Package rekall :: Package plugins :: Package response :: Module forensic_artifacts

Module forensic_artifacts

This module implements plugins related to forensic artifacts.

https://github.com/ForensicArtifacts

Author: Michael Cohen <scudette@google.com>

Classes
	ArtifactResult Bundle all the results from an artifact.
	BaseArtifactResultWriter Writes the results of artifacts.
	DirectoryBasedWriter
	ZipBasedWriter
	SourceType All sources inherit from this.
	RekallEFilterArtifacts Class to support Rekall Efilter artifact types.
	LiveModeSourceMixin
	FileSourceType
	ArtifactGroupSourceType
	WMISourceType
	RegistryKeySourceType
	RegistryValueSourceType
	ArtifactDefinition The main artifact class.
	ArtifactDefinitionProfileSectionLoader Loads artifacts from the artifact profiles.
	ArtifactProfile A profile containing artifact definitions.
	ArtifactsCollector Collects artifacts.
	ArtifactsView
	ArtifactsList List details about all known artifacts.
	ArtifactResult_TextObjectRenderer
	ArtifactResult_DataExportObjectRenderer

Variables
	TYPE_INDICATOR_REKALL = `'REKALL_EFILTER'`
	REKALL_IMAGE_TYPES = `['Windows', 'WindowsAPI', 'Linux', 'Linux...`
	SOURCE_TYPES = `{'ARTIFACT_GROUP': <class 'rekall.plugins.respo...`
	__package__ = `'rekall.plugins.response'`

Variables Details

REKALL_IMAGE_TYPES

Value:

['Windows', 'WindowsAPI', 'Linux', 'LinuxAPI', 'Darwin', 'DarwinAPI']

SOURCE_TYPES

Value:

{'ARTIFACT_GROUP': <class 'rekall.plugins.response.forensic_artifacts.
ArtifactGroupSourceType'>,
 'FILE': <class 'rekall.plugins.response.forensic_artifacts.FileSource
Type'>,
 'REGISTRY_KEY': <class 'rekall.plugins.response.forensic_artifacts.Re
gistryKeySourceType'>,
 'REGISTRY_VALUE': <class 'rekall.plugins.response.forensic_artifacts.
RegistryValueSourceType'>,
...