This release is identical to 3.16.1, except the hard dependencies on the `lz4` and `lzo` extras of `dissect.util` are turned into extras of the `dissect` package itself. These extras are not installed by default.
If you want optimized "native" code for lz4 and lzo decompression, you should install dissect using these extras like:
pip install dissect[lz4,lzo]
Highlights
- Plugins:
- New libvirt and qemu child plugins
- New plugin to extract unsaved notepad tabs
- 90% speedup in walkfs plugin
- New plugin to extract windows update agent information
- New plugin to extract Windows Jump List information
- New MFT segmentation ability
- Option to use a different starting directory in etc plugin using --root
- Support for Windows 10 added in Windows USB plugin
- Yara plugin was separated from target-query into target-yara command
- Loaders:
- VirtualBox .vdi files loader now case insensitive for the format attributes
- Graceful handle for missing physical disks in LVM
- New support for Android backups
- OS support:
- More robust ESXi OS initialization
- target-tools:
- New options added to `target-fs ls` (`-l` and `-h`),
- Cleanup and extension of a number of target-shell commands
- Shell history added to traget-shell
- Misc:
- If a project (currently dissect.target, dissect.squashfs and dissect.target) uses lzo/lz4 it will now automatically fall back to the pure python implementation in dissect.util if no C version is installed
- cstruct fix for nested structure definitions
Contributors
Thanks to our contributors for making this release possible:
EmilienCourt
joost-j
JSCU-CNI
M1ra1B0T
Matthijsy
michoebey
mick-314
OlafHaalstra
Zawadidone
Full Changelogs