Class RekallEFilterArtifacts

source code

Class to support Rekall Efilter artifact types.

Instance Methods

__init__(self, source_definition, **kw)
x.__init__(...) initializes x; see help(type(x)) for signature

source code

GetImageType(self, session)
Returns one of the standard image types based on the session.

source code

is_active(self, session=None)
Determine if this source is active.

source code

apply(self, session=None, **kwargs)
Generate ArtifactResult instances.

source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Variables
	allowed_types = `{'any': <type 'str'>, 'epoch': <type 'float'>,...`

Properties
Inherited from `object`: `__class__`

Method Details

init(self, source_definition, **kw)
(Constructor)

source code

x.__init__(...) initializes x; see help(type(x)) for signature

Overrides: object.__init__: (inherited documentation)

is_active(self, session=None)

source code

Determine if this source is active.

Overrides: SourceType.is_active

apply(self, session=None, **kwargs)

source code

Generate ArtifactResult instances.

Overrides: SourceType.apply: (inherited documentation)

Class Variable Details

allowed_types

Value:

{'any': <type 'str'>,
 'epoch': <type 'float'>,
 'float': <type 'float'>,
 'int': <type 'int'>,
 'str': <type 'str'>,
 'unicode': <type 'unicode'>}

Class RekallEFilterArtifacts

__init__(self, source_definition, **kw) (Constructor)

is_active(self, session=None)

apply(self, session=None, **kwargs)

allowed_types

init(self, source_definition, **kw)
(Constructor)