dissect.etl.etl
#
Module Contents#
Classes#
The main interface when controlling an ETL file. |
|
Functions#
Parse the event payload using the appropriate manifest, if available. |
Attributes#
- dissect.etl.etl.c_etl#
- class dissect.etl.etl.ETL(fh)#
The main interface when controlling an ETL file.
- calculate_timestamp(time_delta: int) datetime.datetime #
- get_filetime_for_event(time_delta: int) int #
- class dissect.etl.etl.Buffer(etl, offset)#
- __iter__() Iterable[EventRecord] #
- read_record(offset)#
Parse a record from a given offset inside a buffer.
- open()#
- class dissect.etl.etl.EventRecord#
- property header#
A header of the type Header
- property size#
Size of the whole record.
- property event#
Parse payload inside the event header.
- property Event#
- property aligned_size#
- __slots__ = ('_header', '_event')#
- __repr__()#
Return repr(self).
- class dissect.etl.etl.Event(header: dissect.etl.headers.headers.Header, event_manifest)#
- __slots__ = ['_record', '_manifest', '_struct', '_event', '_header']#
- __getattr__(k)#
- provider_name() Optional[str] #
Returns the manifest provider name.
- ts() datetime.datetime #
Returns the event timestamp.
- provider_id() uuid.UUID #
Returns the GUID of the provider from the header.
- symbol()#
- event_values() Dict[str, Any] #
Create an items view that holds event and header data.
The header data is additional information provided from a specific header. The event data is from a specific manifest file if it exists.
- __repr__()#
Return repr(self).
- dissect.etl.etl.parse_payload(header: dissect.etl.headers.headers.Header)#
Parse the event payload using the appropriate manifest, if available.