1. Advisor
  2. dfvfs
  3. functions
  4. dfvfs.lib.definitions
View all dfvfs analysis

How to use the dfvfs.lib.definitions function in dfvfs

To help you get started, we’ve selected a few dfvfs examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github log2timeline / plaso / tests / parsers / test_lib.py View on Github external
filters helper.
      knowledge_base_values (Optional[dict]): knowledge base values.
      timezone (str): timezone.

    Returns:
      FakeStorageWriter: storage writer.

    Raises:
      SkipTest: if the path inside the test data directory does not exist and
          the test should be skipped.
    """
    test_file_path = self._GetTestFilePath(path_segments)
    self._SkipIfPathNotExists(test_file_path)

    path_spec = path_spec_factory.Factory.NewPathSpec(
        dfvfs_definitions.TYPE_INDICATOR_OS, location=test_file_path)
    return self._ParseFileByPathSpec(
        path_spec, parser, collection_filters_helper=collection_filters_helper,
        knowledge_base_values=knowledge_base_values, timezone=timezone)
github log2timeline / dfvfs / tests / helpers / source_scanner.py View on Github external
def testScanForFileSystemOnVSS(self):
    """Test the ScanForFileSystem function on VSS."""
    test_path = self._GetTestFilePath(['vsstest.qcow2'])
    self._SkipIfPathNotExists(test_path)

    test_os_path_spec = path_spec_factory.Factory.NewPathSpec(
        definitions.TYPE_INDICATOR_OS, location=test_path)
    test_qcow_path_spec = path_spec_factory.Factory.NewPathSpec(
        definitions.TYPE_INDICATOR_QCOW, parent=test_os_path_spec)
    test_vss_path_spec = path_spec_factory.Factory.NewPathSpec(
        definitions.TYPE_INDICATOR_VSHADOW, store_index=1,
        parent=test_qcow_path_spec)

    path_spec = self._source_scanner.ScanForFileSystem(test_vss_path_spec)
    self.assertIsNotNone(path_spec)

    expected_type_indicator = definitions.PREFERRED_NTFS_BACK_END
    self.assertEqual(path_spec.type_indicator, expected_type_indicator)
github log2timeline / plaso / tests / frontend / storage_media_frontend.py View on Github external
def _TestScanSourceDirectory(self, source_path):
    """Tests the ScanSource function on a directory.

    Args:
      source_path: the path of the source device, directory or file.
    """
    test_front_end = storage_media_frontend.StorageMediaFrontend()

    scan_context = test_front_end.ScanSource(source_path)
    self.assertNotEqual(scan_context, None)

    scan_node = scan_context.GetRootScanNode()
    self.assertNotEqual(scan_node, None)
    self.assertEqual(
        scan_node.type_indicator, dfvfs_definitions.TYPE_INDICATOR_OS)

    path_spec = scan_node.path_spec
    self.assertEqual(path_spec.location, os.path.abspath(source_path))
github log2timeline / plaso / tests / output / json_out.py View on Github external
class JSONOutputTest(test_lib.OutputModuleTestCase):
  """Tests for the JSON output module."""

  _OS_PATH_SPEC = path_spec_factory.Factory.NewPathSpec(
      dfvfs_definitions.TYPE_INDICATOR_OS, location='{0:s}{1:s}'.format(
          os.path.sep, os.path.join('cases', 'image.dd')))

  _TEST_EVENTS = [
      {'data_type': 'test:output',
       'display_name': 'OS: /var/log/syslog.1',
       'hostname': 'ubuntu',
       'inode': 12345678,
       'pathspec': path_spec_factory.Factory.NewPathSpec(
           dfvfs_definitions.TYPE_INDICATOR_TSK, inode=15,
           location='/var/log/syslog.1', parent=_OS_PATH_SPEC),
       'text': (
           'Reporter  PID: |8442| (pam_unix(cron:session): session\n '
           'closed for user root)'),
       'timestamp': timelib.Timestamp.CopyFromString('2012-06-27 18:17:01'),
       'timestamp_desc': definitions.TIME_DESCRIPTION_UNKNOWN,
       'username': 'root'}]

  def setUp(self):
    """Makes preparations before running an individual test."""
    output_mediator = self._CreateOutputMediator()
    self._output_writer = cli_test_lib.TestOutputWriter()
    self._output_module = json_out.JSONOutputModule(output_mediator)
    self._output_module.SetOutputWriter(self._output_writer)

  def testWriteHeader(self):
github log2timeline / dfvfs / dfvfs / vfs / vshadow_file_entry.py View on Github external
"""
    vshadow_store = file_system.GetVShadowStoreByPathSpec(path_spec)
    if not is_virtual and vshadow_store is None:
      raise errors.BackEndError(
          'Missing vshadow store in non-virtual file entry.')

    super(VShadowFileEntry, self).__init__(
        resolver_context, file_system, path_spec, is_root=is_root,
        is_virtual=is_virtual)
    self._name = None
    self._vshadow_store = vshadow_store

    if self._is_virtual:
      self.entry_type = definitions.FILE_ENTRY_TYPE_DIRECTORY
    else:
      self.entry_type = definitions.FILE_ENTRY_TYPE_FILE
github log2timeline / dfvfs / dfvfs / analyzer / bde_analyzer_helper.py View on Github external
# -*- coding: utf-8 -*-
"""The BDE format analyzer helper implementation."""

from __future__ import unicode_literals

from dfvfs.analyzer import analyzer
from dfvfs.analyzer import analyzer_helper
from dfvfs.analyzer import specification
from dfvfs.lib import definitions


class BDEAnalyzerHelper(analyzer_helper.AnalyzerHelper):
  """BDE analyzer helper."""

  FORMAT_CATEGORIES = frozenset([
      definitions.FORMAT_CATEGORY_VOLUME_SYSTEM])

  TYPE_INDICATOR = definitions.TYPE_INDICATOR_BDE

  def GetFormatSpecification(self):
    """Retrieves the format specification.

    Returns:
      FormatSpecification: format specification or None if the format cannot
          be defined by a specification object.
    """
    format_specification = specification.FormatSpecification(
        self.type_indicator)

    # BDE signature.
    format_specification.AddNewSignature(b'-FVE-FS-', offset=3)
github log2timeline / dfvfs / dfvfs / resolver_helpers / cpio_resolver_helper.py View on Github external
# -*- coding: utf-8 -*-
"""The CPIO path specification resolver helper implementation."""

from __future__ import unicode_literals

from dfvfs.file_io import cpio_file_io
from dfvfs.lib import definitions
from dfvfs.resolver_helpers import manager
from dfvfs.resolver_helpers import resolver_helper
from dfvfs.vfs import cpio_file_system


class CPIOResolverHelper(resolver_helper.ResolverHelper):
  """CPIO resolver helper."""

  TYPE_INDICATOR = definitions.TYPE_INDICATOR_CPIO

  def NewFileObject(self, resolver_context):
    """Creates a new file-like object.

    Args:
      resolver_context (Context): resolver context.

    Returns:
      FileIO: file-like object.
    """
    return cpio_file_io.CPIOFile(resolver_context)

  def NewFileSystem(self, resolver_context):
    """Creates a new file system object.

    Args:
github log2timeline / dfvfs / dfvfs / resolver_helpers / encoded_stream_resolver_helper.py View on Github external
# -*- coding: utf-8 -*-
"""The encoded stream path specification resolver helper implementation."""

from __future__ import unicode_literals

from dfvfs.file_io import encoded_stream_io
from dfvfs.lib import definitions
from dfvfs.resolver_helpers import manager
from dfvfs.resolver_helpers import resolver_helper
from dfvfs.vfs import encoded_stream_file_system


class EncodedStreamResolverHelper(resolver_helper.ResolverHelper):
  """Encoded stream resolver helper."""

  TYPE_INDICATOR = definitions.TYPE_INDICATOR_ENCODED_STREAM

  def NewFileObject(self, resolver_context):
    """Creates a new file-like object.

    Args:
      resolver_context (Context): resolver context.

    Returns:
      FileIO: file-like object.
    """
    return encoded_stream_io.EncodedStream(resolver_context)

  def NewFileSystem(self, resolver_context):
    """Creates a new file system object.

    Args:

dfvfs

Digital Forensics Virtual File System (dfVFS).

GitHub
Apache-2.0
Latest version published 6 months ago

Package Health Score

65 / 100
Full package analysis

Popular dfvfs functions

Similar packages