How to use the dfvfs.path.factory.Factory function in dfvfs
To help you get started, we’ve selected a few dfvfs examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
log2timeline / dfvfs / tests / helpers / volume_scanner.py View on Github 
def testNormalizedVolumeIdentifiersPartitionedImage(self):
"""Tests the _NormalizedVolumeIdentifiers function."""
test_mediator = TestVolumeScannerMediator()
test_scanner = volume_scanner.VolumeScanner(mediator=test_mediator)
test_path = self._GetTestFilePath(['tsk_volume_system.raw'])
self._SkipIfPathNotExists(test_path)
test_os_path_spec = path_spec_factory.Factory.NewPathSpec(
definitions.TYPE_INDICATOR_OS, location=test_path)
test_raw_path_spec = path_spec_factory.Factory.NewPathSpec(
definitions.TYPE_INDICATOR_RAW, parent=test_os_path_spec)
test_tsk_partition_path_spec = path_spec_factory.Factory.NewPathSpec(
definitions.TYPE_INDICATOR_TSK_PARTITION, parent=test_raw_path_spec)
volume_system = tsk_volume_system.TSKVolumeSystem()
volume_system.Open(test_tsk_partition_path_spec)
volume_identifiers = test_scanner._NormalizedVolumeIdentifiers(
volume_system, ['p1', 'p2'], prefix='p')
self.assertEqual(volume_identifiers, ['p1', 'p2'])
volume_identifiers = test_scanner._NormalizedVolumeIdentifiers(
volume_system, ['1', '2'], prefix='p')
self.assertEqual(volume_identifiers, ['p1', 'p2'])self._SkipIfPathNotExists(test_artifacts_path)
test_file_path = self._GetTestFilePath(['ímynd.dd'])
self._SkipIfPathNotExists(test_file_path)
registry = artifacts_registry.ArtifactDefinitionsRegistry()
reader = artifacts_reader.YamlArtifactsReader()
registry.ReadFromDirectory(reader, test_artifacts_path)
test_engine = single_process.SingleProcessEngine()
resolver_context = context.Context()
session = sessions.Session()
os_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location=test_file_path)
source_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_TSK, location='/',
parent=os_path_spec)
test_engine.PreprocessSources(registry, [source_path_spec])
storage_writer = fake_writer.FakeStorageWriter(session)
configuration = configurations.ProcessingConfiguration()
configuration.parser_filter_expression = 'filestat'
test_engine.ProcessSources(
[source_path_spec], storage_writer, resolver_context, configuration)
self.assertEqual(storage_writer.number_of_events, 15)def testCalculateDigestHash(self):
"""Tests the _CalculateDigestHash function."""
test_file_path = self._GetTestFilePath(['ímynd.dd'])
self._SkipIfPathNotExists(test_file_path)
test_tool = image_export_tool.ImageExportTool()
os_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location=test_file_path)
tsk_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_TSK, inode=16,
location='/a_directory/another_file', parent=os_path_spec)
file_entry = path_spec_resolver.Resolver.OpenFileEntry(tsk_path_spec)
digest_hash = test_tool._CalculateDigestHash(file_entry, '')
expected_digest_hash = (
'c7fbc0e821c0871805a99584c6a384533909f68a6bbe9a2a687d28d9f3b10c16')
self.assertEqual(digest_hash, expected_digest_hash)
os_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location=test_file_path)
tsk_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_TSK, inode=12,
location='/a_directory', parent=os_path_spec)def testCredentialGetSet(self):
"""Tests the GetCredential and SetCredential functions."""
test_keychain = keychain.KeyChain()
fake_path_spec = factory.Factory.NewPathSpec(
definitions.TYPE_INDICATOR_FAKE, location='/test')
bde_path_spec = factory.Factory.NewPathSpec(
definitions.TYPE_INDICATOR_BDE, parent=fake_path_spec)
with self.assertRaises(AttributeError):
test_keychain.SetCredential(fake_path_spec, 'password', 'TEST')
test_keychain.SetCredential(bde_path_spec, 'password', 'TEST')
credential = test_keychain.GetCredential(fake_path_spec, 'password')
self.assertIsNone(credential)
credential = test_keychain.GetCredential(bde_path_spec, 'password')
self.assertEqual(credential, 'TEST')
credentials = test_keychain.GetCredentials(bde_path_spec)for volume_identifier in sorted(volume_identifiers):
volume = volume_system.GetVolumeByIdentifier(volume_identifier)
if not volume:
raise RuntimeError(
u'Volume missing for identifier: {0:s}.'.format(volume_identifier))
volume_extent = volume.extents[0]
print(
u'{0:s}\t\t{1:d} (0x{1:08x})\t{2:d}'.format(
volume.identifier, volume_extent.offset, volume_extent.size))
volume_path_spec = path_spec_factory.Factory.NewPathSpec(
definitions.TYPE_INDICATOR_TSK_PARTITION, location=u'/'+volume_identifier,
parent=path_spec)
mft_path_spec = path_spec_factory.Factory.NewPathSpec(
definitions.TYPE_INDICATOR_TSK, location=u'/$MFT',
parent=volume_path_spec)
file_entry = resolver.Resolver.OpenFileEntry(mft_path_spec)
stat_object = file_entry.GetStat()
print(u'Inode: {0:d}'.format(stat_object.ino))
print(u'Inode: {0:s}'.format(file_entry.name))
outFile = volume_identifier+file_entry.name
extractFile = open(outFile,'wb')
file_object = file_entry.GetFileObject()
data = file_object.read(4096)
while data: @property
def comparable(self):
"""str: comparable representation of the path specification."""
string_parts = []
if self.data_stream:
string_parts.append('data stream: {0:s}'.format(self.data_stream))
if self.inode is not None:
string_parts.append('inode: {0:d}'.format(self.inode))
if self.location is not None:
string_parts.append('location: {0:s}'.format(self.location))
return self._GetComparable(sub_comparable_string=', '.join(string_parts))
factory.Factory.RegisterPathSpec(TSKPathSpec)def OpenFile(self, windows_path):
"""Opens the file specificed by the Windows path.
Args:
windows_path (str): Windows path to the file.
Returns:
dfvfs.FileIO: file-like object or None if the file does not exist.
"""
if not self._single_file:
return super(WindowsVolumeCollector, self).OpenFile(windows_path)
# TODO: check name of single file.
path_spec = dfvfs_path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location=self._source_path)
if path_spec is None:
return
return dfvfs_resolver.Resolver.OpenFileObject(path_spec)into a storage media image or a directory accessible by the operating
system.
Args:
file_system (FileSystem): a file system.
mount_point (PathSpec): mount point path specification.
drive_letter (Optional[str]): drive letter used by the file system.
Raises:
PathSpecError: if the mount point path specification is incorrect.
ValueError: when file system or mount point is not set.
"""
if not file_system or not mount_point:
raise ValueError('Missing file system or mount point value.')
if path_spec_factory.Factory.IsSystemLevelTypeIndicator(
file_system.type_indicator):
if not hasattr(mount_point, 'location'):
raise errors.PathSpecError(
'Mount point path specification missing location.')
super(WindowsPathResolver, self).__init__()
self._drive_letter = drive_letter
self._environment_variables = {}
self._file_system = file_system
self._mount_point = mount_point
dfvfs
Digital Forensics Virtual File System (dfVFS).
Package Health Score
72 / 100Popular dfvfs functions
- dfvfs.helpers.source_scanner.SourceScannerContext
- dfvfs.lib.definitions
- dfvfs.lib.definitions.TYPE_INDICATOR_OS
- dfvfs.lib.errors
- dfvfs.lib.errors.BackEndError
- dfvfs.lib.errors.PathSpecError
- dfvfs.path.factory
- dfvfs.path.factory.Factory
- dfvfs.path.factory.Factory.NewPathSpec
- dfvfs.path.fake_path_spec.FakePathSpec
- dfvfs.path.ntfs_path_spec.NTFSPathSpec
- dfvfs.path.os_path_spec
- dfvfs.path.os_path_spec.OSPathSpec
- dfvfs.resolver.context
- dfvfs.resolver.context.Context
- dfvfs.resolver.resolver
- dfvfs.resolver.resolver.Resolver
- dfvfs.resolver.resolver.Resolver.OpenFileEntry
- dfvfs.resolver.resolver.Resolver.OpenFileObject
- dfvfs.resolver.resolver.Resolver.OpenFileSystem