Python volatility.plugins.filescan.DriverScan() Examples

The following are 10 code examples of volatility.plugins.filescan.DriverScan(). You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may also want to check out all available functions/classes of the module volatility.plugins.filescan , or try the search function .
Example #1
Source File: tcaudit.py    From aumfor with GNU General Public License v3.0 5 votes vote down vote up 
def calculate(self):
        addr_space = utils.load_as(self._config)
        self.apply_types(addr_space, self._config.VERSION)
        scanner = filescan.DriverScan(self._config)
        for driver in scanner.calculate():    
            drivername = str(driver.DriverName or '')
            if drivername.endswith("truecrypt"):
                for device in driver.devices():
                    code = device.DeviceType.v()
                    type = devicetree.DEVICE_CODES.get(code)
                    if type == 'FILE_DEVICE_DISK':
                        yield device
Example #2
Source File: devicetree.py    From aumfor with GNU General Public License v3.0 5 votes vote down vote up 
def __init__(self, config, *args, **kwargs):
        filescan.DriverScan.__init__(self, config, *args, **kwargs)
        config.add_option("REGEX", short_option = 'r', type = 'str',
                          action = 'store',
                          help = 'Analyze drivers matching REGEX')
Example #3
Source File: tcaudit.py    From volatility with GNU General Public License v2.0 5 votes vote down vote up 
def calculate(self):
        addr_space = utils.load_as(self._config)
        self.apply_types(addr_space, self._config.VERSION)
        scanner = filescan.DriverScan(self._config)
        for driver in scanner.calculate():    
            drivername = str(driver.DriverName or '')
            if drivername.endswith("truecrypt"):
                for device in driver.devices():
                    code = device.DeviceType.v()
                    type = devicetree.DEVICE_CODES.get(code)
                    if type == 'FILE_DEVICE_DISK':
                        yield device
Example #4
Source File: devicetree.py    From volatility with GNU General Public License v2.0 5 votes vote down vote up 
def __init__(self, config, *args, **kwargs):
        filescan.DriverScan.__init__(self, config, *args, **kwargs)
        config.add_option("REGEX", short_option = 'r', type = 'str',
                          action = 'store',
                          help = 'Analyze drivers matching REGEX')
Example #5
Source File: tcaudit.py    From vortessence with GNU General Public License v2.0 5 votes vote down vote up 
def calculate(self):
        addr_space = utils.load_as(self._config)
        self.apply_types(addr_space, self._config.VERSION)
        scanner = filescan.DriverScan(self._config)
        for driver in scanner.calculate():    
            drivername = str(driver.DriverName or '')
            if drivername.endswith("truecrypt"):
                for device in driver.devices():
                    code = device.DeviceType.v()
                    type = devicetree.DEVICE_CODES.get(code)
                    if type == 'FILE_DEVICE_DISK':
                        yield device
Example #6
Source File: devicetree.py    From vortessence with GNU General Public License v2.0 5 votes vote down vote up 
def __init__(self, config, *args, **kwargs):
        filescan.DriverScan.__init__(self, config, *args, **kwargs)
        config.add_option("REGEX", short_option = 'r', type = 'str',
                          action = 'store',
                          help = 'Analyze drivers matching REGEX')
Example #7
Source File: tcaudit.py    From DAMM with GNU General Public License v2.0 5 votes vote down vote up 
def calculate(self):
        addr_space = utils.load_as(self._config)
        self.apply_types(addr_space, self._config.VERSION)
        scanner = filescan.DriverScan(self._config)
        for driver in scanner.calculate():    
            drivername = str(driver.DriverName or '')
            if drivername.endswith("truecrypt"):
                for device in driver.devices():
                    code = device.DeviceType.v()
                    type = devicetree.DEVICE_CODES.get(code)
                    if type == 'FILE_DEVICE_DISK':
                        yield device
Example #8
Source File: devicetree.py    From DAMM with GNU General Public License v2.0 5 votes vote down vote up 
def __init__(self, config, *args, **kwargs):
        filescan.DriverScan.__init__(self, config, *args, **kwargs)
        config.add_option("REGEX", short_option = 'r', type = 'str',
                          action = 'store',
                          help = 'Analyze drivers matching REGEX')
Example #9
Source File: tcaudit.py    From volatility with GNU General Public License v2.0 5 votes vote down vote up 
def calculate(self):
        addr_space = utils.load_as(self._config)
        self.apply_types(addr_space, self._config.VERSION)
        scanner = filescan.DriverScan(self._config)
        for driver in scanner.calculate():    
            drivername = str(driver.DriverName or '')
            if drivername.endswith("truecrypt"):
                for device in driver.devices():
                    code = device.DeviceType.v()
                    type = devicetree.DEVICE_CODES.get(code)
                    if type == 'FILE_DEVICE_DISK':
                        yield device
Example #10
Source File: devicetree.py    From volatility with GNU General Public License v2.0 5 votes vote down vote up 
def __init__(self, config, *args, **kwargs):
        filescan.DriverScan.__init__(self, config, *args, **kwargs)
        config.add_option("REGEX", short_option = 'r', type = 'str',
                          action = 'store',
                          help = 'Analyze drivers matching REGEX')