dissect.target 3.19.dev23__tar.gz → 3.19.dev25__tar.gz

Sign up to get free protection for your applications and to get access to all the features.
Files changed (597) hide show
  1. {dissect_target-3.19.dev23/dissect.target.egg-info → dissect_target-3.19.dev25}/PKG-INFO +1 -1
  2. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/filesystem/ntfs/mft.py +78 -17
  3. dissect_target-3.19.dev25/dissect/target/plugins/os/windows/regf/usb.py +226 -0
  4. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25/dissect.target.egg-info}/PKG-INFO +1 -1
  5. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect.target.egg-info/SOURCES.txt +1 -0
  6. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/filesystem/ntfs/test_mft.py +42 -1
  7. dissect_target-3.19.dev25/tests/plugins/os/windows/regf/test_usb.py +90 -0
  8. dissect_target-3.19.dev23/dissect/target/plugins/os/windows/regf/usb.py +0 -161
  9. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/COPYRIGHT +0 -0
  10. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/LICENSE +0 -0
  11. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/MANIFEST.in +0 -0
  12. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/README.md +0 -0
  13. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/__init__.py +0 -0
  14. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/container.py +0 -0
  15. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/containers/__init__.py +0 -0
  16. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/containers/asdf.py +0 -0
  17. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/containers/ewf.py +0 -0
  18. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/containers/fortifw.py +0 -0
  19. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/containers/hdd.py +0 -0
  20. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/containers/hds.py +0 -0
  21. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/containers/qcow2.py +0 -0
  22. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/containers/raw.py +0 -0
  23. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/containers/split.py +0 -0
  24. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/containers/vdi.py +0 -0
  25. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/containers/vhd.py +0 -0
  26. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/containers/vhdx.py +0 -0
  27. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/containers/vmdk.py +0 -0
  28. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/data/autocompletion/target_bash_completion.sh +0 -0
  29. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/exceptions.py +0 -0
  30. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystem.py +0 -0
  31. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystems/__init__.py +0 -0
  32. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystems/ad1.py +0 -0
  33. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystems/btrfs.py +0 -0
  34. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystems/cb.py +0 -0
  35. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystems/config.py +0 -0
  36. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystems/cpio.py +0 -0
  37. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystems/dir.py +0 -0
  38. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystems/exfat.py +0 -0
  39. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystems/extfs.py +0 -0
  40. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystems/fat.py +0 -0
  41. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystems/ffs.py +0 -0
  42. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystems/itunes.py +0 -0
  43. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystems/jffs.py +0 -0
  44. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystems/ntfs.py +0 -0
  45. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystems/overlay.py +0 -0
  46. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystems/smb.py +0 -0
  47. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystems/squashfs.py +0 -0
  48. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystems/tar.py +0 -0
  49. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystems/vmfs.py +0 -0
  50. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystems/vmtar.py +0 -0
  51. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystems/xfs.py +0 -0
  52. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/filesystems/zip.py +0 -0
  53. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/__init__.py +0 -0
  54. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/cache.py +0 -0
  55. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/compat/__init__.py +0 -0
  56. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/compat/path_310.py +0 -0
  57. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/compat/path_311.py +0 -0
  58. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/compat/path_312.py +0 -0
  59. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/compat/path_39.py +0 -0
  60. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/compat/path_common.py +0 -0
  61. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/config.py +0 -0
  62. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/configutil.py +0 -0
  63. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/cyber.py +0 -0
  64. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/data/windowsZones.xml +0 -0
  65. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/descriptor_extensions.py +0 -0
  66. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/docs.py +0 -0
  67. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/fsutil.py +0 -0
  68. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/hashutil.py +0 -0
  69. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/keychain.py +0 -0
  70. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/lazy.py +0 -0
  71. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/loaderutil.py +0 -0
  72. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/localeutil.py +0 -0
  73. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/mount.py +0 -0
  74. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/mui.py +0 -0
  75. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/network_managers.py +0 -0
  76. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/polypath.py +0 -0
  77. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/protobuf.py +0 -0
  78. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/record.py +0 -0
  79. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/record_modifier.py +0 -0
  80. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/regutil.py +0 -0
  81. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/shell_folder_ids.py +0 -0
  82. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/targetd.py +0 -0
  83. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/helpers/utils.py +0 -0
  84. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loader.py +0 -0
  85. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/__init__.py +0 -0
  86. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/ab.py +0 -0
  87. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/ad1.py +0 -0
  88. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/asdf.py +0 -0
  89. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/cb.py +0 -0
  90. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/cyber.py +0 -0
  91. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/dir.py +0 -0
  92. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/hyperv.py +0 -0
  93. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/itunes.py +0 -0
  94. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/kape.py +0 -0
  95. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/local.py +0 -0
  96. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/log.py +0 -0
  97. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/mqtt.py +0 -0
  98. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/multiraw.py +0 -0
  99. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/ova.py +0 -0
  100. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/overlay.py +0 -0
  101. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/ovf.py +0 -0
  102. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/phobos.py +0 -0
  103. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/profile.py +0 -0
  104. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/pvm.py +0 -0
  105. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/pvs.py +0 -0
  106. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/raw.py +0 -0
  107. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/remote.py +0 -0
  108. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/res.py +0 -0
  109. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/smb.py +0 -0
  110. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/tanium.py +0 -0
  111. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/tar.py +0 -0
  112. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/target.py +0 -0
  113. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/targetd.py +0 -0
  114. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/utm.py +0 -0
  115. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/vb.py +0 -0
  116. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/vbox.py +0 -0
  117. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/velociraptor.py +0 -0
  118. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/vma.py +0 -0
  119. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/vmwarevm.py +0 -0
  120. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/vmx.py +0 -0
  121. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/loaders/xva.py +0 -0
  122. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugin.py +0 -0
  123. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/__init__.py +0 -0
  124. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/__init__.py +0 -0
  125. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/av/__init__.py +0 -0
  126. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/av/mcafee.py +0 -0
  127. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/av/sophos.py +0 -0
  128. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/av/symantec.py +0 -0
  129. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/av/trendmicro.py +0 -0
  130. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/browser/__init__.py +0 -0
  131. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/browser/brave.py +0 -0
  132. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/browser/browser.py +0 -0
  133. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/browser/chrome.py +0 -0
  134. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/browser/chromium.py +0 -0
  135. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/browser/edge.py +0 -0
  136. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/browser/firefox.py +0 -0
  137. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/browser/iexplore.py +0 -0
  138. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/container/__init__.py +0 -0
  139. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/container/docker.py +0 -0
  140. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/remoteaccess/__init__.py +0 -0
  141. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/remoteaccess/anydesk.py +0 -0
  142. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/remoteaccess/remoteaccess.py +0 -0
  143. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/remoteaccess/teamviewer.py +0 -0
  144. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/shell/__init__.py +0 -0
  145. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/shell/powershell.py +0 -0
  146. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/ssh/__init__.py +0 -0
  147. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/ssh/openssh.py +0 -0
  148. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/ssh/opensshd.py +0 -0
  149. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/ssh/putty.py +0 -0
  150. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/ssh/ssh.py +0 -0
  151. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/vpn/__init__.py +0 -0
  152. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/vpn/openvpn.py +0 -0
  153. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/vpn/wireguard.py +0 -0
  154. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/webhosting/__init__.py +0 -0
  155. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/webhosting/cpanel.py +0 -0
  156. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/webserver/__init__.py +0 -0
  157. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/webserver/apache.py +0 -0
  158. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/webserver/caddy.py +0 -0
  159. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/webserver/citrix.py +0 -0
  160. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/webserver/iis.py +0 -0
  161. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/webserver/nginx.py +0 -0
  162. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/apps/webserver/webserver.py +0 -0
  163. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/child/__init__.py +0 -0
  164. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/child/docker.py +0 -0
  165. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/child/esxi.py +0 -0
  166. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/child/hyperv.py +0 -0
  167. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/child/virtuozzo.py +0 -0
  168. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/child/vmware_workstation.py +0 -0
  169. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/child/wsl.py +0 -0
  170. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/filesystem/__init__.py +0 -0
  171. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/filesystem/acquire_handles.py +0 -0
  172. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/filesystem/acquire_hash.py +0 -0
  173. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/filesystem/icat.py +0 -0
  174. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/filesystem/ntfs/__init__.py +0 -0
  175. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/filesystem/ntfs/mft_timeline.py +0 -0
  176. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/filesystem/ntfs/usnjrnl.py +0 -0
  177. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/filesystem/ntfs/utils.py +0 -0
  178. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/filesystem/resolver.py +0 -0
  179. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/filesystem/unix/__init__.py +0 -0
  180. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/filesystem/unix/capability.py +0 -0
  181. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/filesystem/unix/suid.py +0 -0
  182. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/filesystem/walkfs.py +0 -0
  183. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/filesystem/yara.py +0 -0
  184. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/general/__init__.py +0 -0
  185. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/general/config.py +0 -0
  186. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/general/default.py +0 -0
  187. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/general/example.py +0 -0
  188. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/general/loaders.py +0 -0
  189. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/general/osinfo.py +0 -0
  190. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/general/plugins.py +0 -0
  191. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/general/scrape.py +0 -0
  192. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/general/users.py +0 -0
  193. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/__init__.py +0 -0
  194. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/__init__.py +0 -0
  195. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/_os.py +0 -0
  196. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/bsd/__init__.py +0 -0
  197. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/bsd/_os.py +0 -0
  198. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/bsd/citrix/__init__.py +0 -0
  199. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/bsd/citrix/_os.py +0 -0
  200. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/bsd/citrix/history.py +0 -0
  201. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/bsd/freebsd/__init__.py +0 -0
  202. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/bsd/freebsd/_os.py +0 -0
  203. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/bsd/ios/__init__.py +0 -0
  204. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/bsd/ios/_os.py +0 -0
  205. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/bsd/openbsd/__init__.py +0 -0
  206. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/bsd/openbsd/_os.py +0 -0
  207. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/bsd/osx/__init__.py +0 -0
  208. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/bsd/osx/_os.py +0 -0
  209. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/bsd/osx/user.py +0 -0
  210. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/cronjobs.py +0 -0
  211. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/datetime.py +0 -0
  212. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/esxi/__init__.py +0 -0
  213. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/esxi/_os.py +0 -0
  214. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/etc/__init__.py +0 -0
  215. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/etc/etc.py +0 -0
  216. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/etc.py +0 -0
  217. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/generic.py +0 -0
  218. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/history.py +0 -0
  219. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/__init__.py +0 -0
  220. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/_os.py +0 -0
  221. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/android/__init__.py +0 -0
  222. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/android/_os.py +0 -0
  223. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/cmdline.py +0 -0
  224. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/debian/__init__.py +0 -0
  225. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/debian/_os.py +0 -0
  226. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/debian/apt.py +0 -0
  227. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/debian/dpkg.py +0 -0
  228. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/debian/vyos/__init__.py +0 -0
  229. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/debian/vyos/_os.py +0 -0
  230. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/environ.py +0 -0
  231. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/fortios/__init__.py +0 -0
  232. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/fortios/_keys.py +0 -0
  233. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/fortios/_os.py +0 -0
  234. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/fortios/generic.py +0 -0
  235. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/fortios/locale.py +0 -0
  236. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/iptables.py +0 -0
  237. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/modules.py +0 -0
  238. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/netstat.py +0 -0
  239. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/proc.py +0 -0
  240. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/processes.py +0 -0
  241. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/redhat/__init__.py +0 -0
  242. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/redhat/_os.py +0 -0
  243. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/redhat/yum.py +0 -0
  244. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/services.py +0 -0
  245. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/sockets.py +0 -0
  246. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/suse/__init__.py +0 -0
  247. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/suse/_os.py +0 -0
  248. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/linux/suse/zypper.py +0 -0
  249. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/locale.py +0 -0
  250. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/locate/__init__.py +0 -0
  251. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/locate/gnulocate.py +0 -0
  252. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/locate/locate.py +0 -0
  253. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/locate/mlocate.py +0 -0
  254. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/locate/plocate.py +0 -0
  255. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/log/__init__.py +0 -0
  256. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/log/atop.py +0 -0
  257. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/log/audit.py +0 -0
  258. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/log/auth.py +0 -0
  259. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/log/journal.py +0 -0
  260. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/log/lastlog.py +0 -0
  261. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/log/messages.py +0 -0
  262. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/log/utmp.py +0 -0
  263. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/packagemanager.py +0 -0
  264. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/unix/shadow.py +0 -0
  265. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/__init__.py +0 -0
  266. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/_os.py +0 -0
  267. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/activitiescache.py +0 -0
  268. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/adpolicy.py +0 -0
  269. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/amcache.py +0 -0
  270. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/catroot.py +0 -0
  271. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/cim.py +0 -0
  272. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/clfs.py +0 -0
  273. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/credhist.py +0 -0
  274. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/datetime.py +0 -0
  275. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/defender.py +0 -0
  276. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/defender_helpers/__init__.py +0 -0
  277. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/defender_helpers/defender_patterns.py +0 -0
  278. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/defender_helpers/defender_records.py +0 -0
  279. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/dpapi/__init__.py +0 -0
  280. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/dpapi/blob.py +0 -0
  281. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/dpapi/crypto.py +0 -0
  282. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/dpapi/dpapi.py +0 -0
  283. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/dpapi/master_key.py +0 -0
  284. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/env.py +0 -0
  285. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/exchange/__init__.py +0 -0
  286. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/exchange/exchange.py +0 -0
  287. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/generic.py +0 -0
  288. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/lnk.py +0 -0
  289. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/locale.py +0 -0
  290. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/log/__init__.py +0 -0
  291. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/log/amcache.py +0 -0
  292. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/log/etl.py +0 -0
  293. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/log/evt.py +0 -0
  294. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/log/evtx.py +0 -0
  295. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/log/pfro.py +0 -0
  296. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/log/schedlgu.py +0 -0
  297. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/notifications.py +0 -0
  298. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/prefetch.py +0 -0
  299. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/recyclebin.py +0 -0
  300. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/regf/7zip.py +0 -0
  301. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/regf/__init__.py +0 -0
  302. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/regf/appxdebugkeys.py +0 -0
  303. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/regf/auditpol.py +0 -0
  304. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/regf/bam.py +0 -0
  305. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/regf/cit.py +0 -0
  306. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/regf/clsid.py +0 -0
  307. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/regf/firewall.py +0 -0
  308. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/regf/mru.py +0 -0
  309. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/regf/muicache.py +0 -0
  310. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/regf/nethist.py +0 -0
  311. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/regf/recentfilecache.py +0 -0
  312. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/regf/regf.py +0 -0
  313. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/regf/runkeys.py +0 -0
  314. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/regf/shellbags.py +0 -0
  315. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/regf/shimcache.py +0 -0
  316. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/regf/trusteddocs.py +0 -0
  317. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/regf/userassist.py +0 -0
  318. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/registry.py +0 -0
  319. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/sam.py +0 -0
  320. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/services.py +0 -0
  321. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/sru.py +0 -0
  322. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/startupinfo.py +0 -0
  323. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/syscache.py +0 -0
  324. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/task_helpers/__init__.py +0 -0
  325. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/task_helpers/tasks_job.py +0 -0
  326. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/task_helpers/tasks_records.py +0 -0
  327. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/task_helpers/tasks_xml.py +0 -0
  328. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/tasks.py +0 -0
  329. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/thumbcache.py +0 -0
  330. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/ual.py +0 -0
  331. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/os/windows/wer.py +0 -0
  332. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/report.py +0 -0
  333. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/target.py +0 -0
  334. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/tools/__init__.py +0 -0
  335. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/tools/build_pluginlist.py +0 -0
  336. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/tools/dd.py +0 -0
  337. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/tools/dump/__init__.py +0 -0
  338. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/tools/dump/run.py +0 -0
  339. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/tools/dump/state.py +0 -0
  340. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/tools/dump/utils.py +0 -0
  341. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/tools/fs.py +0 -0
  342. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/tools/info.py +0 -0
  343. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/tools/logging.py +0 -0
  344. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/tools/mount.py +0 -0
  345. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/tools/query.py +0 -0
  346. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/tools/reg.py +0 -0
  347. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/tools/shell.py +0 -0
  348. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/tools/utils.py +0 -0
  349. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/tools/yara.py +0 -0
  350. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/volume.py +0 -0
  351. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/volumes/__init__.py +0 -0
  352. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/volumes/bde.py +0 -0
  353. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/volumes/ddf.py +0 -0
  354. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/volumes/disk.py +0 -0
  355. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/volumes/luks.py +0 -0
  356. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/volumes/lvm.py +0 -0
  357. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/volumes/md.py +0 -0
  358. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/volumes/vmfs.py +0 -0
  359. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect.target.egg-info/dependency_links.txt +0 -0
  360. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect.target.egg-info/entry_points.txt +0 -0
  361. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect.target.egg-info/requires.txt +0 -0
  362. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect.target.egg-info/top_level.txt +0 -0
  363. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/pyproject.toml +0 -0
  364. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/setup.cfg +0 -0
  365. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/__init__.py +0 -0
  366. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/_docs/Makefile +0 -0
  367. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/_docs/conf.py +0 -0
  368. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/_docs/index.rst +0 -0
  369. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/_utils.py +0 -0
  370. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/conftest.py +0 -0
  371. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/containers/__init__.py +0 -0
  372. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/containers/test_fortifw.py +0 -0
  373. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/containers/test_split.py +0 -0
  374. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/filesystems/__init__.py +0 -0
  375. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/filesystems/test_cb.py +0 -0
  376. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/filesystems/test_config.py +0 -0
  377. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/filesystems/test_cpio.py +0 -0
  378. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/filesystems/test_dir.py +0 -0
  379. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/filesystems/test_exfat.py +0 -0
  380. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/filesystems/test_fat.py +0 -0
  381. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/filesystems/test_ntfs.py +0 -0
  382. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/filesystems/test_overlay.py +0 -0
  383. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/filesystems/test_smb.py +0 -0
  384. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/filesystems/test_tar.py +0 -0
  385. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/filesystems/test_vmtar.py +0 -0
  386. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/filesystems/test_zip.py +0 -0
  387. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/helpers/__init__.py +0 -0
  388. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/helpers/test_cache.py +0 -0
  389. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/helpers/test_config.py +0 -0
  390. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/helpers/test_configutil.py +0 -0
  391. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/helpers/test_docs.py +0 -0
  392. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/helpers/test_fsutil.py +0 -0
  393. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/helpers/test_hashutil.py +0 -0
  394. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/helpers/test_keychain.py +0 -0
  395. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/helpers/test_loaderutil.py +0 -0
  396. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/helpers/test_localeutil.py +0 -0
  397. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/helpers/test_modifier.py +0 -0
  398. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/helpers/test_protobuf.py +0 -0
  399. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/helpers/test_record.py +0 -0
  400. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/helpers/test_regutil.py +0 -0
  401. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/helpers/test_utils.py +0 -0
  402. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/__init__.py +0 -0
  403. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_ab.py +0 -0
  404. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_asdf.py +0 -0
  405. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_cb.py +0 -0
  406. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_dir.py +0 -0
  407. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_hyperv.py +0 -0
  408. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_kape.py +0 -0
  409. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_local.py +0 -0
  410. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_log.py +0 -0
  411. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_mqtt.py +0 -0
  412. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_multiraw.py +0 -0
  413. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_ova.py +0 -0
  414. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_overlay.py +0 -0
  415. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_ovf.py +0 -0
  416. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_phobos.py +0 -0
  417. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_pvm.py +0 -0
  418. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_pvs.py +0 -0
  419. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_remote.py +0 -0
  420. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_smb.py +0 -0
  421. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_tanium.py +0 -0
  422. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_tar.py +0 -0
  423. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_utm.py +0 -0
  424. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_vbox.py +0 -0
  425. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_velociraptor.py +0 -0
  426. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/loaders/test_vmwarevm.py +0 -0
  427. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/__init__.py +0 -0
  428. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/__init__.py +0 -0
  429. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/av/__init__.py +0 -0
  430. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/av/test_mcafee.py +0 -0
  431. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/av/test_sophos.py +0 -0
  432. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/av/test_symantec.py +0 -0
  433. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/av/test_trendmicro.py +0 -0
  434. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/browser/__init__.py +0 -0
  435. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/browser/test_brave.py +0 -0
  436. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/browser/test_chrome.py +0 -0
  437. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/browser/test_chromium.py +0 -0
  438. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/browser/test_edge.py +0 -0
  439. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/browser/test_firefox.py +0 -0
  440. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/browser/test_iexplore.py +0 -0
  441. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/container/__init__.py +0 -0
  442. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/container/test_docker.py +0 -0
  443. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/remoteaccess/__init__.py +0 -0
  444. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/remoteaccess/test_anydesk.py +0 -0
  445. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/remoteaccess/test_teamviewer.py +0 -0
  446. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/shell/__init__.py +0 -0
  447. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/shell/test_powershell.py +0 -0
  448. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/ssh/__init__.py +0 -0
  449. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/ssh/test_openssh.py +0 -0
  450. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/ssh/test_opensshd.py +0 -0
  451. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/ssh/test_putty.py +0 -0
  452. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/vpn/__init__.py +0 -0
  453. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/vpn/test_openvpn.py +0 -0
  454. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/vpn/test_wireguard.py +0 -0
  455. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/webhosting/__init__.py +0 -0
  456. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/webhosting/test_cpanel.py +0 -0
  457. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/webserver/__init__.py +0 -0
  458. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/webserver/test_apache.py +0 -0
  459. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/webserver/test_caddy.py +0 -0
  460. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/webserver/test_citrix.py +0 -0
  461. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/webserver/test_iis.py +0 -0
  462. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/webserver/test_nginx.py +0 -0
  463. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/apps/webserver/test_webserver.py +0 -0
  464. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/child/__init__.py +0 -0
  465. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/child/test_docker.py +0 -0
  466. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/child/test_hyperv.py +0 -0
  467. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/child/test_virtuozzo.py +0 -0
  468. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/child/test_wsl.py +0 -0
  469. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/filesystem/__init__.py +0 -0
  470. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/filesystem/ntfs/__init__.py +0 -0
  471. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/filesystem/ntfs/test_usnjrnl.py +0 -0
  472. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/filesystem/test_acquire_handles.py +0 -0
  473. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/filesystem/test_acquire_hash.py +0 -0
  474. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/filesystem/test_icat.py +0 -0
  475. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/filesystem/test_resolver.py +0 -0
  476. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/filesystem/test_walkfs.py +0 -0
  477. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/filesystem/test_yara.py +0 -0
  478. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/filesystem/unix/__init__.py +0 -0
  479. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/filesystem/unix/test_capability.py +0 -0
  480. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/filesystem/unix/test_suid.py +0 -0
  481. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/general/__init__.py +0 -0
  482. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/general/test_config.py +0 -0
  483. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/general/test_default.py +0 -0
  484. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/general/test_plugins.py +0 -0
  485. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/general/test_scrape.py +0 -0
  486. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/general/test_users.py +0 -0
  487. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/__init__.py +0 -0
  488. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/__init__.py +0 -0
  489. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/bsd/__init__.py +0 -0
  490. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/bsd/citrix/__init__.py +0 -0
  491. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/bsd/citrix/test__os.py +0 -0
  492. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/bsd/citrix/test_history.py +0 -0
  493. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/bsd/osx/__init__.py +0 -0
  494. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/bsd/osx/test__os.py +0 -0
  495. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/bsd/osx/test_user.py +0 -0
  496. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/esxi/__init__.py +0 -0
  497. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/esxi/test__os.py +0 -0
  498. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/linux/__init__.py +0 -0
  499. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/linux/android/__init__.py +0 -0
  500. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/linux/android/test__os.py +0 -0
  501. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/linux/debian/__init__.py +0 -0
  502. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/linux/debian/test_apt.py +0 -0
  503. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/linux/debian/test_dpkg.py +0 -0
  504. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/linux/fortios/test_keys.py +0 -0
  505. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/linux/redhat/__init__.py +0 -0
  506. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/linux/redhat/test_yum.py +0 -0
  507. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/linux/suse/__init__.py +0 -0
  508. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/linux/suse/test_zypper.py +0 -0
  509. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/linux/test_cmdline.py +0 -0
  510. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/linux/test_environ.py +0 -0
  511. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/linux/test_iptables.py +0 -0
  512. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/linux/test_modules.py +0 -0
  513. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/linux/test_netstat.py +0 -0
  514. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/linux/test_proc.py +0 -0
  515. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/linux/test_processes.py +0 -0
  516. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/linux/test_services.py +0 -0
  517. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/linux/test_sockets.py +0 -0
  518. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/locate/__init__.py +0 -0
  519. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/locate/test_gnulocate.py +0 -0
  520. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/locate/test_mlocate.py +0 -0
  521. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/locate/test_plocate.py +0 -0
  522. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/log/__init__.py +0 -0
  523. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/log/test_atop.py +0 -0
  524. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/log/test_audit.py +0 -0
  525. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/log/test_auth.py +0 -0
  526. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/log/test_lastlog.py +0 -0
  527. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/log/test_messages.py +0 -0
  528. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/log/test_utmp.py +0 -0
  529. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/test__os.py +0 -0
  530. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/test_generic.py +0 -0
  531. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/test_history.py +0 -0
  532. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/test_ips.py +0 -0
  533. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/test_journal.py +0 -0
  534. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/test_locale.py +0 -0
  535. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/test_packagemanager.py +0 -0
  536. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/test_shadow.py +0 -0
  537. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/test_users.py +0 -0
  538. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/unix/test_version.py +0 -0
  539. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/__init__.py +0 -0
  540. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/log/test_etl.py +0 -0
  541. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/log/test_evt.py +0 -0
  542. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/log/test_evtx.py +0 -0
  543. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/log/test_schedlgu.py +0 -0
  544. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/regf/__init__.py +0 -0
  545. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/regf/test_appxdebugkeys.py +0 -0
  546. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/regf/test_cit.py +0 -0
  547. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/regf/test_clsid.py +0 -0
  548. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/regf/test_muicache.py +0 -0
  549. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/regf/test_shellbags.py +0 -0
  550. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/regf/test_trusteddocs.py +0 -0
  551. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/regf/test_userassist.py +0 -0
  552. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test__os.py +0 -0
  553. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_adpolicy.py +0 -0
  554. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_amcache.py +0 -0
  555. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_catroot.py +0 -0
  556. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_clfs.py +0 -0
  557. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_credhist.py +0 -0
  558. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_datetime.py +0 -0
  559. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_defender.py +0 -0
  560. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_dpapi.py +0 -0
  561. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_env.py +0 -0
  562. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_generic.py +0 -0
  563. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_lnk.py +0 -0
  564. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_locale.py +0 -0
  565. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_mru.py +0 -0
  566. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_notifications.py +0 -0
  567. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_prefetch.py +0 -0
  568. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_recyclebin.py +0 -0
  569. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_registry.py +0 -0
  570. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_sam.py +0 -0
  571. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_shimcache.py +0 -0
  572. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_sru.py +0 -0
  573. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_syscache.py +0 -0
  574. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_tasks.py +0 -0
  575. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_thumbcache.py +0 -0
  576. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_ual.py +0 -0
  577. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/os/windows/test_wer.py +0 -0
  578. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/test_container.py +0 -0
  579. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/test_filesystem.py +0 -0
  580. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/test_plugin.py +0 -0
  581. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/test_registration.py +0 -0
  582. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/test_report.py +0 -0
  583. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/test_target.py +0 -0
  584. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/test_volume.py +0 -0
  585. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/tools/__init__.py +0 -0
  586. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/tools/test_dump.py +0 -0
  587. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/tools/test_fs.py +0 -0
  588. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/tools/test_mount.py +0 -0
  589. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/tools/test_query.py +0 -0
  590. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/tools/test_reg.py +0 -0
  591. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/tools/test_shell.py +0 -0
  592. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/tools/test_utils.py +0 -0
  593. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/tools/test_yara.py +0 -0
  594. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/volumes/__init__.py +0 -0
  595. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/volumes/test_bde.py +0 -0
  596. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/volumes/test_md.py +0 -0
  597. {dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tox.ini +0 -0
{dissect_target-3.19.dev23/dissect.target.egg-info → dissect_target-3.19.dev25}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: dissect.target
3
- Version: 3.19.dev23
3
+ Version: 3.19.dev25
4
4
  Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect/target/plugins/filesystem/ntfs/mft.py RENAMED
@@ -1,9 +1,10 @@
1
1
  import logging
2
- from typing import Callable
2
+ from typing import Callable, Iterator
3
3
 
4
4
  from dissect.ntfs.attr import Attribute
5
5
  from dissect.ntfs.c_ntfs import FILE_RECORD_SEGMENT_IN_USE
6
6
  from dissect.ntfs.mft import MftRecord
7
+ from flow.record import Record
7
8
  from flow.record.fieldtypes import windows_path
8
9
 
9
10
  from dissect.target.exceptions import UnsupportedPluginError
@@ -53,7 +54,6 @@ FilesystemStdRecord = TargetRecordDescriptor(
53
54
  ],
54
55
  )
55
56
 
56
-
57
57
  FilesystemFilenameCompactRecord = TargetRecordDescriptor(
58
58
  "filesystem/ntfs/mft/filename/compact",
59
59
  [
@@ -90,6 +90,21 @@ FilesystemFilenameRecord = TargetRecordDescriptor(
90
90
  ],
91
91
  )
92
92
 
93
+ FilesystemMACBRecord = TargetRecordDescriptor(
94
+ "filesystem/ntfs/mft/macb",
95
+ [
96
+ ("datetime", "ts"),
97
+ ("string", "macb"),
98
+ ("uint32", "filename_index"),
99
+ ("uint32", "segment"),
100
+ ("path", "path"),
101
+ ("string", "owner"),
102
+ ("filesize", "filesize"),
103
+ ("boolean", "resident"),
104
+ ("boolean", "inuse"),
105
+ ("string", "volume_uuid"),
106
+ ],
107
+ )
93
108
 
94
109
  RECORD_TYPES = {
95
110
  InformationType.STANDARD_INFORMATION: FilesystemStdRecord,
@@ -118,7 +133,12 @@ class MftPlugin(Plugin):
118
133
  ]
119
134
  )
120
135
  @arg("--compact", action="store_true", help="compacts the MFT entry timestamps into a single record")
121
- def mft(self, compact: bool = False):
136
+ @arg(
137
+ "--macb",
138
+ action="store_true",
139
+ help="compacts the MFT entry timestamps into aggregated records with MACB bitfield",
140
+ )
141
+ def mft(self, compact: bool = False, macb: bool = False):
122
142
  """Return the MFT records of all NTFS filesystems.
123
143
 
124
144
  The Master File Table (MFT) contains primarily metadata about every file and folder on a NFTS filesystem.
@@ -133,10 +153,19 @@ class MftPlugin(Plugin):
133
153
  - https://docs.microsoft.com/en-us/windows/win32/fileio/master-file-table
134
154
  """
135
155
 
136
- if compact:
156
+ record_formatter = formatter
157
+
158
+ def noaggr(records: list[Record]) -> Iterator[Record]:
159
+ yield from records
160
+
161
+ aggr = noaggr
162
+
163
+ if compact and macb:
164
+ raise ValueError("--macb and --compact are mutually exclusive")
165
+ elif compact:
137
166
  record_formatter = compacted_formatter
138
- else:
139
- record_formatter = formatter
167
+ elif macb:
168
+ aggr = macb_aggr
140
169
 
141
170
  for fs in self.target.filesystems:
142
171
  if fs.__type__ != "ntfs":
@@ -167,17 +196,19 @@ class MftPlugin(Plugin):
167
196
 
168
197
  for path in record.full_paths():
169
198
  path = f"{drive_letter}{path}"
170
- yield from self.mft_records(
171
- drive_letter=drive_letter,
172
- record=record,
173
- segment=record.segment,
174
- path=path,
175
- owner=owner,
176
- size=size,
177
- resident=resident,
178
- inuse=inuse,
179
- volume_uuid=volume_uuid,
180
- record_formatter=record_formatter,
199
+ yield from aggr(
200
+ self.mft_records(
201
+ drive_letter=drive_letter,
202
+ record=record,
203
+ segment=record.segment,
204
+ path=path,
205
+ owner=owner,
206
+ size=size,
207
+ resident=resident,
208
+ inuse=inuse,
209
+ volume_uuid=volume_uuid,
210
+ record_formatter=record_formatter,
211
+ )
181
212
  )
182
213
  except Exception as e:
183
214
  self.target.log.warning("An error occured parsing MFT segment %d: %s", record.segment, str(e))
@@ -275,3 +306,33 @@ def formatter(attr: Attribute, record_type: InformationType, **kwargs):
275
306
  ("A", attr.last_access_time),
276
307
  ]:
277
308
  yield record_desc(ts=timestamp, ts_type=type, **kwargs)
309
+
310
+
311
+ def macb_aggr(records: list[Record]) -> Iterator[Record]:
312
+ def macb_set(bitfield, index, letter):
313
+ return bitfield[:index] + letter + bitfield[index + 1 :]
314
+
315
+ macbs = []
316
+ for record in records:
317
+ found = False
318
+
319
+ offset_std = int(record._desc.name == "filesystem/ntfs/mft/std") * 5
320
+ offset_ads = (int(record.ads) * 10) if offset_std == 0 else 0
321
+
322
+ field = "MACB".find(record.ts_type) + offset_std + offset_ads
323
+ for macb in macbs:
324
+ if macb.ts == record.ts:
325
+ macb.macb = macb_set(macb.macb, field, record.ts_type)
326
+ found = True
327
+ break
328
+
329
+ if found:
330
+ continue
331
+
332
+ macb = FilesystemMACBRecord.init_from_record(record)
333
+ macb.macb = "..../..../...."
334
+ macb.macb = macb_set(macb.macb, field, record.ts_type)
335
+
336
+ macbs.append(macb)
337
+
338
+ yield from macbs
dissect_target-3.19.dev25/dissect/target/plugins/os/windows/regf/usb.py ADDED
@@ -0,0 +1,226 @@
1
+ from __future__ import annotations
2
+
3
+ import re
4
+ import struct
5
+ from typing import Iterator
6
+
7
+ from dissect.util.ts import wintimestamp
8
+
9
+ from dissect.target.exceptions import (
10
+ RegistryKeyNotFoundError,
11
+ RegistryValueNotFoundError,
12
+ UnsupportedPluginError,
13
+ )
14
+ from dissect.target.helpers.record import TargetRecordDescriptor
15
+ from dissect.target.helpers.regutil import VirtualKey
16
+ from dissect.target.plugin import Plugin, export
17
+
18
+ UsbRegistryRecord = TargetRecordDescriptor(
19
+ "windows/registry/usb",
20
+ [
21
+ ("string", "type"),
22
+ ("string", "serial"),
23
+ ("string", "container_id"),
24
+ ("string", "vendor"),
25
+ ("string", "product"),
26
+ ("string", "revision"),
27
+ ("string", "friendly_name"),
28
+ ("datetime", "first_insert"),
29
+ ("datetime", "first_install"),
30
+ ("datetime", "last_insert"),
31
+ ("datetime", "last_removal"),
32
+ ("string[]", "volumes"),
33
+ ("string[]", "mounts"),
34
+ ("string[]", "users"),
35
+ ("path", "source"),
36
+ ],
37
+ )
38
+
39
+ USB_DEVICE_PROPERTY_KEYS = {
40
+ "first_install": ("0064", "00000064"), # Windows 7 and higher. USB device first install date
41
+ "first_insert": ("0065", "00000065"), # Windows 7 and higher. USB device first insert date.
42
+ "last_insert": ("0066", "00000066"), # Windows 8 and higher. USB device last insert date.
43
+ "last_removal": ("0067", "00000067"), # Windows 8 and higer. USB device last removal date.
44
+ }
45
+
46
+ RE_DEVICE_NAME = re.compile(r"^(?P<type>.+?)&Ven_(?P<vendor>.+?)&Prod_(?P<product>.+?)(&Rev_(?P<revision>.+?))?$")
47
+
48
+
49
+ class UsbPlugin(Plugin):
50
+ """Windows USB history plugin.
51
+
52
+ Parses Windows registry data about attached USB devices. Does not parse EVTX EventIDs
53
+ or ``C:\\Windows\\inf\\setupapi(.dev).log``.
54
+
55
+ To get a full picture of the USB history on a Windows machine, you should parse the
56
+ relevant EventIDs using the evtx plugin. For more research on event log USB forensics, see:
57
+ - https://www.researchgate.net/publication/318514858
58
+ - https://dfir.pubpub.org/pub/h78di10n/release/2
59
+ - https://www.senturean.com/posts/19_08_03_usb_storage_forensics_1/#1-system-events
60
+
61
+ Resources:
62
+ - https://hatsoffsecurity.com/2014/06/05/usb-forensics-pt-1-serial-number/
63
+ - http://www.swiftforensics.com/2013/11/windows-8-new-registry-artifacts-part-1.html
64
+ - https://www.sans.org/blog/the-truth-about-usb-device-serial-numbers/
65
+ """
66
+
67
+ # Stores history of mounted USB devices
68
+ USB_STOR = "HKLM\\SYSTEM\\CurrentControlSet\\Enum\\USBSTOR"
69
+
70
+ # Stores the relation between a USB container_id and the FriendlyName of mounted volume(s) (Windows 7 and up)
71
+ PORTABLE_DEVICES = "HKLM\\SOFTWARE\\Microsoft\\Windows Portable Devices\\Devices"
72
+
73
+ # Stores the most recent mapping of a mount letter and a container_id
74
+ MOUNT_LETTER_MAP = "HKLM\\SYSTEM\\MountedDevices"
75
+
76
+ # User history of mount points accesses in explorer.exe
77
+ USER_MOUNTS = "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Mountpoints2"
78
+
79
+ # Other artifacts we currently do not parse:
80
+ # - "sysvol\Windows\inf\setupapi(.dev).log"
81
+ # - "HKLM\\SYSTEM\\CurrentControlSet\\Enum\\USB"
82
+ # - "HKLM\\SYSTEM\\CurrentControlSet\\Enum\\HID"
83
+ # - "HKLM\\SYSTEM\\CurrentControlSet\\Enum\\SCSI"
84
+ # - "HKLM\\SYSTEM\\CurrentControlSet\\Control\\DeviceContainers"
85
+ # - "SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt"
86
+
87
+ def check_compatible(self) -> None:
88
+ if not list(self.target.registry.keys(self.USB_STOR)):
89
+ raise UnsupportedPluginError(f"Registry key not found: {self.USB_STOR}")
90
+
91
+ @export(record=UsbRegistryRecord)
92
+ def usb(self) -> Iterator[UsbRegistryRecord]:
93
+ """Yields information about (historically) attached USB storage devices on Windows.
94
+
95
+ Uses the registry to find information about USB storage devices that have been attached to the system.
96
+ Also tries to find the past volume name and mount letters of the USB device and what user(s) interacted
97
+ with them using ``explorer.exe``.
98
+ """
99
+
100
+ for key in self.target.registry.keys(self.USB_STOR):
101
+ for usb_type in key.subkeys():
102
+ try:
103
+ device_info = parse_device_name(usb_type.name)
104
+ except ValueError:
105
+ self.target.log.warning("Unable to parse USB device name: %s", usb_type.name)
106
+ device_info = {"type": None, "vendor": None, "product": None, "revision": None}
107
+
108
+ for usb_device in usb_type.subkeys():
109
+ serial = usb_device.name
110
+ friendly_name = None
111
+ container_id = None
112
+ timestamps = {
113
+ "first_install": None,
114
+ "first_insert": None,
115
+ "last_insert": None,
116
+ "last_removal": None,
117
+ }
118
+
119
+ try:
120
+ friendly_name = usb_device.value("FriendlyName").value
121
+ except RegistryValueNotFoundError:
122
+ self.target.log.warning("No FriendlyName for USB with serial: %s", serial)
123
+ pass
124
+
125
+ try:
126
+ container_id = usb_device.value("ContainerID").value
127
+ except RegistryValueNotFoundError:
128
+ self.target.log.warning("No ContainerID for USB with serial: %s", serial)
129
+
130
+ try:
131
+ timestamps = unpack_timestamps(usb_device.subkey("Properties"))
132
+ except RegistryValueNotFoundError as e:
133
+ self.target.log.warning("Unable to parse USBSTOR registry properties for serial: %s", serial)
134
+ self.target.log.debug("", exc_info=e)
135
+
136
+ # We can check if any HKCU hive(s) are populated with the Volume GUID of the USB storage device.
137
+ # If a user has interacted with the mounted volume using explorer.exe we will get a match.
138
+ volumes = list(self.find_volumes(serial))
139
+ mounts = list(self.find_mounts(serial))
140
+ users = [
141
+ u.user.name for u in self.find_users([m[10:] for m in mounts if m.startswith("\\??\\Volume{")])
142
+ ]
143
+
144
+ yield UsbRegistryRecord(
145
+ friendly_name=friendly_name,
146
+ serial=serial,
147
+ container_id=container_id,
148
+ **device_info,
149
+ **timestamps,
150
+ volumes=volumes,
151
+ mounts=mounts,
152
+ users=users,
153
+ source=self.USB_STOR,
154
+ _target=self.target,
155
+ )
156
+
157
+ def find_volumes(self, serial: str) -> Iterator[str]:
158
+ """Attempts to find mounted volume names for the given serial."""
159
+ serial = serial.lower()
160
+ try:
161
+ for device in self.target.registry.key(self.PORTABLE_DEVICES).subkeys():
162
+ if serial in device.name.lower():
163
+ yield device.value("FriendlyName").value
164
+ except RegistryKeyNotFoundError:
165
+ pass
166
+
167
+ def find_mounts(self, serial: str) -> Iterator[str]:
168
+ """Attempts to find drive letters the given serial has been mounted on."""
169
+ serial = serial.lower()
170
+ try:
171
+ for mount in self.target.registry.key(self.MOUNT_LETTER_MAP).values():
172
+ try:
173
+ if serial in mount.value.decode("utf-16-le").lower():
174
+ yield mount.name.replace("\\DosDevices\\", "")
175
+ except UnicodeDecodeError:
176
+ pass
177
+ except RegistryKeyNotFoundError:
178
+ pass
179
+
180
+ def find_users(self, volume_guids: list[str]) -> Iterator[str]:
181
+ """Attempt to find Windows users that have interacted with the given volume GUIDs."""
182
+
183
+ for volume_guid in volume_guids:
184
+ try:
185
+ for key in self.target.registry.key(self.USER_MOUNTS + "\\" + volume_guid):
186
+ yield self.target.registry.get_user_details(key)
187
+ except RegistryKeyNotFoundError:
188
+ pass
189
+
190
+
191
+ def unpack_timestamps(usb_reg_properties: VirtualKey) -> dict[str, int]:
192
+ """Unpack relevant Windows timestamps from the provided USB registry properties subkey.
193
+
194
+ Args:
195
+ usb_reg_properties: A registry object with USB properties.
196
+
197
+ Returns:
198
+ A dict containing parsed timestamps within passed registry object.
199
+ """
200
+
201
+ usb_reg_properties = usb_reg_properties.subkey("{83da6326-97a6-4088-9453-a1923f573b29}")
202
+ timestamps = {}
203
+
204
+ for device_property, usbstor_values in USB_DEVICE_PROPERTY_KEYS.items():
205
+ for usb_val in usbstor_values:
206
+ if usb_val in [x.name for x in usb_reg_properties.subkeys()]:
207
+ version_key = usb_reg_properties.subkey(usb_val)
208
+ if "00000000" in version_key.subkeys():
209
+ data_value = version_key.subkey("00000000").value("Data").value
210
+ else:
211
+ data_value = version_key.value("(Default)").value
212
+ timestamps[device_property] = wintimestamp(struct.unpack("<Q", data_value)[0])
213
+ break
214
+ else:
215
+ timestamps[device_property] = None
216
+ return timestamps
217
+
218
+
219
+ def parse_device_name(device_name: str) -> dict[str, str]:
220
+ """Parse a registry device name into components."""
221
+
222
+ match = RE_DEVICE_NAME.match(device_name)
223
+ if not match:
224
+ raise ValueError(f"Unable to parse USB device name: {device_name}")
225
+
226
+ return match.groupdict()
{dissect_target-3.19.dev23 → dissect_target-3.19.dev25/dissect.target.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: dissect.target
3
- Version: 3.19.dev23
3
+ Version: 3.19.dev25
4
4
  Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/dissect.target.egg-info/SOURCES.txt RENAMED
@@ -578,6 +578,7 @@ tests/plugins/os/windows/regf/test_clsid.py
578
578
  tests/plugins/os/windows/regf/test_muicache.py
579
579
  tests/plugins/os/windows/regf/test_shellbags.py
580
580
  tests/plugins/os/windows/regf/test_trusteddocs.py
581
+ tests/plugins/os/windows/regf/test_usb.py
581
582
  tests/plugins/os/windows/regf/test_userassist.py
582
583
  tests/tools/__init__.py
583
584
  tests/tools/test_dump.py
{dissect_target-3.19.dev23 → dissect_target-3.19.dev25}/tests/plugins/filesystem/ntfs/test_mft.py RENAMED
@@ -1,13 +1,20 @@
1
1
  import re
2
+ from random import randrange
2
3
  from unittest.mock import Mock
3
4
 
4
5
  import pytest
5
6
  from dissect.ntfs.c_ntfs import ATTRIBUTE_TYPE_CODE
6
7
  from dissect.ntfs.exceptions import Error
7
8
 
9
+ from dissect.target import Target
8
10
  from dissect.target.filesystem import VirtualFilesystem
9
11
  from dissect.target.filesystems.ntfs import NtfsFilesystem
10
- from dissect.target.plugins.filesystem.ntfs.mft import MftPlugin
12
+ from dissect.target.plugins.filesystem.ntfs.mft import (
13
+ FilesystemFilenameRecord,
14
+ FilesystemStdRecord,
15
+ MftPlugin,
16
+ macb_aggr,
17
+ )
11
18
  from dissect.target.plugins.filesystem.ntfs.mft_timeline import MftTimelinePlugin
12
19
  from dissect.target.plugins.filesystem.ntfs.utils import (
13
20
  get_drive_letter,
@@ -170,6 +177,40 @@ def test_mft_plugin_entries(target_win, compact):
170
177
  assert len(mft_data) == check_output_amount(76, compact)
171
178
 
172
179
 
180
+ def test_mft_plugin_macb(target_win: Target) -> None:
181
+ load_mft_plugin(target_win)
182
+ mft_data = list(target_win.mft(macb=True))
183
+ path = None
184
+ ts = None
185
+ macb = None
186
+ field = "MACB/MACB/MACB"
187
+ for record in mft_data:
188
+ assert record.macb != macb or record.ts != ts or record.path != path
189
+ for bit in [0, 1, 2, 3, 5, 6, 7, 9, 10, 11, 12]:
190
+ assert record.macb[bit : bit + 1] in (field[bit : bit + 1], ".")
191
+ path = record.path
192
+ macb = record.macb
193
+ ts = record.ts
194
+
195
+
196
+ def test_mft_plugin_macb_nodup() -> None:
197
+ # test whether you can never have duplicates
198
+
199
+ def make_ts(tss: set) -> int:
200
+ ts = randrange(1, 10)
201
+ tss.add(ts)
202
+ return ts
203
+
204
+ for _ in range(0, 100):
205
+ tss = set()
206
+ records = []
207
+ for ts_type in ["M", "A", "C", "B"]:
208
+ records.append(FilesystemStdRecord(path="a.txt", ts=make_ts(tss), ts_type=ts_type))
209
+ records.append(FilesystemFilenameRecord(path="a.txt", ts=make_ts(tss), ts_type=ts_type, ads=False))
210
+ records.append(FilesystemFilenameRecord(path="a.txt", ts=make_ts(tss), ts_type=ts_type, ads=True))
211
+ assert len(list(macb_aggr(records))) == len(tss)
212
+
213
+
173
214
  def test_mft_plugin_disk_label(target_win):
174
215
  load_mft_plugin(target_win)
175
216
  target_win.fs.mounts = {"c:": target_win.filesystems[0]}
dissect_target-3.19.dev25/tests/plugins/os/windows/regf/test_usb.py ADDED
@@ -0,0 +1,90 @@
1
+ from unittest.mock import patch
2
+
3
+ from flow.record.fieldtypes import datetime as dt
4
+
5
+ from dissect.target.helpers.regutil import VirtualHive, VirtualKey, VirtualValue
6
+ from dissect.target.plugins.os.windows.regf.usb import UsbPlugin
7
+ from dissect.target.target import Target
8
+
9
+
10
+ def test_windows_usb(target_win_users: Target, hive_hklm: VirtualHive, hive_hku: VirtualHive) -> None:
11
+ """test discovery of windows usb connection history"""
12
+
13
+ usbstor_name = "SYSTEM\\ControlSet001\\Enum\\USBSTOR\\Disk&Ven_SanDisk&Prod_Ultra&Rev_1.00"
14
+ usbstor_key = VirtualKey(hive_hklm, usbstor_name)
15
+
16
+ serial_name = "0401399b179e9d46555d8aa9d8618cd0a4f82512595aaea56a74bcd1c387638"
17
+ serial_key = VirtualKey(hive_hklm, serial_name)
18
+ serial_key.add_value(
19
+ "ContainerID", VirtualValue(hive_hklm, "ContainerID", "{3bceaa2e-d325-5328-ba38-d55baacd43d9}")
20
+ )
21
+ serial_key.add_value("FriendlyName", VirtualValue(hive_hklm, "FriendlyName", "SanDisk Ultra USB Device"))
22
+ serial_key.add_subkey("Device Parameters", VirtualKey(hive_hklm, "Device Parameters"))
23
+
24
+ properties_key = VirtualKey(hive_hklm, "Properties")
25
+ guid_key = VirtualKey(hive_hklm, "{83da6326-97a6-4088-9453-a1923f573b29}")
26
+
27
+ key_0064 = VirtualKey(hive_hklm, "0064")
28
+ key_0064.add_value("(Default)", VirtualValue(hive_hklm, "(Default)", b"\xea\x05+$T\xdf\xda\x01"))
29
+
30
+ key_0065 = VirtualKey(hive_hklm, "0065")
31
+ key_0065.add_value("(Default)", VirtualValue(hive_hklm, "(Default)", b"\xea\x05+$T\xdf\xda\x01"))
32
+
33
+ key_0066 = VirtualKey(hive_hklm, "0066")
34
+ key_0066.add_value("(Default)", VirtualValue(hive_hklm, "(Default)", b"\xea\x05+$T\xdf\xda\x01"))
35
+
36
+ key_0067 = VirtualKey(hive_hklm, "0067")
37
+ key_0067.add_value("(Default)", VirtualValue(hive_hklm, "(Default)", b"\x8b\xe0\x10\x96T\xdf\xda\x01"))
38
+
39
+ guid_key.add_subkey("0064", key_0064)
40
+ guid_key.add_subkey("0065", key_0065)
41
+ guid_key.add_subkey("0066", key_0066)
42
+ guid_key.add_subkey("0067", key_0067)
43
+ properties_key.add_subkey("{83da6326-97a6-4088-9453-a1923f573b29}", guid_key)
44
+ serial_key.add_subkey("Properties", properties_key)
45
+ usbstor_key.add_subkey(serial_name, serial_key)
46
+ hive_hklm.map_key(usbstor_name, usbstor_key)
47
+
48
+ mounted_devices = VirtualKey(hive_hklm, "SYSTEM\\MountedDevices")
49
+ mounted_devices.add_value(
50
+ "\\DosDevices\\E:", VirtualValue(hive_hklm, "\\DosDevices\\E:", serial_name.encode("utf-16-le"))
51
+ )
52
+ mounted_devices.add_value(
53
+ "\\??\\Volume{4be8862a-4b47-11ef-9a61-70d823df2914}",
54
+ VirtualValue(hive_hklm, "\\??\\Volume{4be8862a-4b47-11ef-9a61-70d823df2914}", serial_name.encode("utf-16-le")),
55
+ )
56
+ hive_hklm.map_key("SYSTEM\\MountedDevices", mounted_devices)
57
+
58
+ mounted_volumes_name = "SOFTWARE\\Microsoft\\Windows Portable Devices\\Devices\\SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_SANDISK&PROD_ULTRA&REV_1.00#0401399B179E9D46555D8AA9D8618CD0A4F82512595AAEA56A74BCD1C387638#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}" # noqa: E501
59
+ mounted_volumes = VirtualKey(hive_hklm, mounted_volumes_name)
60
+ mounted_volumes.add_value("FriendlyName", VirtualValue(hive_hklm, "FriendlyName", "Example USB"))
61
+ hive_hklm.map_key(mounted_volumes_name, mounted_volumes)
62
+
63
+ mountpoints2_name = (
64
+ "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Mountpoints2\\{4be8862a-4b47-11ef-9a61-70d823df2914}"
65
+ )
66
+ mountpoints2 = VirtualKey(hive_hku, mountpoints2_name)
67
+ hive_hku.map_key(mountpoints2_name, mountpoints2)
68
+
69
+ target_win_users.add_plugin(UsbPlugin)
70
+
71
+ with patch("dissect.target.plugins.os.windows.registry.RegistryPlugin.get_user_details") as mock_reg_user_details:
72
+ mock_reg_user_details.return_value = target_win_users.user_details.find(username="John")
73
+ results = list(target_win_users.usb())
74
+
75
+ assert len(results) == 1
76
+ assert results[0].type == "Disk"
77
+ assert results[0].serial == "0401399b179e9d46555d8aa9d8618cd0a4f82512595aaea56a74bcd1c387638"
78
+ assert results[0].container_id == "{3bceaa2e-d325-5328-ba38-d55baacd43d9}"
79
+ assert results[0].vendor == "SanDisk"
80
+ assert results[0].product == "Ultra"
81
+ assert results[0].revision == "1.00"
82
+ assert results[0].friendly_name == "SanDisk Ultra USB Device"
83
+ assert results[0].first_insert == dt("2024-07-26 12:05:43.789719+00:00")
84
+ assert results[0].first_install == dt("2024-07-26 12:05:43.789719+00:00")
85
+ assert results[0].last_insert == dt("2024-07-26 12:05:43.789719+00:00")
86
+ assert results[0].last_removal == dt("2024-07-26 12:08:54.878632+00:00")
87
+ assert results[0].volumes == ["Example USB"]
88
+ assert results[0].mounts == ["E:", "\\??\\Volume{4be8862a-4b47-11ef-9a61-70d823df2914}"]
89
+ assert results[0].users == ["John"]
90
+ assert results[0].source == "HKLM\\SYSTEM\\CurrentControlSet\\Enum\\USBSTOR"