dissect.target.plugins.os.windows.ual#

Module Contents#

Classes#

UalPlugin

Return all available User Access Log information.

Attributes#

ClientAccessRecord

RoleAccessRecord

VirtualMachineRecord

DomainSeenRecord

SystemIdentityRecord

FIELD_NAME_MAP

dissect.target.plugins.os.windows.ual.ClientAccessRecord#
dissect.target.plugins.os.windows.ual.RoleAccessRecord#
dissect.target.plugins.os.windows.ual.VirtualMachineRecord#
dissect.target.plugins.os.windows.ual.DomainSeenRecord#
dissect.target.plugins.os.windows.ual.SystemIdentityRecord#
dissect.target.plugins.os.windows.ual.FIELD_NAME_MAP#
class dissect.target.plugins.os.windows.ual.UalPlugin(target)#

Bases: dissect.target.plugin.Plugin

Return all available User Access Log information.

User Access Logging (UAL) is a logging system that aggregates client usage data by role and products on a local server. It helps Windows server administrators to quantify requests from client computers for roles and services on a local server.

References

__namespace__ = 'ual'#
LOG_DB_GLOB = 'sysvol/Windows/System32/LogFiles/Sum/*.mdb'#
IDENTITY_DB_FILENAME = 'SystemIdentity.mdb'#
IDENTITY_DB_PATH#
check_compatible() None#

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

find_mdb_files()#
populate_role_guid_map()#
read_table_records(table_name)#
client_access()#

Return client access data within the User Access Logs.

role_access()#

Return role access data within the User Access Logs.

virtual_machines()#

Return virtual machine data within the User Access Logs.

domains_seen()#

Return DNS data within the User Access Logs.

system_identities()#

Return system identity data within the User Access Logs.