Plaso 20181219 released

Plaso 20181219 released
The Plaso team is thrilled to announce a new Plaso release, 20181219. As you might expect, this will be the last release for 2018. A couple of the more notable changes and additions are called out below.

APFS

One of the biggest features in this release is initial support for Apple File System (APFS). Support is provided via libfsapfs/pyfsapfs. Encrypted APFS is supported, as are the most common compression modes (zlib, LZVN), and we’re planning to add support for snapshots, resource forks and other compression modes (LZFSE) over the coming months.

Documentation move and scaffolder

A question we’re often asked is how to contribute to Open Source tools like Plaso, so we’ve done a few things to hopefully make this easier for contributors.
Documentation has been moved to a new home on readthedocs, which has a helpful “Edit on GitHub” link in the top right. If you see a problem, or want to add something, it’s now very straightforward to do the edit on GitHub, and send the maintainers a pull request to improve things for everyone.
The other couple of things we’ve added are a script to make bootstrapping a Dockerized development environment easy, and a scaffolder that automatically generates the needed files for a new parser or plugin. To begin with the scaffolder only supports creating a new SQLite plugin, but support for more plugins and parsers are in the works.
There’s still plenty more we’d like to do to make development more accessible, so look forward to further advancements in the near future.

Other changes

Some of the more noteworthy user-facing features in this release are:

  • Support for artifact definition groups
  • SSL support for Elasticsearch, courtesy of new contributor cugu.
  • Binary releases of Plaso for Python 3 for Ubuntu Linux.
  • Packages in GIFT for Ubuntu Bionic (18.04 LTS).



    As usual, there’s a bunch of cleanups, performance tweaks and bug fixes, the full list of which are available in the release milestone.

    Future plans
    As flagged before, we’re planning to drop support for Python 2 in 2019, and this will be the last release where we publish packages for Ubuntu Trusty (14.04).


    Where/how to get Plaso 20181219?
    See Plaso's Users' Guide. As usual, builds are available for Docker, MacOS, Ubuntu, Fedora Core and Windows.

    If you run into problems take a look at the Installation Problems page in the Plaso documentation, to see if other people have seen the issue before. If nothing there helps, ask for help on the discuss mailing list: log2timeline-discuss@googlegroups.com  or open an issue on the tracker.

    Comments

    Popular posts from this blog

    Parsing the $MFT NTFS metadata file

    Incident Response in the Cloud

    Container Forensics with Docker Explorer