| Key | Value |
|---|---|
| FileSize | 1152318 |
| MD5 | 489165EF904D557A38BC3DE5E2F6C30E |
| PackageDescription | super timeline all the things Plaso (plaso langar að safna öllu) is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. |
| PackageMaintainer | Debian Forensics <forensics-devel@lists.alioth.debian.org> |
| PackageName | plaso |
| PackageSection | admin |
| PackageVersion | 1.5.1+dfsg-3 |
| SHA-1 | D4701E9729E9BB05720F88A2EBB0930511CC6CE3 |
| SHA-256 | 9D46642FDF86FA8C9D23AEC0A8FFCA58E1F590E747F2A92B0D38327EA5947765 |
| hashlookup:children-total | 419 |
| hashlookup:trust | 50 |
The searched file hash includes 419 children files known and seen by metalookup. A sample is included below:
| Key | Value |
|---|---|
| FileName | ./usr/lib/python2.7/dist-packages/plaso/analyzers/__init__.py |
| FileSize | 175 |
| MD5 | A251FFA6B10BD2DFFB9756DC128C93F1 |
| SHA-1 | 00C526B15116E2BAC1F22562E839B6405D66F494 |
| SHA-256 | 47AF135928DE0D1B39B27264E7C7C37901CE24578D340F0F5D439681C2086D05 |
| SSDEEP | 3:SyIFGaMIQlAyIT5MWEMiFExbQwERAIuR5EQXJLHNR8O2Ii0Wb6lNR8O2Ii71:SbFGaMtlAySt6xmpR59XpNuO2xeNuO2f |
| TLSH | T15DC08C1225922C80C26DA5830EF10FF1837A9204EAE0EF96CC288A7803732049EAD195 |
| tar:gname | bin |
| tar:uname | root |
| Key | Value |
|---|---|
| FileName | ./usr/lib/python2.7/dist-packages/plaso/multi_processing/task_engine.py |
| FileSize | 31879 |
| MD5 | 622BBCBBBCB02C62F4C707B8677A6564 |
| SHA-1 | 01EF5321AFB6A883D9CC454CDBA86DF9F3563DA3 |
| SHA-256 | DB6F21400652D4C11646FB90EDD9423E3FBED50228809394A785D8B23989E1B5 |
| SSDEEP | 384:RRDkHA5N+HB6+O6NrKbtB54+MvtTbMTtFR0v0dLWA:fAvVtTbMTt/0k |
| TLSH | T16EE245B2C41C9D2243C79E19B9EABA434FAA05077B2D003979BCC52C5F53D6946E1CFA |
| tar:gname | bin |
| tar:uname | root |
| Key | Value |
|---|---|
| FileName | ./usr/lib/python2.7/dist-packages/plaso/parsers/plist_plugins/install_history.py |
| FileSize | 1702 |
| MD5 | AD8015AB2EA7207870D70BC45995F829 |
| SHA-1 | 0203817EB0632285756D12693BEC39CBD0651793 |
| SHA-256 | D8936BFA1A38F867EEC6AB102F64F72301114519FCF392F344F6C1D382158BBF |
| SSDEEP | 48:B8MwEhDhA2FER5J6Pm2PqPPUiOcEH/MXu6PTzTx/7MV:BpwedAVX0mIXiVy+veV |
| TLSH | T17B314F07D8625B2059E7972F084E2812A73CDA67E5407BB87FDD52182F03813D7B69F9 |
| tar:gname | bin |
| tar:uname | root |
| Key | Value |
|---|---|
| FileName | snap-hashlookup-import/autopsy/autopsy/plaso/plaso-20180818-Win32/data/signatures.conf |
| FileSize | 1003 |
| MD5 | 9A078038C1D2287A0D85C2CF4C389480 |
| RDS:package_id | 290427 |
| SHA-1 | 02417FF4923A7E63283F32AD9B1487669DD347AF |
| SHA-256 | D351E69CCF7A04D32BCBA51D9C7E9A7C9BC282116CA7C1379E24EEEAA6D5E365 |
| SHA-512 | F1B0473338C05069536A3B2C6606A013896D828010E3E36456A31D3DC8039E7C4014DF949AEA52F2D65471DF373C7AB3909666C0A10F2906BAE26AE1C5F56CDD |
| SSDEEP | 24:RLH2GAVc2lDRPRmJVrKBmgie+vyATUg++ZJYn:pWG6huewg+mYJY |
| TLSH | T109119CCBC542E21D0AE3C1486533767BDC46C1BBDE91A3A19B86026B677491F20856C5 |
| insert-timestamp | 1727059720.8666077 |
| mimetype | text/plain |
| source | snap:y8oWykEX9qjnW8iU8TrtCsr1rjzFDQh4_3 |
| tar:gname | bin |
| tar:uname | root |
| Key | Value |
|---|---|
| FileName | ./usr/lib/python2.7/dist-packages/plaso/parsers/winreg_plugins/typedurls.py |
| FileSize | 1940 |
| MD5 | E01E0DC5F0A3168641A2E9984E2340CB |
| SHA-1 | 029A425FA90AD2EB531E77E11B9AB64890FFF9BB |
| SHA-256 | FF8A896B69A502334D4C8ED2CADFD43FB399857F4EB2DE2C4116C0CA7703EF30 |
| SSDEEP | 48:UbMsWhVhs0TuO/piAouo6OvUabQmm+tRfos8SFbEI:UwBvs0TuqwAouo6OvUSQNaMS2I |
| TLSH | T1A341E00BBD25940397E2165C0D4F25A241D745A768545AACBA3C42D8BF93CCBC27B3FE |
| tar:gname | bin |
| tar:uname | root |
| Key | Value |
|---|---|
| CRC32 | 2B7C8330 |
| FileName | ./usr/lib/python2.7/dist-packages/plaso/formatters/android_calls.py |
| FileSize | 641 |
| MD5 | ED7646B191FCEDE5C39DB861FF69A709 |
| OpSystemCode | 362 |
| ProductCode | 17409 |
| SHA-1 | 034D5E27B7A11573452E0E8B01A2D886C4D733CB |
| SHA-256 | F43E2A159E6E6B9D781FEECF192C91AE31D2EEDB42599E5E25F5F6A846CF7F52 |
| SSDEEP | 12:icKyiYoPNEarNEbr+fS+KY66F0EZk8H1Gg8fudQPT8H/onKmNxfHRaN3xCpSX5n3:laNxNw4B3Ff58WdQeonbNVY3qSXt3 |
| SpecialCode | |
| TLSH | T167F04972C31B5A11297F97DEAA8C06108F7D21A39C622507F87C0CA82B53E45D69DB12 |
| db | nsrl_modern_rds |
| insert-timestamp | 1646979049.5182524 |
| source | NSRL |
| tar:gname | bin |
| tar:uname | root |
| Key | Value |
|---|---|
| FileName | ./usr/lib/python2.7/dist-packages/plaso/multi_processing/engine.py |
| FileSize | 13204 |
| MD5 | D6171752645B218D9EF851D1DAD1FC9E |
| SHA-1 | 03EBC0BCA518FD5B54EE4C2820D797CAEC142E8E |
| SHA-256 | ADA60B5A42F8AB8D2764342EDC7F4DC11EE581432D4D71522EF126B2FB6296D9 |
| SSDEEP | 384:iytlNm1qzJrEjQKfqF0hrsAW0Iyc+f+Pc4H0f5hPP1Uj8v:iam1q9QFfqa5sAW0IyPf+Pc4Uf5V1Ujs |
| TLSH | T118523E26D92D59178BE7542AB9EBA1832FCE4C13232564383CFCC1583F119E5C698DBB |
| tar:gname | bin |
| tar:uname | root |
| Key | Value |
|---|---|
| FileName | ./usr/lib/python2.7/dist-packages/plaso/formatters/winevtx.py |
| FileSize | 2416 |
| MD5 | 5C21F2882C54E3048F6587285E8BD0C9 |
| SHA-1 | 042E202D0F88646825DA3ADD576F778A3788B19A |
| SHA-256 | 0C09A6686773236D8B586805ED984CF13DC87F2AEEF179E431C20BF10D6779AF |
| SSDEEP | 48:/HjcoeUBGFt80w4tnViyIuzWbGjuUeu9nLeE3NLNC7RpYVIsIL:1efFmGn9KG2Wp3NLI7PYVIsIL |
| TLSH | T16141DB33E8265859485B8A9FB2CC71819F2C22A3582039B3F9EC0C244F27D4A82F57A5 |
| tar:gname | bin |
| tar:uname | root |
| Key | Value |
|---|---|
| FileName | ./usr/lib/python2.7/dist-packages/plaso/parsers/syslog_plugins/cron.py |
| FileSize | 2035 |
| MD5 | 298D3C9BAC2A53A18F3B86704535426A |
| SHA-1 | 04A789F810F6DBDEFE82020A8E7DA2CD2353C182 |
| SHA-256 | 0DA56B2E5E51DDC027BE4676ABC3ADCEE6B187FF0EBC24730943750BAF31CFE0 |
| SSDEEP | 48:ZhfihdkVDIJmuOWKbX9c3OhGOFg2Wx4gvrbq:Tf8mIkuOWKxc3OhGO25zW |
| TLSH | T1E2417213D4391F342127245E2CCE68894740D523AB02DA6AFCEC1F2EAF06616EA33DB4 |
| tar:gname | bin |
| tar:uname | root |
| Key | Value |
|---|---|
| CRC32 | 59C20F7B |
| FileName | ./usr/lib/python2.7/dist-packages/plaso/formatters/mcafeeav.py |
| FileSize | 757 |
| MD5 | 98A47DD8189C58A82EAC821EFB4F95C6 |
| OpSystemCode | 362 |
| ProductCode | 17409 |
| SHA-1 | 04CC1953E0D19AF5C2D8F930CE6202E721CE1BA1 |
| SHA-256 | EB9C812575E317627133E3B5A5BDFC933721F6DAD851092C734C12F6899F8DF1 |
| SSDEEP | 12:icKy/oPNEarNEbr+skWcNKHQc6FEIGjhEK8H1K0W5CL+iqQiG8HEqQiimN7BxCpR:lSNxNw6NrZFhWVcwQivQizNbqSXH+ |
| SpecialCode | |
| TLSH | T18901C533E15F310245CB02EF4B490440973932939D423967F4FDA9711F37D8846E662B |
| db | nsrl_modern_rds |
| insert-timestamp | 1646979573.779086 |
| source | NSRL |
| tar:gname | bin |
| tar:uname | root |