dissect.target.plugins.apps.browser.iexplore¶
Module Contents¶
Classes¶
Class for opening and pre-processing IE WebCache file. |
|
Internet explorer browser plugin. |
- class dissect.target.plugins.apps.browser.iexplore.WebCache(target: dissect.target.target.Target, fh: BinaryIO)¶
Class for opening and pre-processing IE WebCache file.
- target¶
- db¶
- find_containers(name: str) collections.abc.Iterator[dissect.database.ese.Table]¶
Look up all
ContainerIdvalues for a given container name.- Parameters:
name – The container name to look up all container IDs of.
- Yields:
All
ContainerIdvalues for the requested container name.
- history() collections.abc.Iterator[dissect.database.ese.Record]¶
Yield records from the history webcache container.
- downloads() collections.abc.Iterator[dissect.database.ese.Record]¶
Yield records from the iedownload webcache container.
- abstract cookies() None¶
- class dissect.target.plugins.apps.browser.iexplore.InternetExplorerPlugin(target: dissect.target.target.Target)¶
Bases:
dissect.target.plugins.apps.browser.browser.BrowserPluginInternet explorer browser plugin.
- __namespace__ = 'iexplore'¶
Defines the plugin namespace.
- DIRS = ('AppData/Local/Microsoft/Windows/WebCache',)¶
- CACHE_FILENAME = 'WebCacheV01.dat'¶
- BrowserHistoryRecord¶
- BrowserDownloadRecord¶
- users_dirs: list[tuple[dissect.target.plugins.general.users.UserDetails, pathlib.Path]] = []¶
- check_compatible() None¶
Perform a compatibility check with the target.
This function should return
Noneif the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- history() collections.abc.Iterator[BrowserHistoryRecord]¶
Return browser history records from Internet Explorer.
Yields BrowserHistoryRecord with the following fields:
ts (datetime): Visit timestamp. browser (string): The browser from which the records are generated from. id (string): Record ID. url (uri): History URL. title (string): Page title. description (string): Page description. host (string): Hostname. visit_type (varint): Visit type. visit_count (varint): Amount of visits. hidden (string): Hidden value. typed (boolean): Typed value. session (varint): Session value. from_visit (varint): Record ID of the "from" visit. from_url (uri): URL of the "from" visit. source: (path): The source file of the history record.
- downloads() collections.abc.Iterator[BrowserDownloadRecord]¶
Return browser downloads records from Internet Explorer.
Yields BrowserDownloadRecord with the following fields:
ts_start (datetime): Download start timestamp. ts_end (datetime): Download end timestamp. browser (string): The browser from which the records are generated from. id (string): Record ID. path (string): Download path. url (uri): Download URL. size (varint): Download file size. state (varint): Download state number. source: (path): The source file of the download record.