Beispiel #1
0
 def parse_memory_dump_rekall(filename, override_timestamp=None):
     from pypykatz.commons.readers.rekall.rekallreader import RekallReader
     reader = RekallReader.from_memory_file(filename, override_timestamp)
     sysinfo = KatzSystemInfo.from_rekallreader(reader)
     mimi = pypykatz(reader, sysinfo)
     mimi.start()
     return mimi
Beispiel #2
0
	def go_rekall(session, override_timestamp = None, buildnumber = None, packages = ['all']):
		from pypykatz.commons.readers.rekall.rekallreader import RekallReader
		reader = RekallReader.from_session(session, override_timestamp, buildnumber)
		sysinfo = KatzSystemInfo.from_rekallreader(reader)
		mimi = pypykatz(reader, sysinfo)
		mimi.start(packages)
		return mimi