How to use the pytsk3.TSK_FS_META_TYPE_SOCK function in pytsk3
To help you get started, we’ve selected a few pytsk3 examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
google / rekall / rekall-agent / rekall_agent / client_actions / tsk.py View on Github 
pytsk3.TSK_FS_NAME_TYPE_LNK: "l",
pytsk3.TSK_FS_NAME_TYPE_SOCK: "h",
pytsk3.TSK_FS_NAME_TYPE_SHAD: "s",
pytsk3.TSK_FS_NAME_TYPE_WHT: "w",
pytsk3.TSK_FS_NAME_TYPE_VIRT: "v"
}
META_TYPE_LOOKUP = {
pytsk3.TSK_FS_META_TYPE_REG: "r",
pytsk3.TSK_FS_META_TYPE_DIR: "d",
pytsk3.TSK_FS_META_TYPE_FIFO: "p",
pytsk3.TSK_FS_META_TYPE_CHR: "c",
pytsk3.TSK_FS_META_TYPE_BLK: "b",
pytsk3.TSK_FS_META_TYPE_LNK: "h",
pytsk3.TSK_FS_META_TYPE_SHAD: "s",
pytsk3.TSK_FS_META_TYPE_SOCK: "s",
pytsk3.TSK_FS_META_TYPE_WHT: "w",
pytsk3.TSK_FS_META_TYPE_VIRT: "v"
}
ATTRIBUTE_TYPES_TO_PRINT = [
pytsk3.TSK_FS_ATTR_TYPE_NTFS_IDXROOT,
pytsk3.TSK_FS_ATTR_TYPE_NTFS_DATA,
pytsk3.TSK_FS_ATTR_TYPE_DEFAULT]
class TSKListDirectoryAction(files.ListDirectoryAction):
"""List Directory via TSK."""
schema = [
dict(name="path",
doc="The name of the directory to list. If a device is also give, "
"the name is relative to this device otherwise we resolve mount "# The type is an instance of pytsk3.TSK_FS_META_TYPE_ENUM.
tsk_fs_meta_type = getattr(
tsk_file.info.meta, 'type', pytsk3.TSK_FS_META_TYPE_UNDEF)
if tsk_fs_meta_type == pytsk3.TSK_FS_META_TYPE_REG:
self.entry_type = definitions.FILE_ENTRY_TYPE_FILE
elif tsk_fs_meta_type == pytsk3.TSK_FS_META_TYPE_DIR:
self.entry_type = definitions.FILE_ENTRY_TYPE_DIRECTORY
elif tsk_fs_meta_type == pytsk3.TSK_FS_META_TYPE_LNK:
self.entry_type = definitions.FILE_ENTRY_TYPE_LINK
elif tsk_fs_meta_type in (
pytsk3.TSK_FS_META_TYPE_CHR, pytsk3.TSK_FS_META_TYPE_BLK):
self.entry_type = definitions.FILE_ENTRY_TYPE_DEVICE
elif tsk_fs_meta_type == pytsk3.TSK_FS_META_TYPE_FIFO:
self.entry_type = definitions.FILE_ENTRY_TYPE_PIPE
elif tsk_fs_meta_type == pytsk3.TSK_FS_META_TYPE_SOCK:
self.entry_type = definitions.FILE_ENTRY_TYPE_SOCKETpytsk3.TSK_FS_NAME_TYPE_CHR: stat.S_IFCHR,
pytsk3.TSK_FS_NAME_TYPE_DIR: stat.S_IFDIR,
pytsk3.TSK_FS_NAME_TYPE_BLK: stat.S_IFBLK,
pytsk3.TSK_FS_NAME_TYPE_REG: stat.S_IFREG,
pytsk3.TSK_FS_NAME_TYPE_LNK: stat.S_IFLNK,
pytsk3.TSK_FS_NAME_TYPE_SOCK: stat.S_IFSOCK,
}
META_TYPE_LOOKUP = {
pytsk3.TSK_FS_META_TYPE_BLK: 0,
pytsk3.TSK_FS_META_TYPE_CHR: stat.S_IFCHR,
pytsk3.TSK_FS_META_TYPE_DIR: stat.S_IFDIR,
pytsk3.TSK_FS_META_TYPE_FIFO: stat.S_IFIFO,
pytsk3.TSK_FS_META_TYPE_LNK: stat.S_IFLNK,
pytsk3.TSK_FS_META_TYPE_REG: stat.S_IFREG,
pytsk3.TSK_FS_META_TYPE_SOCK: stat.S_IFSOCK,
}
# Files we won't return in directories.
BLACKLIST_FILES = [
"$OrphanFiles" # Special TSK dir that invokes processing.
]
# The file like object we read our image from
tsk_raw_device = None
# NTFS files carry an attribute identified by ntfs_type and ntfs_id.
tsk_attribute = None
# This is all bits that define the type of the file in the stat mode. Equal to
# 0b1111000000000000.
stat_type_mask = (
Popular pytsk3 functions
- pytsk3.FS_Info
- pytsk3.get_version
- pytsk3.Img_Info
- pytsk3.Img_Info.__init__
- pytsk3.TSK_FS_ATTR_TYPE_NTFS_DATA
- pytsk3.TSK_FS_META_FLAG_ALLOC
- pytsk3.TSK_FS_META_TYPE_BLK
- pytsk3.TSK_FS_META_TYPE_CHR
- pytsk3.TSK_FS_META_TYPE_DIR
- pytsk3.TSK_FS_META_TYPE_FIFO
- pytsk3.TSK_FS_META_TYPE_LNK
- pytsk3.TSK_FS_META_TYPE_REG
- pytsk3.TSK_FS_META_TYPE_SOCK
- pytsk3.TSK_FS_NAME_TYPE_BLK
- pytsk3.TSK_FS_NAME_TYPE_DIR
- pytsk3.TSK_FS_NAME_TYPE_REG
- pytsk3.TSK_FS_TYPE_UNSUPP
- pytsk3.TSK_IMG_TYPE_EXTERNAL
- pytsk3.TSK_VS_PART_FLAG_ALLOC
- pytsk3.Volume_Info