Plaso 20210412 released

Plaso 20210412 released

The Plaso team is pleased to announce a new Plaso release, 20210412. This release mainly has under the hood improvements and clean up.

Notable changes

  • The Timesketch output module has been removed (#2560) in favor of the elastic_ts output module which is used by Timesketch importer. If you want to import Plaso timelines into Timesketch please use the Timesketch importer.

  • Raw fields support has been removed from the elastic output module (#3469).

  • Markdown output format support has been added to pinfo.py (#1175).


The full list of cleanups, performance tweaks and bug fixes can be found in the release milestone

Upcoming changes in future releases

  • The default back-end for GPT in will be changed to libvsgpt/pyvsgpt.

  • Mac OS disk image (.dmg, .sparseimage, .sparsebundle) support (#3540).


Where/how to get Plaso 20210412?

See Plaso's Users' Guide. The development team recommends using Docker to install Plaso without hassle. 


If Docker does not fit your needs there are installation instructions available for MacOS, Ubuntu and Fedora


If you run into problems take a look at the Installation Problems page in the Plaso documentation, to see if other people have seen the issue before. If nothing there helps, ask for help on the Open Source DFIR slack or open an issue on the tracker.


Comments

Popular posts from this blog

Parsing the $MFT NTFS metadata file

Incident Response in the Cloud

Container Forensics with Docker Explorer