Highlights
Target
- Removed issue with fake ntfs filesystems getting mounted
- Add keychain support for decrypting FortiGate firmware files
- Plugins:
- certlog plugin for parsing Active Directory Certificate services, each plugin returning the contents of a specific table:
-f certlog.requests-f certlog.request_attributes-f certlog.crls-f certlog.certificates-f certlog.certificate_extensions
- Windows AD
-f ad, parses NTDS.dit database and extract user credentials.-f ad.users-f ad.computers-f ad.group_policies-f ad.secretsdump
- certlog plugin for parsing Active Directory Certificate services, each plugin returning the contents of a specific table:
- Filesystems:
- Added support for APFS filesystems (macos)
- Added support for AD1 encrypted filesystems
- Added NTDS filesystem so we can treat the database like a filesystem.
- Enhancements:
- The walkfs plugin also contains filetype and mimetype detections
- Tools:
- Added target-inspect a tool useful for debugging different layers of dissect
Misc
- Changed zstandard dependency to zstandard-backport and python3.14 internal module
- Several fixes and enhancements to dissect.database
- Changes to dissect.hypervisor for proper parsing and opening of streams for VDI and VirtualBox formats.
Contributors
Thanks to our contributors for making this release possible:
@B0TAxy
@d4ni-exe
@joost-j
@JSCU-CNI
@LarsBehrens
@lhaagsma
@Matthijsy
@nbareil
@object1337
@PimSanders
@Politie-SOC
@qmadev
@R3dP1ll
@respondersGY
@skepppy
@tuttimann
@william-billaud
Full Changelogs
dissect: 3.21 → 3.22
https://github.com/fox-it/dissect/releases/tag/3.22
dissect.apfs: 1.0.1 → 1.1
https://github.com/fox-it/dissect.apfs/releases/tag/1.1
dissect.archive: 💤1.8 (no changes)
https://github.com/fox-it/dissect.archive/releases/tag/1.8
dissect.btrfs: 1.9 → 1.10
https://github.com/fox-it/dissect.btrfs/releases/tag/1.10
dissect.cim: 💤3.13 (no changes)
https://github.com/fox-it/dissect.cim/releases/tag/3.13
dissect.clfs: 💤1.11 (no changes)
https://github.com/fox-it/dissect.clfs/releases/tag/1.11
dissect.cramfs: 💤1.1 (no changes)
https://github.com/fox-it/dissect.cramfs/releases/tag/1.1
dissect.cstruct: 💤4.7 (no changes)
https://github.com/fox-it/dissect.cstruct/releases/tag/4.7
dissect.database: 1.0 → 1.1
https://github.com/fox-it/dissect.database/releases/tag/1.1
dissect.etl: 💤3.14 (no changes)
https://github.com/fox-it/dissect.etl/releases/tag/3.14
dissect.eventlog: 💤3.11 (no changes)
https://github.com/fox-it/dissect.eventlog/releases/tag/3.11
dissect.evidence: 3.12 → 3.13
https://github.com/fox-it/dissect.evidence/releases/tag/3.13
dissect.executable: 💤1.11 (no changes)
https://github.com/fox-it/dissect.executable/releases/tag/1.11
dissect.extfs: 💤3.15 (no changes)
https://github.com/fox-it/dissect.extfs/releases/tag/3.15
dissect.fat: 💤3.13 (no changes)
https://github.com/fox-it/dissect.fat/releases/tag/3.13
dissect.ffs: 💤3.12 (no changes)
https://github.com/fox-it/dissect.ffs/releases/tag/3.12
dissect.fve: 4.5 → 4.6
https://github.com/fox-it/dissect.fve/releases/tag/4.6
dissect.hypervisor: 3.20 → 3.21
https://github.com/fox-it/dissect.hypervisor/releases/tag/3.21
dissect.jffs: 💤1.6 (no changes)
https://github.com/fox-it/dissect.jffs/releases/tag/1.6
dissect.ntfs: 3.15 → 3.16
https://github.com/fox-it/dissect.ntfs/releases/tag/3.16
dissect.ole: 💤3.12 (no changes)
https://github.com/fox-it/dissect.ole/releases/tag/3.12
dissect.qnxfs: 💤1.2 (no changes)
https://github.com/fox-it/dissect.qnxfs/releases/tag/1.2
dissect.regf: 💤3.14 (no changes)
https://github.com/fox-it/dissect.regf/releases/tag/3.14
dissect.shellitem: 💤3.13 (no changes)
https://github.com/fox-it/dissect.shellitem/releases/tag/3.13
dissect.squashfs: 1.11 → 1.12
https://github.com/fox-it/dissect.squashfs/releases/tag/1.12
dissect.target: 3.24 → 3.25.1
https://github.com/fox-it/dissect.target/releases/tag/3.25.1
dissect.thumbcache: 💤1.11 (no changes)
https://github.com/fox-it/dissect.thumbcache/releases/tag/1.11
dissect.util: 3.23 → 3.24
https://github.com/fox-it/dissect.util/releases/tag/3.24
dissect.vmfs: 💤3.13 (no changes)
https://github.com/fox-it/dissect.vmfs/releases/tag/3.13
dissect.volume: 3.17 → 3.18
https://github.com/fox-it/dissect.volume/releases/tag/3.18
dissect.xfs: 💤3.13 (no changes)
https://github.com/fox-it/dissect.xfs/releases/tag/3.13
