plaso.preprocessors package

Submodules

plaso.preprocessors.interface module

This file contains classes used for preprocessing in plaso.

class plaso.preprocessors.interface.ArtifactPreprocessorPlugin[source]

Bases: object

The artifact preprocessor plugin interface.

The artifact preprocessor determines preprocessing attributes based on an artifact definition defined by ARTIFACT_DEFINITION_NAME.

ARTIFACT_DEFINITION_NAME = None
class plaso.preprocessors.interface.FileArtifactPreprocessorPlugin[source]

Bases: plaso.preprocessors.interface.FileEntryArtifactPreprocessorPlugin

File artifact preprocessor plugin interface.

Shared functionality for preprocessing attributes based on a file artifact definition, such as file or path.

class plaso.preprocessors.interface.FileEntryArtifactPreprocessorPlugin[source]

Bases: plaso.preprocessors.interface.FileSystemArtifactPreprocessorPlugin

File entry artifact preprocessor plugin interface.

Shared functionality for preprocessing attributes based on a file entry artifact definition, such as file or path.

class plaso.preprocessors.interface.FileSystemArtifactPreprocessorPlugin[source]

Bases: plaso.preprocessors.interface.ArtifactPreprocessorPlugin

File system artifact preprocessor plugin interface.

Shared functionality for preprocessing attributes based on a file system artifact definition, such as file or path.

Collect(knowledge_base, artifact_definition, searcher, file_system)[source]

Collects values using a file artifact definition.

Parameters

  • knowledge_base (KnowledgeBase) – to fill with preprocessing information.

  • artifact_definition (artifacts.ArtifactDefinition) – artifact definition.

  • searcher (dfvfs.FileSystemSearcher) – file system searcher to preprocess the file system.

  • file_system (dfvfs.FileSystem) – file system to be preprocessed.

Raises

PreProcessFail – if the preprocessing fails.

class plaso.preprocessors.interface.KnowledgeBasePreprocessorPlugin[source]

Bases: object

The knowledge base preprocessor plugin interface.

The knowledge base preprocessor determines preprocessing attributes based on other values in the knowledge base.

Collect(knowledge_base)[source]

Collects values from the knowledge base.

Parameters

knowledge_base (KnowledgeBase) – to fill with preprocessing information.

Raises

PreProcessFail – if the preprocessing fails.

class plaso.preprocessors.interface.WindowsRegistryKeyArtifactPreprocessorPlugin[source]

Bases: plaso.preprocessors.interface.ArtifactPreprocessorPlugin

Windows Registry key artifact preprocessor plugin interface.

Shared functionality for preprocessing attributes based on a Windows Registry artifact definition, such as Windows Registry key or value.

Collect(knowledge_base, artifact_definition, searcher)[source]

Collects values using a Windows Registry value artifact definition.

Parameters

  • knowledge_base (KnowledgeBase) – to fill with preprocessing information.

  • artifact_definition (artifacts.ArtifactDefinition) – artifact definition.

  • searcher (dfwinreg.WinRegistrySearcher) – Windows Registry searcher to preprocess the Windows Registry.

Raises

PreProcessFail – if the Windows Registry key or value cannot be read.

class plaso.preprocessors.interface.WindowsRegistryValueArtifactPreprocessorPlugin[source]

Bases: plaso.preprocessors.interface.WindowsRegistryKeyArtifactPreprocessorPlugin

Windows Registry value artifact preprocessor plugin interface.

Shared functionality for preprocessing attributes based on a Windows Registry value artifact definition.

plaso.preprocessors.linux module

plaso.preprocessors.logger module

The preprocessors sub module logger.

plaso.preprocessors.macos module

plaso.preprocessors.manager module

plaso.preprocessors.windows module

Module contents