dissect.target.plugins.os.windows.syscache
¶
Module Contents¶
Classes¶
Plugin to parse Syscache.hve. |
Attributes¶
- dissect.target.plugins.os.windows.syscache.SyscacheRecord¶
- class dissect.target.plugins.os.windows.syscache.SyscachePlugin(target)¶
Bases:
dissect.target.plugin.Plugin
Plugin to parse Syscache.hve.
Reference: - https://dfir.ru/2018/12/02/the-cit-database-and-the-syscache-hive/
- check_compatible() None ¶
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- syscache()¶
Parse the objects in the ObjectTable from the Syscache.hve file.