plaso.storage.fake package

Submodules

plaso.storage.fake.writer module

Fake storage writer for testing.

class plaso.storage.fake.writer.FakeStorageWriter(session, storage_type=u'session', task=None)[source]

Bases: plaso.storage.interface.StorageWriter

Fake storage writer object.

analysis_reports

list[AnalysisReport] – analysis reports.

session_completion

SessionCompletion – session completion attribute container.

session_start

SessionStart – session start attribute container.

task_completion

TaskCompletion – task completion attribute container.

task_start

TaskStart – task start attribute container.

AddAnalysisReport(analysis_report)[source]

Adds an analysis report.

Parameters:

analysis_report (AnalysisReport) – analysis report.
Raises:
  • IOError – when the storage writer is closed.
  • OSError – when the storage writer is closed.
AddError(error)[source]

Adds an error.

Parameters:

error (ExtractionError) – error.
Raises:
  • IOError – when the storage writer is closed.
  • OSError – when the storage writer is closed.
AddEvent(event)[source]

Adds an event.

Parameters:

event (EventObject) – event.
Raises:
  • IOError – when the storage writer is closed or if the event data identifier type is not supported.
  • OSError – when the storage writer is closed or if the event data identifier type is not supported.
AddEventData(event_data)[source]

Adds event data.

Parameters:

event_data (EventData) – event data.
Raises:
  • IOError – when the storage writer is closed.
  • OSError – when the storage writer is closed.
AddEventSource(event_source)[source]

Adds an event source.

Parameters:

event_source (EventSource) – event source.
Raises:
  • IOError – when the storage writer is closed.
  • OSError – when the storage writer is closed.
AddEventTag(event_tag)[source]

Adds an event tag.

Parameters:

event_tag (EventTag) – event tag.
Raises:
  • IOError – when the storage writer is closed.
  • OSError – when the storage writer is closed.
Close()[source]

Closes the storage writer.

Raises:
  • IOError – when the storage writer is closed.
  • OSError – when the storage writer is closed.
CreateTaskStorage(task)[source]

Creates a task storage.

Parameters:

task (Task) – task.
Returns:

storage writer.
Return type:

FakeStorageWriter
Raises:
  • IOError – if the task storage already exists.
  • OSError – if the task storage already exists.
FinalizeTaskStorage(task)[source]

Finalizes a processed task storage.

Parameters:

task (Task) – task.
Raises:
  • IOError – if the task storage does not exist.
  • OSError – if the task storage does not exist.
GetErrors()[source]

Retrieves the errors.

Returns:error generator.
Return type:generator(ExtractionError)
GetEventData()[source]

Retrieves the event data.

Returns:event data generator.
Return type:generator(EventData)
GetEventDataByIdentifier(identifier)[source]

Retrieves specific event data.

Parameters:identifier (AttributeContainerIdentifier) – event data identifier.
Returns:event data or None if not available.
Return type:EventData
GetEventSources()[source]

Retrieves the event sources.

Returns:event source generator.
Return type:generator(EventSource)
GetEventTags()[source]

Retrieves the event tags.

Returns:event tag generator.
Return type:generator(EventTags)
GetEvents()[source]

Retrieves the events.

Yields:EventObject – event.
GetFirstWrittenEventSource()[source]

Retrieves the first event source that was written after open.

Using GetFirstWrittenEventSource and GetNextWrittenEventSource newly added event sources can be retrieved in order of addition.

Returns:

event source or None if there are no newly written ones.
Return type:

EventSource
Raises:
  • IOError – when the storage writer is closed.
  • OSError – when the storage writer is closed.
GetNextWrittenEventSource()[source]

Retrieves the next event source that was written after open.

Returns:

event source or None if there are no newly written ones.
Return type:

EventSource
Raises:
  • IOError – when the storage writer is closed.
  • OSError – when the storage writer is closed.
GetSortedEvents(time_range=None)[source]

Retrieves the events in increasing chronological order.

Parameters:

time_range (Optional[TimeRange]) – time range used to filter events that fall in a specific period.
Returns:

event generator.
Return type:

generator(EventObject)
Raises:
  • IOError – when the storage writer is closed.
  • OSError – when the storage writer is closed.
Open()[source]

Opens the storage writer.

Raises:
  • IOError – if the storage writer is already opened.
  • OSError – if the storage writer is already opened.
PrepareMergeTaskStorage(task)[source]

Prepares a task storage for merging.

Parameters:

task (Task) – task.
Raises:
  • IOError – if the task storage does not exist.
  • OSError – if the task storage does not exist.
ReadPreprocessingInformation(knowledge_base)[source]

Reads preprocessing information.

The preprocessing information contains the system configuration which contains information about various system specific configuration data, for example the user accounts.

Parameters:

knowledge_base (KnowledgeBase) – is used to store the preprocessing information.
Raises:
  • IOError – if the storage type does not support writing preprocessing information or when the storage writer is closed.
  • OSError – if the storage type does not support writing preprocessing information or when the storage writer is closed.
RemoveProcessedTaskStorage(task)[source]

Removes a processed task storage.

Parameters:

task (Task) – task.
Raises:
  • IOError – if the task storage does not exist.
  • OSError – if the task storage does not exist.
SetSerializersProfiler(serializers_profiler)[source]

Sets the serializers profiler.

Parameters:serializers_profiler (SerializersProfiler) – serializers profiler.
SetStorageProfiler(storage_profiler)[source]

Sets the storage profiler.

Parameters:storage_profiler (StorageProfiler) – storage profiler.
WritePreprocessingInformation(knowledge_base)[source]

Writes preprocessing information.

Parameters:

knowledge_base (KnowledgeBase) – used to store the preprocessing information.
Raises:
  • IOError – if the storage type does not support writing preprocessing information or when the storage writer is closed.
  • OSError – if the storage type does not support writing preprocessing information or when the storage writer is closed.
WriteSessionCompletion(aborted=False)[source]

Writes session completion information.

Parameters:

aborted (Optional[bool]) – True if the session was aborted.
Raises:
  • IOError – if the storage type does not support writing a session completion or when the storage writer is closed.
  • OSError – if the storage type does not support writing a session completion or when the storage writer is closed.
WriteSessionStart()[source]

Writes session start information.

Raises:
  • IOError – if the storage type does not support writing a session start or when the storage writer is closed.
  • OSError – if the storage type does not support writing a session start or when the storage writer is closed.
WriteTaskCompletion(aborted=False)[source]

Writes task completion information.

Parameters:

aborted (Optional[bool]) – True if the session was aborted.
Raises:
  • IOError – if the storage type does not support writing a task completion or when the storage writer is closed.
  • OSError – if the storage type does not support writing a task completion or when the storage writer is closed.
WriteTaskStart()[source]

Writes task start information.

Raises:
  • IOError – if the storage type does not support writing a task start or when the storage writer is closed.
  • OSError – if the storage type does not support writing a task start or when the storage writer is closed.

Module contents