dissect.target.plugins.os.windows.sru

Module Contents

Classes

SRUPlugin

Return all available SRUM data stored in the SRUDB.dat.

Functions

transform_app_id
transform_timestamp

Attributes

NetworkDataRecord
NetworkConnectivityRecord
EnergyEstimatorRecord
EnergyUsageRecord
EnergyUsageLTRecord
ApplicationRecord
PushNotificationRecord
ApplicationTimelineRecord
VfuRecord
SdpVolumeProviderRecord
SdpPhysicalDiskProviderRecord
SdpCpuProviderRecord
SdpNetworkProviderRecord
SRURecord
FIELD_MAPPINGS
TRANSFORMS

dissect.target.plugins.os.windows.sru.NetworkDataRecord

dissect.target.plugins.os.windows.sru.NetworkConnectivityRecord

dissect.target.plugins.os.windows.sru.EnergyEstimatorRecord

dissect.target.plugins.os.windows.sru.EnergyUsageRecord

dissect.target.plugins.os.windows.sru.EnergyUsageLTRecord

dissect.target.plugins.os.windows.sru.ApplicationRecord

dissect.target.plugins.os.windows.sru.PushNotificationRecord

dissect.target.plugins.os.windows.sru.ApplicationTimelineRecord

dissect.target.plugins.os.windows.sru.VfuRecord

dissect.target.plugins.os.windows.sru.SdpVolumeProviderRecord

dissect.target.plugins.os.windows.sru.SdpPhysicalDiskProviderRecord

dissect.target.plugins.os.windows.sru.SdpCpuProviderRecord

dissect.target.plugins.os.windows.sru.SdpNetworkProviderRecord

dissect.target.plugins.os.windows.sru.SRURecord

dissect.target.plugins.os.windows.sru.FIELD_MAPPINGS

dissect.target.plugins.os.windows.sru.transform_app_id(value: bytes | str | None) → str | None

dissect.target.plugins.os.windows.sru.transform_timestamp(value: int | datetime.datetime) → datetime.datetime

dissect.target.plugins.os.windows.sru.TRANSFORMS

class dissect.target.plugins.os.windows.sru.SRUPlugin(target: dissect.target.target.Target)

Bases: dissect.target.plugin.Plugin

Return all available SRUM data stored in the SRUDB.dat.

The System Resource Usage Monitor (SRUM) stores its information in a SRUDB.dat file. As the names suggests, it contains data about resource usage, such as network and memory usage by applications.

References

• https://docs.microsoft.com/en-us/sql/relational-databases/performance-monitor/monitor-resource-usage-system-monitor?view=sql-server-ver15

• https://blog.1234n6.com/2019/01/

__namespace__ = 'sru'

Defines the plugin namespace.

check_compatible() → None

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

read_records(table_name: str, record_type: SRURecord) → collections.abc.Iterator[SRURecord]

network_data() → collections.abc.Iterator[NetworkDataRecord]

Return the contents of Windows Network Data Usage Monitor table from the SRUDB.dat file.

Gives insight into the network usage of the system.

network_connectivity() → collections.abc.Iterator[NetworkConnectivityRecord]

Return the contents of Windows Network Connectivity Usage Monitor table from the SRUDB.dat file.

Gives insight into the network connectivity usage of the system.

energy_estimator() → collections.abc.Iterator[EnergyEstimatorRecord]

Return the contents of Energy Estimator table from the SRUDB.dat file.

energy_usage() → collections.abc.Iterator[EnergyUsageRecord]

Return the contents of Energy Usage Provider table from the SRUDB.dat file.

Gives insight into the energy usage of the system.

energy_usage_lt() → collections.abc.Iterator[EnergyUsageLTRecord]

Return the contents of Energy Usage Provider Long Term table from the SRUDB.dat file.

Gives insight into the energy usage of the system looking over the long term.

application() → collections.abc.Iterator[ApplicationRecord]

Return the contents of Application Resource Usage table from the SRUDB.dat file.

Gives insights into the resource usage of applications on the system.

push_notification() → collections.abc.Iterator[PushNotificationRecord]

Return the contents of Windows Push Notification Data table from the SRUDB.dat file.

Gives insight into the notification usage of the system.

application_timeline() → collections.abc.Iterator[ApplicationTimelineRecord]

Return the contents of App Timeline Provider table from the SRUDB.dat file.

vfu() → collections.abc.Iterator[VfuRecord]

Return the contents of vfuprov table from the SRUDB.dat file.

sdp_volume_provider() → collections.abc.Iterator[SdpVolumeProviderRecord]

Return the contents of SDP Volume Provider table from the SRUDB.dat file.

sdp_physical_disk_provider() → collections.abc.Iterator[SdpPhysicalDiskProviderRecord]

Return the contents of SDP Physical Disk Provider table from the SRUDB.dat file.

sdp_cpu_provider() → collections.abc.Iterator[SdpCpuProviderRecord]

Return the contents of SDP CPU Provider table from the SRUDB.dat file.

sdp_network_provider() → collections.abc.Iterator[SdpNetworkProviderRecord]

Return the contents of SDP Network Provider table from the SRUDB.dat file.