本文整理匯總了Python中pytsk3.FS_Info方法的典型用法代碼示例。如果您正苦於以下問題:Python pytsk3.FS_Info方法的具體用法?Python pytsk3.FS_Info怎麽用?Python pytsk3.FS_Info使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類pytsk3的用法示例。
在下文中一共展示了pytsk3.FS_Info方法的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: _open_directory
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import FS_Info [as 別名]
def _open_directory(self):
device = self.device
self._mntpoint = "/"
if not device:
mount_tree = self._session.GetParameter("mount_points")
device, self._mntpoint, _ = files.lookup_mount_point(
mount_tree, self.path)
self._img_info = pytsk3.Img_Info(device)
self._fs_info = pytsk3.FS_Info(self._img_info, offset=self.offset)
if self.inode:
return self._fs_info.open_dir(inode=self.inode)
else:
return self._fs_info.open_dir(
path=os.path.relpath(self.path, self._mntpoint)) 示例2: __init__
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import FS_Info [as 別名]
def __init__(self, address_space, session=None):
self.session = session
self.block_size = 512
# The address space of the entire disk.
self.address_space = address_space
self._img_info = AS_Img_Info(address_space)
try:
# open as disk image
tsk_vs = pytsk3.Volume_Info(self._img_info)
self.volume_system = VolumeSystem(
self, tsk_vs, session=self.session)
self.block_size = tsk_vs.info.block_size
self.partitions = self.volume_system.partitions
except IOError:
# open as partition image
self.volume_system = obj.NoneObject("No Volume")
self.partitions = []
try:
fake_partition = Partition(
self, filesystem=FS(pytsk3.FS_Info(self._img_info)),
session=self.session)
self.partitions.append(fake_partition)
except IOError:
pass 示例3: open_FS
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import FS_Info [as 別名]
def open_FS(self):
# Open FS and Recurse
if self.vol is not None:
for partition in self.vol:
if partition.len > 2048 and "Unallocated" not in partition.desc and "Extended" not in partition.desc and "Primary Table" not in partition.desc:
try:
self.fs.append(pytsk3.FS_Info(
self.image_handle,
offset=partition.start * self.vol.info.block_size))
except IOError:
_, e, _ = sys.exc_info()
sys.stderr.write("[-] Unable to open FS:\n {}\n".format(e))
else:
try:
self.fs.append(pytsk3.FS_Info(self.image_handle))
except IOError:
_, e, _ = sys.exc_info()
sys.stderr.write("[-] Unable to open FS:\n {}\n".format(e)) 示例4: GetRootInode
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import FS_Info [as 別名]
def GetRootInode(self):
"""Retrieves the root inode.
Returns:
int: inode number or None if not available.
"""
# Note that because pytsk3.FS_Info does not explicitly define info
# we need to check if the attribute exists and has a value other
# than None
if getattr(self._tsk_file_system, 'info', None) is None:
return None
# Note that because pytsk3.TSK_FS_INFO does not explicitly define
# root_inum we need to check if the attribute exists and has a value
# other than None
return getattr(self._tsk_file_system.info, 'root_inum', None) 示例5: IsMacOsPartition
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import FS_Info [as 別名]
def IsMacOsPartition(img, partition_start_offset, mac_info):
'''Determines if the partition contains OSX installation'''
try:
fs = pytsk3.FS_Info(img, offset=partition_start_offset)
fs_info = fs.info # TSK_FS_INFO
if (fs_info.ftype != pytsk3.TSK_FS_TYPE_HFS_DETECT):
log.info (" Skipping non-HFS partition")
return False
# Found HFS partition, now look for macOS files & folders
try:
folders = fs.open_dir("/")
mac_info.macos_FS = fs
mac_info.macos_partition_start_offset = partition_start_offset
mac_info.hfs_native.Initialize(mac_info.pytsk_image, mac_info.macos_partition_start_offset)
return FindMacOsFiles(mac_info)
except Exception:
log.error ("Could not open / (root folder on partition)")
log.debug ("Exception info", exc_info=True)
except Exception as ex:
log.exception("Exception")
return False 示例6: main
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import FS_Info [as 別名]
def main(image, img_type, offset):
print("[+] Opening {}".format(image))
if img_type == "ewf":
try:
filenames = pyewf.glob(image)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Invalid EWF format:\n {}".format(e))
sys.exit(2)
ewf_handle = pyewf.handle()
ewf_handle.open(filenames)
# Open PYTSK3 handle on EWF Image
img_info = EWFImgInfo(ewf_handle)
else:
img_info = pytsk3.Img_Info(image)
# Get Filesystem Handle
try:
fs = pytsk3.FS_Info(img_info, offset)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Unable to open FS:\n {}".format(e))
exit()
root_dir = fs.open_dir(path="/")
table = [["Name", "Type", "Size", "Create Date", "Modify Date"]]
for f in root_dir:
name = f.info.name.name
if f.info.meta.type == pytsk3.TSK_FS_META_TYPE_DIR:
f_type = "DIR"
else:
f_type = "FILE"
size = f.info.meta.size
create = f.info.meta.crtime
modify = f.info.meta.mtime
table.append([name, f_type, size, create, modify])
print(tabulate(table, headers="firstrow")) 示例7: open_fs
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import FS_Info [as 別名]
def open_fs(vol, img, output):
print("[+] Recursing through files..")
recursed_data = []
# Open FS and Recurse
if vol is not None:
for part in vol:
if part.len > 2048 and "Unallocated" not in part.desc and \
"Extended" not in part.desc and \
"Primary Table" not in part.desc:
try:
fs = pytsk3.FS_Info(
img, offset=part.start * vol.info.block_size)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Unable to open FS:\n {}".format(e))
root = fs.open_dir(path="/")
data = recurse_files(part.addr, fs, root, [], [], [""])
recursed_data.append(data)
else:
try:
fs = pytsk3.FS_Info(img)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Unable to open FS:\n {}".format(e))
root = fs.open_dir(path="/")
data = recurse_files(1, fs, root, [], [], [""])
recursed_data.append(data)
write_csv(recursed_data, output) 示例8: open_fs
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import FS_Info [as 別名]
def open_fs(vol, img, ext, output):
# Open FS and Recurse
print("[+] Recursing through files and writing file extension matches "
"to output directory")
if vol is not None:
for part in vol:
if part.len > 2048 and "Unallocated" not in part.desc \
and "Extended" not in part.desc \
and "Primary Table" not in part.desc:
try:
fs = pytsk3.FS_Info(
img, offset=part.start * vol.info.block_size)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Unable to open FS:\n {}".format(e))
root = fs.open_dir(path="/")
recurse_files(part.addr, fs, root, [], [""], ext, output)
else:
try:
fs = pytsk3.FS_Info(img)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Unable to open FS:\n {}".format(e))
root = fs.open_dir(path="/")
recurse_files(1, fs, root, [], [""], ext, output) 示例9: open_fs
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import FS_Info [as 別名]
def open_fs(vol, img, hashes, hash_type, pbar_total=0):
# Open FS and Recurse
print("[+] Recursing through and hashing files")
pbar = tqdm(desc="Hashing", unit=" files",
unit_scale=True, total=pbar_total)
if vol is not None:
for part in vol:
if part.len > 2048 and "Unallocated" not in part.desc and \
"Extended" not in part.desc and \
"Primary Table" not in part.desc:
try:
fs = pytsk3.FS_Info(
img, offset=part.start * vol.info.block_size)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Unable to open FS:\n {}".format(e))
root = fs.open_dir(path="/")
recurse_files(part.addr, fs, root, [], [""], hashes,
hash_type, pbar)
else:
try:
fs = pytsk3.FS_Info(img)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Unable to open FS:\n {}".format(e))
root = fs.open_dir(path="/")
recurse_files(1, fs, root, [], [""], hashes, hash_type, pbar)
pbar.close() 示例10: openVSSFS
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import FS_Info [as 別名]
def openVSSFS(img, count):
# Open FS and Recurse
try:
fs = pytsk3.FS_Info(img)
except IOError:
_, e, _ = sys.exc_info()
sys.stderr.write("[-] Unable to open FS: {}".format(e))
root = fs.open_dir(path="/")
data = recurseFiles(count, fs, root, [], [], [""])
return data 示例11: extract_a_file
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import FS_Info [as 別名]
def extract_a_file(self, img_path, name, inode):
## Now open and read the file specified
## Step 1: get an IMG_INFO object (url can be any URL that AFF4 can handle)
img = pytsk3.Img_Info(img_path)
## Step 2: Open the filesystem
fs = pytsk3.FS_Info(img, offset=self._offset)
## Step 3: Open the file using the inode
f = fs.open_meta(inode = inode)
## Step 4: Read all the data and print to stdout
offset = 0
size = f.info.meta.size
if type(name) is None:
file_name= str(inode)
else:
file_name= name
entry_info=[]
#print(file_name)
for i in f:
if (i.info.type == pytsk3.TSK_FS_ATTR_TYPE_NTFS_DATA):
#print(i.info.name)
#print(i.info.size)
if i.info.name is None:
entry_info.append([file_name, i.info.size])
for entry in entry_info:
file_2 = open(self._output_path + entry[0],"wb")
while offset < entry[1]:
available_to_read = min(BUFF_SIZE, entry[1] - offset)
data = f.read_random(offset, available_to_read,1)
if not data: break
offset += len(data)
file_2.write(data)
file_2.close() 示例12: Main
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import FS_Info [as 別名]
def Main():
args_parser = argparse.ArgumentParser(description=("Lists a file system in a storage media image or device."))
args_parser.add_argument("images", nargs="+", metavar="IMAGE", action="store", type=str, default=None, help=("Storage media images or devices."))
options = args_parser.parse_args()
img = pytsk3.Img_Info(options.images)
## Step 2: Open the filesystem
fs = pytsk3.FS_Info(img)
## Step 3: Open the file using the inode
f = fs.open_meta(inode = 0)
## Step 4: Read all the data and print to stdout
offset = 0
size = f.info.meta.size
file_name= "$MFT"
output_path="./"
file_2 = open(output_path + file_name,"w")
while offset < size:
available_to_read = min(BUFF_SIZE, size - offset)
data = f.read_random(offset, available_to_read,1)
if not data: break
offset += len(data)
file_2.write(data)
file_2.close() 示例13: open_file_system
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import FS_Info [as 別名]
def open_file_system(self, offset):
self._fs_info = pytsk3.FS_Info(self._img_info, offset=offset) 示例14: open_file_system
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import FS_Info [as 別名]
def open_file_system(self, offset):
try:
self._fs_info = pytsk3.FS_Info(self._img_info, offset=offset)
except Exception as ex:
print('%s error is occurred'% ex)
return -1 示例15: _Open
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import FS_Info [as 別名]
def _Open(self, path_spec, mode='rb'):
"""Opens the file system object defined by path specification.
Args:
path_spec (PathSpec): path specification.
mode (Optional[str]): file access mode.
Raises:
AccessError: if the access to open the file was denied.
IOError: if the file system object could not be opened.
PathSpecError: if the path specification is incorrect.
ValueError: if the path specification is invalid.
"""
if not path_spec.HasParent():
raise errors.PathSpecError(
'Unsupported path specification without parent.')
file_object = resolver.Resolver.OpenFileObject(
path_spec.parent, resolver_context=self._resolver_context)
try:
tsk_image_object = tsk_image.TSKFileSystemImage(file_object)
tsk_file_system = pytsk3.FS_Info(tsk_image_object)
except:
file_object.close()
raise
self._file_object = file_object
self._tsk_file_system = tsk_file_system