`dissect.target.plugins.os.windows.clfs`¶

Module Contents¶

Classes¶

ClfsPlugin

CLFS Plugin.

Attributes¶

ClfsRecord

dissect.target.plugins.os.windows.clfs.ClfsRecord¶

class dissect.target.plugins.os.windows.clfs.ClfsPlugin(target: dissect.target.target.Target)¶

Bases: dissect.target.plugin.Plugin

CLFS Plugin.

Dissect plugin for parsing the Base Log Files of a Microsoft Windows system.

Most of these records are actually parsed in-memory, this is the first iteration to parse the files present on disk. This should be improved in the near future when the memory implementation for dissect is working.

BLF_PATH = '%windir%/system32/config/'¶

check_compatible() → None¶

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:: UnsupportedPluginError – If the plugin could not be loaded.

clfs() → collections.abc.Iterator[ClfsRecord]¶

Parse the containers associated with a valid BLF file.

Containers are used to store the transactional logs in the form of records.

References

https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/introduction-to-the-common-log-file-system

dissect.target.plugins.os.windows.clfs¶

Module Contents¶

Classes¶

Attributes¶

`dissect.target.plugins.os.windows.clfs`¶