From af40c730e1238d54869d3f444fb27345733aed6e Mon Sep 17 00:00:00 2001 From: Daniel White Date: Tue, 5 May 2015 16:17:06 +0200 Subject: [PATCH] Code review: 229490043: Take 2: Initial commit of code to enable automatic API documentation generation. --- .gitignore | 1 + config/dpkg/changelog | 2 +- {doc => data}/README | 0 {doc => data}/plaso_kibana_example.json | 0 {doc => data}/tag_macosx.txt | 0 {doc => data}/tag_windows.txt | 0 docs/Makefile | 176 +++ docs/conf.py | 332 ++++++ docs/index.rst | 24 + docs/make.bat | 242 ++++ docs/modules.rst | 7 + docs/plaso.analysis.rst | 126 ++ docs/plaso.cli.rst | 86 ++ docs/plaso.engine.rst | 126 ++ docs/plaso.events.rst | 54 + docs/plaso.filters.rst | 70 ++ docs/plaso.formatters.rst | 1238 ++++++++++++++++++++ docs/plaso.frontend.rst | 182 +++ docs/plaso.hashers.rst | 94 ++ docs/plaso.lib.rst | 214 ++++ docs/plaso.multi_processing.rst | 78 ++ docs/plaso.output.rst | 198 ++++ docs/plaso.parsers.bencode_plugins.rst | 46 + docs/plaso.parsers.cookie_plugins.rst | 46 + docs/plaso.parsers.esedb_plugins.rst | 62 + docs/plaso.parsers.olecf_plugins.rst | 78 ++ docs/plaso.parsers.plist_plugins.rst | 230 ++++ docs/plaso.parsers.rst | 860 ++++++++++++++ docs/plaso.parsers.shared.rst | 22 + docs/plaso.parsers.sqlite_plugins.rst | 254 ++++ docs/plaso.parsers.winreg_plugins.rst | 414 +++++++ docs/plaso.preprocessors.rst | 94 ++ docs/plaso.proto.rst | 22 + docs/plaso.rst | 47 + docs/plaso.serializer.rst | 54 + docs/plaso.storage.rst | 38 + docs/plaso.unix.rst | 22 + docs/plaso.winnt.rst | 54 + docs/plaso.winreg.rst | 94 ++ docs/requirements.txt | 9 + plaso/__init__.py | 2 +- plaso/analysis/file_hashes.py | 4 +- plaso/engine/worker.py | 9 +- plaso/lib/event.py | 34 +- plaso/lib/objectfilter.py | 61 +- plaso/lib/pfilter.py | 15 +- plaso/lib/storage.py | 14 +- plaso/parsers/bsm.py | 2 +- plaso/parsers/custom_destinations.py | 7 +- plaso/parsers/plist_plugins/interface.py | 8 +- plaso/parsers/pls_recall.py | 3 +- plaso/parsers/popcontest.py | 20 +- plaso/parsers/sqlite.py | 9 +- plaso/parsers/sqlite_plugins/skype_test.py | 18 +- plaso/parsers/winreg_plugins/outlook.py | 1 + plaso/parsers/xchatlog.py | 97 +- plaso/parsers/xchatscrollback.py | 61 +- plaso/preprocessors/interface.py | 14 +- utils/common.sh | 21 + utils/submit.sh | 3 + 60 files changed, 5923 insertions(+), 176 deletions(-) rename {doc => data}/README (100%) rename {doc => data}/plaso_kibana_example.json (100%) rename {doc => data}/tag_macosx.txt (100%) rename {doc => data}/tag_windows.txt (100%) create mode 100644 docs/Makefile create mode 100644 docs/conf.py create mode 100644 docs/index.rst create mode 100644 docs/make.bat create mode 100644 docs/modules.rst create mode 100644 docs/plaso.analysis.rst create mode 100644 docs/plaso.cli.rst create mode 100644 docs/plaso.engine.rst create mode 100644 docs/plaso.events.rst create mode 100644 docs/plaso.filters.rst create mode 100644 docs/plaso.formatters.rst create mode 100644 docs/plaso.frontend.rst create mode 100644 docs/plaso.hashers.rst create mode 100644 docs/plaso.lib.rst create mode 100644 docs/plaso.multi_processing.rst create mode 100644 docs/plaso.output.rst create mode 100644 docs/plaso.parsers.bencode_plugins.rst create mode 100644 docs/plaso.parsers.cookie_plugins.rst create mode 100644 docs/plaso.parsers.esedb_plugins.rst create mode 100644 docs/plaso.parsers.olecf_plugins.rst create mode 100644 docs/plaso.parsers.plist_plugins.rst create mode 100644 docs/plaso.parsers.rst create mode 100644 docs/plaso.parsers.shared.rst create mode 100644 docs/plaso.parsers.sqlite_plugins.rst create mode 100644 docs/plaso.parsers.winreg_plugins.rst create mode 100644 docs/plaso.preprocessors.rst create mode 100644 docs/plaso.proto.rst create mode 100644 docs/plaso.rst create mode 100644 docs/plaso.serializer.rst create mode 100644 docs/plaso.storage.rst create mode 100644 docs/plaso.unix.rst create mode 100644 docs/plaso.winnt.rst create mode 100644 docs/plaso.winreg.rst create mode 100644 docs/requirements.txt diff --git a/.gitignore b/.gitignore index 4322cdba0b..5219a89295 100644 --- a/.gitignore +++ b/.gitignore @@ -12,6 +12,7 @@ /__pycache__ /build/ /dependencies/ +/docs/_build /dist/ /plaso.egg-info diff --git a/config/dpkg/changelog b/config/dpkg/changelog index d7bc52294f..c4ead18481 100644 --- a/config/dpkg/changelog +++ b/config/dpkg/changelog @@ -2,4 +2,4 @@ python-plaso (1.2.1-1) unstable; urgency=low * Auto-generated - -- Log2Timeline Sun, 03 May 2015 13:33:28 +0200 + -- Log2Timeline Tue, 05 May 2015 16:16:55 +0200 diff --git a/doc/README b/data/README similarity index 100% rename from doc/README rename to data/README diff --git a/doc/plaso_kibana_example.json b/data/plaso_kibana_example.json similarity index 100% rename from doc/plaso_kibana_example.json rename to data/plaso_kibana_example.json diff --git a/doc/tag_macosx.txt b/data/tag_macosx.txt similarity index 100% rename from doc/tag_macosx.txt rename to data/tag_macosx.txt diff --git a/doc/tag_windows.txt b/data/tag_windows.txt similarity index 100% rename from doc/tag_windows.txt rename to data/tag_windows.txt diff --git a/docs/Makefile b/docs/Makefile new file mode 100644 index 0000000000..30d0f844fc --- /dev/null +++ b/docs/Makefile @@ -0,0 +1,176 @@ +# Makefile for Sphinx documentation + +# You can set these variables from the command line. +SPHINXOPTS = -W +SPHINXBUILD = sphinx-build +PAPER = +BUILDDIR = _build + +# User-friendly check for sphinx-build +ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1) +$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/) +endif + +# Internal variables. +PAPEROPT_a4 = -D latex_paper_size=a4 +PAPEROPT_letter = -D latex_paper_size=letter +ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . +# the i18n builder cannot share the environment and doctrees with the others +I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . + +.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext + +help: + @echo "Please use \`make ' where is one of" + @echo " html to make standalone HTML files" + @echo " dirhtml to make HTML files named index.html in directories" + @echo " singlehtml to make a single large HTML file" + @echo " pickle to make pickle files" + @echo " json to make JSON files" + @echo " htmlhelp to make HTML files and a HTML help project" + @echo " qthelp to make HTML files and a qthelp project" + @echo " devhelp to make HTML files and a Devhelp project" + @echo " epub to make an epub" + @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" + @echo " latexpdf to make LaTeX files and run them through pdflatex" + @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" + @echo " text to make text files" + @echo " man to make manual pages" + @echo " texinfo to make Texinfo files" + @echo " info to make Texinfo files and run them through makeinfo" + @echo " gettext to make PO message catalogs" + @echo " changes to make an overview of all changed/added/deprecated items" + @echo " xml to make Docutils-native XML files" + @echo " pseudoxml to make pseudoxml-XML files for display purposes" + @echo " linkcheck to check all external links for integrity" + @echo " doctest to run all doctests embedded in the documentation (if enabled)" + +clean: + rm -rf $(BUILDDIR)/* + +html: + $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." + +dirhtml: + $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." + +singlehtml: + $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml + @echo + @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." + +pickle: + $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle + @echo + @echo "Build finished; now you can process the pickle files." + +json: + $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json + @echo + @echo "Build finished; now you can process the JSON files." + +htmlhelp: + $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp + @echo + @echo "Build finished; now you can run HTML Help Workshop with the" \ + ".hhp project file in $(BUILDDIR)/htmlhelp." + +qthelp: + $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp + @echo + @echo "Build finished; now you can run "qcollectiongenerator" with the" \ + ".qhcp project file in $(BUILDDIR)/qthelp, like this:" + @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/Plaso.qhcp" + @echo "To view the help file:" + @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/Plaso.qhc" + +devhelp: + $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp + @echo + @echo "Build finished." + @echo "To view the help file:" + @echo "# mkdir -p $$HOME/.local/share/devhelp/Plaso" + @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/Plaso" + @echo "# devhelp" + +epub: + $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub + @echo + @echo "Build finished. The epub file is in $(BUILDDIR)/epub." + +latex: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo + @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." + @echo "Run \`make' in that directory to run these through (pdf)latex" \ + "(use \`make latexpdf' here to do that automatically)." + +latexpdf: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through pdflatex..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +latexpdfja: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through platex and dvipdfmx..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +text: + $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text + @echo + @echo "Build finished. The text files are in $(BUILDDIR)/text." + +man: + $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man + @echo + @echo "Build finished. The manual pages are in $(BUILDDIR)/man." + +texinfo: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo + @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." + @echo "Run \`make' in that directory to run these through makeinfo" \ + "(use \`make info' here to do that automatically)." + +info: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo "Running Texinfo files through makeinfo..." + make -C $(BUILDDIR)/texinfo info + @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." + +gettext: + $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale + @echo + @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." + +changes: + $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes + @echo + @echo "The overview file is in $(BUILDDIR)/changes." + +linkcheck: + $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck + @echo + @echo "Link check complete; look for any errors in the above output " \ + "or in $(BUILDDIR)/linkcheck/output.txt." + +doctest: + $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest + @echo "Testing of doctests in the sources finished, look at the " \ + "results in $(BUILDDIR)/doctest/output.txt." + +xml: + $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml + @echo + @echo "Build finished. The XML files are in $(BUILDDIR)/xml." + +pseudoxml: + $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml + @echo + @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." diff --git a/docs/conf.py b/docs/conf.py new file mode 100644 index 0000000000..b187e4b8a4 --- /dev/null +++ b/docs/conf.py @@ -0,0 +1,332 @@ +# -*- coding: utf-8 -*- +# +# Plaso documentation build configuration file. +# +# This file is execfile()d with the current directory set to its +# containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. +# +# Valid options are documented at http://sphinx-doc.org/config.html. + +import os +import sys +import time +from mock import Mock as MagicMock + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +sys.path.insert(0, os.path.abspath('..')) + +import plaso +from plaso import dependencies + + +# -- General configuration ------------------------------------------------ + +# If your documentation needs a minimal Sphinx version, state it here. +# needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. + + +extensions = [ + 'sphinx.ext.autodoc', + 'sphinx.ext.doctest', + 'sphinx.ext.coverage', + 'sphinx.ext.viewcode', + 'sphinxcontrib.napoleon' +] + +# There are many of dependencies we can't install on readthedocs, as it's +# not possible to install any python library that has a C dependency, and +# installing non-PyPi packages requires a complicated requirements.txt, +# so instead, we need to mock them. +class Mock(MagicMock): + # Ensure the mock sqlite method will be loaded. + sqlite_version_info = (3, 7, 9) + + @classmethod + def __getattr__(cls, name): + return Mock() + + # We always have the most up to date version of everything. + def get_version(self): + return time.strftime(u'%Y%m%d') + + # We're mocking pyparsing, and some parsers use the + method in their init, + # So mock it. + def __add__(self, other): + return self + +# Mock all the dependencies! (except the ones we don't want to). +modules_to_mock = [ + dependency for dependency, _, _, _ in dependencies.PYTHON_DEPENDENCIES] +for key, value in dependencies.LIBYAL_DEPENDENCIES.iteritems(): + modules_to_mock.append(key) + +# We also need to mock some modules that we don't have explicit dependencies on +# so that we can generated documentation for those components. We also need +# to explicitly mock each submodule. +# TODO: Find a better way to do this +ADDITIONAL_MODULES = set([ + u'artifacts.knowledge_base', u'dateutil.parser', u'dfvfs.analyzer', + u'dfvfs.file_io', u'dfvfs.helpers', u'dfvfs.lib', u'dfvfs.path', + u'dfvfs.resolver', u'dfvfs.serializer', u'dfvfs.vfs', u'dfvfs.volume', + u'elasticsearch', u'flask', u'hachoir_core', u'hachoir_core.config', + u'hachoir_parser', u'hachoir_metadata', u'MySQLdb', u'pyelasticsearch', + u'requests', u'timesketch', u'timesketch.lib', u'timesketch.lib.datastores', + u'timesketch.lib.datastores.elastic', u'timesketch.models', + u'timesketch.models.sketch', u'timesketch.models.user']) +modules_to_mock = set(modules_to_mock).union(ADDITIONAL_MODULES) + +# There are some modules we install via pip on readthedocs that we don't need +# to mock. +PIP_INSTALLED_MODULES = set( + [u'google.protobuf', u'six', u'pyparsing', u'construct']) +modules_to_mock = set(modules_to_mock).difference(PIP_INSTALLED_MODULES) +print u'Mocking modules' +for module_name in modules_to_mock: + print module_name + +sys.modules.update((module_name, Mock()) for module_name in modules_to_mock) + +# Options for the Sphinx Napoleon extension, which reads google style +# docstrings. +napoleon_google_docstring = True +napoleon_numpy_docstring = False +napoleon_include_private_with_doc = False +napoleon_include_special_with_doc = True + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix of source filenames. +source_suffix = '.rst' + +# The encoding of source files. +# source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +project = u'Plaso' +# This is a built in, but also apparently a sphinx config option. +# pylint: disable=redefined-builtin +copyright = u'The Plaso Project Authors' + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The short X.Y version. +version = plaso.__version__ +# The full version, including alpha/beta/rc tags. +release = plaso.GetVersion() + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +#language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +#today = '' +# Else, today_fmt is used as the format for a strftime call. +#today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = ['_build'] + +# The reST default role (used for this markup: `text`) to use for all +# documents. +#default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +#add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +#add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +#show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# A list of ignored prefixes for module index sorting. +#modindex_common_prefix = [] + +# If true, keep warnings as "system message" paragraphs in the built documents. +#keep_warnings = False + + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +html_theme = 'default' + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +#html_theme_options = {} + +# Add any paths that contain custom themes here, relative to this directory. +#html_theme_path = [] + +# The name for this set of Sphinx documents. If None, it defaults to +# " v documentation". +#html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +#html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +#html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +#html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] + +# Add any extra paths that contain custom files (such as robots.txt or +# .htaccess) here, relative to this directory. These files are copied +# directly to the root of the documentation. +#html_extra_path = [] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +#html_last_updated_fmt = '%b %d, %Y' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +#html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +#html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +#html_additional_pages = {} + +# If false, no module index is generated. +#html_domain_indices = True + +# If false, no index is generated. +#html_use_index = True + +# If true, the index is split into individual pages for each letter. +#html_split_index = False + +# If true, links to the reST sources are added to the pages. +#html_show_sourcelink = True + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +#html_show_sphinx = True + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +#html_show_copyright = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +#html_use_opensearch = '' + +# This is the file name suffix for HTML files (e.g. ".xhtml"). +#html_file_suffix = None + +# Output file base name for HTML help builder. +htmlhelp_basename = 'Plasodoc' + + +# -- Options for LaTeX output --------------------------------------------- + +latex_elements = { + # The paper size ('letterpaper' or 'a4paper'). + #'papersize': 'letterpaper', + + # The font size ('10pt', '11pt' or '12pt'). + #'pointsize': '10pt', + + # Additional stuff for the LaTeX preamble. + #'preamble': '', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, +# author, documentclass [howto, manual, or own class]). +latex_documents = [( + 'index', 'Plaso.tex', u'Plaso Documentation', + u'The Plaso Project Authors', 'manual'),] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +#latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +#latex_use_parts = False + +# If true, show page references after internal links. +#latex_show_pagerefs = False + +# If true, show URL addresses after external links. +#latex_show_urls = False + +# Documents to append as an appendix to all manuals. +#latex_appendices = [] + +# If false, no module index is generated. +#latex_domain_indices = True + + +# -- Options for manual page output --------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [( + 'index', 'plaso', u'Plaso Documentation', + [u'The Plaso Project Authors'], 1)] + +# If true, show URL addresses after external links. +#man_show_urls = False + + +# -- Options for Texinfo output ------------------------------------------- + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [( + 'index', 'Plaso', u'Plaso Documentation', + u'The Plaso Project Authors', 'Plaso', 'One line description of project.', + 'Miscellaneous'),] + +# Documents to append as an appendix to all manuals. +#texinfo_appendices = [] + +# If false, no module index is generated. +#texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +#texinfo_show_urls = 'footnote' + +# If true, do not generate a @detailmenu in the "Top" node's menu. +#texinfo_no_detailmenu = False diff --git a/docs/index.rst b/docs/index.rst new file mode 100644 index 0000000000..1117dd129f --- /dev/null +++ b/docs/index.rst @@ -0,0 +1,24 @@ +Welcome to the Plaso API documentation! +======================================= +Plaso (Plaso Langar Að Safna Öllu) is a computer forensic tool for timeline generation and analysis. + +The project's code is available from https://github.com/log2timeline/plaso, and user documentation is available at https://github.com/log2timeline/plaso/wiki/ and http://plaso.kiddaland.com. + +Plaso is licensed under the Apache license version 2. + +Project Contents: + +.. toctree:: + :maxdepth: 3 + + modules + + + +Indices and tables +================== + +* :ref:`genindex` +* :ref:`modindex` +* :ref:`search` + diff --git a/docs/make.bat b/docs/make.bat new file mode 100644 index 0000000000..241abb2c05 --- /dev/null +++ b/docs/make.bat @@ -0,0 +1,242 @@ +@ECHO OFF + +REM Command file for Sphinx documentation + +if "%SPHINXBUILD%" == "" ( + set SPHINXBUILD=sphinx-build +) +set BUILDDIR=_build +set ALLSPHINXOPTS=-d %BUILDDIR%/doctrees %SPHINXOPTS% . +set I18NSPHINXOPTS=%SPHINXOPTS% . +if NOT "%PAPER%" == "" ( + set ALLSPHINXOPTS=-D latex_paper_size=%PAPER% %ALLSPHINXOPTS% + set I18NSPHINXOPTS=-D latex_paper_size=%PAPER% %I18NSPHINXOPTS% +) + +if "%1" == "" goto help + +if "%1" == "help" ( + :help + echo.Please use `make ^` where ^ is one of + echo. html to make standalone HTML files + echo. dirhtml to make HTML files named index.html in directories + echo. singlehtml to make a single large HTML file + echo. pickle to make pickle files + echo. json to make JSON files + echo. htmlhelp to make HTML files and a HTML help project + echo. qthelp to make HTML files and a qthelp project + echo. devhelp to make HTML files and a Devhelp project + echo. epub to make an epub + echo. latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter + echo. text to make text files + echo. man to make manual pages + echo. texinfo to make Texinfo files + echo. gettext to make PO message catalogs + echo. changes to make an overview over all changed/added/deprecated items + echo. xml to make Docutils-native XML files + echo. pseudoxml to make pseudoxml-XML files for display purposes + echo. linkcheck to check all external links for integrity + echo. doctest to run all doctests embedded in the documentation if enabled + goto end +) + +if "%1" == "clean" ( + for /d %%i in (%BUILDDIR%\*) do rmdir /q /s %%i + del /q /s %BUILDDIR%\* + goto end +) + + +%SPHINXBUILD% 2> nul +if errorlevel 9009 ( + echo. + echo.The 'sphinx-build' command was not found. Make sure you have Sphinx + echo.installed, then set the SPHINXBUILD environment variable to point + echo.to the full path of the 'sphinx-build' executable. Alternatively you + echo.may add the Sphinx directory to PATH. + echo. + echo.If you don't have Sphinx installed, grab it from + echo.http://sphinx-doc.org/ + exit /b 1 +) + +if "%1" == "html" ( + %SPHINXBUILD% -b html %ALLSPHINXOPTS% %BUILDDIR%/html + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The HTML pages are in %BUILDDIR%/html. + goto end +) + +if "%1" == "dirhtml" ( + %SPHINXBUILD% -b dirhtml %ALLSPHINXOPTS% %BUILDDIR%/dirhtml + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The HTML pages are in %BUILDDIR%/dirhtml. + goto end +) + +if "%1" == "singlehtml" ( + %SPHINXBUILD% -b singlehtml %ALLSPHINXOPTS% %BUILDDIR%/singlehtml + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The HTML pages are in %BUILDDIR%/singlehtml. + goto end +) + +if "%1" == "pickle" ( + %SPHINXBUILD% -b pickle %ALLSPHINXOPTS% %BUILDDIR%/pickle + if errorlevel 1 exit /b 1 + echo. + echo.Build finished; now you can process the pickle files. + goto end +) + +if "%1" == "json" ( + %SPHINXBUILD% -b json %ALLSPHINXOPTS% %BUILDDIR%/json + if errorlevel 1 exit /b 1 + echo. + echo.Build finished; now you can process the JSON files. + goto end +) + +if "%1" == "htmlhelp" ( + %SPHINXBUILD% -b htmlhelp %ALLSPHINXOPTS% %BUILDDIR%/htmlhelp + if errorlevel 1 exit /b 1 + echo. + echo.Build finished; now you can run HTML Help Workshop with the ^ +.hhp project file in %BUILDDIR%/htmlhelp. + goto end +) + +if "%1" == "qthelp" ( + %SPHINXBUILD% -b qthelp %ALLSPHINXOPTS% %BUILDDIR%/qthelp + if errorlevel 1 exit /b 1 + echo. + echo.Build finished; now you can run "qcollectiongenerator" with the ^ +.qhcp project file in %BUILDDIR%/qthelp, like this: + echo.^> qcollectiongenerator %BUILDDIR%\qthelp\Plaso.qhcp + echo.To view the help file: + echo.^> assistant -collectionFile %BUILDDIR%\qthelp\Plaso.ghc + goto end +) + +if "%1" == "devhelp" ( + %SPHINXBUILD% -b devhelp %ALLSPHINXOPTS% %BUILDDIR%/devhelp + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. + goto end +) + +if "%1" == "epub" ( + %SPHINXBUILD% -b epub %ALLSPHINXOPTS% %BUILDDIR%/epub + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The epub file is in %BUILDDIR%/epub. + goto end +) + +if "%1" == "latex" ( + %SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex + if errorlevel 1 exit /b 1 + echo. + echo.Build finished; the LaTeX files are in %BUILDDIR%/latex. + goto end +) + +if "%1" == "latexpdf" ( + %SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex + cd %BUILDDIR%/latex + make all-pdf + cd %BUILDDIR%/.. + echo. + echo.Build finished; the PDF files are in %BUILDDIR%/latex. + goto end +) + +if "%1" == "latexpdfja" ( + %SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex + cd %BUILDDIR%/latex + make all-pdf-ja + cd %BUILDDIR%/.. + echo. + echo.Build finished; the PDF files are in %BUILDDIR%/latex. + goto end +) + +if "%1" == "text" ( + %SPHINXBUILD% -b text %ALLSPHINXOPTS% %BUILDDIR%/text + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The text files are in %BUILDDIR%/text. + goto end +) + +if "%1" == "man" ( + %SPHINXBUILD% -b man %ALLSPHINXOPTS% %BUILDDIR%/man + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The manual pages are in %BUILDDIR%/man. + goto end +) + +if "%1" == "texinfo" ( + %SPHINXBUILD% -b texinfo %ALLSPHINXOPTS% %BUILDDIR%/texinfo + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The Texinfo files are in %BUILDDIR%/texinfo. + goto end +) + +if "%1" == "gettext" ( + %SPHINXBUILD% -b gettext %I18NSPHINXOPTS% %BUILDDIR%/locale + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The message catalogs are in %BUILDDIR%/locale. + goto end +) + +if "%1" == "changes" ( + %SPHINXBUILD% -b changes %ALLSPHINXOPTS% %BUILDDIR%/changes + if errorlevel 1 exit /b 1 + echo. + echo.The overview file is in %BUILDDIR%/changes. + goto end +) + +if "%1" == "linkcheck" ( + %SPHINXBUILD% -b linkcheck %ALLSPHINXOPTS% %BUILDDIR%/linkcheck + if errorlevel 1 exit /b 1 + echo. + echo.Link check complete; look for any errors in the above output ^ +or in %BUILDDIR%/linkcheck/output.txt. + goto end +) + +if "%1" == "doctest" ( + %SPHINXBUILD% -b doctest %ALLSPHINXOPTS% %BUILDDIR%/doctest + if errorlevel 1 exit /b 1 + echo. + echo.Testing of doctests in the sources finished, look at the ^ +results in %BUILDDIR%/doctest/output.txt. + goto end +) + +if "%1" == "xml" ( + %SPHINXBUILD% -b xml %ALLSPHINXOPTS% %BUILDDIR%/xml + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The XML files are in %BUILDDIR%/xml. + goto end +) + +if "%1" == "pseudoxml" ( + %SPHINXBUILD% -b pseudoxml %ALLSPHINXOPTS% %BUILDDIR%/pseudoxml + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The pseudo-XML files are in %BUILDDIR%/pseudoxml. + goto end +) + +:end diff --git a/docs/modules.rst b/docs/modules.rst new file mode 100644 index 0000000000..a52b29e7ca --- /dev/null +++ b/docs/modules.rst @@ -0,0 +1,7 @@ +plaso +===== + +.. toctree:: + :maxdepth: 4 + + plaso diff --git a/docs/plaso.analysis.rst b/docs/plaso.analysis.rst new file mode 100644 index 0000000000..302046d16c --- /dev/null +++ b/docs/plaso.analysis.rst @@ -0,0 +1,126 @@ +plaso.analysis package +====================== + +Submodules +---------- + +plaso.analysis.browser_search module +------------------------------------ + +.. automodule:: plaso.analysis.browser_search + :members: + :undoc-members: + :show-inheritance: + +plaso.analysis.browser_search_test module +----------------------------------------- + +.. automodule:: plaso.analysis.browser_search_test + :members: + :undoc-members: + :show-inheritance: + +plaso.analysis.chrome_extension module +-------------------------------------- + +.. automodule:: plaso.analysis.chrome_extension + :members: + :undoc-members: + :show-inheritance: + +plaso.analysis.chrome_extension_test module +------------------------------------------- + +.. automodule:: plaso.analysis.chrome_extension_test + :members: + :undoc-members: + :show-inheritance: + +plaso.analysis.file_hashes module +--------------------------------- + +.. automodule:: plaso.analysis.file_hashes + :members: + :undoc-members: + :show-inheritance: + +plaso.analysis.file_hashes_test module +-------------------------------------- + +.. automodule:: plaso.analysis.file_hashes_test + :members: + :undoc-members: + :show-inheritance: + +plaso.analysis.interface module +------------------------------- + +.. automodule:: plaso.analysis.interface + :members: + :undoc-members: + :show-inheritance: + +plaso.analysis.manager module +----------------------------- + +.. automodule:: plaso.analysis.manager + :members: + :undoc-members: + :show-inheritance: + +plaso.analysis.manager_test module +---------------------------------- + +.. automodule:: plaso.analysis.manager_test + :members: + :undoc-members: + :show-inheritance: + +plaso.analysis.mediator module +------------------------------ + +.. automodule:: plaso.analysis.mediator + :members: + :undoc-members: + :show-inheritance: + +plaso.analysis.mediator_test module +----------------------------------- + +.. automodule:: plaso.analysis.mediator_test + :members: + :undoc-members: + :show-inheritance: + +plaso.analysis.test_lib module +------------------------------ + +.. automodule:: plaso.analysis.test_lib + :members: + :undoc-members: + :show-inheritance: + +plaso.analysis.windows_services module +-------------------------------------- + +.. automodule:: plaso.analysis.windows_services + :members: + :undoc-members: + :show-inheritance: + +plaso.analysis.windows_services_test module +------------------------------------------- + +.. automodule:: plaso.analysis.windows_services_test + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.analysis + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.cli.rst b/docs/plaso.cli.rst new file mode 100644 index 0000000000..1bd3977e47 --- /dev/null +++ b/docs/plaso.cli.rst @@ -0,0 +1,86 @@ +plaso.cli package +================= + +Submodules +---------- + +plaso.cli.analysis_tool module +------------------------------ + +.. automodule:: plaso.cli.analysis_tool + :members: + :undoc-members: + :show-inheritance: + +plaso.cli.analysis_tool_test module +----------------------------------- + +.. automodule:: plaso.cli.analysis_tool_test + :members: + :undoc-members: + :show-inheritance: + +plaso.cli.extraction_tool module +-------------------------------- + +.. automodule:: plaso.cli.extraction_tool + :members: + :undoc-members: + :show-inheritance: + +plaso.cli.extraction_tool_test module +------------------------------------- + +.. automodule:: plaso.cli.extraction_tool_test + :members: + :undoc-members: + :show-inheritance: + +plaso.cli.storage_media_tool module +----------------------------------- + +.. automodule:: plaso.cli.storage_media_tool + :members: + :undoc-members: + :show-inheritance: + +plaso.cli.storage_media_tool_test module +---------------------------------------- + +.. automodule:: plaso.cli.storage_media_tool_test + :members: + :undoc-members: + :show-inheritance: + +plaso.cli.test_lib module +------------------------- + +.. automodule:: plaso.cli.test_lib + :members: + :undoc-members: + :show-inheritance: + +plaso.cli.tools module +---------------------- + +.. automodule:: plaso.cli.tools + :members: + :undoc-members: + :show-inheritance: + +plaso.cli.tools_test module +--------------------------- + +.. automodule:: plaso.cli.tools_test + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.cli + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.engine.rst b/docs/plaso.engine.rst new file mode 100644 index 0000000000..7c901b43e4 --- /dev/null +++ b/docs/plaso.engine.rst @@ -0,0 +1,126 @@ +plaso.engine package +==================== + +Submodules +---------- + +plaso.engine.collector module +----------------------------- + +.. automodule:: plaso.engine.collector + :members: + :undoc-members: + :show-inheritance: + +plaso.engine.collector_test module +---------------------------------- + +.. automodule:: plaso.engine.collector_test + :members: + :undoc-members: + :show-inheritance: + +plaso.engine.engine module +-------------------------- + +.. automodule:: plaso.engine.engine + :members: + :undoc-members: + :show-inheritance: + +plaso.engine.knowledge_base module +---------------------------------- + +.. automodule:: plaso.engine.knowledge_base + :members: + :undoc-members: + :show-inheritance: + +plaso.engine.knowledge_base_test module +--------------------------------------- + +.. automodule:: plaso.engine.knowledge_base_test + :members: + :undoc-members: + :show-inheritance: + +plaso.engine.profiler module +---------------------------- + +.. automodule:: plaso.engine.profiler + :members: + :undoc-members: + :show-inheritance: + +plaso.engine.profiler_test module +--------------------------------- + +.. automodule:: plaso.engine.profiler_test + :members: + :undoc-members: + :show-inheritance: + +plaso.engine.queue module +------------------------- + +.. automodule:: plaso.engine.queue + :members: + :undoc-members: + :show-inheritance: + +plaso.engine.single_process module +---------------------------------- + +.. automodule:: plaso.engine.single_process + :members: + :undoc-members: + :show-inheritance: + +plaso.engine.single_process_test module +--------------------------------------- + +.. automodule:: plaso.engine.single_process_test + :members: + :undoc-members: + :show-inheritance: + +plaso.engine.test_lib module +---------------------------- + +.. automodule:: plaso.engine.test_lib + :members: + :undoc-members: + :show-inheritance: + +plaso.engine.utils module +------------------------- + +.. automodule:: plaso.engine.utils + :members: + :undoc-members: + :show-inheritance: + +plaso.engine.worker module +-------------------------- + +.. automodule:: plaso.engine.worker + :members: + :undoc-members: + :show-inheritance: + +plaso.engine.worker_test module +------------------------------- + +.. automodule:: plaso.engine.worker_test + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.engine + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.events.rst b/docs/plaso.events.rst new file mode 100644 index 0000000000..25fc487d6f --- /dev/null +++ b/docs/plaso.events.rst @@ -0,0 +1,54 @@ +plaso.events package +==================== + +Submodules +---------- + +plaso.events.plist_event module +------------------------------- + +.. automodule:: plaso.events.plist_event + :members: + :undoc-members: + :show-inheritance: + +plaso.events.shell_item_events module +------------------------------------- + +.. automodule:: plaso.events.shell_item_events + :members: + :undoc-members: + :show-inheritance: + +plaso.events.text_events module +------------------------------- + +.. automodule:: plaso.events.text_events + :members: + :undoc-members: + :show-inheritance: + +plaso.events.time_events module +------------------------------- + +.. automodule:: plaso.events.time_events + :members: + :undoc-members: + :show-inheritance: + +plaso.events.windows_events module +---------------------------------- + +.. automodule:: plaso.events.windows_events + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.events + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.filters.rst b/docs/plaso.filters.rst new file mode 100644 index 0000000000..c60123e1ac --- /dev/null +++ b/docs/plaso.filters.rst @@ -0,0 +1,70 @@ +plaso.filters package +===================== + +Submodules +---------- + +plaso.filters.dynamic_filter module +----------------------------------- + +.. automodule:: plaso.filters.dynamic_filter + :members: + :undoc-members: + :show-inheritance: + +plaso.filters.dynamic_filter_test module +---------------------------------------- + +.. automodule:: plaso.filters.dynamic_filter_test + :members: + :undoc-members: + :show-inheritance: + +plaso.filters.eventfilter module +-------------------------------- + +.. automodule:: plaso.filters.eventfilter + :members: + :undoc-members: + :show-inheritance: + +plaso.filters.eventfilter_test module +------------------------------------- + +.. automodule:: plaso.filters.eventfilter_test + :members: + :undoc-members: + :show-inheritance: + +plaso.filters.filterlist module +------------------------------- + +.. automodule:: plaso.filters.filterlist + :members: + :undoc-members: + :show-inheritance: + +plaso.filters.filterlist_test module +------------------------------------ + +.. automodule:: plaso.filters.filterlist_test + :members: + :undoc-members: + :show-inheritance: + +plaso.filters.test_helper module +-------------------------------- + +.. automodule:: plaso.filters.test_helper + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.filters + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.formatters.rst b/docs/plaso.formatters.rst new file mode 100644 index 0000000000..d223d72512 --- /dev/null +++ b/docs/plaso.formatters.rst @@ -0,0 +1,1238 @@ +plaso.formatters package +======================== + +Submodules +---------- + +plaso.formatters.android_app_usage module +----------------------------------------- + +.. automodule:: plaso.formatters.android_app_usage + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.android_app_usage_test module +---------------------------------------------- + +.. automodule:: plaso.formatters.android_app_usage_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.android_calls module +------------------------------------- + +.. automodule:: plaso.formatters.android_calls + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.android_calls_test module +------------------------------------------ + +.. automodule:: plaso.formatters.android_calls_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.android_sms module +----------------------------------- + +.. automodule:: plaso.formatters.android_sms + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.android_sms_test module +---------------------------------------- + +.. automodule:: plaso.formatters.android_sms_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.appcompatcache module +-------------------------------------- + +.. automodule:: plaso.formatters.appcompatcache + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.appcompatcache_test module +------------------------------------------- + +.. automodule:: plaso.formatters.appcompatcache_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.appusage module +-------------------------------- + +.. automodule:: plaso.formatters.appusage + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.appusage_test module +------------------------------------- + +.. automodule:: plaso.formatters.appusage_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.asl module +--------------------------- + +.. automodule:: plaso.formatters.asl + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.asl_test module +-------------------------------- + +.. automodule:: plaso.formatters.asl_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.bencode_parser module +-------------------------------------- + +.. automodule:: plaso.formatters.bencode_parser + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.bencode_parser_test module +------------------------------------------- + +.. automodule:: plaso.formatters.bencode_parser_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.bsm module +--------------------------- + +.. automodule:: plaso.formatters.bsm + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.bsm_test module +-------------------------------- + +.. automodule:: plaso.formatters.bsm_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.chrome module +------------------------------ + +.. automodule:: plaso.formatters.chrome + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.chrome_cache module +------------------------------------ + +.. automodule:: plaso.formatters.chrome_cache + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.chrome_cache_test module +----------------------------------------- + +.. automodule:: plaso.formatters.chrome_cache_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.chrome_cookies module +-------------------------------------- + +.. automodule:: plaso.formatters.chrome_cookies + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.chrome_cookies_test module +------------------------------------------- + +.. automodule:: plaso.formatters.chrome_cookies_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.chrome_extension_activity module +------------------------------------------------- + +.. automodule:: plaso.formatters.chrome_extension_activity + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.chrome_extension_activity_test module +------------------------------------------------------ + +.. automodule:: plaso.formatters.chrome_extension_activity_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.chrome_preferences module +------------------------------------------ + +.. automodule:: plaso.formatters.chrome_preferences + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.chrome_preferences_test module +----------------------------------------------- + +.. automodule:: plaso.formatters.chrome_preferences_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.chrome_test module +----------------------------------- + +.. automodule:: plaso.formatters.chrome_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.cups_ipp module +-------------------------------- + +.. automodule:: plaso.formatters.cups_ipp + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.cups_ipp_test module +------------------------------------- + +.. automodule:: plaso.formatters.cups_ipp_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.default module +------------------------------- + +.. automodule:: plaso.formatters.default + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.default_test module +------------------------------------ + +.. automodule:: plaso.formatters.default_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.file_history module +------------------------------------ + +.. automodule:: plaso.formatters.file_history + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.file_history_test module +----------------------------------------- + +.. automodule:: plaso.formatters.file_history_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.filestat module +-------------------------------- + +.. automodule:: plaso.formatters.filestat + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.filestat_test module +------------------------------------- + +.. automodule:: plaso.formatters.filestat_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.firefox module +------------------------------- + +.. automodule:: plaso.formatters.firefox + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.firefox_cache module +------------------------------------- + +.. automodule:: plaso.formatters.firefox_cache + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.firefox_cache_test module +------------------------------------------ + +.. automodule:: plaso.formatters.firefox_cache_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.firefox_cookies module +--------------------------------------- + +.. automodule:: plaso.formatters.firefox_cookies + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.firefox_cookies_test module +-------------------------------------------- + +.. automodule:: plaso.formatters.firefox_cookies_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.firefox_test module +------------------------------------ + +.. automodule:: plaso.formatters.firefox_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.ganalytics module +---------------------------------- + +.. automodule:: plaso.formatters.ganalytics + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.ganalytics_test module +--------------------------------------- + +.. automodule:: plaso.formatters.ganalytics_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.gdrive module +------------------------------ + +.. automodule:: plaso.formatters.gdrive + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.gdrive_test module +----------------------------------- + +.. automodule:: plaso.formatters.gdrive_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.hachoir module +------------------------------- + +.. automodule:: plaso.formatters.hachoir + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.hachoir_test module +------------------------------------ + +.. automodule:: plaso.formatters.hachoir_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.iis module +--------------------------- + +.. automodule:: plaso.formatters.iis + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.iis_test module +-------------------------------- + +.. automodule:: plaso.formatters.iis_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.interface module +--------------------------------- + +.. automodule:: plaso.formatters.interface + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.interface_test module +-------------------------------------- + +.. automodule:: plaso.formatters.interface_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.ipod module +---------------------------- + +.. automodule:: plaso.formatters.ipod + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.ipod_test module +--------------------------------- + +.. automodule:: plaso.formatters.ipod_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.java_idx module +-------------------------------- + +.. automodule:: plaso.formatters.java_idx + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.java_idx_test module +------------------------------------- + +.. automodule:: plaso.formatters.java_idx_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.ls_quarantine module +------------------------------------- + +.. automodule:: plaso.formatters.ls_quarantine + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.ls_quarantine_test module +------------------------------------------ + +.. automodule:: plaso.formatters.ls_quarantine_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.mac_appfirewall module +--------------------------------------- + +.. automodule:: plaso.formatters.mac_appfirewall + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.mac_appfirewall_test module +-------------------------------------------- + +.. automodule:: plaso.formatters.mac_appfirewall_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.mac_document_versions module +--------------------------------------------- + +.. automodule:: plaso.formatters.mac_document_versions + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.mac_document_versions_test module +-------------------------------------------------- + +.. automodule:: plaso.formatters.mac_document_versions_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.mac_keychain module +------------------------------------ + +.. automodule:: plaso.formatters.mac_keychain + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.mac_keychain_test module +----------------------------------------- + +.. automodule:: plaso.formatters.mac_keychain_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.mac_securityd module +------------------------------------- + +.. automodule:: plaso.formatters.mac_securityd + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.mac_securityd_test module +------------------------------------------ + +.. automodule:: plaso.formatters.mac_securityd_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.mac_wifi module +-------------------------------- + +.. automodule:: plaso.formatters.mac_wifi + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.mac_wifi_test module +------------------------------------- + +.. automodule:: plaso.formatters.mac_wifi_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.mackeeper_cache module +--------------------------------------- + +.. automodule:: plaso.formatters.mackeeper_cache + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.mackeeper_cache_test module +-------------------------------------------- + +.. automodule:: plaso.formatters.mackeeper_cache_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.mactime module +------------------------------- + +.. automodule:: plaso.formatters.mactime + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.mactime_test module +------------------------------------ + +.. automodule:: plaso.formatters.mactime_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.manager module +------------------------------- + +.. automodule:: plaso.formatters.manager + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.manager_test module +------------------------------------ + +.. automodule:: plaso.formatters.manager_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.mcafeeav module +-------------------------------- + +.. automodule:: plaso.formatters.mcafeeav + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.mcafeeav_test module +------------------------------------- + +.. automodule:: plaso.formatters.mcafeeav_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.mediator module +-------------------------------- + +.. automodule:: plaso.formatters.mediator + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.mediator_test module +------------------------------------- + +.. automodule:: plaso.formatters.mediator_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.msie_webcache module +------------------------------------- + +.. automodule:: plaso.formatters.msie_webcache + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.msie_webcache_test module +------------------------------------------ + +.. automodule:: plaso.formatters.msie_webcache_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.msiecf module +------------------------------ + +.. automodule:: plaso.formatters.msiecf + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.msiecf_test module +----------------------------------- + +.. automodule:: plaso.formatters.msiecf_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.olecf module +----------------------------- + +.. automodule:: plaso.formatters.olecf + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.olecf_test module +---------------------------------- + +.. automodule:: plaso.formatters.olecf_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.opera module +----------------------------- + +.. automodule:: plaso.formatters.opera + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.opera_test module +---------------------------------- + +.. automodule:: plaso.formatters.opera_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.oxml module +---------------------------- + +.. automodule:: plaso.formatters.oxml + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.oxml_test module +--------------------------------- + +.. automodule:: plaso.formatters.oxml_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.pcap module +---------------------------- + +.. automodule:: plaso.formatters.pcap + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.pcap_test module +--------------------------------- + +.. automodule:: plaso.formatters.pcap_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.pe module +-------------------------- + +.. automodule:: plaso.formatters.pe + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.pe_test module +------------------------------- + +.. automodule:: plaso.formatters.pe_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.plist module +----------------------------- + +.. automodule:: plaso.formatters.plist + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.plist_test module +---------------------------------- + +.. automodule:: plaso.formatters.plist_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.pls_recall module +---------------------------------- + +.. automodule:: plaso.formatters.pls_recall + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.pls_recall_test module +--------------------------------------- + +.. automodule:: plaso.formatters.pls_recall_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.popcontest module +---------------------------------- + +.. automodule:: plaso.formatters.popcontest + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.popcontest_test module +--------------------------------------- + +.. automodule:: plaso.formatters.popcontest_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.recycler module +-------------------------------- + +.. automodule:: plaso.formatters.recycler + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.recycler_test module +------------------------------------- + +.. automodule:: plaso.formatters.recycler_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.safari module +------------------------------ + +.. automodule:: plaso.formatters.safari + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.safari_cookies module +-------------------------------------- + +.. automodule:: plaso.formatters.safari_cookies + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.safari_cookies_test module +------------------------------------------- + +.. automodule:: plaso.formatters.safari_cookies_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.safari_test module +----------------------------------- + +.. automodule:: plaso.formatters.safari_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.selinux module +------------------------------- + +.. automodule:: plaso.formatters.selinux + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.selinux_test module +------------------------------------ + +.. automodule:: plaso.formatters.selinux_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.shell_items module +----------------------------------- + +.. automodule:: plaso.formatters.shell_items + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.shell_items_test module +---------------------------------------- + +.. automodule:: plaso.formatters.shell_items_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.skydrivelog module +----------------------------------- + +.. automodule:: plaso.formatters.skydrivelog + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.skydrivelog_test module +---------------------------------------- + +.. automodule:: plaso.formatters.skydrivelog_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.skydrivelogerr module +-------------------------------------- + +.. automodule:: plaso.formatters.skydrivelogerr + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.skydrivelogerr_test module +------------------------------------------- + +.. automodule:: plaso.formatters.skydrivelogerr_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.skype module +----------------------------- + +.. automodule:: plaso.formatters.skype + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.skype_test module +---------------------------------- + +.. automodule:: plaso.formatters.skype_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.symantec module +-------------------------------- + +.. automodule:: plaso.formatters.symantec + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.symantec_test module +------------------------------------- + +.. automodule:: plaso.formatters.symantec_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.syslog module +------------------------------ + +.. automodule:: plaso.formatters.syslog + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.syslog_test module +----------------------------------- + +.. automodule:: plaso.formatters.syslog_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.task_scheduler module +-------------------------------------- + +.. automodule:: plaso.formatters.task_scheduler + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.task_scheduler_test module +------------------------------------------- + +.. automodule:: plaso.formatters.task_scheduler_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.test_lib module +-------------------------------- + +.. automodule:: plaso.formatters.test_lib + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.text module +---------------------------- + +.. automodule:: plaso.formatters.text + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.text_test module +--------------------------------- + +.. automodule:: plaso.formatters.text_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.utmp module +---------------------------- + +.. automodule:: plaso.formatters.utmp + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.utmp_test module +--------------------------------- + +.. automodule:: plaso.formatters.utmp_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.utmpx module +----------------------------- + +.. automodule:: plaso.formatters.utmpx + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.utmpx_test module +---------------------------------- + +.. automodule:: plaso.formatters.utmpx_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.windows module +------------------------------- + +.. automodule:: plaso.formatters.windows + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.windows_test module +------------------------------------ + +.. automodule:: plaso.formatters.windows_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.winevt module +------------------------------ + +.. automodule:: plaso.formatters.winevt + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.winevt_rc module +--------------------------------- + +.. automodule:: plaso.formatters.winevt_rc + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.winevt_rc_test module +-------------------------------------- + +.. automodule:: plaso.formatters.winevt_rc_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.winevt_test module +----------------------------------- + +.. automodule:: plaso.formatters.winevt_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.winevtx module +------------------------------- + +.. automodule:: plaso.formatters.winevtx + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.winevtx_test module +------------------------------------ + +.. automodule:: plaso.formatters.winevtx_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.winfirewall module +----------------------------------- + +.. automodule:: plaso.formatters.winfirewall + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.winfirewall_test module +---------------------------------------- + +.. automodule:: plaso.formatters.winfirewall_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.winjob module +------------------------------ + +.. automodule:: plaso.formatters.winjob + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.winjob_test module +----------------------------------- + +.. automodule:: plaso.formatters.winjob_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.winlnk module +------------------------------ + +.. automodule:: plaso.formatters.winlnk + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.winlnk_test module +----------------------------------- + +.. automodule:: plaso.formatters.winlnk_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.winprefetch module +----------------------------------- + +.. automodule:: plaso.formatters.winprefetch + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.winprefetch_test module +---------------------------------------- + +.. automodule:: plaso.formatters.winprefetch_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.winreg module +------------------------------ + +.. automodule:: plaso.formatters.winreg + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.winreg_test module +----------------------------------- + +.. automodule:: plaso.formatters.winreg_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.winregservice module +------------------------------------- + +.. automodule:: plaso.formatters.winregservice + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.winregservice_test module +------------------------------------------ + +.. automodule:: plaso.formatters.winregservice_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.winrestore module +---------------------------------- + +.. automodule:: plaso.formatters.winrestore + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.winrestore_test module +--------------------------------------- + +.. automodule:: plaso.formatters.winrestore_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.xchatlog module +-------------------------------- + +.. automodule:: plaso.formatters.xchatlog + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.xchatlog_test module +------------------------------------- + +.. automodule:: plaso.formatters.xchatlog_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.xchatscrollback module +--------------------------------------- + +.. automodule:: plaso.formatters.xchatscrollback + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.xchatscrollback_test module +-------------------------------------------- + +.. automodule:: plaso.formatters.xchatscrollback_test + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.zeitgeist module +--------------------------------- + +.. automodule:: plaso.formatters.zeitgeist + :members: + :undoc-members: + :show-inheritance: + +plaso.formatters.zeitgeist_test module +-------------------------------------- + +.. automodule:: plaso.formatters.zeitgeist_test + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.formatters + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.frontend.rst b/docs/plaso.frontend.rst new file mode 100644 index 0000000000..1cf9a0c7ab --- /dev/null +++ b/docs/plaso.frontend.rst @@ -0,0 +1,182 @@ +plaso.frontend package +====================== + +Submodules +---------- + +plaso.frontend.analysis_frontend module +--------------------------------------- + +.. automodule:: plaso.frontend.analysis_frontend + :members: + :undoc-members: + :show-inheritance: + +plaso.frontend.analysis_frontend_test module +-------------------------------------------- + +.. automodule:: plaso.frontend.analysis_frontend_test + :members: + :undoc-members: + :show-inheritance: + +plaso.frontend.extraction_frontend module +----------------------------------------- + +.. automodule:: plaso.frontend.extraction_frontend + :members: + :undoc-members: + :show-inheritance: + +plaso.frontend.extraction_frontend_test module +---------------------------------------------- + +.. automodule:: plaso.frontend.extraction_frontend_test + :members: + :undoc-members: + :show-inheritance: + +plaso.frontend.frontend module +------------------------------ + +.. automodule:: plaso.frontend.frontend + :members: + :undoc-members: + :show-inheritance: + +plaso.frontend.image_export module +---------------------------------- + +.. automodule:: plaso.frontend.image_export + :members: + :undoc-members: + :show-inheritance: + +plaso.frontend.image_export_test module +--------------------------------------- + +.. automodule:: plaso.frontend.image_export_test + :members: + :undoc-members: + :show-inheritance: + +plaso.frontend.log2timeline module +---------------------------------- + +.. automodule:: plaso.frontend.log2timeline + :members: + :undoc-members: + :show-inheritance: + +plaso.frontend.log2timeline_test module +--------------------------------------- + +.. automodule:: plaso.frontend.log2timeline_test + :members: + :undoc-members: + :show-inheritance: + +plaso.frontend.plasm module +--------------------------- + +.. automodule:: plaso.frontend.plasm + :members: + :undoc-members: + :show-inheritance: + +plaso.frontend.plasm_test module +-------------------------------- + +.. automodule:: plaso.frontend.plasm_test + :members: + :undoc-members: + :show-inheritance: + +plaso.frontend.preg module +-------------------------- + +.. automodule:: plaso.frontend.preg + :members: + :undoc-members: + :show-inheritance: + +plaso.frontend.preg_test module +------------------------------- + +.. automodule:: plaso.frontend.preg_test + :members: + :undoc-members: + :show-inheritance: + +plaso.frontend.presets module +----------------------------- + +.. automodule:: plaso.frontend.presets + :members: + :undoc-members: + :show-inheritance: + +plaso.frontend.pshell module +---------------------------- + +.. automodule:: plaso.frontend.pshell + :members: + :undoc-members: + :show-inheritance: + +plaso.frontend.psort module +--------------------------- + +.. automodule:: plaso.frontend.psort + :members: + :undoc-members: + :show-inheritance: + +plaso.frontend.psort_test module +-------------------------------- + +.. automodule:: plaso.frontend.psort_test + :members: + :undoc-members: + :show-inheritance: + +plaso.frontend.storage_media_frontend module +-------------------------------------------- + +.. automodule:: plaso.frontend.storage_media_frontend + :members: + :undoc-members: + :show-inheritance: + +plaso.frontend.storage_media_frontend_test module +------------------------------------------------- + +.. automodule:: plaso.frontend.storage_media_frontend_test + :members: + :undoc-members: + :show-inheritance: + +plaso.frontend.test_lib module +------------------------------ + +.. automodule:: plaso.frontend.test_lib + :members: + :undoc-members: + :show-inheritance: + +plaso.frontend.utils module +--------------------------- + +.. automodule:: plaso.frontend.utils + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.frontend + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.hashers.rst b/docs/plaso.hashers.rst new file mode 100644 index 0000000000..b58ef9cfd2 --- /dev/null +++ b/docs/plaso.hashers.rst @@ -0,0 +1,94 @@ +plaso.hashers package +===================== + +Submodules +---------- + +plaso.hashers.interface module +------------------------------ + +.. automodule:: plaso.hashers.interface + :members: + :undoc-members: + :show-inheritance: + +plaso.hashers.manager module +---------------------------- + +.. automodule:: plaso.hashers.manager + :members: + :undoc-members: + :show-inheritance: + +plaso.hashers.manager_test module +--------------------------------- + +.. automodule:: plaso.hashers.manager_test + :members: + :undoc-members: + :show-inheritance: + +plaso.hashers.md5 module +------------------------ + +.. automodule:: plaso.hashers.md5 + :members: + :undoc-members: + :show-inheritance: + +plaso.hashers.md5_test module +----------------------------- + +.. automodule:: plaso.hashers.md5_test + :members: + :undoc-members: + :show-inheritance: + +plaso.hashers.sha1 module +------------------------- + +.. automodule:: plaso.hashers.sha1 + :members: + :undoc-members: + :show-inheritance: + +plaso.hashers.sha1_test module +------------------------------ + +.. automodule:: plaso.hashers.sha1_test + :members: + :undoc-members: + :show-inheritance: + +plaso.hashers.sha256 module +--------------------------- + +.. automodule:: plaso.hashers.sha256 + :members: + :undoc-members: + :show-inheritance: + +plaso.hashers.sha256_test module +-------------------------------- + +.. automodule:: plaso.hashers.sha256_test + :members: + :undoc-members: + :show-inheritance: + +plaso.hashers.test_lib module +----------------------------- + +.. automodule:: plaso.hashers.test_lib + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.hashers + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.lib.rst b/docs/plaso.lib.rst new file mode 100644 index 0000000000..f64b80a13c --- /dev/null +++ b/docs/plaso.lib.rst @@ -0,0 +1,214 @@ +plaso.lib package +================= + +Submodules +---------- + +plaso.lib.binary module +----------------------- + +.. automodule:: plaso.lib.binary + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.binary_test module +---------------------------- + +.. automodule:: plaso.lib.binary_test + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.bufferlib module +-------------------------- + +.. automodule:: plaso.lib.bufferlib + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.bufferlib_test module +------------------------------- + +.. automodule:: plaso.lib.bufferlib_test + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.definitions module +---------------------------- + +.. automodule:: plaso.lib.definitions + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.errors module +----------------------- + +.. automodule:: plaso.lib.errors + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.event module +---------------------- + +.. automodule:: plaso.lib.event + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.event_test module +--------------------------- + +.. automodule:: plaso.lib.event_test + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.eventdata module +-------------------------- + +.. automodule:: plaso.lib.eventdata + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.filter_interface module +--------------------------------- + +.. automodule:: plaso.lib.filter_interface + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.lexer module +---------------------- + +.. automodule:: plaso.lib.lexer + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.limit module +---------------------- + +.. automodule:: plaso.lib.limit + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.objectfilter module +----------------------------- + +.. automodule:: plaso.lib.objectfilter + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.objectfilter_test module +---------------------------------- + +.. automodule:: plaso.lib.objectfilter_test + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.pfilter module +------------------------ + +.. automodule:: plaso.lib.pfilter + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.pfilter_test module +----------------------------- + +.. automodule:: plaso.lib.pfilter_test + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.registry module +------------------------- + +.. automodule:: plaso.lib.registry + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.specification module +------------------------------ + +.. automodule:: plaso.lib.specification + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.specification_test module +----------------------------------- + +.. automodule:: plaso.lib.specification_test + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.storage module +------------------------ + +.. automodule:: plaso.lib.storage + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.storage_test module +----------------------------- + +.. automodule:: plaso.lib.storage_test + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.timelib module +------------------------ + +.. automodule:: plaso.lib.timelib + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.timelib_test module +----------------------------- + +.. automodule:: plaso.lib.timelib_test + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.utils module +---------------------- + +.. automodule:: plaso.lib.utils + :members: + :undoc-members: + :show-inheritance: + +plaso.lib.utils_test module +--------------------------- + +.. automodule:: plaso.lib.utils_test + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.lib + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.multi_processing.rst b/docs/plaso.multi_processing.rst new file mode 100644 index 0000000000..12204de181 --- /dev/null +++ b/docs/plaso.multi_processing.rst @@ -0,0 +1,78 @@ +plaso.multi_processing package +============================== + +Submodules +---------- + +plaso.multi_processing.foreman module +------------------------------------- + +.. automodule:: plaso.multi_processing.foreman + :members: + :undoc-members: + :show-inheritance: + +plaso.multi_processing.foreman_test module +------------------------------------------ + +.. automodule:: plaso.multi_processing.foreman_test + :members: + :undoc-members: + :show-inheritance: + +plaso.multi_processing.multi_process module +------------------------------------------- + +.. automodule:: plaso.multi_processing.multi_process + :members: + :undoc-members: + :show-inheritance: + +plaso.multi_processing.multi_process_test module +------------------------------------------------ + +.. automodule:: plaso.multi_processing.multi_process_test + :members: + :undoc-members: + :show-inheritance: + +plaso.multi_processing.process_info module +------------------------------------------ + +.. automodule:: plaso.multi_processing.process_info + :members: + :undoc-members: + :show-inheritance: + +plaso.multi_processing.process_info_test module +----------------------------------------------- + +.. automodule:: plaso.multi_processing.process_info_test + :members: + :undoc-members: + :show-inheritance: + +plaso.multi_processing.rpc module +--------------------------------- + +.. automodule:: plaso.multi_processing.rpc + :members: + :undoc-members: + :show-inheritance: + +plaso.multi_processing.xmlrpc module +------------------------------------ + +.. automodule:: plaso.multi_processing.xmlrpc + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.multi_processing + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.output.rst b/docs/plaso.output.rst new file mode 100644 index 0000000000..90b1e5cda9 --- /dev/null +++ b/docs/plaso.output.rst @@ -0,0 +1,198 @@ +plaso.output package +==================== + +Submodules +---------- + +plaso.output.dynamic module +--------------------------- + +.. automodule:: plaso.output.dynamic + :members: + :undoc-members: + :show-inheritance: + +plaso.output.dynamic_test module +-------------------------------- + +.. automodule:: plaso.output.dynamic_test + :members: + :undoc-members: + :show-inheritance: + +plaso.output.elastic module +--------------------------- + +.. automodule:: plaso.output.elastic + :members: + :undoc-members: + :show-inheritance: + +plaso.output.interface module +----------------------------- + +.. automodule:: plaso.output.interface + :members: + :undoc-members: + :show-inheritance: + +plaso.output.interface_test module +---------------------------------- + +.. automodule:: plaso.output.interface_test + :members: + :undoc-members: + :show-inheritance: + +plaso.output.json_out module +---------------------------- + +.. automodule:: plaso.output.json_out + :members: + :undoc-members: + :show-inheritance: + +plaso.output.json_out_test module +--------------------------------- + +.. automodule:: plaso.output.json_out_test + :members: + :undoc-members: + :show-inheritance: + +plaso.output.l2t_csv module +--------------------------- + +.. automodule:: plaso.output.l2t_csv + :members: + :undoc-members: + :show-inheritance: + +plaso.output.l2t_csv_test module +-------------------------------- + +.. automodule:: plaso.output.l2t_csv_test + :members: + :undoc-members: + :show-inheritance: + +plaso.output.manager module +--------------------------- + +.. automodule:: plaso.output.manager + :members: + :undoc-members: + :show-inheritance: + +plaso.output.manager_test module +-------------------------------- + +.. automodule:: plaso.output.manager_test + :members: + :undoc-members: + :show-inheritance: + +plaso.output.mediator module +---------------------------- + +.. automodule:: plaso.output.mediator + :members: + :undoc-members: + :show-inheritance: + +plaso.output.mediator_test module +--------------------------------- + +.. automodule:: plaso.output.mediator_test + :members: + :undoc-members: + :show-inheritance: + +plaso.output.mysql_4n6 module +----------------------------- + +.. automodule:: plaso.output.mysql_4n6 + :members: + :undoc-members: + :show-inheritance: + +plaso.output.pstorage module +---------------------------- + +.. automodule:: plaso.output.pstorage + :members: + :undoc-members: + :show-inheritance: + +plaso.output.pstorage_test module +--------------------------------- + +.. automodule:: plaso.output.pstorage_test + :members: + :undoc-members: + :show-inheritance: + +plaso.output.rawpy module +------------------------- + +.. automodule:: plaso.output.rawpy + :members: + :undoc-members: + :show-inheritance: + +plaso.output.sqlite_4n6 module +------------------------------ + +.. automodule:: plaso.output.sqlite_4n6 + :members: + :undoc-members: + :show-inheritance: + +plaso.output.test_lib module +---------------------------- + +.. automodule:: plaso.output.test_lib + :members: + :undoc-members: + :show-inheritance: + +plaso.output.timesketch_out module +---------------------------------- + +.. automodule:: plaso.output.timesketch_out + :members: + :undoc-members: + :show-inheritance: + +plaso.output.timesketch_out_test module +--------------------------------------- + +.. automodule:: plaso.output.timesketch_out_test + :members: + :undoc-members: + :show-inheritance: + +plaso.output.tln module +----------------------- + +.. automodule:: plaso.output.tln + :members: + :undoc-members: + :show-inheritance: + +plaso.output.tln_test module +---------------------------- + +.. automodule:: plaso.output.tln_test + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.output + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.parsers.bencode_plugins.rst b/docs/plaso.parsers.bencode_plugins.rst new file mode 100644 index 0000000000..c7a3b08799 --- /dev/null +++ b/docs/plaso.parsers.bencode_plugins.rst @@ -0,0 +1,46 @@ +plaso.parsers.bencode_plugins package +===================================== + +Submodules +---------- + +plaso.parsers.bencode_plugins.interface module +---------------------------------------------- + +.. automodule:: plaso.parsers.bencode_plugins.interface + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.bencode_plugins.test_lib module +--------------------------------------------- + +.. automodule:: plaso.parsers.bencode_plugins.test_lib + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.bencode_plugins.transmission module +------------------------------------------------- + +.. automodule:: plaso.parsers.bencode_plugins.transmission + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.bencode_plugins.utorrent module +--------------------------------------------- + +.. automodule:: plaso.parsers.bencode_plugins.utorrent + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.parsers.bencode_plugins + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.parsers.cookie_plugins.rst b/docs/plaso.parsers.cookie_plugins.rst new file mode 100644 index 0000000000..4e5ccc8d00 --- /dev/null +++ b/docs/plaso.parsers.cookie_plugins.rst @@ -0,0 +1,46 @@ +plaso.parsers.cookie_plugins package +==================================== + +Submodules +---------- + +plaso.parsers.cookie_plugins.ganalytics module +---------------------------------------------- + +.. automodule:: plaso.parsers.cookie_plugins.ganalytics + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.cookie_plugins.ganalytics_test module +--------------------------------------------------- + +.. automodule:: plaso.parsers.cookie_plugins.ganalytics_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.cookie_plugins.interface module +--------------------------------------------- + +.. automodule:: plaso.parsers.cookie_plugins.interface + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.cookie_plugins.test_lib module +-------------------------------------------- + +.. automodule:: plaso.parsers.cookie_plugins.test_lib + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.parsers.cookie_plugins + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.parsers.esedb_plugins.rst b/docs/plaso.parsers.esedb_plugins.rst new file mode 100644 index 0000000000..7e2541ed99 --- /dev/null +++ b/docs/plaso.parsers.esedb_plugins.rst @@ -0,0 +1,62 @@ +plaso.parsers.esedb_plugins package +=================================== + +Submodules +---------- + +plaso.parsers.esedb_plugins.file_history module +----------------------------------------------- + +.. automodule:: plaso.parsers.esedb_plugins.file_history + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.esedb_plugins.file_history_test module +---------------------------------------------------- + +.. automodule:: plaso.parsers.esedb_plugins.file_history_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.esedb_plugins.interface module +-------------------------------------------- + +.. automodule:: plaso.parsers.esedb_plugins.interface + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.esedb_plugins.msie_webcache module +------------------------------------------------ + +.. automodule:: plaso.parsers.esedb_plugins.msie_webcache + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.esedb_plugins.msie_webcache_test module +----------------------------------------------------- + +.. automodule:: plaso.parsers.esedb_plugins.msie_webcache_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.esedb_plugins.test_lib module +------------------------------------------- + +.. automodule:: plaso.parsers.esedb_plugins.test_lib + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.parsers.esedb_plugins + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.parsers.olecf_plugins.rst b/docs/plaso.parsers.olecf_plugins.rst new file mode 100644 index 0000000000..3fe2771455 --- /dev/null +++ b/docs/plaso.parsers.olecf_plugins.rst @@ -0,0 +1,78 @@ +plaso.parsers.olecf_plugins package +=================================== + +Submodules +---------- + +plaso.parsers.olecf_plugins.automatic_destinations module +--------------------------------------------------------- + +.. automodule:: plaso.parsers.olecf_plugins.automatic_destinations + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.olecf_plugins.automatic_destinations_test module +-------------------------------------------------------------- + +.. automodule:: plaso.parsers.olecf_plugins.automatic_destinations_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.olecf_plugins.default module +------------------------------------------ + +.. automodule:: plaso.parsers.olecf_plugins.default + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.olecf_plugins.default_test module +----------------------------------------------- + +.. automodule:: plaso.parsers.olecf_plugins.default_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.olecf_plugins.interface module +-------------------------------------------- + +.. automodule:: plaso.parsers.olecf_plugins.interface + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.olecf_plugins.summary module +------------------------------------------ + +.. automodule:: plaso.parsers.olecf_plugins.summary + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.olecf_plugins.summary_test module +----------------------------------------------- + +.. automodule:: plaso.parsers.olecf_plugins.summary_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.olecf_plugins.test_lib module +------------------------------------------- + +.. automodule:: plaso.parsers.olecf_plugins.test_lib + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.parsers.olecf_plugins + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.parsers.plist_plugins.rst b/docs/plaso.parsers.plist_plugins.rst new file mode 100644 index 0000000000..2e0f924234 --- /dev/null +++ b/docs/plaso.parsers.plist_plugins.rst @@ -0,0 +1,230 @@ +plaso.parsers.plist_plugins package +=================================== + +Submodules +---------- + +plaso.parsers.plist_plugins.airport module +------------------------------------------ + +.. automodule:: plaso.parsers.plist_plugins.airport + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.airport_test module +----------------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.airport_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.appleaccount module +----------------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.appleaccount + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.appleaccount_test module +---------------------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.appleaccount_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.bluetooth module +-------------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.bluetooth + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.bluetooth_test module +------------------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.bluetooth_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.default module +------------------------------------------ + +.. automodule:: plaso.parsers.plist_plugins.default + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.default_test module +----------------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.default_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.install_history module +-------------------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.install_history + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.install_history_test module +------------------------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.install_history_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.interface module +-------------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.interface + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.interface_test module +------------------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.interface_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.ipod module +--------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.ipod + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.ipod_test module +-------------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.ipod_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.macuser module +------------------------------------------ + +.. automodule:: plaso.parsers.plist_plugins.macuser + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.macuser_test module +----------------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.macuser_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.safari module +----------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.safari + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.safari_test module +---------------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.safari_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.softwareupdate module +------------------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.softwareupdate + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.softwareupdate_test module +------------------------------------------------------ + +.. automodule:: plaso.parsers.plist_plugins.softwareupdate_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.spotlight module +-------------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.spotlight + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.spotlight_test module +------------------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.spotlight_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.spotlight_volume module +--------------------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.spotlight_volume + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.spotlight_volume_test module +-------------------------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.spotlight_volume_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.test_lib module +------------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.test_lib + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.timemachine module +---------------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.timemachine + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_plugins.timemachine_test module +--------------------------------------------------- + +.. automodule:: plaso.parsers.plist_plugins.timemachine_test + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.parsers.plist_plugins + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.parsers.rst b/docs/plaso.parsers.rst new file mode 100644 index 0000000000..e51b80380c --- /dev/null +++ b/docs/plaso.parsers.rst @@ -0,0 +1,860 @@ +plaso.parsers package +===================== + +Subpackages +----------- + +.. toctree:: + + plaso.parsers.bencode_plugins + plaso.parsers.cookie_plugins + plaso.parsers.esedb_plugins + plaso.parsers.olecf_plugins + plaso.parsers.plist_plugins + plaso.parsers.shared + plaso.parsers.sqlite_plugins + plaso.parsers.winreg_plugins + +Submodules +---------- + +plaso.parsers.android_app_usage module +-------------------------------------- + +.. automodule:: plaso.parsers.android_app_usage + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.android_app_usage_test module +------------------------------------------- + +.. automodule:: plaso.parsers.android_app_usage_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.asl module +------------------------ + +.. automodule:: plaso.parsers.asl + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.asl_test module +----------------------------- + +.. automodule:: plaso.parsers.asl_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.bencode_parser module +----------------------------------- + +.. automodule:: plaso.parsers.bencode_parser + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.bencode_parser_test module +---------------------------------------- + +.. automodule:: plaso.parsers.bencode_parser_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.bsm module +------------------------ + +.. automodule:: plaso.parsers.bsm + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.bsm_test module +----------------------------- + +.. automodule:: plaso.parsers.bsm_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.chrome_cache module +--------------------------------- + +.. automodule:: plaso.parsers.chrome_cache + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.chrome_cache_test module +-------------------------------------- + +.. automodule:: plaso.parsers.chrome_cache_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.chrome_preferences module +--------------------------------------- + +.. automodule:: plaso.parsers.chrome_preferences + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.chrome_preferences_test module +-------------------------------------------- + +.. automodule:: plaso.parsers.chrome_preferences_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.cups_ipp module +----------------------------- + +.. automodule:: plaso.parsers.cups_ipp + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.cups_ipp_test module +---------------------------------- + +.. automodule:: plaso.parsers.cups_ipp_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.custom_destinations module +---------------------------------------- + +.. automodule:: plaso.parsers.custom_destinations + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.custom_destinations_test module +--------------------------------------------- + +.. automodule:: plaso.parsers.custom_destinations_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.esedb module +-------------------------- + +.. automodule:: plaso.parsers.esedb + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.filestat module +----------------------------- + +.. automodule:: plaso.parsers.filestat + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.filestat_test module +---------------------------------- + +.. automodule:: plaso.parsers.filestat_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.firefox_cache module +---------------------------------- + +.. automodule:: plaso.parsers.firefox_cache + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.firefox_cache_test module +--------------------------------------- + +.. automodule:: plaso.parsers.firefox_cache_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.hachoir module +---------------------------- + +.. automodule:: plaso.parsers.hachoir + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.iis module +------------------------ + +.. automodule:: plaso.parsers.iis + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.iis_test module +----------------------------- + +.. automodule:: plaso.parsers.iis_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.interface module +------------------------------ + +.. automodule:: plaso.parsers.interface + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.java_idx module +----------------------------- + +.. automodule:: plaso.parsers.java_idx + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.java_idx_test module +---------------------------------- + +.. automodule:: plaso.parsers.java_idx_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.mac_appfirewall module +------------------------------------ + +.. automodule:: plaso.parsers.mac_appfirewall + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.mac_appfirewall_test module +----------------------------------------- + +.. automodule:: plaso.parsers.mac_appfirewall_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.mac_keychain module +--------------------------------- + +.. automodule:: plaso.parsers.mac_keychain + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.mac_keychain_test module +-------------------------------------- + +.. automodule:: plaso.parsers.mac_keychain_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.mac_securityd module +---------------------------------- + +.. automodule:: plaso.parsers.mac_securityd + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.mac_securityd_test module +--------------------------------------- + +.. automodule:: plaso.parsers.mac_securityd_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.mac_wifi module +----------------------------- + +.. automodule:: plaso.parsers.mac_wifi + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.mac_wifi_test module +---------------------------------- + +.. automodule:: plaso.parsers.mac_wifi_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.mactime module +---------------------------- + +.. automodule:: plaso.parsers.mactime + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.mactime_test module +--------------------------------- + +.. automodule:: plaso.parsers.mactime_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.manager module +---------------------------- + +.. automodule:: plaso.parsers.manager + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.manager_test module +--------------------------------- + +.. automodule:: plaso.parsers.manager_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.mcafeeav module +----------------------------- + +.. automodule:: plaso.parsers.mcafeeav + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.mcafeeav_test module +---------------------------------- + +.. automodule:: plaso.parsers.mcafeeav_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.mediator module +----------------------------- + +.. automodule:: plaso.parsers.mediator + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.mediator_test module +---------------------------------- + +.. automodule:: plaso.parsers.mediator_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.msiecf module +--------------------------- + +.. automodule:: plaso.parsers.msiecf + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.msiecf_test module +-------------------------------- + +.. automodule:: plaso.parsers.msiecf_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.olecf module +-------------------------- + +.. automodule:: plaso.parsers.olecf + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.opera module +-------------------------- + +.. automodule:: plaso.parsers.opera + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.opera_test module +------------------------------- + +.. automodule:: plaso.parsers.opera_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.oxml module +------------------------- + +.. automodule:: plaso.parsers.oxml + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.oxml_test module +------------------------------ + +.. automodule:: plaso.parsers.oxml_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.pcap module +------------------------- + +.. automodule:: plaso.parsers.pcap + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.pcap_test module +------------------------------ + +.. automodule:: plaso.parsers.pcap_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.pe module +----------------------- + +.. automodule:: plaso.parsers.pe + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.pe_test module +---------------------------- + +.. automodule:: plaso.parsers.pe_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist module +-------------------------- + +.. automodule:: plaso.parsers.plist + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plist_test module +------------------------------- + +.. automodule:: plaso.parsers.plist_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.pls_recall module +------------------------------- + +.. automodule:: plaso.parsers.pls_recall + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.pls_recall_test module +------------------------------------ + +.. automodule:: plaso.parsers.pls_recall_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.plugins module +---------------------------- + +.. automodule:: plaso.parsers.plugins + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.popcontest module +------------------------------- + +.. automodule:: plaso.parsers.popcontest + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.popcontest_test module +------------------------------------ + +.. automodule:: plaso.parsers.popcontest_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.recycler module +----------------------------- + +.. automodule:: plaso.parsers.recycler + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.recycler_test module +---------------------------------- + +.. automodule:: plaso.parsers.recycler_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.safari_cookies module +----------------------------------- + +.. automodule:: plaso.parsers.safari_cookies + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.safari_cookies_test module +---------------------------------------- + +.. automodule:: plaso.parsers.safari_cookies_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.selinux module +---------------------------- + +.. automodule:: plaso.parsers.selinux + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.selinux_test module +--------------------------------- + +.. automodule:: plaso.parsers.selinux_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.skydrivelog module +-------------------------------- + +.. automodule:: plaso.parsers.skydrivelog + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.skydrivelog_test module +------------------------------------- + +.. automodule:: plaso.parsers.skydrivelog_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.skydrivelogerr module +----------------------------------- + +.. automodule:: plaso.parsers.skydrivelogerr + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.skydrivelogerr_test module +---------------------------------------- + +.. automodule:: plaso.parsers.skydrivelogerr_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite module +--------------------------- + +.. automodule:: plaso.parsers.sqlite + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_test module +-------------------------------- + +.. automodule:: plaso.parsers.sqlite_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.symantec module +----------------------------- + +.. automodule:: plaso.parsers.symantec + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.symantec_test module +---------------------------------- + +.. automodule:: plaso.parsers.symantec_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.syslog module +--------------------------- + +.. automodule:: plaso.parsers.syslog + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.syslog_test module +-------------------------------- + +.. automodule:: plaso.parsers.syslog_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.test_lib module +----------------------------- + +.. automodule:: plaso.parsers.test_lib + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.text_parser module +-------------------------------- + +.. automodule:: plaso.parsers.text_parser + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.text_parser_test module +------------------------------------- + +.. automodule:: plaso.parsers.text_parser_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.utmp module +------------------------- + +.. automodule:: plaso.parsers.utmp + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.utmp_test module +------------------------------ + +.. automodule:: plaso.parsers.utmp_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.utmpx module +-------------------------- + +.. automodule:: plaso.parsers.utmpx + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.utmpx_test module +------------------------------- + +.. automodule:: plaso.parsers.utmpx_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winevt module +--------------------------- + +.. automodule:: plaso.parsers.winevt + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winevt_test module +-------------------------------- + +.. automodule:: plaso.parsers.winevt_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winevtx module +---------------------------- + +.. automodule:: plaso.parsers.winevtx + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winevtx_test module +--------------------------------- + +.. automodule:: plaso.parsers.winevtx_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winfirewall module +-------------------------------- + +.. automodule:: plaso.parsers.winfirewall + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winfirewall_test module +------------------------------------- + +.. automodule:: plaso.parsers.winfirewall_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winjob module +--------------------------- + +.. automodule:: plaso.parsers.winjob + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winjob_test module +-------------------------------- + +.. automodule:: plaso.parsers.winjob_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winlnk module +--------------------------- + +.. automodule:: plaso.parsers.winlnk + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winlnk_test module +-------------------------------- + +.. automodule:: plaso.parsers.winlnk_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winprefetch module +-------------------------------- + +.. automodule:: plaso.parsers.winprefetch + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winprefetch_test module +------------------------------------- + +.. automodule:: plaso.parsers.winprefetch_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg module +--------------------------- + +.. automodule:: plaso.parsers.winreg + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_test module +-------------------------------- + +.. automodule:: plaso.parsers.winreg_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winrestore module +------------------------------- + +.. automodule:: plaso.parsers.winrestore + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winrestore_test module +------------------------------------ + +.. automodule:: plaso.parsers.winrestore_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.xchatlog module +----------------------------- + +.. automodule:: plaso.parsers.xchatlog + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.xchatlog_test module +---------------------------------- + +.. automodule:: plaso.parsers.xchatlog_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.xchatscrollback module +------------------------------------ + +.. automodule:: plaso.parsers.xchatscrollback + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.xchatscrollback_test module +----------------------------------------- + +.. automodule:: plaso.parsers.xchatscrollback_test + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.parsers + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.parsers.shared.rst b/docs/plaso.parsers.shared.rst new file mode 100644 index 0000000000..f56dde9ec5 --- /dev/null +++ b/docs/plaso.parsers.shared.rst @@ -0,0 +1,22 @@ +plaso.parsers.shared package +============================ + +Submodules +---------- + +plaso.parsers.shared.shell_items module +--------------------------------------- + +.. automodule:: plaso.parsers.shared.shell_items + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.parsers.shared + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.parsers.sqlite_plugins.rst b/docs/plaso.parsers.sqlite_plugins.rst new file mode 100644 index 0000000000..c56d3e668e --- /dev/null +++ b/docs/plaso.parsers.sqlite_plugins.rst @@ -0,0 +1,254 @@ +plaso.parsers.sqlite_plugins package +==================================== + +Submodules +---------- + +plaso.parsers.sqlite_plugins.android_calls module +------------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.android_calls + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.android_calls_test module +------------------------------------------------------ + +.. automodule:: plaso.parsers.sqlite_plugins.android_calls_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.android_sms module +----------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.android_sms + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.android_sms_test module +---------------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.android_sms_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.appusage module +-------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.appusage + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.appusage_test module +------------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.appusage_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.chrome module +------------------------------------------ + +.. automodule:: plaso.parsers.sqlite_plugins.chrome + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.chrome_cookies module +-------------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.chrome_cookies + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.chrome_cookies_test module +------------------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.chrome_cookies_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.chrome_extension_activity module +------------------------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.chrome_extension_activity + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.chrome_extension_activity_test module +------------------------------------------------------------------ + +.. automodule:: plaso.parsers.sqlite_plugins.chrome_extension_activity_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.chrome_test module +----------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.chrome_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.firefox module +------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.firefox + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.firefox_cookies module +--------------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.firefox_cookies + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.firefox_cookies_test module +-------------------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.firefox_cookies_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.firefox_test module +------------------------------------------------ + +.. automodule:: plaso.parsers.sqlite_plugins.firefox_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.gdrive module +------------------------------------------ + +.. automodule:: plaso.parsers.sqlite_plugins.gdrive + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.gdrive_test module +----------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.gdrive_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.interface module +--------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.interface + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.ls_quarantine module +------------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.ls_quarantine + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.ls_quarantine_test module +------------------------------------------------------ + +.. automodule:: plaso.parsers.sqlite_plugins.ls_quarantine_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.mac_document_versions module +--------------------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.mac_document_versions + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.mac_document_versions_test module +-------------------------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.mac_document_versions_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.mackeeper_cache module +--------------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.mackeeper_cache + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.mackeeper_cache_test module +-------------------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.mackeeper_cache_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.skype module +----------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.skype + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.skype_test module +---------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.skype_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.test_lib module +-------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.test_lib + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.zeitgeist module +--------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.zeitgeist + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.sqlite_plugins.zeitgeist_test module +-------------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.zeitgeist_test + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.parsers.sqlite_plugins + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.parsers.winreg_plugins.rst b/docs/plaso.parsers.winreg_plugins.rst new file mode 100644 index 0000000000..8176d665f1 --- /dev/null +++ b/docs/plaso.parsers.winreg_plugins.rst @@ -0,0 +1,414 @@ +plaso.parsers.winreg_plugins package +==================================== + +Submodules +---------- + +plaso.parsers.winreg_plugins.appcompatcache module +-------------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.appcompatcache + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.appcompatcache_test module +------------------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.appcompatcache_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.bagmru module +------------------------------------------ + +.. automodule:: plaso.parsers.winreg_plugins.bagmru + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.bagmru_test module +----------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.bagmru_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.ccleaner module +-------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.ccleaner + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.ccleaner_test module +------------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.ccleaner_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.default module +------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.default + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.default_test module +------------------------------------------------ + +.. automodule:: plaso.parsers.winreg_plugins.default_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.interface module +--------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.interface + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.lfu module +--------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.lfu + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.lfu_test module +-------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.lfu_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.mountpoints module +----------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.mountpoints + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.mountpoints_test module +---------------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.mountpoints_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.mrulist module +------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.mrulist + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.mrulist_test module +------------------------------------------------ + +.. automodule:: plaso.parsers.winreg_plugins.mrulist_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.mrulistex module +--------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.mrulistex + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.mrulistex_test module +-------------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.mrulistex_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.msie_zones module +---------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.msie_zones + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.msie_zones_test module +--------------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.msie_zones_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.officemru module +--------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.officemru + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.officemru_test module +-------------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.officemru_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.outlook module +------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.outlook + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.outlook_test module +------------------------------------------------ + +.. automodule:: plaso.parsers.winreg_plugins.outlook_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.run module +--------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.run + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.run_test module +-------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.run_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.sam_users module +--------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.sam_users + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.sam_users_test module +-------------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.sam_users_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.services module +-------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.services + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.services_test module +------------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.services_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.shutdown module +-------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.shutdown + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.shutdown_test module +------------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.shutdown_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.task_scheduler module +-------------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.task_scheduler + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.task_scheduler_test module +------------------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.task_scheduler_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.terminal_server module +--------------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.terminal_server + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.terminal_server_test module +-------------------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.terminal_server_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.test_lib module +-------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.test_lib + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.timezone module +-------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.timezone + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.timezone_test module +------------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.timezone_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.typedurls module +--------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.typedurls + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.typedurls_test module +-------------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.typedurls_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.usb module +--------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.usb + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.usb_test module +-------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.usb_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.usbstor module +------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.usbstor + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.usbstor_test module +------------------------------------------------ + +.. automodule:: plaso.parsers.winreg_plugins.usbstor_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.userassist module +---------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.userassist + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.userassist_test module +--------------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.userassist_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.winrar module +------------------------------------------ + +.. automodule:: plaso.parsers.winreg_plugins.winrar + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.winrar_test module +----------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.winrar_test + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.winver module +------------------------------------------ + +.. automodule:: plaso.parsers.winreg_plugins.winver + :members: + :undoc-members: + :show-inheritance: + +plaso.parsers.winreg_plugins.winver_test module +----------------------------------------------- + +.. automodule:: plaso.parsers.winreg_plugins.winver_test + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.parsers.winreg_plugins + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.preprocessors.rst b/docs/plaso.preprocessors.rst new file mode 100644 index 0000000000..71a9db47a1 --- /dev/null +++ b/docs/plaso.preprocessors.rst @@ -0,0 +1,94 @@ +plaso.preprocessors package +=========================== + +Submodules +---------- + +plaso.preprocessors.interface module +------------------------------------ + +.. automodule:: plaso.preprocessors.interface + :members: + :undoc-members: + :show-inheritance: + +plaso.preprocessors.linux module +-------------------------------- + +.. automodule:: plaso.preprocessors.linux + :members: + :undoc-members: + :show-inheritance: + +plaso.preprocessors.linux_test module +------------------------------------- + +.. automodule:: plaso.preprocessors.linux_test + :members: + :undoc-members: + :show-inheritance: + +plaso.preprocessors.macosx module +--------------------------------- + +.. automodule:: plaso.preprocessors.macosx + :members: + :undoc-members: + :show-inheritance: + +plaso.preprocessors.macosx_test module +-------------------------------------- + +.. automodule:: plaso.preprocessors.macosx_test + :members: + :undoc-members: + :show-inheritance: + +plaso.preprocessors.manager module +---------------------------------- + +.. automodule:: plaso.preprocessors.manager + :members: + :undoc-members: + :show-inheritance: + +plaso.preprocessors.manager_test module +--------------------------------------- + +.. automodule:: plaso.preprocessors.manager_test + :members: + :undoc-members: + :show-inheritance: + +plaso.preprocessors.test_lib module +----------------------------------- + +.. automodule:: plaso.preprocessors.test_lib + :members: + :undoc-members: + :show-inheritance: + +plaso.preprocessors.windows module +---------------------------------- + +.. automodule:: plaso.preprocessors.windows + :members: + :undoc-members: + :show-inheritance: + +plaso.preprocessors.windows_test module +--------------------------------------- + +.. automodule:: plaso.preprocessors.windows_test + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.preprocessors + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.proto.rst b/docs/plaso.proto.rst new file mode 100644 index 0000000000..e918cfed10 --- /dev/null +++ b/docs/plaso.proto.rst @@ -0,0 +1,22 @@ +plaso.proto package +=================== + +Submodules +---------- + +plaso.proto.plaso_storage_pb2 module +------------------------------------ + +.. automodule:: plaso.proto.plaso_storage_pb2 + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.proto + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.rst b/docs/plaso.rst new file mode 100644 index 0000000000..c846f83c2e --- /dev/null +++ b/docs/plaso.rst @@ -0,0 +1,47 @@ +plaso package +============= + +Subpackages +----------- + +.. toctree:: + + plaso.analysis + plaso.cli + plaso.engine + plaso.events + plaso.filters + plaso.formatters + plaso.frontend + plaso.hashers + plaso.lib + plaso.multi_processing + plaso.output + plaso.parsers + plaso.preprocessors + plaso.proto + plaso.serializer + plaso.storage + plaso.unix + plaso.winnt + plaso.winreg + +Submodules +---------- + +plaso.dependencies module +------------------------- + +.. automodule:: plaso.dependencies + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.serializer.rst b/docs/plaso.serializer.rst new file mode 100644 index 0000000000..4683953848 --- /dev/null +++ b/docs/plaso.serializer.rst @@ -0,0 +1,54 @@ +plaso.serializer package +======================== + +Submodules +---------- + +plaso.serializer.interface module +--------------------------------- + +.. automodule:: plaso.serializer.interface + :members: + :undoc-members: + :show-inheritance: + +plaso.serializer.json_serializer module +--------------------------------------- + +.. automodule:: plaso.serializer.json_serializer + :members: + :undoc-members: + :show-inheritance: + +plaso.serializer.json_serializer_test module +-------------------------------------------- + +.. automodule:: plaso.serializer.json_serializer_test + :members: + :undoc-members: + :show-inheritance: + +plaso.serializer.protobuf_serializer module +------------------------------------------- + +.. automodule:: plaso.serializer.protobuf_serializer + :members: + :undoc-members: + :show-inheritance: + +plaso.serializer.protobuf_serializer_test module +------------------------------------------------ + +.. automodule:: plaso.serializer.protobuf_serializer_test + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.serializer + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.storage.rst b/docs/plaso.storage.rst new file mode 100644 index 0000000000..3cbf93fec7 --- /dev/null +++ b/docs/plaso.storage.rst @@ -0,0 +1,38 @@ +plaso.storage package +===================== + +Submodules +---------- + +plaso.storage.collection module +------------------------------- + +.. automodule:: plaso.storage.collection + :members: + :undoc-members: + :show-inheritance: + +plaso.storage.factory module +---------------------------- + +.. automodule:: plaso.storage.factory + :members: + :undoc-members: + :show-inheritance: + +plaso.storage.factory_test module +--------------------------------- + +.. automodule:: plaso.storage.factory_test + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.storage + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.unix.rst b/docs/plaso.unix.rst new file mode 100644 index 0000000000..380363a203 --- /dev/null +++ b/docs/plaso.unix.rst @@ -0,0 +1,22 @@ +plaso.unix package +================== + +Submodules +---------- + +plaso.unix.bsmtoken module +-------------------------- + +.. automodule:: plaso.unix.bsmtoken + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.unix + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.winnt.rst b/docs/plaso.winnt.rst new file mode 100644 index 0000000000..4df6d02bad --- /dev/null +++ b/docs/plaso.winnt.rst @@ -0,0 +1,54 @@ +plaso.winnt package +=================== + +Submodules +---------- + +plaso.winnt.environ_expand module +--------------------------------- + +.. automodule:: plaso.winnt.environ_expand + :members: + :undoc-members: + :show-inheritance: + +plaso.winnt.human_readable_service_enums module +----------------------------------------------- + +.. automodule:: plaso.winnt.human_readable_service_enums + :members: + :undoc-members: + :show-inheritance: + +plaso.winnt.known_folder_ids module +----------------------------------- + +.. automodule:: plaso.winnt.known_folder_ids + :members: + :undoc-members: + :show-inheritance: + +plaso.winnt.language_ids module +------------------------------- + +.. automodule:: plaso.winnt.language_ids + :members: + :undoc-members: + :show-inheritance: + +plaso.winnt.shell_folder_ids module +----------------------------------- + +.. automodule:: plaso.winnt.shell_folder_ids + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.winnt + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.winreg.rst b/docs/plaso.winreg.rst new file mode 100644 index 0000000000..deb970fad7 --- /dev/null +++ b/docs/plaso.winreg.rst @@ -0,0 +1,94 @@ +plaso.winreg package +==================== + +Submodules +---------- + +plaso.winreg.cache module +------------------------- + +.. automodule:: plaso.winreg.cache + :members: + :undoc-members: + :show-inheritance: + +plaso.winreg.cache_test module +------------------------------ + +.. automodule:: plaso.winreg.cache_test + :members: + :undoc-members: + :show-inheritance: + +plaso.winreg.interface module +----------------------------- + +.. automodule:: plaso.winreg.interface + :members: + :undoc-members: + :show-inheritance: + +plaso.winreg.path_expander module +--------------------------------- + +.. automodule:: plaso.winreg.path_expander + :members: + :undoc-members: + :show-inheritance: + +plaso.winreg.test_lib module +---------------------------- + +.. automodule:: plaso.winreg.test_lib + :members: + :undoc-members: + :show-inheritance: + +plaso.winreg.utils module +------------------------- + +.. automodule:: plaso.winreg.utils + :members: + :undoc-members: + :show-inheritance: + +plaso.winreg.winpyregf module +----------------------------- + +.. automodule:: plaso.winreg.winpyregf + :members: + :undoc-members: + :show-inheritance: + +plaso.winreg.winpyregf_test module +---------------------------------- + +.. automodule:: plaso.winreg.winpyregf_test + :members: + :undoc-members: + :show-inheritance: + +plaso.winreg.winregistry module +------------------------------- + +.. automodule:: plaso.winreg.winregistry + :members: + :undoc-members: + :show-inheritance: + +plaso.winreg.winregistry_test module +------------------------------------ + +.. automodule:: plaso.winreg.winregistry_test + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.winreg + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/requirements.txt b/docs/requirements.txt new file mode 100644 index 0000000000..8b7f40c1c5 --- /dev/null +++ b/docs/requirements.txt @@ -0,0 +1,9 @@ +# This is required so that readthedocs installs napoleon and can read our docstrings. +sphinxcontrib-napoleon +# The protobuf library doesn't seem to mock properly for some reason. +protobuf +# Pyparsing doesn't mock very well, and it's easily pip installable. +pyparsing +# We have several parsers that create construct objects, and if we install +# it correctly, the documentation looks better. +construct diff --git a/plaso/__init__.py b/plaso/__init__.py index 1ae4fc3c71..5fa1185cdc 100644 --- a/plaso/__init__.py +++ b/plaso/__init__.py @@ -3,7 +3,7 @@ __version__ = '1.2.1' VERSION_DEV = True -VERSION_DATE = '20150503' +VERSION_DATE = '20150505' def GetVersion(): diff --git a/plaso/analysis/file_hashes.py b/plaso/analysis/file_hashes.py index f3acc82d67..5ed14bb444 100644 --- a/plaso/analysis/file_hashes.py +++ b/plaso/analysis/file_hashes.py @@ -7,7 +7,7 @@ class FileHashesPlugin(interface.AnalysisPlugin): - """A plugin for generate a list of file paths and corresponding hashes.""" + """A plugin for generating a list of file paths and corresponding hashes.""" NAME = 'file_hashes' @@ -24,7 +24,7 @@ def __init__(self, incoming_queue): self._paths_with_hashes = {} def ExamineEvent(self, analysis_mediator, event_object, **kwargs): - """Analyzes an event_object and creates Windows Services as required. + """Analyzes an event_object and creates extracts hashes as required. Args: analysis_mediator: The analysis mediator object (instance of diff --git a/plaso/engine/worker.py b/plaso/engine/worker.py index 01825030d7..90081dfe80 100644 --- a/plaso/engine/worker.py +++ b/plaso/engine/worker.py @@ -403,10 +403,11 @@ def InitializeParserObjects(self, parser_filter_string=None): The parser_filter_string is a simple comma separated value string that denotes a list of parser names to include and/or exclude. Each entry can have the value of: - + Exact match of a list of parsers, or a preset (see - plaso/frontend/presets.py for a full list of available presets). - + A name of a single parser (case insensitive), eg. msiecfparser. - + A glob name for a single parser, eg: '*msie*' (case insensitive). + + * Exact match of a list of parsers, or a preset (see + plaso/frontend/presets.py for a full list of available presets). + * A name of a single parser (case insensitive), eg. msiecfparser. + * A glob name for a single parser, eg: '*msie*' (case insensitive). Args: parser_filter_string: Optional parser filter string. The default is None. diff --git a/plaso/lib/event.py b/plaso/lib/event.py index 50838fa545..15f582b9c9 100644 --- a/plaso/lib/event.py +++ b/plaso/lib/event.py @@ -180,21 +180,21 @@ def __eq__(self, event_object): For two EventObject objects to be considered the same they need to have the following conditions: - + Have the same timestamp. - + Have the same data_type value. - + Have the same set of attributes. - + Compare all other attributes than those that are reserved, and - they all have to match. + * Have the same timestamp. + * Have the same data_type value. + * Have the same set of attributes. + * Compare all other attributes than those that are reserved, and + they all have to match. The following attributes are considered to be 'reserved' and not used for the comparison, so they may be different yet the EventObject is still considered to be equal: - + inode - + pathspec - + filename - + display_name - + store_number - + store_index + * inode + * pathspec + * filename + * display_name + * store_number + * store_index Args: event_object: The EventObject that is being compared to this one. @@ -293,12 +293,12 @@ class EventTag(object): The EventTag object should have the following attributes: (optional attributes surrounded with brackets) - + store_number: An integer, pointing to the store the EventObject is. - + store_index: An index into the store where the EventObject is. - + event_uuid: An UUID value of the event this tag belongs to. - + [comment]: An arbitrary string containing comments about the event. - + [color]: A string containing color information. - + [tags]: A list of strings with tags, eg: 'Malware', 'Entry Point'. + * store_number: An integer, pointing to the store the EventObject is. + * store_index: An index into the store where the EventObject is. + * event_uuid: An UUID value of the event this tag belongs to. + * [comment]: An arbitrary string containing comments about the event. + * [color]: A string containing color information. + * [tags]: A list of strings with tags, eg: 'Malware', 'Entry Point'. The tag either needs to have an event_uuid defined or both the store_number and store_index to be valid (not both, if both defined the store_number and diff --git a/plaso/lib/objectfilter.py b/plaso/lib/objectfilter.py index e4c6808899..a114a44f31 100644 --- a/plaso/lib/objectfilter.py +++ b/plaso/lib/objectfilter.py @@ -44,6 +44,7 @@ def __init__(self, code, color="white", doors=3): The filter expression contains two subexpressions joined by an AND operator: "color is grey" and "doors >= 3" + This means we want to search for objects matching these two subexpressions. Let's analyze the first one in depth "color is grey": @@ -85,6 +86,7 @@ def __init__(self, brand, code): Because the filter implementation provides the actual classes that perform handling of the search paths, operators, etc. customizing the behaviour of the filter is easy. Three basic filter implementations are given: + BaseFilterImplementation: search path expansion is done on attribute names as provided (case-sensitive). LowercaseAttributeFilterImp: search path expansion is done on the lowercased @@ -304,7 +306,7 @@ class Contains(GenericBinaryOperator): """Whether the right operand is contained in the value.""" def Operation(self, x, y): - if type(x) in (str, unicode): + if isinstance(x, str) or isinstance(x, unicode): return y.lower() in x.lower() return y in x @@ -394,40 +396,51 @@ class Context(Operator): Now imagine you have these two processes on a given system. Process1 - +[0]__ImportedDlls - +[0]__Name: "notevil.dll" - |[0]__ImpFunctions - | +[1]__Name: "CreateFileA" - |[0]__NumImpFunctions: 1 - | - +[1]__Name: "alsonotevil.dll" - |[1]__ImpFunctions - | +[0]__Name: "RegQueryValueEx" - | +[1]__Name: "CreateFileA" - |[1]__NumImpFunctions: 2 + * __ImportedDlls + + * __Name: "notevil.dll" + + * __ImpFunctions + + * __Name: "CreateFileA" + + * __NumImpFunctions: 1 + + * __Name: "alsonotevil.dll" + + * __ImpFunctions + + * __Name: "RegQueryValueEx" + * __Name: "CreateFileA" + + * __NumImpFunctions: 2 Process2 - +[0]__ImportedDlls - +[0]__Name: "evil.dll" - |[0]__ImpFunctions - | +[0]__Name: "RegQueryValueEx" - |[0]__NumImpFunctions: 1 + * __ImportedDlls + + * __Name: "evil.dll" + + * __ImpFunctions + + * __Name: "RegQueryValueEx" + + * __NumImpFunctions: 1 Both Process1 and Process2 match your query, as each of the indicators are - evaluated separatedly. While you wanted to express "find me processes that + evaluated separately. While you wanted to express "find me processes that have a DLL that has both one imported function and ReqQueryValueEx is in the list of imported functions", your indicator actually means "find processes that have at least a DLL with 1 imported functions and at least one DLL that imports the ReqQueryValueEx function". To write such an indicator you need to specify a context of ImportedDLLs for - these two clauses. Such that you convert your indicator to: + these two clauses. Such that you convert your indicator to:: - Context("ImportedDLLs", - AndOperator( - Equal("ImpFunctions.Name", "RegQueryValueEx"), - Equal("NumImpFunctions", "1") - )) + Context("ImportedDLLs", + AndOperator( + Equal("ImpFunctions.Name", "RegQueryValueEx"), + Equal("NumImpFunctions", "1") + )) Context will execute the filter specified as the second parameter for each of the objects under "ImportedDLLs", thus applying the condition per DLL, not per diff --git a/plaso/lib/pfilter.py b/plaso/lib/pfilter.py index a733a4c596..f8e22649d0 100644 --- a/plaso/lib/pfilter.py +++ b/plaso/lib/pfilter.py @@ -18,6 +18,8 @@ class DictObject(object): + # There's a backslash in the class docstring, so as not to confuse Sphinx. + # pylint: disable=anomalous-backslash-in-string """A simple object representing a dict object. To filter against an object that is stored as a dictionary the dict @@ -25,14 +27,15 @@ class DictObject(object): and/or other symbols they are stripped out to make filtering work like it is another object. - Example dict: + Example dict:: + {'A value': 234, 'this (my) key_': 'value', 'random': True, } This object would then allow access to object.thismykey that would access - the key 'this (my) key_' inside the dict. + the key 'this (my) key\_' inside the dict. """ def __init__(self, dict_object): @@ -251,18 +254,18 @@ def __init__(self, data): ValueError: if the date string is invalid. """ self.text = utils.GetUnicodeString(data) - if type(data) in (int, long): + if isinstance(data, int) or isinstance(data, long): self.data = data - elif type(data) == float: + elif isinstance(data, float): self.data = long(data) - elif type(data) in (str, unicode): + elif isinstance(data, str) or isinstance(data, unicode): try: self.data = timelib.Timestamp.FromTimeString( utils.GetUnicodeString(data)) except ValueError as exception: raise ValueError(u'Wrongly formatted date string: {0:s} - {1:s}'.format( data, exception)) - elif type(data) == datetime.datetime: + elif isinstance(data, datetime.datetime): self.data = timelib.Timestamp.FromPythonDatetime(data) elif isinstance(DateCompareObject, data): self.data = data.data diff --git a/plaso/lib/storage.py b/plaso/lib/storage.py index c03a8e788a..88cab0a468 100644 --- a/plaso/lib/storage.py +++ b/plaso/lib/storage.py @@ -25,15 +25,16 @@ + plaso_meta -Simple text file using YAML for storing metadata information about the store. -definition, example: - variable: value - a_list: [value, value, value] +Simple text file using YAML for storing metadata information about the store.:: + + definition, example: + variable: value + a_list: [value, value, value] This can be used to filter out which proto files should be included in processing. - + plaso_index ++ plaso_index The index file contains an index to all the entries stored within the protobuf file, so that it can be easily seeked. The layout is: @@ -1371,7 +1372,8 @@ def StoreGrouping(self, rows): The object that is passed in needs to have an iterator implemented and has to implement the following attributes (optional names within - bracket): + bracket):: + name - The name of the grouped event. [description] - More detailed description of the event. [category] - If this group of events falls into a specific category. diff --git a/plaso/parsers/bsm.py b/plaso/parsers/bsm.py index cd2a82d813..aa2193a7ff 100644 --- a/plaso/parsers/bsm.py +++ b/plaso/parsers/bsm.py @@ -25,7 +25,7 @@ # PascalString because the latter seems to break pickling on Windows. def _BsmTokenGetLength(context): - """Contruct context parser helper function to replace lambda.""" + """Construct context parser helper function to replace lambda.""" return context.length diff --git a/plaso/parsers/custom_destinations.py b/plaso/parsers/custom_destinations.py index 51e653a080..937be9d4b9 100644 --- a/plaso/parsers/custom_destinations.py +++ b/plaso/parsers/custom_destinations.py @@ -54,8 +54,11 @@ class CustomDestinationsParser(interface.SingleFileBaseParser): u'file_footer', construct.ULInt32(u'signature')) + def ParseFileObject(self, parser_mediator, file_object, **kwargs): - """Parses a *.customDestinations-ms file-like object. + # There's a backslash in the class docstring, so as not to confuse Sphinx. + # pylint: disable=anomalous-backslash-in-string + """Parses a \*.customDestinations-ms file-like object. Args: parser_mediator: A parser mediator object (instance of ParserMediator). @@ -137,7 +140,7 @@ def ParseFileObject(self, parser_mediator, file_object, **kwargs): try: lnk_file_object = resolver.Resolver.OpenFileObject(path_spec) except RuntimeError as exception: - message = u'Unable to open LNK file with error'.format(exception) + message = u'Unable to open LNK file with error {0:s}'.format(exception) parser_mediator.ProduceParseError(message) return diff --git a/plaso/parsers/plist_plugins/interface.py b/plaso/parsers/plist_plugins/interface.py index 48f05bb9e9..892af1f079 100644 --- a/plaso/parsers/plist_plugins/interface.py +++ b/plaso/parsers/plist_plugins/interface.py @@ -190,7 +190,7 @@ def RecurseKey(recur_item, root='', depth=15): logging.debug(u'Recursion limit hit for key: {0:s}'.format(root)) return - if type(recur_item) in (list, tuple): + if isinstance(recur_item, (list, tuple)): for recur in recur_item: for key in RecurseKey(recur, root, depth): yield key @@ -224,9 +224,9 @@ def GetKeys(top_level, keys, depth=1): override the depth limit and use GetKeys to fetch from a deeper level. E.g. - Top_Level (root): # depth = 0 - |-- Key_Name_is_UUID_Generated_At_Install 1234-5678-8 # depth = 1 - | |-- Interesting_SubKey_with_value_to_Process: [Values, ...] # depth = 2 + Top_Level (root): # depth = 0 + -- Key_Name_is_UUID_Generated_At_Install 1234-5678-8 # depth = 1 + ---- Interesting_SubKey_with_value_to_Process: [Values, ...] # depth = 2 Args: top_level: Plist in dictionary form. diff --git a/plaso/parsers/pls_recall.py b/plaso/parsers/pls_recall.py index 526d6105c1..24658eb308 100644 --- a/plaso/parsers/pls_recall.py +++ b/plaso/parsers/pls_recall.py @@ -39,7 +39,8 @@ def __init__(self, timestamp, sequence, user, database, query): class PlsRecallParser(interface.SingleFileBaseParser): """Parse PL/SQL Recall files. - Parser is based on a: + Parser is based on a:: + TRecallRecord = packed record Sequence: Integer; TimeStamp: TDateTime; diff --git a/plaso/parsers/popcontest.py b/plaso/parsers/popcontest.py index f2dab01644..d8f6a7ee8f 100644 --- a/plaso/parsers/popcontest.py +++ b/plaso/parsers/popcontest.py @@ -1,12 +1,12 @@ # -*- coding: utf-8 -*- -"""This file contains Popularity Contest log file parser in plaso. +"""This file contains the Popularity Contest log file parser in plaso. - Information updated 20 january 2014. - From Debian Package Popularity Contest - Avery Pennarun +Information updated 20 january 2014. +From Debian Package Popularity Contest +Avery Pennarun + +From 'http://www.unix.com/man-page/Linux/8/popularity-contest/': - From 'http://www.unix.com/man-page/Linux/8/popularity-contest/': - ' The popularity-contest command gathers information about Debian pack- ages installed on the system, and prints the name of the most recently used executable program in that package as well as its last-accessed @@ -26,11 +26,11 @@ results to Debian package maintainers (only once a week) according to the settings in /etc/popularity-contest.conf and /usr/share/popularity- contest/default.conf. - ' - From 'http://popcon.ubuntu.com/README': - ' - The popularity-contest output looks like this: + +From 'http://popcon.ubuntu.com/README': + +The popularity-contest output looks like this: POPULARITY-CONTEST-0 TIME:914183330 ID:b92a5fc1809d8a95a12eb3a3c8445 914183333 909868335 grep /bin/fgrep diff --git a/plaso/parsers/sqlite.py b/plaso/parsers/sqlite.py index 9b02dcaa7f..1cc5e967c5 100644 --- a/plaso/parsers/sqlite.py +++ b/plaso/parsers/sqlite.py @@ -23,7 +23,8 @@ def CacheQueryResults( This function will take a SQL command, execute it and for each resulting row it will store a key in a dictionary. - An example: + An example:: + sql_results = A SQL result object after executing the SQL command: 'SELECT foo, bla, bar FROM my_table' attribute_name = 'all_the_things' @@ -31,11 +32,11 @@ def CacheQueryResults( values = ['bla', 'bar'] Results from running this against the database: - 'first', 'stuff', 'things' - 'second', 'another stuff', 'another thing' + 'first', 'stuff', 'things' + 'second', 'another stuff', 'another thing' This will result in a dict object being created in the - cache, called 'all_the_things' and it will contain the following value: + cache, called 'all_the_things' and it will contain the following value:: all_the_things = { 'first': ['stuff', 'things'], diff --git a/plaso/parsers/sqlite_plugins/skype_test.py b/plaso/parsers/sqlite_plugins/skype_test.py index 63e7d06921..54d719fa9c 100644 --- a/plaso/parsers/sqlite_plugins/skype_test.py +++ b/plaso/parsers/sqlite_plugins/skype_test.py @@ -22,17 +22,17 @@ def testProcess(self): """Tests the Process function on a Skype History database file. The History file contains 24 events: - 4 call events - 4 transfers file events - 1 sms events - 15 chat events + 4 call events + 4 transfers file events + 1 sms events + 15 chat events Events used: - id = 16 -> SMS - id = 22 -> Call - id = 18 -> File - id = 1 -> Chat - id = 14 -> ChatRoom + id = 16 -> SMS + id = 22 -> Call + id = 18 -> File + id = 1 -> Chat + id = 14 -> ChatRoom """ test_file = self._GetTestFilePath([u'skype_main.db']) cache = sqlite.SQLiteCache() diff --git a/plaso/parsers/winreg_plugins/outlook.py b/plaso/parsers/winreg_plugins/outlook.py index 1586cd3225..28b2053648 100644 --- a/plaso/parsers/winreg_plugins/outlook.py +++ b/plaso/parsers/winreg_plugins/outlook.py @@ -37,6 +37,7 @@ def GetEntries( self, parser_mediator, key=None, registry_type=None, codepage='cp1252', **unused_kwargs): """Collect the values under Outlook and return event for each one. + Args: parser_mediator: A parser mediator object (instance of ParserMediator). key: Optional Registry key (instance of winreg.WinRegKey). diff --git a/plaso/parsers/xchatlog.py b/plaso/parsers/xchatlog.py index 16728941e1..5a1c547dbe 100644 --- a/plaso/parsers/xchatlog.py +++ b/plaso/parsers/xchatlog.py @@ -1,54 +1,55 @@ # -*- coding: utf-8 -*- +# There's a backslash in the module docstring, so as not to confuse Sphinx. +# pylint: disable=anomalous-backslash-in-string """This file contains XChat log file parser in plaso. - Information updated 24 July 2013. - - The parser applies to XChat log files. Despite their apparent - simplicity it's not straightforward to manage every possible case. - XChat tool allows users to specify how timestamp will be - encoded (using the strftime function), by letting them to specify - additional separators. This parser will accept only the simplest - default English form of an XChat log file, as the following: - - **** BEGIN LOGGING AT Mon Dec 31 21:11:55 2001 - - dec 31 21:11:55 --> You are now talking on #gugle - dec 31 21:11:55 --- Topic for #gugle is plaso, nobody knows what it means - dec 31 21:11:55 Topic for #gugle set by Kristinn - dec 31 21:11:55 --- Joachim gives voice to fpi - dec 31 21:11:55 * XChat here - dec 31 21:11:58 ola plas-ing guys! - dec 31 21:12:00 ftw! - - It could be managed the missing month/day case too, by extracting - the month/day information from the header. But the parser logic - would become intricate, since it would need to manage day transition, - chat lines crossing the midnight. From there derives the last day of - the year bug, since the parser will not manage that transition. - - Moreover the strftime is locale-dependant, so month names, footer and - headers can change, even inside the same log file. Being said that, the - following will be the main logic used to parse the log files (note that - the first header *must be* '**** BEGIN ...' otherwise file will be skipped). - - 1) Check for '****' - 1.1) If 'BEGIN LOGGING AT' (English) - 1.1.1) Extract the YEAR - 1.1.2) Generate new event start logging - 1.1.3) set parsing = True - 1.2) If 'END LOGGING' - 1.2.1) If parsing, set parsing=False - 1.2.2) If not parsing, log debug - 1.2.3) Generate new event end logging - 1.3) If not BEGIN|END we are facing a different language - and we don't now which language! - If parsing is True, set parsing=False and log debug - 2) Not '****' so we are parsing a line - 2.1) If parsing = True, try to parse line and generate event - 2.2) If parsing = False, skip until next good header is found - - References - http://xchat.org +Information updated 24 July 2013. + +The parser applies to XChat log files. Despite their apparent +simplicity it's not straightforward to manage every possible case. +XChat tool allows users to specify how timestamp will be +encoded (using the strftime function), by letting them to specify +additional separators. This parser will accept only the simplest +default English form of an XChat log file, as the following:: + + **** BEGIN LOGGING AT Mon Dec 31 21:11:55 2001 + dec 31 21:11:55 --> You are now talking on #gugle + dec 31 21:11:55 --- Topic for #gugle is plaso, nobody knows what it means + dec 31 21:11:55 Topic for #gugle set by Kristinn + dec 31 21:11:55 --- Joachim gives voice to fpi + dec 31 21:11:55 * XChat here + dec 31 21:11:58 ola plas-ing guys! + dec 31 21:12:00 ftw! + +It could be managed the missing month/day case too, by extracting +the month/day information from the header. But the parser logic +would become intricate, since it would need to manage day transition, +chat lines crossing the midnight. From there derives the last day of +the year bug, since the parser will not manage that transition. + +Moreover the strftime is locale-dependant, so month names, footer and +headers can change, even inside the same log file. Being said that, the +following will be the main logic used to parse the log files (note that +the first header *must be* '\*\*\*\* BEGIN ...' otherwise file will be skipped). + +1) Check for '\*\*\*\*' +1.1) If 'BEGIN LOGGING AT' (English) +1.1.1) Extract the YEAR +1.1.2) Generate new event start logging +1.1.3) set parsing = True +1.2) If 'END LOGGING' +1.2.1) If parsing, set parsing=False +1.2.2) If not parsing, log debug +1.2.3) Generate new event end logging +1.3) If not BEGIN|END we are facing a different language +and we don't now which language! +If parsing is True, set parsing=False and log debug +2) Not '\*\*\*\*' so we are parsing a line +2.1) If parsing = True, try to parse line and generate event +2.2) If parsing = False, skip until next good header is found + +References +http://xchat.org """ import logging diff --git a/plaso/parsers/xchatscrollback.py b/plaso/parsers/xchatscrollback.py index a966900575..b4c361925b 100644 --- a/plaso/parsers/xchatscrollback.py +++ b/plaso/parsers/xchatscrollback.py @@ -1,36 +1,37 @@ # -*- coding: utf-8 -*- """This file contains XChat scrollback log file parser in plaso. - Information updated 06 September 2013. - - Besides the logging capability, the XChat IRC client has the option to - record the text for opened tabs. So, when rejoining a particular channel - and/or a particular conversation, XChat will display the last messages - exchanged. This artifact could be present, if not disabled, even if - normal logging is disabled. - - From the XChat FAQ (http://xchatdata.net/Using/FAQ): - Q: 'How do I keep text from previous sessions from being displayed when - I join a channel?' - R: 'Starting in XChat 2.8.4, XChat implemented the Scrollback feature which - displays text from the last time you had a particular tab open. - To disable this setting for all channels, Go to Settings -> Preferences - -> Logging and uncheck Display scrollback from previous session. - In XChat 2.8.6, XChat implemented both Per Channel Logging, and - Per Channel Scrollbacks. If you are on 2.8.6 or newer, you can disable - loading scrollback for just one particular tab name by right clicking on - the tab name, selecting Settings, and then unchecking Reload scrollback' - - The log file format differs from logging format, but it's quite simple - 'T 1232315916 Python interface unloaded' - <\n> - - The time reported in the log is Unix Epoch (from source code, time(0)). - The part could contain some 'decorators' (bold, underline, colors - indication, etc.), so the parser should strip those control fields. - - References - http://xchat.org +Information updated 06 September 2013. + +Besides the logging capability, the XChat IRC client has the option to +record the text for opened tabs. So, when rejoining a particular channel +and/or a particular conversation, XChat will display the last messages +exchanged. This artifact could be present, if not disabled, even if +normal logging is disabled. + +From the XChat FAQ (http://xchatdata.net/Using/FAQ): + +Q: 'How do I keep text from previous sessions from being displayed when I +join a channel?' +R: 'Starting in XChat 2.8.4, XChat implemented the Scrollback feature which +displays text from the last time you had a particular tab open. +To disable this setting for all channels, Go to Settings -> Preferences +-> Logging and uncheck Display scrollback from previous session. +In XChat 2.8.6, XChat implemented both Per Channel Logging, and +Per Channel Scrollbacks. If you are on 2.8.6 or newer, you can disable +loading scrollback for just one particular tab name by right clicking on +the tab name, selecting Settings, and then unchecking Reload scrollback' + +The log file format differs from logging format, but it's quite simple +'T 1232315916 Python interface unloaded' +<\n> + +The time reported in the log is Unix Epoch (from source code, time(0)). +The part could contain some 'decorators' (bold, underline, colors +indication, etc.), so the parser should strip those control fields. + +References +http://xchat.org """ import logging diff --git a/plaso/preprocessors/interface.py b/plaso/preprocessors/interface.py index eff7c12955..bdb68c7b30 100644 --- a/plaso/preprocessors/interface.py +++ b/plaso/preprocessors/interface.py @@ -17,16 +17,17 @@ class PreprocessPlugin(object): should define which operating system this plugin supports. The OS variable supports the following values: - + Windows - + Linux - + MacOSX + + * Windows + * Linux + * MacOSX Since some plugins may require knowledge gained from other checks all plugins have a weight associated to it. The weight variable can have values from one to three: - + 1 - Requires no prior knowledge, can run immediately. - + 2 - Requires knowledge from plugins with weight 1. - + 3 - Requires knowledge from plugins with weight 2. + * 1 - Requires no prior knowledge, can run immediately. + * 2 - Requires knowledge from plugins with weight 1. + * 3 - Requires knowledge from plugins with weight 2. The default weight of 3 is assigned to plugins, so each plugin needs to overwrite that value if needed. @@ -157,6 +158,7 @@ def GuessOS(searcher): """Returns a string representing what we think the underlying OS is. The available return strings are: + * Linux * MacOSX * Windows diff --git a/utils/common.sh b/utils/common.sh index daa29674ee..658fc1db27 100755 --- a/utils/common.sh +++ b/utils/common.sh @@ -76,3 +76,24 @@ linter() return ${EXIT_SUCCESS}; } + +regenerate_docs() +{ + PLASO_PATH="./plaso/" + DOCS_DIR="./docs/" + echo "Attempting to update auto generated documentation." + # Check for sphinx-apidoc. + if hash sphinx-apidoc >/dev/null 2>&1 ; + then + + # Regenerate the docs. + echo "sphinx-apidoc -f -o ${DOCS_DIR} ${PLASO_PATH}" + sphinx-apidoc -f -o "${DOCS_DIR}" "${PLASO_PATH}" + # Add the files to the CL + git add "${DOCS_DIR}" + echo "Docs updated." + else + echo "WARNING: Documentation not updated, sphinx-apidoc is not installed."; + return ${EXIT_FAILURE}; + fi +} diff --git a/utils/submit.sh b/utils/submit.sh index 3c8d1a1e75..169b154c9d 100755 --- a/utils/submit.sh +++ b/utils/submit.sh @@ -66,6 +66,9 @@ fi # Source the common library. . utils/common.sh +# Update auto-generated documentation. +regenerate_docs + # Check if we're on the master branch. BRANCH=`git branch | grep -e "^[*]" | sed "s/^[*] //"`;