Plaso 20190916 released
Plaso 20190916 released
After a longer than usual release process due to lack of maintainer availability, the Plaso team are glad to announce a new Plaso release, 20190916.
New parsers
- APT history by new contributor js-forensic
- VSFTP by new contributor bodik
- BAM registry key also by js-forensic
- SetupAPI log by js-forensic
Other new features
As usual, there’s a bunch of cleanups, performance tweaks and bug fixes, the full list of which are available in the release milestone.
Distribution changes
For this release, we’re not providing a binary build for MacOS. This is due to the change in Python versions between MacOS 10.15 (Catalina) and previous versions, as well as Apple’s notes about possibly not including them in future releases. For now, we recommend MacOS users do a source installation. We’ll keep an eye on this situation and possibly provide a packaged release again the future.
The future of the PyInstaller project is uncertain, it is actively looking for funding. If you rely on the Plaso PyInstaller packed release we suggest funding the PyInstaller project. Going forward we therefore are unlikely to provide PyInstaller build for Windows.
There now is a Fedora 31 release available, but this meant removing lz4 as a required dependency for the time being. See this issue for more context.
Where/how to get Plaso 20190916?
See Plaso's Users' Guide. As usual, builds are available for Docker, MacOS, Ubuntu, Fedora and Windows.
If you run into problems take a look at the Installation Problems page in the Plaso documentation, to see if other people have seen the issue before. If nothing there helps, ask for help on the Open Source DFIR slack or open an issue on the tracker.