Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Module guess_profile :: Class DetectionMethod
[frames] | no frames]

Class DetectionMethod

source code

A baseclass to implement autodetection methods.

Nested Classes
  __metaclass__
Automatic Plugin Registration through metaclasses.
  top_level_class
A baseclass to implement autodetection methods.
Instance Methods
 
__init__(self, session=None)
x.__init__(...) initializes x; see help(type(x)) for signature		 source code
 
Offsets(self)
Return a list of offsets we care about.		 source code
 
Keywords(self)
Returns a list of keywords which will be searched.		 source code
 
VerifyProfile(self, profile_name)
Check that the profile name is valid.		 source code
 
DetectFromHit(self, hit, file_offset, address_space)
Gets called for each hit.		 source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Methods
 
ImplementationByClass(self, name) source code
 
ImplementationByName(self, name) source code
Class Variables
  name = None
hash(x)
  order = 100
  find_dtb_impl = None
hash(x)
  classes = {'DarwinIndexDetector': <class 'rekall.plugins.guess...
  classes_by_name = {None: [<class 'rekall.plugins.guess_profile...
  plugin_feature = 'DetectionMethod'
Properties

Inherited from object: __class__

Method Details

__init__(self, session=None)
(Constructor)

source code 

x.__init__(...) initializes x; see help(type(x)) for signature

Overrides: object.__init__
(inherited documentation)

Keywords(self)

source code 

Returns a list of keywords which will be searched.

Each time the keyword is matched, this instance will be called to attempt detection.

DetectFromHit(self, hit, file_offset, address_space)

source code 

Gets called for each hit.

If a profile matches, return it, otherwise None.


Class Variable Details

classes

Value:
{'DarwinIndexDetector': <class 'rekall.plugins.guess_profile.DarwinInd\
exDetector'>,
 'DetectionMethod': <class 'rekall.plugins.guess_profile.DetectionMeth\
od'>,
 'LinuxBannerDetector': <class 'rekall.plugins.guess_profile.LinuxBann\
erDetector'>,
 'LinuxIndexDetector': <class 'rekall.plugins.guess_profile.LinuxIndex\
Detector'>,
...

classes_by_name

Value:
{None: [<class 'rekall.plugins.guess_profile.DetectionMethod'>],
 'linux': [<class 'rekall.plugins.guess_profile.LinuxBannerDetector'>]\
,
 'linux_index': [<class 'rekall.plugins.guess_profile.LinuxIndexDetect\
or'>],
 'nt_index': [<class 'rekall.plugins.guess_profile.WindowsIndexDetecto\
r'>],
 'ntfs': [<class 'rekall.plugins.filesystems.ntfs.NTFSDetector'>],
...

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:28:16 2017 http://epydoc.sourceforge.net