Package rekall :: Package plugins :: Package response :: Module processes

Module processes

Rekall plugins for displaying processes in live triaging.

Classes
	LiveProcess
	APIProcessFilter A live process filter using the system APIs.
	APILsof A plugin which lists all open files.
	APIPslist A live pslist plugin using the APIs.
	APISetProcessContext A cc plugin for setting process context to live mode.
	APIProcessScanner Scanner for scanning processes using the ReadProcessMemory() API.
	ProcessYaraScanner Yara scan process memory using the ReadProcessMemory() API.

Variables
	psutil_fields = `['cmdline', 'connections', 'cpu_affinity', 'cp...`
	properties = `{'__slots__': (), 'cmdline': <property object at ...`
	__package__ = `'rekall.plugins.response'`
	field = `'num_handles'`

Variables Details

Value:

['cmdline',
 'connections',
 'cpu_affinity',
 'cpu_percent',
 'cpu_times',
 'create_time',
 'cwd',
 'environ',
...

Value:

dict(__slots__= ())