All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Parsing functionality with
-paand-nswitches - Groups to specify what groups to collect and/or parse with switch
-g - Embadded default configuration YAML in release
- Changes to default configuration
- ZipFile metadata and header filename mismatch issue
- Added handling forensics disk image
-fswitch, which collect the artifacts from disk image instead of the live disk - Added icon for hoarder executable
- Added more artifacts to collect:
- Bits Admin database files
- Amcache files now collect all files in the folder, not just
Amcache.hve*
- Hoarder now does not depends on the OS to detect the Physical Drive to collect the files from, instead it will iterate over all the Phyisical Drives (\.\PhysicalDrive0, \.\PhysicalDrive1, etc.) and collect the files matching the configuration on
Hoarder.yml, it is hoarder literally ;) - Mutiple changes on
Hoarder.ymlconfig file
- Hoarder v3 now rebuilt to work with python3 instead of python2
- All extracted files now compressed directly to the ouput zip file, instead of writing it to the disk and compress it
- Major changes on the performance enhancement
- Reading the files content from physical disk in all cases instead of using (normal copy and justCopy options)
- Mutiple changes on
Hoarder.ymlconfig file to be more easier to write
- Add new object
Pluginswhich contain plugins such as list processes and services
- Fixed issue of compressing large files
- Removed the
metadata.csvfile temporarily and will be added soon - Removed Specify the volume letter, currently it auto-detect the running system