`dissect.target.plugins.apps.remoteaccess.anydesk`#

Module Contents#

Classes#

AnydeskPlugin

Anydesk plugin.

class dissect.target.plugins.apps.remoteaccess.anydesk.AnydeskPlugin(target)#

Bases: dissect.target.plugin.Plugin

Anydesk plugin.

__namespace__ = 'anydesk'#

GLOBS = ['/sysvol/ProgramData/AnyDesk/*.trace']#

check_compatible()#

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:: UnsupportedPluginError – If the plugin could not be loaded.

remoteaccess()#

Return the content of the AnyDesk logs.

AnyDesk is a remote desktop application and can be used by adversaries to get (persistent) access to a machine. Log files (.trace files) are retrieved from /ProgramData/AnyDesk/ and AppData/roaming/AnyDesk/

Sources:

https://www.inversecos.com/2021/02/forensic-analysis-of-anydesk-logs.html

dissect.target.plugins.apps.remoteaccess.anydesk#

Module Contents#

Classes#

`dissect.target.plugins.apps.remoteaccess.anydesk`#