Index

A

allocated (vminspect.timeline.Dirent attribute) (vminspect.timeline.Event attribute) apikey (vminspect.vtscan.VTScanner attribute) (vminspect.VTScanner attribute)

Application (class in vminspect.vulnscan) applications() (vminspect.vulnscan.VulnScanner method) (vminspect.VulnScanner method) atime (vminspect.timeline.Dirent attribute) attributes (vminspect.timeline.JrnlEvent attribute)

C

changes (vminspect.timeline.JrnlEvent attribute) checksum (vminspect.FSTimeline attribute) (vminspect.timeline.FSTimeline attribute) checksum() (vminspect.FileSystem method) (vminspect.filesystem.FileSystem method) checksums() (vminspect.FileSystem method) (vminspect.filesystem.FileSystem method) chunks() (in module vminspect.vtscan) compare() (vminspect.comparator.DiskComparator method) (vminspect.DiskComparator method)

compare_filesystems() (in module vminspect.comparator) compare_hives() (in module vminspect.comparator) compare_registries() (in module vminspect.comparator) compare_registry() (vminspect.comparator.DiskComparator method) (vminspect.DiskComparator method) compare_values() (in module vminspect.comparator) concurrent_parse_registries() (in module vminspect.comparator) concurrent_visit_filesystem() (in module vminspect.comparator) CorruptedUsnRecord (class in vminspect.usnjrnl) crtime (vminspect.timeline.Dirent attribute) ctime (vminspect.timeline.Dirent attribute)

D

detections (vminspect.vtscan.VTReport attribute) Dirent (class in vminspect.timeline) DiskComparator (class in vminspect) (class in vminspect.comparator)

download() (vminspect.FileSystem method) (vminspect.filesystem.FileSystem method)

E

Event (class in vminspect.timeline) eventlog() (vminspect.WinEventLog method) exists() (vminspect.FileSystem method) (vminspect.filesystem.FileSystem method)

extract() (vminspect.comparator.DiskComparator method) (vminspect.DiskComparator method) extract_files() (in module vminspect.comparator)

F

file (vminspect.FSTimeline attribute) (vminspect.timeline.FSTimeline attribute) file() (vminspect.FileSystem method) (vminspect.filesystem.FileSystem method) file_attributes (vminspect.usnjrnl.UsnRecord attribute) file_comparison() (in module vminspect.comparator) file_name (vminspect.usnjrnl.UsnRecord attribute) file_reference_number (vminspect.usnjrnl.UsnRecord attribute) file_reference_number_sequence (vminspect.usnjrnl.UsnRecord attribute)

files_size() (in module vminspect.comparator) files_type() (in module vminspect.comparator) FileSystem (class in vminspect) (class in vminspect.filesystem) filetype_filter() (vminspect.vtscan.VTScanner method) (vminspect.VTScanner method) fsroot (vminspect.FileSystem attribute) (vminspect.filesystem.FileSystem attribute) FSTimeline (class in vminspect) (class in vminspect.timeline)

G

generate_timeline() (in module vminspect.timeline)

H

hash (vminspect.vtscan.VTReport attribute)

I

id (vminspect.vulnscan.Vulnerability attribute) index (vminspect.usnjrnl.CorruptedUsnRecord attribute)

inode (vminspect.timeline.Dirent attribute) (vminspect.timeline.Event attribute) (vminspect.timeline.JrnlEvent attribute)

J

journal_event() (in module vminspect.timeline)

JrnlEvent (class in vminspect.timeline)

K

keys() (vminspect.RegistryHive method) (vminspect.winreg.RegistryHive method)

L

length (vminspect.usnjrnl.UsnRecord attribute) lookup_dirent() (in module vminspect.timeline)

lookup_vulnerabilities() (in module vminspect.vulnscan) ls() (vminspect.FileSystem method) (vminspect.filesystem.FileSystem method)

M

makedirs() (in module vminspect.comparator) mount() (vminspect.FileSystem method) (vminspect.filesystem.FileSystem method)

mtime (vminspect.timeline.Dirent attribute)

N

name (vminspect.timeline.JrnlEvent attribute) (vminspect.vulnscan.Application attribute) (vminspect.vulnscan.VulnApp attribute)

nodes() (vminspect.FileSystem method) (vminspect.filesystem.FileSystem method) NTFSTimeline (class in vminspect) (class in vminspect.timeline)

O

osname (vminspect.FileSystem attribute) (vminspect.filesystem.FileSystem attribute)

P

parent_file_reference_number (vminspect.usnjrnl.UsnRecord attribute) parent_file_reference_number_sequence (vminspect.usnjrnl.UsnRecord attribute) parent_inode (vminspect.timeline.JrnlEvent attribute) parse_journal() (in module vminspect.timeline) parse_journal_file() (in module vminspect.usnjrnl) parse_record() (in module vminspect.usnjrnl) parse_registries() (in module vminspect.comparator) parse_response() (vminspect.vtscan.VTScanner method) (vminspect.VTScanner method)

parse_result() (vminspect.vtscan.VTScanner method) (vminspect.VTScanner method) path (vminspect.timeline.Dirent attribute) (vminspect.timeline.Event attribute) (vminspect.vtscan.VTReport attribute) (vminspect.winreg.WinRegKey attribute) path() (vminspect.FileSystem method) (vminspect.filesystem.FileSystem method) posix_path() (in module vminspect.filesystem)

Q

query_vulnerabilities() (vminspect.vulnscan.VulnScanner method) (vminspect.VulnScanner method)

R

read_next_block() (in module vminspect.usnjrnl) reason (vminspect.timeline.Event attribute) reasons (vminspect.usnjrnl.UsnRecord attribute) registries_path() (in module vminspect) (in module vminspect.winreg) registry_comparison() (in module vminspect.comparator)

registry_root() (in module vminspect) (in module vminspect.winreg) RegistryHive (class in vminspect) (class in vminspect.winreg) remove_nullchars() (in module vminspect.usnjrnl) rootkey (vminspect.RegistryHive attribute) (vminspect.winreg.RegistryHive attribute)

S

scan() (vminspect.vtscan.VTScanner method) (vminspect.VTScanner method) (vminspect.VulnScanner method) (vminspect.vulnscan.VulnScanner method) security_id (vminspect.usnjrnl.UsnRecord attribute)

size (vminspect.timeline.Dirent attribute) (vminspect.timeline.Event attribute) source_info (vminspect.usnjrnl.UsnRecord attribute) stat() (vminspect.FileSystem method) (vminspect.filesystem.FileSystem method) summary (vminspect.vulnscan.Vulnerability attribute)

T

timeline() (vminspect.FSTimeline method) (vminspect.timeline.FSTimeline method) timestamp (vminspect.timeline.Event attribute) (vminspect.timeline.JrnlEvent attribute) (vminspect.usnjrnl.UsnRecord attribute) (vminspect.winreg.WinRegKey attribute)

timestamp() (in module vminspect.timeline) type (vminspect.timeline.Dirent attribute)

U

umount() (vminspect.FileSystem method) (vminspect.filesystem.FileSystem method) unpack_flags() (in module vminspect.usnjrnl) update_sequence_number (vminspect.usnjrnl.UsnRecord attribute) user_registries() (in module vminspect.comparator) user_registries_path() (in module vminspect) (in module vminspect.winreg) usn_journal() (in module vminspect) (in module vminspect.usnjrnl)

usn_v2_record() (in module vminspect.usnjrnl) usn_v3_record() (in module vminspect.usnjrnl) usn_v4_record() (in module vminspect.usnjrnl) usnjrnl_timeline() (vminspect.NTFSTimeline method) (vminspect.timeline.NTFSTimeline method) UsnJrnlEvent (in module vminspect.timeline) UsnRecord (class in vminspect.usnjrnl)

V

values (vminspect.winreg.WinRegKey attribute) version (vminspect.usnjrnl.UsnRecord attribute) (vminspect.vulnscan.Application attribute) (vminspect.vulnscan.VulnApp attribute) visit_filesystem() (in module vminspect.comparator) vminspect (module) vminspect.comparator (module) vminspect.filesystem (module) vminspect.timeline (module) vminspect.usnjrnl (module) vminspect.vtscan (module)

vminspect.vulnscan (module) vminspect.winreg (module) vtquery() (in module vminspect.vtscan) VTReport (class in vminspect.vtscan) VTScanner (class in vminspect) (class in vminspect.vtscan) VulnApp (class in vminspect.vulnscan) vulnerabilities (vminspect.vulnscan.VulnApp attribute) Vulnerability (class in vminspect.vulnscan) VulnScanner (class in vminspect) (class in vminspect.vulnscan)

W

WinEventLog (class in vminspect)

WinRegKey (class in vminspect.winreg)