`dissect.target.plugins.os.windows.log.amcache`¶

Module Contents¶

Classes¶

AmcacheInstallPlugin

Amcache install log plugin.

Functions¶

create_record

Attributes¶

`re_field`
`COMMON_ELEMENTS`
`AmcacheFileCreateRecord`
`AmcacheArpCreateRecord`

dissect.target.plugins.os.windows.log.amcache.re_field¶

dissect.target.plugins.os.windows.log.amcache.COMMON_ELEMENTS = [('datetime', 'start_time'), ('datetime', 'stop_time'), ('datetime', 'created'), ('datetime',...¶

dissect.target.plugins.os.windows.log.amcache.AmcacheFileCreateRecord¶

dissect.target.plugins.os.windows.log.amcache.AmcacheArpCreateRecord¶

dissect.target.plugins.os.windows.log.amcache.create_record(description: AmcacheFileCreateRecord | AmcacheArpCreateRecord, filename: str, install_properties: dict[str, str], create: str, target: dissect.target.target.Target) → dissect.target.helpers.record.TargetRecordDescriptor¶

class dissect.target.plugins.os.windows.log.amcache.AmcacheInstallPlugin(target: dissect.target.target.Target)¶

Bases: dissect.target.plugin.Plugin

Amcache install log plugin.

logs¶

check_compatible() → None¶

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:: UnsupportedPluginError – If the plugin could not be loaded.

amcache_install() → collections.abc.Iterator[AmcacheArpCreateRecord, AmcacheFileCreateRecord]¶

Return the contents of the Amcache install log.

The log file contains the changes an installer performed on the system. These only get created when the executable is an installer.

dissect.target.plugins.os.windows.log.amcache¶

Module Contents¶

Classes¶

Functions¶

Attributes¶

`dissect.target.plugins.os.windows.log.amcache`¶