:py:mod:`dissect.target.loaders.cb` =================================== .. py:module:: dissect.target.loaders.cb Module Contents --------------- Classes ~~~~~~~ .. autoapisummary:: dissect.target.loaders.cb.CbLoader dissect.target.loaders.cb.CbRegistry dissect.target.loaders.cb.CbRegistryHive dissect.target.loaders.cb.CbRegistryKey dissect.target.loaders.cb.CbRegistryValue .. py:class:: CbLoader(path: str, parsed_path: urllib.parse.ParseResult = None, **kwargs) Bases: :py:obj:`dissect.target.loader.Loader` Use Carbon Black endpoints as targets using Live Response. Use as ``cb://[@]``. Refer to the Carbon Black documentation for setting up a ``credentials.cbc`` file. .. py:method:: get_device() -> Optional[cbc_sdk.platform.Device] .. py:method:: detect(path: pathlib.Path) -> bool :staticmethod: Detects wether this ``Loader`` class can load this specific ``path``. :param path: The target path to check. :returns: ``True`` if the ``path`` can be loaded by a ``Loader`` instance. ``False`` otherwise. .. py:method:: map(target: dissect.target.target.Target) -> None Maps the loaded path into a ``Target``. :param target: The target that we're mapping into. .. py:class:: CbRegistry(target: dissect.target.target.Target, session: cbc_sdk.live_response_api.LiveResponseSession) Bases: :py:obj:`dissect.target.plugins.os.windows.registry.RegistryPlugin` Provides registry access for Windows targets. Acts much the same to how the registry works on a live Windows machine. Hives are correctly mapped under e.g. HKLM\SOFTWARE. Internal functions only. .. py:attribute:: __register__ :value: False .. py:method:: check_compatible() -> bool Perform a compatibility check with the target. This function should return ``None`` if the plugin is compatible with the current target (``self.target``). For example, check if a certain file exists. Otherwise it should raise an ``UnsupportedPluginError``. :raises UnsupportedPluginError: If the plugin could not be loaded. .. py:class:: CbRegistryHive(session: cbc_sdk.live_response_api.LiveResponseSession, root_key: str) Bases: :py:obj:`dissect.target.helpers.regutil.RegistryHive` Base class for registry hives. .. py:method:: key(key: str) -> CbRegistryKey Retrieve a registry key from a specific path. :param key: A path to a registry key within this hive. :raises RegistryKeyNotFoundError: If the registry key could not be found. .. py:class:: CbRegistryKey(hive: CbRegistryHive, path: str) Bases: :py:obj:`dissect.target.helpers.regutil.RegistryKey` Base class for registry keys. :param hive: The registry hive to which this registry key belongs. .. py:property:: name :type: str Returns the name of this key. .. py:property:: path :type: str Returns the path of this key. .. py:property:: timestamp :type: datetime.datetime Returns the last modified timestamp of this key. .. py:method:: data() -> dict .. py:method:: subkey(subkey: str) -> CbRegistryKey Returns a specific subkey from this key. :param subkey: The name of the subkey to retrieve. :raises RegistryKeyNotFoundError: If this key has no subkey with the requested name. .. py:method:: subkeys() -> list[CbRegistryKey] Returns a list of subkeys from this key. .. py:method:: value(value: str) -> str Returns a specific value from this key. :param value: The name of the value to retrieve. :raises RegistryValueNotFoundError: If this key has no value with the requested name. .. py:method:: values() -> list[CbRegistryValue] Returns a list of all the values from this key. .. py:class:: CbRegistryValue(hive: CbRegistryHive, name: str, data: str, type: str) Bases: :py:obj:`dissect.target.helpers.regutil.RegistryValue` Base class for registry values. :param hive: The registry hive to which this registry value belongs. .. py:property:: name :type: str Returns the name of this value. .. py:property:: value :type: str Returns the value of this value. .. py:property:: type :type: str Returns the type of this value. Reference: - https://docs.microsoft.com/en-us/windows/win32/sysinfo/registry-value-types