plaso.storage.sqlite package

Submodules

plaso.storage.sqlite.reader module

SQLite-based storage file reader.

class plaso.storage.sqlite.reader.SQLiteStorageFileReader(path)[source]

Bases: StorageReader

SQLite-based storage file reader.

plaso.storage.sqlite.sqlite_file module

SQLite-based storage file.

class plaso.storage.sqlite.sqlite_file.SQLiteStorageFile(*args: Any, **kwargs: Any)[source]

Bases: SQLiteAttributeContainerStore

SQLite-based storage file.

compression_format

compression format.

Type

str

GetAttributeContainerByIndex(container_type, index)[source]

Retrieves a specific attribute container.

Parameters

  • container_type (str) – attribute container type.

  • index (int) – attribute container index.

Returns

attribute container or None if not available.

Return type

AttributeContainer

Raises

  • IOError – when the store is closed or when there is an error querying the storage file.

  • OSError – when the store is closed or when there is an error querying the storage file.

GetAttributeContainers(container_type, filter_expression=None)[source]

Retrieves a specific type of stored attribute containers.

Parameters

  • container_type (str) – attribute container type.

  • filter_expression (Optional[str]) – expression to filter the resulting attribute containers by.

Returns

attribute container generator.

Return type

generator(AttributeContainer)

Raises

  • IOError – when there is an error querying the storage file.

  • OSError – when there is an error querying the storage file.

GetSortedEvents(time_range=None)[source]

Retrieves the events in increasing chronological order.

Parameters

time_range (Optional[TimeRange]) – time range used to filter events that fall in a specific period.

Returns

event generator.

Return type

generator(EventObject)

SetSerializersProfiler(serializers_profiler)[source]

Sets the serializers profiler.

Parameters

serializers_profiler (SerializersProfiler) – serializers profiler.

plaso.storage.sqlite.writer module

Storage writer for SQLite storage files.

class plaso.storage.sqlite.writer.SQLiteStorageFileWriter(storage_type='session')[source]

Bases: StorageWriter

SQLite-based storage file writer.

GetFirstWrittenEventData()[source]

Retrieves the first event data that was written after open.

Using GetFirstWrittenEventData and GetNextWrittenEventData newly added event data can be retrieved in order of addition.

Returns

event data or None if there are no newly written ones.

Return type

EventData

Raises

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

GetFirstWrittenEventSource()[source]

Retrieves the first event source that was written after open.

Using GetFirstWrittenEventSource and GetNextWrittenEventSource newly added event sources can be retrieved in order of addition.

Returns

event source or None if there are no newly written ones.

Return type

EventSource

Raises

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

GetNextWrittenEventData()[source]

Retrieves the next event data that was written after open.

Returns

event data or None if there are no newly written ones.

Return type

EventData

Raises

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

GetNextWrittenEventSource()[source]

Retrieves the next event source that was written after open.

Returns

event source or None if there are no newly written ones.

Return type

EventSource

Raises

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

Open(path=None, **unused_kwargs)[source]

Opens the storage writer.

Parameters

path (Optional[str]) – path to the output file.

Raises

  • IOError – if the storage writer is already opened.

  • OSError – if the storage writer is already opened.

Module contents