dissect.target.plugins.os.windows.clfs
¶
Module Contents¶
Classes¶
CLFS Plugin. |
Attributes¶
- dissect.target.plugins.os.windows.clfs.ClfsRecord¶
- class dissect.target.plugins.os.windows.clfs.ClfsPlugin(target: dissect.target.target.Target)¶
Bases:
dissect.target.plugin.Plugin
CLFS Plugin.
Dissect plugin for parsing the Base Log Files of a Microsoft Windows system.
Most of these records are actually parsed in-memory, this is the first iteration to parse the files present on disk. This should be improved in the near future when the memory implementation for dissect is working.
- BLF_PATH = 'sysvol/windows/system32/config/'¶
- check_compatible() None ¶
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- clfs() Iterator[ClfsRecord] ¶
Parse the containers associated with a valid BLF file.
Containers are used to store the transactional logs in the form of records.
References