plaso.cli package

Subpackages

Submodules

plaso.cli.extraction_tool module

plaso.cli.image_export_tool module

plaso.cli.log2timeline_tool module

plaso.cli.logger module

The cli sub module logger.

plaso.cli.pinfo_tool module

plaso.cli.psort_tool module

plaso.cli.psteal_tool module

plaso.cli.status_view module

The status view.

class plaso.cli.status_view.StatusView(output_writer, tool_name)[source]

Bases: object

Processing status view.

GetAnalysisStatusUpdateCallback()[source]

Retrieves the analysis status update callback function.

Returns:status update callback function or None if not available.
Return type:function
GetExtractionStatusUpdateCallback()[source]

Retrieves the extraction status update callback function.

Returns:status update callback function or None if not available.
Return type:function
MODE_LINEAR = 'linear'
MODE_WINDOW = 'window'
PrintExtractionStatusHeader(processing_status)[source]

Prints the extraction status header.

Parameters:processing_status (ProcessingStatus) – processing status.
PrintExtractionSummary(processing_status)[source]

Prints a summary of the extraction.

Parameters:processing_status (ProcessingStatus) – processing status.
SetMode(mode)[source]

Sets the mode.

Parameters:mode (str) – status view mode.
SetSourceInformation(source_path, source_type, artifact_filters=None, filter_file=None)[source]

Sets the source information.

Parameters:
  • source_path (str) – path of the source.
  • source_type (str) – source type.
  • artifact_filters (Optional[list[str]]) – names of artifact definitions to use as filters.
  • filter_file (Optional[str]) – filter file.
SetStorageFileInformation(storage_file_path)[source]

Sets the storage file information.

Parameters:storage_file_path (str) – path to the storage file.

plaso.cli.storage_media_tool module

The storage media CLI tool.

class plaso.cli.storage_media_tool.StorageMediaTool(input_reader=None, output_writer=None)[source]

Bases: plaso.cli.tools.CLITool

CLI tool that supports a storage media device or image as input.

AddCredentialOptions(argument_group)[source]

Adds the credential options to the argument group.

The credential options are use to unlock encrypted volumes.

Parameters:argument_group (argparse._ArgumentGroup) – argparse argument group.
AddStorageMediaImageOptions(argument_group)[source]

Adds the storage media image options to the argument group.

Parameters:argument_group (argparse._ArgumentGroup) – argparse argument group.
AddVSSProcessingOptions(argument_group)[source]

Adds the VSS processing options to the argument group.

Parameters:argument_group (argparse._ArgumentGroup) – argparse argument group.
ScanSource(source_path)[source]

Scans the source path for volume and file systems.

This function sets the internal source path specification and source type values.

Parameters:source_path (str) – path to the source.
Returns:source scanner context.
Return type:dfvfs.SourceScannerContext
Raises:SourceScannerError – if the format of or within the source is not supported.

plaso.cli.time_slices module

The time slice.

class plaso.cli.time_slices.TimeSlice(event_timestamp, duration=5)[source]

Bases: object

Time slice.

The time slice is used to provide a context of events around an event of interest.

duration

int – duration of the time slice in minutes.

event_timestamp

int – event timestamp of the time slice or None.

end_timestamp

int – slice end timestamp or None.

start_timestamp

int – slice start timestamp or None.

plaso.cli.tool_options module

plaso.cli.tools module

The command line interface (CLI) tools classes.

class plaso.cli.tools.CLIInputReader(encoding='utf-8')[source]

Bases: object

Command line interface input reader interface.

Read()[source]

Reads a string from the input.

Returns:input.
Return type:str
class plaso.cli.tools.CLIOutputWriter(encoding='utf-8')[source]

Bases: object

Command line interface output writer interface.

Write(string)[source]

Writes a string to the output.

Parameters:string (str) – output.
class plaso.cli.tools.CLITool(input_reader=None, output_writer=None)[source]

Bases: object

Command line interface tool.

list_timezones

bool – True if the time zones should be listed.

preferred_encoding

str – preferred encoding of single-byte or multi-byte character strings, sometimes referred to as extended ASCII.

AddBasicOptions(argument_group)[source]

Adds the basic options to the argument group.

Parameters:argument_group (argparse._ArgumentGroup) – argparse argument group.
AddInformationalOptions(argument_group)[source]

Adds the informational options to the argument group.

Parameters:argument_group (argparse._ArgumentGroup) – argparse argument group.
AddLogFileOptions(argument_group)[source]

Adds the log file option to the argument group.

Parameters:argument_group (argparse._ArgumentGroup) – argparse argument group.
AddTimeZoneOption(argument_group)[source]

Adds the time zone option to the argument group.

Parameters:argument_group (argparse._ArgumentGroup) – argparse argument group.
GetCommandLineArguments()[source]

Retrieves the command line arguments.

Returns:command line arguments.
Return type:str
GetVersionInformation()[source]

Retrieves the version information.

Returns:version information.
Return type:str
ListTimeZones()[source]

Lists the timezones.

NAME = ''
ParseNumericOption(options, name, base=10, default_value=None)[source]

Parses a numeric option.

If the option is not set the default value is returned.

Parameters:
  • options (argparse.Namespace) – command line arguments.
  • name (str) – name of the numeric option.
  • base (Optional[int]) – base of the numeric value.
  • default_value (Optional[object]) – default value.
Returns:

numeric value.
Return type:

int
Raises:

BadConfigOption – if the options are invalid.
ParseStringOption(options, argument_name, default_value=None)[source]

Parses a string command line argument.

Parameters:
  • options (argparse.Namespace) – command line arguments.
  • argument_name (str) – name of the command line argument.
  • default_value (Optional[object]) – default value of the command line argument.
Returns:

command line argument value. If the command line argument is

not set the default value will be returned.
Return type:

object
Raises:

BadConfigOption – if the command line argument value cannot be converted to a Unicode string.
PrintSeparatorLine()[source]

Prints a separator line.

class plaso.cli.tools.FileObjectInputReader(file_object, encoding='utf-8')[source]

Bases: plaso.cli.tools.CLIInputReader

File object command line interface input reader.

This input reader relies on the file-like object having a readline method.

Read()[source]

Reads a string from the input.

Returns:input.
Return type:str
class plaso.cli.tools.FileObjectOutputWriter(file_object, encoding='utf-8')[source]

Bases: plaso.cli.tools.CLIOutputWriter

File object command line interface output writer.

This output writer relies on the file-like object having a write method.

Write(string)[source]

Writes a string to the output.

Parameters:string (str) – output.
class plaso.cli.tools.StdinInputReader(encoding='utf-8')[source]

Bases: plaso.cli.tools.FileObjectInputReader

Stdin command line interface input reader.

class plaso.cli.tools.StdoutOutputWriter(encoding='utf-8')[source]

Bases: plaso.cli.tools.FileObjectOutputWriter

Stdout command line interface output writer.

Write(string)[source]

Writes a string to the output.

Parameters:string (str) – output.

plaso.cli.views module

View classes.

class plaso.cli.views.BaseTableView(column_names=None, title=None)[source]

Bases: object

Table view interface.

AddRow(values)[source]

Adds a row of values.

Parameters:values (list[object]) – values.
Raises:ValueError – if the number of values is out of bounds.
Write(output_writer)[source]

Writes the table to the output writer.

Parameters:output_writer (OutputWriter) – output writer.
class plaso.cli.views.CLITableView(column_names=None, title=None)[source]

Bases: plaso.cli.views.BaseTableView

Command line table view.

Note that currently this table view does not support more than 2 columns.

AddRow(values)[source]

Adds a row of values.

Parameters:values (list[object]) – values.
Raises:ValueError – if the number of values is out of bounds.
Write(output_writer)[source]

Writes the table to the output writer.

Parameters:output_writer (OutputWriter) – output writer.
Raises:RuntimeError – if the title exceeds the maximum width or if the table has more than 2 columns or if the column width is out of bounds.
class plaso.cli.views.CLITabularTableView(column_names=None, column_sizes=None, title=None)[source]

Bases: plaso.cli.views.BaseTableView

Command line tabular table view interface.

AddRow(values)[source]

Adds a row of values.

Parameters:values (list[object]) – values.
Raises:ValueError – if the number of values is out of bounds.
Write(output_writer)[source]

Writes the table to the output writer.

Parameters:output_writer (OutputWriter) – output writer.
class plaso.cli.views.MarkdownTableView(column_names=None, title=None)[source]

Bases: plaso.cli.views.BaseTableView

Markdown table view.

Write(output_writer)[source]

Writes the table to the output writer.

Parameters:output_writer (OutputWriter) – output writer.
class plaso.cli.views.ViewsFactory[source]

Bases: object

Views factory.

FORMAT_TYPE_CLI = 'cli'
FORMAT_TYPE_MARKDOWN = 'markdown'
classmethod GetTableView(format_type, column_names=None, title=None)[source]

Retrieves a table view.

Parameters:
  • format_type (str) – table view format type.
  • column_names (Optional[list[str]]) – column names.
  • title (Optional[str]) – title.
Returns:

table view.
Return type:

BaseTableView
Raises:

ValueError – if the format type is not supported.

Module contents