forked from ydkhatri/mac_apt
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCHANGES.txt
108 lines (82 loc) · 4.56 KB
/
CHANGES.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
Updates in 20200426 (v0.6):
+ APFS encryption support added, encrypted volumes can be processed by sproviding password/recovery-key
+ FAST mode, which skips plugins IDEVICEBACKUPS, SPOTLIGHT, UNIFIEDLOGS
+ BASHSESSIONS is now TERMSESSIONS (it reads zsh history too)
+ Better HFS parsing, and reading of large files
+ Support for Maquisition created AFF4 images
! FSEVENTS plugin is now a lot faster
! Bugfixes, improvements in other plugins - QUICKLOOK, IMESSAGE, COOKIES
Updates in 20200426 (v0.5):
+ New Plugins - SCREENTIME, QUICKLOOK, TERMINALSTATE, APPLIST, COOKIES
+ Compatibility with macOS 10.15 separate System & Data volumes
+ Better disk space reporting for APFS & HFS
+ Added AFF4 support
+ FSEVENTS now works for iOS
+ BootVolume Spotlight parsing for Catalina
+ Add ssh known_hosts to RECENTITEMS
+ Add zsh history to bash session
+ Added column for recent_app in dockitems
! Fixed ios Spotlight bug
! Handling of * in format strings in UNIFIEDLOGS
Updates in 20190816 (v0.4.1):
+ RecentItems plugin now reads FileCreatedDates from APP.securebookmarks.plist
+ RecentItems plugin now gets Mounted dev/vol name from userglobalpref plist
+ RecentItems plugin now reads LastSaveFilePathBookmark
+ Better exception handling in some places
+ Now gracefully handles file open failure in MOUNTED mode (due to lacking permissions)
! Fixed bugs in Plugins - Printjobs, iDeviceInfo, Wifi
Updates in 20190720 (v0.4):
+ New plugins - FSEVENTS, SPOTLIGHT, MSOFICE, UNIFIEDLOGS, AUTOSTART, IDEVICEINFO
+ Added ability to process VMDK disk images
+ RecentItems now reads SFL2 files
+ API for reading XATTR on APFS & HFS
+ mac_apt_singleplugin is renamed to mac_apt_artifact_only
+ Lots of changes under the hood for APFS handling,
= enumerating files/folders is now several times faster
= encrypted volumes are detected properly now
= exporting or opening very large files is now supported
= now handles dirty APFS volume mounting using checkpoint processing
= disk processing is more robust now, less crash prone now!
! Fixed Bash sessions bug, not retrieving data from .historynew files
! Fixed a bug with MOUNTED mode
! Basicinfo now gets vol info on vol-only images
! Minor bug fixes to several plugins
Updates in 20180606 (v0.3):
+ Added FrequentlyVisitedSitesCache, NSNavLastRootDirectory & RecentlyClosedTabls.plist parsing to SAFARI plugin
+ Added GotoFieldHistory, RecentMoveCopyDestinations, BulkRename settings to RECENTITEMS plugin
+ Added detection of encrypted volumes and user friendly message
+ New plugins -iMessage, iNetAccounts, Quarantine, NetUsage
+ Add support for High Sierra's notifications (db2)
+ More documentation on wiki!
+ Native HFS parser made default, processing is much faster!
! Fixed Bash sessions exception on some binary UTF8 strings
! Fixed bugs with MOUNTED option, added more support for mounted disk parsing
! Fixed Notes bugs - 'table missing' bug for High Sierra, long notes related bug
! Excel sheet with > 1 million records is now handled correctly
! Several minor fixes
Updates in 20171230 (v0.2.6):
+ Instructions for macOS installation are now on the wiki
+ mac_apt modules listed and processed in same order on all platforms now
! This release is only to fix a bug with the Notes plugin that caused unpredictable behavior on OSX as the artifact source file was extracted but deleted before or during processing
Updates in 20171225 (v0.2.5):
+ Ships with compiled windows executables (no need to install python)!
+ New plugin - Notes
+ APFS volumes database now has UUID in its name, so if you re-run the script in the same folder, it will not parse the filesystem all over again.
! Fixes a minor bug with mac_apt_singleplugin that prevented it from running in last release
PRINTJOBS plugin can be used with singleplugin mode now
! -ve dates in RECENTITEMS are parsed correctly now
Updates in 20171207 (v0.2):
+ APFS support added, we can parse APFS containers and volumes now
+ New plugin - PrintJobs
+ Retrieves deleted users
+ Retrieves default user's password if 'autologon' was enabled
+ Sidebarlists plist is now parsed & Alias v3 parsing added
+ Vol created dates are now extracted from FXDesktopVolumePositions
+ Better ALIAS v2 parsing, new Info column in RecentItems output
! Bug fixed - now binary BLOBs write correctly to sqlite db
! Minor fixes in RecentItems and common.py
Updates in Version 20170902(v0.12):
+ New plugin BASHSESSIONS that parses bash_sessions and bash_history
+ Added processing of 'finder' plist to RECENTITEMS plugin
+ More user data is parsed (account policy data such as creation date, last password set date, password hint,..)
! Minor bug fixes