How to use the pytsk3.TSK_FS_META_TYPE_DIR function in pytsk3
To help you get started, we’ve selected a few pytsk3 examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
log2timeline / dfvfs / dfvfs / vfs / tsk_file_entry.py View on Github 
super(TSKFileEntry, self).__init__(
resolver_context, file_system, path_spec, is_root=is_root,
is_virtual=is_virtual)
self._file_system_type = tsk_file.info.fs_info.ftype
self._name = None
self._parent_inode = parent_inode
self._tsk_file = tsk_file
# The type is an instance of pytsk3.TSK_FS_META_TYPE_ENUM.
tsk_fs_meta_type = getattr(
tsk_file.info.meta, 'type', pytsk3.TSK_FS_META_TYPE_UNDEF)
if tsk_fs_meta_type == pytsk3.TSK_FS_META_TYPE_REG:
self.entry_type = definitions.FILE_ENTRY_TYPE_FILE
elif tsk_fs_meta_type == pytsk3.TSK_FS_META_TYPE_DIR:
self.entry_type = definitions.FILE_ENTRY_TYPE_DIRECTORY
elif tsk_fs_meta_type == pytsk3.TSK_FS_META_TYPE_LNK:
self.entry_type = definitions.FILE_ENTRY_TYPE_LINK
elif tsk_fs_meta_type in (
pytsk3.TSK_FS_META_TYPE_CHR, pytsk3.TSK_FS_META_TYPE_BLK):
self.entry_type = definitions.FILE_ENTRY_TYPE_DEVICE
elif tsk_fs_meta_type == pytsk3.TSK_FS_META_TYPE_FIFO:
self.entry_type = definitions.FILE_ENTRY_TYPE_PIPE
elif tsk_fs_meta_type == pytsk3.TSK_FS_META_TYPE_SOCK:
self.entry_type = definitions.FILE_ENTRY_TYPE_SOCKETpytsk3.TSK_FS_NAME_TYPE_UNDEF: "-",
pytsk3.TSK_FS_NAME_TYPE_FIFO: "p",
pytsk3.TSK_FS_NAME_TYPE_CHR: "c",
pytsk3.TSK_FS_NAME_TYPE_DIR: "d",
pytsk3.TSK_FS_NAME_TYPE_BLK: "b",
pytsk3.TSK_FS_NAME_TYPE_REG: "r",
pytsk3.TSK_FS_NAME_TYPE_LNK: "l",
pytsk3.TSK_FS_NAME_TYPE_SOCK: "h",
pytsk3.TSK_FS_NAME_TYPE_SHAD: "s",
pytsk3.TSK_FS_NAME_TYPE_WHT: "w",
pytsk3.TSK_FS_NAME_TYPE_VIRT: "v"
}
META_TYPE_LOOKUP = {
pytsk3.TSK_FS_META_TYPE_REG: "r",
pytsk3.TSK_FS_META_TYPE_DIR: "d",
pytsk3.TSK_FS_META_TYPE_FIFO: "p",
pytsk3.TSK_FS_META_TYPE_CHR: "c",
pytsk3.TSK_FS_META_TYPE_BLK: "b",
pytsk3.TSK_FS_META_TYPE_LNK: "h",
pytsk3.TSK_FS_META_TYPE_SHAD: "s",
pytsk3.TSK_FS_META_TYPE_SOCK: "s",
pytsk3.TSK_FS_META_TYPE_WHT: "w",
pytsk3.TSK_FS_META_TYPE_VIRT: "v"
}
ATTRIBUTE_TYPES_TO_PRINT = [
pytsk3.TSK_FS_ATTR_TYPE_NTFS_IDXROOT,
pytsk3.TSK_FS_ATTR_TYPE_NTFS_DATA,
pytsk3.TSK_FS_ATTR_TYPE_DEFAULT]#recursively move through the image filesystem
for begin in dirObject:
if begin.info.name.name in [".", ".."]:
continue
try: #try and grab the type of file
f_type = begin.info.meta.type
except:
print "Cannot retrieve type of",begin.info.name.name
continue
try: #Traverse the filesystem
filepath = '/{0}/{1}'.format('/'.join(parentPath),begin.info.name.name)
outputPath ='./{0}/{1}/'.format("Carved_files_{0}".format(name),'/'.join(parentPath))
if f_type == pytsk3.TSK_FS_META_TYPE_DIR: #if directory traverse into it
sub_directory = begin.as_directory()
parentPath.append(begin.info.name.name)
recursive_extract(sub_directory,parentPath,img,name)
parentPath.pop(-1)
print "Directory: {0}".format(filepath)
elif f_type == pytsk3.TSK_FS_META_TYPE_REG and begin.info.meta.size != 0: #if file and size > 1
filedata = begin.read_random(0,begin.info.meta.size)
print "Extracting File : " + str(['/'.join(parentPath)+begin.info.name.name])
#create new folder to extract the file
if not os.path.exists(outputPath):
os.makedirs(outputPath)
#extract the filedef directoryRecurse(directoryObject, parentPath):
for entryObject in directoryObject:
if entryObject.info.name.name in [".", ".."]:
continue
try:
f_type = entryObject.info.meta.type
except:
print "Cannot retrieve type of",entryObject.info.name.name
continue
try:
filepath = '/%s/%s' % ('/'.join(parentPath),entryObject.info.name.name)
if f_type == pytsk3.TSK_FS_META_TYPE_DIR:
sub_directory = entryObject.as_directory()
parentPath.append(entryObject.info.name.name)
directoryRecurse(sub_directory,parentPath)
parentPath.pop(-1)
print "Directory: %s" % filepath
elif f_type == pytsk3.TSK_FS_META_TYPE_REG and entryObject.info.meta.size != 0:
filedata = entryObject.read_random(0,entryObject.info.meta.size)
md5hash = hashlib.md5()
md5hash.update(filedata)
sha1hash = hashlib.sha1()
sha1hash.update(filedata)
wr.writerow([int(entryObject.info.meta.addr),'/'.join(parentPath)+entryObject.info.name.name,datetime.datetime.fromtimestamp(entryObject.info.meta.crtime).strftime('%Y-%m-%d %H:%M:%S'),int(entryObject.info.meta.size),md5hash.hexdigest(),sha1hash.hexdigest()])def is_directory(self, path_object):
return path_object.obj.info.meta.type in [pytsk3.TSK_FS_META_TYPE_DIR, pytsk3.TSK_FS_META_TYPE_VIRT_DIR]def make_stat(meta):
""" Return a stat structure from TSK metadata struct """
meta_type_dispatcher = {
pytsk3.TSK_FS_META_TYPE_DIR: stat.S_IFDIR,
pytsk3.TSK_FS_META_TYPE_REG: stat.S_IFREG,
pytsk3.TSK_FS_META_TYPE_FIFO: stat.S_IFIFO,
pytsk3.TSK_FS_META_TYPE_CHR: stat.S_IFCHR,
pytsk3.TSK_FS_META_TYPE_LNK: stat.S_IFLNK,
pytsk3.TSK_FS_META_TYPE_BLK: stat.S_IFBLK,
}
s = fuse.Stat()
s.st_ino = meta.addr
s.st_dev = 0
s.st_nlink = meta.nlink
s.st_uid = meta.uid
s.st_gid = meta.gid
s.st_size = meta.size
s.st_atime = meta.atime
s.st_mtime = meta.mtimefor entryObject in directoryObject:
if entryObject.info.name.name in [".", ".."]:
continue
try:
f_type = entryObject.info.meta.type
except:
print "Cannot retrieve type of",entryObject.info.name.name
continue
try:
filepath = '/%s/%s' % ('/'.join(parentPath),entryObject.info.name.name)
outputPath ='./%s/%s/' % (str(partition.addr),'/'.join(parentPath))
if f_type == pytsk3.TSK_FS_META_TYPE_DIR:
sub_directory = entryObject.as_directory()
parentPath.append(entryObject.info.name.name)
directoryRecurse(sub_directory,parentPath)
parentPath.pop(-1)
#print "Directory: %s" % filepath
elif f_type == pytsk3.TSK_FS_META_TYPE_REG and entryObject.info.meta.size != 0:
searchResult = re.match(args.search,entryObject.info.name.name)
if not searchResult:
continue
filedata = entryObject.read_random(0,entryObject.info.meta.size)
#print "match ",entryObject.info.name.name
md5hash = hashlib.md5()
md5hash.update(filedata)
sha1hash = hashlib.sha1()# A mapping to encode TSK types to a stat.st_mode
FILE_TYPE_LOOKUP = {
pytsk3.TSK_FS_NAME_TYPE_UNDEF: 0,
pytsk3.TSK_FS_NAME_TYPE_FIFO: stat.S_IFIFO,
pytsk3.TSK_FS_NAME_TYPE_CHR: stat.S_IFCHR,
pytsk3.TSK_FS_NAME_TYPE_DIR: stat.S_IFDIR,
pytsk3.TSK_FS_NAME_TYPE_BLK: stat.S_IFBLK,
pytsk3.TSK_FS_NAME_TYPE_REG: stat.S_IFREG,
pytsk3.TSK_FS_NAME_TYPE_LNK: stat.S_IFLNK,
pytsk3.TSK_FS_NAME_TYPE_SOCK: stat.S_IFSOCK,
}
META_TYPE_LOOKUP = {
pytsk3.TSK_FS_META_TYPE_BLK: 0,
pytsk3.TSK_FS_META_TYPE_CHR: stat.S_IFCHR,
pytsk3.TSK_FS_META_TYPE_DIR: stat.S_IFDIR,
pytsk3.TSK_FS_META_TYPE_FIFO: stat.S_IFIFO,
pytsk3.TSK_FS_META_TYPE_LNK: stat.S_IFLNK,
pytsk3.TSK_FS_META_TYPE_REG: stat.S_IFREG,
pytsk3.TSK_FS_META_TYPE_SOCK: stat.S_IFSOCK,
}
# Files we won't return in directories.
BLACKLIST_FILES = [
"$OrphanFiles" # Special TSK dir that invokes processing.
]
# The file like object we read our image from
tsk_raw_device = None
# NTFS files carry an attribute identified by ntfs_type and ntfs_id.
tsk_attribute = Nonedef IsDirectory(self):
"""Determines if the file entry is a directory."""
tsk_fs_meta_type = getattr(
self.file_object.fileobj.info.meta, 'type',
pytsk3.TSK_FS_META_TYPE_UNDEF)
return tsk_fs_meta_type == pytsk3.TSK_FS_META_TYPE_DIR
Popular pytsk3 functions
- pytsk3.FS_Info
- pytsk3.get_version
- pytsk3.Img_Info
- pytsk3.Img_Info.__init__
- pytsk3.TSK_FS_ATTR_TYPE_NTFS_DATA
- pytsk3.TSK_FS_META_FLAG_ALLOC
- pytsk3.TSK_FS_META_TYPE_BLK
- pytsk3.TSK_FS_META_TYPE_CHR
- pytsk3.TSK_FS_META_TYPE_DIR
- pytsk3.TSK_FS_META_TYPE_FIFO
- pytsk3.TSK_FS_META_TYPE_LNK
- pytsk3.TSK_FS_META_TYPE_REG
- pytsk3.TSK_FS_META_TYPE_SOCK
- pytsk3.TSK_FS_NAME_TYPE_BLK
- pytsk3.TSK_FS_NAME_TYPE_DIR
- pytsk3.TSK_FS_NAME_TYPE_REG
- pytsk3.TSK_FS_TYPE_UNSUPP
- pytsk3.TSK_IMG_TYPE_EXTERNAL
- pytsk3.TSK_VS_PART_FLAG_ALLOC
- pytsk3.Volume_Info