volatility3.plugins.timeliner module¶

class TimeLinerInterface[source]¶

Bases: object

Interface defining methods that timeliner will use to generate a body file.

abstract generate_timeline()[source]¶

Method generates Tuples of (description, timestamp_type, timestamp)

These need not be generated in any particular order, sorting will be done later

Return type: Generator[Tuple[str, TimeLinerType, datetime], None, None]

class TimeLinerType(value)[source]¶

Bases: enum.IntEnum

An enumeration.

ACCESSED = 3¶

CHANGED = 4¶

CREATED = 1¶

MODIFIED = 2¶

class Timeliner(*args, **kwargs)[source]¶

Bases: volatility3.framework.interfaces.plugins.PluginInterface

Runs all relevant plugins that provide time related information and orders the results by time.

Parameters

context – The context that the plugin will operate within
config_path – The path to configuration data within the context configuration data
progress_callback – A callable that can provide feedback at progress points

build_configuration()[source]¶: Builds the configuration to save for the plugin such that it can be reconstructed.

property config: volatility3.framework.interfaces.configuration.HierarchicalDict¶

The Hierarchical configuration Dictionary for this Configurable object.

Return type: HierarchicalDict

property config_path: str¶

The configuration path on which this configurable lives.

Return type: str

property context: volatility3.framework.interfaces.context.ContextInterface¶

The context object that this configurable belongs to/configuration is stored in.

Return type: ContextInterface

classmethod get_requirements()[source]¶

Returns a list of Requirement objects for this plugin.

Return type: List[RequirementInterface]

classmethod get_usable_plugins(selected_list=None)[source]¶

Return type: List[Type]

classmethod make_subconfig(context, base_config_path, **kwargs)¶

Convenience function to allow constructing a new randomly generated sub-configuration path, containing each element from kwargs.

Parameters

context (ContextInterface) – The context in which to store the new configuration
base_config_path (str) – The base configuration path on which to build the new configuration
kwargs – Keyword arguments that are used to populate the new configuration path

Returns

The newly generated full configuration path

Return type

str

property open¶: Returns a context manager and thus can be called like open

run()[source]¶: Isolate each plugin and run it.

set_open_method(handler)¶

Sets the file handler to be used by this plugin.

Return type: None

classmethod unsatisfied(context, config_path)¶

Returns a list of the names of all unsatisfied requirements.

Since a satisfied set of requirements will return [], it can be used in tests as follows:

unmet = configurable.unsatisfied(context, config_path)
if unmet:
    raise RuntimeError("Unsatisfied requirements: {}".format(unmet)

Return type: Dict[str, RequirementInterface]

version = (0, 0, 0)¶