:py:mod:`dissect.target.plugins.os.windows.clfs`
================================================

.. py:module:: dissect.target.plugins.os.windows.clfs


Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.target.plugins.os.windows.clfs.ClfsPlugin




Attributes
~~~~~~~~~~

.. autoapisummary::

   dissect.target.plugins.os.windows.clfs.ClfsRecord


.. py:data:: ClfsRecord

   

.. py:class:: ClfsPlugin(target: dissect.target.target.Target)


   Bases: :py:obj:`dissect.target.plugin.Plugin`

   CLFS Plugin.

   Dissect plugin for parsing the Base Log Files of a Microsoft Windows system.

   Most of these records are actually parsed in-memory, this is the first iteration
   to parse the files present on disk. This should be improved in the near future when
   the memory implementation for dissect is working.

   .. py:attribute:: BLF_PATH
      :value: 'sysvol/windows/system32/config/'

      

   .. py:method:: check_compatible() -> None

      Perform a compatibility check with the target.

      This function should return ``None`` if the plugin is compatible with
      the current target (``self.target``). For example, check if a certain
      file exists.
      Otherwise it should raise an ``UnsupportedPluginError``.

      :raises UnsupportedPluginError: If the plugin could not be loaded.


   .. py:method:: clfs() -> Iterator[ClfsRecord]

      Parse the containers associated with a valid BLF file.

      Containers are used to store the transactional logs in the form of records.

      .. rubric:: References

      - https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/introduction-to-the-common-log-file-system