dissect.target 3.9.dev16__tar.gz → 3.9.dev18__tar.gz
Sign up to get free protection for your applications and to get access to all the features.
- {dissect.target-3.9.dev16/dissect.target.egg-info → dissect.target-3.9.dev18}/PKG-INFO +1 -1
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/registry.py +15 -6
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18/dissect.target.egg-info}/PKG-INFO +1 -1
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect.target.egg-info/SOURCES.txt +1 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/conftest.py +3 -9
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_container_open.py +6 -7
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_containers_split.py +4 -6
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_filesystems_dir.py +8 -12
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_loaders_dir.py +11 -13
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_loaders_kape.py +2 -3
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_loaders_tanium.py +2 -3
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_loaders_velociraptor.py +6 -8
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_loaders_vmwarevm.py +2 -2
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_browsers.py +11 -11
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_general_users.py +2 -2
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_defender.py +6 -7
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_log.py +7 -8
- dissect.target-3.9.dev18/tests/test_plugins_os_windows_registry.py +67 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_ual.py +1 -1
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_wer.py +1 -1
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_target_path.py +9 -10
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_tools_dump.py +4 -4
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/COPYRIGHT +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/LICENSE +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/MANIFEST.in +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/README.md +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/container.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/containers/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/containers/asdf.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/containers/ewf.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/containers/qcow2.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/containers/raw.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/containers/split.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/containers/vdi.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/containers/vhd.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/containers/vhdx.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/containers/vmdk.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/data/autocompletion/target_bash_completion.sh +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/exceptions.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystem.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/ad1.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/cb.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/dir.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/exfat.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/extfs.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/fat.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/ffs.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/itunes.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/ntfs.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/tar.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/vmfs.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/xfs.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/filesystems/zip.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/cache.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/config.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/data/windowsZones.xml +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/descriptor_extensions.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/docs.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/fsutil.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/hashutil.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/keychain.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/lazy.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/loaderutil.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/localeutil.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/mount.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/network_managers.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/record.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/regutil.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/shell_folder_ids.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/ssh.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/helpers/utils.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loader.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/ad1.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/asdf.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/cb.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/dir.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/ewf.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/hyperv.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/itunes.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/kape.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/local.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/ovf.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/phobos.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/profile.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/raw.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/remote.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/res.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/tanium.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/tar.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/target.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/targetd.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/vb.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/vbox.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/velociraptor.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/vma.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/vmwarevm.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/vmx.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/loaders/xva.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugin.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/av/mcafee.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/av/trendmicro.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/containers/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/containers/docker.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/remoteaccess/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/remoteaccess/anydesk.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/remoteaccess/remoteaccess.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/remoteaccess/teamviewer.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/shell/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/shell/powershell.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/vpns/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/vpns/wireguard.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/webservers/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/webservers/apache.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/webservers/caddy.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/webservers/iis.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/webservers/nginx.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/apps/webservers/webservers.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/browsers/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/browsers/browser.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/browsers/chrome.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/browsers/chromium.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/browsers/edge.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/browsers/firefox.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/browsers/iexplore.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/child/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/child/esxi.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/child/hyperv.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/child/virtuozzo.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/child/vmware_workstation.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/child/wsl.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/acquire_handles.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/acquire_hash.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/icat.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/ntfs/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/ntfs/mft.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/ntfs/mft_timeline.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/ntfs/usnjrnl.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/ntfs/utils.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/resolver.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/unix/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/unix/capability.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/unix/suid.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/walkfs.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/filesystem/yara.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/general/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/general/default.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/general/example.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/general/loaders.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/general/plugins.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/general/scrape.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/general/users.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/_os.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/bsd/_os.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/bsd/freebsd/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/bsd/freebsd/_os.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/bsd/ios/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/bsd/ios/_os.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/bsd/openbsd/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/bsd/openbsd/_os.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/bsd/osx/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/bsd/osx/_os.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/cronjobs.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/datetime.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/generic.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/history.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/_os.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/android/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/android/_os.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/debian/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/debian/_os.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/debian/apt.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/debian/dpkg.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/debian/vyos/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/debian/vyos/_os.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/esxi/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/esxi/_os.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/fortigate/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/fortigate/_os.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/redhat/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/redhat/_os.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/redhat/yum.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/suse/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/suse/_os.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/linux/suse/zypper.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/locale.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/log/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/log/atop.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/log/audit.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/log/auth.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/log/btmp.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/log/lastlog.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/log/messages.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/log/utmp.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/log/wtmp.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/packagemanager.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/services.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/shadow.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/unix/ssh.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/_os.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/activitiescache.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/adpolicy.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/amcache.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/catroot.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/cim.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/clfs.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/datetime.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/defender.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/env.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/exchange/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/exchange/exchange.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/generic.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/lnk.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/locale.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/log/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/log/amcache.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/log/etl.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/log/evt.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/log/evtx.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/log/pfro.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/notifications.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/prefetch.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/recyclebin.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/7zip.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/auditpol.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/bam.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/cit.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/clsid.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/firewall.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/mru.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/muicache.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/nethist.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/recentfilecache.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/regf.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/runkeys.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/shellbags.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/shimcache.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/trusteddocs.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/usb.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/regf/userassist.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/sam.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/services.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/sru.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/startupinfo.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/syscache.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/tasks.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/thumbcache.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/ual.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/wer.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/report.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/target.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/build_pluginlist.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/dd.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/dump/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/dump/run.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/dump/state.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/dump/utils.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/fs.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/info.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/logging.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/mount.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/query.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/reg.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/shell.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/tools/utils.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/volume.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/volumes/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/volumes/bde.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/volumes/disk.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/volumes/lvm.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/volumes/vmfs.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect.target.egg-info/dependency_links.txt +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect.target.egg-info/entry_points.txt +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect.target.egg-info/requires.txt +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect.target.egg-info/top_level.txt +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/pyproject.toml +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/setup.cfg +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/__init__.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/_utils.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/PcaAppLaunchDic.txt +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/SRUDB.dat +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/Syscache.hve +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/TestAnydesk.trace +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/TestLog.evt +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/TestLogX.evtx +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/TestTeamviewer.log +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/adpolicy/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/adpolicy/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT/Audit/audit.csv +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/adpolicy/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/adpolicy/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Registry.pol +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/adpolicy/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/comment.cmtx +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/adpolicy/{393FA062-30DB-40AC-A15E-E0B12B9F2928}/GPT.INI +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/adpolicy/{6AC1786C-016F-11D2-945F-00C04fB984F9}/GPT.INI +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/adpolicy/{6AC1786C-016F-11D2-945F-00C04fB984F9}/MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/amcache-new.hve +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/amcache-old.hve +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/apps/av/mcafee/firewall.log +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/apps/av/mcafee/infect.log +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/apps/av/trendmicro/firewall.log +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/apps/av/trendmicro/pccnt35.log +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/apps/containers/docker/container_running.json +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/apps/containers/docker/image_metadata.json +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/apps/containers/docker/repositories.json +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/clfs/DRIVERS{53b39e70-18c4-11ea-a811-000d3aa4692b}.TM.blf +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/clfs/DRIVERS{53b39e70-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/defender-operational.evtx +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/defender-quarantine/Entries/{800362A7-0000-0000-FB11-12639186E0D6} +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/defender-quarantine/ResourceData/A6/A6C8322B8A19AEED96EFBD045206966DA4C9619D +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/defender-quarantine/Resources/A6/A6C8322B8A19AEED96EFBD045206966DA4C9619D +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/empty.log +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/enc-volume.bin +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/keychain.csv +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/loaders/asdf/metadata.asdf +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/loaders/hyperv/993F7B33-6057-4D1E-A1FE-A1A1D77BE974.vmcx +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/loaders/hyperv/B90AC31B-C6F8-479F-9B91-07B894A6A3F6.xml +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/loaders/hyperv/D351C151-DAC7-4042-B434-B72D522C1E4A.xml +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/loaders/hyperv/EC04F346-DB96-4700-AF5B-77B3C56C38BD.vmcx +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/loaders/tar/test-archive-dot-folder.tgz +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/mft.raw +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/places.sqlite +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugin_register/container.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugin_register/filesystem.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugin_register/loader.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugin_register/plugin.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/browsers/chrome/History.sqlite +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/browsers/chromium/History.sqlite +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/browsers/edge/History.sqlite +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/browsers/firefox/places.sqlite +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/browsers/iexplore/WebCacheV01.dat.gz +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/child/hyperv/data.vmcx +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/bsd/freebsd/freebsd-freebsd-version +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/debian/apt/history.log +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/debian/apt/history.log.1.bz2 +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/debian/apt/history.log.1.gz +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/debian/debian-os-release +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/debian/ubuntu-lsb-release +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/debian/ubuntu-os-release +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/redhat/centos-os-release +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/redhat/fedora-os-release +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/redhat/yum/yum.log +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/redhat/yum/yum.log.1.bz2 +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/redhat/yum/yum.log.1.gz +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/suse/opensuse-os-release +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/suse/zypp/history +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/suse/zypp/history.1.bz2 +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/linux/suse/zypp/history.1.gz +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/services/initd.sh +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/services/systemd.service +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/unix/services/systemd2.service +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/windows/powershell/ConsoleHost_history.txt +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/plugins/os/windows/tasks/MapsToastTask +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/regflex.reg +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/symlink_disk.ext4 +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/test-acquire-handles.tar +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/test-acquire-hash.tar +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/test-archive-empty-folder.tgz +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/test-archive.tar.gz +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/ual/Current.mdb +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/ual/SystemIdentity.mdb +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/configs/ips/eth0.xml +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/configs/ips/interfaces +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/configs/keyboard +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/configs/passwd +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/configs/shadow +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/atop +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/audit.log +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/auth/auth.log +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/auth/auth.log.bz2 +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/auth/auth.log.gz +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/auth/secure +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/btmp +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/dpkg-status +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/dpkg.log +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/dpkg.log.2.gz +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/empty.log +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/lastlog +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/messages +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/passwd-syslog +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/unix/logs/wtmp +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/uppercase_driveletter.tar +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/usnjrnl.bin +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/vpns/wireguard/wg0.conf +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/apache/access.log +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/apache/access.log.bz2 +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/apache/access.log.gz +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/caddy/Caddyfile +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/caddy/access.log +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/iis/iis-applicationHost-iis.config +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/iis/iis-applicationHost-w3c.config +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/iis/iis-logs-iis/W3SVC1/u_in211001.log +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/iis/iis-logs-w3c/W3SVC1/u_ex211001_x.log +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/nginx/access.log +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/nginx/access.log.bz2 +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/nginx/access.log.gz +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/webservers/nginx/nginx.conf +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/wer/wer_test.tmp.WERInternalMetadata.xml +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/wer/wer_test.wer +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/data/wpndatabase.db +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_filesystem.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_filesystems_exfat.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_filesystems_fat.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_filesystems_ntfs.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_filesystems_tar.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_filesystems_zip.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_hashing.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_helpers.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_helpers_cache.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_helpers_fsutil.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_helpers_loaderutil.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_helpers_localeutil.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_helpers_regutil.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_helpers_utils.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_loaders_asdf.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_loaders_hyperv.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_loaders_local.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_loaders_remote.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_loaders_tar.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_loaders_vbox.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugin.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_apps_av_mcafee.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_apps_av_trendmicro.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_apps_containers_docker.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_apps_remoteaccess_anydesk.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_apps_remoteaccess_teamviewer.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_apps_shell_powershell.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_apps_vpns_wireguard.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_apps_webservers_apache.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_apps_webservers_caddy.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_apps_webservers_iis.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_apps_webservers_nginx.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_child_hyperv.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_child_virtuozzo.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_child_wsl.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_filesystem_acquire_handles.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_filesystem_acquire_hash.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_filesystem_icat.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_filesystem_ntfs_mft.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_filesystem_ntfs_usnjrnl.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_filesystem_resolver.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_filesystem_unix_capability.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_filesystem_unix_suid.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_filesystem_walkfs.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_filesystem_yara.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_general_plugins.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_debian_dpkg.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_generic.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_history.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_ips.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_linux_debian_apt.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_linux_redhat_yum.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_linux_suse_zypper.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_locale.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_log.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_log_audit.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_log_auth.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_log_messages.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_packagemanager.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_services.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_shadow.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_ssh.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_users.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_unix_version.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows__os.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_adpolicy.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_amcache.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_clfs.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_datetime.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_env.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_generic.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_locale.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_mru.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_notifications.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_recyclebin.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_regf_cit.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_regf_clsid.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_regf_muicache.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_regf_trusteddocs.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_regf_userassist.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_sam.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_shimcache.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_sru.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_syscache.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_tasks.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_thumbcache.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_scrape.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_prefetch_time.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_record.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_registration.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_report.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_shell.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_target.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_target_fs.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_tools_shell.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_tools_utils.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_volumes_bde.py +0 -0
- {dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tox.ini +0 -0
@@ -1,6 +1,6 @@
|
|
1
1
|
Metadata-Version: 2.1
|
2
2
|
Name: dissect.target
|
3
|
-
Version: 3.9.
|
3
|
+
Version: 3.9.dev18
|
4
4
|
Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
6
6
|
License: Affero General Public License v3
|
{dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/dissect/target/plugins/os/windows/registry.py
RENAMED
@@ -98,6 +98,10 @@ class RegistryPlugin(Plugin):
|
|
98
98
|
if not bcd.exists():
|
99
99
|
continue
|
100
100
|
|
101
|
+
if bcd.stat().st_size == 0:
|
102
|
+
self.target.log.warning("Empty BCD hive: %s", bcd)
|
103
|
+
continue
|
104
|
+
|
101
105
|
try:
|
102
106
|
hf = RegfHive(bcd)
|
103
107
|
self.add_hive("BCD", hf, bcd)
|
@@ -116,7 +120,11 @@ class RegistryPlugin(Plugin):
|
|
116
120
|
user = user_details.user
|
117
121
|
ntuser = user_details.home_path.joinpath("ntuser.dat")
|
118
122
|
|
119
|
-
if ntuser.exists():
|
123
|
+
if not ntuser.exists():
|
124
|
+
self.target.log.debug("Could not find ntuser.dat: %s", ntuser)
|
125
|
+
elif ntuser.stat().st_size == 0:
|
126
|
+
self.target.log.warning("Empty NTUSER.DAT hive: %s", ntuser)
|
127
|
+
else:
|
120
128
|
try:
|
121
129
|
ntuserhive = RegfHive(ntuser)
|
122
130
|
self.add_hive(user.sid, ntuserhive, ntuser)
|
@@ -126,11 +134,14 @@ class RegistryPlugin(Plugin):
|
|
126
134
|
self._hives_to_users[ntuserhive] = user_details
|
127
135
|
except Exception as e:
|
128
136
|
self.target.log.warning("Could not open ntuser.dat: %s", ntuser, exc_info=e)
|
129
|
-
else:
|
130
|
-
self.target.log.debug("Could not find ntuser.dat: %s", ntuser)
|
131
137
|
|
132
138
|
usrclass = user_details.home_path.joinpath("AppData/Local/Microsoft/Windows/usrclass.dat")
|
133
|
-
|
139
|
+
|
140
|
+
if not usrclass.exists():
|
141
|
+
self.target.log.debug("Could not find usrclass.dat: %s", usrclass)
|
142
|
+
elif usrclass.stat().st_size == 0:
|
143
|
+
self.target.log.warning("Empty UsrClass.DAT hive: %s", usrclass)
|
144
|
+
else:
|
134
145
|
try:
|
135
146
|
usr_class_hive = RegfHive(usrclass)
|
136
147
|
self.add_hive(f"{user.sid}_Classes", usr_class_hive, usrclass)
|
@@ -140,8 +151,6 @@ class RegistryPlugin(Plugin):
|
|
140
151
|
self._hives_to_users[usr_class_hive] = user_details
|
141
152
|
except Exception as e:
|
142
153
|
self.target.log.warning("Could not open usrclass.dat: %s", usrclass, exc_info=e)
|
143
|
-
else:
|
144
|
-
self.target.log.debug("Could not find usrclass.dat: %s", usrclass)
|
145
154
|
|
146
155
|
self._users_loaded = True
|
147
156
|
|
@@ -1,6 +1,6 @@
|
|
1
1
|
Metadata-Version: 2.1
|
2
2
|
Name: dissect.target
|
3
|
-
Version: 3.9.
|
3
|
+
Version: 3.9.dev18
|
4
4
|
Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
6
6
|
License: Affero General Public License v3
|
@@ -364,6 +364,7 @@ tests/test_plugins_os_windows_regf_clsid.py
|
|
364
364
|
tests/test_plugins_os_windows_regf_muicache.py
|
365
365
|
tests/test_plugins_os_windows_regf_trusteddocs.py
|
366
366
|
tests/test_plugins_os_windows_regf_userassist.py
|
367
|
+
tests/test_plugins_os_windows_registry.py
|
367
368
|
tests/test_plugins_os_windows_sam.py
|
368
369
|
tests/test_plugins_os_windows_shimcache.py
|
369
370
|
tests/test_plugins_os_windows_sru.py
|
@@ -40,16 +40,10 @@ def make_mock_targets(request):
|
|
40
40
|
|
41
41
|
|
42
42
|
@pytest.fixture
|
43
|
-
def
|
44
|
-
with tempfile.TemporaryDirectory() as tmpdir_name:
|
45
|
-
yield tmpdir_name
|
46
|
-
|
47
|
-
|
48
|
-
@pytest.fixture
|
49
|
-
def fs_win(tmpdir_name):
|
43
|
+
def fs_win(tmp_path):
|
50
44
|
fs = VirtualFilesystem(case_sensitive=False, alt_separator="\\")
|
51
|
-
fs.map_dir("windows/system32",
|
52
|
-
fs.map_dir("windows/system32/config/",
|
45
|
+
fs.map_dir("windows/system32", tmp_path)
|
46
|
+
fs.map_dir("windows/system32/config/", tmp_path)
|
53
47
|
yield fs
|
54
48
|
|
55
49
|
|
@@ -31,7 +31,7 @@ def test_open_inputs(mocked_ewf_detect: Mock, path, expected_output):
|
|
31
31
|
mocked_ewf_detect.assert_called_with(expected_output)
|
32
32
|
|
33
33
|
|
34
|
-
def test_open_fallback_fh(
|
34
|
+
def test_open_fallback_fh(tmp_path):
|
35
35
|
# Create a valid VHD file
|
36
36
|
fake_vhd = (
|
37
37
|
(bytes(range(256)) * 2)
|
@@ -43,10 +43,9 @@ def test_open_fallback_fh(tmpdir_name):
|
|
43
43
|
+ (b"\x00" * 455)
|
44
44
|
)
|
45
45
|
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
tmp_with_wrong_ext = tmp_root.joinpath("testfile.qcow2")
|
46
|
+
tmp_with_ext = tmp_path.joinpath("testfile.vhd")
|
47
|
+
tmp_without_ext = tmp_path.joinpath("testfile")
|
48
|
+
tmp_with_wrong_ext = tmp_path.joinpath("testfile.qcow2")
|
50
49
|
|
51
50
|
for path in [tmp_with_ext, tmp_without_ext, tmp_with_wrong_ext]:
|
52
51
|
path.write_bytes(fake_vhd)
|
@@ -60,13 +59,13 @@ def test_open_fallback_fh(tmpdir_name):
|
|
60
59
|
with path.open("rb") as fh:
|
61
60
|
assert vhd.VhdContainer.detect(fh)
|
62
61
|
|
63
|
-
tmp_nonexistent =
|
62
|
+
tmp_nonexistent = tmp_path.joinpath("doesntexist")
|
64
63
|
with pytest.raises(ContainerError):
|
65
64
|
container.open(tmp_nonexistent)
|
66
65
|
|
67
66
|
assert not vhd.VhdContainer.detect(tmp_nonexistent)
|
68
67
|
|
69
|
-
tmp_dummy =
|
68
|
+
tmp_dummy = tmp_path.joinpath("testdummy")
|
70
69
|
tmp_dummy.write_bytes(b"\x00" * 1024)
|
71
70
|
assert isinstance(container.open(tmp_dummy), raw.RawContainer)
|
72
71
|
assert not vhd.VhdContainer.detect(tmp_dummy)
|
@@ -1,5 +1,4 @@
|
|
1
1
|
from io import BytesIO
|
2
|
-
from pathlib import Path
|
3
2
|
|
4
3
|
import pytest
|
5
4
|
|
@@ -22,9 +21,8 @@ def split_fhs():
|
|
22
21
|
|
23
22
|
|
24
23
|
@pytest.fixture
|
25
|
-
def split_paths(
|
26
|
-
|
27
|
-
paths = [(root / f"split.{i:>03}") for i in range(4)]
|
24
|
+
def split_paths(tmp_path, split_fhs):
|
25
|
+
paths = [(tmp_path / f"split.{i:>03}") for i in range(4)]
|
28
26
|
|
29
27
|
for fh, path in zip(split_fhs, paths):
|
30
28
|
fh.seek(0)
|
@@ -34,8 +32,8 @@ def split_paths(tmpdir_name, split_fhs):
|
|
34
32
|
|
35
33
|
|
36
34
|
@pytest.fixture
|
37
|
-
def split_symlink(
|
38
|
-
dir_path =
|
35
|
+
def split_symlink(tmp_path, split_paths):
|
36
|
+
dir_path = tmp_path / "dir"
|
39
37
|
symlink_path = dir_path / split_paths[0].name
|
40
38
|
dir_path.mkdir()
|
41
39
|
symlink_path.symlink_to(split_paths[0])
|
@@ -4,18 +4,16 @@ import tempfile
|
|
4
4
|
from dissect.target.filesystems.dir import DirectoryFilesystem
|
5
5
|
|
6
6
|
|
7
|
-
def test_filesystem_dir_symlink_to_file(
|
8
|
-
|
9
|
-
|
10
|
-
with tempfile.NamedTemporaryFile(dir=tmpdir_name) as tf:
|
7
|
+
def test_filesystem_dir_symlink_to_file(tmp_path):
|
8
|
+
with tempfile.NamedTemporaryFile(dir=tmp_path) as tf:
|
11
9
|
tf.write(b"dummy")
|
12
10
|
tf.flush()
|
13
11
|
|
14
12
|
tmpfile_path = pathlib.Path(tf.name)
|
15
|
-
symlink_path =
|
13
|
+
symlink_path = tmp_path.joinpath("symlink")
|
16
14
|
symlink_path.symlink_to(f"/{tmpfile_path.name}")
|
17
15
|
|
18
|
-
fs = DirectoryFilesystem(path=
|
16
|
+
fs = DirectoryFilesystem(path=tmp_path)
|
19
17
|
symlink_entry = fs.get("symlink")
|
20
18
|
|
21
19
|
assert symlink_entry.is_symlink()
|
@@ -32,18 +30,16 @@ def test_filesystem_dir_symlink_to_file(tmpdir_name):
|
|
32
30
|
assert list(symlink_entry.stat()) == list(tmpfile_path.lstat())
|
33
31
|
|
34
32
|
|
35
|
-
def test_filesystem_dir_symlink_to_dir(
|
36
|
-
|
37
|
-
|
38
|
-
nested_path = tmpdir_path.joinpath("nested")
|
33
|
+
def test_filesystem_dir_symlink_to_dir(tmp_path):
|
34
|
+
nested_path = tmp_path.joinpath("nested")
|
39
35
|
nested_path.mkdir()
|
40
36
|
nested_path.joinpath("file1").touch()
|
41
37
|
nested_path.joinpath("file2").touch()
|
42
38
|
|
43
|
-
symlink_path =
|
39
|
+
symlink_path = tmp_path.joinpath("symlink")
|
44
40
|
symlink_path.symlink_to("/nested")
|
45
41
|
|
46
|
-
fs = DirectoryFilesystem(path=
|
42
|
+
fs = DirectoryFilesystem(path=tmp_path)
|
47
43
|
symlink_entry = fs.get("symlink")
|
48
44
|
|
49
45
|
assert symlink_entry.is_symlink()
|
@@ -1,13 +1,11 @@
|
|
1
|
-
from pathlib import Path
|
2
|
-
|
3
1
|
from dissect.target.loaders.dir import DirLoader, find_dirs
|
4
2
|
from dissect.target.plugin import OperatingSystem
|
5
3
|
|
6
4
|
from ._utils import mkdirs
|
7
5
|
|
8
6
|
|
9
|
-
def test_dir_loader_windows(mock_target,
|
10
|
-
root =
|
7
|
+
def test_dir_loader_windows(mock_target, tmp_path):
|
8
|
+
root = tmp_path
|
11
9
|
mkdirs(root, ["windows/system32"])
|
12
10
|
|
13
11
|
os_type, dirs = find_dirs(root)
|
@@ -22,9 +20,9 @@ def test_dir_loader_windows(mock_target, tmpdir_name):
|
|
22
20
|
assert len(mock_target.filesystems) == 1
|
23
21
|
|
24
22
|
|
25
|
-
def test_dir_loader_winnt(mock_target,
|
26
|
-
root =
|
27
|
-
mkdirs(
|
23
|
+
def test_dir_loader_winnt(mock_target, tmp_path):
|
24
|
+
root = tmp_path
|
25
|
+
mkdirs(tmp_path, ["winnt"])
|
28
26
|
|
29
27
|
os_type, dirs = find_dirs(root)
|
30
28
|
assert os_type == OperatingSystem.WINDOWS
|
@@ -38,8 +36,8 @@ def test_dir_loader_winnt(mock_target, tmpdir_name):
|
|
38
36
|
assert len(mock_target.filesystems) == 1
|
39
37
|
|
40
38
|
|
41
|
-
def test_dir_loader_linux(mock_target,
|
42
|
-
root =
|
39
|
+
def test_dir_loader_linux(mock_target, tmp_path):
|
40
|
+
root = tmp_path
|
43
41
|
mkdirs(root, ["etc", "var"])
|
44
42
|
|
45
43
|
os_type, dirs = find_dirs(root)
|
@@ -54,8 +52,8 @@ def test_dir_loader_linux(mock_target, tmpdir_name):
|
|
54
52
|
assert len(mock_target.filesystems) == 1
|
55
53
|
|
56
54
|
|
57
|
-
def test_dir_loader_macos(mock_target,
|
58
|
-
root =
|
55
|
+
def test_dir_loader_macos(mock_target, tmp_path):
|
56
|
+
root = tmp_path
|
59
57
|
mkdirs(root, ["Library"])
|
60
58
|
|
61
59
|
os_type, dirs = find_dirs(root)
|
@@ -70,8 +68,8 @@ def test_dir_loader_macos(mock_target, tmpdir_name):
|
|
70
68
|
assert len(mock_target.filesystems) == 1
|
71
69
|
|
72
70
|
|
73
|
-
def test_dir_loader_windows_drive_letters(mock_target,
|
74
|
-
root =
|
71
|
+
def test_dir_loader_windows_drive_letters(mock_target, tmp_path):
|
72
|
+
root = tmp_path
|
75
73
|
mkdirs(root, ["C/windows/system32", "D/test", "E/test"])
|
76
74
|
|
77
75
|
os_type, dirs = find_dirs(root)
|
@@ -1,4 +1,3 @@
|
|
1
|
-
from pathlib import Path
|
2
1
|
from unittest.mock import patch
|
3
2
|
|
4
3
|
from dissect.target.loaders.kape import KapeLoader
|
@@ -7,8 +6,8 @@ from ._utils import absolute_path, mkdirs
|
|
7
6
|
|
8
7
|
|
9
8
|
@patch("dissect.target.filesystems.dir.DirectoryFilesystem.ntfs", None, create=True)
|
10
|
-
def test_kape_loader(mock_target,
|
11
|
-
root =
|
9
|
+
def test_kape_loader(mock_target, tmp_path):
|
10
|
+
root = tmp_path
|
12
11
|
mkdirs(root, ["C/windows/system32", "C/$Extend", "D/test", "E/test"])
|
13
12
|
|
14
13
|
# Only need this to exist up until the root directory record to make dissect.ntfs happy
|
@@ -1,4 +1,3 @@
|
|
1
|
-
from pathlib import Path
|
2
1
|
from unittest.mock import patch
|
3
2
|
|
4
3
|
from dissect.target.loaders.tanium import TaniumLoader
|
@@ -7,8 +6,8 @@ from ._utils import absolute_path, mkdirs
|
|
7
6
|
|
8
7
|
|
9
8
|
@patch("dissect.target.filesystems.dir.DirectoryFilesystem.ntfs", None, create=True)
|
10
|
-
def test_tanium_loader(mock_target,
|
11
|
-
root =
|
9
|
+
def test_tanium_loader(mock_target, tmp_path):
|
10
|
+
root = tmp_path
|
12
11
|
mkdirs(root, ["file/C/windows/system32", "file/C/$Extend", "file/D/test", "file/E/test"])
|
13
12
|
|
14
13
|
# Only need this to exist up until the root directory record to make dissect.ntfs happy
|
@@ -1,12 +1,10 @@
|
|
1
|
-
from pathlib import Path
|
2
|
-
|
3
1
|
from dissect.target.loaders.velociraptor import VelociraptorLoader
|
4
2
|
|
5
3
|
from ._utils import absolute_path, mkdirs
|
6
4
|
|
7
5
|
|
8
|
-
def test_velociraptor_loader_windows_ntfs(mock_target,
|
9
|
-
root =
|
6
|
+
def test_velociraptor_loader_windows_ntfs(mock_target, tmp_path):
|
7
|
+
root = tmp_path
|
10
8
|
mkdirs(
|
11
9
|
root,
|
12
10
|
[
|
@@ -40,8 +38,8 @@ def test_velociraptor_loader_windows_ntfs(mock_target, tmpdir_name):
|
|
40
38
|
assert len(mock_target.filesystems) == 4
|
41
39
|
|
42
40
|
|
43
|
-
def test_dir_loader_linux(mock_target,
|
44
|
-
root =
|
41
|
+
def test_dir_loader_linux(mock_target, tmp_path):
|
42
|
+
root = tmp_path
|
45
43
|
mkdirs(root, ["uploads.json", "uploads/file/etc", "uploads/file/var"])
|
46
44
|
|
47
45
|
assert VelociraptorLoader.detect(root) is True
|
@@ -52,8 +50,8 @@ def test_dir_loader_linux(mock_target, tmpdir_name):
|
|
52
50
|
assert len(mock_target.filesystems) == 1
|
53
51
|
|
54
52
|
|
55
|
-
def test_dir_loader_macos(mock_target,
|
56
|
-
root =
|
53
|
+
def test_dir_loader_macos(mock_target, tmp_path):
|
54
|
+
root = tmp_path
|
57
55
|
mkdirs(root, ["uploads.json", "uploads/file/Library"])
|
58
56
|
|
59
57
|
assert VelociraptorLoader.detect(root) is True
|
@@ -12,8 +12,8 @@ from ._utils import mkdirs
|
|
12
12
|
|
13
13
|
@patch("dissect.target.loaders.vmx.VmdkContainer")
|
14
14
|
@patch("dissect.target.loaders.vmx.vmx.VMX")
|
15
|
-
def test_vmwarevm_loader(VMX: VMX, VmdkContainer: VmdkContainer, mock_target: Target,
|
16
|
-
root =
|
15
|
+
def test_vmwarevm_loader(VMX: VMX, VmdkContainer: VmdkContainer, mock_target: Target, tmp_path: Path):
|
16
|
+
root = tmp_path
|
17
17
|
mkdirs(root, ["Test.vmwarevm"])
|
18
18
|
(root / "Test.vmwarevm" / "Test.vmx").touch()
|
19
19
|
|
@@ -6,10 +6,10 @@ from dissect.target.plugins.browsers import chrome, chromium, edge, firefox, iex
|
|
6
6
|
from ._utils import absolute_path
|
7
7
|
|
8
8
|
|
9
|
-
def test_iexplore_plugin(target_win, fs_win,
|
9
|
+
def test_iexplore_plugin(target_win, fs_win, tmp_path, target_win_users):
|
10
10
|
cache_archive = absolute_path("data/plugins/browsers/iexplore/WebCacheV01.dat.gz")
|
11
11
|
|
12
|
-
with tempfile.NamedTemporaryFile(dir=
|
12
|
+
with tempfile.NamedTemporaryFile(dir=tmp_path) as tf:
|
13
13
|
with gzip.GzipFile(cache_archive, "rb") as f:
|
14
14
|
tf.write(f.read())
|
15
15
|
tf.flush()
|
@@ -21,7 +21,7 @@ def test_iexplore_plugin(target_win, fs_win, tmpdir_name, target_win_users):
|
|
21
21
|
webcache_dir = str(webcache_dir)[3:] # drop C:/
|
22
22
|
webcache_file = str(webcache_file)[3:] # drop C:/
|
23
23
|
|
24
|
-
fs_win.map_dir("Users\\John",
|
24
|
+
fs_win.map_dir("Users\\John", tmp_path)
|
25
25
|
fs_win.map_file(webcache_file, tf.name)
|
26
26
|
|
27
27
|
target_win.add_plugin(iexplore.InternetExplorerPlugin)
|
@@ -39,7 +39,7 @@ def test_iexplore_plugin(target_win, fs_win, tmpdir_name, target_win_users):
|
|
39
39
|
assert len(records) == 1
|
40
40
|
|
41
41
|
|
42
|
-
def test_firefox_plugin(target_win, fs_win,
|
42
|
+
def test_firefox_plugin(target_win, fs_win, tmp_path, target_win_users):
|
43
43
|
firefox_db = absolute_path("data/plugins/browsers/firefox/places.sqlite")
|
44
44
|
|
45
45
|
user = target_win_users.user_details.find(username="John")
|
@@ -49,7 +49,7 @@ def test_firefox_plugin(target_win, fs_win, tmpdir_name, target_win_users):
|
|
49
49
|
webcache_dir = str(webcache_dir)[3:] # drop C:/
|
50
50
|
webcache_file = str(webcache_file)[3:] # drop C:/
|
51
51
|
|
52
|
-
fs_win.map_dir("Users\\John",
|
52
|
+
fs_win.map_dir("Users\\John", tmp_path)
|
53
53
|
fs_win.map_file(webcache_file, firefox_db)
|
54
54
|
|
55
55
|
target_win.add_plugin(firefox.FirefoxPlugin)
|
@@ -67,7 +67,7 @@ def test_firefox_plugin(target_win, fs_win, tmpdir_name, target_win_users):
|
|
67
67
|
assert len(records) == 3
|
68
68
|
|
69
69
|
|
70
|
-
def test_chrome_plugin(target_win, fs_win,
|
70
|
+
def test_chrome_plugin(target_win, fs_win, tmp_path, target_win_users):
|
71
71
|
chrome_db = absolute_path("data/plugins/browsers/chrome/History.sqlite")
|
72
72
|
|
73
73
|
user = target_win_users.user_details.find(username="John")
|
@@ -77,7 +77,7 @@ def test_chrome_plugin(target_win, fs_win, tmpdir_name, target_win_users):
|
|
77
77
|
webcache_dir = str(webcache_dir)[3:] # drop C:/
|
78
78
|
webcache_file = str(webcache_file)[3:] # drop C:/
|
79
79
|
|
80
|
-
fs_win.map_dir("Users\\John",
|
80
|
+
fs_win.map_dir("Users\\John", tmp_path)
|
81
81
|
fs_win.map_file(webcache_file, chrome_db)
|
82
82
|
|
83
83
|
target_win.add_plugin(chrome.ChromePlugin)
|
@@ -95,7 +95,7 @@ def test_chrome_plugin(target_win, fs_win, tmpdir_name, target_win_users):
|
|
95
95
|
assert len(records) == 1
|
96
96
|
|
97
97
|
|
98
|
-
def test_edge_plugin(target_win, fs_win,
|
98
|
+
def test_edge_plugin(target_win, fs_win, tmp_path, target_win_users):
|
99
99
|
edge_db = absolute_path("data/plugins/browsers/edge/History.sqlite")
|
100
100
|
|
101
101
|
user = target_win_users.user_details.find(username="John")
|
@@ -105,7 +105,7 @@ def test_edge_plugin(target_win, fs_win, tmpdir_name, target_win_users):
|
|
105
105
|
webcache_dir = str(webcache_dir)[3:] # drop C:/
|
106
106
|
webcache_file = str(webcache_file)[3:] # drop C:/
|
107
107
|
|
108
|
-
fs_win.map_dir("Users\\John",
|
108
|
+
fs_win.map_dir("Users\\John", tmp_path)
|
109
109
|
fs_win.map_file(webcache_file, edge_db)
|
110
110
|
|
111
111
|
target_win.add_plugin(edge.EdgePlugin)
|
@@ -123,7 +123,7 @@ def test_edge_plugin(target_win, fs_win, tmpdir_name, target_win_users):
|
|
123
123
|
assert len(records) == 2
|
124
124
|
|
125
125
|
|
126
|
-
def test_chromium_plugin(target_win, fs_win,
|
126
|
+
def test_chromium_plugin(target_win, fs_win, tmp_path, target_win_users):
|
127
127
|
chromium_db = absolute_path("data/plugins/browsers/chromium/History.sqlite")
|
128
128
|
|
129
129
|
user = target_win_users.user_details.find(username="John")
|
@@ -133,7 +133,7 @@ def test_chromium_plugin(target_win, fs_win, tmpdir_name, target_win_users):
|
|
133
133
|
webcache_dir = str(webcache_dir)[3:] # drop C:/
|
134
134
|
webcache_file = str(webcache_file)[3:] # drop C:/
|
135
135
|
|
136
|
-
fs_win.map_dir("Users\\John",
|
136
|
+
fs_win.map_dir("Users\\John", tmp_path)
|
137
137
|
fs_win.map_file(webcache_file, chromium_db)
|
138
138
|
|
139
139
|
target_win.add_plugin(chromium.ChromiumPlugin)
|
@@ -1,4 +1,4 @@
|
|
1
|
-
def test_users_plugin(target_win_users, fs_win,
|
1
|
+
def test_users_plugin(target_win_users, fs_win, tmp_path):
|
2
2
|
users = list(target_win_users.users())
|
3
3
|
assert len(users) == 2
|
4
4
|
|
@@ -18,6 +18,6 @@ def test_users_plugin(target_win_users, fs_win, tmpdir_name):
|
|
18
18
|
users_with_home = list(target_win_users.user_details.all_with_home())
|
19
19
|
assert len(users_with_home) == 0 # no users have home dirs
|
20
20
|
|
21
|
-
fs_win.map_dir("Users\\John",
|
21
|
+
fs_win.map_dir("Users\\John", tmp_path)
|
22
22
|
users_with_home = list(target_win_users.user_details.all_with_home())
|
23
23
|
assert len(users_with_home) == 1 # only John has a home dir
|
{dissect.target-3.9.dev16 → dissect.target-3.9.dev18}/tests/test_plugins_os_windows_defender.py
RENAMED
@@ -1,7 +1,6 @@
|
|
1
1
|
import os
|
2
2
|
from datetime import datetime
|
3
3
|
from io import BytesIO
|
4
|
-
from pathlib import Path
|
5
4
|
|
6
5
|
from dissect.ntfs.secure import ACL, SecurityDescriptor
|
7
6
|
|
@@ -10,9 +9,9 @@ from dissect.target.plugins.os.windows import defender
|
|
10
9
|
from ._utils import absolute_path
|
11
10
|
|
12
11
|
|
13
|
-
def test_defender_evtx_logs(target_win, fs_win,
|
12
|
+
def test_defender_evtx_logs(target_win, fs_win, tmp_path):
|
14
13
|
# map default log location to pass EvtxPlugin's compatibility check
|
15
|
-
fs_win.map_dir("windows/system32/winevt/logs",
|
14
|
+
fs_win.map_dir("windows/system32/winevt/logs", tmp_path)
|
16
15
|
|
17
16
|
log_file = absolute_path("data/defender-operational.evtx")
|
18
17
|
fs_win.map_file("windows/system32/winevt/logs/Microsoft-Windows-Windows Defender%4Operational.evtx", log_file)
|
@@ -31,7 +30,7 @@ def test_defender_evtx_logs(target_win, fs_win, tmpdir_name):
|
|
31
30
|
assert {r.Threat_Name for r in records} == {None, "TrojanDropper:PowerShell/PowerSploit.S!MSR"}
|
32
31
|
|
33
32
|
|
34
|
-
def test_defender_quarantine_entries(target_win, fs_win
|
33
|
+
def test_defender_quarantine_entries(target_win, fs_win):
|
35
34
|
quarantine_dir = absolute_path("data/defender-quarantine")
|
36
35
|
|
37
36
|
fs_win.map_dir("programdata/microsoft/windows defender/quarantine", quarantine_dir)
|
@@ -56,14 +55,14 @@ def test_defender_quarantine_entries(target_win, fs_win, tmpdir_name):
|
|
56
55
|
assert mimikatz_record.last_accessed_time.date() == detection_date
|
57
56
|
|
58
57
|
|
59
|
-
def test_defender_quarantine_recovery(target_win, fs_win,
|
58
|
+
def test_defender_quarantine_recovery(target_win, fs_win, tmp_path):
|
60
59
|
# Map the quarantine folder from our test data
|
61
60
|
quarantine_dir = absolute_path("data/defender-quarantine")
|
62
61
|
fs_win.map_dir("programdata/microsoft/windows defender/quarantine", quarantine_dir)
|
63
62
|
|
64
63
|
# Create a directory to recover to
|
65
|
-
recovery_dst =
|
66
|
-
|
64
|
+
recovery_dst = tmp_path.joinpath("recovery")
|
65
|
+
recovery_dst.mkdir()
|
67
66
|
|
68
67
|
# Recover
|
69
68
|
target_win.add_plugin(defender.MicrosoftDefenderPlugin)
|
@@ -1,5 +1,4 @@
|
|
1
1
|
import shutil
|
2
|
-
from pathlib import Path
|
3
2
|
|
4
3
|
import pytest
|
5
4
|
|
@@ -19,21 +18,21 @@ from ._utils import absolute_path
|
|
19
18
|
(True, True),
|
20
19
|
],
|
21
20
|
)
|
22
|
-
def test_evt_plugin(target_win, fs_win,
|
21
|
+
def test_evt_plugin(target_win, fs_win, tmp_path, is_in_directory, is_in_registry):
|
23
22
|
target_win.add_plugin(evt.EvtPlugin)
|
24
23
|
|
25
24
|
evt_log_file = absolute_path("data/TestLog.evt")
|
26
25
|
expected_records = 0
|
27
26
|
|
28
27
|
if is_in_directory:
|
29
|
-
evt_dir_file =
|
28
|
+
evt_dir_file = tmp_path / "TestLogDir.evt"
|
30
29
|
shutil.copyfile(evt_log_file, evt_dir_file)
|
31
30
|
|
32
31
|
fs_win.map_file("windows/system32/config/TestLog.evt", evt_dir_file)
|
33
32
|
expected_records += 5
|
34
33
|
|
35
34
|
if is_in_registry:
|
36
|
-
evt_reg_file =
|
35
|
+
evt_reg_file = tmp_path / "TestLogReg.evt"
|
37
36
|
shutil.copyfile(evt_log_file, evt_reg_file)
|
38
37
|
|
39
38
|
# Set a log path in the registry key and map that path
|
@@ -66,19 +65,19 @@ def test_evt_plugin(target_win, fs_win, tmpdir_name, is_in_directory, is_in_regi
|
|
66
65
|
(True, True, True),
|
67
66
|
],
|
68
67
|
)
|
69
|
-
def test_evtx_plugin(target_win, fs_win,
|
68
|
+
def test_evtx_plugin(target_win, fs_win, tmp_path, is_in_directory, is_in_registry, duplicate):
|
70
69
|
with pytest.raises(UnsupportedPluginError):
|
71
70
|
target_win.add_plugin(evtx.EvtxPlugin)
|
72
71
|
|
73
72
|
# Map default log location to pass EvtxPlugin's compatibility check
|
74
|
-
fs_win.map_dir("windows/system32/winevt/logs",
|
73
|
+
fs_win.map_dir("windows/system32/winevt/logs", tmp_path)
|
75
74
|
target_win.add_plugin(evtx.EvtxPlugin)
|
76
75
|
|
77
76
|
evtx_log_file = absolute_path("data/TestLogX.evtx")
|
78
77
|
expected_records = 0
|
79
78
|
|
80
79
|
if is_in_directory:
|
81
|
-
evtx_dir_file =
|
80
|
+
evtx_dir_file = tmp_path / "TestLogXDir.evtx"
|
82
81
|
shutil.copyfile(evtx_log_file, evtx_dir_file)
|
83
82
|
|
84
83
|
# Mock log file in a default directory
|
@@ -86,7 +85,7 @@ def test_evtx_plugin(target_win, fs_win, tmpdir_name, is_in_directory, is_in_reg
|
|
86
85
|
expected_records += 5
|
87
86
|
|
88
87
|
if is_in_registry:
|
89
|
-
evtx_reg_file =
|
88
|
+
evtx_reg_file = tmp_path / "TestLogXReg.evtx"
|
90
89
|
shutil.copyfile(evtx_log_file, evtx_reg_file)
|
91
90
|
|
92
91
|
# Set a log path in the registry key and map that path
|
@@ -0,0 +1,67 @@
|
|
1
|
+
import logging
|
2
|
+
from io import BytesIO
|
3
|
+
|
4
|
+
from pytest import LogCaptureFixture
|
5
|
+
|
6
|
+
from dissect.target.filesystem import VirtualFilesystem
|
7
|
+
from dissect.target.plugins.os.windows.registry import RegistryPlugin
|
8
|
+
from dissect.target.target import Target
|
9
|
+
|
10
|
+
|
11
|
+
def test_missing_hives(fs_win: VirtualFilesystem, caplog: LogCaptureFixture):
|
12
|
+
target = Target()
|
13
|
+
target.filesystems.add(fs_win)
|
14
|
+
|
15
|
+
caplog.set_level(logging.DEBUG)
|
16
|
+
target.apply()
|
17
|
+
|
18
|
+
expected = [
|
19
|
+
f"{target}: Could not find hive: sysvol/windows/system32/config/{hive}" for hive in RegistryPlugin.SYSTEM
|
20
|
+
]
|
21
|
+
expected += [
|
22
|
+
f"{target}: Could not find hive: sysvol/windows/system32/config/RegBack/{hive}"
|
23
|
+
for hive in RegistryPlugin.SYSTEM
|
24
|
+
]
|
25
|
+
|
26
|
+
assert [record.message for record in caplog.records if record.filename == "registry.py"] == expected
|
27
|
+
|
28
|
+
|
29
|
+
def test_missing_user_hives(fs_win: VirtualFilesystem, target_win_users: Target, caplog: LogCaptureFixture):
|
30
|
+
fs_win.makedirs("Users/John")
|
31
|
+
|
32
|
+
caplog.set_level(logging.DEBUG)
|
33
|
+
target_win_users.registry.load_user_hives()
|
34
|
+
|
35
|
+
assert [record.message for record in caplog.records if record.filename == "registry.py"] == [
|
36
|
+
f"{target_win_users}: Could not find ntuser.dat: C:/Users/John/ntuser.dat",
|
37
|
+
f"{target_win_users}: Could not find usrclass.dat: C:/Users/John/AppData/Local/Microsoft/Windows/usrclass.dat",
|
38
|
+
]
|
39
|
+
|
40
|
+
|
41
|
+
def test_empty_hives(fs_win: VirtualFilesystem, caplog: LogCaptureFixture):
|
42
|
+
fs_win.map_file_fh("windows/system32/config/SYSTEM", BytesIO())
|
43
|
+
fs_win.map_file_fh("boot/BCD", BytesIO())
|
44
|
+
|
45
|
+
target = Target()
|
46
|
+
target.filesystems.add(fs_win)
|
47
|
+
|
48
|
+
caplog.set_level(logging.WARNING)
|
49
|
+
target.apply()
|
50
|
+
|
51
|
+
assert [record.message for record in caplog.records if record.filename == "registry.py"] == [
|
52
|
+
f"{target}: Empty hive: sysvol/windows/system32/config/SYSTEM",
|
53
|
+
f"{target}: Empty BCD hive: sysvol/boot/BCD",
|
54
|
+
]
|
55
|
+
|
56
|
+
|
57
|
+
def test_empty_user_hives(fs_win: VirtualFilesystem, target_win_users: Target, caplog: LogCaptureFixture):
|
58
|
+
fs_win.map_file_fh("Users/John/ntuser.dat", BytesIO())
|
59
|
+
fs_win.map_file_fh("Users/John/AppData/Local/Microsoft/Windows/usrclass.dat", BytesIO())
|
60
|
+
|
61
|
+
caplog.set_level(logging.WARNING)
|
62
|
+
target_win_users.registry.load_user_hives()
|
63
|
+
|
64
|
+
assert [record.message for record in caplog.records if record.filename == "registry.py"] == [
|
65
|
+
f"{target_win_users}: Empty NTUSER.DAT hive: C:/Users/John/ntuser.dat",
|
66
|
+
f"{target_win_users}: Empty UsrClass.DAT hive: C:/Users/John/AppData/Local/Microsoft/Windows/usrclass.dat",
|
67
|
+
]
|
@@ -3,7 +3,7 @@ from dissect.target.plugins.os.windows import ual
|
|
3
3
|
from ._utils import absolute_path
|
4
4
|
|
5
5
|
|
6
|
-
def test_ual_plugin(target_win, fs_win
|
6
|
+
def test_ual_plugin(target_win, fs_win):
|
7
7
|
ual_dir = absolute_path("data/ual/")
|
8
8
|
|
9
9
|
fs_win.map_dir("Windows/System32/LogFiles/Sum", ual_dir)
|
@@ -5,7 +5,7 @@ from dissect.target.plugins.os.windows.wer import WindowsErrorReportingPlugin
|
|
5
5
|
from ._utils import absolute_path
|
6
6
|
|
7
7
|
|
8
|
-
def test_wer_plugin(target_win, fs_win
|
8
|
+
def test_wer_plugin(target_win, fs_win):
|
9
9
|
wer_dir = absolute_path("data/wer/")
|
10
10
|
fs_win.map_dir("ProgramData/Microsoft/Windows/WER/ReportQueue/test", wer_dir)
|
11
11
|
target_win.add_plugin(WindowsErrorReportingPlugin)
|