plaso.storage.sqlite package
Submodules
plaso.storage.sqlite.reader module
SQLite-based storage reader.
- class plaso.storage.sqlite.reader.SQLiteStorageReader(path)[source]
Bases:
StorageReader
SQLite-based storage reader.
plaso.storage.sqlite.sqlite_file module
SQLite-based storage file.
- class plaso.storage.sqlite.sqlite_file.SQLiteStorageFile(*args: Any, **kwargs: Any)[source]
Bases:
SQLiteAttributeContainerStore
SQLite-based storage file.
- compression_format
compression format.
- Type:
str
- GetAttributeContainerByIndex(container_type, index)[source]
Retrieves a specific attribute container.
- Parameters:
container_type (str) – attribute container type.
index (int) – attribute container index.
- Returns:
attribute container or None if not available.
- Return type:
AttributeContainer
- Raises:
IOError – when the store is closed or when there is an error querying the storage file.
OSError – when the store is closed or when there is an error querying the storage file.
- GetAttributeContainers(container_type, filter_expression=None)[source]
Retrieves a specific type of stored attribute containers.
- Parameters:
container_type (str) – attribute container type.
filter_expression (Optional[str]) – expression to filter the resulting attribute containers by.
- Yields:
AttributeContainer – attribute container.
- Raises:
IOError – when there is an error querying the storage file.
OSError – when there is an error querying the storage file.
- GetSortedEvents(time_range=None)[source]
Retrieves the events in increasing chronological order.
- Parameters:
time_range (Optional[TimeRange]) – time range used to filter events that fall in a specific period.
- Returns:
event generator.
- Return type:
generator(EventObject)
- SetSerializersProfiler(serializers_profiler)[source]
Sets the serializers profiler.
- Parameters:
serializers_profiler (SerializersProfiler) – serializers profiler.
plaso.storage.sqlite.writer module
SQLite-based storage writer.
- class plaso.storage.sqlite.writer.SQLiteStorageWriter(storage_type='session')[source]
Bases:
StorageWriter
SQLite-based storage writer.
- GetFirstWrittenEventData()[source]
Retrieves the first event data that was written after open.
Using GetFirstWrittenEventData and GetNextWrittenEventData newly added event data can be retrieved in order of addition.
- Returns:
event data or None if there are no newly written ones.
- Return type:
- Raises:
IOError – when the storage writer is closed.
OSError – when the storage writer is closed.
- GetFirstWrittenEventSource()[source]
Retrieves the first event source that was written after open.
Using GetFirstWrittenEventSource and GetNextWrittenEventSource newly added event sources can be retrieved in order of addition.
- Returns:
event source or None if there are no newly written ones.
- Return type:
- Raises:
IOError – when the storage writer is closed.
OSError – when the storage writer is closed.
- GetNextWrittenEventData()[source]
Retrieves the next event data that was written after open.
- Returns:
event data or None if there are no newly written ones.
- Return type:
- Raises:
IOError – when the storage writer is closed.
OSError – when the storage writer is closed.
- GetNextWrittenEventSource()[source]
Retrieves the next event source that was written after open.
- Returns:
event source or None if there are no newly written ones.
- Return type:
- Raises:
IOError – when the storage writer is closed.
OSError – when the storage writer is closed.