`dissect.target.plugins.os.windows.regf.bam`#

Module Contents#

Classes#

BamDamPlugin

Plugin for bam/dam registry keys.

Attributes#

`c_bamdef`
`c_bam`
`BamDamRecord`

dissect.target.plugins.os.windows.regf.bam.c_bamdef = Multiline-String#

Show Value

"""
    struct entry {
        uint64 ts;
    };
    """

dissect.target.plugins.os.windows.regf.bam.c_bam#

dissect.target.plugins.os.windows.regf.bam.BamDamRecord#

class dissect.target.plugins.os.windows.regf.bam.BamDamPlugin(target: dissect.target.Target)#

Bases: dissect.target.plugin.Plugin

Plugin for bam/dam registry keys.

KEYS = ['HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\bam\\UserSettings',...#

check_compatible() → None#

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:: UnsupportedPluginError – If the plugin could not be loaded.

bam()#

Parse bam and dam registry keys.

Yields BamDamRecords with fields:: hostname (string): The target hostname. domain (string): The target domain. ts (datetime): The parsed timestamp. path (uri): The parsed path.

dissect.target.plugins.os.windows.regf.bam#

Module Contents#

Classes#

Attributes#

`dissect.target.plugins.os.windows.regf.bam`#