plaso.analyzers.hashers package

Submodules

plaso.analyzers.hashers.entropy module

The entropy calculation implementation.

class plaso.analyzers.hashers.entropy.EntropyHasher[source]

Bases: BaseHasher

Calculates the byte entropy of input files.

ATTRIBUTE_NAME = 'file_entropy'
DESCRIPTION = 'Calculates the byte entropy of input data.'
GetStringDigest()[source]

Calculates the byte entropy value.

Byte entropy is a value between 0.0 and 8.0, and is returned as a string to match the Plaso analyzer and storage APIs.

Returns:

byte entropy formatted as a floating point number with 6 decimal

places calculated over the data blocks passed to Update().

Return type:

str

NAME = 'entropy'
Update(data)[source]

Updates the state of the entropy calculator with a new block of data.

Repeated calls to update are equivalent to one single call with the concatenation of the arguments.

Parameters:

data (bytes) – block of data with which to update the context of the entropy calculator.

__init__()[source]

Initializes the entropy hasher.

plaso.analyzers.hashers.interface module

The hasher interface.

class plaso.analyzers.hashers.interface.BaseHasher[source]

Bases: object

Base class for objects that calculate hashes.

ATTRIBUTE_NAME = 'hash'
DESCRIPTION = 'Calculates a digest hash over input data.'
abstract GetStringDigest()[source]

Retrieves the digest of the hash function expressed as a Unicode string.

Returns:

string hash digest calculated over the data blocks passed to

Update(). The string consists of printable Unicode characters.

Return type:

str

NAME = 'base_hasher'
abstract Update(data)[source]

Updates the current state of the hasher with a new block of data.

Repeated calls to update are equivalent to one single call with the concatenation of the arguments.

Parameters:

data (bytes) – data with which to update the context of the hasher.

plaso.analyzers.hashers.manager module

This file contains a class for managing digest hashers for Plaso.

class plaso.analyzers.hashers.manager.HashersManager[source]

Bases: object

Class that implements the hashers manager.

classmethod DeregisterHasher(hasher_class)[source]

Deregisters a hasher class.

The hasher classes are identified based on their lower case name.

Parameters:

hasher_class (type) – class object of the hasher.

Raises:

KeyError – if hasher class is not set for the corresponding name.

classmethod GetHasher(hasher_name)[source]

Retrieves an instance of a specific hasher.

Parameters:

hasher_name (str) – the name of the hasher to retrieve.

Returns:

hasher.

Return type:

BaseHasher

Raises:

KeyError – if hasher class is not set for the corresponding name.

classmethod GetHasherClasses(hasher_names=None)[source]

Retrieves the registered hashers.

Parameters:

hasher_names (list[str]) – names of the hashers to retrieve.

Yields:

tuple

containing:

str: parser name type: next hasher class.

classmethod GetHasherNames()[source]

Retrieves the names of all loaded hashers.

Returns:

hasher names.

Return type:

list[str]

classmethod GetHasherNamesFromString(hasher_names_string)[source]

Retrieves a list of a hasher names from a comma separated string.

Takes a string of comma separated hasher names transforms it to a list of hasher names.

Parameters:

hasher_names_string (str) – comma separated names of hashers to enable, the string ‘all’ to enable all hashers or ‘none’ to disable all hashers.

Returns:

names of valid hashers from the string, or an empty list if no

valid names are found.

Return type:

list[str]

classmethod GetHashers(hasher_names)[source]

Retrieves instances for all the specified hashers.

Parameters:

hasher_names (list[str]) – names of the hashers to retrieve.

Returns:

hashers.

Return type:

list[BaseHasher]

classmethod GetHashersInformation()[source]

Retrieves the hashers information.

Returns:

containing:

str: hasher name. str: hasher description.

Return type:

list[tuple]

classmethod RegisterHasher(hasher_class)[source]

Registers a hasher class.

The hasher classes are identified based on their lower case name.

Parameters:

hasher_class (type) – class object of the hasher.

Raises:

KeyError – if hasher class is already set for the corresponding name.

plaso.analyzers.hashers.md5 module

The MD5 hasher implementation.

class plaso.analyzers.hashers.md5.MD5Hasher[source]

Bases: BaseHasher

This class provides MD5 hashing functionality.

ATTRIBUTE_NAME = 'md5_hash'
DESCRIPTION = 'Calculates an MD5 digest hash over input data.'
GetStringDigest()[source]

Returns the digest of the hash function expressed as a Unicode string.

Returns:

string hash digest calculated over the data blocks passed to

Update(). The string consists of printable Unicode characters.

Return type:

str

NAME = 'md5'
Update(data)[source]

Updates the current state of the hasher with a new block of data.

Repeated calls to update are equivalent to one single call with the concatenation of the arguments.

Parameters:

data (bytes) – block of data with which to update the context of the hasher.

__init__()[source]

Initializes the MD5 hasher.

plaso.analyzers.hashers.sha1 module

The SHA-1 Hasher implementation.

class plaso.analyzers.hashers.sha1.SHA1Hasher[source]

Bases: BaseHasher

This class provides SHA-1 hashing functionality.

ATTRIBUTE_NAME = 'sha1_hash'
DESCRIPTION = 'Calculates a SHA-1 digest hash over input data.'
GetStringDigest()[source]

Returns the digest of the hash function expressed as a Unicode string.

Returns:

string hash digest calculated over the data blocks passed to

Update(). The string consists of printable Unicode characters.

Return type:

str

NAME = 'sha1'
Update(data)[source]

Updates the current state of the hasher with a new block of data.

Repeated calls to update are equivalent to one single call with the concatenation of the arguments.

Parameters:

data (bytes) – block of data with which to update the context of the hasher.

__init__()[source]

Initializes the SHA-1 hasher.

plaso.analyzers.hashers.sha256 module

The SHA-256 Hasher implementation.

class plaso.analyzers.hashers.sha256.SHA256Hasher[source]

Bases: BaseHasher

This class provides SHA-256 hashing functionality.

ATTRIBUTE_NAME = 'sha256_hash'
DESCRIPTION = 'Calculates a SHA-256 digest hash over input data.'
GetStringDigest()[source]

Returns the digest of the hash function expressed as a Unicode string.

Returns:

string hash digest calculated over the data blocks passed to

Update(). The string consists of printable Unicode characters.

Return type:

str

NAME = 'sha256'
Update(data)[source]

Updates the current state of the hasher with a new block of data.

Repeated calls to update are equivalent to one single call with the concatenation of the arguments.

Parameters:

data (bytes) – block of data with which to update the context of the hasher.

__init__()[source]

Initializes the SHA-256 hasher.

Module contents

This file imports Python modules that register hashers.