37 lines
1.3 KiB
Python
37 lines
1.3 KiB
Python
"""Registry Agent — analyzes Windows registry hives."""
|
|
|
|
from __future__ import annotations
|
|
|
|
from base_agent import BaseAgent
|
|
from evidence_graph import EvidenceGraph
|
|
from llm_client import LLMClient
|
|
from tool_registry import TOOL_CATALOG
|
|
|
|
|
|
class RegistryAgent(BaseAgent):
|
|
name = "registry"
|
|
role = (
|
|
"Windows registry forensic analyst. You parse registry hive files "
|
|
"(SYSTEM, SOFTWARE, SAM, NTUSER.DAT) to extract system configuration, "
|
|
"user accounts, installed software, network settings, email accounts, "
|
|
"and other Windows artifacts."
|
|
)
|
|
|
|
def __init__(self, llm: LLMClient, graph: EvidenceGraph) -> None:
|
|
super().__init__(llm, graph)
|
|
self._register_tools()
|
|
|
|
def _register_tools(self) -> None:
|
|
tool_names = [
|
|
"extract_file", "list_directory",
|
|
"parse_registry_key", "list_installed_software",
|
|
"get_user_activity", "search_registry",
|
|
"get_system_info", "get_timezone_info", "get_computer_name",
|
|
"get_shutdown_time", "enumerate_users",
|
|
"get_network_interfaces", "get_email_config",
|
|
]
|
|
for name in tool_names:
|
|
td = TOOL_CATALOG.get(name)
|
|
if td:
|
|
self.register_tool(td.name, td.description, td.input_schema, td.executor)
|