dissect.target.plugins.os.windows.regf.bam
#
Module Contents#
Classes#
Plugin for bam/dam registry keys. |
Attributes#
- dissect.target.plugins.os.windows.regf.bam.c_bamdef = Multiline-String#
Show Value
""" struct entry { uint64 ts; }; """
- dissect.target.plugins.os.windows.regf.bam.c_bam#
- dissect.target.plugins.os.windows.regf.bam.BamDamRecord#
- class dissect.target.plugins.os.windows.regf.bam.BamDamPlugin(target: dissect.target.Target)#
Bases:
dissect.target.plugin.Plugin
Plugin for bam/dam registry keys.
- KEYS = ['HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\bam\\UserSettings',...#
- check_compatible()#
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- bam()#
Parse bam and dam registry keys.
- Yields BamDamRecords with fields:
hostname (string): The target hostname. domain (string): The target domain. ts (datetime): The parsed timestamp. path (uri): The parsed path.