plaso.analyzers package
Subpackages
Submodules
plaso.analyzers.hashing_analyzer module
The hashing analyzer implementation.
- class plaso.analyzers.hashing_analyzer.HashingAnalyzer[source]
Bases:
BaseAnalyzer
This class contains code for calculating file hashes of input files.
In Plaso, hashers are classes that map arbitrarily sized file content to a fixed size value. See: https://en.wikipedia.org/wiki/Hash_function
- Analyze(data)[source]
Updates the internal state of the analyzer, processing a block of data.
Repeated calls are equivalent to a single call with the concatenation of all the arguments.
- Parameters:
data (bytes) – block of data from the data stream.
- DESCRIPTION = 'Calculates hashes of file content.'
- GetResults()[source]
Retrieves the hashing results.
- Returns:
results.
- Return type:
list[AnalyzerResult]
- INCREMENTAL_ANALYZER = True
- NAME = 'hashing'
- PROCESSING_STATUS_HINT = 'hashing'
plaso.analyzers.interface module
Definitions to provide a whole-file processing framework.
- class plaso.analyzers.interface.BaseAnalyzer[source]
Bases:
object
Class that provides the interface for whole-file analysis.
- abstract Analyze(data)[source]
Analyzes a block of data, updating the state of the analyzer.
- Parameters:
data (bytes) – block of data to process.
- DESCRIPTION = ''
- abstract GetResults()[source]
Retrieves the results of the analysis.
- Returns:
results.
- Return type:
list[AnalyzerResult]
- INCREMENTAL_ANALYZER = False
- NAME = 'base_analyzer'
- PROCESSING_STATUS_HINT = 'analyzing'
- SIZE_LIMIT = 33554432
plaso.analyzers.logger module
The analyzers sub module logger.
plaso.analyzers.manager module
This file contains a class for managing digest analyzers for Plaso.
- class plaso.analyzers.manager.AnalyzersManager[source]
Bases:
object
Class that implements the analyzers manager.
- classmethod DeregisterAnalyzer(analyzer_class)[source]
Deregisters a analyzer class.
The analyzer classes are identified based on their lower case name.
- Parameters:
analyzer_class (type) – class object of the analyzer.
- Raises:
KeyError – if analyzer class is not set for the corresponding name.
- classmethod GetAnalyzerInstance(analyzer_name)[source]
Retrieves an instance of a specific analyzer.
- Parameters:
analyzer_name (str) – name of the analyzer to retrieve.
- Returns:
analyzer instance.
- Return type:
- Raises:
KeyError – if analyzer class is not set for the corresponding name.
- classmethod GetAnalyzerInstances(analyzer_names)[source]
Retrieves instances for all the specified analyzers.
- Parameters:
analyzer_names (list[str]) – names of the analyzers to retrieve.
- Returns:
analyzer instances.
- Return type:
list[BaseAnalyzer]
- classmethod GetAnalyzerNames()[source]
Retrieves the names of all loaded analyzers.
- Returns:
of analyzer names.
- Return type:
list[str]
- classmethod GetAnalyzers()[source]
Retrieves the registered analyzers.
- Yields:
tuple –
containing:
str: the uniquely identifying name of the analyzer type: the analyzer class.
plaso.analyzers.yara_analyzer module
Analyzer that matches Yara rules.
- class plaso.analyzers.yara_analyzer.YaraAnalyzer[source]
Bases:
BaseAnalyzer
Analyzer that matches Yara rules.
- Analyze(data)[source]
Analyzes a block of data, attempting to match Yara rules to it.
- Parameters:
data (bytes) – a block of data.
- DESCRIPTION = 'Matches Yara rules over input data.'
- GetResults()[source]
Retrieves results of the most recent analysis.
- Returns:
results.
- Return type:
list[AnalyzerResult]
- INCREMENTAL_ANALYZER = False
- NAME = 'yara'
- PROCESSING_STATUS_HINT = 'yara scan'
Module contents
This file imports Python modules that register analyzers.