How to use the plaso.engine.knowledge_base.KnowledgeBase function in plaso
To help you get started, we’ve selected a few plaso examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
log2timeline / plaso / tests / engine / knowledge_base.py View on Github 
def testSetCodepage(self):
"""Tests the SetCodepage function."""
knowledge_base_object = knowledge_base.KnowledgeBase()
knowledge_base_object.SetCodepage('cp1252')
with self.assertRaises(ValueError):
knowledge_base_object.SetCodepage('bogus')def _ConfigureStorageMediaFileTest(self):
"""Configure a test against a storage media file.
Returns:
A front-end object (instance of PregFrontend).
"""
front_end = preg.PregFrontend()
front_end.SetSingleFile(False)
knowledge_base_object = knowledge_base.KnowledgeBase()
front_end.SetKnowledgeBase(knowledge_base_object)
storage_media_path = self._GetTestFilePath([u'registry_test.dd'])
test_source_scanner = source_scanner.SourceScanner()
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(storage_media_path)
test_source_scanner.Scan(scan_context)
# Getting the most upper node.
scan_node = scan_context.GetRootScanNode()
while scan_node.sub_nodes:
scan_node = scan_node.sub_nodes[0]
front_end.SetSourcePath(storage_media_path)
front_end.SetSourcePathSpecs([scan_node.path_spec])def _SetUpKnowledgeBase(self, knowledge_base_values=None):
"""Sets up a knowledge base.
Args:
knowledge_base_values (Optional[dict[str, str]]): knowledge base values.
Returns:
KnowledgeBase: knowledge base.
"""
knowledge_base_object = knowledge_base.KnowledgeBase()
if knowledge_base_values:
for identifier, value in iter(knowledge_base_values.items()):
if identifier == 'users':
self._SetUserAccounts(knowledge_base_object, value)
else:
knowledge_base_object.SetValue(identifier, value)
return knowledge_base_objectdef _CreateKnowledgeBase(self, knowledge_base_values=None, timezone='UTC'):
"""Creates a knowledge base.
Args:
knowledge_base_values (Optional[dict]): knowledge base values.
timezone (str): timezone.
Returns:
KnowledgeBase: knowledge base.
"""
knowledge_base_object = knowledge_base.KnowledgeBase()
if knowledge_base_values:
for identifier, value in iter(knowledge_base_values.items()):
knowledge_base_object.SetValue(identifier, value)
knowledge_base_object.SetTimeZone(timezone)
return knowledge_base_objectknowledge_base_values: optional dict containing the knowledge base
values.
Returns:
A front-end object (instance of PregFrontend).
"""
front_end = preg.PregFrontend()
front_end.SetSingleFile(True)
registry_file_path = self._GetTestFilePath([u'SYSTEM'])
path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location=registry_file_path)
front_end.SetSourcePath(registry_file_path)
front_end.SetSourcePathSpecs([path_spec])
knowledge_base_object = knowledge_base.KnowledgeBase()
if knowledge_base_values:
for identifier, value in iter(knowledge_base_values.items()):
knowledge_base_object.SetValue(identifier, value)
front_end.SetKnowledgeBase(knowledge_base_object)
return front_end
def testInternalExportEvents(self):
"""Tests the _ExportEvents function."""
knowledge_base_object = knowledge_base.KnowledgeBase()
output_writer = cli_test_lib.TestBinaryOutputWriter()
formatter_mediator = formatters_mediator.FormatterMediator()
output_mediator_object = output_mediator.OutputMediator(
knowledge_base_object, formatter_mediator)
output_module = TestOutputModule(output_mediator_object)
output_module.SetOutputWriter(output_writer)
test_engine = psort.PsortMultiProcessEngine()
formatters_manager.FormattersManager.RegisterFormatter(TestEventFormatter)
with shared_test_lib.TempDirectory() as temp_directory:
temp_file = os.path.join(temp_directory, 'storage.plaso')Return:
KnowledgeBase: knowledge base filled with preprocessing information.
"""
artifact_definition = self._artifacts_registry.GetDefinitionByName(
plugin.ARTIFACT_DEFINITION_NAME)
self.assertIsNotNone(artifact_definition)
environment_variable = artifacts.EnvironmentVariableArtifact(
case_sensitive=False, name='SystemRoot', value='C:\\Windows')
registry_file_reader = manager.FileSystemWinRegistryFileReader(
file_system, mount_point, environment_variables=[environment_variable])
win_registry = dfwinreg_registry.WinRegistry(
registry_file_reader=registry_file_reader)
knowledge_base_object = knowledge_base.KnowledgeBase()
searcher = registry_searcher.WinRegistrySearcher(win_registry)
plugin.Collect(knowledge_base_object, artifact_definition, searcher)
return knowledge_base_object
def testSetHostname(self):
"""Tests the SetHostname function."""
knowledge_base_object = knowledge_base.KnowledgeBase()
hostname_artifact = artifacts.HostnameArtifact(name='myhost.mydomain')
knowledge_base_object.SetHostname(hostname_artifact)def _PrintPreprocessingInformation(
self, storage_reader, session_identifier=None):
"""Prints the details of the preprocessing information.
Args:
storage_reader (StorageReader): storage reader.
session_identifier (Optional[str]): session identifier, formatted as
a UUID.
"""
knowledge_base_object = knowledge_base.KnowledgeBase()
storage_reader.ReadPreprocessingInformation(knowledge_base_object)
lookup_identifier = session_identifier
if lookup_identifier:
# The knowledge base requires the session identifier to be formatted in
# hexadecimal representation.
lookup_identifier = lookup_identifier.replace('-', '')
system_configuration = knowledge_base_object.GetSystemConfigurationArtifact(
session_identifier=lookup_identifier)
if not system_configuration:
return
title = 'System configuration'
if session_identifier:def __init__(self, input_reader=None, output_writer=None):
"""Initializes the CLI tool object.
Args:
input_reader: optional input reader (instance of InputReader).
The default is None which indicates the use of the stdin
input reader.
output_writer: optional output writer (instance of OutputWriter).
The default is None which indicates the use of the stdout
output writer.
"""
super(PregTool, self).__init__(
input_reader=input_reader, output_writer=output_writer)
self._front_end = preg.PregFrontend()
self._key_path = None
self._knowledge_base_object = knowledge_base.KnowledgeBase()
self._quiet = False
self._parse_restore_points = False
self._path_resolvers = []
self._verbose_output = False
self._windows_directory = u''
self.plugin_names = []
self.registry_file = u''
self.run_mode = None
self.source_type = Noneplaso
Plaso (log2timeline) - Super timeline all the things
Package Health Score
78 / 100Popular plaso functions
- plaso.containers.events
- plaso.containers.events.EventData
- plaso.containers.sessions.Session
- plaso.containers.time_events
- plaso.containers.time_events.DateTimeValuesEvent
- plaso.engine.knowledge_base.KnowledgeBase
- plaso.formatters.interface
- plaso.formatters.interface.ConditionalEventFormatter
- plaso.formatters.manager
- plaso.formatters.manager.FormattersManager
- plaso.formatters.manager.FormattersManager.RegisterFormatter
- plaso.lib.definitions
- plaso.lib.errors
- plaso.lib.errors.BadConfigObject
- plaso.lib.errors.BadConfigOption
- plaso.lib.errors.ParseError
- plaso.lib.errors.UnableToParseFile
- plaso.lib.py2to3
- plaso.lib.timelib.Timestamp.CopyFromString
- plaso.parsers.manager.ParsersManager.RegisterParser