`dissect.target.plugins.os.windows.clfs`#

Module Contents#

Classes#

ClfsPlugin

CLFS Plugin.

Attributes#

ClfsRecord

dissect.target.plugins.os.windows.clfs.ClfsRecord#

class dissect.target.plugins.os.windows.clfs.ClfsPlugin(target: dissect.target.target.Target)#

Bases: dissect.target.plugin.Plugin

CLFS Plugin.

Dissect plugin for parsing the Base Log Files of a Microsoft Windows system.

Most of these records are actually parsed in-memory, this is the first iteration to parse the files present on disk. This should be improved in the near future when the memory implementation for dissect is working.

BLF_PATH = 'sysvol/windows/system32/config/'#

check_compatible() → None#

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:: UnsupportedPluginError – If the plugin could not be loaded.

clfs() → Iterator[ClfsRecord]#

Parse the containers associated with a valid BLF file.

Containers are used to store the transactional logs in the form of records.

References

https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/introduction-to-the-common-log-file-system

dissect.target.plugins.os.windows.clfs#

Module Contents#

Classes#

Attributes#

`dissect.target.plugins.os.windows.clfs`#