本文整理汇总了Python中pytsk3.Img_Info方法的典型用法代码示例。如果您正苦于以下问题:Python pytsk3.Img_Info方法的具体用法?Python pytsk3.Img_Info怎么用?Python pytsk3.Img_Info使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类pytsk3的用法示例。
在下文中一共展示了pytsk3.Img_Info方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _open_directory
# 需要导入模块: import pytsk3 [as 别名]
# 或者: from pytsk3 import Img_Info [as 别名]
def _open_directory(self):
device = self.device
self._mntpoint = "/"
if not device:
mount_tree = self._session.GetParameter("mount_points")
device, self._mntpoint, _ = files.lookup_mount_point(
mount_tree, self.path)
self._img_info = pytsk3.Img_Info(device)
self._fs_info = pytsk3.FS_Info(self._img_info, offset=self.offset)
if self.inode:
return self._fs_info.open_dir(inode=self.inode)
else:
return self._fs_info.open_dir(
path=os.path.relpath(self.path, self._mntpoint)) 示例2: open_vol
# 需要导入模块: import pytsk3 [as 别名]
# 或者: from pytsk3 import Img_Info [as 别名]
def open_vol(self):
sys.stderr.write("[+] Opening {}\n".format(self.evidence))
# Handle EWF/Raw Images
if self.image_type == "ewf":
try:
filenames = pyewf.glob(self.evidence)
except IOError:
_, e, _ = sys.exc_info()
sys.stderr.write("[-] Invalid EWF format:\n {}\n".format(e))
raise IOError
ewf_handle = pyewf.handle()
ewf_handle.open(filenames)
# Open PYTSK3 handle on EWF Image
self.image_handle = EWFImgInfo(ewf_handle)
else:
self.image_handle = pytsk3.Img_Info(self.evidence)
# Open volume from image
try:
self.vol = pytsk3.Volume_Info(self.image_handle)
except IOError:
_, e, _ = sys.exc_info()
sys.stderr.write("[-] Unable to read partition table. Possible logical image:\n {}\n".format(e)) 示例3: GetImageSize
# 需要导入模块: import pytsk3 [as 别名]
# 或者: from pytsk3 import Img_Info [as 别名]
def GetImageSize(file_path, offset):
"""Read the partition information to gather volume size."""
if not offset:
return 0, 0
img = pytsk3.Img_Info(file_path)
try:
volume = pytsk3.Volume_Info(img)
except IOError:
return 0, 0
size = 0
for vol in volume:
if vol.start == offset:
size = vol.len
break
size *= volume.info.block_size
return volume.info.block_size, size 示例4: __init__
# 需要导入模块: import pytsk3 [as 别名]
# 或者: from pytsk3 import Img_Info [as 别名]
def __init__(self, *files):
self.fds = []
self.offsets = [0]
offset = 0
for fd in files:
# Support either a filename or file like objects
if not hasattr(fd, "read"):
fd = open(fd, "rb")
fd.seek(0,2)
offset += fd.tell()
self.offsets.append(offset)
self.fds.append(fd)
self.size = offset
# Make sure to call the original base constructor.
pytsk3.Img_Info.__init__(self, "") 示例5: SelectImage
# 需要导入模块: import pytsk3 [as 别名]
# 或者: from pytsk3 import Img_Info [as 别名]
def SelectImage(img_type, files):
if img_type == "raw":
return pytsk3.Img_Info(files)
elif img_type == "ewf":
filename = pyewf.glob(*files)
ewf_handle = pyewf.handle()
ewf_handle.open(filename)
return ewf_img_info(ewf_handle)
elif img_type == "vmdk":
vmdk_handle = pyvmdk.handle()
vmdk_handle.open(files)
return vmdk_img_info(vmdk_handle)
elif img_type == "vhdi":
vhdi_handle = pyvhdi.file()
vhdi_handle.open(files)
return vhdi_img_info(vhdi_handle)
elif img_type == "qcow":
return QcowImgInfo(files[0]) 示例6: __init__
# 需要导入模块: import pytsk3 [as 别名]
# 或者: from pytsk3 import Img_Info [as 别名]
def __init__(self, address_space):
self._as = address_space
pytsk3.Img_Info.__init__(self, "") 示例7: main
# 需要导入模块: import pytsk3 [as 别名]
# 或者: from pytsk3 import Img_Info [as 别名]
def main(image, img_type, offset):
print("[+] Opening {}".format(image))
if img_type == "ewf":
try:
filenames = pyewf.glob(image)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Invalid EWF format:\n {}".format(e))
sys.exit(2)
ewf_handle = pyewf.handle()
ewf_handle.open(filenames)
# Open PYTSK3 handle on EWF Image
img_info = EWFImgInfo(ewf_handle)
else:
img_info = pytsk3.Img_Info(image)
# Get Filesystem Handle
try:
fs = pytsk3.FS_Info(img_info, offset)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Unable to open FS:\n {}".format(e))
exit()
root_dir = fs.open_dir(path="/")
table = [["Name", "Type", "Size", "Create Date", "Modify Date"]]
for f in root_dir:
name = f.info.name.name
if f.info.meta.type == pytsk3.TSK_FS_META_TYPE_DIR:
f_type = "DIR"
else:
f_type = "FILE"
size = f.info.meta.size
create = f.info.meta.crtime
modify = f.info.meta.mtime
table.append([name, f_type, size, create, modify])
print(tabulate(table, headers="firstrow")) 示例8: main
# 需要导入模块: import pytsk3 [as 别名]
# 或者: from pytsk3 import Img_Info [as 别名]
def main(image, img_type, part_type):
print("[+] Opening {}".format(image))
if img_type == "ewf":
try:
filenames = pyewf.glob(image)
except IOError:
print("[-] Invalid EWF format:\n {}".format(e))
sys.exit(2)
ewf_handle = pyewf.handle()
ewf_handle.open(filenames)
e01_metadata(ewf_handle)
# Open PYTSK3 handle on EWF Image
img_info = EWFImgInfo(ewf_handle)
else:
img_info = pytsk3.Img_Info(image)
try:
if part_type is not None:
attr_id = getattr(pytsk3, "TSK_VS_TYPE_" + part_type)
volume = pytsk3.Volume_Info(img_info, attr_id)
else:
volume = pytsk3.Volume_Info(img_info)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Unable to read partition table:\n {}".format(e))
sys.exit(3)
part_metadata(volume) 示例9: main
# 需要导入模块: import pytsk3 [as 别名]
# 或者: from pytsk3 import Img_Info [as 别名]
def main(image, img_type, output, part_type):
volume = None
print("[+] Opening {}".format(image))
if img_type == "ewf":
try:
filenames = pyewf.glob(image)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Invalid EWF format:\n {}".format(e))
sys.exit(2)
ewf_handle = pyewf.handle()
ewf_handle.open(filenames)
# Open PYTSK3 handle on EWF Image
img_info = EWFImgInfo(ewf_handle)
else:
img_info = pytsk3.Img_Info(image)
try:
if part_type is not None:
attr_id = getattr(pytsk3, "TSK_VS_TYPE_" + part_type)
volume = pytsk3.Volume_Info(img_info, attr_id)
else:
volume = pytsk3.Volume_Info(img_info)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Unable to read partition table:\n {}".format(e))
open_fs(volume, img_info, output) 示例10: main
# 需要导入模块: import pytsk3 [as 别名]
# 或者: from pytsk3 import Img_Info [as 别名]
def main(image, img_type, ext, output, part_type):
volume = None
print("[+] Opening {}".format(image))
if img_type == "ewf":
try:
filenames = pyewf.glob(image)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Invalid EWF format:\n {}".format(e))
sys.exit(2)
ewf_handle = pyewf.handle()
ewf_handle.open(filenames)
# Open PYTSK3 handle on EWF Image
img_info = EWFImgInfo(ewf_handle)
else:
img_info = pytsk3.Img_Info(image)
try:
if part_type is not None:
attr_id = getattr(pytsk3, "TSK_VS_TYPE_" + part_type)
volume = pytsk3.Volume_Info(img_info, attr_id)
else:
volume = pytsk3.Volume_Info(img_info)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Unable to read partition table:\n {}".format(e))
open_fs(volume, img_info, ext, output) 示例11: main
# 需要导入模块: import pytsk3 [as 别名]
# 或者: from pytsk3 import Img_Info [as 别名]
def main(image, img_type, hashes, part_type, pbar_total=0):
hash_list, hash_type = read_hashes(hashes)
volume = None
print("[+] Opening {}".format(image))
if img_type == "ewf":
try:
filenames = pyewf.glob(image)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Invalid EWF format:\n {}".format(e))
sys.exit(2)
ewf_handle = pyewf.handle()
ewf_handle.open(filenames)
# Open PYTSK3 handle on EWF Image
img_info = EWFImgInfo(ewf_handle)
else:
img_info = pytsk3.Img_Info(image)
try:
if part_type is not None:
attr_id = getattr(pytsk3, "TSK_VS_TYPE_" + part_type)
volume = pytsk3.Volume_Info(img_info, attr_id)
else:
volume = pytsk3.Volume_Info(img_info)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Unable to read partition table:\n {}".format(e))
open_fs(volume, img_info, hash_list, hash_type, pbar_total) 示例12: extract_a_file
# 需要导入模块: import pytsk3 [as 别名]
# 或者: from pytsk3 import Img_Info [as 别名]
def extract_a_file(self, img_path, name, inode):
## Now open and read the file specified
## Step 1: get an IMG_INFO object (url can be any URL that AFF4 can handle)
img = pytsk3.Img_Info(img_path)
## Step 2: Open the filesystem
fs = pytsk3.FS_Info(img, offset=self._offset)
## Step 3: Open the file using the inode
f = fs.open_meta(inode = inode)
## Step 4: Read all the data and print to stdout
offset = 0
size = f.info.meta.size
if type(name) is None:
file_name= str(inode)
else:
file_name= name
entry_info=[]
#print(file_name)
for i in f:
if (i.info.type == pytsk3.TSK_FS_ATTR_TYPE_NTFS_DATA):
#print(i.info.name)
#print(i.info.size)
if i.info.name is None:
entry_info.append([file_name, i.info.size])
for entry in entry_info:
file_2 = open(self._output_path + entry[0],"wb")
while offset < entry[1]:
available_to_read = min(BUFF_SIZE, entry[1] - offset)
data = f.read_random(offset, available_to_read,1)
if not data: break
offset += len(data)
file_2.write(data)
file_2.close() 示例13: Main
# 需要导入模块: import pytsk3 [as 别名]
# 或者: from pytsk3 import Img_Info [as 别名]
def Main():
args_parser = argparse.ArgumentParser(description=("Lists a file system in a storage media image or device."))
args_parser.add_argument("images", nargs="+", metavar="IMAGE", action="store", type=str, default=None, help=("Storage media images or devices."))
options = args_parser.parse_args()
img = pytsk3.Img_Info(options.images)
## Step 2: Open the filesystem
fs = pytsk3.FS_Info(img)
## Step 3: Open the file using the inode
f = fs.open_meta(inode = 0)
## Step 4: Read all the data and print to stdout
offset = 0
size = f.info.meta.size
file_name= "$MFT"
output_path="./"
file_2 = open(output_path + file_name,"w")
while offset < size:
available_to_read = min(BUFF_SIZE, size - offset)
data = f.read_random(offset, available_to_read,1)
if not data: break
offset += len(data)
file_2.write(data)
file_2.close() 示例14: __init__
# 需要导入模块: import pytsk3 [as 别名]
# 或者: from pytsk3 import Img_Info [as 别名]
def __init__(self, file_object):
"""Initializes an image object.
Args:
file_object (FileIO): file-like object.
Raises:
ValueError: if the file-like object is invalid.
"""
if not file_object:
raise ValueError('Missing file-like object.')
# pytsk3.Img_Info does not let you set attributes after initialization.
self._file_object = file_object
# Using the old parent class invocation style otherwise some versions
# of pylint complain also setting type to RAW or EXTERNAL to make sure
# Img_Info does not do detection.
tsk_img_type = getattr(
pytsk3, 'TSK_IMG_TYPE_EXTERNAL', pytsk3.TSK_IMG_TYPE_RAW)
# Note that we want url to be a binary string in Python 2 and a Unicode
# string in Python 3. Hence the string is not prefixed.
pytsk3.Img_Info.__init__(self, url='', type=tsk_img_type)
# Note: that the following functions do not follow the style guide
# because they are part of the pytsk3.Img_Info object interface.
# pylint: disable=invalid-name 示例15: PrintAttributes
# 需要导入模块: import pytsk3 [as 别名]
# 或者: from pytsk3 import Img_Info [as 别名]
def PrintAttributes(obj, useTypeName=False):
for attr in dir(obj):
if str(attr).endswith("__"): continue
if hasattr( obj, attr ):
if useTypeName:
log.info( "%s.%s = %s" % (type(obj).__name__, attr, getattr(obj, attr)))
else:
log.info( "%s = %s" % (attr, getattr(obj, attr)))
# Call this function instead of pytsk3.Img_Info() for E01 files