OLD | NEW |
1 # -*- coding: utf-8 -*- | 1 # -*- coding: utf-8 -*- |
2 """Parser for Windows Prefetch files.""" | 2 """Parser for Windows Prefetch files.""" |
3 | 3 |
4 import pyscca | 4 import pyscca |
5 | 5 |
6 from dfdatetime import filetime as dfdatetime_filetime | 6 from dfdatetime import filetime as dfdatetime_filetime |
7 from dfdatetime import semantic_time as dfdatetime_semantic_time | 7 from dfdatetime import semantic_time as dfdatetime_semantic_time |
8 | 8 |
9 from plaso import dependencies | |
10 from plaso.containers import events | 9 from plaso.containers import events |
11 from plaso.containers import time_events | 10 from plaso.containers import time_events |
12 from plaso.containers import windows_events | 11 from plaso.containers import windows_events |
13 from plaso.lib import eventdata | 12 from plaso.lib import eventdata |
14 from plaso.lib import specification | 13 from plaso.lib import specification |
15 from plaso.parsers import interface | 14 from plaso.parsers import interface |
16 from plaso.parsers import manager | 15 from plaso.parsers import manager |
17 | 16 |
18 | 17 |
19 dependencies.CheckModuleVersion(u'pyscca') | |
20 | |
21 | |
22 class WinPrefetchExecutionEventData(events.EventData): | 18 class WinPrefetchExecutionEventData(events.EventData): |
23 """Windows Prefetch event data. | 19 """Windows Prefetch event data. |
24 | 20 |
25 Attributes: | 21 Attributes: |
26 executable (str): executable filename. | 22 executable (str): executable filename. |
27 format_version (int): format version. | 23 format_version (int): format version. |
28 mapped_files (list[str]): mapped filenames. | 24 mapped_files (list[str]): mapped filenames. |
29 number_of_volumes (int): number of volumes. | 25 number_of_volumes (int): number of volumes. |
30 path (str): path to the executable. | 26 path (str): path to the executable. |
31 prefetch_hash (int): prefetch hash. | 27 prefetch_hash (int): prefetch hash. |
(...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
177 date_time_description = u'Previous {0:s}'.format( | 173 date_time_description = u'Previous {0:s}'.format( |
178 eventdata.EventTimestamp.LAST_RUNTIME) | 174 eventdata.EventTimestamp.LAST_RUNTIME) |
179 event = time_events.DateTimeValuesEvent( | 175 event = time_events.DateTimeValuesEvent( |
180 date_time, date_time_description) | 176 date_time, date_time_description) |
181 parser_mediator.ProduceEventWithEventData(event, event_data) | 177 parser_mediator.ProduceEventWithEventData(event, event_data) |
182 | 178 |
183 scca_file.close() | 179 scca_file.close() |
184 | 180 |
185 | 181 |
186 manager.ParsersManager.RegisterParser(WinPrefetchParser) | 182 manager.ParsersManager.RegisterParser(WinPrefetchParser) |
OLD | NEW |