volatility3.framework.constants package
Volatility 3 Constants.
Stores all the constant values that are generally fixed throughout volatility This includes default scanning block sizes, etc.
- AUTOMAGIC_CONFIG_PATH = 'automagic'
The root section within the context configuration for automagic values
- BANG = '!'
Constant used to delimit table names from type names when referring to a symbol
- CACHE_PATH = '/home/docs/.cache/volatility3'
Default path to store cached data
- CACHE_SQLITE_SCHEMA_VERSION = 1
Version for the sqlite3 cache schema
- IDENTIFIERS_FILENAME = 'identifier.cache'
Default location to record information about available identifiers
- ISF_EXTENSIONS = ['.json', '.json.xz', '.json.gz', '.json.bz2']
List of accepted extensions for ISF files
- ISF_MINIMUM_DEPRECATED = (3, 9, 9)
The highest version of the ISF that’s deprecated (usually higher than supported)
- ISF_MINIMUM_SUPPORTED = (2, 0, 0)
The minimum supported version of the Intermediate Symbol Format
- LOGLEVEL_DEBUG = 10
-vv
- Type:
Logging level for debugging data, showed when the user requests more logging detail
- LOGLEVEL_INFO = 20
-v
- Type:
Logging level for information data, showed when use the requests any logging
- LOGLEVEL_V = 9
-vvv
- Type:
Logging level for the lowest “extra” level of logging
- LOGLEVEL_VV = 8
-vvvv
- Type:
Logging level for two levels of detail
- LOGLEVEL_VVV = 7
-vvvvv
- Type:
Logging level for three levels of detail
- LOGLEVEL_VVVV = 6
-vvvvvv
- Type:
Logging level for four levels of detail
- OFFLINE = False
Whether to go online to retrieve missing/necessary JSON files
- PACKAGE_VERSION = '2.7.0'
The canonical version of the volatility3 package
- PARALLELISM = Parallelism.Off
Default value to the parallelism setting used throughout volatility
- PLUGINS_PATH = ['/home/docs/checkouts/readthedocs.org/user_builds/volatility3/checkouts/stable/volatility3/plugins', '/home/docs/checkouts/readthedocs.org/user_builds/volatility3/checkouts/stable/volatility3/framework/plugins']
Default list of paths to load plugins from (volatility3/plugins and volatility3/framework/plugins)
- class Parallelism(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)[source]
Bases:
IntEnum
An enumeration listing the different types of parallelism applied to volatility.
- Multiprocessing = 2
- Off = 0
- Threading = 1
- as_integer_ratio()
Return integer ratio.
Return a pair of integers, whose ratio is exactly equal to the original int and with a positive denominator.
>>> (10).as_integer_ratio() (10, 1) >>> (-10).as_integer_ratio() (-10, 1) >>> (0).as_integer_ratio() (0, 1)
- bit_count()
Number of ones in the binary representation of the absolute value of self.
Also known as the population count.
>>> bin(13) '0b1101' >>> (13).bit_count() 3
- bit_length()
Number of bits necessary to represent self in binary.
>>> bin(37) '0b100101' >>> (37).bit_length() 6
- conjugate()
Returns self, the complex conjugate of any int.
- denominator
the denominator of a rational number in lowest terms
- from_bytes(byteorder='big', *, signed=False)
Return the integer represented by the given array of bytes.
- bytes
Holds the array of bytes to convert. The argument must either support the buffer protocol or be an iterable object producing bytes. Bytes and bytearray are examples of built-in objects that support the buffer protocol.
- byteorder
The byte order used to represent the integer. If byteorder is ‘big’, the most significant byte is at the beginning of the byte array. If byteorder is ‘little’, the most significant byte is at the end of the byte array. To request the native byte order of the host system, use `sys.byteorder’ as the byte order value. Default is to use ‘big’.
- signed
Indicates whether two’s complement is used to represent the integer.
- imag
the imaginary part of a complex number
- numerator
the numerator of a rational number in lowest terms
- real
the real part of a complex number
- to_bytes(length=1, byteorder='big', *, signed=False)
Return an array of bytes representing an integer.
- length
Length of bytes object to use. An OverflowError is raised if the integer is not representable with the given number of bytes. Default is length 1.
- byteorder
The byte order used to represent the integer. If byteorder is ‘big’, the most significant byte is at the beginning of the byte array. If byteorder is ‘little’, the most significant byte is at the end of the byte array. To request the native byte order of the host system, use `sys.byteorder’ as the byte order value. Default is to use ‘big’.
- signed
Determines whether two’s complement is used to represent the integer. If signed is False and a negative integer is given, an OverflowError is raised.
- ProgressCallback
Type information for ProgressCallback objects
- REMOTE_ISF_URL = None
Remote URL to query for a list of ISF addresses
- SQLITE_CACHE_PERIOD = '-3 days'
SQLite time modifier for how long each item is valid in the cache for
- SYMBOL_BASEPATHS = ['/home/docs/checkouts/readthedocs.org/user_builds/volatility3/checkouts/stable/volatility3/symbols', '/home/docs/checkouts/readthedocs.org/user_builds/volatility3/checkouts/stable/volatility3/framework/symbols']
Default list of paths to load symbols from (volatility3/symbols and volatility3/framework/symbols)
Subpackages
- volatility3.framework.constants.linux package
ELF_CLASS
ELF_IDENT
ELF_IDENT.EI_CLASS
ELF_IDENT.EI_DATA
ELF_IDENT.EI_MAG0
ELF_IDENT.EI_MAG1
ELF_IDENT.EI_MAG2
ELF_IDENT.EI_MAG3
ELF_IDENT.EI_OSABI
ELF_IDENT.EI_PAD
ELF_IDENT.EI_VERSION
ELF_IDENT.as_integer_ratio()
ELF_IDENT.bit_count()
ELF_IDENT.bit_length()
ELF_IDENT.conjugate()
ELF_IDENT.denominator
ELF_IDENT.from_bytes()
ELF_IDENT.imag
ELF_IDENT.numerator
ELF_IDENT.real
ELF_IDENT.to_bytes()
KERNEL_NAME
- volatility3.framework.constants.windows package