clfs#
$ target-query <path/to/target> -f clfs
Module |
|
Output |
|
Module documentation
CLFS Plugin.
Dissect plugin for parsing the Base Log Files of a Microsoft Windows system.
Most of these records are actually parsed in-memory, this is the first iteration to parse the files present on disk. This should be improved in the near future when the memory implementation for dissect is working.
Function documentation
Parse the containers associated with a valid BLF file.
Containers are used to store the transactional logs in the form of records.