dissect.target.plugins.os.windows.ual

Module Contents

Classes

UalPlugin

Return all available User Access Log information.

Attributes

ClientAccessRecord

RoleAccessRecord

VirtualMachineRecord

DomainSeenRecord

SystemIdentityRecord

FIELD_NAME_MAP

dissect.target.plugins.os.windows.ual.ClientAccessRecord
dissect.target.plugins.os.windows.ual.RoleAccessRecord
dissect.target.plugins.os.windows.ual.VirtualMachineRecord
dissect.target.plugins.os.windows.ual.DomainSeenRecord
dissect.target.plugins.os.windows.ual.SystemIdentityRecord
dissect.target.plugins.os.windows.ual.FIELD_NAME_MAP
class dissect.target.plugins.os.windows.ual.UalPlugin(target)

Bases: dissect.target.plugin.Plugin

Return all available User Access Log information.

User Access Logging (UAL) is a logging system that aggregates client usage data by role and products on a local server. It helps Windows server administrators to quantify requests from client computers for roles and services on a local server.

References

__namespace__ = 'ual'
LOG_DB_GLOB = 'sysvol/Windows/System32/LogFiles/Sum/*.mdb'
IDENTITY_DB_FILENAME = 'SystemIdentity.mdb'
IDENTITY_DB_PATH
check_compatible() None

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

find_mdb_files()
populate_role_guid_map()
read_table_records(table_name)
client_access()

Return client access data within the User Access Logs.

role_access()

Return role access data within the User Access Logs.

virtual_machines()

Return virtual machine data within the User Access Logs.

domains_seen()

Return DNS data within the User Access Logs.

system_identities()

Return system identity data within the User Access Logs.