dissect.target.plugins.os.windows.regf.usb#
Module Contents#
Classes#
USB plugin. |
Attributes#
- dissect.target.plugins.os.windows.regf.usb.UsbRegistryRecord#
- dissect.target.plugins.os.windows.regf.usb.USB_DEVICE_PROPERTY_KEYS#
- class dissect.target.plugins.os.windows.regf.usb.UsbPlugin(target: dissect.target.Target)#
Bases:
dissect.target.plugin.PluginUSB plugin.
- USB_STOR = 'HKLM\\SYSTEM\\CurrentControlSet\\Enum\\USBSTOR'#
- DEVICE_CONTAINERS = 'HKLM\\SYSTEM\\CurrentControlSet\\Control\\DeviceContainers'#
- USB = 'HKLM\\SYSTEM\\CurrentControlSet\\Enum\\USB'#
- HID = 'HKLM\\SYSTEM\\CurrentControlSet\\Enum\\HID'#
- SCSI = 'HKLM\\SYSTEM\\CurrentControlSet\\Enum\\SCSI'#
- check_compatible()#
Perform a compatibility check with the target.
This function should return
Noneif the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- unpack_timestamps(usb_reg_properties)#
- Params:
usb_reg_properties (Regf): A registry object with USB properties
- Returns:
A dict containing parsed timestamps within passed registry object
- Return type:
timestamps (Dict)
- parse_device_name(device_name)#
- usb()#
Return information about attached USB devices.
Use the registry to find information about USB devices that have been attached to the system, for example the HKLMSYSTEMCurrentControlSetEnumUSBSTOR registry key.
- Yields UsbRegistryRecord with fields:
hostname (string): The target hostname domain (string): The target domain type (string): Type of USB device serial (string): Serial number of USB storage device vid (string): Vendor ID of USB storage device pid (string): Product ID of the USB storage device rev (string): Version of the USB storage device containerid (string): friendlyname (string): Display name of the USB storage device first_insert (datetime): First insertion date of USB storage device first_install (datetime): First instalation date of USB storage device last_insert (datetime): Most recent insertion (arrival) date of USB storage device last_removal (datetime): Most recent removal (unplug) date of USB storage device info_origin (string): Location of info present in output