Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package common :: Module profile_index
[frames] | no frames]

Module profile_index

source code

This module implements profile indexing.

Rekall relies on accurate profiles for reliable analysis of memory artifacts. We depend on selecting the correct profile from the profile repository, but sometimes it's hard to determine the exact profile to use. The profile repository has index files that are used to lookup the correct profile quickly, based on a limited set of symbols and offsets that are known, or can be easily detected, about the image.

Authors:
Michael Cohen <scudette@google.com>, Adam Sindelar <adamsh@google.com>, Jordi Sanchez <nop@google.com>
Classes
  IndexProfileLoader
  Index
A profile which contains an index to locate other profiles.
  SymbolOffsetIndex
A specialized index that works on symbols-offsets.
  LinuxSymbolOffsetIndex
Specialized symbol-offset index for linux.
Variables
  __package__ = 'rekall.plugins.common'
   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:27:46 2017 http://epydoc.sourceforge.net