`dissect.target.plugins.os.windows.regf.bam`¶

Module Contents¶

Classes¶

BamDamPlugin

Plugin for bam/dam registry keys.

Attributes¶

`bam_def`
`c_bam`
`BamDamRecord`

dissect.target.plugins.os.windows.regf.bam.bam_def = Multiline-String¶

Show Value

"""
    struct entry {
        uint64 ts;
    };
    """

dissect.target.plugins.os.windows.regf.bam.c_bam¶

dissect.target.plugins.os.windows.regf.bam.BamDamRecord¶

class dissect.target.plugins.os.windows.regf.bam.BamDamPlugin(target: dissect.target.target.Target)¶

Bases: dissect.target.plugin.Plugin

Plugin for bam/dam registry keys.

KEYS = ('HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\bam\\UserSettings',...¶

check_compatible() → None¶

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:: UnsupportedPluginError – If the plugin could not be loaded.

bam() → collections.abc.Iterator[BamDamRecord]¶

Parse bam and dam registry keys.

Yields BamDamRecords with fields:

hostname (string): The target hostname.
domain (string): The target domain.
ts (datetime): The parsed timestamp.
path (uri): The parsed path.

dissect.target.plugins.os.windows.regf.bam¶

Module Contents¶

Classes¶

Attributes¶

`dissect.target.plugins.os.windows.regf.bam`¶