:py:mod:`dissect.target.plugins.apps.remoteaccess.anydesk`
==========================================================

.. py:module:: dissect.target.plugins.apps.remoteaccess.anydesk


Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.target.plugins.apps.remoteaccess.anydesk.AnydeskPlugin




.. py:class:: AnydeskPlugin(target: dissect.target.target.Target)

   Bases: :py:obj:`dissect.target.plugins.apps.remoteaccess.remoteaccess.RemoteAccessPlugin`


   Anydesk plugin.


   .. py:attribute:: __namespace__
      :value: 'anydesk'


      Defines the plugin namespace.


   .. py:attribute:: SERVICE_GLOBS
      :value: ('sysvol/ProgramData/AnyDesk/*.trace', 'sysvol/ProgramData/AnyDesk/ad_*/*.trace',...



   .. py:attribute:: FILETRANSFER_SERVICE_LOGS
      :value: ('sysvol/ProgramData/AnyDesk/file_transfer_trace.txt',)



   .. py:attribute:: FILETRANSFER_USER_LOGS
      :value: ('AppData/Roaming/AnyDesk/file_transfer_trace.txt',)



   .. py:attribute:: USER_GLOBS
      :value: ('AppData/Roaming/AnyDesk/*.trace', 'AppData/Roaming/AnyDesk/ad_*/*.trace',...



   .. py:attribute:: RemoteAccessLogRecord


   .. py:attribute:: RemoteAccessFileTransferRecord


   .. py:attribute:: trace_files
      :type:  set[tuple[dissect.target.helpers.fsutil.TargetPath, dissect.target.plugins.general.users.UserDetails | None]]


   .. py:attribute:: filetransfer_files
      :type:  set[tuple[dissect.target.helpers.fsutil.TargetPath, dissect.target.plugins.general.users.UserDetails | None]]


   .. py:method:: check_compatible() -> None

      Perform a compatibility check with the target.

      This function should return ``None`` if the plugin is compatible with the current target (``self.target``).
      For example, check if a certain file exists. Otherwise it should raise an
      :class:`UnsupportedPluginError`.

      :raises UnsupportedPluginError: If the plugin could not be loaded.



   .. py:method:: logs() -> collections.abc.Iterator[RemoteAccessLogRecord]

      Parse AnyDesk trace files.

      AnyDesk is a remote desktop application and can be used by adversaries to get (persistent) access to a machine.
      Log files (.trace files) can be stored on various locations, based on target OS and client type.
      Timestamps in trace files do not carry a time zone designator (TZD) but are in fact UTC.

      .. rubric:: References

      - https://www.inversecos.com/2021/02/forensic-analysis-of-anydesk-logs.html
      - https://support.anydesk.com/knowledge/trace-files#trace-file-locations



   .. py:method:: filetransfer() -> collections.abc.Iterator[RemoteAccessFileTransferRecord]

      Parse AnyDesk filetransfer files.

      AnyDesk is a remote desktop application and can be used by adversaries to get (persistent) access to a machine.
      File transfer (``file_transfer_trace.txt``) files show what files are downloaded to a system.
      Timestamps in trace files do not carry a time zone designator (TZD) but are in fact UTC.