:py:mod:`dissect.target.plugins.apps.remoteaccess.teamviewer`
=============================================================

.. py:module:: dissect.target.plugins.apps.remoteaccess.teamviewer




Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.target.plugins.apps.remoteaccess.teamviewer.TeamViewerPlugin



Functions
~~~~~~~~~

.. autoapisummary::
   :nosignatures:

   dissect.target.plugins.apps.remoteaccess.teamviewer.parse_start



Attributes
~~~~~~~~~~

.. autoapisummary::

   dissect.target.plugins.apps.remoteaccess.teamviewer.RE_LOG
   dissect.target.plugins.apps.remoteaccess.teamviewer.RE_START
   dissect.target.plugins.apps.remoteaccess.teamviewer.TeamviewerIncomingRecord


.. py:data:: RE_LOG

.. py:data:: RE_START

.. py:data:: TeamviewerIncomingRecord

.. py:class:: TeamViewerPlugin(target: dissect.target.target.Target)

   Bases: :py:obj:`dissect.target.plugins.apps.remoteaccess.remoteaccess.RemoteAccessPlugin`


   TeamViewer client plugin.

   .. rubric:: References

   - https://teamviewer.com/en/global/support/knowledge-base/teamviewer-classic/contact-support/find-your-log-files
   - https://www.systoolsgroup.com/forensics/teamviewer/
   - https://benleeyr.wordpress.com/2020/05/19/teamviewer-forensics-tested-on-v15/


   .. py:attribute:: __namespace__
      :value: 'teamviewer'


      Defines the plugin namespace.


   .. py:attribute:: SYSTEM_GLOBS
      :value: ('sysvol/Program Files/TeamViewer/*.log', 'sysvol/Program Files (x86)/TeamViewer/*.log',...



   .. py:attribute:: SYSTEM_INCOMING_GLOBS
      :value: ('sysvol/Program Files/TeamViewer/*_incoming.txt', 'sysvol/Program Files...



   .. py:attribute:: USER_GLOBS
      :value: ('AppData/Roaming/TeamViewer/teamviewer*_logfile.log',...



   .. py:attribute:: RemoteAccessLogRecord


   .. py:attribute:: logfiles
      :type:  set[tuple[str, dissect.target.plugins.general.users.UserDetails | None]]


   .. py:attribute:: incoming_logfiles
      :type:  set[str]


   .. py:method:: check_compatible() -> None

      Perform a compatibility check with the target.

      This function should return ``None`` if the plugin is compatible with the current target (``self.target``).
      For example, check if a certain file exists. Otherwise it should raise an
      :class:`UnsupportedPluginError`.

      :raises UnsupportedPluginError: If the plugin could not be loaded.



   .. py:method:: logs() -> collections.abc.Iterator[RemoteAccessLogRecord]

      Yield TeamViewer client logs.

      TeamViewer is a commercial remote desktop application. An adversary may use it to gain persistence on a system.



   .. py:method:: incoming() -> collections.abc.Iterator[TeamviewerIncomingRecord]

      Yield TeamViewer incoming connection logs.

      TeamViewer is a commercial remote desktop application. An adversary may use it to gain persistence on a system.



.. py:function:: parse_start(line: str) -> datetime.datetime | None

   TeamViewer ``Start`` messages can be formatted in different ways
   and might contain the timezone offset of all timestamps.

   .. code-block::

       Start: 2021/11/11 12:34:56
       Start: 2024/12/31 01:02:03.123 (UTC+2:00)