3.10

What's Changed

• Remove workarounds to map TargetPaths on path record fields by @pyrco in #258
• Add support for at.exe .job files in scheduled tasks by @Wouter-Jansen in #249
• Skip incompatible unit tests on Windows by @cecinestpasunepipe in #260
• Add loader documentation to list output by @Poeloe in #228
• Handle keyboard interrupts and os errors cleanly for dissect tools by @Miauwkeru in #255
• Implement attr()/lattr() in MappedFile and DirectoryFilesystemEntry by @pyrco in #261
• Update the Phobos loader to use the new NTFS API by @pyrco in #269
• Return correct amcache_install records by @Miauwkeru in #265
• Add ssl support to targetd loader by @cecinestpasunepipe in #268
• Refine plugin system by @cecinestpasunepipe in #259
• Remove Loaders from -f in bash autocompletion script by @Miauwkeru in #271
• Add useful trove classifiers to pyproject.toml by @pyrco in #279
• Add a plugin to extract AppX debug information registry keys by @pyrco in #277
• Fix sequential bug caused by copy-by-reference mistake in plugin system by @cecinestpasunepipe in #282
• Add support for Sophos Home and Sophos Hitman by @cecinestpasunepipe in #281
• Add IIS logs to LogLoader by @cecinestpasunepipe in #278
• Fix parsing WER files that do not have a BOM header by @yunzheng in #272
• Allow multiple plugins at once for targetd-loader by @cecinestpasunepipe in #276
• Normalize dev_id when mounting fat disks by @cobyge in #273
• Fix assumption in Hyper-V child plugin by @JSCU-CNI in #264
• Fix mounting ext filesystems for Unix targets by @Schamper in #285
• Add Journal Systemd plugin by @Zawadidone in #242
• Add gpo tasks to tasks plugin by @Poeloe in #267
• Fix the use of deprecated registry.iterkeys() by @pyrco in #287
• Fix resolving invalid symlinks on NTFS by @Schamper in #289
• Add OIDC publish step to workflow by @Miauwkeru in #288
• Change exception by @cecinestpasunepipe in #295
• Fix target-info time zone issue by @cecinestpasunepipe in #294
• Add fallback LS_COLORS scheme to target-shell by @Horofic in #296
• Make FilesystemEntry's is_dir(), is_file() and stat() follow_symlinks parameter aware by @pyrco in #302
• Fix false positive detection McAfee plugin by @cecinestpasunepipe in #297
• Add exclusions function to Windows Defender plugin by @MaxGroot in #301
• Add support for gpo tasks that are wrapped in other tasks by @cecinestpasunepipe in #298

New Contributors

• @yunzheng made their first contribution in #272

Full Changelog: 3.9...3.10

3.9

What's Changed

• Targetd Loader/Plugin (DIS-1590) by @cecinestpasunepipe in #188
• Fix unix auth log plugin hostname regex by @JSCU-CNI in #208
• Improve unix services plugin by @JSCU-CNI in #198
• Improve reverse_readlines performance by @JSCU-CNI in #204
• Add test cases for case(in)sensitivity of the VirtualFilesystem by @pyrco in #214
• Improve Unix DHCP IP parsing by @JSCU-CNI in #213
• Fix logic bug in unix history plugin by @JSCU-CNI in #222
• Change Lnk(entry) to file-handle by @Horofic in #224
• Add .vmwarevm loader by @Schamper in #221
• Improve the help message for the adpolicy plugin by @pyrco in #225
• Fix ASDF loader by @Schamper in #219
• Add support for unix powershell history by @JSCU-CNI in #212
• Close targetd connection after use by @cecinestpasunepipe in #216
• Proposal processing directory target without wildcard by @cecinestpasunepipe in #218
• Fix ExfatFilesystem/ExfatFilesystemEntry by @pyrco in #217
• Set all import errors to log level info by @Miauwkeru in #230
• Replace tmpdir_name with tmp_path fixture by @Schamper in #232
• Skip empty registry hives by @Schamper in #233
• Fix VmaLoader variable name by @JSCU-CNI in #239
• Fix services plugin for broken symlinks by @JSCU-CNI in #238
• Mount all filesystems in target-mount by @Schamper in #237
• Add dissect.target[yara] as an optional dependency by @Miauwkeru in #229
• Add parser for extensions for chromium browsers by @Wouter-Jansen in #231
• Targetd windows controller by @cecinestpasunepipe in #235
• Fix LVM2 volume names containing hyphens by @Schamper in #245
• Add support for Parallels PVM/PVS/HDD/HDS by @Schamper in #220
• Expand adpolicy plugin to include missing GPO info by @cecinestpasunepipe in #246
• Add evt/evtx-loader by @cecinestpasunepipe in #234
• Fix user_details.find() to return users with uid 0 by @pyrco in #248
• Add documentation testing tooling by @martinvanhensbergen in #227
• Add a help message to mft --compact by @Miauwkeru in #247
• Remove unnecessary newline from tox.ini by @martinvanhensbergen in #251
• Add support for two additional Firefox file locations by @Wouter-Jansen in #250
• Fix etl.shutdown to actually return the ETL shutdown records by @pyrco in #253
• Update README.md by @martinvanhensbergen in #254
• Add LNK test by @Zawadidone in #226
• Fix services plugin failures on linux targets by @Miauwkeru in #252
• Update flow.record dependency to 3.10 by @pyrco in #257

Full Changelog: 3.8...3.9

3.8

What's Changed

• Clean up filesystem detection and add type hints by @Schamper in #168
• Clean up volume system detection by @Schamper in #169
• Change LoaderError to ImportError in target loader by @Schamper in #172
• Improve support for iTunes backup files by @Schamper in #170
• Add nginx, apache and caddy webserver log parsers by @JSCU-CNI in #127
• improve unix audit plugin by @JSCU-CNI in #173
• Fix XML parsing for the wicked networkmanager by @pyrco in #175
• Add open handles plugin by @Poeloe in #171
• Improve detection of system ip addresses on unix by @JSCU-CNI in #133
• Add support for symlinks to target-shell by @Horofic in #118
• Add support for older Hyper-V configurations by @Schamper in #177
• Add missing __init__.py to webservers directory by @Schamper in #178
• Fix RootFilesystemEntry's lattr() by @pyrco in #179
• Fix displaying Windows alternate data streams in target-shell by @pyrco in #181
• Print errors in target-shell when running with -q by @pyrco in #180
• Add support for NTFS reparse points by @Schamper in #176
• Add target-info by @JSCU-CNI in #136
• Fix target-info by @Schamper in #186
• Add support for extended zsh history files by @JSCU-CNI in #183
• New implementation of -l/-f/-h by @cecinestpasunepipe in #124
• Improve ssh plugin by @JSCU-CNI in #182
• Add unix package manager parsers by @JSCU-CNI in #128
• Fix windows plugins datetime by @Zawadidone in #187
• Backward compatibility fix for plugin namespaces by @cecinestpasunepipe in #192
• Fix TargetPath for CPython 3.11 by @Schamper in #193
• Fix tar loader for targets with '.' folder by @JSCU-CNI in #195
• Improve bash auto completion script by @JSCU-CNI in #197
• Fix namespace non findable plugins by @Zawadidone in #194
• Fix velociraptor loader c folder by @Zawadidone in #185
• Improve unix os-release parsing by @JSCU-CNI in #199
• Move to tox4 and pure pyproject packaging by @pyrco in #202
• Dis 426 add browser download history for each browser plugin by @Wouter-Jansen in #191
• Fix path file accessor by @Zawadidone in #206
• Improve target-shell by @JSCU-CNI in #196
• Make fsutil.open_decompress file extension agnostic by @pyrco in #207
• Remove unnecessary brackets by @Wouter-Jansen in #210
• Log parser for Trend Micro Worry-Free Suite by @cecinestpasunepipe in #205
• Fix external references in documentation by @martinvanhensbergen in #203
• Add McAfee SQLite log parser (DIS-1523) by @cecinestpasunepipe in #200
• Add UsnJrnl path to Velociraptor loader by @Zawadidone in #209
• Make importing and usage of the bz2 module conditional by @pyrco in #211

New Contributors

• @martinvanhensbergen made their first contribution in #203

Full Changelog: 3.7...3.8

3.7

What's Changed

• Fix lastlog struct by @JSCU-CNI in #107
• Add Defender Quarantine Recovery by @MaxGroot in #96
• Add Velociraptor loader by @Zawadidone in #114
• Use TarFilesystemEntry in TarLoader by @Schamper in #112
• Add wireguard config parser plugin by @JSCU-CNI in #111
• Make tasks plugin a bit more robust by @Schamper in #123
• Make mft and mft_timeline plugin a bit more robust by @Schamper in #122
• Add applaunches function to amcache plugin by @JSCU-CNI in #120
• Improve unix command history plugin by @JSCU-CNI in #110
• Add Atop plugin by @Zawadidone in #108
• Refactor chromium based browser plugin by @Wouter-Jansen in #105
• Improve OSPlugin loading by @pyrco in #129
• Add locale plugin for unix and windows by @JSCU-CNI in #116
• Fix missing dependencies for the full extra by @pyrco in #139
• Fix windows sam parsing by @JSCU-CNI in #121
• Update the Windows version and ntversion plugins by @pyrco in #125
• Make defusedxml a main dependency by @pyrco in #140
• Use defusedxml instead of the build in xml module by @pyrco in #141
• Use only .py files when loading plugins by @pyrco in #138
• Improve unix users and passwords parsing by @JSCU-CNI in #126
• Add installdate function for unix and windows by @JSCU-CNI in #132
• Add docker container plugin by @JSCU-CNI in #115
• Make IIS parser more robust by @cecinestpasunepipe in #137
• Add compact flag to mft plugin by @Miauwkeru in #142
• Improve target-fs command line error handling by @pyrco in #143
• Add rudimentary support for zip files by @JSCU-CNI in #117
• Add folder as package by @Zawadidone in #146
• Defender add DefenderBehaviorQuarantineRecord to export by @Zawadidone in #152
• Add IndexRecord to export thumbcache functions by @Zawadidone in #154
• Small fixes to zip filesystem by @Schamper in #153
• Fix tar filesystem by @JSCU-CNI in #144
• Improve unix messages plugin by @JSCU-CNI in #131
• Improve bash autocompletion script by @Miauwkeru in #151
• Fix incorrect MappedFile behavior by @Schamper in #155
• Run black to satisfy new rules by @Schamper in #156
• Improve the robustness of the InternetExplorerPlugin by @pyrco in #157
• Add auth.log and secure log parsing for unix systems by @JSCU-CNI in #134
• Add WSL child plugin by @JSCU-CNI in #148
• Change path type of ChildTargetRecord by @Schamper in #160
• Change execution report log to debug by @Schamper in #159
• Improve locale for unix and windows by @JSCU-CNI in #150
• Correctly set volume in filesystems by @Schamper in #162
• Update style and pin on black v23.1.0 by @pyrco in #163
• Add isort to flake8 linting by @pyrco in #164
• Update the flow.record dependency to 3.9 by @pyrco in #165
• Fix TarFilesystem regression for relative lookups by @Schamper in #166

New Contributors

• @JSCU-CNI made their first contribution in #107
• @MaxGroot made their first contribution in #96

Full Changelog: 3.6...3.7

3.6

What's Changed

• Fix compression for prefetch after API change by @Schamper in #98
• Add git-lfs attributes for commit 1c821d9 by @Miauwkeru in #103

Full Changelog: 3.5...3.6

3.5

What's Changed

• Improve handing of dollar sign in Target Shell by @cecinestpasunepipe in #101
• Make the driveletter case insensitive using the TarLoader by @Miauwkeru in #102

Full Changelog: 3.4...3.5

3.4

What's Changed

• Update setup.cfg with a description field by @pyrco in #58
• Fix links to the documentation by @Miauwkeru in #57
• Fix obtaining user for each key and typehinting by @Poeloe in #51
• Use paths from %path% in Windows path resolver by @pyrco in #50
• Fallback container detection to fh if path fails by @Schamper in #62
• Add option to RemoteLoader to use custom CA by @cecinestpasunepipe in #65
• Add an on-demand test workflow by @pyrco in #66
• Fix ESXi hostname and domain if not configured by @Schamper in #67
• Add Windows Error Reporting plugin by @Poeloe in #60
• Fix VBOX-Loader by @cecinestpasunepipe in #69
• Configure the minimum python version by @pyrco in #72
• Fix typo in OperatingSystem enum by @Miauwkeru in #73
• Improve target-mount usability and performance by @Schamper in #71
• Replace second RemoteLoader with TargetLoader by @lesander in #74
• Update chrome.py by @cobyge in #75
• Firefox: Added path to snap directories by @cobyge in #70
• Add linting for minimal supported Python version by @pyrco in #76
• Add thumbcache plugin by @Miauwkeru in #68
• Allow remote loader to use embedded certificates (DIS-1518) by @cecinestpasunepipe in #77
• Open volume through partition instead of ourselves by @Schamper in #78
• Remove duplicate registration of vmdk and ewf by @Schamper in #79
• Fix birthtime for FFS1 filesystems by @Schamper in #81
• Move stacktrace from warning message to debug by @Schamper in #82
• Refactor filesystem code by @pyrco in #83
• Add USN Journal path acquired by Velociraptor by @Zawadidone in #59
• Add index of Shimcache entry to ShimcacheRecord by @Zawadidone in #64
• Add WordWheelQuery key to MRU plugin by @Miauwkeru in #80
• Add Virtuozzo as child target by @Zawadidone in #85
• Improve Defender records by @cecinestpasunepipe in #86
• Return individual visits for browser history by @Schamper in #92
• Virtuozzo return bool whether target is compatible by @Zawadidone in #89
• Skip emulation drives in local loader by @cecinestpasunepipe in #94
• Adhere to the correct path separators by @pyrco in #90
• Add browser history plugin for Edge by @Wouter-Jansen in #93
• Use the correct volume in the tar loader by @pyrco in #91
• Add MUIcache plugin by @Zawadidone in #87
• Update the version of flow.record to 3.7 by @pyrco in #99

New Contributors

• @lesander made their first contribution in #74
• @cobyge made their first contribution in #75

Full Changelog: 3.3...3.4