Plaso 20230226 released
Plaso 20230226 released
The Plaso team is delighted to announce a new Plaso release, 20230226. This release has a mixture of new features and under the hood improvements.
Notable changes
Several improvements for IIS 10 log (#4566), Automatic Destination (#4568, #4570), Custom Destination (#4569) and PLS recall (#4572) format edge cases.
Added bloom (filter) database hash tagging analysis plugin (#4527), with thanks to @xmco and @william-billaud.
Removed various legacy/backwards compatibility components, like the text prepend option (#4255).
First steps of moving Plaso storage to an independent Python module named acstore.
The full list of cleanups, performance tweaks and bug fixes can be found in the release milestone.
Upcoming changes in future releases
Support for PowerShell transcript log (#4168) files with thanks to @FabFaeb
Support for Windows AppCompat PCA (Program Compatibility Assistant) log (#4560) and Apple Unified Logging (#4557) files with thanks to @Fryyyyy
Support for Microsoft OneDrive log (#4148) files with thanks to @sydp
Additional improvements to Windows EventLog resource extraction and message formatting (#4259).
Where/how to get Plaso 20230226?
See Plaso's Users' Guide. The development team recommends using Docker to install Plaso without hassle.
If Docker does not fit your needs there are installation instructions available for MacOS, Ubuntu and Fedora.
If you run into problems take a look at the Installation Problems page in the Plaso documentation, to see if other people have seen the issue before. If nothing there helps, ask for help on the Open Source DFIR slack or open an issue on the tracker.
Comments
Post a Comment