volatility3.framework.layers.scanners package

class BytesScanner(needle)[source]

Bases: ScannerInterface

property context: Optional[ContextInterface]
property layer_name: Optional[str]
thread_safe = True
version = (0, 0, 0)
class MultiStringScanner(patterns)[source]

Bases: ScannerInterface

property context: Optional[ContextInterface]
property layer_name: Optional[str]
search(haystack)[source]
Return type

Generator[Tuple[int, bytes], None, None]

thread_safe = True
version = (0, 0, 0)
class RegExScanner(pattern, flags=RegexFlag.DOTALL)[source]

Bases: ScannerInterface

A scanner that can be provided with a bytes-object regular expression pattern The scanner will scan all blocks for the regular expression and report the absolute offset of any finds

The default flags include DOTALL, since the searches are through binary data and the newline character should have no specific significance in such searches

property context: Optional[ContextInterface]
property layer_name: Optional[str]
thread_safe = True
version = (0, 0, 0)

Submodules