dissect.target.loaders.velociraptor

Module Contents

Classes

VelociraptorLoader

Load Rapid7 Velociraptor forensic image files.

Functions

find_fs_directories

Attributes

FILESYSTEMS_ROOT

dissect.target.loaders.velociraptor.FILESYSTEMS_ROOT = 'uploads'

dissect.target.loaders.velociraptor.find_fs_directories(path: pathlib.Path) → tuple[dissect.target.plugin.OperatingSystem | None, list[pathlib.Path] | None]

class dissect.target.loaders.velociraptor.VelociraptorLoader(path: pathlib.Path, **kwargs)

Bases: dissect.target.loaders.dir.DirLoader

Load Rapid7 Velociraptor forensic image files.

References

• https://www.rapid7.com/products/velociraptor/

• https://docs.velociraptor.app/

• https://github.com/Velocidex/velociraptor

static detect(path: pathlib.Path) → bool

Detects wether this Loader class can load this specific path.

Parameters:

path – The target path to check.

Returns:

True if the path can be loaded by a Loader instance. False otherwise.

map(target: dissect.target.Target) → None

Maps the loaded path into a Target.

Parameters:

target – The target that we’re mapping into.