dissect.target 3.20.dev31__tar.gz → 3.20.dev33__tar.gz

Sign up to get free protection for your applications and to get access to all the features.
Files changed (646) hide show
  1. {dissect_target-3.20.dev31/dissect.target.egg-info → dissect_target-3.20.dev33}/PKG-INFO +1 -1
  2. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/log/journal.py +108 -91
  3. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/log/messages.py +43 -16
  4. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33/dissect.target.egg-info}/PKG-INFO +1 -1
  5. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect.target.egg-info/SOURCES.txt +1 -1
  6. {dissect_target-3.20.dev31/tests/plugins/os/unix → dissect_target-3.20.dev33/tests/plugins/os/unix/log}/test_journal.py +12 -9
  7. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/log/test_messages.py +24 -10
  8. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/COPYRIGHT +0 -0
  9. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/LICENSE +0 -0
  10. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/MANIFEST.in +0 -0
  11. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/README.md +0 -0
  12. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/__init__.py +0 -0
  13. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/container.py +0 -0
  14. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/containers/__init__.py +0 -0
  15. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/containers/asdf.py +0 -0
  16. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/containers/ewf.py +0 -0
  17. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/containers/fortifw.py +0 -0
  18. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/containers/hdd.py +0 -0
  19. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/containers/hds.py +0 -0
  20. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/containers/qcow2.py +0 -0
  21. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/containers/raw.py +0 -0
  22. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/containers/split.py +0 -0
  23. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/containers/vdi.py +0 -0
  24. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/containers/vhd.py +0 -0
  25. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/containers/vhdx.py +0 -0
  26. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/containers/vmdk.py +0 -0
  27. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/data/autocompletion/target_bash_completion.sh +0 -0
  28. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/exceptions.py +0 -0
  29. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystem.py +0 -0
  30. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystems/__init__.py +0 -0
  31. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystems/ad1.py +0 -0
  32. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystems/btrfs.py +0 -0
  33. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystems/cb.py +0 -0
  34. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystems/config.py +0 -0
  35. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystems/cpio.py +0 -0
  36. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystems/dir.py +0 -0
  37. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystems/exfat.py +0 -0
  38. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystems/extfs.py +0 -0
  39. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystems/fat.py +0 -0
  40. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystems/ffs.py +0 -0
  41. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystems/itunes.py +0 -0
  42. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystems/jffs.py +0 -0
  43. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystems/ntfs.py +0 -0
  44. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystems/overlay.py +0 -0
  45. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystems/smb.py +0 -0
  46. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystems/squashfs.py +0 -0
  47. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystems/tar.py +0 -0
  48. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystems/vmfs.py +0 -0
  49. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystems/vmtar.py +0 -0
  50. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystems/xfs.py +0 -0
  51. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/filesystems/zip.py +0 -0
  52. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/__init__.py +0 -0
  53. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/cache.py +0 -0
  54. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/compat/__init__.py +0 -0
  55. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/compat/path_310.py +0 -0
  56. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/compat/path_311.py +0 -0
  57. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/compat/path_312.py +0 -0
  58. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/compat/path_39.py +0 -0
  59. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/compat/path_common.py +0 -0
  60. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/config.py +0 -0
  61. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/configutil.py +0 -0
  62. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/cyber.py +0 -0
  63. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/data/windowsZones.xml +0 -0
  64. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/descriptor_extensions.py +0 -0
  65. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/docs.py +0 -0
  66. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/fsutil.py +0 -0
  67. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/hashutil.py +0 -0
  68. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/keychain.py +0 -0
  69. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/lazy.py +0 -0
  70. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/loaderutil.py +0 -0
  71. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/localeutil.py +0 -0
  72. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/mount.py +0 -0
  73. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/mui.py +0 -0
  74. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/polypath.py +0 -0
  75. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/protobuf.py +0 -0
  76. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/record.py +0 -0
  77. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/record_modifier.py +0 -0
  78. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/regutil.py +0 -0
  79. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/shell_application_ids.py +0 -0
  80. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/shell_folder_ids.py +0 -0
  81. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/helpers/utils.py +0 -0
  82. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loader.py +0 -0
  83. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/__init__.py +0 -0
  84. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/ab.py +0 -0
  85. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/ad1.py +0 -0
  86. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/asdf.py +0 -0
  87. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/cb.py +0 -0
  88. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/cyber.py +0 -0
  89. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/dir.py +0 -0
  90. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/hyperv.py +0 -0
  91. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/itunes.py +0 -0
  92. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/kape.py +0 -0
  93. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/libvirt.py +0 -0
  94. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/local.py +0 -0
  95. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/log.py +0 -0
  96. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/mqtt.py +0 -0
  97. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/multiraw.py +0 -0
  98. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/ova.py +0 -0
  99. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/overlay.py +0 -0
  100. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/ovf.py +0 -0
  101. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/phobos.py +0 -0
  102. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/profile.py +0 -0
  103. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/pvm.py +0 -0
  104. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/pvs.py +0 -0
  105. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/raw.py +0 -0
  106. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/remote.py +0 -0
  107. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/res.py +0 -0
  108. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/smb.py +0 -0
  109. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/tanium.py +0 -0
  110. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/tar.py +0 -0
  111. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/target.py +0 -0
  112. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/utm.py +0 -0
  113. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/vb.py +0 -0
  114. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/vbox.py +0 -0
  115. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/velociraptor.py +0 -0
  116. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/vma.py +0 -0
  117. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/vmwarevm.py +0 -0
  118. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/vmx.py +0 -0
  119. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/loaders/xva.py +0 -0
  120. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugin.py +0 -0
  121. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/__init__.py +0 -0
  122. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/__init__.py +0 -0
  123. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/av/__init__.py +0 -0
  124. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/av/mcafee.py +0 -0
  125. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/av/sophos.py +0 -0
  126. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/av/symantec.py +0 -0
  127. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/av/trendmicro.py +0 -0
  128. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/browser/__init__.py +0 -0
  129. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/browser/brave.py +0 -0
  130. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/browser/browser.py +0 -0
  131. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/browser/chrome.py +0 -0
  132. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/browser/chromium.py +0 -0
  133. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/browser/edge.py +0 -0
  134. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/browser/firefox.py +0 -0
  135. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/browser/iexplore.py +0 -0
  136. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/container/__init__.py +0 -0
  137. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/container/docker.py +0 -0
  138. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/other/env.py +0 -0
  139. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/remoteaccess/__init__.py +0 -0
  140. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/remoteaccess/anydesk.py +0 -0
  141. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/remoteaccess/remoteaccess.py +0 -0
  142. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/remoteaccess/teamviewer.py +0 -0
  143. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/shell/__init__.py +0 -0
  144. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/shell/powershell.py +0 -0
  145. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/shell/wget.py +0 -0
  146. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/ssh/__init__.py +0 -0
  147. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/ssh/openssh.py +0 -0
  148. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/ssh/opensshd.py +0 -0
  149. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/ssh/putty.py +0 -0
  150. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/ssh/ssh.py +0 -0
  151. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/texteditor/__init__.py +0 -0
  152. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/texteditor/texteditor.py +0 -0
  153. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/texteditor/windowsnotepad.py +0 -0
  154. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/virtualization/__init__.py +0 -0
  155. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/virtualization/vmware_workstation.py +0 -0
  156. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/vpn/__init__.py +0 -0
  157. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/vpn/openvpn.py +0 -0
  158. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/vpn/wireguard.py +0 -0
  159. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/webhosting/__init__.py +0 -0
  160. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/webhosting/cpanel.py +0 -0
  161. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/webserver/__init__.py +0 -0
  162. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/webserver/apache.py +0 -0
  163. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/webserver/caddy.py +0 -0
  164. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/webserver/citrix.py +0 -0
  165. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/webserver/iis.py +0 -0
  166. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/webserver/nginx.py +0 -0
  167. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/apps/webserver/webserver.py +0 -0
  168. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/child/__init__.py +0 -0
  169. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/child/docker.py +0 -0
  170. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/child/esxi.py +0 -0
  171. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/child/hyperv.py +0 -0
  172. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/child/parallels.py +0 -0
  173. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/child/qemu.py +0 -0
  174. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/child/virtuozzo.py +0 -0
  175. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/child/vmware_workstation.py +0 -0
  176. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/child/wsl.py +0 -0
  177. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/filesystem/__init__.py +0 -0
  178. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/filesystem/acquire_handles.py +0 -0
  179. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/filesystem/acquire_hash.py +0 -0
  180. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/filesystem/icat.py +0 -0
  181. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/filesystem/ntfs/__init__.py +0 -0
  182. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/filesystem/ntfs/mft.py +0 -0
  183. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/filesystem/ntfs/mft_timeline.py +0 -0
  184. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/filesystem/ntfs/usnjrnl.py +0 -0
  185. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/filesystem/ntfs/utils.py +0 -0
  186. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/filesystem/resolver.py +0 -0
  187. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/filesystem/unix/__init__.py +0 -0
  188. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/filesystem/unix/capability.py +0 -0
  189. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/filesystem/unix/suid.py +0 -0
  190. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/filesystem/walkfs.py +0 -0
  191. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/filesystem/yara.py +0 -0
  192. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/general/__init__.py +0 -0
  193. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/general/config.py +0 -0
  194. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/general/default.py +0 -0
  195. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/general/example.py +0 -0
  196. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/general/loaders.py +0 -0
  197. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/general/network.py +0 -0
  198. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/general/osinfo.py +0 -0
  199. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/general/plugins.py +0 -0
  200. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/general/scrape.py +0 -0
  201. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/general/users.py +0 -0
  202. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/__init__.py +0 -0
  203. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/__init__.py +0 -0
  204. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/_os.py +0 -0
  205. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/bsd/__init__.py +0 -0
  206. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/bsd/_os.py +0 -0
  207. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/bsd/citrix/__init__.py +0 -0
  208. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/bsd/citrix/_os.py +0 -0
  209. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/bsd/citrix/history.py +0 -0
  210. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/bsd/freebsd/__init__.py +0 -0
  211. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/bsd/freebsd/_os.py +0 -0
  212. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/bsd/ios/__init__.py +0 -0
  213. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/bsd/ios/_os.py +0 -0
  214. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/bsd/openbsd/__init__.py +0 -0
  215. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/bsd/openbsd/_os.py +0 -0
  216. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/bsd/osx/__init__.py +0 -0
  217. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/bsd/osx/_os.py +0 -0
  218. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/bsd/osx/network.py +0 -0
  219. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/bsd/osx/user.py +0 -0
  220. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/cronjobs.py +0 -0
  221. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/datetime.py +0 -0
  222. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/esxi/__init__.py +0 -0
  223. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/esxi/_os.py +0 -0
  224. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/etc/__init__.py +0 -0
  225. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/etc/etc.py +0 -0
  226. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/etc.py +0 -0
  227. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/generic.py +0 -0
  228. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/history.py +0 -0
  229. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/__init__.py +0 -0
  230. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/_os.py +0 -0
  231. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/android/__init__.py +0 -0
  232. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/android/_os.py +0 -0
  233. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/cmdline.py +0 -0
  234. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/debian/__init__.py +0 -0
  235. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/debian/_os.py +0 -0
  236. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/debian/apt.py +0 -0
  237. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/debian/dpkg.py +0 -0
  238. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/debian/vyos/__init__.py +0 -0
  239. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/debian/vyos/_os.py +0 -0
  240. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/environ.py +0 -0
  241. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/fortios/__init__.py +0 -0
  242. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/fortios/_keys.py +0 -0
  243. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/fortios/_os.py +0 -0
  244. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/fortios/generic.py +0 -0
  245. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/fortios/locale.py +0 -0
  246. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/iptables.py +0 -0
  247. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/modules.py +0 -0
  248. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/netstat.py +0 -0
  249. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/network_managers.py +0 -0
  250. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/proc.py +0 -0
  251. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/processes.py +0 -0
  252. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/redhat/__init__.py +0 -0
  253. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/redhat/_os.py +0 -0
  254. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/redhat/yum.py +0 -0
  255. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/services.py +0 -0
  256. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/sockets.py +0 -0
  257. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/suse/__init__.py +0 -0
  258. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/suse/_os.py +0 -0
  259. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/linux/suse/zypper.py +0 -0
  260. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/locale.py +0 -0
  261. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/locate/__init__.py +0 -0
  262. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/locate/gnulocate.py +0 -0
  263. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/locate/locate.py +0 -0
  264. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/locate/mlocate.py +0 -0
  265. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/locate/plocate.py +0 -0
  266. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/log/__init__.py +0 -0
  267. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/log/atop.py +0 -0
  268. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/log/audit.py +0 -0
  269. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/log/auth.py +0 -0
  270. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/log/lastlog.py +0 -0
  271. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/log/utmp.py +0 -0
  272. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/packagemanager.py +0 -0
  273. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/shadow.py +0 -0
  274. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/trash.py +0 -0
  275. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/__init__.py +0 -0
  276. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/_os.py +0 -0
  277. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/activitiescache.py +0 -0
  278. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/adpolicy.py +0 -0
  279. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/amcache.py +0 -0
  280. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/catroot.py +0 -0
  281. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/cim.py +0 -0
  282. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/clfs.py +0 -0
  283. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/credential/__init__.py +0 -0
  284. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/credential/credhist.py +0 -0
  285. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/credential/lsa.py +0 -0
  286. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/credential/sam.py +0 -0
  287. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/datetime.py +0 -0
  288. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/defender.py +0 -0
  289. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/defender_helpers/__init__.py +0 -0
  290. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/defender_helpers/defender_patterns.py +0 -0
  291. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/defender_helpers/defender_records.py +0 -0
  292. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/dpapi/__init__.py +0 -0
  293. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/dpapi/blob.py +0 -0
  294. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/dpapi/crypto.py +0 -0
  295. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/dpapi/dpapi.py +0 -0
  296. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/dpapi/keyprovider/__init__.py +0 -0
  297. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/dpapi/keyprovider/credhist.py +0 -0
  298. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/dpapi/keyprovider/empty.py +0 -0
  299. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/dpapi/keyprovider/keychain.py +0 -0
  300. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/dpapi/keyprovider/keyprovider.py +0 -0
  301. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/dpapi/keyprovider/lsa.py +0 -0
  302. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/dpapi/master_key.py +0 -0
  303. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/env.py +0 -0
  304. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/exchange/__init__.py +0 -0
  305. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/exchange/exchange.py +0 -0
  306. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/generic.py +0 -0
  307. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/jumplist.py +0 -0
  308. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/lnk.py +0 -0
  309. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/locale.py +0 -0
  310. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/log/__init__.py +0 -0
  311. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/log/amcache.py +0 -0
  312. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/log/etl.py +0 -0
  313. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/log/evt.py +0 -0
  314. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/log/evtx.py +0 -0
  315. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/log/pfro.py +0 -0
  316. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/log/schedlgu.py +0 -0
  317. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/network.py +0 -0
  318. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/notifications.py +0 -0
  319. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/prefetch.py +0 -0
  320. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/recyclebin.py +0 -0
  321. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/regf/7zip.py +0 -0
  322. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/regf/__init__.py +0 -0
  323. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/regf/appxdebugkeys.py +0 -0
  324. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/regf/auditpol.py +0 -0
  325. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/regf/bam.py +0 -0
  326. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/regf/cit.py +0 -0
  327. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/regf/clsid.py +0 -0
  328. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/regf/firewall.py +0 -0
  329. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/regf/mru.py +0 -0
  330. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/regf/muicache.py +0 -0
  331. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/regf/nethist.py +0 -0
  332. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/regf/recentfilecache.py +0 -0
  333. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/regf/regf.py +0 -0
  334. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/regf/runkeys.py +0 -0
  335. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/regf/shellbags.py +0 -0
  336. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/regf/shimcache.py +0 -0
  337. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/regf/trusteddocs.py +0 -0
  338. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/regf/usb.py +0 -0
  339. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/regf/userassist.py +0 -0
  340. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/registry.py +0 -0
  341. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/services.py +0 -0
  342. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/sru.py +0 -0
  343. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/startupinfo.py +0 -0
  344. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/syscache.py +0 -0
  345. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/task_helpers/__init__.py +0 -0
  346. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/task_helpers/tasks_job.py +0 -0
  347. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/task_helpers/tasks_records.py +0 -0
  348. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/task_helpers/tasks_xml.py +0 -0
  349. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/tasks.py +0 -0
  350. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/thumbcache.py +0 -0
  351. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/ual.py +0 -0
  352. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/wer.py +0 -0
  353. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/windows/wua_history.py +0 -0
  354. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/report.py +0 -0
  355. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/target.py +0 -0
  356. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/tools/__init__.py +0 -0
  357. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/tools/build_pluginlist.py +0 -0
  358. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/tools/dd.py +0 -0
  359. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/tools/dump/__init__.py +0 -0
  360. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/tools/dump/run.py +0 -0
  361. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/tools/dump/state.py +0 -0
  362. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/tools/dump/utils.py +0 -0
  363. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/tools/fs.py +0 -0
  364. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/tools/fsutils.py +0 -0
  365. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/tools/info.py +0 -0
  366. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/tools/logging.py +0 -0
  367. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/tools/mount.py +0 -0
  368. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/tools/query.py +0 -0
  369. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/tools/reg.py +0 -0
  370. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/tools/shell.py +0 -0
  371. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/tools/utils.py +0 -0
  372. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/tools/yara.py +0 -0
  373. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/volume.py +0 -0
  374. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/volumes/__init__.py +0 -0
  375. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/volumes/bde.py +0 -0
  376. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/volumes/ddf.py +0 -0
  377. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/volumes/disk.py +0 -0
  378. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/volumes/luks.py +0 -0
  379. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/volumes/lvm.py +0 -0
  380. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/volumes/md.py +0 -0
  381. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/volumes/vmfs.py +0 -0
  382. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect.target.egg-info/dependency_links.txt +0 -0
  383. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect.target.egg-info/entry_points.txt +0 -0
  384. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect.target.egg-info/requires.txt +0 -0
  385. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect.target.egg-info/top_level.txt +0 -0
  386. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/pyproject.toml +0 -0
  387. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/setup.cfg +0 -0
  388. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/__init__.py +0 -0
  389. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/_docs/Makefile +0 -0
  390. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/_docs/conf.py +0 -0
  391. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/_docs/index.rst +0 -0
  392. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/_utils.py +0 -0
  393. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/conftest.py +0 -0
  394. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/containers/__init__.py +0 -0
  395. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/containers/test_fortifw.py +0 -0
  396. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/containers/test_split.py +0 -0
  397. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/filesystems/__init__.py +0 -0
  398. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/filesystems/test_btrfs.py +0 -0
  399. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/filesystems/test_cb.py +0 -0
  400. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/filesystems/test_config.py +0 -0
  401. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/filesystems/test_cpio.py +0 -0
  402. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/filesystems/test_dir.py +0 -0
  403. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/filesystems/test_exfat.py +0 -0
  404. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/filesystems/test_extfs.py +0 -0
  405. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/filesystems/test_fat.py +0 -0
  406. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/filesystems/test_ntfs.py +0 -0
  407. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/filesystems/test_overlay.py +0 -0
  408. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/filesystems/test_smb.py +0 -0
  409. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/filesystems/test_tar.py +0 -0
  410. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/filesystems/test_vmtar.py +0 -0
  411. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/filesystems/test_xfs.py +0 -0
  412. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/filesystems/test_zip.py +0 -0
  413. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/helpers/__init__.py +0 -0
  414. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/helpers/test_cache.py +0 -0
  415. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/helpers/test_config.py +0 -0
  416. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/helpers/test_configutil.py +0 -0
  417. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/helpers/test_docs.py +0 -0
  418. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/helpers/test_fsutil.py +0 -0
  419. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/helpers/test_hashutil.py +0 -0
  420. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/helpers/test_keychain.py +0 -0
  421. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/helpers/test_loaderutil.py +0 -0
  422. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/helpers/test_localeutil.py +0 -0
  423. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/helpers/test_modifier.py +0 -0
  424. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/helpers/test_protobuf.py +0 -0
  425. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/helpers/test_record.py +0 -0
  426. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/helpers/test_regutil.py +0 -0
  427. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/helpers/test_utils.py +0 -0
  428. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/__init__.py +0 -0
  429. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_ab.py +0 -0
  430. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_asdf.py +0 -0
  431. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_cb.py +0 -0
  432. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_dir.py +0 -0
  433. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_hyperv.py +0 -0
  434. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_kape.py +0 -0
  435. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_libvirt.py +0 -0
  436. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_local.py +0 -0
  437. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_log.py +0 -0
  438. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_mqtt.py +0 -0
  439. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_multiraw.py +0 -0
  440. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_ova.py +0 -0
  441. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_overlay.py +0 -0
  442. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_ovf.py +0 -0
  443. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_phobos.py +0 -0
  444. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_pvm.py +0 -0
  445. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_pvs.py +0 -0
  446. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_remote.py +0 -0
  447. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_smb.py +0 -0
  448. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_tanium.py +0 -0
  449. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_tar.py +0 -0
  450. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_utm.py +0 -0
  451. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_vbox.py +0 -0
  452. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_velociraptor.py +0 -0
  453. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/loaders/test_vmwarevm.py +0 -0
  454. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/__init__.py +0 -0
  455. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/__init__.py +0 -0
  456. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/av/__init__.py +0 -0
  457. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/av/test_mcafee.py +0 -0
  458. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/av/test_sophos.py +0 -0
  459. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/av/test_symantec.py +0 -0
  460. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/av/test_trendmicro.py +0 -0
  461. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/browser/__init__.py +0 -0
  462. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/browser/test_brave.py +0 -0
  463. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/browser/test_chrome.py +0 -0
  464. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/browser/test_chromium.py +0 -0
  465. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/browser/test_edge.py +0 -0
  466. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/browser/test_firefox.py +0 -0
  467. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/browser/test_iexplore.py +0 -0
  468. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/container/__init__.py +0 -0
  469. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/container/test_docker.py +0 -0
  470. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/other/__init__.py +0 -0
  471. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/other/test_envfile.py +0 -0
  472. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/remoteaccess/__init__.py +0 -0
  473. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/remoteaccess/test_anydesk.py +0 -0
  474. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/remoteaccess/test_teamviewer.py +0 -0
  475. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/shell/__init__.py +0 -0
  476. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/shell/test_powershell.py +0 -0
  477. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/shell/test_wget.py +0 -0
  478. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/ssh/__init__.py +0 -0
  479. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/ssh/test_openssh.py +0 -0
  480. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/ssh/test_opensshd.py +0 -0
  481. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/ssh/test_putty.py +0 -0
  482. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/texteditor/__init__.py +0 -0
  483. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/texteditor/test_texteditor.py +0 -0
  484. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/virtualization/__init__.py +0 -0
  485. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/virtualization/test_vmware_workstation.py +0 -0
  486. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/vpn/__init__.py +0 -0
  487. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/vpn/test_openvpn.py +0 -0
  488. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/vpn/test_wireguard.py +0 -0
  489. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/webhosting/__init__.py +0 -0
  490. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/webhosting/test_cpanel.py +0 -0
  491. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/webserver/__init__.py +0 -0
  492. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/webserver/test_apache.py +0 -0
  493. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/webserver/test_caddy.py +0 -0
  494. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/webserver/test_citrix.py +0 -0
  495. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/webserver/test_iis.py +0 -0
  496. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/webserver/test_nginx.py +0 -0
  497. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/apps/webserver/test_webserver.py +0 -0
  498. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/child/__init__.py +0 -0
  499. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/child/test_docker.py +0 -0
  500. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/child/test_hyperv.py +0 -0
  501. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/child/test_parallels.py +0 -0
  502. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/child/test_qemu.py +0 -0
  503. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/child/test_virtuozzo.py +0 -0
  504. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/child/test_vmware_workstation.py +0 -0
  505. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/child/test_wsl.py +0 -0
  506. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/filesystem/__init__.py +0 -0
  507. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/filesystem/ntfs/__init__.py +0 -0
  508. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/filesystem/ntfs/test_mft.py +0 -0
  509. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/filesystem/ntfs/test_usnjrnl.py +0 -0
  510. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/filesystem/test_acquire_handles.py +0 -0
  511. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/filesystem/test_acquire_hash.py +0 -0
  512. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/filesystem/test_icat.py +0 -0
  513. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/filesystem/test_resolver.py +0 -0
  514. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/filesystem/test_walkfs.py +0 -0
  515. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/filesystem/test_yara.py +0 -0
  516. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/filesystem/unix/__init__.py +0 -0
  517. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/filesystem/unix/test_capability.py +0 -0
  518. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/filesystem/unix/test_suid.py +0 -0
  519. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/general/__init__.py +0 -0
  520. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/general/test_config.py +0 -0
  521. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/general/test_default.py +0 -0
  522. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/general/test_network.py +0 -0
  523. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/general/test_plugins.py +0 -0
  524. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/general/test_scrape.py +0 -0
  525. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/general/test_users.py +0 -0
  526. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/__init__.py +0 -0
  527. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/__init__.py +0 -0
  528. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/bsd/__init__.py +0 -0
  529. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/bsd/citrix/__init__.py +0 -0
  530. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/bsd/citrix/test__os.py +0 -0
  531. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/bsd/citrix/test_history.py +0 -0
  532. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/bsd/osx/__init__.py +0 -0
  533. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/bsd/osx/test__os.py +0 -0
  534. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/bsd/osx/test_network.py +0 -0
  535. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/bsd/osx/test_user.py +0 -0
  536. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/esxi/__init__.py +0 -0
  537. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/esxi/test__os.py +0 -0
  538. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/linux/__init__.py +0 -0
  539. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/linux/android/__init__.py +0 -0
  540. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/linux/android/test__os.py +0 -0
  541. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/linux/debian/__init__.py +0 -0
  542. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/linux/debian/test_apt.py +0 -0
  543. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/linux/debian/test_dpkg.py +0 -0
  544. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/linux/fortios/test_keys.py +0 -0
  545. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/linux/redhat/__init__.py +0 -0
  546. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/linux/redhat/test_yum.py +0 -0
  547. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/linux/suse/__init__.py +0 -0
  548. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/linux/suse/test_zypper.py +0 -0
  549. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/linux/test__os.py +0 -0
  550. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/linux/test_cmdline.py +0 -0
  551. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/linux/test_environ.py +0 -0
  552. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/linux/test_iptables.py +0 -0
  553. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/linux/test_modules.py +0 -0
  554. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/linux/test_netstat.py +0 -0
  555. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/linux/test_proc.py +0 -0
  556. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/linux/test_processes.py +0 -0
  557. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/linux/test_services.py +0 -0
  558. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/linux/test_sockets.py +0 -0
  559. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/locate/__init__.py +0 -0
  560. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/locate/test_gnulocate.py +0 -0
  561. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/locate/test_mlocate.py +0 -0
  562. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/locate/test_plocate.py +0 -0
  563. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/log/__init__.py +0 -0
  564. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/log/test_atop.py +0 -0
  565. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/log/test_audit.py +0 -0
  566. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/log/test_auth.py +0 -0
  567. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/log/test_lastlog.py +0 -0
  568. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/log/test_utmp.py +0 -0
  569. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/test__os.py +0 -0
  570. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/test_generic.py +0 -0
  571. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/test_history.py +0 -0
  572. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/test_ips.py +0 -0
  573. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/test_locale.py +0 -0
  574. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/test_packagemanager.py +0 -0
  575. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/test_shadow.py +0 -0
  576. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/test_trash.py +0 -0
  577. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/test_users.py +0 -0
  578. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/test_version.py +0 -0
  579. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/__init__.py +0 -0
  580. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/credential/__init__.py +0 -0
  581. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/credential/test_credhist.py +0 -0
  582. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/credential/test_lsa.py +0 -0
  583. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/credential/test_sam.py +0 -0
  584. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/log/test_etl.py +0 -0
  585. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/log/test_evt.py +0 -0
  586. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/log/test_evtx.py +0 -0
  587. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/log/test_schedlgu.py +0 -0
  588. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/regf/__init__.py +0 -0
  589. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/regf/test_appxdebugkeys.py +0 -0
  590. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/regf/test_cit.py +0 -0
  591. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/regf/test_clsid.py +0 -0
  592. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/regf/test_muicache.py +0 -0
  593. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/regf/test_shellbags.py +0 -0
  594. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/regf/test_trusteddocs.py +0 -0
  595. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/regf/test_usb.py +0 -0
  596. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/regf/test_userassist.py +0 -0
  597. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test__os.py +0 -0
  598. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_adpolicy.py +0 -0
  599. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_amcache.py +0 -0
  600. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_catroot.py +0 -0
  601. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_clfs.py +0 -0
  602. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_datetime.py +0 -0
  603. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_defender.py +0 -0
  604. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_dpapi.py +0 -0
  605. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_env.py +0 -0
  606. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_generic.py +0 -0
  607. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_jumplist.py +0 -0
  608. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_lnk.py +0 -0
  609. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_locale.py +0 -0
  610. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_mru.py +0 -0
  611. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_network.py +0 -0
  612. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_notifications.py +0 -0
  613. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_prefetch.py +0 -0
  614. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_recyclebin.py +0 -0
  615. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_registry.py +0 -0
  616. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_shimcache.py +0 -0
  617. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_sru.py +0 -0
  618. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_syscache.py +0 -0
  619. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_tasks.py +0 -0
  620. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_thumbcache.py +0 -0
  621. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_ual.py +0 -0
  622. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_wer.py +0 -0
  623. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/windows/test_wua_history.py +0 -0
  624. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/test_container.py +0 -0
  625. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/test_filesystem.py +0 -0
  626. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/test_plugin.py +0 -0
  627. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/test_registration.py +0 -0
  628. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/test_report.py +0 -0
  629. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/test_target.py +0 -0
  630. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/test_tests.py +0 -0
  631. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/test_volume.py +0 -0
  632. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/tools/__init__.py +0 -0
  633. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/tools/test_dump.py +0 -0
  634. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/tools/test_fs.py +0 -0
  635. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/tools/test_fsutils.py +0 -0
  636. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/tools/test_info.py +0 -0
  637. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/tools/test_mount.py +0 -0
  638. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/tools/test_query.py +0 -0
  639. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/tools/test_reg.py +0 -0
  640. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/tools/test_shell.py +0 -0
  641. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/tools/test_utils.py +0 -0
  642. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/tools/test_yara.py +0 -0
  643. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/volumes/__init__.py +0 -0
  644. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/volumes/test_bde.py +0 -0
  645. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/volumes/test_md.py +0 -0
  646. {dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tox.ini +0 -0
{dissect_target-3.20.dev31/dissect.target.egg-info → dissect_target-3.20.dev33}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: dissect.target
3
- Version: 3.20.dev31
3
+ Version: 3.20.dev33
4
4
  Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/log/journal.py RENAMED
@@ -1,7 +1,8 @@
1
1
  from __future__ import annotations
2
2
 
3
+ import logging
3
4
  import lzma
4
- from typing import BinaryIO, Callable, Iterator
5
+ from typing import Any, BinaryIO, Callable, Iterator
5
6
 
6
7
  import zstandard
7
8
  from dissect.cstruct import cstruct
@@ -13,6 +14,8 @@ from dissect.target.exceptions import UnsupportedPluginError
13
14
  from dissect.target.helpers.record import TargetRecordDescriptor
14
15
  from dissect.target.plugin import Plugin, export
15
16
 
17
+ log = logging.getLogger(__name__)
18
+
16
19
  # The events have undocumented fields that are not part of the record
17
20
  JournalRecord = TargetRecordDescriptor(
18
21
  "linux/log/journal",
@@ -28,7 +31,7 @@ JournalRecord = TargetRecordDescriptor(
28
31
  ("varint", "errno"),
29
32
  ("string", "invocation_id"),
30
33
  ("string", "user_invocation_id"),
31
- ("varint", "syslog_facility"),
34
+ ("string", "syslog_facility"),
32
35
  ("string", "syslog_identifier"),
33
36
  ("varint", "syslog_pid"),
34
37
  ("string", "syslog_raw"),
@@ -70,11 +73,13 @@ JournalRecord = TargetRecordDescriptor(
70
73
  ("path", "udev_devlink"),
71
74
  # Other fields
72
75
  ("string", "journal_hostname"),
73
- ("path", "filepath"),
76
+ ("path", "source"),
74
77
  ],
75
78
  )
76
79
 
77
80
  journal_def = """
81
+ #define HEADER_SIGNATURE b"LPKSHHRH"
82
+
78
83
  typedef uint8 uint8_t;
79
84
  typedef uint32 le32_t;
80
85
  typedef uint64 le64_t;
@@ -100,7 +105,7 @@ flag IncompatibleFlag : le32_t {
100
105
  };
101
106
 
102
107
  struct Header {
103
- uint8_t signature[8];
108
+ char signature[8];
104
109
  le32_t compatible_flags;
105
110
  IncompatibleFlag incompatible_flags;
106
111
  State state;
@@ -165,7 +170,7 @@ struct ObjectHeader {
165
170
 
166
171
  // The first four members are copied from ObjectHeader, so that the size can be used as the length of payload
167
172
  struct DataObject {
168
- ObjectType type;
173
+ // ObjectType type;
169
174
  ObjectFlag flags;
170
175
  uint8_t reserved[6];
171
176
  le64_t size;
@@ -181,7 +186,7 @@ struct DataObject {
181
186
  // If the HEADER_INCOMPATIBLE_COMPACT flag is set, two extra fields are stored to allow immediate access
182
187
  // to the tail entry array in the DATA object's entry array chain.
183
188
  struct DataObject_Compact {
184
- ObjectType type;
189
+ // ObjectType type;
185
190
  ObjectFlag flags;
186
191
  uint8_t reserved[6];
187
192
  le64_t size;
@@ -236,7 +241,7 @@ struct EntryObject_Compact {
236
241
 
237
242
  // The first four members are copied from from ObjectHeader, so that the size can be used as the length of entry_object_offsets
238
243
  struct EntryArrayObject {
239
- ObjectType type;
244
+ // ObjectType type;
240
245
  uint8_t flags;
241
246
  uint8_t reserved[6];
242
247
  le64_t size;
@@ -245,7 +250,7 @@ struct EntryArrayObject {
245
250
  };
246
251
 
247
252
  struct EntryArrayObject_Compact {
248
- ObjectType type;
253
+ // ObjectType type;
249
254
  uint8_t flags;
250
255
  uint8_t reserved[6];
251
256
  le64_t size;
@@ -257,9 +262,19 @@ struct EntryArrayObject_Compact {
257
262
  c_journal = cstruct().load(journal_def)
258
263
 
259
264
 
260
- def get_optional(value: str, to_type: Callable):
265
+ def get_optional(value: str, to_type: Callable) -> Any | None:
261
266
  """Return the value if True, otherwise return None."""
262
- return to_type(value) if value else None
267
+
268
+ if not value:
269
+ return None
270
+
271
+ try:
272
+ return to_type(value)
273
+
274
+ except ValueError as e:
275
+ log.error("Unable to cast '%s' to %s", value, to_type)
276
+ log.debug("", exc_info=e)
277
+ return None
263
278
 
264
279
 
265
280
  class JournalFile:
@@ -273,136 +288,138 @@ class JournalFile:
273
288
  def __init__(self, fh: BinaryIO, target: Target):
274
289
  self.fh = fh
275
290
  self.target = target
276
- self.header = c_journal.Header(self.fh)
277
- self.signature = "".join(chr(c) for c in self.header.signature)
278
- self.entry_array_offset = self.header.entry_array_offset
279
291
 
280
- def entry_object_offsets(self) -> Iterator[int]:
281
- """Read object entry arrays."""
292
+ try:
293
+ self.header = c_journal.Header(self.fh)
294
+ except EOFError as e:
295
+ raise ValueError(f"Invalid systemd Journal file: {e}")
282
296
 
283
- offset = self.entry_array_offset
284
-
285
- # Entry Array with next_entry_array_offset set to 0 is the last in the list
286
- while offset != 0:
287
- self.fh.seek(offset)
288
-
289
- object = c_journal.ObjectHeader(self.fh)
290
-
291
- if object.type == c_journal.ObjectType.OBJECT_ENTRY_ARRAY:
292
- # After the object is checked, read again but with EntryArrayObject instead of ObjectHeader
293
- self.fh.seek(offset)
294
-
295
- if self.header.incompatible_flags & c_journal.IncompatibleFlag.HEADER_INCOMPATIBLE_COMPACT:
296
- entry_array_object = c_journal.EntryArrayObject_Compact(self.fh)
297
- else:
298
- entry_array_object = c_journal.EntryArrayObject(self.fh)
299
-
300
- for entry_object_offset in entry_array_object.entry_object_offsets:
301
- # Check if the offset is not zero and points to nothing
302
- if entry_object_offset:
303
- yield entry_object_offset
304
-
305
- offset = entry_array_object.next_entry_array_offset
297
+ if self.header.signature != c_journal.HEADER_SIGNATURE:
298
+ raise ValueError(f"Journal file has invalid magic header: {self.header.signature!r}'")
306
299
 
307
300
  def decode_value(self, value: bytes) -> tuple[str, str]:
308
- value = value.decode(encoding="utf-8", errors="surrogateescape").strip()
309
-
310
- # Strip leading underscores part of the field name
311
- value = value.lstrip("_")
312
-
301
+ """Decode the given bytes to a key value pair."""
302
+ value = value.decode(errors="surrogateescape").strip().lstrip("_")
313
303
  key, value = value.split("=", 1)
314
304
  key = key.lower()
315
-
316
305
  return key, value
317
306
 
318
307
  def __iter__(self) -> Iterator[dict[str, int | str]]:
319
308
  "Iterate over the entry objects to read payloads."
320
309
 
321
- for offset in self.entry_object_offsets():
310
+ offset = self.header.entry_array_offset
311
+ while offset != 0:
322
312
  self.fh.seek(offset)
323
313
 
314
+ if self.fh.read(1)[0] != c_journal.ObjectType.OBJECT_ENTRY_ARRAY:
315
+ raise ValueError(f"Expected OBJECT_ENTRY_ARRAY at offset {offset}")
316
+
317
+ if self.header.incompatible_flags & c_journal.IncompatibleFlag.HEADER_INCOMPATIBLE_COMPACT:
318
+ entry_array_object = c_journal.EntryArrayObject_Compact(self.fh)
319
+ else:
320
+ entry_array_object = c_journal.EntryArrayObject(self.fh)
321
+
322
+ for entry_object_offset in entry_array_object.entry_object_offsets:
323
+ if entry_object_offset:
324
+ yield from self._parse_entry_object(offset=entry_object_offset)
325
+
326
+ offset = entry_array_object.next_entry_array_offset
327
+
328
+ def _parse_entry_object(self, offset: int) -> Iterator[dict]:
329
+ self.fh.seek(offset)
330
+
331
+ try:
324
332
  if self.header.incompatible_flags & c_journal.IncompatibleFlag.HEADER_INCOMPATIBLE_COMPACT:
325
333
  entry = c_journal.EntryObject_Compact(self.fh)
326
334
  else:
327
335
  entry = c_journal.EntryObject(self.fh)
328
336
 
329
- event = {}
330
- event["ts"] = ts.from_unix_us(entry.realtime)
337
+ except EOFError as e:
338
+ self.target.log.warning("Unable to read Journal EntryObject at offset %s in: %s", offset, self.fh)
339
+ self.target.log.debug("", exc_info=e)
340
+ return
331
341
 
332
- for item in entry.items:
333
- try:
334
- self.fh.seek(item.object_offset)
342
+ event = {"ts": ts.from_unix_us(entry.realtime)}
343
+ for item in entry.items:
344
+ try:
345
+ self.fh.seek(item.object_offset)
335
346
 
336
- object = c_journal.ObjectHeader(self.fh)
347
+ if self.fh.read(1)[0] != c_journal.ObjectType.OBJECT_DATA:
348
+ continue
337
349
 
338
- if object.type == c_journal.ObjectType.OBJECT_DATA:
339
- self.fh.seek(item.object_offset)
350
+ if self.header.incompatible_flags & c_journal.IncompatibleFlag.HEADER_INCOMPATIBLE_COMPACT:
351
+ data_object = c_journal.DataObject_Compact(self.fh)
352
+ else:
353
+ data_object = c_journal.DataObject(self.fh)
340
354
 
341
- if self.header.incompatible_flags & c_journal.IncompatibleFlag.HEADER_INCOMPATIBLE_COMPACT:
342
- data_object = c_journal.DataObject_Compact(self.fh)
343
- else:
344
- data_object = c_journal.DataObject(self.fh)
355
+ if not data_object.payload:
356
+ continue
345
357
 
346
- data = data_object.payload
358
+ data = data_object.payload
347
359
 
348
- if not data:
349
- # If the payload is empty
350
- continue
351
- elif data_object.flags & c_journal.ObjectFlag.OBJECT_COMPRESSED_XZ:
352
- data = lzma.decompress(data)
353
- elif data_object.flags & c_journal.ObjectFlag.OBJECT_COMPRESSED_LZ4:
354
- data = lz4.decompress(data[8:])
355
- elif data_object.flags & c_journal.ObjectFlag.OBJECT_COMPRESSED_ZSTD:
356
- data = zstandard.decompress(data)
360
+ if data_object.flags & c_journal.ObjectFlag.OBJECT_COMPRESSED_XZ:
361
+ data = lzma.decompress(data)
357
362
 
358
- key, value = self.decode_value(data)
359
- event[key] = value
363
+ elif data_object.flags & c_journal.ObjectFlag.OBJECT_COMPRESSED_LZ4:
364
+ data = lz4.decompress(data[8:])
360
365
 
361
- except Exception as e:
362
- self.target.log.warning(
363
- "The data object in Journal file %s could not be parsed",
364
- getattr(self.fh, "name", None),
365
- exc_info=e,
366
- )
367
- continue
366
+ elif data_object.flags & c_journal.ObjectFlag.OBJECT_COMPRESSED_ZSTD:
367
+ data = zstandard.decompress(data)
368
+
369
+ key, value = self.decode_value(data)
370
+ event[key] = value
371
+
372
+ except Exception as e:
373
+ self.target.log.warning(
374
+ "Journal DataObject could not be parsed at offset %s in %s",
375
+ item.object_offset,
376
+ getattr(self.fh, "name", None),
377
+ )
378
+ self.target.log.debug("", exc_info=e)
379
+ continue
368
380
 
369
- yield event
381
+ yield event
370
382
 
371
383
 
372
384
  class JournalPlugin(Plugin):
385
+ """Systemd Journal plugin."""
386
+
373
387
  JOURNAL_PATHS = ["/var/log/journal"] # TODO: /run/systemd/journal
374
388
  JOURNAL_GLOB = "*/*.journal*" # The extensions .journal and .journal~
375
- JOURNAL_SIGNATURE = "LPKSHHRH"
376
389
 
377
390
  def __init__(self, target: Target):
378
391
  super().__init__(target)
379
- self.journal_paths = []
392
+ self.journal_files = []
380
393
 
381
- for _path in self.JOURNAL_PATHS:
382
- self.journal_paths.extend(self.target.fs.path(_path).glob(self.JOURNAL_GLOB))
394
+ for journal_path in self.JOURNAL_PATHS:
395
+ self.journal_files.extend(self.target.fs.path(journal_path).glob(self.JOURNAL_GLOB))
383
396
 
384
397
  def check_compatible(self) -> None:
385
- if not len(self.journal_paths):
398
+ if not self.journal_files:
386
399
  raise UnsupportedPluginError("No journald files found")
387
400
 
388
401
  @export(record=JournalRecord)
389
402
  def journal(self) -> Iterator[JournalRecord]:
390
- """Return the content of Systemd Journal log files.
403
+ """Return the contents of Systemd Journal log files.
391
404
 
392
405
  References:
393
406
  - https://wiki.archlinux.org/title/Systemd/Journal
394
407
  - https://github.com/systemd/systemd/blob/9203abf79f1d05fdef9b039e7addf9fc5a27752d/man/systemd.journal-fields.xml
395
408
  """ # noqa: E501
396
-
397
409
  path_function = self.target.fs.path
398
410
 
399
- for _path in self.journal_paths:
400
- fh = _path.open()
411
+ for journal_file in self.journal_files:
412
+ if not journal_file.is_file():
413
+ self.target.log.warning("Unable to parse journal file as it is not a file: %s", journal_file)
414
+ continue
401
415
 
402
- journal = JournalFile(fh, self.target)
416
+ try:
417
+ fh = journal_file.open()
418
+ journal = JournalFile(fh, self.target)
403
419
 
404
- if not journal.signature == self.JOURNAL_SIGNATURE:
405
- self.target.log.warning("The Journal log file %s has an invalid magic header", _path)
420
+ except Exception as e:
421
+ self.target.log.warning("Unable to parse journal file structure: %s: %s", journal_file, str(e))
422
+ self.target.log.debug("", exc_info=e)
406
423
  continue
407
424
 
408
425
  for entry in journal:
@@ -417,7 +434,7 @@ class JournalPlugin(Plugin):
417
434
  errno=get_optional(entry.get("errno"), int),
418
435
  invocation_id=entry.get("invocation_id"),
419
436
  user_invocation_id=entry.get("user_invocation_id"),
420
- syslog_facility=get_optional(entry.get("syslog_facility"), int),
437
+ syslog_facility=entry.get("syslog_facility"),
421
438
  syslog_identifier=entry.get("syslog_identifier"),
422
439
  syslog_pid=get_optional(entry.get("syslog_pid"), int),
423
440
  syslog_raw=entry.get("syslog_raw"),
@@ -456,6 +473,6 @@ class JournalPlugin(Plugin):
456
473
  udev_devnode=get_optional(entry.get("udev_devnode"), path_function),
457
474
  udev_devlink=get_optional(entry.get("udev_devlink"), path_function),
458
475
  journal_hostname=entry.get("hostname"),
459
- filepath=_path,
476
+ source=journal_file,
460
477
  _target=self.target,
461
478
  )
{dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect/target/plugins/os/unix/log/messages.py RENAMED
@@ -1,9 +1,13 @@
1
+ from __future__ import annotations
2
+
1
3
  import re
4
+ from datetime import datetime, timezone, tzinfo
2
5
  from pathlib import Path
3
6
  from typing import Iterator
4
7
 
5
8
  from dissect.target import Target
6
9
  from dissect.target.exceptions import UnsupportedPluginError
10
+ from dissect.target.helpers.fsutil import open_decompress
7
11
  from dissect.target.helpers.record import TargetRecordDescriptor
8
12
  from dissect.target.helpers.utils import year_rollover_helper
9
13
  from dissect.target.plugin import Plugin, alias, export
@@ -66,7 +70,7 @@ class MessagesPlugin(Plugin):
66
70
 
67
71
  for log_file in self.log_files:
68
72
  if "cloud-init" in log_file.name:
69
- yield from self._parse_cloud_init_log(log_file)
73
+ yield from self._parse_cloud_init_log(log_file, tzinfo)
70
74
  continue
71
75
 
72
76
  for ts, line in year_rollover_helper(log_file, RE_TS, DEFAULT_TS_LOG_FORMAT, tzinfo):
@@ -83,7 +87,7 @@ class MessagesPlugin(Plugin):
83
87
  _target=self.target,
84
88
  )
85
89
 
86
- def _parse_cloud_init_log(self, log_file: Path) -> Iterator[MessagesRecord]:
90
+ def _parse_cloud_init_log(self, log_file: Path, tzinfo: tzinfo | None = timezone.utc) -> Iterator[MessagesRecord]:
87
91
  """Parse a cloud-init.log file.
88
92
 
89
93
  Lines are structured in the following format:
@@ -96,18 +100,41 @@ class MessagesPlugin(Plugin):
96
100
 
97
101
  Returns: ``MessagesRecord``
98
102
  """
99
- for line in log_file.open("rt").readlines():
100
- if line := line.strip():
101
- if match := RE_CLOUD_INIT_LINE.match(line):
102
- match = match.groupdict()
103
- yield MessagesRecord(
104
- ts=match["ts"].split(",")[0],
105
- daemon=match["daemon"],
106
- pid=None,
107
- message=match["message"],
108
- source=log_file,
109
- _target=self.target,
110
- )
111
- else:
112
- self.target.log.warning("Could not match cloud-init log line")
103
+
104
+ ts_fmt = "%Y-%m-%d %H:%M:%S,%f"
105
+
106
+ with open_decompress(log_file, "rt") as fh:
107
+ for line in fh:
108
+ if not (line := line.strip()):
109
+ continue
110
+
111
+ if not (match := RE_CLOUD_INIT_LINE.match(line)):
112
+ self.target.log.warning("Could not match cloud-init log line in file: %s", log_file)
113
113
  self.target.log.debug("No match for line '%s'", line)
114
+ continue
115
+
116
+ values = match.groupdict()
117
+
118
+ # Actual format is ``YYYY-MM-DD HH:MM:SS,000`` (asctime with milliseconds) but python has no strptime
119
+ # operator for 3 digit milliseconds, so we convert and pad to six digit microseconds.
120
+ # https://github.com/canonical/cloud-init/blob/main/cloudinit/log/loggers.py#DEFAULT_LOG_FORMAT
121
+ # https://docs.python.org/3/library/logging.html#asctime
122
+ raw_ts, _, milliseconds = values["ts"].rpartition(",")
123
+ raw_ts += "," + str((int(milliseconds) * 1000)).zfill(6)
124
+
125
+ try:
126
+ ts = datetime.strptime(raw_ts, ts_fmt).replace(tzinfo=tzinfo)
127
+
128
+ except ValueError as e:
129
+ self.target.log.warning("Timestamp '%s' does not match format '%s'", raw_ts, ts_fmt)
130
+ self.target.log.debug("", exc_info=e)
131
+ ts = datetime(1970, 1, 1, 0, 0, 0, 0)
132
+
133
+ yield MessagesRecord(
134
+ ts=ts,
135
+ daemon=values["daemon"],
136
+ pid=None,
137
+ message=values["message"],
138
+ source=log_file,
139
+ _target=self.target,
140
+ )
{dissect_target-3.20.dev31 → dissect_target-3.20.dev33/dissect.target.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: dissect.target
3
- Version: 3.20.dev31
3
+ Version: 3.20.dev33
4
4
  Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/dissect.target.egg-info/SOURCES.txt RENAMED
@@ -534,7 +534,6 @@ tests/plugins/os/unix/test__os.py
534
534
  tests/plugins/os/unix/test_generic.py
535
535
  tests/plugins/os/unix/test_history.py
536
536
  tests/plugins/os/unix/test_ips.py
537
- tests/plugins/os/unix/test_journal.py
538
537
  tests/plugins/os/unix/test_locale.py
539
538
  tests/plugins/os/unix/test_packagemanager.py
540
539
  tests/plugins/os/unix/test_shadow.py
@@ -580,6 +579,7 @@ tests/plugins/os/unix/log/__init__.py
580
579
  tests/plugins/os/unix/log/test_atop.py
581
580
  tests/plugins/os/unix/log/test_audit.py
582
581
  tests/plugins/os/unix/log/test_auth.py
582
+ tests/plugins/os/unix/log/test_journal.py
583
583
  tests/plugins/os/unix/log/test_lastlog.py
584
584
  tests/plugins/os/unix/log/test_messages.py
585
585
  tests/plugins/os/unix/log/test_utmp.py
{dissect_target-3.20.dev31/tests/plugins/os/unix → dissect_target-3.20.dev33/tests/plugins/os/unix/log}/test_journal.py RENAMED
@@ -1,27 +1,30 @@
1
1
  from flow.record.fieldtypes import datetime as dt
2
2
 
3
+ from dissect.target.filesystem import VirtualFilesystem
3
4
  from dissect.target.plugins.os.unix.log.journal import JournalPlugin
5
+ from dissect.target.target import Target
4
6
  from tests._utils import absolute_path
5
7
 
6
8
 
7
- def test_journal_plugin(target_unix, fs_unix):
9
+ def test_journal_plugin(target_unix: Target, fs_unix: VirtualFilesystem) -> None:
10
+ """test linux systemd journal file parsing."""
11
+
8
12
  data_file = absolute_path("_data/plugins/os/unix/log/journal/journal")
9
13
  fs_unix.map_file("var/log/journal/1337/user-1000.journal", data_file)
10
-
11
14
  target_unix.add_plugin(JournalPlugin)
12
15
 
13
16
  results = list(target_unix.journal())
14
- record = results[0]
15
-
16
17
  assert len(results) == 2
17
18
 
19
+ record = results[0]
18
20
  assert record.ts == dt("2023-05-19T16:22:38.841870+00:00")
19
- assert (
20
- record.message
21
- == "Window manager warning: last_user_time (928062) is greater than comparison timestamp (928031). This most likely represents a buggy client sending inaccurate timestamps in messages such as _NET_ACTIVE_WINDOW. Trying to work around..." # noqa: E501
21
+ assert record.message == (
22
+ "Window manager warning: last_user_time (928062) is greater than comparison timestamp (928031). "
23
+ "This most likely represents a buggy client sending inaccurate timestamps in messages such as "
24
+ "_NET_ACTIVE_WINDOW. Trying to work around..."
22
25
  )
23
- assert record.syslog_facility == 3
26
+ assert record.syslog_facility == "3"
24
27
  assert record.syslog_identifier == "gnome-shell"
25
28
  assert record.pid == 2096
26
29
  assert record.transport == "stdout"
27
- assert str(record.filepath) == "/var/log/journal/1337/user-1000.journal"
30
+ assert record.source == "/var/log/journal/1337/user-1000.journal"
{dissect_target-3.20.dev31 → dissect_target-3.20.dev33}/tests/plugins/os/unix/log/test_messages.py RENAMED
@@ -1,3 +1,4 @@
1
+ import gzip
1
2
  import tarfile
2
3
  import textwrap
3
4
  from datetime import datetime, timezone
@@ -5,8 +6,6 @@ from io import BytesIO
5
6
  from unittest.mock import patch
6
7
  from zoneinfo import ZoneInfo
7
8
 
8
- from flow.record.fieldtypes import datetime as dt
9
-
10
9
  from dissect.target import Target
11
10
  from dissect.target.filesystem import VirtualFilesystem
12
11
  from dissect.target.filesystems.tar import TarFilesystem
@@ -83,8 +82,8 @@ def test_unix_log_messages_compressed_timezone_year_rollover() -> None:
83
82
  assert len(results) == 2
84
83
  assert isinstance(results[0], type(MessagesRecord()))
85
84
  assert isinstance(results[1], type(MessagesRecord()))
86
- assert results[0].ts == dt(2020, 12, 31, 3, 14, 0, tzinfo=ZoneInfo("America/Chicago"))
87
- assert results[1].ts == dt(2021, 1, 1, 13, 37, 0, tzinfo=ZoneInfo("America/Chicago"))
85
+ assert results[0].ts == datetime(2020, 12, 31, 3, 14, 0, tzinfo=ZoneInfo("America/Chicago"))
86
+ assert results[1].ts == datetime(2021, 1, 1, 13, 37, 0, tzinfo=ZoneInfo("America/Chicago"))
88
87
 
89
88
 
90
89
  def test_unix_log_messages_malformed_log_year_rollover(target_unix_users: Target, fs_unix: VirtualFilesystem) -> None:
@@ -108,19 +107,34 @@ def test_unix_log_messages_malformed_log_year_rollover(target_unix_users: Target
108
107
  assert len(results) == 2
109
108
 
110
109
 
111
- def test_unix_messages_cloud_init(target_unix_users: Target, fs_unix: VirtualFilesystem) -> None:
110
+ def test_unix_messages_cloud_init(target_unix: Target, fs_unix: VirtualFilesystem) -> None:
111
+ """test if we correctly parse plaintext and compressed cloud-init log files."""
112
+
112
113
  messages = """
113
114
  2005-08-09 11:55:21,000 - foo.py[DEBUG]: This is a cloud-init message!
114
115
  2005-08-09 11:55:21,001 - util.py[DEBUG]: Cloud-init v. 1.2.3-4ubuntu5 running 'init-local' at Tue, 9 Aug 2005 11:55:21 +0000. Up 13.37 seconds.
115
116
  """ # noqa: E501
116
- fs_unix.map_file_fh("/var/log/installer/cloud-init.log", BytesIO(textwrap.dedent(messages).encode()))
117
+ msg_bytes = textwrap.dedent(messages).encode()
117
118
 
118
- target_unix_users.add_plugin(MessagesPlugin)
119
+ fs_unix.map_file_fh("/etc/timezone", BytesIO(b"Europe/Amsterdam"))
120
+ fs_unix.map_file_fh("/var/log/installer/cloud-init.log", BytesIO(msg_bytes))
121
+ fs_unix.map_file_fh("/var/log/installer/cloud-init.log.1.gz", BytesIO(gzip.compress(msg_bytes)))
122
+ target_unix.add_plugin(MessagesPlugin)
119
123
 
120
- results = list(target_unix_users.messages())
121
- assert len(results) == 2
122
- assert results[0].ts == dt(2005, 8, 9, 11, 55, 21)
124
+ results = sorted(list(target_unix.messages()), key=lambda r: r.source)
125
+ assert len(results) == 4
126
+
127
+ assert results[0].ts == datetime(2005, 8, 9, 11, 55, 21, 0, tzinfo=ZoneInfo("Europe/Amsterdam"))
123
128
  assert results[0].daemon == "foo.py"
124
129
  assert results[0].pid is None
125
130
  assert results[0].message == "This is a cloud-init message!"
126
131
  assert results[0].source == "/var/log/installer/cloud-init.log"
132
+
133
+ assert results[-1].ts == datetime(2005, 8, 9, 11, 55, 21, 1_000, tzinfo=ZoneInfo("Europe/Amsterdam"))
134
+ assert results[-1].daemon == "util.py"
135
+ assert results[-1].pid is None
136
+ assert (
137
+ results[-1].message
138
+ == "Cloud-init v. 1.2.3-4ubuntu5 running 'init-local' at Tue, 9 Aug 2005 11:55:21 +0000. Up 13.37 seconds." # noqa: E501
139
+ )
140
+ assert results[-1].source == "/var/log/installer/cloud-init.log.1.gz"