On 04/24/2013 11:48 PM, Greg Freemyer wrote:
All,
Joachim Metz, from Google, has written a set of c libraries to work with Microsoft files in linux. LGPLv3+
A overview is at http://code.google.com/p/libyal/wiki/Overview
I have many of them now in factory with more coming. (If you see one you want that is not yet in factory, let me know.)
They often include CLI tools to use the functionality. See
libregf-tools - tools to parse MS registry files libevt-tools - tools to parse MS event logs in the pre-vista format libevtx-tools - tools to parse MS event logs in the vista and newer format libmsiecf-tools - tools to parse MS Internet Explorer Cache Files liblnk-tools - tools to parse MS link files. Similar to a symbolic link file libvshadow-tools (not yet submitted, find it in the filesystems repo) - tools to parse NTFS volume shadow copies libpff-tools - (not yet submitted, find it in the security repo) - tools to parse PST and OST files
I am most intrigued by libvshadow. This is the only OSS tool I know of that even tries to give users access to NTFS volume shadow copies.
FYI: The driving force behind me packaging most of these is that plaso is using them. Plaso is a new python application that parses filesystems and creates a single integrated timeline of all the activity found on the computer. It pulls events out of all of the above so the timeline can be comprehensive. (I don't think it uses libpff yet.)
I just saw that submit request, why did you call it python-plaso? If it's just an application that happens to be written in Python, you don't need (or want) the python- prefix. If it is a Python library that is potentially usable by others, you may want to submit it to devel:languages:python and develop it there.
I just submitted python-plaso to factory a few minutes ago, but I think all of the dependencies it needs are already there.
Greg
-- With kind regards, Sascha Peilicke SUSE Linux GmbH, Maxfeldstr. 5, D-90409 Nuernberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org