Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package windows :: Package registry :: Module lsasecrets
[frames] | no frames]

Module lsasecrets

source code

Author: Brendan Dolan-Gavitt

License: GNU General Public License 2.0 or later

Contact: bdolangavitt@wesleyan.edu

Functions
 
get_lsa_key(sec_registry, bootkey) source code
 
decrypt_secret(secret, key)
Python implementation of SystemFunction005.		 source code
 
get_secret_by_name(secaddr, name, lsakey) source code
 
get_secrets(sys_registry, sec_registry) source code
Variables
  lsa_types = {'LSA_BLOB': [8, {'cbData': [0, ['unsigned int']],...
  __package__ = 'rekall.plugins.windows.registry'
Function Details

decrypt_secret(secret, key)

source code 

Python implementation of SystemFunction005.

Decrypts a block of data with DES using given key. Note that key can be longer than 7 bytes.


Variables Details

lsa_types

Value:
{'LSA_BLOB': [8,
              {'cbData': [0, ['unsigned int']],
               'cbMaxData': [4, ['unsigned int']],
               'szData': [8,
                          ['String',
                           {'length': <function <lambda> at 0x7fafce5b\
f230>}]]}]}

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:27:47 2017 http://epydoc.sourceforge.net