plaso.cli package¶
Subpackages¶
- plaso.cli.helpers package
- Submodules
- plaso.cli.helpers.analysis_plugins module
- plaso.cli.helpers.artifact_definitions module
- plaso.cli.helpers.artifact_filters module
- plaso.cli.helpers.data_location module
- plaso.cli.helpers.database_config module
- plaso.cli.helpers.date_filters module
- plaso.cli.helpers.dynamic_output module
- plaso.cli.helpers.elastic_output module
- plaso.cli.helpers.event_filters module
- plaso.cli.helpers.extraction module
- plaso.cli.helpers.filter_file module
- plaso.cli.helpers.hashers module
- plaso.cli.helpers.interface module
- plaso.cli.helpers.language module
- plaso.cli.helpers.manager module
- plaso.cli.helpers.mysql_4n6time_output module
- plaso.cli.helpers.nsrlsvr_analysis module
- plaso.cli.helpers.output_modules module
- plaso.cli.helpers.parsers module
- plaso.cli.helpers.process_resources module
- plaso.cli.helpers.profiling module
- plaso.cli.helpers.server_config module
- plaso.cli.helpers.sessionize_analysis module
- plaso.cli.helpers.shared_4n6time_output module
- plaso.cli.helpers.sqlite_4n6time_output module
- plaso.cli.helpers.status_view module
- plaso.cli.helpers.storage_file module
- plaso.cli.helpers.storage_format module
- plaso.cli.helpers.tagging_analysis module
- plaso.cli.helpers.temporary_directory module
- plaso.cli.helpers.text_prepend module
- plaso.cli.helpers.timesketch_output module
- plaso.cli.helpers.viper_analysis module
- plaso.cli.helpers.virustotal_analysis module
- plaso.cli.helpers.windows_services_analysis module
- plaso.cli.helpers.workers module
- plaso.cli.helpers.xlsx_output module
- plaso.cli.helpers.yara_rules module
- Module contents
Submodules¶
plaso.cli.extraction_tool module¶
plaso.cli.image_export_tool module¶
plaso.cli.log2timeline_tool module¶
plaso.cli.logger module¶
The cli sub module logger.
plaso.cli.pinfo_tool module¶
plaso.cli.psort_tool module¶
plaso.cli.psteal_tool module¶
plaso.cli.status_view module¶
The status view.
-
class
plaso.cli.status_view.
StatusView
(output_writer, tool_name)[source]¶ Bases:
object
Processing status view.
-
GetAnalysisStatusUpdateCallback
()[source]¶ Retrieves the analysis status update callback function.
- Returns
status update callback function or None if not available.
- Return type
function
-
GetExtractionStatusUpdateCallback
()[source]¶ Retrieves the extraction status update callback function.
- Returns
status update callback function or None if not available.
- Return type
function
-
MODE_LINEAR
= 'linear'¶
-
MODE_WINDOW
= 'window'¶
-
PrintExtractionStatusHeader
(processing_status)[source]¶ Prints the extraction status header.
- Parameters
processing_status (ProcessingStatus) – processing status.
-
PrintExtractionSummary
(processing_status)[source]¶ Prints a summary of the extraction.
- Parameters
processing_status (ProcessingStatus) – processing status.
-
SetSourceInformation
(source_path, source_type, artifact_filters=None, filter_file=None)[source]¶ Sets the source information.
- Parameters
source_path (str) – path of the source.
source_type (str) – source type.
artifact_filters (Optional[list[str]]) – names of artifact definitions to use as filters.
filter_file (Optional[str]) – filter file.
-
plaso.cli.storage_media_tool module¶
The storage media CLI tool.
-
class
plaso.cli.storage_media_tool.
StorageMediaTool
(input_reader=None, output_writer=None)[source]¶ Bases:
plaso.cli.tools.CLITool
CLI tool that supports a storage media device or image as input.
-
AddCredentialOptions
(argument_group)[source]¶ Adds the credential options to the argument group.
The credential options are use to unlock encrypted volumes.
- Parameters
argument_group (argparse._ArgumentGroup) – argparse argument group.
-
AddStorageMediaImageOptions
(argument_group)[source]¶ Adds the storage media image options to the argument group.
- Parameters
argument_group (argparse._ArgumentGroup) – argparse argument group.
-
AddVSSProcessingOptions
(argument_group)[source]¶ Adds the VSS processing options to the argument group.
- Parameters
argument_group (argparse._ArgumentGroup) – argparse argument group.
-
ScanSource
(source_path)[source]¶ Scans the source path for volume and file systems.
This function sets the internal source path specification and source type values.
- Parameters
source_path (str) – path to the source.
- Returns
source scanner context.
- Return type
dfvfs.SourceScannerContext
- Raises
SourceScannerError – if the format of or within the source is not supported.
-
plaso.cli.time_slices module¶
The time slice.
-
class
plaso.cli.time_slices.
TimeSlice
(event_timestamp, duration=5)[source]¶ Bases:
object
Time slice.
The time slice is used to provide a context of events around an event of interest.
-
duration
¶ duration of the time slice in minutes.
- Type
int
-
event_timestamp
¶ event timestamp of the time slice or None.
- Type
int
-
end_timestamp
¶ slice end timestamp or None.
- Type
int
-
start_timestamp
¶ slice start timestamp or None.
- Type
int
-
plaso.cli.tool_options module¶
plaso.cli.tools module¶
The command line interface (CLI) tools classes.
-
class
plaso.cli.tools.
CLIInputReader
(encoding='utf-8')[source]¶ Bases:
object
Command line interface input reader interface.
-
class
plaso.cli.tools.
CLIOutputWriter
(encoding='utf-8')[source]¶ Bases:
object
Command line interface output writer interface.
-
class
plaso.cli.tools.
CLITool
(input_reader=None, output_writer=None)[source]¶ Bases:
object
Command line interface tool.
-
list_timezones
¶ True if the time zones should be listed.
- Type
bool
-
preferred_encoding
¶ preferred encoding of single-byte or multi-byte character strings, sometimes referred to as extended ASCII.
- Type
str
-
show_troubleshooting
¶ True if troubleshooting information should be shown.
- Type
bool
-
AddBasicOptions
(argument_group)[source]¶ Adds the basic options to the argument group.
- Parameters
argument_group (argparse._ArgumentGroup) – argparse argument group.
-
AddInformationalOptions
(argument_group)[source]¶ Adds the informational options to the argument group.
- Parameters
argument_group (argparse._ArgumentGroup) – argparse argument group.
-
AddLogFileOptions
(argument_group)[source]¶ Adds the log file option to the argument group.
- Parameters
argument_group (argparse._ArgumentGroup) – argparse argument group.
-
AddTimeZoneOption
(argument_group)[source]¶ Adds the time zone option to the argument group.
- Parameters
argument_group (argparse._ArgumentGroup) – argparse argument group.
-
GetCommandLineArguments
()[source]¶ Retrieves the command line arguments.
- Returns
command line arguments.
- Return type
str
-
GetVersionInformation
()[source]¶ Retrieves the version information.
- Returns
version information.
- Return type
str
-
NAME
= ''¶
-
ParseNumericOption
(options, name, base=10, default_value=None)[source]¶ Parses a numeric option.
If the option is not set the default value is returned.
- Parameters
options (argparse.Namespace) – command line arguments.
name (str) – name of the numeric option.
base (Optional[int]) – base of the numeric value.
default_value (Optional[object]) – default value.
- Returns
numeric value.
- Return type
int
- Raises
BadConfigOption – if the options are invalid.
-
ParseStringOption
(options, argument_name, default_value=None)[source]¶ Parses a string command line argument.
- Parameters
options (argparse.Namespace) – command line arguments.
argument_name (str) – name of the command line argument.
default_value (Optional[object]) – default value of the command line argument.
- Returns
- command line argument value. If the command line argument is
not set the default value will be returned.
- Return type
object
- Raises
BadConfigOption – if the command line argument value cannot be converted to a Unicode string.
-
-
class
plaso.cli.tools.
FileObjectInputReader
(file_object, encoding='utf-8')[source]¶ Bases:
plaso.cli.tools.CLIInputReader
File object command line interface input reader.
This input reader relies on the file-like object having a readline method.
-
class
plaso.cli.tools.
FileObjectOutputWriter
(file_object, encoding='utf-8')[source]¶ Bases:
plaso.cli.tools.CLIOutputWriter
File object command line interface output writer.
This output writer relies on the file-like object having a write method.
-
class
plaso.cli.tools.
StdinInputReader
(encoding='utf-8')[source]¶ Bases:
plaso.cli.tools.FileObjectInputReader
Stdin command line interface input reader.
-
class
plaso.cli.tools.
StdoutOutputWriter
(encoding='utf-8')[source]¶ Bases:
plaso.cli.tools.FileObjectOutputWriter
Stdout command line interface output writer.
plaso.cli.views module¶
View classes.
-
class
plaso.cli.views.
BaseTableView
(column_names=None, title=None)[source]¶ Bases:
object
Table view interface.
-
class
plaso.cli.views.
CLITableView
(column_names=None, title=None)[source]¶ Bases:
plaso.cli.views.BaseTableView
Command line table view.
Note that currently this table view does not support more than 2 columns.
-
class
plaso.cli.views.
CLITabularTableView
(column_names=None, column_sizes=None, title=None)[source]¶ Bases:
plaso.cli.views.BaseTableView
Command line tabular table view interface.
-
class
plaso.cli.views.
MarkdownTableView
(column_names=None, title=None)[source]¶ Bases:
plaso.cli.views.BaseTableView
Markdown table view.
-
class
plaso.cli.views.
ViewsFactory
[source]¶ Bases:
object
Views factory.
-
FORMAT_TYPE_CLI
= 'cli'¶
-
FORMAT_TYPE_MARKDOWN
= 'markdown'¶
-
classmethod
GetTableView
(format_type, column_names=None, title=None)[source]¶ Retrieves a table view.
- Parameters
format_type (str) – table view format type.
column_names (Optional[list[str]]) – column names.
title (Optional[str]) – title.
- Returns
table view.
- Return type
- Raises
ValueError – if the format type is not supported.
-