dissect.target.plugins.os.windows.regf.applications
¶
Module Contents¶
Classes¶
Windows Applications plugin. |
- class dissect.target.plugins.os.windows.regf.applications.WindowsApplicationsPlugin(target: dissect.target.target.Target)¶
Bases:
dissect.target.plugin.Plugin
Windows Applications plugin.
- keys¶
- check_compatible() None ¶
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- applications() Iterator[dissect.target.helpers.record.WindowsApplicationRecord] ¶
Yields currently installed applications from the Windows registry.
Use the Windows eventlog plugin (
evtx
,evt
) to parse install and uninstall events of applications and services (e.g.4697
,110707
,1034
and11724
).Yields
WindowsApplicationRecord
records with the following fields:ts_modified (datetime): timestamp when the installation was modified according to the registry ts_installed (datetime): timestamp when the application was installed according to the application name (string): name of the application version (string): version of the application author (string): author of the application type (string): type of the application, either user or system path (string): path to the installed location or installer of the application