dissect.target.plugins.os.windows.regf.7zip#

Module Contents#

Classes#

SevenZipPlugin

Base class for plugins.

Attributes#

PanelPathRecord

ArcHistoryRecord

PathHistoryRecord

CopyHistoryRecord

FolderHistoryRecord

dissect.target.plugins.os.windows.regf.7zip.PanelPathRecord#
dissect.target.plugins.os.windows.regf.7zip.ArcHistoryRecord#
dissect.target.plugins.os.windows.regf.7zip.PathHistoryRecord#
dissect.target.plugins.os.windows.regf.7zip.CopyHistoryRecord#
dissect.target.plugins.os.windows.regf.7zip.FolderHistoryRecord#
class dissect.target.plugins.os.windows.regf.7zip.SevenZipPlugin(target: dissect.target.Target)#

Bases: dissect.target.plugin.Plugin

Base class for plugins.

Plugins can optionally be namespaced by specifying the __namespace__ class attribute. Namespacing results in your plugin needing to be prefixed with this namespace when being called. For example, if your plugin has specified test as namespace and a function called example, you must call your plugin with test.example:

A Plugin class has the following private class attributes:

  • __namespace__

  • __record_descriptors__

With the following three being assigned in register():

  • __plugin__

  • __functions__

  • __exports__

Additionally, the methods and attributes of Plugin receive more private attributes by using decorators.

The export() decorator adds the following private attributes

  • __exported__

  • __output__: Set with the export() decorator.

  • __record__: Set with the export() decorator.

The internal() decorator and InternalPlugin set the __internal__ attribute. Finally. args() decorator sets the __args__ attribute.

Parameters:

target – The Target object to load the plugin for.

KEY = 'HKCU\\Software\\7-Zip'#
check_compatible()#

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

parse_key(key, keyname, valuename, record)#
sevenzip()#

Return 7-Zip history information from the registry.

7-Zip is an open source file archiver. If the HKCUSoftware7-Zip registry key exists, it checks for additional registry keys, such as ArcHistory and FolderHistory. This might provide insight in which files have been archived by 7-Zip.

References