plaso.analyzers.hashers package¶

Submodules¶

plaso.analyzers.hashers.entropy module¶

The entropy calculation implementation.

class plaso.analyzers.hashers.entropy.EntropyHasher[source]¶

Bases: plaso.analyzers.hashers.interface.BaseHasher

Calculates the byte entropy of input files.

ATTRIBUTE_NAME = 'file_entropy'¶

DESCRIPTION = 'Calculates the byte entropy of input data.'¶

GetStringDigest()[source]¶

Calculates the byte entropy value.

Byte entropy is a value between 0.0 and 8.0, and is returned as a string to match the Plaso analyzer and storage APIs.

Returns

byte entropy formatted as a floating point number with 6 decimal: places calculated over the data blocks passed to Update().

Return type

str

NAME = 'entropy'¶

Update(data)[source]¶

Updates the state of the entropy calculator with a new block of data.

Repeated calls to update are equivalent to one single call with the concatenation of the arguments.

Parameters: data (bytes) – block of data with which to update the context of the entropy calculator.

plaso.analyzers.hashers.interface module¶

The hasher interface.

class plaso.analyzers.hashers.interface.BaseHasher[source]¶

Bases: object

Base class for objects that calculate hashes.

ATTRIBUTE_NAME = 'hash'¶

DESCRIPTION = 'Calculates a digest hash over input data.'¶

GetStringDigest()[source]¶

Retrieves the digest of the hash function expressed as a Unicode string.

Returns

string hash digest calculated over the data blocks passed to: Update(). The string consists of printable Unicode characters.

Return type

str

NAME = 'base_hasher'¶

Update(data)[source]¶

Updates the current state of the hasher with a new block of data.

Repeated calls to update are equivalent to one single call with the concatenation of the arguments.

Parameters: data (bytes) – data with which to update the context of the hasher.

plaso.analyzers.hashers.manager module¶

This file contains a class for managing digest hashers for Plaso.

class plaso.analyzers.hashers.manager.HashersManager[source]¶

Bases: object

Class that implements the hashers manager.

classmethod DeregisterHasher(hasher_class)[source]¶

Deregisters a hasher class.

The hasher classes are identified based on their lower case name.

Parameters: hasher_class (type) – class object of the hasher.
Raises: KeyError – if hasher class is not set for the corresponding name.

classmethod GetHasher(hasher_name)[source]¶

Retrieves an instance of a specific hasher.

Parameters: hasher_name (str) – the name of the hasher to retrieve.
Returns: hasher.
Return type: BaseHasher
Raises: KeyError – if hasher class is not set for the corresponding name.

classmethod GetHasherClasses(hasher_names=None)[source]¶

Retrieves the registered hashers.

Parameters

hasher_names (list[str]) – names of the hashers to retrieve.

Yields

tuple –

containing:

str: parser name type: next hasher class.

classmethod GetHasherNames()[source]¶

Retrieves the names of all loaded hashers.

Returns: hasher names.
Return type: list[str]

classmethod GetHasherNamesFromString(hasher_names_string)[source]¶

Retrieves a list of a hasher names from a comma separated string.

Takes a string of comma separated hasher names transforms it to a list of hasher names.

Parameters

hasher_names_string (str) – comma separated names of hashers to enable, the string ‘all’ to enable all hashers or ‘none’ to disable all hashers.

Returns

names of valid hashers from the string, or an empty list if no: valid names are found.

Return type

list[str]

classmethod GetHashers(hasher_names)[source]¶

Retrieves instances for all the specified hashers.

Parameters: hasher_names (list[str]) – names of the hashers to retrieve.
Returns: hashers.
Return type: list[BaseHasher]

classmethod GetHashersInformation()[source]¶

Retrieves the hashers information.

Returns

containing:

str: hasher name. str: hasher description.

Return type

list[tuple]

classmethod RegisterHasher(hasher_class)[source]¶

Registers a hasher class.

The hasher classes are identified based on their lower case name.

Parameters: hasher_class (type) – class object of the hasher.
Raises: KeyError – if hasher class is already set for the corresponding name.

plaso.analyzers.hashers.md5 module¶

The MD5 hasher implementation.

class plaso.analyzers.hashers.md5.MD5Hasher[source]¶

Bases: plaso.analyzers.hashers.interface.BaseHasher

This class provides MD5 hashing functionality.

ATTRIBUTE_NAME = 'md5_hash'¶

DESCRIPTION = 'Calculates an MD5 digest hash over input data.'¶

GetStringDigest()[source]¶

Returns the digest of the hash function expressed as a Unicode string.

Returns

string hash digest calculated over the data blocks passed to: Update(). The string consists of printable Unicode characters.

Return type

str

NAME = 'md5'¶

Update(data)[source]¶

Updates the current state of the hasher with a new block of data.

Repeated calls to update are equivalent to one single call with the concatenation of the arguments.

Parameters: data (bytes) – block of data with which to update the context of the hasher.

plaso.analyzers.hashers.sha1 module¶

The SHA-1 Hasher implementation

class plaso.analyzers.hashers.sha1.SHA1Hasher[source]¶

Bases: plaso.analyzers.hashers.interface.BaseHasher

This class provides SHA-1 hashing functionality.

ATTRIBUTE_NAME = 'sha1_hash'¶

DESCRIPTION = 'Calculates a SHA-1 digest hash over input data.'¶

GetStringDigest()[source]¶

Returns the digest of the hash function expressed as a Unicode string.

Returns

string hash digest calculated over the data blocks passed to: Update(). The string consists of printable Unicode characters.

Return type

str

NAME = 'sha1'¶

Update(data)[source]¶

Updates the current state of the hasher with a new block of data.

Repeated calls to update are equivalent to one single call with the concatenation of the arguments.

Parameters: data (bytes) – block of data with which to update the context of the hasher.

plaso.analyzers.hashers.sha256 module¶

The SHA-256 Hasher implementation

class plaso.analyzers.hashers.sha256.SHA256Hasher[source]¶

Bases: plaso.analyzers.hashers.interface.BaseHasher

This class provides SHA-256 hashing functionality.

ATTRIBUTE_NAME = 'sha256_hash'¶

DESCRIPTION = 'Calculates a SHA-256 digest hash over input data.'¶

GetStringDigest()[source]¶

Returns the digest of the hash function expressed as a Unicode string.

Returns

string hash digest calculated over the data blocks passed to: Update(). The string consists of printable Unicode characters.

Return type

str

NAME = 'sha256'¶

Update(data)[source]¶

Updates the current state of the hasher with a new block of data.

Repeated calls to update are equivalent to one single call with the concatenation of the arguments.

Parameters: data (bytes) – block of data with which to update the context of the hasher.

Module contents¶

This file imports Python modules that register hashers.