plaso.cli package

Subpackages

• plaso.cli.helpers package
  • Submodules
  • plaso.cli.helpers.analysis_plugins module
  • plaso.cli.helpers.artifact_definitions module
  • plaso.cli.helpers.artifact_filters module
  • plaso.cli.helpers.data_location module
  • plaso.cli.helpers.database_config module
  • plaso.cli.helpers.date_filters module
  • plaso.cli.helpers.dynamic_output module
  • plaso.cli.helpers.elastic_output module
  • plaso.cli.helpers.event_filters module
  • plaso.cli.helpers.extraction module
  • plaso.cli.helpers.filter_file module
  • plaso.cli.helpers.hashers module
  • plaso.cli.helpers.interface module
  • plaso.cli.helpers.language module
  • plaso.cli.helpers.manager module
  • plaso.cli.helpers.mysql_4n6time_output module
  • plaso.cli.helpers.nsrlsvr_analysis module
  • plaso.cli.helpers.output_modules module
  • plaso.cli.helpers.parsers module
  • plaso.cli.helpers.process_resources module
  • plaso.cli.helpers.profiling module
  • plaso.cli.helpers.server_config module
  • plaso.cli.helpers.sessionize_analysis module
  • plaso.cli.helpers.shared_4n6time_output module
  • plaso.cli.helpers.sqlite_4n6time_output module
  • plaso.cli.helpers.status_view module
  • plaso.cli.helpers.storage_file module
  • plaso.cli.helpers.storage_format module
  • plaso.cli.helpers.tagging_analysis module
  • plaso.cli.helpers.temporary_directory module
  • plaso.cli.helpers.text_prepend module
  • plaso.cli.helpers.timesketch_output module
  • plaso.cli.helpers.viper_analysis module
  • plaso.cli.helpers.virustotal_analysis module
  • plaso.cli.helpers.windows_services_analysis module
  • plaso.cli.helpers.workers module
  • plaso.cli.helpers.xlsx_output module
  • plaso.cli.helpers.yara_rules module
  • Module contents

Submodules

plaso.cli.extraction_tool module

plaso.cli.image_export_tool module

plaso.cli.log2timeline_tool module

plaso.cli.logger module

The cli sub module logger.

plaso.cli.pinfo_tool module

plaso.cli.psort_tool module

plaso.cli.psteal_tool module

plaso.cli.status_view module

The status view.

class plaso.cli.status_view.StatusView(output_writer, tool_name)

Bases: object

Processing status view.

GetAnalysisStatusUpdateCallback()

Retrieves the analysis status update callback function.

Returns

status update callback function or None if not available.

Return type

function

GetExtractionStatusUpdateCallback()

Retrieves the extraction status update callback function.

Returns

status update callback function or None if not available.

Return type

function

MODE_LINEAR = 'linear'

MODE_WINDOW = 'window'

PrintExtractionStatusHeader(processing_status)

Prints the extraction status header.

Parameters

processing_status (ProcessingStatus) – processing status.

PrintExtractionSummary(processing_status)

Prints a summary of the extraction.

Parameters

processing_status (ProcessingStatus) – processing status.

SetMode(mode)

Sets the mode.

Parameters

mode (str) – status view mode.

SetSourceInformation(source_path, source_type, artifact_filters=None, filter_file=None)

Sets the source information.

Parameters

• source_path (str) – path of the source.

• source_type (str) – source type.

• artifact_filters (Optional[list[str]]) – names of artifact definitions to use as filters.

• filter_file (Optional[str]) – filter file.

SetStorageFileInformation(storage_file_path)

Sets the storage file information.

Parameters

storage_file_path (str) – path to the storage file.

plaso.cli.storage_media_tool module

The storage media CLI tool.

class plaso.cli.storage_media_tool.StorageMediaTool(input_reader=None, output_writer=None)

Bases: plaso.cli.tools.CLITool

CLI tool that supports a storage media device or image as input.

AddCredentialOptions(argument_group)

Adds the credential options to the argument group.

The credential options are use to unlock encrypted volumes.

Parameters

argument_group (argparse._ArgumentGroup) – argparse argument group.

AddStorageMediaImageOptions(argument_group)

Adds the storage media image options to the argument group.

Parameters

argument_group (argparse._ArgumentGroup) – argparse argument group.

AddVSSProcessingOptions(argument_group)

Adds the VSS processing options to the argument group.

Parameters

argument_group (argparse._ArgumentGroup) – argparse argument group.

ScanSource(source_path)

Scans the source path for volume and file systems.

This function sets the internal source path specification and source type values.

Parameters

source_path (str) – path to the source.

Returns

source scanner context.

Return type

dfvfs.SourceScannerContext

Raises

SourceScannerError – if the format of or within the source is not supported.

plaso.cli.time_slices module

The time slice.

class plaso.cli.time_slices.TimeSlice(event_timestamp, duration=5)

Bases: object

Time slice.

The time slice is used to provide a context of events around an event of interest.

duration

duration of the time slice in minutes.

Type

int

event_timestamp

event timestamp of the time slice or None.

Type

int

end_timestamp

slice end timestamp or None.

Type

int

start_timestamp

slice start timestamp or None.

Type

int

plaso.cli.tool_options module

plaso.cli.tools module

The command line interface (CLI) tools classes.

class plaso.cli.tools.CLIInputReader(encoding='utf-8')

Bases: object

Command line interface input reader interface.

Read()

Reads a string from the input.

Returns

input.

Return type

str

class plaso.cli.tools.CLIOutputWriter(encoding='utf-8')

Bases: object

Command line interface output writer interface.

Write(string)

Writes a string to the output.

Parameters

string (str) – output.

class plaso.cli.tools.CLITool(input_reader=None, output_writer=None)

Bases: object

Command line interface tool.

list_timezones

True if the time zones should be listed.

Type

bool

preferred_encoding

preferred encoding of single-byte or multi-byte character strings, sometimes referred to as extended ASCII.

Type

str

show_troubleshooting

True if troubleshooting information should be shown.

Type

bool

AddBasicOptions(argument_group)

Adds the basic options to the argument group.

Parameters

argument_group (argparse._ArgumentGroup) – argparse argument group.

AddInformationalOptions(argument_group)

Adds the informational options to the argument group.

Parameters

argument_group (argparse._ArgumentGroup) – argparse argument group.

AddLogFileOptions(argument_group)

Adds the log file option to the argument group.

Parameters

argument_group (argparse._ArgumentGroup) – argparse argument group.

AddTimeZoneOption(argument_group)

Adds the time zone option to the argument group.

Parameters

argument_group (argparse._ArgumentGroup) – argparse argument group.

GetCommandLineArguments()

Retrieves the command line arguments.

Returns

command line arguments.

Return type

str

GetVersionInformation()

Retrieves the version information.

Returns

version information.

Return type

str

ListTimeZones()

Lists the timezones.

NAME = ''

ParseNumericOption(options, name, base=10, default_value=None)

Parses a numeric option.

If the option is not set the default value is returned.

Parameters

• options (argparse.Namespace) – command line arguments.

• name (str) – name of the numeric option.

• base (Optional[int]) – base of the numeric value.

• default_value (Optional[object]) – default value.

Returns

numeric value.

Return type

int

Raises

BadConfigOption – if the options are invalid.

ParseStringOption(options, argument_name, default_value=None)

Parses a string command line argument.

Parameters

• options (argparse.Namespace) – command line arguments.

• argument_name (str) – name of the command line argument.

• default_value (Optional[object]) – default value of the command line argument.

Returns

command line argument value. If the command line argument is

not set the default value will be returned.

Return type

object

Raises

BadConfigOption – if the command line argument value cannot be converted to a Unicode string.

PrintSeparatorLine()

Prints a separator line.

class plaso.cli.tools.FileObjectInputReader(file_object, encoding='utf-8')

Bases: plaso.cli.tools.CLIInputReader

File object command line interface input reader.

This input reader relies on the file-like object having a readline method.

Read()

Reads a string from the input.

Returns

input.

Return type

str

class plaso.cli.tools.FileObjectOutputWriter(file_object, encoding='utf-8')

Bases: plaso.cli.tools.CLIOutputWriter

File object command line interface output writer.

This output writer relies on the file-like object having a write method.

Write(string)

Writes a string to the output.

Parameters

string (str) – output.

class plaso.cli.tools.StdinInputReader(encoding='utf-8')

Bases: plaso.cli.tools.FileObjectInputReader

Stdin command line interface input reader.

class plaso.cli.tools.StdoutOutputWriter(encoding='utf-8')

Bases: plaso.cli.tools.FileObjectOutputWriter

Stdout command line interface output writer.

Write(string)

Writes a string to the output.

Parameters

string (str) – output.

plaso.cli.views module

View classes.

class plaso.cli.views.BaseTableView(column_names=None, title=None)

Bases: object

Table view interface.

AddRow(values)

Adds a row of values.

Parameters

values (list[object]) – values.

Raises

ValueError – if the number of values is out of bounds.

Write(output_writer)

Writes the table to the output writer.

Parameters

output_writer (OutputWriter) – output writer.

class plaso.cli.views.CLITableView(column_names=None, title=None)

Bases: plaso.cli.views.BaseTableView

Command line table view.

Note that currently this table view does not support more than 2 columns.

AddRow(values)

Adds a row of values.

Parameters

values (list[object]) – values.

Raises

ValueError – if the number of values is out of bounds.

Write(output_writer)

Writes the table to the output writer.

Parameters

output_writer (OutputWriter) – output writer.

Raises

RuntimeError – if the title exceeds the maximum width or if the table has more than 2 columns or if the column width is out of bounds.

class plaso.cli.views.CLITabularTableView(column_names=None, column_sizes=None, title=None)

Bases: plaso.cli.views.BaseTableView

Command line tabular table view interface.

AddRow(values)

Adds a row of values.

Parameters

values (list[object]) – values.

Raises

ValueError – if the number of values is out of bounds.

Write(output_writer)

Writes the table to the output writer.

Parameters

output_writer (OutputWriter) – output writer.

class plaso.cli.views.MarkdownTableView(column_names=None, title=None)

Bases: plaso.cli.views.BaseTableView

Markdown table view.

Write(output_writer)

Writes the table to the output writer.

Parameters

output_writer (OutputWriter) – output writer.

class plaso.cli.views.ViewsFactory

Bases: object

Views factory.

FORMAT_TYPE_CLI = 'cli'

FORMAT_TYPE_MARKDOWN = 'markdown'

classmethod GetTableView(format_type, column_names=None, title=None)

Retrieves a table view.

Parameters

• format_type (str) – table view format type.

• column_names (Optional[list[str]]) – column names.

• title (Optional[str]) – title.

Returns

table view.

Return type

BaseTableView

Raises

ValueError – if the format type is not supported.

Module contents