How to use the pytsk3.TSK_FS_META_TYPE_BLK function in pytsk3
To help you get started, we’ve selected a few pytsk3 examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
google / rekall / rekall-agent / rekall_agent / client_actions / tsk.py View on Github 
pytsk3.TSK_FS_NAME_TYPE_DIR: "d",
pytsk3.TSK_FS_NAME_TYPE_BLK: "b",
pytsk3.TSK_FS_NAME_TYPE_REG: "r",
pytsk3.TSK_FS_NAME_TYPE_LNK: "l",
pytsk3.TSK_FS_NAME_TYPE_SOCK: "h",
pytsk3.TSK_FS_NAME_TYPE_SHAD: "s",
pytsk3.TSK_FS_NAME_TYPE_WHT: "w",
pytsk3.TSK_FS_NAME_TYPE_VIRT: "v"
}
META_TYPE_LOOKUP = {
pytsk3.TSK_FS_META_TYPE_REG: "r",
pytsk3.TSK_FS_META_TYPE_DIR: "d",
pytsk3.TSK_FS_META_TYPE_FIFO: "p",
pytsk3.TSK_FS_META_TYPE_CHR: "c",
pytsk3.TSK_FS_META_TYPE_BLK: "b",
pytsk3.TSK_FS_META_TYPE_LNK: "h",
pytsk3.TSK_FS_META_TYPE_SHAD: "s",
pytsk3.TSK_FS_META_TYPE_SOCK: "s",
pytsk3.TSK_FS_META_TYPE_WHT: "w",
pytsk3.TSK_FS_META_TYPE_VIRT: "v"
}
ATTRIBUTE_TYPES_TO_PRINT = [
pytsk3.TSK_FS_ATTR_TYPE_NTFS_IDXROOT,
pytsk3.TSK_FS_ATTR_TYPE_NTFS_DATA,
pytsk3.TSK_FS_ATTR_TYPE_DEFAULT]
class TSKListDirectoryAction(files.ListDirectoryAction):
"""List Directory via TSK."""
schema = [auto_register = True
# A mapping to encode TSK types to a stat.st_mode
FILE_TYPE_LOOKUP = {
pytsk3.TSK_FS_NAME_TYPE_UNDEF: 0,
pytsk3.TSK_FS_NAME_TYPE_FIFO: stat.S_IFIFO,
pytsk3.TSK_FS_NAME_TYPE_CHR: stat.S_IFCHR,
pytsk3.TSK_FS_NAME_TYPE_DIR: stat.S_IFDIR,
pytsk3.TSK_FS_NAME_TYPE_BLK: stat.S_IFBLK,
pytsk3.TSK_FS_NAME_TYPE_REG: stat.S_IFREG,
pytsk3.TSK_FS_NAME_TYPE_LNK: stat.S_IFLNK,
pytsk3.TSK_FS_NAME_TYPE_SOCK: stat.S_IFSOCK,
}
META_TYPE_LOOKUP = {
pytsk3.TSK_FS_META_TYPE_BLK: 0,
pytsk3.TSK_FS_META_TYPE_CHR: stat.S_IFCHR,
pytsk3.TSK_FS_META_TYPE_DIR: stat.S_IFDIR,
pytsk3.TSK_FS_META_TYPE_FIFO: stat.S_IFIFO,
pytsk3.TSK_FS_META_TYPE_LNK: stat.S_IFLNK,
pytsk3.TSK_FS_META_TYPE_REG: stat.S_IFREG,
pytsk3.TSK_FS_META_TYPE_SOCK: stat.S_IFSOCK,
}
# Files we won't return in directories.
BLACKLIST_FILES = [
"$OrphanFiles" # Special TSK dir that invokes processing.
]
# The file like object we read our image from
tsk_raw_device = Nonedef make_stat(meta):
""" Return a stat structure from TSK metadata struct """
meta_type_dispatcher = {
pytsk3.TSK_FS_META_TYPE_DIR: stat.S_IFDIR,
pytsk3.TSK_FS_META_TYPE_REG: stat.S_IFREG,
pytsk3.TSK_FS_META_TYPE_FIFO: stat.S_IFIFO,
pytsk3.TSK_FS_META_TYPE_CHR: stat.S_IFCHR,
pytsk3.TSK_FS_META_TYPE_LNK: stat.S_IFLNK,
pytsk3.TSK_FS_META_TYPE_BLK: stat.S_IFBLK,
}
s = fuse.Stat()
s.st_ino = meta.addr
s.st_dev = 0
s.st_nlink = meta.nlink
s.st_uid = meta.uid
s.st_gid = meta.gid
s.st_size = meta.size
s.st_atime = meta.atime
s.st_mtime = meta.mtime
s.st_ctime = meta.crtime
s.st_blocks = 2
s.st_rdev = 0
s.st_mode = meta_type_dispatcher.get(int(meta.type), 0)
s.st_mode |= int(meta.mode)
Popular pytsk3 functions
- pytsk3.FS_Info
- pytsk3.get_version
- pytsk3.Img_Info
- pytsk3.Img_Info.__init__
- pytsk3.TSK_FS_ATTR_TYPE_NTFS_DATA
- pytsk3.TSK_FS_META_FLAG_ALLOC
- pytsk3.TSK_FS_META_TYPE_BLK
- pytsk3.TSK_FS_META_TYPE_CHR
- pytsk3.TSK_FS_META_TYPE_DIR
- pytsk3.TSK_FS_META_TYPE_FIFO
- pytsk3.TSK_FS_META_TYPE_LNK
- pytsk3.TSK_FS_META_TYPE_REG
- pytsk3.TSK_FS_META_TYPE_SOCK
- pytsk3.TSK_FS_NAME_TYPE_BLK
- pytsk3.TSK_FS_NAME_TYPE_DIR
- pytsk3.TSK_FS_NAME_TYPE_REG
- pytsk3.TSK_FS_TYPE_UNSUPP
- pytsk3.TSK_IMG_TYPE_EXTERNAL
- pytsk3.TSK_VS_PART_FLAG_ALLOC
- pytsk3.Volume_Info