`dissect.target.plugins.os.windows.regf.recentfilecache`¶

Module Contents¶

Classes¶

RecentFileCachePlugin

Plugin that parses the RecentFileCache.bcf file.

Attributes¶

`c_recent_files_def`
`c_recent_files`
`RecentFileCacheRecord`

dissect.target.plugins.os.windows.regf.recentfilecache.c_recent_files_def = Multiline-String¶

Show Value

"""
    struct header {
        uint32  magic;
        uint32  unk0;
        uint32  unk1;
        uint32  unk2;
        uint32  checksum;
    };

    struct entry {
        uint32  length;
        wchar   path[length + 1];
    };
    """

dissect.target.plugins.os.windows.regf.recentfilecache.c_recent_files¶

dissect.target.plugins.os.windows.regf.recentfilecache.RecentFileCacheRecord¶

class dissect.target.plugins.os.windows.regf.recentfilecache.RecentFileCachePlugin(target)¶

Bases: dissect.target.plugin.Plugin

Plugin that parses the RecentFileCache.bcf file.

check_compatible() → None¶

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:: UnsupportedPluginError – If the plugin could not be loaded.

recentfilecache()¶

Parse RecentFileCache.bcf.

Yields RecentFileCacheRecords with fields:: hostname (string): The target hostname. domain (string): The target domain. path (uri): The parsed path.

dissect.target.plugins.os.windows.regf.recentfilecache¶

Module Contents¶

Classes¶

Attributes¶

`dissect.target.plugins.os.windows.regf.recentfilecache`¶