plaso.analyzers.hashers package
Submodules
plaso.analyzers.hashers.entropy module
The entropy calculation implementation.
- class plaso.analyzers.hashers.entropy.EntropyHasher[source]
Bases:
BaseHasher
Calculates the byte entropy of input files.
- ATTRIBUTE_NAME = 'file_entropy'
- DESCRIPTION = 'Calculates the byte entropy of input data.'
- GetStringDigest()[source]
Calculates the byte entropy value.
Byte entropy is a value between 0.0 and 8.0, and is returned as a string to match the Plaso analyzer and storage APIs.
- Returns:
- byte entropy formatted as a floating point number with 6 decimal
places calculated over the data blocks passed to Update().
- Return type:
str
- NAME = 'entropy'
plaso.analyzers.hashers.interface module
The hasher interface.
- class plaso.analyzers.hashers.interface.BaseHasher[source]
Bases:
object
Base class for objects that calculate hashes.
- ATTRIBUTE_NAME = 'hash'
- DESCRIPTION = 'Calculates a digest hash over input data.'
- abstract GetStringDigest()[source]
Retrieves the digest of the hash function expressed as a Unicode string.
- Returns:
- string hash digest calculated over the data blocks passed to
Update(). The string consists of printable Unicode characters.
- Return type:
str
- NAME = 'base_hasher'
plaso.analyzers.hashers.manager module
This file contains a class for managing digest hashers for Plaso.
- class plaso.analyzers.hashers.manager.HashersManager[source]
Bases:
object
Class that implements the hashers manager.
- classmethod DeregisterHasher(hasher_class)[source]
Deregisters a hasher class.
The hasher classes are identified based on their lower case name.
- Parameters:
hasher_class (type) – class object of the hasher.
- Raises:
KeyError – if hasher class is not set for the corresponding name.
- classmethod GetHasher(hasher_name)[source]
Retrieves an instance of a specific hasher.
- Parameters:
hasher_name (str) – the name of the hasher to retrieve.
- Returns:
hasher.
- Return type:
- Raises:
KeyError – if hasher class is not set for the corresponding name.
- classmethod GetHasherClasses(hasher_names=None)[source]
Retrieves the registered hashers.
- Parameters:
hasher_names (list[str]) – names of the hashers to retrieve.
- Yields:
tuple –
containing:
str: parser name type: next hasher class.
- classmethod GetHasherNames()[source]
Retrieves the names of all loaded hashers.
- Returns:
hasher names.
- Return type:
list[str]
- classmethod GetHasherNamesFromString(hasher_names_string)[source]
Retrieves a list of a hasher names from a comma separated string.
Takes a string of comma separated hasher names transforms it to a list of hasher names.
- Parameters:
hasher_names_string (str) – comma separated names of hashers to enable, the string ‘all’ to enable all hashers or ‘none’ to disable all hashers.
- Returns:
- names of valid hashers from the string, or an empty list if no
valid names are found.
- Return type:
list[str]
- classmethod GetHashers(hasher_names)[source]
Retrieves instances for all the specified hashers.
- Parameters:
hasher_names (list[str]) – names of the hashers to retrieve.
- Returns:
hashers.
- Return type:
list[BaseHasher]
plaso.analyzers.hashers.md5 module
The MD5 hasher implementation.
- class plaso.analyzers.hashers.md5.MD5Hasher[source]
Bases:
BaseHasher
This class provides MD5 hashing functionality.
- ATTRIBUTE_NAME = 'md5_hash'
- DESCRIPTION = 'Calculates an MD5 digest hash over input data.'
- GetStringDigest()[source]
Returns the digest of the hash function expressed as a Unicode string.
- Returns:
- string hash digest calculated over the data blocks passed to
Update(). The string consists of printable Unicode characters.
- Return type:
str
- NAME = 'md5'
plaso.analyzers.hashers.sha1 module
The SHA-1 Hasher implementation.
- class plaso.analyzers.hashers.sha1.SHA1Hasher[source]
Bases:
BaseHasher
This class provides SHA-1 hashing functionality.
- ATTRIBUTE_NAME = 'sha1_hash'
- DESCRIPTION = 'Calculates a SHA-1 digest hash over input data.'
- GetStringDigest()[source]
Returns the digest of the hash function expressed as a Unicode string.
- Returns:
- string hash digest calculated over the data blocks passed to
Update(). The string consists of printable Unicode characters.
- Return type:
str
- NAME = 'sha1'
plaso.analyzers.hashers.sha256 module
The SHA-256 Hasher implementation.
- class plaso.analyzers.hashers.sha256.SHA256Hasher[source]
Bases:
BaseHasher
This class provides SHA-256 hashing functionality.
- ATTRIBUTE_NAME = 'sha256_hash'
- DESCRIPTION = 'Calculates a SHA-256 digest hash over input data.'
- GetStringDigest()[source]
Returns the digest of the hash function expressed as a Unicode string.
- Returns:
- string hash digest calculated over the data blocks passed to
Update(). The string consists of printable Unicode characters.
- Return type:
str
- NAME = 'sha256'
Module contents
This file imports Python modules that register hashers.