| Trees | Indices | Help |
|
|---|
|
|
Fingerprint the current image. This parameter tries to get something unique about the image quickly. The idea is that two different images (even of the same system at different points in time) will have very different fingerprints. The fingerprint is used as a key to cache persistent information about the system. Live systems can not have a stable fingerprint and so return a NoneObject() here. We return a list of tuples: (physical_offset, expected_data) The list uniquely identifies the image. If one were to read all physical offsets and find the expected_data at these locations, then we have a very high level of confidence that the image is unique and matches the fingerprint.
| Nested Classes | |
|
__metaclass__ Automatic Plugin Registration through metaclasses. (Inherited from rekall.kb.ParameterHook) |
|
|
top_level_class A mechanism for automatically calculating a parameter. (Inherited from rekall.kb.ParameterHook) |
|
| Instance Methods | |||
|
|||
|
|||
|
Inherited from |
|||
| Class Methods | |||
|
|||
|
|||
|
|||
| Class Variables | |
name = hash(x) |
|
classes = |
|
classes_by_name = |
|
expiry = Nonehash(x) (Inherited from rekall.kb.ParameterHook) |
|
mode = hash(x) (Inherited from rekall.plugins.windows.common.AbstractWindowsParameterHook) |
|
plugin_feature = |
|
volatile = True
(Inherited from rekall.kb.ParameterHook)
|
|
| Properties | |
|
Inherited from |
| Method Details |
Derive the value of the parameter.
|
|
|
| Trees | Indices | Help |
|
|---|
| Generated by Epydoc 3.0.1 on Mon Oct 9 03:29:16 2017 | http://epydoc.sourceforge.net |