dissect.target.plugins.os.windows.startupinfo

Module Contents

Classes

StartupInfoPlugin

Windows startup info plugin.

Functions

Attributes

dissect.target.plugins.os.windows.startupinfo.StartupInfoRecord
dissect.target.plugins.os.windows.startupinfo.parse_ts(time_string: str) datetime.datetime | None
class dissect.target.plugins.os.windows.startupinfo.StartupInfoPlugin(target)

Bases: dissect.target.plugin.Plugin

Windows startup info plugin.

check_compatible() None

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

startupinfo() Iterator[StartupInfoRecord]

Return the contents of StartupInfo files.

On a Windows system, the StartupInfo log files contain information about process execution for the first 90 seconds of user logon activity, such as process name and CPU usage.

References