:py:mod:`dissect.target.loaders.phobos`
=======================================

.. py:module:: dissect.target.loaders.phobos


Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.target.loaders.phobos.PhobosLoader



Functions
~~~~~~~~~

.. autoapisummary::
   :nosignatures:

   dissect.target.loaders.phobos.scrape_pos



Attributes
~~~~~~~~~~

.. autoapisummary::

   dissect.target.loaders.phobos.BLOCK_SIZE
   dissect.target.loaders.phobos.NTFS_NEEDLE
   dissect.target.loaders.phobos.EXTFS_NEEDLE
   dissect.target.loaders.phobos.EXTFS_NEEDLE_OFFSET
   dissect.target.loaders.phobos.FS_NEEDLES


.. py:data:: BLOCK_SIZE

   

.. py:data:: NTFS_NEEDLE
   :value: b'\xebR\x90NTFS    \x00'

   

.. py:data:: EXTFS_NEEDLE
   :value: b'\xff\xffS\xef'

   

.. py:data:: EXTFS_NEEDLE_OFFSET

   

.. py:data:: FS_NEEDLES

   

.. py:function:: scrape_pos(fp: BinaryIO, needles: list[bytes], block_size: int = BLOCK_SIZE) -> Iterator[tuple[bytes, int]]


.. py:class:: PhobosLoader(path: pathlib.Path, **kwargs)


   Bases: :py:obj:`dissect.target.loader.Loader`

   Load Phobos Ransomware files.

   .. rubric:: References

   - https://www.hhs.gov/sites/default/files/overview-phobos-ransomware.pdf

   .. py:method:: detect(path: pathlib.Path) -> bool
      :staticmethod:

      Detects wether this ``Loader`` class can load this specific ``path``.

      :param path: The target path to check.

      :returns: ``True`` if the ``path`` can be loaded by a ``Loader`` instance. ``False`` otherwise.


   .. py:method:: map(target: dissect.target.Target) -> None

      Maps the loaded path into a ``Target``.

      :param target: The target that we're mapping into.