dissect.target.plugins.os.windows.regf.bam#

Module Contents#

Classes#

BamDamPlugin

Plugin for bam/dam registry keys.

Attributes#

dissect.target.plugins.os.windows.regf.bam.c_bamdef = Multiline-String#
Show Value
"""
    struct entry {
        uint64 ts;
    };
    """
dissect.target.plugins.os.windows.regf.bam.c_bam#
dissect.target.plugins.os.windows.regf.bam.BamDamRecord#
class dissect.target.plugins.os.windows.regf.bam.BamDamPlugin(target: dissect.target.Target)#

Bases: dissect.target.plugin.Plugin

Plugin for bam/dam registry keys.

KEYS = ['HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\bam\\UserSettings',...#
check_compatible() None#

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

bam()#

Parse bam and dam registry keys.

Yields BamDamRecords with fields:

hostname (string): The target hostname. domain (string): The target domain. ts (datetime): The parsed timestamp. path (uri): The parsed path.