How to use the pytsk3.TSK_FS_NAME_TYPE_BLK function in pytsk3
To help you get started, we’ve selected a few pytsk3 examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
google / grr / grr / client / grr_response_client / vfs_handlers / sleuthkit.py View on Github 
return 1e12
class TSKFile(vfs_base.VFSHandler):
"""Read a regular file."""
supported_pathtype = rdf_paths.PathSpec.PathType.TSK
auto_register = True
# A mapping to encode TSK types to a stat.st_mode
FILE_TYPE_LOOKUP = {
pytsk3.TSK_FS_NAME_TYPE_UNDEF: 0,
pytsk3.TSK_FS_NAME_TYPE_FIFO: stat.S_IFIFO,
pytsk3.TSK_FS_NAME_TYPE_CHR: stat.S_IFCHR,
pytsk3.TSK_FS_NAME_TYPE_DIR: stat.S_IFDIR,
pytsk3.TSK_FS_NAME_TYPE_BLK: stat.S_IFBLK,
pytsk3.TSK_FS_NAME_TYPE_REG: stat.S_IFREG,
pytsk3.TSK_FS_NAME_TYPE_LNK: stat.S_IFLNK,
pytsk3.TSK_FS_NAME_TYPE_SOCK: stat.S_IFSOCK,
}
META_TYPE_LOOKUP = {
pytsk3.TSK_FS_META_TYPE_BLK: 0,
pytsk3.TSK_FS_META_TYPE_CHR: stat.S_IFCHR,
pytsk3.TSK_FS_META_TYPE_DIR: stat.S_IFDIR,
pytsk3.TSK_FS_META_TYPE_FIFO: stat.S_IFIFO,
pytsk3.TSK_FS_META_TYPE_LNK: stat.S_IFLNK,
pytsk3.TSK_FS_META_TYPE_REG: stat.S_IFREG,
pytsk3.TSK_FS_META_TYPE_SOCK: stat.S_IFSOCK,
}
# Files we won't return in directories.These client actions are designed to maintain the client's Virtual File System
(VFS) view.
"""
import os
import pytsk3
from rekall.plugins.common.efilter_plugins import helpers
from rekall_agent.client_actions import files
FILE_TYPE_LOOKUP = {
pytsk3.TSK_FS_NAME_TYPE_UNDEF: "-",
pytsk3.TSK_FS_NAME_TYPE_FIFO: "p",
pytsk3.TSK_FS_NAME_TYPE_CHR: "c",
pytsk3.TSK_FS_NAME_TYPE_DIR: "d",
pytsk3.TSK_FS_NAME_TYPE_BLK: "b",
pytsk3.TSK_FS_NAME_TYPE_REG: "r",
pytsk3.TSK_FS_NAME_TYPE_LNK: "l",
pytsk3.TSK_FS_NAME_TYPE_SOCK: "h",
pytsk3.TSK_FS_NAME_TYPE_SHAD: "s",
pytsk3.TSK_FS_NAME_TYPE_WHT: "w",
pytsk3.TSK_FS_NAME_TYPE_VIRT: "v"
}
META_TYPE_LOOKUP = {
pytsk3.TSK_FS_META_TYPE_REG: "r",
pytsk3.TSK_FS_META_TYPE_DIR: "d",
pytsk3.TSK_FS_META_TYPE_FIFO: "p",
pytsk3.TSK_FS_META_TYPE_CHR: "c",
pytsk3.TSK_FS_META_TYPE_BLK: "b",
pytsk3.TSK_FS_META_TYPE_LNK: "h",
pytsk3.TSK_FS_META_TYPE_SHAD: "s",except Exception as e:
return [False, "Plugin Services Failed, reason: " + str(e)]
class Hoarder:
verbose = 0
options = []
plugins = Plugins()
FILE_TYPE_LOOKUP = {
pytsk3.TSK_FS_NAME_TYPE_UNDEF: "-",
pytsk3.TSK_FS_NAME_TYPE_FIFO: "p",
pytsk3.TSK_FS_NAME_TYPE_CHR: "c",
pytsk3.TSK_FS_NAME_TYPE_DIR: "d",
pytsk3.TSK_FS_NAME_TYPE_BLK: "b",
pytsk3.TSK_FS_NAME_TYPE_REG: "r",
pytsk3.TSK_FS_NAME_TYPE_LNK: "l",
pytsk3.TSK_FS_NAME_TYPE_SOCK: "h",
pytsk3.TSK_FS_NAME_TYPE_SHAD: "s",
pytsk3.TSK_FS_NAME_TYPE_WHT: "w",
pytsk3.TSK_FS_NAME_TYPE_VIRT: "v"
}
# ==========
# parameters:
# config_file: path to the yaml config file
# options: options of collected files and plugins
# enabled_verbose level of information to print
# output output file name
# compress_level compression level
# compress_method compression method
Popular pytsk3 functions
- pytsk3.FS_Info
- pytsk3.get_version
- pytsk3.Img_Info
- pytsk3.Img_Info.__init__
- pytsk3.TSK_FS_ATTR_TYPE_NTFS_DATA
- pytsk3.TSK_FS_META_FLAG_ALLOC
- pytsk3.TSK_FS_META_TYPE_BLK
- pytsk3.TSK_FS_META_TYPE_CHR
- pytsk3.TSK_FS_META_TYPE_DIR
- pytsk3.TSK_FS_META_TYPE_FIFO
- pytsk3.TSK_FS_META_TYPE_LNK
- pytsk3.TSK_FS_META_TYPE_REG
- pytsk3.TSK_FS_META_TYPE_SOCK
- pytsk3.TSK_FS_NAME_TYPE_BLK
- pytsk3.TSK_FS_NAME_TYPE_DIR
- pytsk3.TSK_FS_NAME_TYPE_REG
- pytsk3.TSK_FS_TYPE_UNSUPP
- pytsk3.TSK_IMG_TYPE_EXTERNAL
- pytsk3.TSK_VS_PART_FLAG_ALLOC
- pytsk3.Volume_Info