Package rekall :: Package plugins :: Package windows :: Package registry :: Module evtlogs

Module evtlogs

Author: Jamie Levy (gleeda)

License: GNU General Public License 2.0 or later

Contact: jamie.levy@gmail.com

Organization: Volatile Systems

Classes
	EVTObjectTypes An implementation for parsing event logs.
	EVTScanner
	EvtLogs Extract Windows Event Logs (XP/2003 only)

Variables
	evt_log_types = `{'EVTLogHeader': [48, {'HeaderSize': [0, ['uns...`
	__package__ = `'rekall.plugins.windows.registry'`

Variables Details

evt_log_types

Value:

{'EVTLogHeader': [48,
                  {'HeaderSize': [0, ['unsigned int']],
                   'Magic': [4, ['String', {'length': 4}]],
                   'MaxSize': [32, ['int']],
                   'NextID': [24, ['int']],
                   'OffsetNextToWrite': [20, ['int']],
                   'OffsetOldest': [16, ['int']],
                   'OldestID': [28, ['int']],
...