The Plaso development team has announced the new version of the tool – Heimdall. Here is the list of new features:

  • New parsers and plugins:
  • DC3 contributed SQLite database schema matching in SQLite plugins, to highlight situations where an application’s SQLite schema may have changed.
  • B3n7s added support for shield authentication in the ElasticSearch output module.
  • The EventData changed made it possible to implement merged MACB output in the l2tcsv output module. This reduces the noise from file timestamp updates significantly, and resolves a longstanding issue.
  • Psteal.py is a new Plaso frontend that simplifies the most common Plaso use case of processing an image, and producing a human-readable output. Essentially, psteal runs log2timeline, then psort immediately afterwards.

You can read more about the release here and download it here.

Load More Related Articles
Load More In Software

Leave a Reply

Your email address will not be published. Required fields are marked *