plaso.parsers.bencode_plugins package

Submodules

plaso.parsers.bencode_plugins.interface module

Bencode parser plugin interface.

class plaso.parsers.bencode_plugins.interface.BencodePlugin[source]

Bases: BasePlugin

Bencode parser plugin interface.

CheckRequiredKeys(bencode_file)[source]

Checks if the bencode file has the minimal keys required by the plugin.

Parameters

bencode_file (BencodeFile) – bencode file.

Returns

True if the bencode file has the minimum keys defined by the plugin,: or False if it does not or no required keys are defined. The bencode file can have more keys than specified by the plugin and still return True.

Return type

bool

DATA_FORMAT = 'Bencoded file'

NAME = 'bencode_plugin'

abstract Process(parser_mediator, bencode_file=None, **kwargs)[source]

Extracts events from a bencode file.

This is the main method that a Bencode plugin needs to implement.

The contents of the bencode keys defined in _BENCODE_KEYS can be made available to the plugin as both a matched{‘KEY’: ‘value’} and as the entire bencoded data dictionary.

Parameters

parser_mediator (ParserMediator) – mediates interactions between parsers and other components, such as storage and dfvfs.
bencode_file (Optional[BencodeFile]) – bencode file.

plaso.parsers.bencode_plugins.transmission module

Bencode parser plugin for Transmission BitTorrent files.

class plaso.parsers.bencode_plugins.transmission.TransmissionBencodePlugin[source]

Bases: BencodePlugin

Parse Transmission BitTorrent activity file for current torrents.

Transmission stores an individual Bencoded file for each active download in a folder named resume under the user’s application data folder.

DATA_FORMAT = 'Transmission BitTorrent activity file'

NAME = 'bencode_transmission'

Process(parser_mediator, bencode_file=None, **kwargs)[source]

Extracts events from a Transmission’s resume folder file.

Parameters

parser_mediator (ParserMediator) – mediates interactions between parsers and other components, such as storage and dfVFS.
bencode_file (Optional[BencodeFile]) – bencode file.

class plaso.parsers.bencode_plugins.transmission.TransmissionEventData(*args: Any, **kwargs: Any)[source]

Bases: EventData

Transmission BitTorrent event data.

added_time

date and time the torrent was added to Transmission.

Type: dfdatetime.DateTimeValues

destination

path of the downloaded file.

Type: str

downloaded_time

date and time the content was downloaded.

Type: dfdatetime.DateTimeValues

last_activity_time

date and time of the last download activity.

Type: dfdatetime.DateTimeValues

seedtime

client seed time in number of minutes.

Type: int

DATA_TYPE = 'p2p:bittorrent:transmission'

plaso.parsers.bencode_plugins.utorrent module

Bencode parser plugin for uTorrent active torrent files.

class plaso.parsers.bencode_plugins.utorrent.UTorrentBencodePlugin[source]

Bases: BencodePlugin

Plugin to extract parse uTorrent active torrent files.

uTorrent creates a file, resume.dat, and a backup, resume.dat.old, to for all active torrents. This is typically stored in the user’s application data folder.

These files, at a minimum, contain a ‘.fileguard’ key and a dictionary with a key name for a particular download with a ‘.torrent’ file extension.

DATA_FORMAT = 'uTorrent active torrent file'

NAME = 'bencode_utorrent'

Process(parser_mediator, bencode_file=None, **kwargs)[source]

Extracts events from an uTorrent active torrent file.

Parameters

parser_mediator (ParserMediator) – mediates interactions between parsers and other components, such as storage and dfVFS.
bencode_file (Optional[BencodeFile]) – bencode file.

class plaso.parsers.bencode_plugins.utorrent.UTorrentEventData(*args: Any, **kwargs: Any)[source]

Bases: EventData

uTorrent active torrent event data.

added_time

date and time the torrent was added to Transmission.

Type: dfdatetime.DateTimeValues

caption

official name of package.

Type: str

destination

path of the downloaded file.

Type: str

downloaded_time

date and time the content was downloaded.

Type: dfdatetime.DateTimeValues

modification_times

modification dates and times.

Type: list[dfdatetime.DateTimeValues]

seedtime

client seed time in number of minutes.

Type: int

DATA_TYPE = 'p2p:bittorrent:utorrent'

Module contents

Imports for the bencode parser.