Package rekall :: Package plugins :: Package windows :: Package registry :: Module printkey

Module printkey

Authors:: Michael Cohen <scudette@gmail.com>, AAron Walters and Brendan Dolan-Gavitt

License: GNU General Public License 2.0 or later

Contact: awalters@volatilesystems.com,bdolangavitt@wesleyan.edu

Organization: Volatile Systems

Classes
	PrintKey Print a registry key, and its subkeys and values
	RegDump Dump all registry hives from memory into a dump directory.
	HiveDump Prints out a hive
	SAMProfile A profile to parse the SAM.
	Users Enumerate all users of this system.
	Services Enumerate all services.

Variables
	sam_vtypes = `{'F': [None, {'AccountExpiration': [32, ['WinFile...`
	__package__ = `'rekall.plugins.windows.registry'`

Variables Details

sam_vtypes

Value:

{'F': [None,
       {'AccountExpiration': [32, ['WinFileTime']],
        'FailedLoginCount': [64, ['unsigned short int']],
        'Flags': [56,
                  ['Flags',
                   {'maskmap': {'Account Disabled': 1,
                                'Account auto locked': 1024,
                                'Home directory required': 2,
...