dissect.target.plugins.os.windows.log.pfro#

Module Contents#

Classes#

PfroPlugin

PFRO plugin.

Attributes#

dissect.target.plugins.os.windows.log.pfro.PfroRecord#
class dissect.target.plugins.os.windows.log.pfro.PfroPlugin(target)#

Bases: dissect.target.plugin.Plugin

PFRO plugin.

check_compatible() None#

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

pfro()#

Return the content of sysvol/Windows/PFRO.log

A Pending File Rename Operation log file (PFRO.log) holds information about the process of deleting or renaming files that are locked or being used and that will be renamed on reboot. This is related to the filerenameop plugin.

References

Yields PfroRecords with fields:

hostname (string): The target hostname. domain (string): The target domain. ts (datetime): The parsed timestamp. path (uri): The parsed path. operation (string): The parsed operation.