Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package windows :: Module misc
[frames] | no frames]

Module misc

source code

Miscelaneous information gathering plugins.

Author: Michael Cohen <scudette@google.com>

Classes
  WinPhysicalMap
Prints the boot physical memory map.
  WindowsSetProcessContext
A cc plugin for windows.
  WinVirtualMap
Prints the Windows Kernel Virtual Address Map.
  Objects
Displays all object Types on the system.
  ImageInfo
List overview information about this image.
  WinImageFingerprint
Fingerprint the current image.
  ObjectTree
Visualize the kernel object tree.
  WindowsTimes
Return current time, as known to the kernel.
Variables
  __package__ = 'rekall.plugins.windows'
   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:27:47 2017 http://epydoc.sourceforge.net