Code review: 275750043: Corrections in filter file log2timeline#397

config/dpkg/changelog

@@ -2,4 +2,4 @@ python-plaso (1.3.1-1) unstable; urgency=low
 
   * Auto-generated
 
- -- Log2Timeline <[email protected]>  Wed, 28 Oct 2015 21:20:45 +0100
+ -- Log2Timeline <[email protected]>  Fri, 30 Oct 2015 19:48:00 +0100

data/filter_windows.txt

@@ -16,7 +16,7 @@
 # * Browser cookie files: IE.
 # * Flash cookies, or LSO/SOL files from the Flash player.
 #
-# File system artifacts.
+# File system metadata files.
 /[$]MFT
 /[$]LogFile
 /[$]Extend/$UsnJrnl
@@ -27,32 +27,31 @@
 /RECYCLER
 /RECYCLER/.+
 /RECYCLER/.+/.+
-# Windows Registry hives.
+# Windows Registry files.
 /(Users|Documents And Settings)/.+/NTUSER[.]DAT
 /Users/.+/AppData/Local/Microsoft/Windows/Usrclass[.]dat
 /Documents And Settings/.+/Local Settings/Application Data/Microsoft/Windows/Usrclass[.]dat
-# {sysregistry} points to the location that contains the system hives,
-# eg: \Windows\System32\config.
-{sysregistry}/(SAM|SOFTWARE|SECURITY|SYSTEM)
+{systemroot}/System32/config/(SAM|SOFTWARE|SECURITY|SYSTEM)
 # Recent file activity.
-/Users/.+/AppData/Roaming/Microsoft/Windows/Recent/.+[.]LNK
-/Users/.+/AppData/Roaming/Microsoft/Office/Recent/.+[.]LNK
-/Documents And Settings/.+/Recent/.+[.]LNK
+/Users/.+/AppData/Roaming/Microsoft/Windows/Recent/.+[.]lnk
+/Users/.+/AppData/Roaming/Microsoft/Office/Recent/.+[.]lnk
+/Documents And Settings/.+/Recent/.+[.]lnk
+# Jump List files.
 /Users/.+/AppData/Roaming/Microsoft/Windows/Recent/Automaticdestinations/.+[.]automaticDestinations-ms
 /Users/.+/AppData/Roaming/Microsoft/Windows/Recent/Customdestinations/.+[.].customDestinations-ms
 # Windows Event Logs.
-{systemroot}/winevt/Logs/.+[.]evtx
-{systemroot}/config/.+[.]evt
+{systemroot}/System32/winevt/Logs/.+[.]evtx
+{systemroot}/System32/config/.+[.]evt
 # Various log files.
-{windir}/inf/setupapi[.].+[.]log
-{windir}/setupapi.log
-{windir}/System32/LogFiles/.+/.+[.]txt
-# Windows Artifacts.
-{windir}/Tasks/.+[.]job
-{windir}/Appcompat/Programs/Recentfilecache[.]bcf
-{windir}/Appcompat/Programs/AMcache[.]hve
+{systemroot}/inf/setupapi[.].+[.]log
+{systemroot}/setupapi.log
+{systemroot}/System32/LogFiles/.+/.+[.]txt
+# Windows artifacts.
+{systemroot}/Tasks/.+[.]job
+{systemroot}/Appcompat/Programs/Recentfilecache[.]bcf
+{systemroot}/Appcompat/Programs/AMcache[.]hve
 # Prefetch files.
-{windir}/Prefetch/.+[.]pf
+{systemroot}/Prefetch/.+[.]pf
 # Browser history artifacts.
 /Users/.+/AppData/Local/Microsoft/Windows/History/History.IE5/index[.]dat
 /Users/.+/AppData/Local/Microsoft/Windows/History/History.IE5/MSHist.+/index[.]dat

plaso/__init__.py

@@ -3,7 +3,7 @@
 __version__ = '1.3.1'
 
 VERSION_DEV = True
-VERSION_DATE = '20151028'
+VERSION_DATE = '20151030'
 
 
 def GetVersion():