Removed provides from definitions (ForensicArtifacts#612)

artifacts/data/legacy.yaml

@@ -9,7 +9,6 @@ doc: The %ProgramData% environment variable.
 sources:
 - type: REGISTRY_VALUE
   attributes: {key_value_pairs: [{key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList', value: 'ProgramData'}]}
-provides: [environ_allusersappdata]
 supported_os: [Windows]
 urls: ['http://environmentvariables.org/ProgramData']
 ---
@@ -21,7 +20,6 @@ sources:
     keys:
     - 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\ProfilesDirectory'
     - 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\AllUsersProfile'
-provides: [environ_allusersprofile]
 supported_os: [Windows]
 urls: ['http://support.microsoft.com/kb//214653']
 ---
@@ -40,7 +38,6 @@ sources:
     - '/etc/oracle-release'
     - '/etc/redhat-release'
     - '/etc/system-release'
-provides: [os_release, os_major_version, os_minor_version]
 supported_os: [Linux]
 ---
 name: SystemDriveEnvironmentVariable
@@ -52,7 +49,6 @@ doc: |
 sources:
 - type: REGISTRY_VALUE
   attributes: {key_value_pairs: [{key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion', value: 'SystemRoot'}]}
-provides: [environ_systemdrive]
 supported_os: [Windows]
 urls:
 - 'http://environmentvariables.org/SystemDrive'
@@ -63,7 +59,6 @@ doc: The Windows domain the system is connected to.
 sources:
 - type: REGISTRY_VALUE
   attributes: {key_value_pairs: [{key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters', value: 'Domain'}]}
-provides: [domain]
 supported_os: [Windows]
 ---
 name: WindowsEnvironmentVariableAllUsersAppData
@@ -73,6 +68,5 @@ sources:
   attributes:
     key_value_pairs:
     - {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList', value: 'ProgramData'}
-provides: [environ_allusersappdata]
 supported_os: [Windows]
 urls: ['http://environmentvariables.org/ProgramData']

artifacts/data/linux.yaml

@@ -87,7 +87,6 @@ doc: Debian version information.
 sources:
 - type: FILE
   attributes: {paths: ['/etc/debian_version']}
-provides: [os_release, os_major_version, os_minor_version]
 supported_os: [Linux]
 ---
 name: DNSResolvConfFile
@@ -285,7 +284,6 @@ sources:
     - '/etc/rocky-release'
     - '/etc/SuSE-release'
     - '/etc/system-release'
-provides: [os_release, os_major_version, os_minor_version]
 supported_os: [Linux]
 ---
 name: LinuxDSDTTable
@@ -410,7 +408,6 @@ doc: Linux Standard Base (LSB) release information
 sources:
 - type: FILE
   attributes: {paths: ['/etc/lsb-release']}
-provides: [os_release, os_major_version, os_minor_version]
 supported_os: [Linux]
 urls: ['https://linux.die.net/man/1/lsb_release']
 ---
@@ -499,7 +496,6 @@ sources:
     - LinuxDistributionRelease
     - LinuxLSBRelease
     - LinuxSystemdOSRelease
-provides: [os_release, os_major_version, os_minor_version]
 supported_os: [Linux]
 ---
 name: LinuxRsyslogConfigs
@@ -613,7 +609,6 @@ sources:
     paths:
     - '/etc/os-release'
     - '/usr/lib/os-release'
-provides: [os_release, os_major_version, os_minor_version]
 supported_os: [Linux]
 urls: ['https://www.freedesktop.org/software/systemd/man/os-release.html']
 ---
@@ -736,7 +731,6 @@ doc: Linux wtmp login record file
 sources:
 - type: FILE
   attributes: {paths: ['/var/log/wtmp']}
-provides: [users.username, users.last_logon]
 supported_os: [Linux]
 urls: ['https://github.com/libyal/dtformats/blob/main/documentation/Utmp%20login%20records%20format.asciidoc']
 ---
@@ -821,7 +815,6 @@ doc: Linux netgroup configuration.
 sources:
 - type: FILE
   attributes: {paths: ['/etc/netgroup']}
-provides: [users.username]
 supported_os: [Linux]
 ---
 name: NtpConfFile

artifacts/data/macos.yaml

@@ -971,7 +971,6 @@ sources:
     - '%%users.homedir%%/Library/Application Support/com.apple.backgroundtaskmanagementagent/backgrounditems.btm'
     - '/private/var/db/com.apple.backgroundtaskmanagement/BackgroundItems-v*.btm'
     - '/var/db/com.apple.backgroundtaskmanagement/BackgroundItems-v*.btm'
-
 supported_os: [Darwin]
 urls:
 - 'https://forensics.wiki/mac_os_x_10.9_artifacts_location#autorun-locations-2'

artifacts/data/user.yaml

@@ -22,6 +22,5 @@ doc: Contents of the Users directory.
 sources:
 - type: PATH
   attributes: {paths: ['/Users/*']}
-supported_os: [Darwin]
-provides: [users.username]
+supported_os: [Darwin, Windows]
 urls: ['https://forensics.wiki/mac_os_x_10.9_artifacts_location#users']

artifacts/data/windows.yaml

@@ -427,7 +427,6 @@ sources:
   attributes:
     key_value_pairs:
     - {key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CodePage', value: 'ACP'}
-provides: [code_page]
 supported_os: [Windows]
 urls: ['https://winreg-kb.readthedocs.io/en/latest/sources/system-keys/Codepage.html']
 ---
@@ -767,7 +766,6 @@ sources:
   attributes:
     key_value_pairs:
     - {key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters', value: 'Domain'}
-provides: [domain]
 supported_os: [Windows]
 ---
 name: WindowsDisallowedSystemCertificates
@@ -810,7 +808,6 @@ sources:
   attributes:
     key_value_pairs:
     - {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList', value: 'AllUsersProfile'}
-provides: [environ_allusersprofile]
 supported_os: [Windows]
 urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
 ---
@@ -834,7 +831,6 @@ sources:
   attributes:
     key_value_pairs:
     - {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion', value: 'CommonFilesDir'}
-provides: [environ_commonprogramfiles]
 supported_os: [Windows]
 urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
 ---
@@ -845,7 +841,6 @@ sources:
   attributes:
     key_value_pairs:
     - {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion', value: 'CommonFilesDir (x86)'}
-provides: [environ_commonprogramfilesx86]
 supported_os: [Windows]
 urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
 ---
@@ -856,7 +851,6 @@ sources:
   attributes:
     key_value_pairs:
     - {key: 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment', value: 'ComSpec'}
-provides: [environ_comspec]
 supported_os: [Windows]
 urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
 ---
@@ -867,7 +861,6 @@ sources:
   attributes:
     key_value_pairs:
     - {key: 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment', value: 'DriverData'}
-provides: [environ_driverdata]
 supported_os: [Windows]
 urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
 ---
@@ -879,7 +872,6 @@ sources:
   attributes:
     key_value_pairs:
     - {key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment', value: 'Path'}
-provides: [environ_path]
 supported_os: [Windows]
 urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
 ---
@@ -890,7 +882,6 @@ sources:
   attributes:
     key_value_pairs:
     - {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList', value: 'ProfilesDirectory'}
-provides: [environ_profilesdirectory]
 supported_os: [Windows]
 urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
 ---
@@ -901,7 +892,6 @@ sources:
   attributes:
     key_value_pairs:
     - {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList', value: 'ProgramData'}
-provides: [environ_programdata]
 supported_os: [Windows]
 urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
 ---
@@ -917,7 +907,6 @@ sources:
   attributes:
     key_value_pairs:
     - {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion', value: 'ProgramFilesDir'}
-provides: [environ_programfiles]
 supported_os: [Windows]
 urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
 ---
@@ -933,7 +922,6 @@ sources:
   attributes:
     key_value_pairs:
     - {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion', value: 'ProgramFilesDir (x86)'}
-provides: [environ_programfilesx86]
 supported_os: [Windows]
 urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
 ---
@@ -945,7 +933,6 @@ doc: |
 sources:
 - type: ARTIFACT_GROUP
   attributes: {names: ['WindowsEnvironmentVariableSystemRoot']}
-provides: [environ_systemdrive]
 supported_os: [Windows]
 urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
 ---
@@ -965,7 +952,6 @@ sources:
   attributes:
     key_value_pairs:
     - {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion', value: 'SystemRoot'}
-provides: [environ_systemroot]
 supported_os: [Windows]
 urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
 ---
@@ -977,7 +963,6 @@ sources:
   attributes:
     key_value_pairs:
     - {key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment', value: 'TEMP'}
-provides: [environ_temp]
 supported_os: [Windows]
 urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
 ---
@@ -997,7 +982,6 @@ sources:
   attributes:
     key_value_pairs:
     - {key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment', value: 'windir'}
-provides: [environ_windir]
 supported_os: [Windows]
 urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
 ---
@@ -2075,7 +2059,6 @@ doc: The current control set of the Windows Registry.
 sources:
 - type: REGISTRY_VALUE
   attributes: {key_value_pairs: [{key: 'HKEY_LOCAL_MACHINE\System\Select', value: 'Current'}]}
-provides: [current_control_set]
 supported_os: [Windows]
 urls: ['https://github.com/libyal/winreg-kb/blob/main/documentation/System%20keys.asciidoc']
 ---
@@ -2101,7 +2084,6 @@ doc: |
 sources:
 - type: REGISTRY_VALUE
   attributes: {key_value_pairs: [{key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\*', value: 'ProfileImagePath'}]}
-provides: [users.sid, users.userprofile, users.homedir, users.username]
 supported_os: [Windows]
 urls: ['http://msdn.microsoft.com/en-us/library/windows/desktop/bb776892(v=vs.85).aspx']
 ---
@@ -3065,7 +3047,6 @@ sources:
     key_value_pairs:
     - {key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation', value: 'StandardName'}
     - {key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation', value: 'TimeZoneKeyName'}
-provides: [time_zone]
 supported_os: [Windows]
 urls: ['https://winreg-kb.readthedocs.io/en/latest/sources/system-keys/Time-zones.html']
 ---
@@ -3340,19 +3321,6 @@ sources:
     - 'HKEY_USERS\%%users.sid%%\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\*'
     - 'HKEY_USERS\%%users.sid%%\Environment\*'
     - 'HKEY_USERS\%%users.sid%%\Volatile Environment\*'
-provides:
-- users.cookies
-- users.appdata
-- users.personal
-- users.startup
-- users.homedir
-- users.desktop
-- users.internet_cache
-- users.localappdata
-- users.localappdata_low
-- users.recent
-- users.userprofile
-- users.temp
 supported_os: [Windows]
 ---
 name: WindowsWebCacheStorageQuotaDatabaseFile

artifacts/data/wmi.yaml

@@ -16,7 +16,6 @@ doc: |
 sources:
 - type: WMI
   attributes: {query: SELECT * FROM Win32_UserAccount WHERE name='%%users.username%%'}
-provides: [users.userdomain]
 supported_os: [Windows]
 urls: ['http://msdn.microsoft.com/en-us/library/windows/desktop/aa394507(v=vs.85).aspx']
 ---
@@ -184,7 +183,6 @@ doc: |
 sources:
 - type: WMI
   attributes: {query: SELECT * FROM Win32_UserProfile WHERE SID='%%users.sid%%'}
-provides: [users.homedir]
 supported_os: [Windows]
 urls: ['http://msdn.microsoft.com/en-us/library/windows/desktop/ee886409(v=vs.85).aspx']
 ---

artifacts/definitions.py

@@ -29,7 +29,7 @@
     # labels have been deprecated as of version 20220311.
     'labels',
     'name',
-    # `provides` have been deprecated.
+    # provides have been deprecated as of version 20240210.
     'provides',
     'sources',
     'supported_os',