:py:mod:`dissect.target.plugins.os.windows.regf.regf` ===================================================== .. py:module:: dissect.target.plugins.os.windows.regf.regf Module Contents --------------- Classes ~~~~~~~ .. autoapisummary:: dissect.target.plugins.os.windows.regf.regf.RegfPlugin Attributes ~~~~~~~~~~ .. autoapisummary:: dissect.target.plugins.os.windows.regf.regf.RegistryKeyRecord dissect.target.plugins.os.windows.regf.regf.RegistryValueRecord .. py:data:: RegistryKeyRecord .. py:data:: RegistryValueRecord .. py:class:: RegfPlugin(target: dissect.target.Target) Bases: :py:obj:`dissect.target.plugin.Plugin` Regf dump plugin. .. py:method:: check_compatible() -> None Perform a compatibility check with the target. This function should return ``None`` if the plugin is compatible with the current target (``self.target``). For example, check if a certain file exists. Otherwise it should raise an ``UnsupportedPluginError``. :raises UnsupportedPluginError: If the plugin could not be loaded. .. py:method:: regf() Return all registry keys and values. The Windows Registry is a hierarchical database that stores low-level settings for the Windows operating system and for applications that opt to use it. .. rubric:: References - https://en.wikipedia.org/wiki/Windows_Registry Yields RegistryKeyRecords and RegistryValueRecords RegistryKeyRecord fields: hostname (string): The target hostname. domain (string): The target domain. ts (datetime): The registry key last modified time. path (string): The key path. key (string): The key name. source (string): The hive file path. RegistryValueRecord fields: hostname (string): The target hostname. domain (string): The target domain. ts (datetime): The registry key last modified time. path (string): The key path. key (string): The key name. name (string): The value name. value (string): The value. source (string): The hive file path. .. py:method:: walk(key, parent, path)