mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
autopsy-flatpak/thirdparty/rr-full/updates.txt
Mark McKinnon 78042da4c7 Update Changed plugins 
Update Plugins that have changed from Autopsy's last version of Regripper.
2020-04-29 10:50:49 -04:00

232 lines
5.7 KiB
Plaintext
Raw Permalink Blame History

20141112
-created mixer.pl,mixer_tln.pl,audiodev.pl
21041111
-updated usb.pl, usbstor.pl, wpdbusenum.pl
20141103
-updated inprocserver.pl to include detection for PowerLiks
20141015
-updated/modified usb.pl, usbstor.pl, wpdbusenum.pl
20140821
-created at.pl, at_tln.pl
20140808
-updated inprocserver.pl, removed inprocserver_u.pl
20140807
-created del.pl, del_tln.pl
20140730
-updated winzip.pl
-updated ares.pl (G. Nieves submission)
-updated lsa_packages.pl & shares.pl (S. Kelm submission)
-created secrets.pl, based on input from Jamie Levy
20140724
-updated appcompatcache.pl w/ 64-bit Win8.1 support, based on
data provided by Shafik Punja
20140723
-updated applets.pl
-updated ie_version.pl
20140721
-update to mountdev2.pl submitted/incorporated
------------------------------------------------------------
20140512
-updated uninstall.pl, uninstall_tln.pl
20140510
-added profiler.pl
20140501 (These plugins were added to the available online archive)
-added processor_architecture.pl, wevtx.pl (C. Harrell)
-updated pagefile.pl (C. Harrell)
20140416
-updated usbdevices.pl (updates by J. Chau)
20140415
-added winevt.pl (C. Harrell)
-removed winlivemail.pl, winlivemsn.pl (errors)
-removed streammru.pl, streams.pl
20140414
-added knowndev.pl, ddo.pl (J. Chau)
-RELEASED
20140408
-updated lsasecrets.pl (improved error message)
20140326
-created susclient.pl
20142020
-updated recentdocs_tln.pl
20140203
-added winscp.pl (not associated with winscp_sessions.pl)
20140131
-added reading_locations.pl, from Jason Hale
20140115
-updated user_run.pl to look for odd char in paths
20131210
-updated crashcontrol.pl
-updated amcache.pl
20131118
-created cdstaginginfo.pl
20131108
-updated svc.pl to look for WOW64 value in service keys;
indicative of a 32-bit EXE running on a 64-bit OS
20131025
-created startup.pl
20131011
-created kankan.pl plugin
20131010
-created vawtrak.pl
-updated svcll.pl with Derbusi detection
-updated svc.pl (Backdoor.Kopdel checks)
20131009
-created ahaha.pl
20131008
-created opencandy.pl plugin
20131007
-created lazyshell.pl, comfoo.pl
-updated imagefile.pl with carnal0wnage link to sticky keys info
20130930
-updated appcompatflags.pl to support Win8 Store key
20130925
-retired compatassist.pl; functionality rolled into appcompatflags.pl
20130911
-updated svc.pl/svc_tln.pl to alert on FailureAction value
-updated installedcomp.pl to look for StubPath values that point to
rundll32, but point to other than a .dll (i.e., some malware points to
.cpl files)
20130910
-updated winlogon.pl/winlogon_tln.pl to check for GinaDLL value
20130905
-removed winlivemsn.pl from ntuser profile - Module dependencies make it
throw errors (if I had test data, I'd rewrite it)
-updated installedcomp.pl to make the output more searchable
-created netsvcs.pl plugin
20130904
-created rlo.pl plugin (all hives)
-updated backuprestore.pl (cleaned up code)
20130830
-updated timezone.pl, based on findings from Mike W.
20130801
-added initial Win8 support to appcompatcache.pl
-added cross-platform support to rip.pl (File::Spec)
20130731
-updated ie_settings.pl
20130711
-created pending.pl
20130706
-updated appcompatflags.pl to retrieve values from Persisted key
20130630
-updated usbstor.pl - added parsing of Properties values (Win7)
-updated devclass.pl - added additional device class check
20130603
-updated alert code (new alert function & check for ADSs)
-appcompatcache.pl,inprocserver.pl,clsid.pl
-appcompatcache_tln.pl,soft_run.pl,user_run.pl,srun_tln.pl,urun_tln.pl
-svc.pl,svcdll.pl,svc_tln.pl
20130530
-updated mountdev.pl to address endian issues in display of disk signatures
20130522
-minor changes to attachmgr.pl, attachmgr_tln.pl
20130514
-updated itempos.pl to parse ItemPos* value data beneath ShellNoRoam\Bags subkeys
20130513
-updated userinfo.pl to include UserName value beneath "Common" subkey
20130509
-added alert and warnings to appcompatcache.pl, appcompatcache_tln.pl
-updated svc.pl, retired svc2.pl
-created svc_tln.pl, based on svc.pl
20130504
-added alert to Run key plugins to check for %AppData% paths (malware)
20130429
-created winlogon_tln.pl, applets_tln.pl
-added alertMsg() func. to:
-brisv.pl, inprocserver.pl, inprocserver_u.pl, iejava.pl,
spp_clients.pl
-retired scanwithav.pl (func. included in attachmgr.pl)
-retired taskman.pl (func. included in winlogon.pl)
-retired vista_wireless.pl (func. in networklist.pl)
20130425
-RegRipper and rip updated to v2.8; added alertMsg() capability
-retired userinit.pl (functionality included in winlogon.pl)
-created new plugins
-srun_tln.pl, urun_tln.pl,cmdproc_tln.pl
-cmd_shell_tln.pl,muicache_tln.pl
-added alertMsg() functionality to rip.pl, rr.pl, and plugins
-appcompatcache.pl, appcompatcache_tln.pl
-appinitdlls.pl
-soft_run.pl, user_run.pl
-imagefile.pl
-winlogon.pl, winlogon_u.pl
-muicache.pl (look for values with "[Tt]emp" paths)
-attachmgr.pl (look for values per KB 883260)
-virut.pl
-cmdproc.pl, cmd_shell.pl
20130411
-retired specaccts.pl & notify.pl; incorporated functionality into
winlogon.pl
20130410
-retired taskman.pl; merged into winlogon.pl
-updated winlogon.pl (Wow6432Node support, etc.)
-updated winlogon_u.pl (Wow6432Node support)
-updated shellexec.pl, imagefile.pl, installedcomp.pl (Wow6432Node support)
20130409
-added drivers32.pl (C. Harrell) to the archive
20130408
-updated bho.pl to support Wow6432Node
20130405
-updated cmd_shell.pl to include Clients subkey in the Software hive
-created cmd_shell_u.pl
-fixed issue with rip.exe syntax info containing 'rr'
-fixed banner in findexes.pl
Reference in New Issue View Git Blame Copy Permalink