Plaso 20181219 released
Plaso 20181219 released
The Plaso team is thrilled to announce a new Plaso release, 20181219. As you might expect, this will be the last release for 2018. A couple of the more notable changes and additions are called out below.
APFS
One of the biggest features in this release is initial support for Apple File System (APFS). Support is provided via libfsapfs/pyfsapfs. Encrypted APFS is supported, as are the most common compression modes (zlib, LZVN), and we’re planning to add support for snapshots, resource forks and other compression modes (LZFSE) over the coming months.
Documentation move and scaffolder
A question we’re often asked is how to contribute to Open Source tools like Plaso, so we’ve done a few things to hopefully make this easier for contributors.
Documentation has been moved to a new home on readthedocs, which has a helpful “Edit on GitHub” link in the top right. If you see a problem, or want to add something, it’s now very straightforward to do the edit on GitHub, and send the maintainers a pull request to improve things for everyone.
The other couple of things we’ve added are a script to make bootstrapping a Dockerized development environment easy, and a scaffolder that automatically generates the needed files for a new parser or plugin. To begin with the scaffolder only supports creating a new SQLite plugin, but support for more plugins and parsers are in the works.
There’s still plenty more we’d like to do to make development more accessible, so look forward to further advancements in the near future.
Other changes
Some of the more noteworthy user-facing features in this release are:
- Support for artifact definition groups
- SSL support for Elasticsearch, courtesy of new contributor cugu.
- Binary releases of Plaso for Python 3 for Ubuntu Linux.
- Packages in GIFT for Ubuntu Bionic (18.04 LTS).
As usual, there’s a bunch of cleanups, performance tweaks and bug fixes, the full list of which are available in the release milestone.
Future plansAs flagged before, we’re planning to drop support for Python 2 in 2019, and this will be the last release where we publish packages for Ubuntu Trusty (14.04).
Where/how to get Plaso 20181219?
See Plaso's Users' Guide. As usual, builds are available for Docker, MacOS, Ubuntu, Fedora Core and Windows.
If you run into problems take a look at the Installation Problems page in the Plaso documentation, to see if other people have seen the issue before. If nothing there helps, ask for help on the discuss mailing list: log2timeline-discuss@googlegroups.com or open an issue on the tracker.
Comments
Post a Comment