Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package linux :: Module bash
[frames] | no frames]

Module bash

source code

Scan for bash history entries.

Based on the algorithm by Andrew Case but greatly optimised for speed.

Author: Michael Cohen <scudette@gmail.com>

Classes
  TimestampScanner
Search for the realine timestamps.
  HeapTimestampScanner
  LinHistoryScanner
Scan for the realine history struct.
  HeapHistoryScanner
Only scan for history in the heap.
  BashProfile64
Profile to parse internal bash data structures.
  BashProfile32
Profile to parse internal bash data structures.
  BashHistory
Scan the bash process for history.
Variables
  __package__ = 'rekall.plugins.linux'
   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:27:46 2017 http://epydoc.sourceforge.net