dissect.target 3.9.dev16__tar.gz → 3.9.dev18__tar.gz

Sign up to get free protection for your applications and to get access to all the features.
Files changed (509) hide show
  1. {dissect.target-3.9.dev16/dissect.target.egg-info → dissect.target-3.9.dev18}/PKG-INFO +1 -1
  2. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/registry.py +15 -6
  3. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18/dissect.target.egg-info}/PKG-INFO +1 -1
  4. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect.target.egg-info/SOURCES.txt +1 -0
  5. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/conftest.py +3 -9
  6. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_container_open.py +6 -7
  7. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_containers_split.py +4 -6
  8. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_filesystems_dir.py +8 -12
  9. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_loaders_dir.py +11 -13
  10. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_loaders_kape.py +2 -3
  11. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_loaders_tanium.py +2 -3
  12. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_loaders_velociraptor.py +6 -8
  13. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_loaders_vmwarevm.py +2 -2
  14. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_browsers.py +11 -11
  15. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_general_users.py +2 -2
  16. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_defender.py +6 -7
  17. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_log.py +7 -8
  18. dissect.target-3.9.dev18/tests/test_plugins_os_windows_registry.py +67 -0
  19. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_ual.py +1 -1
  20. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_wer.py +1 -1
  21. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_target_path.py +9 -10
  22. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_tools_dump.py +4 -4
  23. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/COPYRIGHT +0 -0
  24. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/LICENSE +0 -0
  25. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/MANIFEST.in +0 -0
  26. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/README.md +0 -0
  27. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/__init__.py +0 -0
  28. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/container.py +0 -0
  29. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/containers/__init__.py +0 -0
  30. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/containers/asdf.py +0 -0
  31. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/containers/ewf.py +0 -0
  32. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/containers/qcow2.py +0 -0
  33. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/containers/raw.py +0 -0
  34. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/containers/split.py +0 -0
  35. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/containers/vdi.py +0 -0
  36. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/containers/vhd.py +0 -0
  37. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/containers/vhdx.py +0 -0
  38. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/containers/vmdk.py +0 -0
  39. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/data/autocompletion/target_bash_completion.sh +0 -0
  40. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/exceptions.py +0 -0
  41. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystem.py +0 -0
  42. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/__init__.py +0 -0
  43. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/ad1.py +0 -0
  44. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/cb.py +0 -0
  45. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/dir.py +0 -0
  46. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/exfat.py +0 -0
  47. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/extfs.py +0 -0
  48. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/fat.py +0 -0
  49. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/ffs.py +0 -0
  50. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/itunes.py +0 -0
  51. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/ntfs.py +0 -0
  52. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/tar.py +0 -0
  53. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/vmfs.py +0 -0
  54. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/xfs.py +0 -0
  55. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/zip.py +0 -0
  56. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/__init__.py +0 -0
  57. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/cache.py +0 -0
  58. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/config.py +0 -0
  59. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/data/windowsZones.xml +0 -0
  60. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/descriptor_extensions.py +0 -0
  61. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/docs.py +0 -0
  62. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/fsutil.py +0 -0
  63. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/hashutil.py +0 -0
  64. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/keychain.py +0 -0
  65. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/lazy.py +0 -0
  66. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/loaderutil.py +0 -0
  67. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/localeutil.py +0 -0
  68. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/mount.py +0 -0
  69. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/network_managers.py +0 -0
  70. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/record.py +0 -0
  71. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/regutil.py +0 -0
  72. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/shell_folder_ids.py +0 -0
  73. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/ssh.py +0 -0
  74. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/utils.py +0 -0
  75. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loader.py +0 -0
  76. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/__init__.py +0 -0
  77. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/ad1.py +0 -0
  78. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/asdf.py +0 -0
  79. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/cb.py +0 -0
  80. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/dir.py +0 -0
  81. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/ewf.py +0 -0
  82. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/hyperv.py +0 -0
  83. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/itunes.py +0 -0
  84. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/kape.py +0 -0
  85. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/local.py +0 -0
  86. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/ovf.py +0 -0
  87. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/phobos.py +0 -0
  88. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/profile.py +0 -0
  89. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/raw.py +0 -0
  90. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/remote.py +0 -0
  91. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/res.py +0 -0
  92. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/tanium.py +0 -0
  93. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/tar.py +0 -0
  94. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/target.py +0 -0
  95. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/targetd.py +0 -0
  96. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/vb.py +0 -0
  97. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/vbox.py +0 -0
  98. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/velociraptor.py +0 -0
  99. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/vma.py +0 -0
  100. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/vmwarevm.py +0 -0
  101. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/vmx.py +0 -0
  102. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/xva.py +0 -0
  103. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugin.py +0 -0
  104. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/__init__.py +0 -0
  105. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/__init__.py +0 -0
  106. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/av/mcafee.py +0 -0
  107. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/av/trendmicro.py +0 -0
  108. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/containers/__init__.py +0 -0
  109. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/containers/docker.py +0 -0
  110. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/remoteaccess/__init__.py +0 -0
  111. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/remoteaccess/anydesk.py +0 -0
  112. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/remoteaccess/remoteaccess.py +0 -0
  113. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/remoteaccess/teamviewer.py +0 -0
  114. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/shell/__init__.py +0 -0
  115. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/shell/powershell.py +0 -0
  116. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/vpns/__init__.py +0 -0
  117. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/vpns/wireguard.py +0 -0
  118. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/webservers/__init__.py +0 -0
  119. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/webservers/apache.py +0 -0
  120. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/webservers/caddy.py +0 -0
  121. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/webservers/iis.py +0 -0
  122. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/webservers/nginx.py +0 -0
  123. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/webservers/webservers.py +0 -0
  124. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/browsers/__init__.py +0 -0
  125. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/browsers/browser.py +0 -0
  126. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/browsers/chrome.py +0 -0
  127. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/browsers/chromium.py +0 -0
  128. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/browsers/edge.py +0 -0
  129. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/browsers/firefox.py +0 -0
  130. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/browsers/iexplore.py +0 -0
  131. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/child/__init__.py +0 -0
  132. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/child/esxi.py +0 -0
  133. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/child/hyperv.py +0 -0
  134. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/child/virtuozzo.py +0 -0
  135. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/child/vmware_workstation.py +0 -0
  136. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/child/wsl.py +0 -0
  137. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/__init__.py +0 -0
  138. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/acquire_handles.py +0 -0
  139. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/acquire_hash.py +0 -0
  140. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/icat.py +0 -0
  141. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/ntfs/__init__.py +0 -0
  142. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/ntfs/mft.py +0 -0
  143. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/ntfs/mft_timeline.py +0 -0
  144. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/ntfs/usnjrnl.py +0 -0
  145. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/ntfs/utils.py +0 -0
  146. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/resolver.py +0 -0
  147. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/unix/__init__.py +0 -0
  148. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/unix/capability.py +0 -0
  149. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/unix/suid.py +0 -0
  150. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/walkfs.py +0 -0
  151. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/yara.py +0 -0
  152. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/general/__init__.py +0 -0
  153. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/general/default.py +0 -0
  154. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/general/example.py +0 -0
  155. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/general/loaders.py +0 -0
  156. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/general/plugins.py +0 -0
  157. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/general/scrape.py +0 -0
  158. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/general/users.py +0 -0
  159. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/__init__.py +0 -0
  160. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/__init__.py +0 -0
  161. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/_os.py +0 -0
  162. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/bsd/_os.py +0 -0
  163. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/bsd/freebsd/__init__.py +0 -0
  164. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/bsd/freebsd/_os.py +0 -0
  165. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/bsd/ios/__init__.py +0 -0
  166. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/bsd/ios/_os.py +0 -0
  167. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/bsd/openbsd/__init__.py +0 -0
  168. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/bsd/openbsd/_os.py +0 -0
  169. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/bsd/osx/__init__.py +0 -0
  170. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/bsd/osx/_os.py +0 -0
  171. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/cronjobs.py +0 -0
  172. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/datetime.py +0 -0
  173. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/generic.py +0 -0
  174. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/history.py +0 -0
  175. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/__init__.py +0 -0
  176. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/_os.py +0 -0
  177. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/android/__init__.py +0 -0
  178. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/android/_os.py +0 -0
  179. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/debian/__init__.py +0 -0
  180. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/debian/_os.py +0 -0
  181. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/debian/apt.py +0 -0
  182. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/debian/dpkg.py +0 -0
  183. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/debian/vyos/__init__.py +0 -0
  184. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/debian/vyos/_os.py +0 -0
  185. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/esxi/__init__.py +0 -0
  186. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/esxi/_os.py +0 -0
  187. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/fortigate/__init__.py +0 -0
  188. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/fortigate/_os.py +0 -0
  189. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/redhat/__init__.py +0 -0
  190. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/redhat/_os.py +0 -0
  191. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/redhat/yum.py +0 -0
  192. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/suse/__init__.py +0 -0
  193. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/suse/_os.py +0 -0
  194. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/suse/zypper.py +0 -0
  195. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/locale.py +0 -0
  196. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/log/__init__.py +0 -0
  197. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/log/atop.py +0 -0
  198. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/log/audit.py +0 -0
  199. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/log/auth.py +0 -0
  200. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/log/btmp.py +0 -0
  201. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/log/lastlog.py +0 -0
  202. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/log/messages.py +0 -0
  203. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/log/utmp.py +0 -0
  204. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/log/wtmp.py +0 -0
  205. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/packagemanager.py +0 -0
  206. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/services.py +0 -0
  207. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/shadow.py +0 -0
  208. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/ssh.py +0 -0
  209. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/__init__.py +0 -0
  210. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/_os.py +0 -0
  211. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/activitiescache.py +0 -0
  212. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/adpolicy.py +0 -0
  213. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/amcache.py +0 -0
  214. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/catroot.py +0 -0
  215. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/cim.py +0 -0
  216. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/clfs.py +0 -0
  217. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/datetime.py +0 -0
  218. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/defender.py +0 -0
  219. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/env.py +0 -0
  220. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/exchange/__init__.py +0 -0
  221. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/exchange/exchange.py +0 -0
  222. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/generic.py +0 -0
  223. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/lnk.py +0 -0
  224. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/locale.py +0 -0
  225. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/log/__init__.py +0 -0
  226. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/log/amcache.py +0 -0
  227. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/log/etl.py +0 -0
  228. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/log/evt.py +0 -0
  229. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/log/evtx.py +0 -0
  230. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/log/pfro.py +0 -0
  231. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/notifications.py +0 -0
  232. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/prefetch.py +0 -0
  233. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/recyclebin.py +0 -0
  234. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/7zip.py +0 -0
  235. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/__init__.py +0 -0
  236. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/auditpol.py +0 -0
  237. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/bam.py +0 -0
  238. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/cit.py +0 -0
  239. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/clsid.py +0 -0
  240. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/firewall.py +0 -0
  241. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/mru.py +0 -0
  242. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/muicache.py +0 -0
  243. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/nethist.py +0 -0
  244. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/recentfilecache.py +0 -0
  245. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/regf.py +0 -0
  246. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/runkeys.py +0 -0
  247. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/shellbags.py +0 -0
  248. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/shimcache.py +0 -0
  249. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/trusteddocs.py +0 -0
  250. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/usb.py +0 -0
  251. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/userassist.py +0 -0
  252. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/sam.py +0 -0
  253. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/services.py +0 -0
  254. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/sru.py +0 -0
  255. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/startupinfo.py +0 -0
  256. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/syscache.py +0 -0
  257. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/tasks.py +0 -0
  258. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/thumbcache.py +0 -0
  259. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/ual.py +0 -0
  260. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/wer.py +0 -0
  261. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/report.py +0 -0
  262. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/target.py +0 -0
  263. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/__init__.py +0 -0
  264. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/build_pluginlist.py +0 -0
  265. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/dd.py +0 -0
  266. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/dump/__init__.py +0 -0
  267. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/dump/run.py +0 -0
  268. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/dump/state.py +0 -0
  269. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/dump/utils.py +0 -0
  270. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/fs.py +0 -0
  271. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/info.py +0 -0
  272. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/logging.py +0 -0
  273. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/mount.py +0 -0
  274. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/query.py +0 -0
  275. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/reg.py +0 -0
  276. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/shell.py +0 -0
  277. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/utils.py +0 -0
  278. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/volume.py +0 -0
  279. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/volumes/__init__.py +0 -0
  280. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/volumes/bde.py +0 -0
  281. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/volumes/disk.py +0 -0
  282. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/volumes/lvm.py +0 -0
  283. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/volumes/vmfs.py +0 -0
  284. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect.target.egg-info/dependency_links.txt +0 -0
  285. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect.target.egg-info/entry_points.txt +0 -0
  286. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect.target.egg-info/requires.txt +0 -0
  287. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect.target.egg-info/top_level.txt +0 -0
  288. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/pyproject.toml +0 -0
  289. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/setup.cfg +0 -0
  290. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/__init__.py +0 -0
  291. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/_utils.py +0 -0
  292. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/PcaAppLaunchDic.txt +0 -0
  293. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/SRUDB.dat +0 -0
  294. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/Syscache.hve +0 -0
  295. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/TestAnydesk.trace +0 -0
  296. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/TestLog.evt +0 -0
  297. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/TestLogX.evtx +0 -0
  298. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/TestTeamviewer.log +0 -0
  299. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/adpolicy/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI +0 -0
  300. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/adpolicy/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT/Audit/audit.csv +0 -0
  301. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/adpolicy/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf +0 -0
  302. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/adpolicy/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Registry.pol +0 -0
  303. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/adpolicy/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/comment.cmtx +0 -0
  304. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/adpolicy/{393FA062-30DB-40AC-A15E-E0B12B9F2928}/GPT.INI +0 -0
  305. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/adpolicy/{6AC1786C-016F-11D2-945F-00C04fB984F9}/GPT.INI +0 -0
  306. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/adpolicy/{6AC1786C-016F-11D2-945F-00C04fB984F9}/MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf +0 -0
  307. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/amcache-new.hve +0 -0
  308. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/amcache-old.hve +0 -0
  309. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/apps/av/mcafee/firewall.log +0 -0
  310. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/apps/av/mcafee/infect.log +0 -0
  311. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/apps/av/trendmicro/firewall.log +0 -0
  312. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/apps/av/trendmicro/pccnt35.log +0 -0
  313. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/apps/containers/docker/container_running.json +0 -0
  314. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/apps/containers/docker/image_metadata.json +0 -0
  315. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/apps/containers/docker/repositories.json +0 -0
  316. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/clfs/DRIVERS{53b39e70-18c4-11ea-a811-000d3aa4692b}.TM.blf +0 -0
  317. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/clfs/DRIVERS{53b39e70-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms +0 -0
  318. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/defender-operational.evtx +0 -0
  319. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/defender-quarantine/Entries/{800362A7-0000-0000-FB11-12639186E0D6} +0 -0
  320. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/defender-quarantine/ResourceData/A6/A6C8322B8A19AEED96EFBD045206966DA4C9619D +0 -0
  321. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/defender-quarantine/Resources/A6/A6C8322B8A19AEED96EFBD045206966DA4C9619D +0 -0
  322. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/empty.log +0 -0
  323. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/enc-volume.bin +0 -0
  324. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/keychain.csv +0 -0
  325. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/loaders/asdf/metadata.asdf +0 -0
  326. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/loaders/hyperv/993F7B33-6057-4D1E-A1FE-A1A1D77BE974.vmcx +0 -0
  327. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/loaders/hyperv/B90AC31B-C6F8-479F-9B91-07B894A6A3F6.xml +0 -0
  328. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/loaders/hyperv/D351C151-DAC7-4042-B434-B72D522C1E4A.xml +0 -0
  329. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/loaders/hyperv/EC04F346-DB96-4700-AF5B-77B3C56C38BD.vmcx +0 -0
  330. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/loaders/tar/test-archive-dot-folder.tgz +0 -0
  331. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/mft.raw +0 -0
  332. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/places.sqlite +0 -0
  333. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugin_register/container.py +0 -0
  334. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugin_register/filesystem.py +0 -0
  335. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugin_register/loader.py +0 -0
  336. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugin_register/plugin.py +0 -0
  337. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/browsers/chrome/History.sqlite +0 -0
  338. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/browsers/chromium/History.sqlite +0 -0
  339. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/browsers/edge/History.sqlite +0 -0
  340. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/browsers/firefox/places.sqlite +0 -0
  341. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/browsers/iexplore/WebCacheV01.dat.gz +0 -0
  342. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/child/hyperv/data.vmcx +0 -0
  343. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/bsd/freebsd/freebsd-freebsd-version +0 -0
  344. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/debian/apt/history.log +0 -0
  345. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/debian/apt/history.log.1.bz2 +0 -0
  346. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/debian/apt/history.log.1.gz +0 -0
  347. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/debian/debian-os-release +0 -0
  348. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/debian/ubuntu-lsb-release +0 -0
  349. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/debian/ubuntu-os-release +0 -0
  350. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/redhat/centos-os-release +0 -0
  351. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/redhat/fedora-os-release +0 -0
  352. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/redhat/yum/yum.log +0 -0
  353. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/redhat/yum/yum.log.1.bz2 +0 -0
  354. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/redhat/yum/yum.log.1.gz +0 -0
  355. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/suse/opensuse-os-release +0 -0
  356. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/suse/zypp/history +0 -0
  357. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/suse/zypp/history.1.bz2 +0 -0
  358. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/suse/zypp/history.1.gz +0 -0
  359. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/services/initd.sh +0 -0
  360. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/services/systemd.service +0 -0
  361. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/services/systemd2.service +0 -0
  362. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/windows/powershell/ConsoleHost_history.txt +0 -0
  363. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/windows/tasks/MapsToastTask +0 -0
  364. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/regflex.reg +0 -0
  365. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/symlink_disk.ext4 +0 -0
  366. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/test-acquire-handles.tar +0 -0
  367. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/test-acquire-hash.tar +0 -0
  368. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/test-archive-empty-folder.tgz +0 -0
  369. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/test-archive.tar.gz +0 -0
  370. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/ual/Current.mdb +0 -0
  371. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/ual/SystemIdentity.mdb +0 -0
  372. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/configs/ips/eth0.xml +0 -0
  373. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/configs/ips/interfaces +0 -0
  374. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/configs/keyboard +0 -0
  375. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/configs/passwd +0 -0
  376. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/configs/shadow +0 -0
  377. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/atop +0 -0
  378. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/audit.log +0 -0
  379. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/auth/auth.log +0 -0
  380. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/auth/auth.log.bz2 +0 -0
  381. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/auth/auth.log.gz +0 -0
  382. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/auth/secure +0 -0
  383. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/btmp +0 -0
  384. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/dpkg-status +0 -0
  385. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/dpkg.log +0 -0
  386. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/dpkg.log.2.gz +0 -0
  387. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/empty.log +0 -0
  388. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/lastlog +0 -0
  389. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/messages +0 -0
  390. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/passwd-syslog +0 -0
  391. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/wtmp +0 -0
  392. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/uppercase_driveletter.tar +0 -0
  393. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/usnjrnl.bin +0 -0
  394. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/vpns/wireguard/wg0.conf +0 -0
  395. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/apache/access.log +0 -0
  396. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/apache/access.log.bz2 +0 -0
  397. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/apache/access.log.gz +0 -0
  398. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/caddy/Caddyfile +0 -0
  399. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/caddy/access.log +0 -0
  400. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/iis/iis-applicationHost-iis.config +0 -0
  401. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/iis/iis-applicationHost-w3c.config +0 -0
  402. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/iis/iis-logs-iis/W3SVC1/u_in211001.log +0 -0
  403. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/iis/iis-logs-w3c/W3SVC1/u_ex211001_x.log +0 -0
  404. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/nginx/access.log +0 -0
  405. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/nginx/access.log.bz2 +0 -0
  406. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/nginx/access.log.gz +0 -0
  407. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/nginx/nginx.conf +0 -0
  408. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/wer/wer_test.tmp.WERInternalMetadata.xml +0 -0
  409. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/wer/wer_test.wer +0 -0
  410. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/wpndatabase.db +0 -0
  411. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_filesystem.py +0 -0
  412. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_filesystems_exfat.py +0 -0
  413. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_filesystems_fat.py +0 -0
  414. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_filesystems_ntfs.py +0 -0
  415. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_filesystems_tar.py +0 -0
  416. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_filesystems_zip.py +0 -0
  417. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_hashing.py +0 -0
  418. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_helpers.py +0 -0
  419. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_helpers_cache.py +0 -0
  420. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_helpers_fsutil.py +0 -0
  421. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_helpers_loaderutil.py +0 -0
  422. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_helpers_localeutil.py +0 -0
  423. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_helpers_regutil.py +0 -0
  424. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_helpers_utils.py +0 -0
  425. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_loaders_asdf.py +0 -0
  426. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_loaders_hyperv.py +0 -0
  427. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_loaders_local.py +0 -0
  428. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_loaders_remote.py +0 -0
  429. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_loaders_tar.py +0 -0
  430. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_loaders_vbox.py +0 -0
  431. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugin.py +0 -0
  432. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_apps_av_mcafee.py +0 -0
  433. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_apps_av_trendmicro.py +0 -0
  434. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_apps_containers_docker.py +0 -0
  435. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_apps_remoteaccess_anydesk.py +0 -0
  436. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_apps_remoteaccess_teamviewer.py +0 -0
  437. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_apps_shell_powershell.py +0 -0
  438. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_apps_vpns_wireguard.py +0 -0
  439. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_apps_webservers_apache.py +0 -0
  440. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_apps_webservers_caddy.py +0 -0
  441. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_apps_webservers_iis.py +0 -0
  442. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_apps_webservers_nginx.py +0 -0
  443. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_child_hyperv.py +0 -0
  444. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_child_virtuozzo.py +0 -0
  445. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_child_wsl.py +0 -0
  446. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_filesystem_acquire_handles.py +0 -0
  447. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_filesystem_acquire_hash.py +0 -0
  448. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_filesystem_icat.py +0 -0
  449. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_filesystem_ntfs_mft.py +0 -0
  450. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_filesystem_ntfs_usnjrnl.py +0 -0
  451. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_filesystem_resolver.py +0 -0
  452. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_filesystem_unix_capability.py +0 -0
  453. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_filesystem_unix_suid.py +0 -0
  454. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_filesystem_walkfs.py +0 -0
  455. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_filesystem_yara.py +0 -0
  456. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_general_plugins.py +0 -0
  457. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix.py +0 -0
  458. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_debian_dpkg.py +0 -0
  459. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_generic.py +0 -0
  460. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_history.py +0 -0
  461. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_ips.py +0 -0
  462. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_linux_debian_apt.py +0 -0
  463. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_linux_redhat_yum.py +0 -0
  464. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_linux_suse_zypper.py +0 -0
  465. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_locale.py +0 -0
  466. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_log.py +0 -0
  467. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_log_audit.py +0 -0
  468. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_log_auth.py +0 -0
  469. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_log_messages.py +0 -0
  470. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_packagemanager.py +0 -0
  471. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_services.py +0 -0
  472. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_shadow.py +0 -0
  473. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_ssh.py +0 -0
  474. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_users.py +0 -0
  475. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_version.py +0 -0
  476. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows__os.py +0 -0
  477. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_adpolicy.py +0 -0
  478. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_amcache.py +0 -0
  479. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_clfs.py +0 -0
  480. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_datetime.py +0 -0
  481. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_env.py +0 -0
  482. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_generic.py +0 -0
  483. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_locale.py +0 -0
  484. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_mru.py +0 -0
  485. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_notifications.py +0 -0
  486. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_recyclebin.py +0 -0
  487. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_regf_cit.py +0 -0
  488. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_regf_clsid.py +0 -0
  489. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_regf_muicache.py +0 -0
  490. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_regf_trusteddocs.py +0 -0
  491. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_regf_userassist.py +0 -0
  492. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_sam.py +0 -0
  493. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_shimcache.py +0 -0
  494. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_sru.py +0 -0
  495. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_syscache.py +0 -0
  496. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_tasks.py +0 -0
  497. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_thumbcache.py +0 -0
  498. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_scrape.py +0 -0
  499. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_prefetch_time.py +0 -0
  500. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_record.py +0 -0
  501. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_registration.py +0 -0
  502. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_report.py +0 -0
  503. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_shell.py +0 -0
  504. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_target.py +0 -0
  505. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_target_fs.py +0 -0
  506. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_tools_shell.py +0 -0
  507. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_tools_utils.py +0 -0
  508. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_volumes_bde.py +0 -0
  509. {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tox.ini +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: dissect.target
3
- Version: 3.9.dev16
3
+ Version: 3.9.dev18
4
4
  Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
@@ -98,6 +98,10 @@ class RegistryPlugin(Plugin):
98
98
  if not bcd.exists():
99
99
  continue
100
100
 
101
+ if bcd.stat().st_size == 0:
102
+ self.target.log.warning("Empty BCD hive: %s", bcd)
103
+ continue
104
+
101
105
  try:
102
106
  hf = RegfHive(bcd)
103
107
  self.add_hive("BCD", hf, bcd)
@@ -116,7 +120,11 @@ class RegistryPlugin(Plugin):
116
120
  user = user_details.user
117
121
  ntuser = user_details.home_path.joinpath("ntuser.dat")
118
122
 
119
- if ntuser.exists():
123
+ if not ntuser.exists():
124
+ self.target.log.debug("Could not find ntuser.dat: %s", ntuser)
125
+ elif ntuser.stat().st_size == 0:
126
+ self.target.log.warning("Empty NTUSER.DAT hive: %s", ntuser)
127
+ else:
120
128
  try:
121
129
  ntuserhive = RegfHive(ntuser)
122
130
  self.add_hive(user.sid, ntuserhive, ntuser)
@@ -126,11 +134,14 @@ class RegistryPlugin(Plugin):
126
134
  self._hives_to_users[ntuserhive] = user_details
127
135
  except Exception as e:
128
136
  self.target.log.warning("Could not open ntuser.dat: %s", ntuser, exc_info=e)
129
- else:
130
- self.target.log.debug("Could not find ntuser.dat: %s", ntuser)
131
137
 
132
138
  usrclass = user_details.home_path.joinpath("AppData/Local/Microsoft/Windows/usrclass.dat")
133
- if usrclass.exists():
139
+
140
+ if not usrclass.exists():
141
+ self.target.log.debug("Could not find usrclass.dat: %s", usrclass)
142
+ elif usrclass.stat().st_size == 0:
143
+ self.target.log.warning("Empty UsrClass.DAT hive: %s", usrclass)
144
+ else:
134
145
  try:
135
146
  usr_class_hive = RegfHive(usrclass)
136
147
  self.add_hive(f"{user.sid}_Classes", usr_class_hive, usrclass)
@@ -140,8 +151,6 @@ class RegistryPlugin(Plugin):
140
151
  self._hives_to_users[usr_class_hive] = user_details
141
152
  except Exception as e:
142
153
  self.target.log.warning("Could not open usrclass.dat: %s", usrclass, exc_info=e)
143
- else:
144
- self.target.log.debug("Could not find usrclass.dat: %s", usrclass)
145
154
 
146
155
  self._users_loaded = True
147
156
 
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: dissect.target
3
- Version: 3.9.dev16
3
+ Version: 3.9.dev18
4
4
  Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
@@ -364,6 +364,7 @@ tests/test_plugins_os_windows_regf_clsid.py
364
364
  tests/test_plugins_os_windows_regf_muicache.py
365
365
  tests/test_plugins_os_windows_regf_trusteddocs.py
366
366
  tests/test_plugins_os_windows_regf_userassist.py
367
+ tests/test_plugins_os_windows_registry.py
367
368
  tests/test_plugins_os_windows_sam.py
368
369
  tests/test_plugins_os_windows_shimcache.py
369
370
  tests/test_plugins_os_windows_sru.py
@@ -40,16 +40,10 @@ def make_mock_targets(request):
40
40
 
41
41
 
42
42
  @pytest.fixture
43
- def tmpdir_name():
44
- with tempfile.TemporaryDirectory() as tmpdir_name:
45
- yield tmpdir_name
46
-
47
-
48
- @pytest.fixture
49
- def fs_win(tmpdir_name):
43
+ def fs_win(tmp_path):
50
44
  fs = VirtualFilesystem(case_sensitive=False, alt_separator="\\")
51
- fs.map_dir("windows/system32", tmpdir_name)
52
- fs.map_dir("windows/system32/config/", tmpdir_name)
45
+ fs.map_dir("windows/system32", tmp_path)
46
+ fs.map_dir("windows/system32/config/", tmp_path)
53
47
  yield fs
54
48
 
55
49
 
@@ -31,7 +31,7 @@ def test_open_inputs(mocked_ewf_detect: Mock, path, expected_output):
31
31
  mocked_ewf_detect.assert_called_with(expected_output)
32
32
 
33
33
 
34
- def test_open_fallback_fh(tmpdir_name):
34
+ def test_open_fallback_fh(tmp_path):
35
35
  # Create a valid VHD file
36
36
  fake_vhd = (
37
37
  (bytes(range(256)) * 2)
@@ -43,10 +43,9 @@ def test_open_fallback_fh(tmpdir_name):
43
43
  + (b"\x00" * 455)
44
44
  )
45
45
 
46
- tmp_root = Path(tmpdir_name)
47
- tmp_with_ext = tmp_root.joinpath("testfile.vhd")
48
- tmp_without_ext = tmp_root.joinpath("testfile")
49
- tmp_with_wrong_ext = tmp_root.joinpath("testfile.qcow2")
46
+ tmp_with_ext = tmp_path.joinpath("testfile.vhd")
47
+ tmp_without_ext = tmp_path.joinpath("testfile")
48
+ tmp_with_wrong_ext = tmp_path.joinpath("testfile.qcow2")
50
49
 
51
50
  for path in [tmp_with_ext, tmp_without_ext, tmp_with_wrong_ext]:
52
51
  path.write_bytes(fake_vhd)
@@ -60,13 +59,13 @@ def test_open_fallback_fh(tmpdir_name):
60
59
  with path.open("rb") as fh:
61
60
  assert vhd.VhdContainer.detect(fh)
62
61
 
63
- tmp_nonexistent = tmp_root.joinpath("doesntexist")
62
+ tmp_nonexistent = tmp_path.joinpath("doesntexist")
64
63
  with pytest.raises(ContainerError):
65
64
  container.open(tmp_nonexistent)
66
65
 
67
66
  assert not vhd.VhdContainer.detect(tmp_nonexistent)
68
67
 
69
- tmp_dummy = tmp_root.joinpath("testdummy")
68
+ tmp_dummy = tmp_path.joinpath("testdummy")
70
69
  tmp_dummy.write_bytes(b"\x00" * 1024)
71
70
  assert isinstance(container.open(tmp_dummy), raw.RawContainer)
72
71
  assert not vhd.VhdContainer.detect(tmp_dummy)
@@ -1,5 +1,4 @@
1
1
  from io import BytesIO
2
- from pathlib import Path
3
2
 
4
3
  import pytest
5
4
 
@@ -22,9 +21,8 @@ def split_fhs():
22
21
 
23
22
 
24
23
  @pytest.fixture
25
- def split_paths(tmpdir_name, split_fhs):
26
- root = Path(tmpdir_name)
27
- paths = [(root / f"split.{i:>03}") for i in range(4)]
24
+ def split_paths(tmp_path, split_fhs):
25
+ paths = [(tmp_path / f"split.{i:>03}") for i in range(4)]
28
26
 
29
27
  for fh, path in zip(split_fhs, paths):
30
28
  fh.seek(0)
@@ -34,8 +32,8 @@ def split_paths(tmpdir_name, split_fhs):
34
32
 
35
33
 
36
34
  @pytest.fixture
37
- def split_symlink(tmpdir_name, split_paths):
38
- dir_path = Path(tmpdir_name) / "dir"
35
+ def split_symlink(tmp_path, split_paths):
36
+ dir_path = tmp_path / "dir"
39
37
  symlink_path = dir_path / split_paths[0].name
40
38
  dir_path.mkdir()
41
39
  symlink_path.symlink_to(split_paths[0])
@@ -4,18 +4,16 @@ import tempfile
4
4
  from dissect.target.filesystems.dir import DirectoryFilesystem
5
5
 
6
6
 
7
- def test_filesystem_dir_symlink_to_file(tmpdir_name):
8
- tmpdir_path = pathlib.Path(tmpdir_name)
9
-
10
- with tempfile.NamedTemporaryFile(dir=tmpdir_name) as tf:
7
+ def test_filesystem_dir_symlink_to_file(tmp_path):
8
+ with tempfile.NamedTemporaryFile(dir=tmp_path) as tf:
11
9
  tf.write(b"dummy")
12
10
  tf.flush()
13
11
 
14
12
  tmpfile_path = pathlib.Path(tf.name)
15
- symlink_path = tmpdir_path.joinpath("symlink")
13
+ symlink_path = tmp_path.joinpath("symlink")
16
14
  symlink_path.symlink_to(f"/{tmpfile_path.name}")
17
15
 
18
- fs = DirectoryFilesystem(path=tmpdir_path)
16
+ fs = DirectoryFilesystem(path=tmp_path)
19
17
  symlink_entry = fs.get("symlink")
20
18
 
21
19
  assert symlink_entry.is_symlink()
@@ -32,18 +30,16 @@ def test_filesystem_dir_symlink_to_file(tmpdir_name):
32
30
  assert list(symlink_entry.stat()) == list(tmpfile_path.lstat())
33
31
 
34
32
 
35
- def test_filesystem_dir_symlink_to_dir(tmpdir_name):
36
- tmpdir_path = pathlib.Path(tmpdir_name)
37
-
38
- nested_path = tmpdir_path.joinpath("nested")
33
+ def test_filesystem_dir_symlink_to_dir(tmp_path):
34
+ nested_path = tmp_path.joinpath("nested")
39
35
  nested_path.mkdir()
40
36
  nested_path.joinpath("file1").touch()
41
37
  nested_path.joinpath("file2").touch()
42
38
 
43
- symlink_path = tmpdir_path.joinpath("symlink")
39
+ symlink_path = tmp_path.joinpath("symlink")
44
40
  symlink_path.symlink_to("/nested")
45
41
 
46
- fs = DirectoryFilesystem(path=tmpdir_path)
42
+ fs = DirectoryFilesystem(path=tmp_path)
47
43
  symlink_entry = fs.get("symlink")
48
44
 
49
45
  assert symlink_entry.is_symlink()
@@ -1,13 +1,11 @@
1
- from pathlib import Path
2
-
3
1
  from dissect.target.loaders.dir import DirLoader, find_dirs
4
2
  from dissect.target.plugin import OperatingSystem
5
3
 
6
4
  from ._utils import mkdirs
7
5
 
8
6
 
9
- def test_dir_loader_windows(mock_target, tmpdir_name):
10
- root = Path(tmpdir_name)
7
+ def test_dir_loader_windows(mock_target, tmp_path):
8
+ root = tmp_path
11
9
  mkdirs(root, ["windows/system32"])
12
10
 
13
11
  os_type, dirs = find_dirs(root)
@@ -22,9 +20,9 @@ def test_dir_loader_windows(mock_target, tmpdir_name):
22
20
  assert len(mock_target.filesystems) == 1
23
21
 
24
22
 
25
- def test_dir_loader_winnt(mock_target, tmpdir_name):
26
- root = Path(tmpdir_name)
27
- mkdirs(root, ["winnt"])
23
+ def test_dir_loader_winnt(mock_target, tmp_path):
24
+ root = tmp_path
25
+ mkdirs(tmp_path, ["winnt"])
28
26
 
29
27
  os_type, dirs = find_dirs(root)
30
28
  assert os_type == OperatingSystem.WINDOWS
@@ -38,8 +36,8 @@ def test_dir_loader_winnt(mock_target, tmpdir_name):
38
36
  assert len(mock_target.filesystems) == 1
39
37
 
40
38
 
41
- def test_dir_loader_linux(mock_target, tmpdir_name):
42
- root = Path(tmpdir_name)
39
+ def test_dir_loader_linux(mock_target, tmp_path):
40
+ root = tmp_path
43
41
  mkdirs(root, ["etc", "var"])
44
42
 
45
43
  os_type, dirs = find_dirs(root)
@@ -54,8 +52,8 @@ def test_dir_loader_linux(mock_target, tmpdir_name):
54
52
  assert len(mock_target.filesystems) == 1
55
53
 
56
54
 
57
- def test_dir_loader_macos(mock_target, tmpdir_name):
58
- root = Path(tmpdir_name)
55
+ def test_dir_loader_macos(mock_target, tmp_path):
56
+ root = tmp_path
59
57
  mkdirs(root, ["Library"])
60
58
 
61
59
  os_type, dirs = find_dirs(root)
@@ -70,8 +68,8 @@ def test_dir_loader_macos(mock_target, tmpdir_name):
70
68
  assert len(mock_target.filesystems) == 1
71
69
 
72
70
 
73
- def test_dir_loader_windows_drive_letters(mock_target, tmpdir_name):
74
- root = Path(tmpdir_name)
71
+ def test_dir_loader_windows_drive_letters(mock_target, tmp_path):
72
+ root = tmp_path
75
73
  mkdirs(root, ["C/windows/system32", "D/test", "E/test"])
76
74
 
77
75
  os_type, dirs = find_dirs(root)
@@ -1,4 +1,3 @@
1
- from pathlib import Path
2
1
  from unittest.mock import patch
3
2
 
4
3
  from dissect.target.loaders.kape import KapeLoader
@@ -7,8 +6,8 @@ from ._utils import absolute_path, mkdirs
7
6
 
8
7
 
9
8
  @patch("dissect.target.filesystems.dir.DirectoryFilesystem.ntfs", None, create=True)
10
- def test_kape_loader(mock_target, tmpdir_name):
11
- root = Path(tmpdir_name)
9
+ def test_kape_loader(mock_target, tmp_path):
10
+ root = tmp_path
12
11
  mkdirs(root, ["C/windows/system32", "C/$Extend", "D/test", "E/test"])
13
12
 
14
13
  # Only need this to exist up until the root directory record to make dissect.ntfs happy
@@ -1,4 +1,3 @@
1
- from pathlib import Path
2
1
  from unittest.mock import patch
3
2
 
4
3
  from dissect.target.loaders.tanium import TaniumLoader
@@ -7,8 +6,8 @@ from ._utils import absolute_path, mkdirs
7
6
 
8
7
 
9
8
  @patch("dissect.target.filesystems.dir.DirectoryFilesystem.ntfs", None, create=True)
10
- def test_tanium_loader(mock_target, tmpdir_name):
11
- root = Path(tmpdir_name)
9
+ def test_tanium_loader(mock_target, tmp_path):
10
+ root = tmp_path
12
11
  mkdirs(root, ["file/C/windows/system32", "file/C/$Extend", "file/D/test", "file/E/test"])
13
12
 
14
13
  # Only need this to exist up until the root directory record to make dissect.ntfs happy
@@ -1,12 +1,10 @@
1
- from pathlib import Path
2
-
3
1
  from dissect.target.loaders.velociraptor import VelociraptorLoader
4
2
 
5
3
  from ._utils import absolute_path, mkdirs
6
4
 
7
5
 
8
- def test_velociraptor_loader_windows_ntfs(mock_target, tmpdir_name):
9
- root = Path(tmpdir_name)
6
+ def test_velociraptor_loader_windows_ntfs(mock_target, tmp_path):
7
+ root = tmp_path
10
8
  mkdirs(
11
9
  root,
12
10
  [
@@ -40,8 +38,8 @@ def test_velociraptor_loader_windows_ntfs(mock_target, tmpdir_name):
40
38
  assert len(mock_target.filesystems) == 4
41
39
 
42
40
 
43
- def test_dir_loader_linux(mock_target, tmpdir_name):
44
- root = Path(tmpdir_name)
41
+ def test_dir_loader_linux(mock_target, tmp_path):
42
+ root = tmp_path
45
43
  mkdirs(root, ["uploads.json", "uploads/file/etc", "uploads/file/var"])
46
44
 
47
45
  assert VelociraptorLoader.detect(root) is True
@@ -52,8 +50,8 @@ def test_dir_loader_linux(mock_target, tmpdir_name):
52
50
  assert len(mock_target.filesystems) == 1
53
51
 
54
52
 
55
- def test_dir_loader_macos(mock_target, tmpdir_name):
56
- root = Path(tmpdir_name)
53
+ def test_dir_loader_macos(mock_target, tmp_path):
54
+ root = tmp_path
57
55
  mkdirs(root, ["uploads.json", "uploads/file/Library"])
58
56
 
59
57
  assert VelociraptorLoader.detect(root) is True
@@ -12,8 +12,8 @@ from ._utils import mkdirs
12
12
 
13
13
  @patch("dissect.target.loaders.vmx.VmdkContainer")
14
14
  @patch("dissect.target.loaders.vmx.vmx.VMX")
15
- def test_vmwarevm_loader(VMX: VMX, VmdkContainer: VmdkContainer, mock_target: Target, tmpdir_name: str):
16
- root = Path(tmpdir_name)
15
+ def test_vmwarevm_loader(VMX: VMX, VmdkContainer: VmdkContainer, mock_target: Target, tmp_path: Path):
16
+ root = tmp_path
17
17
  mkdirs(root, ["Test.vmwarevm"])
18
18
  (root / "Test.vmwarevm" / "Test.vmx").touch()
19
19
 
@@ -6,10 +6,10 @@ from dissect.target.plugins.browsers import chrome, chromium, edge, firefox, iex
6
6
  from ._utils import absolute_path
7
7
 
8
8
 
9
- def test_iexplore_plugin(target_win, fs_win, tmpdir_name, target_win_users):
9
+ def test_iexplore_plugin(target_win, fs_win, tmp_path, target_win_users):
10
10
  cache_archive = absolute_path("data/plugins/browsers/iexplore/WebCacheV01.dat.gz")
11
11
 
12
- with tempfile.NamedTemporaryFile(dir=tmpdir_name) as tf:
12
+ with tempfile.NamedTemporaryFile(dir=tmp_path) as tf:
13
13
  with gzip.GzipFile(cache_archive, "rb") as f:
14
14
  tf.write(f.read())
15
15
  tf.flush()
@@ -21,7 +21,7 @@ def test_iexplore_plugin(target_win, fs_win, tmpdir_name, target_win_users):
21
21
  webcache_dir = str(webcache_dir)[3:] # drop C:/
22
22
  webcache_file = str(webcache_file)[3:] # drop C:/
23
23
 
24
- fs_win.map_dir("Users\\John", tmpdir_name)
24
+ fs_win.map_dir("Users\\John", tmp_path)
25
25
  fs_win.map_file(webcache_file, tf.name)
26
26
 
27
27
  target_win.add_plugin(iexplore.InternetExplorerPlugin)
@@ -39,7 +39,7 @@ def test_iexplore_plugin(target_win, fs_win, tmpdir_name, target_win_users):
39
39
  assert len(records) == 1
40
40
 
41
41
 
42
- def test_firefox_plugin(target_win, fs_win, tmpdir_name, target_win_users):
42
+ def test_firefox_plugin(target_win, fs_win, tmp_path, target_win_users):
43
43
  firefox_db = absolute_path("data/plugins/browsers/firefox/places.sqlite")
44
44
 
45
45
  user = target_win_users.user_details.find(username="John")
@@ -49,7 +49,7 @@ def test_firefox_plugin(target_win, fs_win, tmpdir_name, target_win_users):
49
49
  webcache_dir = str(webcache_dir)[3:] # drop C:/
50
50
  webcache_file = str(webcache_file)[3:] # drop C:/
51
51
 
52
- fs_win.map_dir("Users\\John", tmpdir_name)
52
+ fs_win.map_dir("Users\\John", tmp_path)
53
53
  fs_win.map_file(webcache_file, firefox_db)
54
54
 
55
55
  target_win.add_plugin(firefox.FirefoxPlugin)
@@ -67,7 +67,7 @@ def test_firefox_plugin(target_win, fs_win, tmpdir_name, target_win_users):
67
67
  assert len(records) == 3
68
68
 
69
69
 
70
- def test_chrome_plugin(target_win, fs_win, tmpdir_name, target_win_users):
70
+ def test_chrome_plugin(target_win, fs_win, tmp_path, target_win_users):
71
71
  chrome_db = absolute_path("data/plugins/browsers/chrome/History.sqlite")
72
72
 
73
73
  user = target_win_users.user_details.find(username="John")
@@ -77,7 +77,7 @@ def test_chrome_plugin(target_win, fs_win, tmpdir_name, target_win_users):
77
77
  webcache_dir = str(webcache_dir)[3:] # drop C:/
78
78
  webcache_file = str(webcache_file)[3:] # drop C:/
79
79
 
80
- fs_win.map_dir("Users\\John", tmpdir_name)
80
+ fs_win.map_dir("Users\\John", tmp_path)
81
81
  fs_win.map_file(webcache_file, chrome_db)
82
82
 
83
83
  target_win.add_plugin(chrome.ChromePlugin)
@@ -95,7 +95,7 @@ def test_chrome_plugin(target_win, fs_win, tmpdir_name, target_win_users):
95
95
  assert len(records) == 1
96
96
 
97
97
 
98
- def test_edge_plugin(target_win, fs_win, tmpdir_name, target_win_users):
98
+ def test_edge_plugin(target_win, fs_win, tmp_path, target_win_users):
99
99
  edge_db = absolute_path("data/plugins/browsers/edge/History.sqlite")
100
100
 
101
101
  user = target_win_users.user_details.find(username="John")
@@ -105,7 +105,7 @@ def test_edge_plugin(target_win, fs_win, tmpdir_name, target_win_users):
105
105
  webcache_dir = str(webcache_dir)[3:] # drop C:/
106
106
  webcache_file = str(webcache_file)[3:] # drop C:/
107
107
 
108
- fs_win.map_dir("Users\\John", tmpdir_name)
108
+ fs_win.map_dir("Users\\John", tmp_path)
109
109
  fs_win.map_file(webcache_file, edge_db)
110
110
 
111
111
  target_win.add_plugin(edge.EdgePlugin)
@@ -123,7 +123,7 @@ def test_edge_plugin(target_win, fs_win, tmpdir_name, target_win_users):
123
123
  assert len(records) == 2
124
124
 
125
125
 
126
- def test_chromium_plugin(target_win, fs_win, tmpdir_name, target_win_users):
126
+ def test_chromium_plugin(target_win, fs_win, tmp_path, target_win_users):
127
127
  chromium_db = absolute_path("data/plugins/browsers/chromium/History.sqlite")
128
128
 
129
129
  user = target_win_users.user_details.find(username="John")
@@ -133,7 +133,7 @@ def test_chromium_plugin(target_win, fs_win, tmpdir_name, target_win_users):
133
133
  webcache_dir = str(webcache_dir)[3:] # drop C:/
134
134
  webcache_file = str(webcache_file)[3:] # drop C:/
135
135
 
136
- fs_win.map_dir("Users\\John", tmpdir_name)
136
+ fs_win.map_dir("Users\\John", tmp_path)
137
137
  fs_win.map_file(webcache_file, chromium_db)
138
138
 
139
139
  target_win.add_plugin(chromium.ChromiumPlugin)
@@ -1,4 +1,4 @@
1
- def test_users_plugin(target_win_users, fs_win, tmpdir_name):
1
+ def test_users_plugin(target_win_users, fs_win, tmp_path):
2
2
  users = list(target_win_users.users())
3
3
  assert len(users) == 2
4
4
 
@@ -18,6 +18,6 @@ def test_users_plugin(target_win_users, fs_win, tmpdir_name):
18
18
  users_with_home = list(target_win_users.user_details.all_with_home())
19
19
  assert len(users_with_home) == 0 # no users have home dirs
20
20
 
21
- fs_win.map_dir("Users\\John", tmpdir_name)
21
+ fs_win.map_dir("Users\\John", tmp_path)
22
22
  users_with_home = list(target_win_users.user_details.all_with_home())
23
23
  assert len(users_with_home) == 1 # only John has a home dir
@@ -1,7 +1,6 @@
1
1
  import os
2
2
  from datetime import datetime
3
3
  from io import BytesIO
4
- from pathlib import Path
5
4
 
6
5
  from dissect.ntfs.secure import ACL, SecurityDescriptor
7
6
 
@@ -10,9 +9,9 @@ from dissect.target.plugins.os.windows import defender
10
9
  from ._utils import absolute_path
11
10
 
12
11
 
13
- def test_defender_evtx_logs(target_win, fs_win, tmpdir_name):
12
+ def test_defender_evtx_logs(target_win, fs_win, tmp_path):
14
13
  # map default log location to pass EvtxPlugin's compatibility check
15
- fs_win.map_dir("windows/system32/winevt/logs", tmpdir_name)
14
+ fs_win.map_dir("windows/system32/winevt/logs", tmp_path)
16
15
 
17
16
  log_file = absolute_path("data/defender-operational.evtx")
18
17
  fs_win.map_file("windows/system32/winevt/logs/Microsoft-Windows-Windows Defender%4Operational.evtx", log_file)
@@ -31,7 +30,7 @@ def test_defender_evtx_logs(target_win, fs_win, tmpdir_name):
31
30
  assert {r.Threat_Name for r in records} == {None, "TrojanDropper:PowerShell/PowerSploit.S!MSR"}
32
31
 
33
32
 
34
- def test_defender_quarantine_entries(target_win, fs_win, tmpdir_name):
33
+ def test_defender_quarantine_entries(target_win, fs_win):
35
34
  quarantine_dir = absolute_path("data/defender-quarantine")
36
35
 
37
36
  fs_win.map_dir("programdata/microsoft/windows defender/quarantine", quarantine_dir)
@@ -56,14 +55,14 @@ def test_defender_quarantine_entries(target_win, fs_win, tmpdir_name):
56
55
  assert mimikatz_record.last_accessed_time.date() == detection_date
57
56
 
58
57
 
59
- def test_defender_quarantine_recovery(target_win, fs_win, tmpdir_name):
58
+ def test_defender_quarantine_recovery(target_win, fs_win, tmp_path):
60
59
  # Map the quarantine folder from our test data
61
60
  quarantine_dir = absolute_path("data/defender-quarantine")
62
61
  fs_win.map_dir("programdata/microsoft/windows defender/quarantine", quarantine_dir)
63
62
 
64
63
  # Create a directory to recover to
65
- recovery_dst = Path(tmpdir_name).joinpath("recovery")
66
- os.mkdir(recovery_dst)
64
+ recovery_dst = tmp_path.joinpath("recovery")
65
+ recovery_dst.mkdir()
67
66
 
68
67
  # Recover
69
68
  target_win.add_plugin(defender.MicrosoftDefenderPlugin)
@@ -1,5 +1,4 @@
1
1
  import shutil
2
- from pathlib import Path
3
2
 
4
3
  import pytest
5
4
 
@@ -19,21 +18,21 @@ from ._utils import absolute_path
19
18
  (True, True),
20
19
  ],
21
20
  )
22
- def test_evt_plugin(target_win, fs_win, tmpdir_name, is_in_directory, is_in_registry):
21
+ def test_evt_plugin(target_win, fs_win, tmp_path, is_in_directory, is_in_registry):
23
22
  target_win.add_plugin(evt.EvtPlugin)
24
23
 
25
24
  evt_log_file = absolute_path("data/TestLog.evt")
26
25
  expected_records = 0
27
26
 
28
27
  if is_in_directory:
29
- evt_dir_file = Path(tmpdir_name) / "TestLogDir.evt"
28
+ evt_dir_file = tmp_path / "TestLogDir.evt"
30
29
  shutil.copyfile(evt_log_file, evt_dir_file)
31
30
 
32
31
  fs_win.map_file("windows/system32/config/TestLog.evt", evt_dir_file)
33
32
  expected_records += 5
34
33
 
35
34
  if is_in_registry:
36
- evt_reg_file = Path(tmpdir_name) / "TestLogReg.evt"
35
+ evt_reg_file = tmp_path / "TestLogReg.evt"
37
36
  shutil.copyfile(evt_log_file, evt_reg_file)
38
37
 
39
38
  # Set a log path in the registry key and map that path
@@ -66,19 +65,19 @@ def test_evt_plugin(target_win, fs_win, tmpdir_name, is_in_directory, is_in_regi
66
65
  (True, True, True),
67
66
  ],
68
67
  )
69
- def test_evtx_plugin(target_win, fs_win, tmpdir_name, is_in_directory, is_in_registry, duplicate):
68
+ def test_evtx_plugin(target_win, fs_win, tmp_path, is_in_directory, is_in_registry, duplicate):
70
69
  with pytest.raises(UnsupportedPluginError):
71
70
  target_win.add_plugin(evtx.EvtxPlugin)
72
71
 
73
72
  # Map default log location to pass EvtxPlugin's compatibility check
74
- fs_win.map_dir("windows/system32/winevt/logs", tmpdir_name)
73
+ fs_win.map_dir("windows/system32/winevt/logs", tmp_path)
75
74
  target_win.add_plugin(evtx.EvtxPlugin)
76
75
 
77
76
  evtx_log_file = absolute_path("data/TestLogX.evtx")
78
77
  expected_records = 0
79
78
 
80
79
  if is_in_directory:
81
- evtx_dir_file = Path(tmpdir_name) / "TestLogXDir.evtx"
80
+ evtx_dir_file = tmp_path / "TestLogXDir.evtx"
82
81
  shutil.copyfile(evtx_log_file, evtx_dir_file)
83
82
 
84
83
  # Mock log file in a default directory
@@ -86,7 +85,7 @@ def test_evtx_plugin(target_win, fs_win, tmpdir_name, is_in_directory, is_in_reg
86
85
  expected_records += 5
87
86
 
88
87
  if is_in_registry:
89
- evtx_reg_file = Path(tmpdir_name) / "TestLogXReg.evtx"
88
+ evtx_reg_file = tmp_path / "TestLogXReg.evtx"
90
89
  shutil.copyfile(evtx_log_file, evtx_reg_file)
91
90
 
92
91
  # Set a log path in the registry key and map that path
@@ -0,0 +1,67 @@
1
+ import logging
2
+ from io import BytesIO
3
+
4
+ from pytest import LogCaptureFixture
5
+
6
+ from dissect.target.filesystem import VirtualFilesystem
7
+ from dissect.target.plugins.os.windows.registry import RegistryPlugin
8
+ from dissect.target.target import Target
9
+
10
+
11
+ def test_missing_hives(fs_win: VirtualFilesystem, caplog: LogCaptureFixture):
12
+ target = Target()
13
+ target.filesystems.add(fs_win)
14
+
15
+ caplog.set_level(logging.DEBUG)
16
+ target.apply()
17
+
18
+ expected = [
19
+ f"{target}: Could not find hive: sysvol/windows/system32/config/{hive}" for hive in RegistryPlugin.SYSTEM
20
+ ]
21
+ expected += [
22
+ f"{target}: Could not find hive: sysvol/windows/system32/config/RegBack/{hive}"
23
+ for hive in RegistryPlugin.SYSTEM
24
+ ]
25
+
26
+ assert [record.message for record in caplog.records if record.filename == "registry.py"] == expected
27
+
28
+
29
+ def test_missing_user_hives(fs_win: VirtualFilesystem, target_win_users: Target, caplog: LogCaptureFixture):
30
+ fs_win.makedirs("Users/John")
31
+
32
+ caplog.set_level(logging.DEBUG)
33
+ target_win_users.registry.load_user_hives()
34
+
35
+ assert [record.message for record in caplog.records if record.filename == "registry.py"] == [
36
+ f"{target_win_users}: Could not find ntuser.dat: C:/Users/John/ntuser.dat",
37
+ f"{target_win_users}: Could not find usrclass.dat: C:/Users/John/AppData/Local/Microsoft/Windows/usrclass.dat",
38
+ ]
39
+
40
+
41
+ def test_empty_hives(fs_win: VirtualFilesystem, caplog: LogCaptureFixture):
42
+ fs_win.map_file_fh("windows/system32/config/SYSTEM", BytesIO())
43
+ fs_win.map_file_fh("boot/BCD", BytesIO())
44
+
45
+ target = Target()
46
+ target.filesystems.add(fs_win)
47
+
48
+ caplog.set_level(logging.WARNING)
49
+ target.apply()
50
+
51
+ assert [record.message for record in caplog.records if record.filename == "registry.py"] == [
52
+ f"{target}: Empty hive: sysvol/windows/system32/config/SYSTEM",
53
+ f"{target}: Empty BCD hive: sysvol/boot/BCD",
54
+ ]
55
+
56
+
57
+ def test_empty_user_hives(fs_win: VirtualFilesystem, target_win_users: Target, caplog: LogCaptureFixture):
58
+ fs_win.map_file_fh("Users/John/ntuser.dat", BytesIO())
59
+ fs_win.map_file_fh("Users/John/AppData/Local/Microsoft/Windows/usrclass.dat", BytesIO())
60
+
61
+ caplog.set_level(logging.WARNING)
62
+ target_win_users.registry.load_user_hives()
63
+
64
+ assert [record.message for record in caplog.records if record.filename == "registry.py"] == [
65
+ f"{target_win_users}: Empty NTUSER.DAT hive: C:/Users/John/ntuser.dat",
66
+ f"{target_win_users}: Empty UsrClass.DAT hive: C:/Users/John/AppData/Local/Microsoft/Windows/usrclass.dat",
67
+ ]
@@ -3,7 +3,7 @@ from dissect.target.plugins.os.windows import ual
3
3
  from ._utils import absolute_path
4
4
 
5
5
 
6
- def test_ual_plugin(target_win, fs_win, tmpdir_name):
6
+ def test_ual_plugin(target_win, fs_win):
7
7
  ual_dir = absolute_path("data/ual/")
8
8
 
9
9
  fs_win.map_dir("Windows/System32/LogFiles/Sum", ual_dir)
@@ -5,7 +5,7 @@ from dissect.target.plugins.os.windows.wer import WindowsErrorReportingPlugin
5
5
  from ._utils import absolute_path
6
6
 
7
7
 
8
- def test_wer_plugin(target_win, fs_win, tmpdir_name):
8
+ def test_wer_plugin(target_win, fs_win):
9
9
  wer_dir = absolute_path("data/wer/")
10
10
  fs_win.map_dir("ProgramData/Microsoft/Windows/WER/ReportQueue/test", wer_dir)
11
11
  target_win.add_plugin(WindowsErrorReportingPlugin)