volatility3.framework.layers.scanners package

class BytesScanner(needle)[source]

Bases: ScannerInterface

property context: ContextInterface | None
property layer_name: str | None
thread_safe = True
version = (0, 0, 0)
class MultiStringScanner(patterns)[source]

Bases: ScannerInterface

property context: ContextInterface | None
property layer_name: str | None
search(haystack)[source]
Return type:

Generator[Tuple[int, bytes], None, None]

thread_safe = True
version = (0, 0, 0)
class RegExScanner(pattern, flags=RegexFlag.DOTALL)[source]

Bases: ScannerInterface

A scanner that can be provided with a bytes-object regular expression pattern The scanner will scan all blocks for the regular expression and report the absolute offset of any finds

The default flags include DOTALL, since the searches are through binary data and the newline character should have no specific significance in such searches

property context: ContextInterface | None
property layer_name: str | None
thread_safe = True
version = (0, 0, 0)

Submodules