本文整理匯總了Python中pytsk3.Volume_Info方法的典型用法代碼示例。如果您正苦於以下問題:Python pytsk3.Volume_Info方法的具體用法?Python pytsk3.Volume_Info怎麽用?Python pytsk3.Volume_Info使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類pytsk3的用法示例。
在下文中一共展示了pytsk3.Volume_Info方法的14個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: __init__
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import Volume_Info [as 別名]
def __init__(self, address_space, session=None):
self.session = session
self.block_size = 512
# The address space of the entire disk.
self.address_space = address_space
self._img_info = AS_Img_Info(address_space)
try:
# open as disk image
tsk_vs = pytsk3.Volume_Info(self._img_info)
self.volume_system = VolumeSystem(
self, tsk_vs, session=self.session)
self.block_size = tsk_vs.info.block_size
self.partitions = self.volume_system.partitions
except IOError:
# open as partition image
self.volume_system = obj.NoneObject("No Volume")
self.partitions = []
try:
fake_partition = Partition(
self, filesystem=FS(pytsk3.FS_Info(self._img_info)),
session=self.session)
self.partitions.append(fake_partition)
except IOError:
pass 示例2: GetImageSize
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import Volume_Info [as 別名]
def GetImageSize(file_path, offset):
"""Read the partition information to gather volume size."""
if not offset:
return 0, 0
img = pytsk3.Img_Info(file_path)
try:
volume = pytsk3.Volume_Info(img)
except IOError:
return 0, 0
size = 0
for vol in volume:
if vol.start == offset:
size = vol.len
break
size *= volume.info.block_size
return volume.info.block_size, size 示例3: AnalyzeFileObject
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import Volume_Info [as 別名]
def AnalyzeFileObject(self, file_object):
"""Retrieves the format specification.
Args:
file_object (FileIO): file-like object.
Returns:
str: type indicator if the file-like object contains a supported format
or None otherwise.
"""
tsk_image_object = tsk_image.TSKFileSystemImage(file_object)
try:
pytsk3.Volume_Info(tsk_image_object)
except IOError:
return None
return self.type_indicator 示例4: TSKVolumeGetBytesPerSector
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import Volume_Info [as 別名]
def TSKVolumeGetBytesPerSector(tsk_volume):
"""Retrieves the number of bytes per sector from a TSK volume object.
Args:
tsk_volume (pytsk3.Volume_Info): TSK volume information.
Returns:
int: number of bytes per sector or 512 by default.
"""
# Note that because pytsk3.Volume_Info does not explicitly defines info
# we need to check if the attribute exists and has a value other
# than None. Default to 512 otherwise.
if hasattr(tsk_volume, 'info') and tsk_volume.info is not None:
block_size = getattr(tsk_volume.info, 'block_size', 512)
else:
block_size = 512
return block_size 示例5: main
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import Volume_Info [as 別名]
def main(image, img_type, part_type):
print("[+] Opening {}".format(image))
if img_type == "ewf":
try:
filenames = pyewf.glob(image)
except IOError:
print("[-] Invalid EWF format:\n {}".format(e))
sys.exit(2)
ewf_handle = pyewf.handle()
ewf_handle.open(filenames)
e01_metadata(ewf_handle)
# Open PYTSK3 handle on EWF Image
img_info = EWFImgInfo(ewf_handle)
else:
img_info = pytsk3.Img_Info(image)
try:
if part_type is not None:
attr_id = getattr(pytsk3, "TSK_VS_TYPE_" + part_type)
volume = pytsk3.Volume_Info(img_info, attr_id)
else:
volume = pytsk3.Volume_Info(img_info)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Unable to read partition table:\n {}".format(e))
sys.exit(3)
part_metadata(volume) 示例6: main
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import Volume_Info [as 別名]
def main(image, img_type, output, part_type):
volume = None
print("[+] Opening {}".format(image))
if img_type == "ewf":
try:
filenames = pyewf.glob(image)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Invalid EWF format:\n {}".format(e))
sys.exit(2)
ewf_handle = pyewf.handle()
ewf_handle.open(filenames)
# Open PYTSK3 handle on EWF Image
img_info = EWFImgInfo(ewf_handle)
else:
img_info = pytsk3.Img_Info(image)
try:
if part_type is not None:
attr_id = getattr(pytsk3, "TSK_VS_TYPE_" + part_type)
volume = pytsk3.Volume_Info(img_info, attr_id)
else:
volume = pytsk3.Volume_Info(img_info)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Unable to read partition table:\n {}".format(e))
open_fs(volume, img_info, output) 示例7: main
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import Volume_Info [as 別名]
def main(image, img_type, ext, output, part_type):
volume = None
print("[+] Opening {}".format(image))
if img_type == "ewf":
try:
filenames = pyewf.glob(image)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Invalid EWF format:\n {}".format(e))
sys.exit(2)
ewf_handle = pyewf.handle()
ewf_handle.open(filenames)
# Open PYTSK3 handle on EWF Image
img_info = EWFImgInfo(ewf_handle)
else:
img_info = pytsk3.Img_Info(image)
try:
if part_type is not None:
attr_id = getattr(pytsk3, "TSK_VS_TYPE_" + part_type)
volume = pytsk3.Volume_Info(img_info, attr_id)
else:
volume = pytsk3.Volume_Info(img_info)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Unable to read partition table:\n {}".format(e))
open_fs(volume, img_info, ext, output) 示例8: main
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import Volume_Info [as 別名]
def main(image, img_type, hashes, part_type, pbar_total=0):
hash_list, hash_type = read_hashes(hashes)
volume = None
print("[+] Opening {}".format(image))
if img_type == "ewf":
try:
filenames = pyewf.glob(image)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Invalid EWF format:\n {}".format(e))
sys.exit(2)
ewf_handle = pyewf.handle()
ewf_handle.open(filenames)
# Open PYTSK3 handle on EWF Image
img_info = EWFImgInfo(ewf_handle)
else:
img_info = pytsk3.Img_Info(image)
try:
if part_type is not None:
attr_id = getattr(pytsk3, "TSK_VS_TYPE_" + part_type)
volume = pytsk3.Volume_Info(img_info, attr_id)
else:
volume = pytsk3.Volume_Info(img_info)
except IOError:
_, e, _ = sys.exc_info()
print("[-] Unable to read partition table:\n {}".format(e))
open_fs(volume, img_info, hash_list, hash_type, pbar_total) 示例9: return_vol
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import Volume_Info [as 別名]
def return_vol(self):
sys.stderr.write("[+] Opening {}\n".format(self.evidence))
# Handle EWF/Raw Images
if self.image_type == "ewf":
try:
filenames = pyewf.glob(self.evidence)
except IOError:
_, e, _ = sys.exc_info()
sys.stderr.write("[-] Invalid EWF format:\n {}\n".format(e))
raise IOError
ewf_handle = pyewf.handle()
ewf_handle.open(filenames)
# Open PYTSK3 handle on EWF Image
self.image_handle = EWFImgInfo(ewf_handle)
else:
self.image_handle = pytsk3.Img_Info(self.evidence)
# Open volume from image
try:
self.vol = pytsk3.Volume_Info(self.image_handle)
except IOError:
return None
return self.vol 示例10: __init__
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import Volume_Info [as 別名]
def __init__(self, img_hanle):
super(CARPE_Image, self).__init__()
self._partition_table = pytsk3.Volume_Info(img_hanle) 示例11: _Open
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import Volume_Info [as 別名]
def _Open(self, path_spec, mode='rb'):
"""Opens the file system object defined by path specification.
Args:
path_spec (PathSpec): a path specification.
mode (Optional[str]): file access mode. The default is 'rb' which
represents read-only binary.
Raises:
AccessError: if the access to open the file was denied.
IOError: if the file system object could not be opened.
PathSpecError: if the path specification is incorrect.
ValueError: if the path specification is invalid.
"""
if not path_spec.HasParent():
raise errors.PathSpecError(
'Unsupported path specification without parent.')
file_object = resolver.Resolver.OpenFileObject(
path_spec.parent, resolver_context=self._resolver_context)
try:
tsk_image_object = tsk_image.TSKFileSystemImage(file_object)
tsk_volume = pytsk3.Volume_Info(tsk_image_object)
except:
file_object.close()
raise
self._file_object = file_object
self._tsk_volume = tsk_volume 示例12: GetTSKVolume
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import Volume_Info [as 別名]
def GetTSKVolume(self):
"""Retrieves the TSK volume object.
Returns:
pytsk3.Volume_Info: a TSK volume object.
"""
return self._tsk_volume 示例13: GetVolumes
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import Volume_Info [as 別名]
def GetVolumes(self, phyDrive = "\\\\.\\PhysicalDrive0"):
list_fs_info = [] # contain the file system object
block_size = 512 # by default block size is 512
try:
img = pytsk3.Img_Info(phyDrive) # open the physical drive
volume = pytsk3.Volume_Info(img) # get volume information
except OSError as e:
if "file not found" in str(e):
raise Exception("PHYSICAL_DRIVE_NOT_FOUND")
else:
raise Exception(str(e))
# for each volume in the drive, check if it is NTFS and open object to handle it
for part in volume:
try:
self.logging("INFO" , "Check partition: desc{0:s}, offset{1:d}, size:{2:d}".format( part.desc.decode('utf-8') ,part.start , part.len ) )
fs_info = pytsk3.FS_Info(img , offset=part.start * block_size )
# check if file system is NTFS
if fs_info.info.ftype in [pytsk3.TSK_FS_TYPE_NTFS, pytsk3.TSK_FS_TYPE_NTFS_DETECT]:
list_fs_info.append(fs_info)
except Exception as e :
pass
return list_fs_info
# handle hoarder logs 示例14: _find_volumes
# 需要導入模塊: import pytsk3 [as 別名]
# 或者: from pytsk3 import Volume_Info [as 別名]
def _find_volumes(self, volume_system, vstype='detect'):
"""Finds all volumes based on the pytsk3 library."""
try:
# noinspection PyUnresolvedReferences
import pytsk3
except ImportError:
logger.error("pytsk3 not installed, could not detect volumes")
raise ModuleNotFoundError("pytsk3")
baseimage = None
try:
# ewf raw image is now available on base mountpoint
# either as ewf1 file or as .dd file
raw_path = volume_system.parent.get_raw_path()
# noinspection PyBroadException
try:
baseimage = pytsk3.Img_Info(raw_path)
except Exception:
logger.error("Failed retrieving image info (possible empty image).", exc_info=True)
return []
try:
volumes = pytsk3.Volume_Info(baseimage, getattr(pytsk3, 'TSK_VS_TYPE_' + vstype.upper()),
volume_system.parent.offset // volume_system.disk.block_size)
volume_system.volume_source = 'multi'
return volumes
except Exception as e:
# some bug in sleuthkit makes detection sometimes difficult, so we hack around it:
if "(GPT or DOS at 0)" in str(e) and vstype != 'gpt':
volume_system.vstype = 'gpt'
# noinspection PyBroadException
try:
logger.warning("Error in retrieving volume info: TSK couldn't decide between GPT and DOS, "
"choosing GPT for you. Use --vstype=dos to force DOS.", exc_info=True)
volumes = pytsk3.Volume_Info(baseimage, getattr(pytsk3, 'TSK_VS_TYPE_GPT'))
volume_system.volume_source = 'multi'
return volumes
except Exception as e:
logger.exception("Failed retrieving image info (possible empty image).")
raise SubsystemError(e)
else:
logger.exception("Failed retrieving image info (possible empty image).")
raise SubsystemError(e)
finally:
if baseimage:
baseimage.close()
del baseimage