volatility3.framework.layers.resources module

class JarHandler[source]

Bases: VolatilityHandler

Handles the jar scheme for URIs.

Reference used for the schema syntax: http://docs.netkernel.org/book/view/book:mod:reference/doc:layer1:schemes:jar

Actual reference (found from https://www.w3.org/wiki/UriSchemes/jar) seemed not to return: http://developer.java.sun.com/developer/onlineTraining/protocolhandlers/

add_parent(parent)
close()
static default_open(req)[source]

Handles the request if it’s the jar scheme.

Return type:

Optional[Any]

handler_order = 500
classmethod non_cached_schemes()[source]
Return type:

List[str]

class OfflineHandler[source]

Bases: VolatilityHandler

add_parent(parent)
close()
static default_open(req)[source]
Return type:

Optional[Any]

handler_order = 500
classmethod non_cached_schemes()
Return type:

List[str]

class ResourceAccessor(progress_callback=None, context=None, enable_cache=True)[source]

Bases: object

Object for opening URLs as files (downloading locally first if necessary)

Creates a resource accessor.

Note: context is an SSL context, not a volatility context

list_handlers = True
open(url, mode='rb')[source]

Returns a file-like object for a particular URL opened in mode.

If the file is remote, it will be downloaded and locally cached

Return type:

Any

uses_cache(url)[source]

Determines whether a URLs contents should be cached

Return type:

bool

class VolatilityHandler[source]

Bases: BaseHandler

add_parent(parent)
close()
handler_order = 500
classmethod non_cached_schemes()[source]
Return type:

List[str]

cascadeCloseFile(new_fp, original_fp)[source]

Really horrible solution for ensuring files aren’t left open

Parameters:

  • new_fp (IO[bytes]) – The file pointer constructed based on the original file pointer

  • original_fp (IO[bytes]) – The original file pointer that should be closed when the new file pointer is closed, but isn’t

Return type:

IO[bytes]