dissect.target 3.22.dev46__tar.gz → 3.22.dev48__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/PKG-INFO +1 -1
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/velociraptor.py +22 -2
- dissect_target-3.22.dev48/dissect/target/plugins/apps/edr/acquire.py +85 -0
- dissect_target-3.22.dev48/dissect/target/plugins/apps/edr/velociraptor.py +111 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect.target.egg-info/PKG-INFO +1 -1
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect.target.egg-info/SOURCES.txt +6 -4
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/conftest.py +30 -11
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_velociraptor.py +4 -9
- dissect_target-3.22.dev48/tests/plugins/apps/edr/test_acquire.py +30 -0
- dissect_target-3.22.dev48/tests/plugins/apps/edr/test_velociraptor.py +48 -0
- dissect_target-3.22.dev48/tests/tools/__init__.py +0 -0
- dissect_target-3.22.dev48/tests/volumes/__init__.py +0 -0
- dissect_target-3.22.dev46/dissect/target/plugins/filesystem/acquire_handles.py +0 -55
- dissect_target-3.22.dev46/dissect/target/plugins/filesystem/acquire_hash.py +0 -52
- dissect_target-3.22.dev46/tests/plugins/filesystem/test_acquire_handles.py +0 -22
- dissect_target-3.22.dev46/tests/plugins/filesystem/test_acquire_hash.py +0 -15
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/.git-blame-ignore-revs +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/COPYRIGHT +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/LICENSE +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/MANIFEST.in +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/README.md +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/container.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/containers/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/containers/asdf.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/containers/ewf.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/containers/fortifw.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/containers/hdd.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/containers/hds.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/containers/qcow2.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/containers/raw.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/containers/split.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/containers/vdi.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/containers/vhd.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/containers/vhdx.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/containers/vmdk.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/data/autocompletion/target_bash_completion.sh +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/exceptions.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystem.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/ad1.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/btrfs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/cb.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/config.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/cpio.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/dir.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/exfat.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/extfs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/fat.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/ffs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/itunes.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/jffs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/nfs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/ntfs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/overlay.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/qnxfs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/smb.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/squashfs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/tar.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/vbk.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/vmfs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/vmtar.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/xfs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/filesystems/zip.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/cache.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/compat/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/compat/path_310.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/compat/path_311.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/compat/path_312.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/compat/path_313.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/compat/path_39.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/compat/path_common.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/config.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/configutil.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/cyber.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/data/windowsZones.xml +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/descriptor_extensions.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/docs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/fsutil.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/hashutil.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/keychain.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/lazy.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/loaderutil.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/localeutil.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/mount.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/mui.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/nfs/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/nfs/client/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/nfs/client/mount.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/nfs/client/nfs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/nfs/nfs3.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/nfs/serializer.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/polypath.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/protobuf.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/record.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/record_modifier.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/regex/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/regex/ipaddress.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/regutil.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/scrape.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/shell_application_ids.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/shell_folder_ids.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/sunrpc/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/sunrpc/client.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/sunrpc/serializer.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/sunrpc/sunrpc.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/helpers/utils.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loader.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/ab.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/asdf.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/cb.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/cellebrite.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/containerimage.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/cyber.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/dir.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/hyperv.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/itunes.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/kape.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/libvirt.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/local.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/log.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/mqtt.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/multiraw.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/ova.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/overlay.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/ovf.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/phobos.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/profile.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/proxmox.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/pvm.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/pvs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/raw.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/remote.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/res.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/smb.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/tanium.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/tar.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/target.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/utm.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/vb.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/vbk.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/vbox.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/vma.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/vmwarevm.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/vmx.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/xva.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugin.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/av/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/av/mcafee.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/av/sophos.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/av/symantec.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/av/trendmicro.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/browser/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/browser/brave.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/browser/browser.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/browser/chrome.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/browser/chromium.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/browser/edge.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/browser/firefox.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/browser/iexplore.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/chat/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/chat/chat.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/chat/msn.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/container/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/container/docker.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/database/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/editor/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/editor/editor.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/editor/windowsnotepad.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/apps/other → dissect_target-3.22.dev48/dissect/target/plugins/apps/edr}/__init__.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/apps/productivity → dissect_target-3.22.dev48/dissect/target/plugins/apps/other}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/other/env.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/apps/remoteaccess → dissect_target-3.22.dev48/dissect/target/plugins/apps/productivity}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/productivity/msoffice.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/productivity/sevenzip.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/productivity/winrar.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/apps/shell → dissect_target-3.22.dev48/dissect/target/plugins/apps/remoteaccess}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/remoteaccess/anydesk.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/remoteaccess/remoteaccess.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/remoteaccess/rustdesk.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/remoteaccess/teamviewer.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/apps/ssh → dissect_target-3.22.dev48/dissect/target/plugins/apps/shell}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/shell/powershell.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/shell/wget.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/apps/virtualization → dissect_target-3.22.dev48/dissect/target/plugins/apps/ssh}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/ssh/openssh.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/ssh/opensshd.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/ssh/putty.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/ssh/ssh.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/apps/vpn → dissect_target-3.22.dev48/dissect/target/plugins/apps/virtualization}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/virtualization/vmware_workstation.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/apps/webhosting → dissect_target-3.22.dev48/dissect/target/plugins/apps/vpn}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/vpn/openvpn.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/vpn/wireguard.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/apps/webserver → dissect_target-3.22.dev48/dissect/target/plugins/apps/webhosting}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/webhosting/cpanel.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/child → dissect_target-3.22.dev48/dissect/target/plugins/apps/webserver}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/webserver/apache.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/webserver/caddy.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/webserver/citrix.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/webserver/iis.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/webserver/nginx.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/apps/webserver/webserver.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/filesystem → dissect_target-3.22.dev48/dissect/target/plugins/child}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/child/docker.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/child/esxi.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/child/hyperv.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/child/parallels.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/child/proxmox.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/child/qemu.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/child/virtualbox.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/child/virtuozzo.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/child/vmware_workstation.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/child/wsl.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/filesystem/ntfs → dissect_target-3.22.dev48/dissect/target/plugins/filesystem}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/filesystem/icat.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/filesystem/unix → dissect_target-3.22.dev48/dissect/target/plugins/filesystem/ntfs}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/filesystem/ntfs/mft.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/filesystem/ntfs/mft_timeline.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/filesystem/ntfs/usnjrnl.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/filesystem/ntfs/utils.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/filesystem/resolver.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/general → dissect_target-3.22.dev48/dissect/target/plugins/filesystem/unix}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/filesystem/unix/capability.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/filesystem/unix/suid.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/filesystem/walkfs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/filesystem/yara.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os → dissect_target-3.22.dev48/dissect/target/plugins/general}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/general/config.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/general/example.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/general/loaders.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/general/osinfo.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/general/plugins.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/general/users.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/default → dissect_target-3.22.dev48/dissect/target/plugins/os}/__init__.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/unix → dissect_target-3.22.dev48/dissect/target/plugins/os/default}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/default/_os.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/default/datetime.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/default/locale.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/default/network.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/unix/bsd → dissect_target-3.22.dev48/dissect/target/plugins/os/unix}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/_os.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/applications.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/unix/bsd/citrix → dissect_target-3.22.dev48/dissect/target/plugins/os/unix/bsd}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/bsd/_os.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/unix/bsd/darwin → dissect_target-3.22.dev48/dissect/target/plugins/os/unix/bsd/citrix}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/bsd/citrix/_os.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/bsd/citrix/history.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/unix/bsd/darwin/ios → dissect_target-3.22.dev48/dissect/target/plugins/os/unix/bsd/darwin}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/bsd/darwin/_os.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/unix/bsd/darwin/macos → dissect_target-3.22.dev48/dissect/target/plugins/os/unix/bsd/darwin/ios}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/bsd/darwin/ios/_os.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/bsd/darwin/ios/applications.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/bsd/darwin/ios/generic.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/bsd/darwin/ios/locale.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/unix/bsd/freebsd → dissect_target-3.22.dev48/dissect/target/plugins/os/unix/bsd/darwin/macos}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/bsd/darwin/macos/_os.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/bsd/darwin/macos/network.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/bsd/darwin/macos/user.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/unix/bsd/openbsd → dissect_target-3.22.dev48/dissect/target/plugins/os/unix/bsd/freebsd}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/bsd/freebsd/_os.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/unix/esxi → dissect_target-3.22.dev48/dissect/target/plugins/os/unix/bsd/openbsd}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/bsd/openbsd/_os.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/cronjobs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/datetime.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/unix/etc → dissect_target-3.22.dev48/dissect/target/plugins/os/unix/esxi}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/esxi/_os.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/unix/linux → dissect_target-3.22.dev48/dissect/target/plugins/os/unix/etc}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/etc/etc.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/generic.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/history.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/unix/linux/android → dissect_target-3.22.dev48/dissect/target/plugins/os/unix/linux}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/_os.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/unix/linux/debian → dissect_target-3.22.dev48/dissect/target/plugins/os/unix/linux/android}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/android/_os.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/cmdline.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/unix/linux/debian/proxmox → dissect_target-3.22.dev48/dissect/target/plugins/os/unix/linux/debian}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/debian/_os.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/debian/apt.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/debian/dpkg.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/unix/linux/debian/vyos → dissect_target-3.22.dev48/dissect/target/plugins/os/unix/linux/debian/proxmox}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/debian/proxmox/_os.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/debian/proxmox/vm.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/debian/snap.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/unix/linux/fortios → dissect_target-3.22.dev48/dissect/target/plugins/os/unix/linux/debian/vyos}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/debian/vyos/_os.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/environ.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/unix/linux/redhat → dissect_target-3.22.dev48/dissect/target/plugins/os/unix/linux/fortios}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/fortios/_keys.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/fortios/_os.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/fortios/generic.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/fortios/locale.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/iptables.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/modules.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/netstat.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/network.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/network_managers.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/proc.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/processes.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/unix/linux/suse → dissect_target-3.22.dev48/dissect/target/plugins/os/unix/linux/redhat}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/redhat/_os.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/redhat/yum.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/services.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/sockets.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/unix/locate → dissect_target-3.22.dev48/dissect/target/plugins/os/unix/linux/suse}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/suse/_os.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/linux/suse/zypper.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/locale.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/unix/log → dissect_target-3.22.dev48/dissect/target/plugins/os/unix/locate}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/locate/gnulocate.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/locate/locate.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/locate/mlocate.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/locate/plocate.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/windows → dissect_target-3.22.dev48/dissect/target/plugins/os/unix/log}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/log/atop.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/log/audit.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/log/auth.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/log/helpers.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/log/journal.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/log/lastlog.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/log/messages.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/log/utmp.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/packagemanager.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/shadow.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/unix/trash.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/windows/credential → dissect_target-3.22.dev48/dissect/target/plugins/os/windows}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/_os.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/activitiescache.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/adpolicy.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/amcache.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/catroot.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/cim.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/clfs.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/windows/defender → dissect_target-3.22.dev48/dissect/target/plugins/os/windows/credential}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/credential/credhist.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/credential/lsa.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/credential/sam.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/datetime.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/windows/dpapi → dissect_target-3.22.dev48/dissect/target/plugins/os/windows/defender}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/defender/_plugin.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/defender/mplog.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/defender/quarantine.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/windows/dpapi/keyprovider → dissect_target-3.22.dev48/dissect/target/plugins/os/windows/dpapi}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/dpapi/blob.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/dpapi/crypto.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/dpapi/dpapi.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/windows/exchange → dissect_target-3.22.dev48/dissect/target/plugins/os/windows/dpapi/keyprovider}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/dpapi/keyprovider/credhist.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/dpapi/keyprovider/empty.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/dpapi/keyprovider/keychain.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/dpapi/keyprovider/keyprovider.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/dpapi/keyprovider/lsa.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/dpapi/master_key.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/env.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/windows/log → dissect_target-3.22.dev48/dissect/target/plugins/os/windows/exchange}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/exchange/exchange.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/generic.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/jumplist.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/lnk.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/locale.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/windows/regf → dissect_target-3.22.dev48/dissect/target/plugins/os/windows/log}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/log/amcache.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/log/etl.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/log/evt.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/log/evtx.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/log/mssql.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/log/pfro.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/log/schedlgu.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/network.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/notifications.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/prefetch.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/rdpcache.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/recyclebin.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/os/windows/tasks → dissect_target-3.22.dev48/dissect/target/plugins/os/windows/regf}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/regf/applications.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/regf/appxdebugkeys.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/regf/auditpol.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/regf/bam.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/regf/cam.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/regf/cit.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/regf/clsid.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/regf/firewall.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/regf/mru.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/regf/muicache.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/regf/nethist.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/regf/recentfilecache.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/regf/regf.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/regf/runkeys.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/regf/shellbags.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/regf/shimcache.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/regf/trusteddocs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/regf/usb.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/regf/userassist.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/registry.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/services.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/sru.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/startupinfo.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/syscache.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/plugins/scrape → dissect_target-3.22.dev48/dissect/target/plugins/os/windows/tasks}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/tasks/_plugin.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/tasks/job.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/tasks/records.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/tasks/xml.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/thumbcache.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/ual.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/wer.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/os/windows/wua_history.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/tools → dissect_target-3.22.dev48/dissect/target/plugins/scrape}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/scrape/qfind.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/plugins/scrape/scrape.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/target.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/tools/dump → dissect_target-3.22.dev48/dissect/target/tools}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/tools/build_pluginlist.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/tools/dd.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/tools/diff.py +0 -0
- {dissect_target-3.22.dev46/dissect/target/volumes → dissect_target-3.22.dev48/dissect/target/tools/dump}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/tools/dump/run.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/tools/dump/state.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/tools/dump/utils.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/tools/fs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/tools/fsutils.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/tools/info.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/tools/logging.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/tools/mount.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/tools/qfind.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/tools/query.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/tools/reg.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/tools/report.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/tools/shell.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/tools/utils.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/tools/yara.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/volume.py +0 -0
- {dissect_target-3.22.dev46/tests → dissect_target-3.22.dev48/dissect/target/volumes}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/volumes/bde.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/volumes/ddf.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/volumes/disk.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/volumes/luks.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/volumes/lvm.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/volumes/md.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/volumes/vmfs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect.target.egg-info/dependency_links.txt +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect.target.egg-info/entry_points.txt +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect.target.egg-info/requires.txt +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect.target.egg-info/top_level.txt +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/pyproject.toml +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/setup.cfg +0 -0
- {dissect_target-3.22.dev46/tests/containers → dissect_target-3.22.dev48/tests}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/_docs/Makefile +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/_docs/conf.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/_docs/index.rst +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/_utils.py +0 -0
- {dissect_target-3.22.dev46/tests/filesystems → dissect_target-3.22.dev48/tests/containers}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/containers/test_fortifw.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/containers/test_split.py +0 -0
- {dissect_target-3.22.dev46/tests/helpers → dissect_target-3.22.dev48/tests/filesystems}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/filesystems/test_btrfs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/filesystems/test_cb.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/filesystems/test_config.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/filesystems/test_cpio.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/filesystems/test_dir.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/filesystems/test_exfat.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/filesystems/test_extfs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/filesystems/test_fat.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/filesystems/test_ffs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/filesystems/test_jffs2.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/filesystems/test_nfs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/filesystems/test_ntfs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/filesystems/test_overlay.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/filesystems/test_qnxfs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/filesystems/test_smb.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/filesystems/test_tar.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/filesystems/test_vmtar.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/filesystems/test_xfs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/filesystems/test_zip.py +0 -0
- {dissect_target-3.22.dev46/tests/helpers/sunrpc → dissect_target-3.22.dev48/tests/helpers}/__init__.py +0 -0
- {dissect_target-3.22.dev46/tests/loaders → dissect_target-3.22.dev48/tests/helpers/sunrpc}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/helpers/sunrpc/test_client.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/helpers/test_cache.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/helpers/test_config.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/helpers/test_configutil.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/helpers/test_docs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/helpers/test_fsutil.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/helpers/test_hashutil.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/helpers/test_keychain.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/helpers/test_loaderutil.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/helpers/test_localeutil.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/helpers/test_modifier.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/helpers/test_protobuf.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/helpers/test_record.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/helpers/test_regex.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/helpers/test_regutil.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/helpers/test_scrape.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/helpers/test_utils.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins → dissect_target-3.22.dev48/tests/loaders}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_ab.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_asdf.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_cb.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_cellebrite.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_containerimage.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_dir.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_hyperv.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_itunes.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_kape.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_libvirt.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_local.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_log.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_mqtt.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_multiraw.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_ova.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_overlay.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_ovf.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_phobos.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_pvm.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_pvs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_remote.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_smb.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_tanium.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_tar.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_utm.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_vbk.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_vbox.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_vmwarevm.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/loaders/test_vmx.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/apps → dissect_target-3.22.dev48/tests/plugins}/__init__.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/apps/av → dissect_target-3.22.dev48/tests/plugins/apps}/__init__.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/apps/browser → dissect_target-3.22.dev48/tests/plugins/apps/av}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/av/test_mcafee.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/av/test_sophos.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/av/test_symantec.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/av/test_trendmicro.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/apps/chat → dissect_target-3.22.dev48/tests/plugins/apps/browser}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/browser/test_brave.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/browser/test_chrome.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/browser/test_chromium.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/browser/test_edge.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/browser/test_firefox.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/browser/test_iexplore.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/apps/container → dissect_target-3.22.dev48/tests/plugins/apps/chat}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/chat/test_msn.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/apps/editor → dissect_target-3.22.dev48/tests/plugins/apps/container}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/container/test_docker.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/apps/other → dissect_target-3.22.dev48/tests/plugins/apps/editor}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/editor/test_windowsnotepad.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/apps/productivity → dissect_target-3.22.dev48/tests/plugins/apps/edr}/__init__.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/apps/remoteaccess → dissect_target-3.22.dev48/tests/plugins/apps/other}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/other/test_envfile.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/apps/shell → dissect_target-3.22.dev48/tests/plugins/apps/productivity}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/productivity/test_msoffice.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/productivity/test_sevenzip.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/productivity/test_winrar.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/apps/ssh → dissect_target-3.22.dev48/tests/plugins/apps/remoteaccess}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/remoteaccess/test_anydesk.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/remoteaccess/test_rustdesk.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/remoteaccess/test_teamviewer.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/apps/virtualization → dissect_target-3.22.dev48/tests/plugins/apps/shell}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/shell/test_powershell.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/shell/test_wget.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/apps/vpn → dissect_target-3.22.dev48/tests/plugins/apps/ssh}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/ssh/test_openssh.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/ssh/test_opensshd.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/ssh/test_putty.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/apps/webhosting → dissect_target-3.22.dev48/tests/plugins/apps/virtualization}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/virtualization/test_vmware_workstation.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/apps/webserver → dissect_target-3.22.dev48/tests/plugins/apps/vpn}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/vpn/test_openvpn.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/vpn/test_wireguard.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/child → dissect_target-3.22.dev48/tests/plugins/apps/webhosting}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/webhosting/test_cpanel.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/filesystem → dissect_target-3.22.dev48/tests/plugins/apps/webserver}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/webserver/test_apache.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/webserver/test_caddy.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/webserver/test_citrix.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/webserver/test_iis.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/webserver/test_nginx.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/apps/webserver/test_webserver.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/filesystem/ntfs → dissect_target-3.22.dev48/tests/plugins/child}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/child/test_docker.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/child/test_hyperv.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/child/test_parallels.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/child/test_qemu.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/child/test_virtualbox.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/child/test_virtuozzo.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/child/test_vmware_workstation.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/child/test_wsl.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/filesystem/unix → dissect_target-3.22.dev48/tests/plugins/filesystem}/__init__.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/general → dissect_target-3.22.dev48/tests/plugins/filesystem/ntfs}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/filesystem/ntfs/test_mft.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/filesystem/ntfs/test_usnjrnl.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/filesystem/test_icat.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/filesystem/test_resolver.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/filesystem/test_walkfs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/filesystem/test_yara.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os → dissect_target-3.22.dev48/tests/plugins/filesystem/unix}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/filesystem/unix/test_capability.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/filesystem/unix/test_suid.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/unix → dissect_target-3.22.dev48/tests/plugins/general}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/general/test_config.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/general/test_default.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/general/test_network.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/general/test_plugins.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/general/test_users.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/unix/bsd → dissect_target-3.22.dev48/tests/plugins/os}/__init__.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/unix/bsd/citrix → dissect_target-3.22.dev48/tests/plugins/os/unix}/__init__.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/unix/bsd/darwin → dissect_target-3.22.dev48/tests/plugins/os/unix/bsd}/__init__.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/unix/bsd/darwin/ios → dissect_target-3.22.dev48/tests/plugins/os/unix/bsd/citrix}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/bsd/citrix/test__os.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/bsd/citrix/test_history.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/unix/bsd/darwin/macos → dissect_target-3.22.dev48/tests/plugins/os/unix/bsd/darwin}/__init__.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/unix/bsd/freebsd → dissect_target-3.22.dev48/tests/plugins/os/unix/bsd/darwin/ios}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/bsd/darwin/ios/test__os.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/unix/bsd/openbsd → dissect_target-3.22.dev48/tests/plugins/os/unix/bsd/darwin/macos}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/bsd/darwin/macos/test__os.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/bsd/darwin/macos/test_network.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/bsd/darwin/macos/test_user.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/unix/bsd/osx → dissect_target-3.22.dev48/tests/plugins/os/unix/bsd/freebsd}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/bsd/freebsd/test__os.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/unix/esxi → dissect_target-3.22.dev48/tests/plugins/os/unix/bsd/openbsd}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/bsd/openbsd/test__os.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/unix/linux → dissect_target-3.22.dev48/tests/plugins/os/unix/bsd/osx}/__init__.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/unix/linux/android → dissect_target-3.22.dev48/tests/plugins/os/unix/esxi}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/esxi/test__os.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/unix/linux/debian → dissect_target-3.22.dev48/tests/plugins/os/unix/linux}/__init__.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/unix/linux/debian/proxmox → dissect_target-3.22.dev48/tests/plugins/os/unix/linux/android}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/linux/android/test__os.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/unix/linux/fortios → dissect_target-3.22.dev48/tests/plugins/os/unix/linux/debian}/__init__.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/unix/linux/redhat → dissect_target-3.22.dev48/tests/plugins/os/unix/linux/debian/proxmox}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/linux/debian/proxmox/test__os.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/linux/debian/test_apt.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/linux/debian/test_dpkg.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/linux/debian/test_snap.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/unix/linux/suse → dissect_target-3.22.dev48/tests/plugins/os/unix/linux/fortios}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/linux/fortios/test__os.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/linux/fortios/test_keys.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/unix/locate → dissect_target-3.22.dev48/tests/plugins/os/unix/linux/redhat}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/linux/redhat/test__os.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/linux/redhat/test_yum.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/unix/log → dissect_target-3.22.dev48/tests/plugins/os/unix/linux/suse}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/linux/suse/test_zypper.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/linux/test__os.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/linux/test_cmdline.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/linux/test_environ.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/linux/test_iptables.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/linux/test_modules.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/linux/test_netstat.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/linux/test_network.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/linux/test_proc.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/linux/test_processes.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/linux/test_services.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/linux/test_sockets.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/windows → dissect_target-3.22.dev48/tests/plugins/os/unix/locate}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/locate/test_gnulocate.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/locate/test_mlocate.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/locate/test_plocate.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/windows/credential → dissect_target-3.22.dev48/tests/plugins/os/unix/log}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/log/test_atop.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/log/test_audit.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/log/test_auth.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/log/test_helpers.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/log/test_journal.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/log/test_lastlog.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/log/test_messages.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/log/test_utmp.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/test__os.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/test_applications.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/test_cronjobs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/test_generic.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/test_history.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/test_ips.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/test_locale.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/test_packagemanager.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/test_shadow.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/test_trash.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/test_users.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/unix/test_version.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/windows/log → dissect_target-3.22.dev48/tests/plugins/os/windows}/__init__.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/os/windows/regf → dissect_target-3.22.dev48/tests/plugins/os/windows/credential}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/credential/test_credhist.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/credential/test_lsa.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/credential/test_sam.py +0 -0
- {dissect_target-3.22.dev46/tests/plugins/scrape → dissect_target-3.22.dev48/tests/plugins/os/windows/log}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/log/test_amcache.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/log/test_etl.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/log/test_evt.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/log/test_evtx.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/log/test_mssql.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/log/test_schedlgu.py +0 -0
- {dissect_target-3.22.dev46/tests/tools → dissect_target-3.22.dev48/tests/plugins/os/windows/regf}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/regf/test_applications.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/regf/test_appxdebugkeys.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/regf/test_cam.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/regf/test_cit.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/regf/test_clsid.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/regf/test_muicache.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/regf/test_shellbags.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/regf/test_trusteddocs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/regf/test_usb.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/regf/test_userassist.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test__os.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_adpolicy.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_catroot.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_clfs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_datetime.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_defender.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_dpapi.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_env.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_generic.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_jumplist.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_lnk.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_locale.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_mru.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_network.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_notifications.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_prefetch.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_rdpcache.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_recyclebin.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_registry.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_shimcache.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_sru.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_syscache.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_tasks.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_thumbcache.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_ual.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_wer.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/os/windows/test_wua_history.py +0 -0
- {dissect_target-3.22.dev46/tests/volumes → dissect_target-3.22.dev48/tests/plugins/scrape}/__init__.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/scrape/test_qfind.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/plugins/scrape/test_scrape.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/test_container.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/test_exceptions.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/test_filesystem.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/test_loader.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/test_plugin.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/test_target.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/test_tests.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/test_volume.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/tools/conftest.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/tools/test_build_pluginlist.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/tools/test_diff.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/tools/test_dump.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/tools/test_fs.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/tools/test_fsutils.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/tools/test_info.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/tools/test_mount.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/tools/test_qfind.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/tools/test_query.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/tools/test_reg.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/tools/test_report.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/tools/test_shell.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/tools/test_utils.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/tools/test_yara.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/volumes/test_bde.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tests/volumes/test_md.py +0 -0
- {dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/tox.ini +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: dissect.target
|
|
3
|
-
Version: 3.22.
|
|
3
|
+
Version: 3.22.dev48
|
|
4
4
|
Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
|
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
|
6
6
|
License: Affero General Public License v3
|
{dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/loaders/velociraptor.py
RENAMED
|
@@ -5,11 +5,13 @@ import zipfile
|
|
|
5
5
|
from typing import TYPE_CHECKING
|
|
6
6
|
from urllib.parse import quote, unquote
|
|
7
7
|
|
|
8
|
+
from dissect.target.filesystem import VirtualFilesystem
|
|
8
9
|
from dissect.target.filesystems.dir import DirectoryFilesystem
|
|
9
10
|
from dissect.target.filesystems.zip import ZipFilesystem
|
|
10
11
|
from dissect.target.helpers.fsutil import basename, dirname, join
|
|
11
12
|
from dissect.target.loaders.dir import DirLoader, find_dirs, map_dirs
|
|
12
13
|
from dissect.target.plugin import OperatingSystem
|
|
14
|
+
from dissect.target.plugins.apps.edr.velociraptor import VELOCIRAPTOR_RESULTS
|
|
13
15
|
|
|
14
16
|
if TYPE_CHECKING:
|
|
15
17
|
from pathlib import Path
|
|
@@ -31,7 +33,11 @@ def find_fs_directories(path: Path) -> tuple[OperatingSystem | None, list[Path]
|
|
|
31
33
|
accessor_root = fs_root.joinpath(accessor)
|
|
32
34
|
if accessor_root.exists():
|
|
33
35
|
os_type, dirs = find_dirs(accessor_root)
|
|
34
|
-
if os_type in [
|
|
36
|
+
if os_type in [
|
|
37
|
+
OperatingSystem.UNIX,
|
|
38
|
+
OperatingSystem.LINUX,
|
|
39
|
+
OperatingSystem.OSX,
|
|
40
|
+
]:
|
|
35
41
|
return os_type, [dirs[0]]
|
|
36
42
|
|
|
37
43
|
# Windows
|
|
@@ -69,7 +75,6 @@ def extract_drive_letter(name: str) -> str | None:
|
|
|
69
75
|
# X: in URL encoding
|
|
70
76
|
if len(name) == 4 and name.endswith("%3A"):
|
|
71
77
|
return name[0].lower()
|
|
72
|
-
|
|
73
78
|
return None
|
|
74
79
|
|
|
75
80
|
|
|
@@ -137,6 +142,21 @@ class VelociraptorLoader(DirLoader):
|
|
|
137
142
|
zipfs=VelociraptorZipFilesystem,
|
|
138
143
|
)
|
|
139
144
|
|
|
145
|
+
if (results := self.root.joinpath("results")).is_dir():
|
|
146
|
+
# Map artifact results collected by Velociraptor
|
|
147
|
+
vfs = VirtualFilesystem()
|
|
148
|
+
|
|
149
|
+
for artifact in results.iterdir():
|
|
150
|
+
if not artifact.name.endswith(".json"):
|
|
151
|
+
continue
|
|
152
|
+
|
|
153
|
+
vfs.map_file_fh(artifact.name, artifact.open("rb"))
|
|
154
|
+
|
|
155
|
+
if (uploads := self.root.joinpath("uploads.json")).exists():
|
|
156
|
+
vfs.map_file_fh(uploads.name, uploads.open("rb"))
|
|
157
|
+
|
|
158
|
+
target.fs.mount(VELOCIRAPTOR_RESULTS, vfs)
|
|
159
|
+
|
|
140
160
|
|
|
141
161
|
class VelociraptorDirectoryFilesystem(DirectoryFilesystem):
|
|
142
162
|
def _resolve_path(self, path: str) -> Path:
|
|
@@ -0,0 +1,85 @@
|
|
|
1
|
+
from __future__ import annotations
|
|
2
|
+
|
|
3
|
+
import csv
|
|
4
|
+
import gzip
|
|
5
|
+
from typing import TYPE_CHECKING
|
|
6
|
+
|
|
7
|
+
from dissect.target.exceptions import UnsupportedPluginError
|
|
8
|
+
from dissect.target.helpers.record import TargetRecordDescriptor
|
|
9
|
+
from dissect.target.plugin import Plugin, export
|
|
10
|
+
|
|
11
|
+
if TYPE_CHECKING:
|
|
12
|
+
from collections.abc import Iterator
|
|
13
|
+
|
|
14
|
+
from dissect.target.target import Target
|
|
15
|
+
|
|
16
|
+
AcquireOpenHandlesRecord = TargetRecordDescriptor(
|
|
17
|
+
"filesystem/acquire_open_handles",
|
|
18
|
+
[
|
|
19
|
+
("path", "name"),
|
|
20
|
+
("string", "handle_type"),
|
|
21
|
+
("string", "object"),
|
|
22
|
+
("varint", "unique_process_id"),
|
|
23
|
+
("varint", "handle_value"),
|
|
24
|
+
("varint", "granted_access"),
|
|
25
|
+
("varint", "creator_back_trace_index"),
|
|
26
|
+
("varint", "object_type_index"),
|
|
27
|
+
("varint", "handle_attributes"),
|
|
28
|
+
("varint", "reserved"),
|
|
29
|
+
],
|
|
30
|
+
)
|
|
31
|
+
|
|
32
|
+
AcquireHashRecord = TargetRecordDescriptor(
|
|
33
|
+
"filesystem/acquire_hash",
|
|
34
|
+
[
|
|
35
|
+
("path", "path"),
|
|
36
|
+
("filesize", "filesize"),
|
|
37
|
+
("digest", "digest"),
|
|
38
|
+
],
|
|
39
|
+
)
|
|
40
|
+
|
|
41
|
+
|
|
42
|
+
class AcquirePlugin(Plugin):
|
|
43
|
+
"""Returns records from data collected by Acquire."""
|
|
44
|
+
|
|
45
|
+
__namespace__ = "acquire"
|
|
46
|
+
|
|
47
|
+
def __init__(self, target: Target):
|
|
48
|
+
super().__init__(target)
|
|
49
|
+
self.hash_file = target.fs.path("$metadata$/file-hashes.csv.gz")
|
|
50
|
+
self.open_handles_file = target.fs.path("$metadata$/open_handles.csv.gz")
|
|
51
|
+
|
|
52
|
+
def check_compatible(self) -> None:
|
|
53
|
+
if not self.hash_file.exists() and not self.open_handles_file.exists():
|
|
54
|
+
raise UnsupportedPluginError("No hash file or open handles found")
|
|
55
|
+
|
|
56
|
+
@export(record=AcquireHashRecord)
|
|
57
|
+
def hashes(self) -> Iterator[AcquireHashRecord]:
|
|
58
|
+
"""Return file hashes collected by Acquire.
|
|
59
|
+
|
|
60
|
+
An Acquire file container contains a file hashes csv when the hashes module was used. The content of this csv
|
|
61
|
+
file is returned.
|
|
62
|
+
"""
|
|
63
|
+
if self.hash_file.exists():
|
|
64
|
+
with self.hash_file.open() as fh, gzip.open(fh, "rt") as gz_fh:
|
|
65
|
+
for row in csv.DictReader(gz_fh):
|
|
66
|
+
yield AcquireHashRecord(
|
|
67
|
+
path=self.target.fs.path(row["path"]),
|
|
68
|
+
filesize=row["file-size"],
|
|
69
|
+
digest=(row["md5"] or None, row["sha1"] or None, row["sha256"] or None),
|
|
70
|
+
_target=self.target,
|
|
71
|
+
)
|
|
72
|
+
|
|
73
|
+
@export(record=AcquireOpenHandlesRecord)
|
|
74
|
+
def handles(self) -> Iterator[AcquireOpenHandlesRecord]:
|
|
75
|
+
"""Return open handles collected by Acquire.
|
|
76
|
+
|
|
77
|
+
An Acquire file container contains an open handles csv when the handles module was used. The content of this csv
|
|
78
|
+
file is returned.
|
|
79
|
+
"""
|
|
80
|
+
if self.open_handles_file.exists():
|
|
81
|
+
with self.open_handles_file.open() as fh, gzip.open(fh, "rt") as gz_fh:
|
|
82
|
+
for row in csv.DictReader(gz_fh):
|
|
83
|
+
if name := row.get("name"):
|
|
84
|
+
row.update({"name": self.target.fs.path(name)})
|
|
85
|
+
yield AcquireOpenHandlesRecord(**row, _target=self.target)
|
|
@@ -0,0 +1,111 @@
|
|
|
1
|
+
from __future__ import annotations
|
|
2
|
+
|
|
3
|
+
import json
|
|
4
|
+
import re
|
|
5
|
+
import urllib.parse
|
|
6
|
+
from functools import lru_cache
|
|
7
|
+
from typing import TYPE_CHECKING
|
|
8
|
+
|
|
9
|
+
from dissect.target.exceptions import UnsupportedPluginError
|
|
10
|
+
from dissect.target.helpers.record import DynamicDescriptor, TargetRecordDescriptor
|
|
11
|
+
from dissect.target.plugin import Plugin, export
|
|
12
|
+
|
|
13
|
+
if TYPE_CHECKING:
|
|
14
|
+
from collections.abc import Iterator
|
|
15
|
+
|
|
16
|
+
from flow.record import Record
|
|
17
|
+
|
|
18
|
+
from dissect.target.target import Target
|
|
19
|
+
|
|
20
|
+
VELOCIRAPTOR_RESULTS = "/$velociraptor_results$"
|
|
21
|
+
ISO_8601_PATTERN = r"\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d+)?(Z|[+-]\d{2}:\d{2})?"
|
|
22
|
+
|
|
23
|
+
|
|
24
|
+
class VelociraptorRecordBuilder:
|
|
25
|
+
def __init__(self, artifact_name: str):
|
|
26
|
+
self._create_event_descriptor = lru_cache(4096)(self._create_event_descriptor)
|
|
27
|
+
self.record_name = f"velociraptor/{artifact_name}"
|
|
28
|
+
|
|
29
|
+
def build(self, object: dict, target: Target) -> TargetRecordDescriptor:
|
|
30
|
+
"""Builds a Velociraptor record."""
|
|
31
|
+
record_values = {}
|
|
32
|
+
record_fields = []
|
|
33
|
+
|
|
34
|
+
record_values["_target"] = target
|
|
35
|
+
|
|
36
|
+
for key, value in object.items():
|
|
37
|
+
# Reserved by flow.record
|
|
38
|
+
if key.startswith("_"):
|
|
39
|
+
continue
|
|
40
|
+
|
|
41
|
+
key = key.lower().replace("(", "_").replace(")", "_")
|
|
42
|
+
|
|
43
|
+
if re.match(ISO_8601_PATTERN, str(value)):
|
|
44
|
+
record_type = "datetime"
|
|
45
|
+
elif isinstance(value, list):
|
|
46
|
+
record_type = "string[]"
|
|
47
|
+
elif isinstance(value, int):
|
|
48
|
+
record_type = "varint"
|
|
49
|
+
elif key == "hash":
|
|
50
|
+
record_type = "digest"
|
|
51
|
+
value = (value.get("MD5"), value.get("SHA1"), value.get("SHA256"))
|
|
52
|
+
elif isinstance(value, str):
|
|
53
|
+
record_type = "string"
|
|
54
|
+
elif isinstance(value, dict):
|
|
55
|
+
record_type = "record"
|
|
56
|
+
value = self.build(value, target)
|
|
57
|
+
else:
|
|
58
|
+
record_type = "dynamic"
|
|
59
|
+
|
|
60
|
+
record_fields.append((record_type, key))
|
|
61
|
+
record_values[key] = value
|
|
62
|
+
|
|
63
|
+
# tuple conversion here is needed for lru_cache
|
|
64
|
+
desc = self._create_event_descriptor(tuple(record_fields))
|
|
65
|
+
return desc(**record_values)
|
|
66
|
+
|
|
67
|
+
def _create_event_descriptor(self, record_fields: list[tuple[str, str]]) -> TargetRecordDescriptor:
|
|
68
|
+
return TargetRecordDescriptor(self.record_name, record_fields)
|
|
69
|
+
|
|
70
|
+
|
|
71
|
+
class VelociraptorPlugin(Plugin):
|
|
72
|
+
"""Returns records from Velociraptor artifacts."""
|
|
73
|
+
|
|
74
|
+
__namespace__ = "velociraptor"
|
|
75
|
+
|
|
76
|
+
def __init__(self, target: Target):
|
|
77
|
+
super().__init__(target)
|
|
78
|
+
self.results_dir = target.fs.path(VELOCIRAPTOR_RESULTS)
|
|
79
|
+
|
|
80
|
+
def check_compatible(self) -> None:
|
|
81
|
+
if not self.results_dir.exists():
|
|
82
|
+
raise UnsupportedPluginError("No Velociraptor artifacts found")
|
|
83
|
+
|
|
84
|
+
@export(record=DynamicDescriptor(["datetime"]))
|
|
85
|
+
def results(self) -> Iterator[Record]:
|
|
86
|
+
"""Return Rapid7 Velociraptor artifacts.
|
|
87
|
+
|
|
88
|
+
References:
|
|
89
|
+
- https://docs.velociraptor.app/docs/vql/artifacts/
|
|
90
|
+
"""
|
|
91
|
+
for artifact in self.results_dir.glob("*.json"):
|
|
92
|
+
# "Windows.KapeFiles.Targets%2FAll\ File\ Metadata.json" becomes "windows_kapefiles_targets"
|
|
93
|
+
artifact_name = (
|
|
94
|
+
urllib.parse.unquote(artifact.name.removesuffix(".json")).split("/")[0].lower().replace(".", "_")
|
|
95
|
+
)
|
|
96
|
+
record_builder = VelociraptorRecordBuilder(artifact_name)
|
|
97
|
+
|
|
98
|
+
for line in artifact.open("rt"):
|
|
99
|
+
if not (line := line.strip()):
|
|
100
|
+
continue
|
|
101
|
+
|
|
102
|
+
try:
|
|
103
|
+
object = json.loads(line)
|
|
104
|
+
yield record_builder.build(object, self.target)
|
|
105
|
+
except json.decoder.JSONDecodeError:
|
|
106
|
+
self.target.log.warning(
|
|
107
|
+
"Could not decode Velociraptor JSON log line in file %s: %s",
|
|
108
|
+
artifact,
|
|
109
|
+
line,
|
|
110
|
+
)
|
|
111
|
+
continue
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: dissect.target
|
|
3
|
-
Version: 3.22.
|
|
3
|
+
Version: 3.22.dev48
|
|
4
4
|
Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
|
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
|
6
6
|
License: Affero General Public License v3
|
|
@@ -166,6 +166,9 @@ dissect/target/plugins/apps/database/__init__.py
|
|
|
166
166
|
dissect/target/plugins/apps/editor/__init__.py
|
|
167
167
|
dissect/target/plugins/apps/editor/editor.py
|
|
168
168
|
dissect/target/plugins/apps/editor/windowsnotepad.py
|
|
169
|
+
dissect/target/plugins/apps/edr/__init__.py
|
|
170
|
+
dissect/target/plugins/apps/edr/acquire.py
|
|
171
|
+
dissect/target/plugins/apps/edr/velociraptor.py
|
|
169
172
|
dissect/target/plugins/apps/other/__init__.py
|
|
170
173
|
dissect/target/plugins/apps/other/env.py
|
|
171
174
|
dissect/target/plugins/apps/productivity/__init__.py
|
|
@@ -211,8 +214,6 @@ dissect/target/plugins/child/virtuozzo.py
|
|
|
211
214
|
dissect/target/plugins/child/vmware_workstation.py
|
|
212
215
|
dissect/target/plugins/child/wsl.py
|
|
213
216
|
dissect/target/plugins/filesystem/__init__.py
|
|
214
|
-
dissect/target/plugins/filesystem/acquire_handles.py
|
|
215
|
-
dissect/target/plugins/filesystem/acquire_hash.py
|
|
216
217
|
dissect/target/plugins/filesystem/icat.py
|
|
217
218
|
dissect/target/plugins/filesystem/resolver.py
|
|
218
219
|
dissect/target/plugins/filesystem/walkfs.py
|
|
@@ -543,6 +544,9 @@ tests/plugins/apps/container/__init__.py
|
|
|
543
544
|
tests/plugins/apps/container/test_docker.py
|
|
544
545
|
tests/plugins/apps/editor/__init__.py
|
|
545
546
|
tests/plugins/apps/editor/test_windowsnotepad.py
|
|
547
|
+
tests/plugins/apps/edr/__init__.py
|
|
548
|
+
tests/plugins/apps/edr/test_acquire.py
|
|
549
|
+
tests/plugins/apps/edr/test_velociraptor.py
|
|
546
550
|
tests/plugins/apps/other/__init__.py
|
|
547
551
|
tests/plugins/apps/other/test_envfile.py
|
|
548
552
|
tests/plugins/apps/productivity/__init__.py
|
|
@@ -584,8 +588,6 @@ tests/plugins/child/test_virtuozzo.py
|
|
|
584
588
|
tests/plugins/child/test_vmware_workstation.py
|
|
585
589
|
tests/plugins/child/test_wsl.py
|
|
586
590
|
tests/plugins/filesystem/__init__.py
|
|
587
|
-
tests/plugins/filesystem/test_acquire_handles.py
|
|
588
|
-
tests/plugins/filesystem/test_acquire_hash.py
|
|
589
591
|
tests/plugins/filesystem/test_icat.py
|
|
590
592
|
tests/plugins/filesystem/test_resolver.py
|
|
591
593
|
tests/plugins/filesystem/test_walkfs.py
|
|
@@ -34,17 +34,36 @@ if TYPE_CHECKING:
|
|
|
34
34
|
|
|
35
35
|
from dissect.target.plugin import OSPlugin
|
|
36
36
|
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
37
|
+
|
|
38
|
+
def pytest_sessionstart(session: pytest.Session) -> None:
|
|
39
|
+
# Test if the _data/ directory is present and if not, as is the case in Python
|
|
40
|
+
# source distributions of dissect.target, we give an error
|
|
41
|
+
data_dir = absolute_path("_data")
|
|
42
|
+
if not data_dir.is_dir():
|
|
43
|
+
session.shouldfail = (
|
|
44
|
+
"! !\n"
|
|
45
|
+
f"No test data directory {data_dir} found.\n"
|
|
46
|
+
"This can happen when you have downloaded the source distribution\n"
|
|
47
|
+
"of dissect.target from pypi.org. If so, retrieve the test data from\n"
|
|
48
|
+
"the dissect.target GitHub repository at:\n"
|
|
49
|
+
"https://github.com/fox-it/dissect.target"
|
|
50
|
+
"\n! !"
|
|
51
|
+
)
|
|
52
|
+
else:
|
|
53
|
+
# Test if the test data looks like LFS references and if so, we give an error
|
|
54
|
+
# This can happen when git-lfs is not installed or not configured correctly
|
|
55
|
+
for file in (path for path in data_dir.rglob("*") if path.is_file()):
|
|
56
|
+
with file.open("rb") as fh:
|
|
57
|
+
if fh.read(42) == b"version https://git-lfs.github.com/spec/v1":
|
|
58
|
+
session.shouldfail = (
|
|
59
|
+
"! !\n"
|
|
60
|
+
"Test data files look like git-lfs references.\n"
|
|
61
|
+
"This can happen when git-lfs is not installed or not configured correctly.\n"
|
|
62
|
+
"Install git-lfs and run: \n"
|
|
63
|
+
"git lfs install && git lfs pull"
|
|
64
|
+
"\n! !"
|
|
65
|
+
)
|
|
66
|
+
break
|
|
48
67
|
|
|
49
68
|
|
|
50
69
|
@pytest.fixture(autouse=True)
|
|
@@ -24,6 +24,7 @@ def create_root(sub_dir: str, tmp_path: Path) -> Path:
|
|
|
24
24
|
f"uploads/{sub_dir}/%5C%5C%3F%5CGLOBALROOT%5CDevice%5CHarddiskVolumeShadowCopy1/$Extend",
|
|
25
25
|
f"uploads/{sub_dir}/%5C%5C%3F%5CGLOBALROOT%5CDevice%5CHarddiskVolumeShadowCopy1/windows/system32",
|
|
26
26
|
f"uploads/{sub_dir}/%5C%5C.%5CC%3A/%2ETEST",
|
|
27
|
+
"results",
|
|
27
28
|
]
|
|
28
29
|
root = tmp_path
|
|
29
30
|
mkdirs(root, paths)
|
|
@@ -52,16 +53,10 @@ def create_root(sub_dir: str, tmp_path: Path) -> Path:
|
|
|
52
53
|
|
|
53
54
|
|
|
54
55
|
@pytest.mark.parametrize(
|
|
55
|
-
|
|
56
|
-
[
|
|
57
|
-
("mft", "auto"),
|
|
58
|
-
("ntfs", "auto"),
|
|
59
|
-
("ntfs_vss", "auto"),
|
|
60
|
-
("lazy_ntfs", "auto"),
|
|
61
|
-
("auto", "ntfs"),
|
|
62
|
-
],
|
|
56
|
+
"sub_dir",
|
|
57
|
+
["mft", "ntfs", "ntfs_vss", "lazy_ntfs", "auto"],
|
|
63
58
|
)
|
|
64
|
-
def test_windows_ntfs(sub_dir: str,
|
|
59
|
+
def test_windows_ntfs(sub_dir: str, target_bare: Target, tmp_path: Path) -> None:
|
|
65
60
|
root = create_root(sub_dir, tmp_path)
|
|
66
61
|
|
|
67
62
|
assert VelociraptorLoader.detect(root) is True
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
from __future__ import annotations
|
|
2
|
+
|
|
3
|
+
from dissect.target.plugins.apps.edr.acquire import AcquirePlugin
|
|
4
|
+
from dissect.target.target import Target
|
|
5
|
+
from tests._utils import absolute_path
|
|
6
|
+
|
|
7
|
+
|
|
8
|
+
def test_acquire_handles_plugin() -> None:
|
|
9
|
+
file_hashes_target = Target().open(absolute_path("_data/plugins/apps/edr/acquire/handles/test-acquire-handles.tar"))
|
|
10
|
+
file_hashes_target.add_plugin(AcquirePlugin)
|
|
11
|
+
|
|
12
|
+
results = list(file_hashes_target.acquire.handles())
|
|
13
|
+
first_result = results[0]
|
|
14
|
+
|
|
15
|
+
assert first_result.name == r"\Windows\Fonts"
|
|
16
|
+
assert first_result.handle_type == "EtwRegistration"
|
|
17
|
+
assert first_result.unique_process_id == 1
|
|
18
|
+
assert first_result.object == "0xfffftest"
|
|
19
|
+
assert results[-1].unique_process_id == 124
|
|
20
|
+
assert len(results) == 124
|
|
21
|
+
|
|
22
|
+
|
|
23
|
+
def test_acquire_hash_plugin() -> None:
|
|
24
|
+
file_hashes_target = Target().open(absolute_path("_data/plugins/apps/edr/acquire/hash/test-acquire-hash.tar"))
|
|
25
|
+
file_hashes_target.add_plugin(AcquirePlugin)
|
|
26
|
+
|
|
27
|
+
results = list(file_hashes_target.acquire.hashes())
|
|
28
|
+
|
|
29
|
+
assert results[0].path == "/sysvol/Windows/bfsvc.exe"
|
|
30
|
+
assert len(results) == 998
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
from __future__ import annotations
|
|
2
|
+
|
|
3
|
+
from typing import TYPE_CHECKING
|
|
4
|
+
|
|
5
|
+
from dissect.target.loaders.velociraptor import VelociraptorLoader
|
|
6
|
+
from dissect.target.plugins.apps.edr.velociraptor import VelociraptorPlugin
|
|
7
|
+
from tests._utils import absolute_path
|
|
8
|
+
from tests.loaders.test_velociraptor import create_root
|
|
9
|
+
|
|
10
|
+
if TYPE_CHECKING:
|
|
11
|
+
from pathlib import Path
|
|
12
|
+
|
|
13
|
+
from dissect.target.target import Target
|
|
14
|
+
|
|
15
|
+
|
|
16
|
+
def test_windows_velociraptor(target_win: Target, tmp_path: Path) -> None:
|
|
17
|
+
"""Test that a Windows Velociraptor artefact result is correctly parsed."""
|
|
18
|
+
root = create_root("ntfs", tmp_path)
|
|
19
|
+
|
|
20
|
+
with absolute_path("_data/plugins/apps/edr/velociraptor/windows-uploads.json").open("rb") as fh:
|
|
21
|
+
root.joinpath("uploads.json").write_bytes(fh.read())
|
|
22
|
+
|
|
23
|
+
with absolute_path("_data/plugins/apps/edr/velociraptor/Windows.Memory.ProcessInfo.json").open("rb") as fh:
|
|
24
|
+
root.joinpath("results/Windows.Memory.ProcessInfo.json").write_bytes(fh.read())
|
|
25
|
+
|
|
26
|
+
assert VelociraptorLoader.detect(root) is True
|
|
27
|
+
|
|
28
|
+
loader = VelociraptorLoader(root)
|
|
29
|
+
loader.map(target_win)
|
|
30
|
+
target_win.apply()
|
|
31
|
+
|
|
32
|
+
target_win.add_plugin(VelociraptorPlugin)
|
|
33
|
+
|
|
34
|
+
results = list(target_win.velociraptor())
|
|
35
|
+
|
|
36
|
+
record = results[0]
|
|
37
|
+
|
|
38
|
+
assert record.name == "Microsoft.SharePoint.exe"
|
|
39
|
+
assert record.pebbaseaddress == "0x295000"
|
|
40
|
+
assert record.pid == 8120
|
|
41
|
+
assert (
|
|
42
|
+
record.imagepathname
|
|
43
|
+
== "C:\\Users\\IEUser\\AppData\\Local\\Microsoft\\OneDrive\\24.070.0407.0003\\Microsoft.SharePoint.exe"
|
|
44
|
+
)
|
|
45
|
+
assert record.commandline == "/silentConfig"
|
|
46
|
+
assert record.currentdirectory == "C:\\Windows\\system32\\"
|
|
47
|
+
assert record._desc.name == "velociraptor/windows_memory_processinfo"
|
|
48
|
+
assert record.env.allusersprofile == "C:\\ProgramData"
|
|
File without changes
|
|
File without changes
|
|
@@ -1,55 +0,0 @@
|
|
|
1
|
-
from __future__ import annotations
|
|
2
|
-
|
|
3
|
-
import csv
|
|
4
|
-
import gzip
|
|
5
|
-
from typing import TYPE_CHECKING
|
|
6
|
-
|
|
7
|
-
from dissect.target.exceptions import UnsupportedPluginError
|
|
8
|
-
from dissect.target.helpers.record import TargetRecordDescriptor
|
|
9
|
-
from dissect.target.plugin import Plugin, export
|
|
10
|
-
|
|
11
|
-
if TYPE_CHECKING:
|
|
12
|
-
from collections.abc import Iterator
|
|
13
|
-
|
|
14
|
-
from dissect.target.target import Target
|
|
15
|
-
|
|
16
|
-
AcquireOpenHandlesRecord = TargetRecordDescriptor(
|
|
17
|
-
"filesystem/acquire_open_handles",
|
|
18
|
-
[
|
|
19
|
-
("path", "name"),
|
|
20
|
-
("string", "handle_type"),
|
|
21
|
-
("string", "object"),
|
|
22
|
-
("varint", "unique_process_id"),
|
|
23
|
-
("varint", "handle_value"),
|
|
24
|
-
("varint", "granted_access"),
|
|
25
|
-
("varint", "creator_back_trace_index"),
|
|
26
|
-
("varint", "object_type_index"),
|
|
27
|
-
("varint", "handle_attributes"),
|
|
28
|
-
("varint", "reserved"),
|
|
29
|
-
],
|
|
30
|
-
)
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
class OpenHandlesPlugin(Plugin):
|
|
34
|
-
"""Plugin to return open file handles collected by Acquire."""
|
|
35
|
-
|
|
36
|
-
def __init__(self, target: Target):
|
|
37
|
-
super().__init__(target)
|
|
38
|
-
self.open_handles_file = target.fs.path("$metadata$/open_handles.csv.gz")
|
|
39
|
-
|
|
40
|
-
def check_compatible(self) -> None:
|
|
41
|
-
if not self.open_handles_file.exists():
|
|
42
|
-
raise UnsupportedPluginError("No open handles found")
|
|
43
|
-
|
|
44
|
-
@export(record=AcquireOpenHandlesRecord)
|
|
45
|
-
def acquire_handles(self) -> Iterator[AcquireOpenHandlesRecord]:
|
|
46
|
-
"""Return open handles collected by Acquire.
|
|
47
|
-
|
|
48
|
-
An Acquire file container contains an open handles csv when the handles module was used. The content of this csv
|
|
49
|
-
file is returned.
|
|
50
|
-
"""
|
|
51
|
-
with self.open_handles_file.open() as fh, gzip.open(fh, "rt") as gz_fh:
|
|
52
|
-
for row in csv.DictReader(gz_fh):
|
|
53
|
-
if name := row.get("name"):
|
|
54
|
-
row.update({"name": self.target.fs.path(name)})
|
|
55
|
-
yield AcquireOpenHandlesRecord(_target=self.target, **row)
|
|
@@ -1,52 +0,0 @@
|
|
|
1
|
-
from __future__ import annotations
|
|
2
|
-
|
|
3
|
-
import csv
|
|
4
|
-
import gzip
|
|
5
|
-
from typing import TYPE_CHECKING
|
|
6
|
-
|
|
7
|
-
from dissect.target.exceptions import UnsupportedPluginError
|
|
8
|
-
from dissect.target.helpers.record import TargetRecordDescriptor
|
|
9
|
-
from dissect.target.plugin import Plugin, export
|
|
10
|
-
|
|
11
|
-
if TYPE_CHECKING:
|
|
12
|
-
from collections.abc import Iterator
|
|
13
|
-
|
|
14
|
-
from dissect.target.target import Target
|
|
15
|
-
|
|
16
|
-
AcquireHashRecord = TargetRecordDescriptor(
|
|
17
|
-
"filesystem/acquire_hash",
|
|
18
|
-
[
|
|
19
|
-
("path", "path"),
|
|
20
|
-
("filesize", "filesize"),
|
|
21
|
-
("digest", "digest"),
|
|
22
|
-
],
|
|
23
|
-
)
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
class AcquireHashPlugin(Plugin):
|
|
27
|
-
"""Plugin to return file hashes collected by Acquire."""
|
|
28
|
-
|
|
29
|
-
def __init__(self, target: Target):
|
|
30
|
-
super().__init__(target)
|
|
31
|
-
self.hash_file = target.fs.path("$metadata$/file-hashes.csv.gz")
|
|
32
|
-
|
|
33
|
-
def check_compatible(self) -> None:
|
|
34
|
-
if not self.hash_file.exists():
|
|
35
|
-
raise UnsupportedPluginError("No hash file found")
|
|
36
|
-
|
|
37
|
-
@export(record=AcquireHashRecord)
|
|
38
|
-
def acquire_hashes(self) -> Iterator[AcquireHashRecord]:
|
|
39
|
-
"""Return file hashes collected by Acquire.
|
|
40
|
-
|
|
41
|
-
An Acquire file container contains a file hashes csv when the hashes module was used. The content of this csv
|
|
42
|
-
file is returned.
|
|
43
|
-
"""
|
|
44
|
-
|
|
45
|
-
with self.hash_file.open() as fh, gzip.open(fh, "rt") as gz_fh:
|
|
46
|
-
for row in csv.DictReader(gz_fh):
|
|
47
|
-
yield AcquireHashRecord(
|
|
48
|
-
path=self.target.fs.path(row["path"]),
|
|
49
|
-
filesize=row["file-size"],
|
|
50
|
-
digest=(row["md5"] or None, row["sha1"] or None, row["sha256"] or None),
|
|
51
|
-
_target=self.target,
|
|
52
|
-
)
|
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
from __future__ import annotations
|
|
2
|
-
|
|
3
|
-
from dissect.target.plugins.filesystem.acquire_handles import OpenHandlesPlugin
|
|
4
|
-
from dissect.target.target import Target
|
|
5
|
-
from tests._utils import absolute_path
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
def test_acquire_handles_plugin() -> None:
|
|
9
|
-
file_hashes_target = Target().open(
|
|
10
|
-
absolute_path("_data/plugins/filesystem/acquire_handles/test-acquire-handles.tar")
|
|
11
|
-
)
|
|
12
|
-
file_hashes_target.add_plugin(OpenHandlesPlugin)
|
|
13
|
-
|
|
14
|
-
results = list(file_hashes_target.acquire_handles())
|
|
15
|
-
first_result = results[0]
|
|
16
|
-
|
|
17
|
-
assert first_result.name == r"\Windows\Fonts"
|
|
18
|
-
assert first_result.handle_type == "EtwRegistration"
|
|
19
|
-
assert first_result.unique_process_id == 1
|
|
20
|
-
assert first_result.object == "0xfffftest"
|
|
21
|
-
assert results[-1].unique_process_id == 124
|
|
22
|
-
assert len(results) == 124
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
from __future__ import annotations
|
|
2
|
-
|
|
3
|
-
from dissect.target.plugins.filesystem.acquire_hash import AcquireHashPlugin
|
|
4
|
-
from dissect.target.target import Target
|
|
5
|
-
from tests._utils import absolute_path
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
def test_acquire_hash_plugin() -> None:
|
|
9
|
-
file_hashes_target = Target().open(absolute_path("_data/plugins/filesystem/acquire_hash/test-acquire-hash.tar"))
|
|
10
|
-
file_hashes_target.add_plugin(AcquireHashPlugin)
|
|
11
|
-
|
|
12
|
-
results = list(file_hashes_target.acquire_hashes())
|
|
13
|
-
|
|
14
|
-
assert results[0].path == "/sysvol/Windows/bfsvc.exe"
|
|
15
|
-
assert len(results) == 998
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/containers/__init__.py
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
{dissect_target-3.22.dev46 → dissect_target-3.22.dev48}/dissect/target/containers/fortifw.py
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|