Plaso 20210412 released
Plaso 20210412 released
The Plaso team is pleased to announce a new Plaso release, 20210412. This release mainly has under the hood improvements and clean up.
Notable changes
The Timesketch output module has been removed (#2560) in favor of the elastic_ts output module which is used by Timesketch importer. If you want to import Plaso timelines into Timesketch please use the Timesketch importer.
Raw fields support has been removed from the elastic output module (#3469).
Markdown output format support has been added to pinfo.py (#1175).
The full list of cleanups, performance tweaks and bug fixes can be found in the release milestone.
Upcoming changes in future releases
The default back-end for GPT in will be changed to libvsgpt/pyvsgpt.
Mac OS disk image (.dmg, .sparseimage, .sparsebundle) support (#3540).
Where/how to get Plaso 20210412?
See Plaso's Users' Guide. The development team recommends using Docker to install Plaso without hassle.
If Docker does not fit your needs there are installation instructions available for MacOS, Ubuntu and Fedora.
If you run into problems take a look at the Installation Problems page in the Plaso documentation, to see if other people have seen the issue before. If nothing there helps, ask for help on the Open Source DFIR slack or open an issue on the tracker.
Comments
Post a Comment