File tree Expand file tree Collapse file tree 2 files changed +4
-0
lines changed
plaso/parsers/winreg_plugins
tests/parsers/winreg_plugins Expand file tree Collapse file tree 2 files changed +4
-0
lines changed Original file line number Diff line number Diff line change @@ -28,6 +28,7 @@ class AMCacheFileEventData(events.EventData):
2828 (31457280 bytes) of file, preceded by "0000").
2929 file_modification_time (dfdatetime.DateTimeValues): file entry last
3030 modification date and time.
31+ file_name (str): name of the file.
3132 file_reference (str): file system file reference, for example 9-1 (MFT
3233 entry - sequence number).
3334 file_size (int): size of file in bytes.
@@ -58,6 +59,7 @@ def __init__(self):
5859 self .file_identifier = None
5960 self .file_modification_time = None
6061 self .file_reference = None
62+ self .file_name = None
6163 self .file_size = None
6264 self .file_version = None
6365 self .full_path = None
@@ -123,6 +125,7 @@ class AMCachePlugin(interface.WindowsRegistryPlugin):
123125 _APPLICATION_SUB_KEY_VALUES = {
124126 'FileId' : 'file_identifier' ,
125127 'LowerCaseLongPath' : 'full_path' ,
128+ 'Name' : 'file_name' ,
126129 'ProductName' : 'product_name' ,
127130 'ProductVersion' : 'file_version' ,
128131 'ProgramId' : 'program_identifier' ,
Original file line number Diff line number Diff line change @@ -120,6 +120,7 @@ def testProcessWindows10(self):
120120 'file_creation_time' : None ,
121121 'file_identifier' : '000075c5a97f521f760e32a4a9639a653eed862e9c61' ,
122122 'file_modification_time' : None ,
123+ 'file_name' : 'svchost.exe' ,
123124 'full_path' : 'c:\\ windows\\ system32\\ svchost.exe' ,
124125 'installation_time' : None ,
125126 'last_written_time' : None ,
You can’t perform that action at this time.
0 commit comments