dissect.target 3.8.dev38__tar.gz → 3.8.dev40__tar.gz

Sign up to get free protection for your applications and to get access to all the features.
Files changed (495) hide show
  1. {dissect.target-3.8.dev38/dissect.target.egg-info → dissect.target-3.8.dev40}/PKG-INFO +1 -1
  2. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/velociraptor.py +10 -1
  3. dissect.target-3.8.dev40/dissect/target/plugins/apps/av/mcafee.py +141 -0
  4. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40/dissect.target.egg-info}/PKG-INFO +1 -1
  5. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect.target.egg-info/SOURCES.txt +4 -0
  6. dissect.target-3.8.dev40/tests/data/apps/av/mcafee/firewall.log +0 -0
  7. dissect.target-3.8.dev40/tests/data/apps/av/mcafee/infect.log +0 -0
  8. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_loaders_velociraptor.py +17 -7
  9. dissect.target-3.8.dev40/tests/test_plugins_apps_av_mcafee.py +38 -0
  10. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/COPYRIGHT +0 -0
  11. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/LICENSE +0 -0
  12. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/MANIFEST.in +0 -0
  13. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/README.md +0 -0
  14. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/__init__.py +0 -0
  15. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/container.py +0 -0
  16. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/containers/__init__.py +0 -0
  17. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/containers/asdf.py +0 -0
  18. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/containers/ewf.py +0 -0
  19. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/containers/qcow2.py +0 -0
  20. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/containers/raw.py +0 -0
  21. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/containers/split.py +0 -0
  22. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/containers/vdi.py +0 -0
  23. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/containers/vhd.py +0 -0
  24. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/containers/vhdx.py +0 -0
  25. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/containers/vmdk.py +0 -0
  26. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/data/autocompletion/target_bash_completion.sh +0 -0
  27. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/exceptions.py +0 -0
  28. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/filesystem.py +0 -0
  29. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/filesystems/__init__.py +0 -0
  30. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/filesystems/ad1.py +0 -0
  31. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/filesystems/cb.py +0 -0
  32. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/filesystems/dir.py +0 -0
  33. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/filesystems/exfat.py +0 -0
  34. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/filesystems/extfs.py +0 -0
  35. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/filesystems/fat.py +0 -0
  36. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/filesystems/ffs.py +0 -0
  37. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/filesystems/itunes.py +0 -0
  38. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/filesystems/ntfs.py +0 -0
  39. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/filesystems/tar.py +0 -0
  40. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/filesystems/vmfs.py +0 -0
  41. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/filesystems/xfs.py +0 -0
  42. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/filesystems/zip.py +0 -0
  43. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/helpers/__init__.py +0 -0
  44. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/helpers/cache.py +0 -0
  45. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/helpers/config.py +0 -0
  46. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/helpers/data/windowsZones.xml +0 -0
  47. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/helpers/descriptor_extensions.py +0 -0
  48. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/helpers/docs.py +0 -0
  49. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/helpers/fsutil.py +0 -0
  50. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/helpers/hashutil.py +0 -0
  51. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/helpers/keychain.py +0 -0
  52. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/helpers/lazy.py +0 -0
  53. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/helpers/loaderutil.py +0 -0
  54. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/helpers/localeutil.py +0 -0
  55. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/helpers/mount.py +0 -0
  56. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/helpers/network_managers.py +0 -0
  57. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/helpers/record.py +0 -0
  58. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/helpers/regutil.py +0 -0
  59. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/helpers/shell_folder_ids.py +0 -0
  60. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/helpers/ssh.py +0 -0
  61. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/helpers/utils.py +0 -0
  62. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loader.py +0 -0
  63. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/__init__.py +0 -0
  64. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/ad1.py +0 -0
  65. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/asdf.py +0 -0
  66. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/cb.py +0 -0
  67. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/dir.py +0 -0
  68. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/ewf.py +0 -0
  69. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/hyperv.py +0 -0
  70. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/itunes.py +0 -0
  71. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/kape.py +0 -0
  72. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/local.py +0 -0
  73. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/ovf.py +0 -0
  74. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/phobos.py +0 -0
  75. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/profile.py +0 -0
  76. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/raw.py +0 -0
  77. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/remote.py +0 -0
  78. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/res.py +0 -0
  79. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/tanium.py +0 -0
  80. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/tar.py +0 -0
  81. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/target.py +0 -0
  82. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/vb.py +0 -0
  83. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/vbox.py +0 -0
  84. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/vma.py +0 -0
  85. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/vmx.py +0 -0
  86. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/loaders/xva.py +0 -0
  87. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugin.py +0 -0
  88. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/__init__.py +0 -0
  89. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/apps/__init__.py +0 -0
  90. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/apps/av/trendmicro.py +0 -0
  91. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/apps/containers/__init__.py +0 -0
  92. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/apps/containers/docker.py +0 -0
  93. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/apps/remoteaccess/__init__.py +0 -0
  94. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/apps/remoteaccess/anydesk.py +0 -0
  95. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/apps/remoteaccess/remoteaccess.py +0 -0
  96. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/apps/remoteaccess/teamviewer.py +0 -0
  97. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/apps/vpns/__init__.py +0 -0
  98. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/apps/vpns/wireguard.py +0 -0
  99. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/apps/webservers/__init__.py +0 -0
  100. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/apps/webservers/apache.py +0 -0
  101. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/apps/webservers/caddy.py +0 -0
  102. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/apps/webservers/iis.py +0 -0
  103. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/apps/webservers/nginx.py +0 -0
  104. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/apps/webservers/webservers.py +0 -0
  105. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/browsers/__init__.py +0 -0
  106. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/browsers/browser.py +0 -0
  107. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/browsers/chrome.py +0 -0
  108. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/browsers/chromium.py +0 -0
  109. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/browsers/edge.py +0 -0
  110. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/browsers/firefox.py +0 -0
  111. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/browsers/iexplore.py +0 -0
  112. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/child/__init__.py +0 -0
  113. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/child/esxi.py +0 -0
  114. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/child/hyperv.py +0 -0
  115. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/child/virtuozzo.py +0 -0
  116. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/child/vmware_workstation.py +0 -0
  117. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/child/wsl.py +0 -0
  118. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/filesystem/__init__.py +0 -0
  119. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/filesystem/acquire_handles.py +0 -0
  120. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/filesystem/acquire_hash.py +0 -0
  121. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/filesystem/icat.py +0 -0
  122. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/filesystem/ntfs/__init__.py +0 -0
  123. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/filesystem/ntfs/mft.py +0 -0
  124. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/filesystem/ntfs/mft_timeline.py +0 -0
  125. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/filesystem/ntfs/usnjrnl.py +0 -0
  126. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/filesystem/ntfs/utils.py +0 -0
  127. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/filesystem/resolver.py +0 -0
  128. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/filesystem/unix/__init__.py +0 -0
  129. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/filesystem/unix/capability.py +0 -0
  130. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/filesystem/unix/suid.py +0 -0
  131. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/filesystem/walkfs.py +0 -0
  132. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/filesystem/yara.py +0 -0
  133. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/general/__init__.py +0 -0
  134. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/general/default.py +0 -0
  135. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/general/example.py +0 -0
  136. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/general/loaders.py +0 -0
  137. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/general/plugins.py +0 -0
  138. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/general/scrape.py +0 -0
  139. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/general/users.py +0 -0
  140. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/__init__.py +0 -0
  141. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/__init__.py +0 -0
  142. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/_os.py +0 -0
  143. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/bsd/_os.py +0 -0
  144. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/bsd/freebsd/__init__.py +0 -0
  145. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/bsd/freebsd/_os.py +0 -0
  146. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/bsd/ios/__init__.py +0 -0
  147. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/bsd/ios/_os.py +0 -0
  148. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/bsd/openbsd/__init__.py +0 -0
  149. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/bsd/openbsd/_os.py +0 -0
  150. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/bsd/osx/__init__.py +0 -0
  151. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/bsd/osx/_os.py +0 -0
  152. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/cronjobs.py +0 -0
  153. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/datetime.py +0 -0
  154. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/generic.py +0 -0
  155. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/history.py +0 -0
  156. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/linux/__init__.py +0 -0
  157. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/linux/_os.py +0 -0
  158. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/linux/android/__init__.py +0 -0
  159. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/linux/android/_os.py +0 -0
  160. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/linux/debian/__init__.py +0 -0
  161. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/linux/debian/_os.py +0 -0
  162. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/linux/debian/apt.py +0 -0
  163. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/linux/debian/dpkg.py +0 -0
  164. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/linux/debian/vyos/__init__.py +0 -0
  165. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/linux/debian/vyos/_os.py +0 -0
  166. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/linux/esxi/__init__.py +0 -0
  167. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/linux/esxi/_os.py +0 -0
  168. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/linux/fortigate/__init__.py +0 -0
  169. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/linux/fortigate/_os.py +0 -0
  170. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/linux/redhat/__init__.py +0 -0
  171. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/linux/redhat/_os.py +0 -0
  172. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/linux/redhat/yum.py +0 -0
  173. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/linux/suse/__init__.py +0 -0
  174. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/linux/suse/_os.py +0 -0
  175. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/linux/suse/zypper.py +0 -0
  176. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/locale.py +0 -0
  177. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/log/__init__.py +0 -0
  178. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/log/atop.py +0 -0
  179. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/log/audit.py +0 -0
  180. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/log/auth.py +0 -0
  181. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/log/btmp.py +0 -0
  182. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/log/lastlog.py +0 -0
  183. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/log/messages.py +0 -0
  184. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/log/utmp.py +0 -0
  185. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/log/wtmp.py +0 -0
  186. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/packagemanager.py +0 -0
  187. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/services.py +0 -0
  188. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/shadow.py +0 -0
  189. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/unix/ssh.py +0 -0
  190. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/__init__.py +0 -0
  191. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/_os.py +0 -0
  192. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/activitiescache.py +0 -0
  193. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/adpolicy.py +0 -0
  194. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/amcache.py +0 -0
  195. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/catroot.py +0 -0
  196. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/cim.py +0 -0
  197. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/clfs.py +0 -0
  198. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/datetime.py +0 -0
  199. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/defender.py +0 -0
  200. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/env.py +0 -0
  201. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/exchange/__init__.py +0 -0
  202. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/exchange/exchange.py +0 -0
  203. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/generic.py +0 -0
  204. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/lnk.py +0 -0
  205. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/locale.py +0 -0
  206. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/log/__init__.py +0 -0
  207. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/log/amcache.py +0 -0
  208. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/log/etl.py +0 -0
  209. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/log/evt.py +0 -0
  210. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/log/evtx.py +0 -0
  211. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/log/pfro.py +0 -0
  212. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/notifications.py +0 -0
  213. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/powershell.py +0 -0
  214. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/prefetch.py +0 -0
  215. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/recyclebin.py +0 -0
  216. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/regf/7zip.py +0 -0
  217. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/regf/__init__.py +0 -0
  218. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/regf/auditpol.py +0 -0
  219. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/regf/bam.py +0 -0
  220. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/regf/cit.py +0 -0
  221. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/regf/clsid.py +0 -0
  222. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/regf/firewall.py +0 -0
  223. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/regf/mru.py +0 -0
  224. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/regf/muicache.py +0 -0
  225. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/regf/nethist.py +0 -0
  226. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/regf/recentfilecache.py +0 -0
  227. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/regf/regf.py +0 -0
  228. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/regf/runkeys.py +0 -0
  229. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/regf/shellbags.py +0 -0
  230. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/regf/shimcache.py +0 -0
  231. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/regf/trusteddocs.py +0 -0
  232. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/regf/usb.py +0 -0
  233. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/regf/userassist.py +0 -0
  234. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/registry.py +0 -0
  235. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/sam.py +0 -0
  236. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/services.py +0 -0
  237. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/sru.py +0 -0
  238. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/startupinfo.py +0 -0
  239. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/syscache.py +0 -0
  240. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/tasks.py +0 -0
  241. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/thumbcache.py +0 -0
  242. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/ual.py +0 -0
  243. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/plugins/os/windows/wer.py +0 -0
  244. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/report.py +0 -0
  245. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/target.py +0 -0
  246. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/tools/__init__.py +0 -0
  247. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/tools/build_pluginlist.py +0 -0
  248. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/tools/dd.py +0 -0
  249. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/tools/dump/__init__.py +0 -0
  250. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/tools/dump/run.py +0 -0
  251. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/tools/dump/state.py +0 -0
  252. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/tools/dump/utils.py +0 -0
  253. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/tools/fs.py +0 -0
  254. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/tools/info.py +0 -0
  255. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/tools/logging.py +0 -0
  256. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/tools/mount.py +0 -0
  257. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/tools/query.py +0 -0
  258. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/tools/reg.py +0 -0
  259. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/tools/shell.py +0 -0
  260. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/tools/utils.py +0 -0
  261. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/volume.py +0 -0
  262. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/volumes/__init__.py +0 -0
  263. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/volumes/bde.py +0 -0
  264. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/volumes/disk.py +0 -0
  265. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/volumes/lvm.py +0 -0
  266. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect/target/volumes/vmfs.py +0 -0
  267. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect.target.egg-info/dependency_links.txt +0 -0
  268. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect.target.egg-info/entry_points.txt +0 -0
  269. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect.target.egg-info/requires.txt +0 -0
  270. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/dissect.target.egg-info/top_level.txt +0 -0
  271. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/pyproject.toml +0 -0
  272. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/setup.cfg +0 -0
  273. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/__init__.py +0 -0
  274. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/_utils.py +0 -0
  275. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/conftest.py +0 -0
  276. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/PcaAppLaunchDic.txt +0 -0
  277. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/SRUDB.dat +0 -0
  278. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/Syscache.hve +0 -0
  279. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/TestAnydesk.trace +0 -0
  280. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/TestLog.evt +0 -0
  281. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/TestLogX.evtx +0 -0
  282. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/TestTeamviewer.log +0 -0
  283. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/adpolicy/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI +0 -0
  284. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/adpolicy/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT/Audit/audit.csv +0 -0
  285. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/adpolicy/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf +0 -0
  286. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/adpolicy/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Registry.pol +0 -0
  287. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/adpolicy/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/comment.cmtx +0 -0
  288. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/adpolicy/{393FA062-30DB-40AC-A15E-E0B12B9F2928}/GPT.INI +0 -0
  289. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/adpolicy/{6AC1786C-016F-11D2-945F-00C04fB984F9}/GPT.INI +0 -0
  290. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/adpolicy/{6AC1786C-016F-11D2-945F-00C04fB984F9}/MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf +0 -0
  291. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/amcache-new.hve +0 -0
  292. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/amcache-old.hve +0 -0
  293. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/apps/av/trendmicro/firewall.log +0 -0
  294. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/apps/av/trendmicro/pccnt35.log +0 -0
  295. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/apps/containers/docker/container_running.json +0 -0
  296. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/apps/containers/docker/image_metadata.json +0 -0
  297. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/apps/containers/docker/repositories.json +0 -0
  298. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/clfs/DRIVERS{53b39e70-18c4-11ea-a811-000d3aa4692b}.TM.blf +0 -0
  299. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/clfs/DRIVERS{53b39e70-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms +0 -0
  300. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/defender-operational.evtx +0 -0
  301. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/defender-quarantine/Entries/{800362A7-0000-0000-FB11-12639186E0D6} +0 -0
  302. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/defender-quarantine/ResourceData/A6/A6C8322B8A19AEED96EFBD045206966DA4C9619D +0 -0
  303. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/defender-quarantine/Resources/A6/A6C8322B8A19AEED96EFBD045206966DA4C9619D +0 -0
  304. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/empty.log +0 -0
  305. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/enc-volume.bin +0 -0
  306. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/keychain.csv +0 -0
  307. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/loaders/hyperv/993F7B33-6057-4D1E-A1FE-A1A1D77BE974.vmcx +0 -0
  308. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/loaders/hyperv/B90AC31B-C6F8-479F-9B91-07B894A6A3F6.xml +0 -0
  309. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/loaders/hyperv/D351C151-DAC7-4042-B434-B72D522C1E4A.xml +0 -0
  310. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/loaders/hyperv/EC04F346-DB96-4700-AF5B-77B3C56C38BD.vmcx +0 -0
  311. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/loaders/tar/test-archive-dot-folder.tgz +0 -0
  312. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/mft.raw +0 -0
  313. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/places.sqlite +0 -0
  314. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugin_register/container.py +0 -0
  315. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugin_register/filesystem.py +0 -0
  316. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugin_register/loader.py +0 -0
  317. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugin_register/plugin.py +0 -0
  318. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/browsers/chrome/History.sqlite +0 -0
  319. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/browsers/chromium/History.sqlite +0 -0
  320. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/browsers/edge/History.sqlite +0 -0
  321. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/browsers/firefox/places.sqlite +0 -0
  322. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/browsers/iexplore/WebCacheV01.dat.gz +0 -0
  323. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/child/hyperv/data.vmcx +0 -0
  324. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/os/unix/bsd/freebsd/freebsd-freebsd-version +0 -0
  325. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/os/unix/linux/debian/apt/history.log +0 -0
  326. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/os/unix/linux/debian/apt/history.log.1.bz2 +0 -0
  327. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/os/unix/linux/debian/apt/history.log.1.gz +0 -0
  328. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/os/unix/linux/debian/debian-os-release +0 -0
  329. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/os/unix/linux/debian/ubuntu-lsb-release +0 -0
  330. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/os/unix/linux/debian/ubuntu-os-release +0 -0
  331. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/os/unix/linux/redhat/centos-os-release +0 -0
  332. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/os/unix/linux/redhat/fedora-os-release +0 -0
  333. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/os/unix/linux/redhat/yum/yum.log +0 -0
  334. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/os/unix/linux/redhat/yum/yum.log.1.bz2 +0 -0
  335. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/os/unix/linux/redhat/yum/yum.log.1.gz +0 -0
  336. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/os/unix/linux/suse/opensuse-os-release +0 -0
  337. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/os/unix/linux/suse/zypp/history +0 -0
  338. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/os/unix/linux/suse/zypp/history.1.bz2 +0 -0
  339. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/os/unix/linux/suse/zypp/history.1.gz +0 -0
  340. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/plugins/os/windows/tasks/MapsToastTask +0 -0
  341. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/regflex.reg +0 -0
  342. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/symlink_disk.ext4 +0 -0
  343. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/test-acquire-handles.tar +0 -0
  344. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/test-acquire-hash.tar +0 -0
  345. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/test-archive-empty-folder.tgz +0 -0
  346. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/test-archive.tar.gz +0 -0
  347. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/ual/Current.mdb +0 -0
  348. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/ual/SystemIdentity.mdb +0 -0
  349. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/unix/configs/ips/eth0.xml +0 -0
  350. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/unix/configs/ips/interfaces +0 -0
  351. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/unix/configs/keyboard +0 -0
  352. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/unix/configs/passwd +0 -0
  353. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/unix/configs/shadow +0 -0
  354. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/unix/logs/atop +0 -0
  355. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/unix/logs/audit.log +0 -0
  356. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/unix/logs/auth/auth.log +0 -0
  357. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/unix/logs/auth/auth.log.bz2 +0 -0
  358. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/unix/logs/auth/auth.log.gz +0 -0
  359. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/unix/logs/auth/secure +0 -0
  360. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/unix/logs/btmp +0 -0
  361. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/unix/logs/dpkg-status +0 -0
  362. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/unix/logs/dpkg.log +0 -0
  363. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/unix/logs/dpkg.log.2.gz +0 -0
  364. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/unix/logs/empty.log +0 -0
  365. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/unix/logs/lastlog +0 -0
  366. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/unix/logs/messages +0 -0
  367. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/unix/logs/passwd-syslog +0 -0
  368. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/unix/logs/wtmp +0 -0
  369. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/uppercase_driveletter.tar +0 -0
  370. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/usnjrnl.bin +0 -0
  371. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/vpns/wireguard/wg0.conf +0 -0
  372. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/webservers/apache/access.log +0 -0
  373. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/webservers/apache/access.log.bz2 +0 -0
  374. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/webservers/apache/access.log.gz +0 -0
  375. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/webservers/caddy/Caddyfile +0 -0
  376. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/webservers/caddy/access.log +0 -0
  377. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/webservers/iis/iis-applicationHost-iis.config +0 -0
  378. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/webservers/iis/iis-applicationHost-w3c.config +0 -0
  379. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/webservers/iis/iis-logs-iis/W3SVC1/u_in211001.log +0 -0
  380. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/webservers/iis/iis-logs-w3c/W3SVC1/u_ex211001_x.log +0 -0
  381. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/webservers/nginx/access.log +0 -0
  382. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/webservers/nginx/access.log.bz2 +0 -0
  383. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/webservers/nginx/access.log.gz +0 -0
  384. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/webservers/nginx/nginx.conf +0 -0
  385. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/wer/wer_test.tmp.WERInternalMetadata.xml +0 -0
  386. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/wer/wer_test.wer +0 -0
  387. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/data/wpndatabase.db +0 -0
  388. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_container_open.py +0 -0
  389. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_containers_split.py +0 -0
  390. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_fat.py +0 -0
  391. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_filesystem.py +0 -0
  392. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_filesystems_dir.py +0 -0
  393. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_filesystems_ntfs.py +0 -0
  394. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_filesystems_tar.py +0 -0
  395. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_filesystems_zip.py +0 -0
  396. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_hashing.py +0 -0
  397. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_helpers.py +0 -0
  398. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_helpers_cache.py +0 -0
  399. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_helpers_fsutil.py +0 -0
  400. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_helpers_loaderutil.py +0 -0
  401. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_helpers_localeutil.py +0 -0
  402. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_helpers_regutil.py +0 -0
  403. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_helpers_utils.py +0 -0
  404. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_loaders_dir.py +0 -0
  405. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_loaders_hyperv.py +0 -0
  406. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_loaders_kape.py +0 -0
  407. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_loaders_local.py +0 -0
  408. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_loaders_remote.py +0 -0
  409. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_loaders_tanium.py +0 -0
  410. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_loaders_tar.py +0 -0
  411. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_loaders_vbox.py +0 -0
  412. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugin.py +0 -0
  413. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_apps_av_trendmicro.py +0 -0
  414. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_apps_containers_docker.py +0 -0
  415. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_apps_remoteaccess_anydesk.py +0 -0
  416. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_apps_remoteaccess_teamviewer.py +0 -0
  417. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_apps_vpns_wireguard.py +0 -0
  418. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_apps_webservers_apache.py +0 -0
  419. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_apps_webservers_caddy.py +0 -0
  420. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_apps_webservers_iis.py +0 -0
  421. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_apps_webservers_nginx.py +0 -0
  422. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_browsers.py +0 -0
  423. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_child_hyperv.py +0 -0
  424. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_child_virtuozzo.py +0 -0
  425. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_child_wsl.py +0 -0
  426. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_filesystem_acquire_handles.py +0 -0
  427. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_filesystem_acquire_hash.py +0 -0
  428. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_filesystem_icat.py +0 -0
  429. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_filesystem_ntfs_mft.py +0 -0
  430. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_filesystem_ntfs_usnjrnl.py +0 -0
  431. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_filesystem_resolver.py +0 -0
  432. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_filesystem_unix_capability.py +0 -0
  433. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_filesystem_unix_suid.py +0 -0
  434. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_filesystem_walkfs.py +0 -0
  435. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_filesystem_yara.py +0 -0
  436. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_general_plugins.py +0 -0
  437. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_general_users.py +0 -0
  438. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_unix.py +0 -0
  439. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_unix_auth.py +0 -0
  440. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_unix_debian_dpkg.py +0 -0
  441. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_unix_generic.py +0 -0
  442. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_unix_history.py +0 -0
  443. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_unix_ips.py +0 -0
  444. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_unix_linux_debian_apt.py +0 -0
  445. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_unix_linux_redhat_yum.py +0 -0
  446. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_unix_linux_suse_zypper.py +0 -0
  447. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_unix_locale.py +0 -0
  448. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_unix_log.py +0 -0
  449. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_unix_log_audit.py +0 -0
  450. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_unix_log_messages.py +0 -0
  451. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_unix_packagemanager.py +0 -0
  452. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_unix_shadow.py +0 -0
  453. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_unix_ssh.py +0 -0
  454. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_unix_users.py +0 -0
  455. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_unix_version.py +0 -0
  456. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows__os.py +0 -0
  457. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_adpolicy.py +0 -0
  458. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_amcache.py +0 -0
  459. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_clfs.py +0 -0
  460. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_datetime.py +0 -0
  461. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_defender.py +0 -0
  462. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_env.py +0 -0
  463. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_generic.py +0 -0
  464. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_locale.py +0 -0
  465. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_log.py +0 -0
  466. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_mru.py +0 -0
  467. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_notifications.py +0 -0
  468. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_recyclebin.py +0 -0
  469. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_regf_cit.py +0 -0
  470. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_regf_clsid.py +0 -0
  471. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_regf_muicache.py +0 -0
  472. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_regf_trusteddocs.py +0 -0
  473. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_regf_userassist.py +0 -0
  474. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_sam.py +0 -0
  475. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_shimcache.py +0 -0
  476. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_sru.py +0 -0
  477. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_syscache.py +0 -0
  478. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_tasks.py +0 -0
  479. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_thumbcache.py +0 -0
  480. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_ual.py +0 -0
  481. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_os_windows_wer.py +0 -0
  482. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_plugins_scrape.py +0 -0
  483. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_prefetch_time.py +0 -0
  484. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_record.py +0 -0
  485. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_registration.py +0 -0
  486. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_report.py +0 -0
  487. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_shell.py +0 -0
  488. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_target.py +0 -0
  489. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_target_fs.py +0 -0
  490. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_target_path.py +0 -0
  491. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_tools_dump.py +0 -0
  492. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_tools_shell.py +0 -0
  493. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_tools_utils.py +0 -0
  494. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tests/test_volumes_bde.py +0 -0
  495. {dissect.target-3.8.dev38 → dissect.target-3.8.dev40}/tox.ini +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: dissect.target
3
- Version: 3.8.dev38
3
+ Version: 3.8.dev40
4
4
  Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
@@ -53,4 +53,13 @@ class VelociraptorLoader(DirLoader):
53
53
 
54
54
  def map(self, target: Target) -> None:
55
55
  os_type, dirs = find_fs_directories(self.path)
56
- map_dirs(target, dirs, os_type)
56
+ if os_type == OperatingSystem.WINDOWS:
57
+ # Velociraptor doesn't have the correct filenames for several files, like $J
58
+ map_dirs(
59
+ target,
60
+ dirs,
61
+ os_type,
62
+ usnjrnl_path="$Extend/$UsnJrnl%3A$J",
63
+ )
64
+ else:
65
+ map_dirs(target, dirs, os_type)
@@ -0,0 +1,141 @@
1
+ import ipaddress
2
+ import re
3
+ from collections import defaultdict
4
+ from pathlib import Path
5
+ from typing import Iterator
6
+
7
+ from dissect.sql import SQLite3
8
+ from dissect.util.ts import from_unix
9
+
10
+ from dissect.target.exceptions import UnsupportedPluginError
11
+ from dissect.target.helpers.record import TargetRecordDescriptor
12
+ from dissect.target.plugin import Plugin, export
13
+
14
+ McAfeeMscLogRecord = TargetRecordDescriptor(
15
+ "application/av/mcafee/msc/log",
16
+ [
17
+ ("datetime", "ts"),
18
+ ("string", "threat"),
19
+ ("string", "message"),
20
+ ("string", "keywords"),
21
+ ("string", "fkey"),
22
+ ],
23
+ )
24
+
25
+ McAfeeMscFirewallRecord = TargetRecordDescriptor(
26
+ "application/av/mcafee/msc/firewall",
27
+ [
28
+ ("datetime", "ts"),
29
+ ("net.ipaddress", "ip"),
30
+ ("uint16", "port"),
31
+ ("string", "protocol"),
32
+ ("string", "message"),
33
+ ("string", "keywords"),
34
+ ("string", "fkey"),
35
+ ],
36
+ )
37
+
38
+ re_cdata = re.compile(r"<!\[CDATA\[(.*?)\]\]>", flags=re.M)
39
+ re_strip_tags = re.compile(r"<[^!][^>]*>")
40
+
41
+
42
+ class McAfeePlugin(Plugin):
43
+ __namespace__ = "mcafee"
44
+
45
+ DIRS = [
46
+ "sysvol/ProgramData/McAfee/MSC/Logs", # Windows
47
+ "/opt/McAfee/ens/log/tp", # Linux/Mac according to docs
48
+ "/opt/McAfee/ens/log/esp", # Linux/Mac according to docs
49
+ ]
50
+ LOG_FILE_PATTERN = "*.log"
51
+ TEMPLATE_ID_INFECTION = 102
52
+ MARKER_INFECTION = "%INFECTION_INFO%"
53
+ MARKER_SUSPICIOUS_TCP_CONNECTION = "TCP port "
54
+ MARKER_SUSPICIOUS_UDP_CONNECTION = "UDP port "
55
+ TABLE_LOG = "log"
56
+ TABLE_FIELD = "field"
57
+
58
+ def check_compatible(self) -> bool:
59
+ if not self.get_log_files():
60
+ raise UnsupportedPluginError("No McAfee Log files found")
61
+
62
+ def get_log_files(self) -> Iterator[Path]:
63
+ for path in self.DIRS:
64
+ yield from self.target.fs.path(path).glob(self.LOG_FILE_PATTERN)
65
+
66
+ def _clean_message(self, message: str) -> str:
67
+ return re.sub(re_strip_tags, "", (" ".join(re.findall(re_cdata, message))))
68
+
69
+ @export(record=McAfeeMscLogRecord)
70
+ def msc(self) -> Iterator[McAfeeMscLogRecord]:
71
+ """Return msc log history records from McAfee.
72
+
73
+ Yields McAfeeMscLogRecord with the following fields:
74
+ hostname (string): The target hostname.
75
+ domain (string): The target domain.
76
+ ts (datetime): timestamp.
77
+ ip (net.ipadress): IP of suspicious connection (if available).
78
+ tcp_port (net.tcp.Port): TCP Port of suspicious incoming connection (if available).
79
+ udp_port (net.udp.Port): UDP Port of suspicious incoming connection (if available).
80
+ threat (string): Description of the detected threat (if available).
81
+ message (string): Message as reported in the user interface (might include template slots).
82
+ keywords (string): Unparsed fields that might be visible in user interface.
83
+ fkey (string): Foreign key for reference for further investigation.
84
+ """
85
+
86
+ len_marker = len(self.MARKER_SUSPICIOUS_UDP_CONNECTION)
87
+
88
+ for log_file in self.get_log_files():
89
+ with log_file.open() as open_log:
90
+ database = SQLite3(open_log)
91
+ fields = defaultdict(dict)
92
+ fields_table = database.table(self.TABLE_FIELD)
93
+
94
+ for field in fields_table.rows():
95
+ fields[field.fkey][field.field_id] = field.data
96
+ log_table = database.table(self.TABLE_LOG)
97
+
98
+ for entry in log_table.rows():
99
+ fkey = entry.fkey
100
+ log_fields = fields[fkey]
101
+ ip = None
102
+ protocol = None
103
+ port = None
104
+ threat = None
105
+
106
+ for key, log_field in log_fields.items():
107
+ try:
108
+ ipaddress.ip_address(log_field)
109
+ ip = log_field
110
+ continue
111
+ except ValueError:
112
+ pass
113
+
114
+ if log_field.startswith(
115
+ (self.MARKER_SUSPICIOUS_TCP_CONNECTION, self.MARKER_SUSPICIOUS_UDP_CONNECTION)
116
+ ):
117
+ port = int(log_field[len_marker:])
118
+ protocol = log_field[:3]
119
+ continue
120
+
121
+ if key == self.TEMPLATE_ID_INFECTION and entry.details_info.find(self.MARKER_INFECTION) > -1:
122
+ threat = log_field
123
+
124
+ if threat:
125
+ yield McAfeeMscLogRecord(
126
+ ts=from_unix(entry.date),
127
+ threat=threat,
128
+ message=self._clean_message(entry.details_info),
129
+ keywords=",".join(log_fields.values()),
130
+ fkey=entry.fkey,
131
+ )
132
+ else:
133
+ yield McAfeeMscFirewallRecord(
134
+ ts=from_unix(entry.date),
135
+ ip=ip,
136
+ protocol=protocol,
137
+ port=port,
138
+ message=self._clean_message(entry.details_info),
139
+ keywords=",".join(log_fields.values()),
140
+ fkey=entry.fkey,
141
+ )
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: dissect.target
3
- Version: 3.8.dev38
3
+ Version: 3.8.dev40
4
4
  Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
@@ -90,6 +90,7 @@ dissect/target/loaders/vmx.py
90
90
  dissect/target/loaders/xva.py
91
91
  dissect/target/plugins/__init__.py
92
92
  dissect/target/plugins/apps/__init__.py
93
+ dissect/target/plugins/apps/av/mcafee.py
93
94
  dissect/target/plugins/apps/av/trendmicro.py
94
95
  dissect/target/plugins/apps/containers/__init__.py
95
96
  dissect/target/plugins/apps/containers/docker.py
@@ -293,6 +294,7 @@ tests/test_loaders_tar.py
293
294
  tests/test_loaders_vbox.py
294
295
  tests/test_loaders_velociraptor.py
295
296
  tests/test_plugin.py
297
+ tests/test_plugins_apps_av_mcafee.py
296
298
  tests/test_plugins_apps_av_trendmicro.py
297
299
  tests/test_plugins_apps_containers_docker.py
298
300
  tests/test_plugins_apps_remoteaccess_anydesk.py
@@ -407,6 +409,8 @@ tests/data/adpolicy/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Win
407
409
  tests/data/adpolicy/{393FA062-30DB-40AC-A15E-E0B12B9F2928}/GPT.INI
408
410
  tests/data/adpolicy/{6AC1786C-016F-11D2-945F-00C04fB984F9}/GPT.INI
409
411
  tests/data/adpolicy/{6AC1786C-016F-11D2-945F-00C04fB984F9}/MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf
412
+ tests/data/apps/av/mcafee/firewall.log
413
+ tests/data/apps/av/mcafee/infect.log
410
414
  tests/data/apps/av/trendmicro/firewall.log
411
415
  tests/data/apps/av/trendmicro/pccnt35.log
412
416
  tests/data/apps/containers/docker/container_running.json
@@ -2,7 +2,7 @@ from pathlib import Path
2
2
 
3
3
  from dissect.target.loaders.velociraptor import VelociraptorLoader
4
4
 
5
- from ._utils import mkdirs
5
+ from ._utils import absolute_path, mkdirs
6
6
 
7
7
 
8
8
  def test_velociraptor_loader_windows_ntfs(mock_target, tmpdir_name):
@@ -11,23 +11,33 @@ def test_velociraptor_loader_windows_ntfs(mock_target, tmpdir_name):
11
11
  root,
12
12
  [
13
13
  "uploads.json",
14
+ "uploads/mft/%5C%5C.%5CC%3A/$Extend",
14
15
  "uploads/mft/%5C%5C.%5CC%3A/windows/system32",
15
16
  "uploads/mft/%5C%5C%3F%5CGLOBALROOT%5CDevice%5CHarddiskVolumeShadowCopy1",
16
17
  "uploads/mft/%5C%5C%3F%5CGLOBALROOT%5CDevice%5CHarddiskVolumeShadowCopy2",
17
18
  ],
18
19
  )
19
20
 
21
+ with open(absolute_path("data/mft.raw"), "rb") as fh:
22
+ (root / "uploads/mft/%5C%5C.%5CC%3A/$MFT").write_bytes(fh.read(10 * 1025))
23
+
24
+ # Add one record so we can test if it works
25
+ data = bytes.fromhex(
26
+ "5800000002000000c100000000000100bf000000000001002003010000000000"
27
+ "6252641a86a4d7010381008000000000000000002000000018003c0069007300"
28
+ "2d00310035005000320036002e0074006d00700000000000"
29
+ )
30
+ (root / "uploads/mft/%5C%5C.%5CC%3A/$Extend/$UsnJrnl%3A$J").write_bytes(data)
31
+
20
32
  assert VelociraptorLoader.detect(root) is True
21
33
 
22
34
  loader = VelociraptorLoader(root)
23
35
  loader.map(mock_target)
24
36
 
25
- assert len(mock_target.filesystems) == 3
26
- assert sorted([fs.base_path.name for fs in mock_target.filesystems]) == [
27
- "%5C%5C%3F%5CGLOBALROOT%5CDevice%5CHarddiskVolumeShadowCopy1",
28
- "%5C%5C%3F%5CGLOBALROOT%5CDevice%5CHarddiskVolumeShadowCopy2",
29
- "%5C%5C.%5CC%3A",
30
- ]
37
+ assert len(list(mock_target.usnjrnl())) == 1
38
+
39
+ # The 3 found directories + the fake NTFS filesystem
40
+ assert len(mock_target.filesystems) == 4
31
41
 
32
42
 
33
43
  def test_dir_loader_linux(mock_target, tmpdir_name):
@@ -0,0 +1,38 @@
1
+ from flow.record.fieldtypes import datetime as dt
2
+
3
+ from dissect.target.plugins.apps.av.mcafee import McAfeeMscFirewallRecord, McAfeePlugin
4
+
5
+ from ._utils import absolute_path
6
+
7
+
8
+ def test_mcafee_plugin_log(target_win, fs_win):
9
+ log_dir = absolute_path("data/apps/av/mcafee")
10
+ fs_win.map_dir("ProgramData/McAfee/MSC/Logs", log_dir)
11
+
12
+ target_win.add_plugin(McAfeePlugin)
13
+
14
+ records = list(target_win.mcafee.msc())
15
+ assert len(records) == 2
16
+ for record in records:
17
+ if isinstance(record, type(McAfeeMscFirewallRecord())):
18
+ assert record.ip == "127.0.0.1"
19
+ assert record.protocol == "TCP"
20
+ assert record.port == 54996
21
+ assert record.ts == dt("2023-03-07T10:32:34Z")
22
+ assert record.fkey == "{C492A216-EFFC-4DAE-BE5E-2F5E064594C9}"
23
+ assert (
24
+ record.message
25
+ == "The PC 127.0.0.1 tried to connect to TCP port 54996 on your PC without your permission."
26
+ )
27
+ assert record.keywords == "127.0.0.1,127.0.0.1,TCP port 54996"
28
+
29
+ else:
30
+ assert record.threat == "EICAR test file"
31
+ assert record.ts == dt("2023-03-07T10:55:18Z")
32
+ assert record.fkey == "{37E1F90E-471D-40D3-9FAA-37BE30C5B4AA}"
33
+ assert (
34
+ record.message
35
+ == "Status Quarantined Scan type Custom We found one or several threats on your PC. "
36
+ + "Threat name EICAR test file File C:\\Users\\admin\\Desktop\\eicar.com"
37
+ )
38
+ assert record.keywords == "Custom,EICAR test file,Quarantined"