`dissect.target.plugins.os.windows.regf.regf`#

Module Contents#

Classes#

RegfPlugin

Regf dump plugin.

Attributes#

`RegistryKeyRecord`
`RegistryValueRecord`

dissect.target.plugins.os.windows.regf.regf.RegistryKeyRecord#

dissect.target.plugins.os.windows.regf.regf.RegistryValueRecord#

class dissect.target.plugins.os.windows.regf.regf.RegfPlugin(target: dissect.target.Target)#

Bases: dissect.target.plugin.Plugin

Regf dump plugin.

check_compatible()#

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:: UnsupportedPluginError – If the plugin could not be loaded.

regf()#

Return all registry keys and values.

The Windows Registry is a hierarchical database that stores low-level settings for the Windows operating system and for applications that opt to use it.

Sources:

https://en.wikipedia.org/wiki/Windows_Registry

Yields RegistryKeyRecords and RegistryValueRecords

RegistryKeyRecord fields:: hostname (string): The target hostname. domain (string): The target domain. ts (datetime): The registry key last modified time. path (string): The key path. key (string): The key name. source (string): The hive file path.
RegistryValueRecord fields:: hostname (string): The target hostname. domain (string): The target domain. ts (datetime): The registry key last modified time. path (string): The key path. key (string): The key name. name (string): The value name. value (string): The value. source (string): The hive file path.

walk(key, parent, path)#

dissect.target.plugins.os.windows.regf.regf#

Module Contents#

Classes#

Attributes#

`dissect.target.plugins.os.windows.regf.regf`#