plaso.parsers.bencode_plugins package

Submodules

plaso.parsers.bencode_plugins.interface module

Bencode parser plugin interface.

class plaso.parsers.bencode_plugins.interface.BencodePlugin[source]

Bases: BasePlugin

Bencode parser plugin interface.

CheckRequiredKeys(bencode_file)[source]

Checks if the bencode file has the minimal keys required by the plugin.

Parameters:

bencode_file (BencodeFile) – bencode file.

Returns:

True if the bencode file has the minimum keys defined by the plugin,: or False if it does not or no required keys are defined. The bencode file can have more keys than specified by the plugin and still return True.

Return type:

bool

DATA_FORMAT = 'Bencoded file'

NAME = 'bencode_plugin'

abstract Process(parser_mediator, bencode_file=None, **kwargs)[source]

Extracts events from a bencode file.

This is the main method that a Bencode plugin needs to implement.

The contents of the bencode keys defined in _BENCODE_KEYS can be made available to the plugin as both a matched{‘KEY’: ‘value’} and as the entire bencoded data dictionary.

Parameters:

parser_mediator (ParserMediator) – mediates interactions between parsers and other components, such as storage and dfvfs.
bencode_file (Optional[BencodeFile]) – bencode file.

plaso.parsers.bencode_plugins.transmission module

Bencode parser plugin for Transmission BitTorrent files.

class plaso.parsers.bencode_plugins.transmission.TransmissionBencodePlugin[source]

Bases: BencodePlugin

Parse Transmission BitTorrent activity file for current torrents.

Transmission stores an individual Bencoded file for each active download in a folder named resume under the user’s application data folder.

DATA_FORMAT = 'Transmission BitTorrent activity file'

NAME = 'bencode_transmission'

Process(parser_mediator, bencode_file=None, **kwargs)[source]

Extracts events from a Transmission’s resume folder file.

Parameters:

parser_mediator (ParserMediator) – mediates interactions between parsers and other components, such as storage and dfVFS.
bencode_file (Optional[BencodeFile]) – bencode file.

class plaso.parsers.bencode_plugins.transmission.TransmissionEventData(*args: Any, **kwargs: Any)[source]

Bases: EventData

Transmission BitTorrent event data.

added_time

date and time the torrent was added to Transmission.

Type:: dfdatetime.DateTimeValues

destination

path of the downloaded file.

Type:: str

downloaded_time

date and time the content was downloaded.

Type:: dfdatetime.DateTimeValues

last_activity_time

date and time of the last download activity.

Type:: dfdatetime.DateTimeValues

seedtime

client seed time in number of minutes.

Type:: int

DATA_TYPE = 'p2p:bittorrent:transmission'

__init__()[source]: Initializes event data.

plaso.parsers.bencode_plugins.utorrent module

Bencode parser plugin for uTorrent active torrent files.

class plaso.parsers.bencode_plugins.utorrent.UTorrentBencodePlugin[source]

Bases: BencodePlugin

Plugin to extract parse uTorrent active torrent files.

uTorrent creates a file, resume.dat, and a backup, resume.dat.old, to for all active torrents. This is typically stored in the user’s application data folder.

These files, at a minimum, contain a ‘.fileguard’ key and a dictionary with a key name for a particular download with a ‘.torrent’ file extension.

DATA_FORMAT = 'uTorrent active torrent file'

NAME = 'bencode_utorrent'

Process(parser_mediator, bencode_file=None, **kwargs)[source]

Extracts events from an uTorrent active torrent file.

Parameters:

parser_mediator (ParserMediator) – mediates interactions between parsers and other components, such as storage and dfVFS.
bencode_file (Optional[BencodeFile]) – bencode file.

class plaso.parsers.bencode_plugins.utorrent.UTorrentEventData(*args: Any, **kwargs: Any)[source]

Bases: EventData

UTorrent active torrent event data.

added_time

date and time the torrent was added to Transmission.

Type:: dfdatetime.DateTimeValues

caption

official name of package.

Type:: str

destination

path of the downloaded file.

Type:: str

downloaded_time

date and time the content was downloaded.

Type:: dfdatetime.DateTimeValues

modification_times

modification dates and times.

Type:: list[dfdatetime.DateTimeValues]

seedtime

client seed time in number of minutes.

Type:: int

DATA_TYPE = 'p2p:bittorrent:utorrent'

__init__()[source]: Initializes event data.

Module contents

Imports for the bencode parser.