Skip to content

CHANGELOG.md

Latest commit

 

History

History
70 lines (49 loc) · 3.22 KB

CHANGELOG.md

File metadata and controls

70 lines (49 loc) · 3.22 KB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[6.1.0] - 2025-12-27

Added

  • 22 new plugins covering additional forensic artifacts:

    • NTUSER plugins: recentdocs, comdlg32, runmru, muicache, appkeys, sysinternals, putty
    • SOFTWARE plugins: app_paths, appinit_dlls, appcert_dlls, appcompat_flags, windows_defender, powershell_logging, execution_policy, networklist
    • SYSTEM plugins: usb_devices, mounted_devices, shares, pagefile, lsa_packages, pending_file_rename
    • SAM plugins: samparse - Parses user accounts with login times, password info, account flags

  • Plugin validation system - Plugins are now tracked for validation status

    • Validation status stored in validated_plugins.json, generated by the test framework and shipped with the package
    • is_plugin_validated() function to check validation status
    • Unvalidated plugins log a warning when executed

  • --include-unvalidated CLI flag for regipy-plugins-run command

    • By default, only validated plugins are executed
    • Use this flag to include plugins that don't have validation test cases

  • include_unvalidated parameter for run_relevant_plugins() function

    • Default: False (only validated plugins run)
    • Set to True to include unvalidated plugins

Changed

  • Default plugin behavior: Only validated plugins run by default. This is a safer default as unvalidated plugins may return incomplete or inaccurate data.
  • Updated README with comprehensive plugin list organized by hive type
  • Updated plugin validation documentation

[6.0.0] - 2025-12-25

Breaking Changes

  • Minimum Python version raised to 3.9 - Dropped support for Python 3.6, 3.7, and 3.8
  • Removed attrs dependency - All data classes (Cell, VKRecord, LIRecord, Value, Subkey) now use Python's built-in dataclasses module instead of attrs
    • If you used attr.asdict() on these classes, switch to dataclasses.asdict()
    • If you used attr.fields() or other attrs introspection, switch to dataclasses.fields()
  • Removed setup.py - Package now uses pyproject.toml exclusively (PEP 517/518)

Added

  • pyproject.toml with full PEP 621 metadata
  • py.typed marker for PEP 561 type checking support
  • Pre-commit configuration with ruff and mypy hooks
  • Consolidated CI workflow with test matrix for Python 3.9-3.13
  • Development documentation in README

Changed

  • Migrated from flake8 to ruff for linting and formatting
  • Modernized Python syntax throughout codebase (f-strings, type hints, import sorting)
  • Consolidated GitHub Actions workflows into unified ci.yml and publish.yml
  • Updated all GitHub Actions to latest versions (v4/v5)

Removed

  • setup.py (replaced by pyproject.toml)
  • .flake8 configuration (replaced by ruff config in pyproject.toml)
  • Legacy GitHub workflow files (python-package.yml, python-publish.yml, tests.yml)

[5.2.0] and earlier

See GitHub Releases for previous versions.