect/target/plugins/os/windows/defender.py +221 -5
  39. dissect/target/plugins/os/windows/defender_helpers/__init__.py +0 -0
  40. dissect/target/plugins/os/windows/defender_helpers/defender_patterns.py +282 -0
  41. dissect/target/plugins/os/windows/defender_helpers/defender_records.py +191 -0
  42. dissect/target/plugins/os/windows/dpapi/blob.py +1 -2
  43. dissect/target/plugins/os/windows/dpapi/master_key.py +2 -3
  44. dissect/target/plugins/os/windows/lnk.py +3 -0
  45. dissect/target/plugins/os/windows/log/etl.py +9 -0
  46. dissect/target/plugins/os/windows/log/evt.py +3 -0
  47. dissect/target/plugins/os/windows/log/evtx.py +3 -0
  48. dissect/target/plugins/os/windows/log/pfro.py +3 -0
  49. dissect/target/plugins/os/windows/log/schedlgu.py +5 -2
  50. dissect/target/plugins/os/windows/notifications.py +1 -2
  51. dissect/target/plugins/os/windows/prefetch.py +32 -27
  52. dissect/target/plugins/os/windows/recyclebin.py +13 -8
  53. dissect/target/plugins/os/windows/regf/appxdebugkeys.py +3 -0
  54. dissect/target/plugins/os/windows/regf/auditpol.py +4 -5
  55. dissect/target/plugins/os/windows/regf/bam.py +5 -3
  56. dissect/target/plugins/os/windows/regf/cit.py +1 -2
  57. dissect/target/plugins/os/windows/regf/clsid.py +3 -0
  58. dissect/target/plugins/os/windows/regf/firewall.py +3 -0
  59. dissect/target/plugins/os/windows/regf/muicache.py +3 -0
  60. dissect/target/plugins/os/windows/regf/recentfilecache.py +6 -4
  61. dissect/target/plugins/os/windows/regf/regf.py +6 -0
  62. dissect/target/plugins/os/windows/regf/runkeys.py +9 -4
  63. dissect/target/plugins/os/windows/regf/shellbags.py +9 -7
  64. dissect/target/plugins/os/windows/regf/shimcache.py +5 -3
  65. dissect/target/plugins/os/windows/regf/trusteddocs.py +3 -0
  66. dissect/target/plugins/os/windows/regf/usb.py +3 -0
  67. dissect/target/plugins/os/windows/regf/userassist.py +8 -6
  68. dissect/target/plugins/os/windows/sam.py +7 -5
  69. dissect/target/plugins/os/windows/services.py +3 -0
  70. dissect/target/plugins/os/windows/task_helpers/tasks_job.py +3 -4
  71. dissect/target/plugins/os/windows/wer.py +3 -0
  72. dissect/target/target.py +6 -1
  73. dissect/target/tools/shell.py +30 -19
  74. {dissect.target-3.17.dev36.dist-info → dissect.target-3.18.dist-info}/METADATA +50 -25
  75. {dissect.target-3.17.dev36.dist-info → dissect.target-3.18.dist-info}/RECORD +80 -75
  76. {dissect.target-3.17.dev36.dist-info → dissect.target-3.18.dist-info}/WHEEL +1 -1
  77. {dissect.target-3.17.dev36.dist-info → dissect.target-3.18.dist-info}/COPYRIGHT +0 -0
  78. {dissect.target-3.17.dev36.dist-info → dissect.target-3.18.dist-info}/LICENSE +0 -0
  79. {dissect.target-3.17.dev36.dist-info → dissect.target-3.18.dist-info}/entry_points.txt +0 -0
  80. {dissect.target-3.17.dev36.dist-info → dissect.target-3.18.dist-info}/top_level.txt +0 -0
@@ -49,6 +49,9 @@ class RegfPlugin(Plugin):
49
49
  Yields RegistryKeyRecords and RegistryValueRecords
50
50
 
51
51
  RegistryKeyRecord fields:
52
+
53
+ .. code-block:: text
54
+
52
55
  hostname (string): The target hostname.
53
56
  domain (string): The target domain.
54
57
  ts (datetime): The registry key last modified time.
@@ -57,6 +60,9 @@ class RegfPlugin(Plugin):
57
60
  source (string): The hive file path.
58
61
 
59
62
  RegistryValueRecord fields:
63
+
64
+ .. code-block:: text
65
+
60
66
  hostname (string): The target hostname.
61
67
  domain (string): The target domain.
62
68
  ts (datetime): The registry key last modified time.
@@ -1,3 +1,5 @@
1
+ from typing import Iterator
2
+
1
3
  from dissect.target.exceptions import UnsupportedPluginError
2
4
  from dissect.target.helpers.descriptor_extensions import (
3
5
  RegistryRecordDescriptorExtension,
@@ -11,7 +13,7 @@ RunKeyRecord = create_extended_descriptor([RegistryRecordDescriptorExtension, Us
11
13
  [
12
14
  ("datetime", "ts"),
13
15
  ("wstring", "name"),
14
- ("string", "path"),
16
+ ("command", "command"),
15
17
  ("string", "key"),
16
18
  ],
17
19
  )
@@ -48,7 +50,7 @@ class RunKeysPlugin(Plugin):
48
50
  raise UnsupportedPluginError("No registry run key found")
49
51
 
50
52
  @export(record=RunKeyRecord)
51
- def runkeys(self):
53
+ def runkeys(self) -> Iterator[RunKeyRecord]:
52
54
  """Iterate various run key locations. See source for all locations.
53
55
 
54
56
  Run keys (Run and RunOnce) are registry keys that make a program run when a user logs on. a Run key runs every
@@ -59,11 +61,14 @@ class RunKeysPlugin(Plugin):
59
61
  - https://docs.microsoft.com/en-us/windows/win32/setupapi/run-and-runonce-registry-keys
60
62
 
61
63
  Yields RunKeyRecords with fields:
64
+
65
+ .. code-block:: text
66
+
62
67
  hostname (string): The target hostname.
63
68
  domain (string): The target domain.
64
69
  ts (datetime): The registry key last modified timestamp.
65
70
  name (string): The run key name.
66
- path (string): The run key path.
71
+ command (command): The run key command.
67
72
  key (string): The source key for this run key.
68
73
  """
69
74
  for key in self.KEYS:
@@ -73,7 +78,7 @@ class RunKeysPlugin(Plugin):
73
78
  yield RunKeyRecord(
74
79
  ts=r.ts,
75
80
  name=entry.name,
76
- path=entry.value,
81
+ command=entry.value,
77
82
  key=key,
78
83
  _target=self.target,
79
84
  _key=r,
@@ -243,8 +243,7 @@ struct EXTENSION_BLOCK_HEADER {
243
243
  uint32 signature;
244
244
  };
245
245
  """
246
- c_bag = cstruct()
247
- c_bag.load(bag_def)
246
+ c_bag = cstruct().load(bag_def)
248
247
 
249
248
  DELEGATE_ITEM_IDENTIFIER = b"\x74\x1a\x59\x5e\x96\xdf\xd3\x48\x8d\x67\x17\x33\xbc\xee\x28\xba"
250
249
 
@@ -908,17 +907,20 @@ class EXTENSION_BLOCK_BEEF0004(EXTENSION_BLOCK): # noqa
908
907
  self.file_reference = c_bag.uint64(fh)
909
908
  c_bag.uint64(fh)
910
909
  if version >= 3:
911
- long_len = c_bag.uint16(fh)
910
+ # Start of strings
911
+ localized_name_offset = c_bag.uint16(fh)
912
912
  if version >= 9:
913
913
  c_bag.uint32(fh)
914
914
  if version >= 8:
915
915
  c_bag.uint32(fh)
916
916
  if version >= 3:
917
917
  self.long_name = c_bag.wchar[None](fh)
918
- if 3 <= version < 7 and long_len > 0:
919
- self.localized_name = c_bag.char[long_len](fh)
920
- if version >= 7 and long_len > 0:
921
- self.localized_name = c_bag.wchar[long_len](fh)
918
+
919
+ if 3 <= version < 7 and localized_name_offset > 0:
920
+ self.localized_name = c_bag.char[None](fh)
921
+
922
+ if version >= 7 and localized_name_offset > 0:
923
+ self.localized_name = c_bag.wchar[None](fh)
922
924
 
923
925
 
924
926
  class EXTENSION_BLOCK_BEEF0005(EXTENSION_BLOCK): # noqa
@@ -21,7 +21,7 @@ ShimcacheRecord = TargetRecordDescriptor(
21
21
  ],
22
22
  )
23
23
 
24
- c_shimdef = """
24
+ shim_def = """
25
25
  struct NT61_HEADER {
26
26
  uint32 magic;
27
27
  uint32 num_entries;
@@ -99,8 +99,7 @@ struct WIN10_ENTRY_DATA {
99
99
  uint64 ts;
100
100
  };
101
101
  """
102
- c_shim = cstruct()
103
- c_shim.load(c_shimdef)
102
+ c_shim = cstruct().load(shim_def)
104
103
 
105
104
  MAGIC_NT61 = 0xBADC0FEE
106
105
  MAGIC_NT52 = 0xBADC0FFE
@@ -318,6 +317,9 @@ class ShimcachePlugin(Plugin):
318
317
  - https://www.andreafortuna.org/2017/10/16/amcache-and-shimcache-in-forensic-analysis/
319
318
 
320
319
  Yields ShimcacheRecords with the following fields:
320
+
321
+ .. code-block:: text
322
+
321
323
  hostname (string): The target hostname.
322
324
  domain (string): The target domain.
323
325
  last_modified (datetime): The last modified date.
@@ -61,6 +61,9 @@ class TrustedDocumentsPlugin(Plugin):
61
61
 
62
62
  Yields records based on the values within the TrustRecords registry keys.
63
63
  At least contains the following fields:
64
+
65
+ .. code-block:: text
66
+
64
67
  application (string): Application name of the Office product that produced the TrustRecords registry key.
65
68
  document_path (path): Path to the document for which a TrustRecords entry is created.
66
69
  ts (datetime): The created time of the TrustRecord registry key.
@@ -93,6 +93,9 @@ class UsbPlugin(Plugin):
93
93
  HKLM\\SYSTEM\\CurrentControlSet\\Enum\\USBSTOR registry key.
94
94
 
95
95
  Yields UsbRegistryRecord with fields:
96
+
97
+ .. code-block:: text
98
+
96
99
  hostname (string): The target hostname
97
100
  domain (string): The target domain
98
101
  type (string): Type of USB device
@@ -1,6 +1,6 @@
1
1
  import codecs
2
2
 
3
- from dissect import cstruct
3
+ from dissect.cstruct import cstruct
4
4
  from dissect.util.ts import wintimestamp
5
5
 
6
6
  from dissect.target.exceptions import RegistryValueNotFoundError, UnsupportedPluginError
@@ -14,13 +14,13 @@ from dissect.target.plugin import Plugin, export
14
14
 
15
15
  userassist_def = """
16
16
  struct VERSION5_ENTRY {
17
- char padding[4];
17
+ char padding0[4];
18
18
  uint32 number_of_executions;
19
19
  uint32 application_focus_count;
20
20
  uint32 application_focus_duration;
21
- char padding[44];
21
+ char padding1[44];
22
22
  uint64 timestamp;
23
- char padding[4];
23
+ char padding2[4];
24
24
  };
25
25
 
26
26
  struct VERSION3_ENTRY {
@@ -29,8 +29,7 @@ struct VERSION3_ENTRY {
29
29
  uint64 timestamp;
30
30
  };
31
31
  """
32
- c_userassist = cstruct.cstruct()
33
- c_userassist.load(userassist_def)
32
+ c_userassist = cstruct().load(userassist_def)
34
33
 
35
34
  UserAssistRecordDescriptor = create_extended_descriptor(
36
35
  [
@@ -72,6 +71,9 @@ class UserAssistPlugin(Plugin):
72
71
  - https://www.aldeid.com/wiki/Windows-userassist-keys
73
72
 
74
73
  Yields UserAssistRecords with fields:
74
+
75
+ .. code-block:: text
76
+
75
77
  hostname (string): The target hostname.
76
78
  domain (string): The target domain.
77
79
  ts (datetime): The entry timestamp.
@@ -9,14 +9,14 @@ try:
9
9
  except ImportError:
10
10
  HAS_CRYPTO = False
11
11
 
12
- from dissect import cstruct
12
+ from dissect.cstruct import cstruct
13
13
  from dissect.util import ts
14
14
 
15
15
  from dissect.target.exceptions import UnsupportedPluginError
16
16
  from dissect.target.helpers.record import TargetRecordDescriptor
17
17
  from dissect.target.plugin import Plugin, export
18
18
 
19
- c_sam_def = """
19
+ sam_def = """
20
20
  struct user_F {
21
21
  char unknown1[8];
22
22
  uint64 t_last_login; /* Time of last login */
@@ -166,7 +166,7 @@ struct DOMAIN_ACCOUNT_F {
166
166
  uint16 min_password_length; /* 0x50 */
167
167
  uint16 password_history_length; /* 0x52 */
168
168
  uint16 lockout_threshold; /* 0x54 */
169
- uint16 unknown1_1; /* 0x56 */
169
+ uint16 unknown1_3; /* 0x56 */
170
170
  uint32 server_state; /* 0x58 */
171
171
  uint16 server_role; /* 0x5c */
172
172
  uint16 uas_compability_required; /* 0x5e */
@@ -207,8 +207,7 @@ struct SAM_HASH_AES { /* size: >=24 */
207
207
  };
208
208
  """
209
209
 
210
- c_sam = cstruct.cstruct()
211
- c_sam.load(c_sam_def)
210
+ c_sam = cstruct().load(sam_def)
212
211
 
213
212
  SamRecord = TargetRecordDescriptor(
214
213
  "windows/registry/sam",
@@ -356,6 +355,9 @@ class SamPlugin(Plugin):
356
355
  - https://en.wikipedia.org/wiki/Security_Account_Manager
357
356
 
358
357
  Yields SamRecords with fields:
358
+
359
+ .. code-block:: text
360
+
359
361
  rid (uint32): The RID.
360
362
  fullname (string): Parsed fullname.
361
363
  username (string): Parsed username.
@@ -72,6 +72,9 @@ class ServicesPlugin(Plugin):
72
72
  - https://artifacts-kb.readthedocs.io/en/latest/sources/windows/ServicesAndDrivers.html
73
73
 
74
74
  Yields ServiceRecords with fields:
75
+
76
+ .. code-block:: text
77
+
75
78
  hostname (string): The target hostname.
76
79
  domain (string): The target domain.
77
80
  ts (datatime): The last modified timestamp of the registry key.
@@ -2,7 +2,7 @@ import datetime
2
2
  import warnings
3
3
  from typing import Iterator, Optional
4
4
 
5
- from dissect import cstruct
5
+ from dissect.cstruct import cstruct
6
6
  from flow.record import GroupedRecord
7
7
 
8
8
  from dissect.target.exceptions import InvalidTaskError
@@ -135,8 +135,7 @@ struct ATJOB_DATA {
135
135
  // uint8 job_signature[64 * s_ver * c_ver]; /* - calculated job signature. */
136
136
  };
137
137
  """
138
- atjob = cstruct.cstruct()
139
- atjob.load(atjob_def)
138
+ c_atjob = cstruct().load(atjob_def)
140
139
 
141
140
 
142
141
  class AtTask:
@@ -149,7 +148,7 @@ class AtTask:
149
148
 
150
149
  def __init__(self, job_file: TargetPath, target: Target):
151
150
  try:
152
- self.at_data = atjob.ATJOB_DATA(job_file.open())
151
+ self.at_data = c_atjob.ATJOB_DATA(job_file.open())
153
152
  except Exception as e:
154
153
  raise InvalidTaskError(e)
155
154
 
@@ -155,6 +155,9 @@ class WindowsErrorReportingPlugin(Plugin):
155
155
 
156
156
  Yields dynamically created records based on the fields in the files. A record at least contains the following
157
157
  fields:
158
+
159
+ .. code-block:: text
160
+
158
161
  ts (datetime): The moment in time when the error event took place.
159
162
  version (string): WER file version.
160
163
  event_type (string): WER file event type.
dissect/target/target.py CHANGED
@@ -14,6 +14,7 @@ from dissect.target.exceptions import (
14
14
  PluginError,
15
15
  PluginNotFoundError,
16
16
  TargetError,
17
+ TargetPathNotFoundError,
17
18
  UnsupportedPluginError,
18
19
  VolumeSystemError,
19
20
  )
@@ -284,7 +285,11 @@ class Target:
284
285
  try:
285
286
  ldr = loader_cls(sub_entry, parsed_path=parsed_path)
286
287
  except Exception as e:
287
- getlogger(sub_entry).error("Failed to initiate loader: %s", e)
288
+ message = "Failed to initiate loader: %s"
289
+ if isinstance(e, TargetPathNotFoundError):
290
+ message = "%s"
291
+
292
+ getlogger(sub_entry).error(message, e)
288
293
  getlogger(sub_entry).debug("", exc_info=e)
289
294
  continue
290
295
 
@@ -113,6 +113,7 @@ class TargetCmd(cmd.Cmd):
113
113
  def __init__(self, target: Target):
114
114
  cmd.Cmd.__init__(self)
115
115
  self.target = target
116
+ self.debug = False
116
117
 
117
118
  def __getattr__(self, attr: str) -> Any:
118
119
  if attr.startswith("help_"):
@@ -179,25 +180,22 @@ class TargetCmd(cmd.Cmd):
179
180
  lexer.whitespace_split = True
180
181
  argparts = list(lexer)
181
182
 
182
- try:
183
- if "|" in argparts:
184
- pipeidx = argparts.index("|")
185
- argparts, pipeparts = argparts[:pipeidx], argparts[pipeidx + 1 :]
186
- try:
187
- with build_pipe_stdout(pipeparts) as pipe_stdin:
188
- return func(argparts, pipe_stdin)
189
- except OSError as e:
190
- # in case of a failure in a subprocess
191
- print(e)
192
- else:
193
- ctx = contextlib.nullcontext()
194
- if self.target.props.get("cyber") and not no_cyber:
195
- ctx = cyber.cyber(color=None, run_at_end=True)
183
+ if "|" in argparts:
184
+ pipeidx = argparts.index("|")
185
+ argparts, pipeparts = argparts[:pipeidx], argparts[pipeidx + 1 :]
186
+ try:
187
+ with build_pipe_stdout(pipeparts) as pipe_stdin:
188
+ return func(argparts, pipe_stdin)
189
+ except OSError as e:
190
+ # in case of a failure in a subprocess
191
+ print(e)
192
+ else:
193
+ ctx = contextlib.nullcontext()
194
+ if self.target.props.get("cyber") and not no_cyber:
195
+ ctx = cyber.cyber(color=None, run_at_end=True)
196
196
 
197
- with ctx:
198
- return func(argparts, sys.stdout)
199
- except IOError:
200
- pass
197
+ with ctx:
198
+ return func(argparts, sys.stdout)
201
199
 
202
200
  def _exec_command(self, command: str, command_args_str: str) -> Optional[bool]:
203
201
  """Command execution helper for ``cmd_`` commands."""
@@ -279,6 +277,14 @@ class TargetCmd(cmd.Cmd):
279
277
  """exit shell"""
280
278
  return True
281
279
 
280
+ def do_debug(self, line: str) -> Optional[bool]:
281
+ """toggle debug mode"""
282
+ self.debug = not self.debug
283
+ if self.debug:
284
+ print("Debug mode on")
285
+ else:
286
+ print("Debug mode off")
287
+
282
288
 
283
289
  class TargetHubCli(cmd.Cmd):
284
290
  """Hub Cli for interacting with multiple targets."""
@@ -1241,7 +1247,12 @@ def run_cli(cli: cmd.Cmd) -> None:
1241
1247
  print()
1242
1248
  pass
1243
1249
  except Exception as e:
1244
- log.exception(e)
1250
+ if cli.debug:
1251
+ log.exception(e)
1252
+ else:
1253
+ log.info(e)
1254
+ print(f"*** Unhandled error: {e}")
1255
+ print("If you wish to see the full debug trace, enable debug mode.")
1245
1256
  pass
1246
1257
 
1247
1258
 
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: dissect.target
3
- Version: 3.17.dev36
3
+ Version: 3.18
4
4
  Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
@@ -23,36 +23,61 @@ Description-Content-Type: text/markdown
23
23
  License-File: LICENSE
24
24
  License-File: COPYRIGHT
25
25
  Requires-Dist: defusedxml
26
- Requires-Dist: dissect.cstruct <4.0.dev,>=3.0.dev
27
- Requires-Dist: dissect.eventlog <4.0.dev,>=3.0.dev
28
- Requires-Dist: dissect.evidence <4.0.dev,>=3.0.dev
29
- Requires-Dist: dissect.hypervisor <4.0.dev,>=3.0.dev
30
- Requires-Dist: dissect.ntfs <4.0.dev,>=3.4.dev
31
- Requires-Dist: dissect.regf <4.0.dev,>=3.3.dev
32
- Requires-Dist: dissect.util <4.0.dev,>=3.0.dev
33
- Requires-Dist: dissect.volume <4.0.dev,>=3.0.dev
34
- Requires-Dist: flow.record ~=3.14.0
26
+ Requires-Dist: dissect.cstruct <5,>=4
27
+ Requires-Dist: dissect.eventlog <4,>=3
28
+ Requires-Dist: dissect.evidence <4,>=3
29
+ Requires-Dist: dissect.hypervisor <4,>=3
30
+ Requires-Dist: dissect.ntfs <4,>=3.4
31
+ Requires-Dist: dissect.regf <4,>=3.3
32
+ Requires-Dist: dissect.util <4,>=3
33
+ Requires-Dist: dissect.volume <4,>=2
34
+ Requires-Dist: flow.record ~=3.15.0
35
35
  Requires-Dist: structlog
36
36
  Provides-Extra: cb
37
37
  Requires-Dist: dissect.target[full] ; extra == 'cb'
38
38
  Requires-Dist: carbon-black-cloud-sdk ~=1.4.3 ; extra == 'cb'
39
+ Provides-Extra: dev
40
+ Requires-Dist: dissect.target[full,mqtt,yara] ; extra == 'dev'
41
+ Requires-Dist: dissect.btrfs[dev] <2.0.dev,>=1.0.dev ; extra == 'dev'
42
+ Requires-Dist: dissect.cim[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
43
+ Requires-Dist: dissect.clfs[dev] <2.0.dev,>=1.0.dev ; extra == 'dev'
44
+ Requires-Dist: dissect.cstruct <5.0.dev,>=4.0.dev ; extra == 'dev'
45
+ Requires-Dist: dissect.esedb[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
46
+ Requires-Dist: dissect.etl[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
47
+ Requires-Dist: dissect.eventlog[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
48
+ Requires-Dist: dissect.evidence[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
49
+ Requires-Dist: dissect.extfs[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
50
+ Requires-Dist: dissect.fat[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
51
+ Requires-Dist: dissect.ffs[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
52
+ Requires-Dist: dissect.hypervisor[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
53
+ Requires-Dist: dissect.jffs[dev] <2.0.dev,>=1.0.dev ; extra == 'dev'
54
+ Requires-Dist: dissect.ntfs[dev] <4.0.dev,>=3.4.dev ; extra == 'dev'
55
+ Requires-Dist: dissect.regf[dev] <4.0.dev,>=3.3.dev ; extra == 'dev'
56
+ Requires-Dist: dissect.shellitem[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
57
+ Requires-Dist: dissect.sql[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
58
+ Requires-Dist: dissect.squashfs[dev] <2.0.dev,>=1.0.dev ; extra == 'dev'
59
+ Requires-Dist: dissect.thumbcache[dev] <2.0.dev,>=1.0.dev ; extra == 'dev'
60
+ Requires-Dist: dissect.util <4.0.dev,>=3.0.dev ; extra == 'dev'
61
+ Requires-Dist: dissect.vmfs[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
62
+ Requires-Dist: dissect.volume[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
63
+ Requires-Dist: dissect.xfs[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
39
64
  Provides-Extra: full
40
65
  Requires-Dist: asn1crypto ; extra == 'full'
41
- Requires-Dist: dissect.btrfs <2.0.dev,>=1.0.dev ; extra == 'full'
42
- Requires-Dist: dissect.cim <4.0.dev,>=3.0.dev ; extra == 'full'
43
- Requires-Dist: dissect.clfs <2.0.dev,>=1.0.dev ; extra == 'full'
44
- Requires-Dist: dissect.esedb <4.0.dev,>=3.0.dev ; extra == 'full'
45
- Requires-Dist: dissect.etl <4.0.dev,>=3.0.dev ; extra == 'full'
46
- Requires-Dist: dissect.extfs <4.0.dev,>=3.0.dev ; extra == 'full'
47
- Requires-Dist: dissect.fat <4.0.dev,>=3.0.dev ; extra == 'full'
48
- Requires-Dist: dissect.ffs <4.0.dev,>=3.0.dev ; extra == 'full'
49
- Requires-Dist: dissect.jffs <2.0.dev,>=1.0.dev ; extra == 'full'
50
- Requires-Dist: dissect.shellitem <4.0.dev,>=3.0.dev ; extra == 'full'
51
- Requires-Dist: dissect.squashfs <2.0.dev,>=1.0.dev ; extra == 'full'
52
- Requires-Dist: dissect.sql <4.0.dev,>=3.0.dev ; extra == 'full'
53
- Requires-Dist: dissect.thumbcache <2.0.dev,>=1.0.dev ; extra == 'full'
54
- Requires-Dist: dissect.vmfs <4.0.dev,>=3.0.dev ; extra == 'full'
55
- Requires-Dist: dissect.xfs <4.0.dev,>=3.0.dev ; extra == 'full'
66
+ Requires-Dist: dissect.btrfs <2,>=1 ; extra == 'full'
67
+ Requires-Dist: dissect.cim <4,>=3 ; extra == 'full'
68
+ Requires-Dist: dissect.clfs <2,>=1 ; extra == 'full'
69
+ Requires-Dist: dissect.esedb <4,>=3 ; extra == 'full'
70
+ Requires-Dist: dissect.etl <4,>=3 ; extra == 'full'
71
+ Requires-Dist: dissect.extfs <4,>=3 ; extra == 'full'
72
+ Requires-Dist: dissect.fat <4,>=3 ; extra == 'full'
73
+ Requires-Dist: dissect.ffs <4,>=3 ; extra == 'full'
74
+ Requires-Dist: dissect.jffs <2,>=1 ; extra == 'full'
75
+ Requires-Dist: dissect.shellitem <4,>=3 ; extra == 'full'
76
+ Requires-Dist: dissect.squashfs <2,>=1 ; extra == 'full'
77
+ Requires-Dist: dissect.sql <4,>=3 ; extra == 'full'
78
+ Requires-Dist: dissect.thumbcache <2,>=1 ; extra == 'full'
79
+ Requires-Dist: dissect.vmfs <4,>=3 ; extra == 'full'
80
+ Requires-Dist: dissect.xfs <4,>=3 ; extra == 'full'
56
81
  Requires-Dist: ipython ; extra == 'full'
57
82
  Requires-Dist: fusepy ; extra == 'full'
58
83
  Requires-Dist: pycryptodome ; extra == 'full'