`dissect.target.plugins.os.windows.regf.recentfilecache`#

Module Contents#

Classes#

RecentFileCachePlugin

Plugin that parses the RecentFileCache.bcf file.

Attributes#

`c_recent_files_def`
`c_recent_files`
`RecentFileCacheRecord`

dissect.target.plugins.os.windows.regf.recentfilecache.c_recent_files_def = Multiline-String#

Show Value

"""
    struct header {
        uint32  magic;
        uint32  unk0;
        uint32  unk1;
        uint32  unk2;
        uint32  checksum;
    };

    struct entry {
        uint32  length;
        wchar   path[length + 1];
    };
    """

dissect.target.plugins.os.windows.regf.recentfilecache.c_recent_files#

dissect.target.plugins.os.windows.regf.recentfilecache.RecentFileCacheRecord#

class dissect.target.plugins.os.windows.regf.recentfilecache.RecentFileCachePlugin(target)#

Bases: dissect.target.plugin.Plugin

Plugin that parses the RecentFileCache.bcf file.

check_compatible() → None#

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:: UnsupportedPluginError – If the plugin could not be loaded.

recentfilecache()#

Parse RecentFileCache.bcf.

Yields RecentFileCacheRecords with fields:: hostname (string): The target hostname. domain (string): The target domain. path (uri): The parsed path.

dissect.target.plugins.os.windows.regf.recentfilecache#

Module Contents#

Classes#

Attributes#

`dissect.target.plugins.os.windows.regf.recentfilecache`#