dissect.target.plugins.apps.remoteaccess.teamviewer

Module Contents

Classes

TeamViewerPlugin

TeamViewer client plugin.

Attributes

START_PATTERN

dissect.target.plugins.apps.remoteaccess.teamviewer.START_PATTERN

class dissect.target.plugins.apps.remoteaccess.teamviewer.TeamViewerPlugin(target)

Bases: dissect.target.plugins.apps.remoteaccess.remoteaccess.RemoteAccessPlugin

TeamViewer client plugin.

Resources:

• https://teamviewer.com/en/global/support/knowledge-base/teamviewer-classic/contact-support/find-your-log-files

• https://www.systoolsgroup.com/forensics/teamviewer/

• https://benleeyr.wordpress.com/2020/05/19/teamviewer-forensics-tested-on-v15/

__namespace__ = 'teamviewer'

Defines the plugin namespace.

SYSTEM_GLOBS = ['sysvol/Program Files/TeamViewer/*.log', 'sysvol/Program Files (x86)/TeamViewer/*.log',...

USER_GLOBS = ['AppData/Roaming/TeamViewer/teamviewer*_logfile.log',...

RemoteAccessLogRecord

logfiles: list[list[dissect.target.helpers.fsutil.TargetPath, dissect.target.plugins.general.users.UserDetails]] = []

check_compatible() → None

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

logs() → Iterator[RemoteAccessLogRecord]

Yield TeamViewer client logs.

TeamViewer is a commercial remote desktop application. An adversary may use it to gain persistence on a system.