plaso.analyzers package¶
Subpackages¶
Submodules¶
plaso.analyzers.hashing_analyzer module¶
The hashing analyzer implementation.
-
class
plaso.analyzers.hashing_analyzer.
HashingAnalyzer
[source]¶ Bases:
plaso.analyzers.interface.BaseAnalyzer
This class contains code for calculating file hashes of input files.
-
Analyze
(data)[source]¶ Updates the internal state of the analyzer, processing a block of data.
Repeated calls are equivalent to a single call with the concatenation of all the arguments.
Parameters: data (bytes) – block of data from the data stream.
-
DESCRIPTION
= 'Calculates hashes of file content.'¶
-
GetResults
()[source]¶ Retrieves the hashing results.
Returns: results. Return type: list[AnalyzerResult]
-
INCREMENTAL_ANALYZER
= True¶
-
NAME
= 'hashing'¶
-
PROCESSING_STATUS_HINT
= 'hashing'¶
-
plaso.analyzers.interface module¶
Definitions to provide a whole-file processing framework.
-
class
plaso.analyzers.interface.
BaseAnalyzer
[source]¶ Bases:
object
Class that provides the interface for whole-file analysis.
-
Analyze
(data)[source]¶ Analyzes a block of data, updating the state of the analyzer
Parameters: data (bytes) – block of data to process.
-
DESCRIPTION
= ''¶
-
GetResults
()[source]¶ Retrieves the results of the analysis.
Returns: results. Return type: list[AnalyzerResult]
-
INCREMENTAL_ANALYZER
= False¶
-
NAME
= 'base_analyzer'¶
-
PROCESSING_STATUS_HINT
= 'analyzing'¶
-
SIZE_LIMIT
= 33554432¶
-
plaso.analyzers.logger module¶
The analyzers sub module logger.
plaso.analyzers.manager module¶
This file contains a class for managing digest analyzers for Plaso.
-
class
plaso.analyzers.manager.
AnalyzersManager
[source]¶ Bases:
object
Class that implements the analyzers manager.
-
classmethod
DeregisterAnalyzer
(analyzer_class)[source]¶ Deregisters a analyzer class.
The analyzer classes are identified based on their lower case name.
Parameters: analyzer_class (type) – class object of the analyzer. Raises: KeyError
– if analyzer class is not set for the corresponding name.
-
classmethod
GetAnalyzerInstance
(analyzer_name)[source]¶ Retrieves an instance of a specific analyzer.
Parameters: analyzer_name (str) – name of the analyzer to retrieve. Returns: analyzer instance. Return type: BaseAnalyzer Raises: KeyError
– if analyzer class is not set for the corresponding name.
-
classmethod
GetAnalyzerInstances
(analyzer_names)[source]¶ Retrieves instances for all the specified analyzers.
Parameters: analyzer_names (list[str]) – names of the analyzers to retrieve. Returns: analyzer instances. Return type: list[BaseAnalyzer]
-
classmethod
GetAnalyzerNames
()[source]¶ Retrieves the names of all loaded analyzers.
Returns: of analyzer names. Return type: list[str]
-
classmethod
GetAnalyzers
()[source]¶ Retrieves the registered analyzers.
Yields: tuple –
containing:
str: the uniquely identifying name of the analyzer type: the analyzer class.
-
classmethod
plaso.analyzers.yara_analyzer module¶
Analyzer that matches Yara rules.
-
class
plaso.analyzers.yara_analyzer.
YaraAnalyzer
[source]¶ Bases:
plaso.analyzers.interface.BaseAnalyzer
Analyzer that matches Yara rules.
-
Analyze
(data)[source]¶ Analyzes a block of data, attempting to match Yara rules to it.
Parameters: data (bytes) – a block of data.
-
DESCRIPTION
= 'Matches Yara rules over input data.'¶
-
GetResults
()[source]¶ Retrieves results of the most recent analysis.
Returns: results. Return type: list[AnalyzerResult]
-
INCREMENTAL_ANALYZER
= False¶
-
NAME
= 'yara'¶
-
PROCESSING_STATUS_HINT
= 'yara scan'¶
-
Module contents¶
This file imports Python modules that register analyzers.