dissect.target.plugins.apps.edr.acquire

Module Contents

Classes

AcquirePlugin

Returns records from data collected by Acquire.

Attributes

AcquireOpenHandlesRecord
AcquireHashRecord

dissect.target.plugins.apps.edr.acquire.AcquireOpenHandlesRecord

dissect.target.plugins.apps.edr.acquire.AcquireHashRecord

class dissect.target.plugins.apps.edr.acquire.AcquirePlugin(target: dissect.target.target.Target)

Bases: dissect.target.plugin.Plugin

Returns records from data collected by Acquire.

__namespace__ = 'acquire'

Defines the plugin namespace.

hash_file

open_handles_file

check_compatible() → None

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

hashes() → collections.abc.Iterator[AcquireHashRecord]

Return file hashes collected by Acquire.

An Acquire file container contains a file hashes csv when the hashes module was used. The content of this csv file is returned.

handles() → collections.abc.Iterator[AcquireOpenHandlesRecord]

Return open handles collected by Acquire.

An Acquire file container contains an open handles csv when the handles module was used. The content of this csv file is returned.