Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package response :: Module common
[frames] | no frames]

Module common

source code

This module adds support for incident response to Rekall.

Author: Michael Cohen <scudette@google.com>

Classes
  APIDummyPhysicalAddressSpace
  APIBaseProfile
A class representing the profile for IR (live) analysis.
  FileSpec
Specification of a file path.
  User
A class to represent a user.
  Group
A class to represent a user.
  FileInformation
An object representing a file on disk.
  Permissions
An object to represent permissions.
  AbstractIRCommandPlugin
A base class for all IR plugins.
  AbstractAPICommandPlugin
A base class for all API access plugins.
Functions
 
FileFactory(filename, session=None)
Return the correct FileInformation class from the filename.		 source code
Variables
  FILE_SPEC_DISPATCHER = {'API': <class 'rekall.plugins.response...
  __package__ = 'rekall.plugins.response'
Function Details

FileFactory(filename, session=None)

source code 

Return the correct FileInformation class from the filename.

Currently we only support OS API accessible files, but in the future we will also support NTFS files.


Variables Details

FILE_SPEC_DISPATCHER

Value:
{'API': <class 'rekall.plugins.response.common.FileInformation'>}

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:27:47 2017 http://epydoc.sourceforge.net