def __enter__(self):
self.filesystems = (FileSystem(self.disks[0]),
FileSystem(self.disks[1]))
for filesystem in self.filesystems:
filesystem.mount()
return self
def parse_registry(hive, disk=None, sort=False):
if disk is not None:
with FileSystem(disk) as filesystem:
registry = extract_registry(filesystem, hive)
else:
registry = RegistryHive(hive)
registry.rootkey = registry_root(hive)
if sort:
keys = sorted((k for k in registry.keys()), key=lambda k: k.timestamp)
return OrderedDict((k.path, (k.timestamp, k.values)) for k in keys)
else:
return {k.path: (k.timestamp, k.values) for k in registry.keys()}
def list_files(disk, identify=False, size=False):
logger = logging.getLogger('filesystem')
with FileSystem(disk) as filesystem:
logger.debug("Listing files.")
files = hash_filesystem(filesystem)
if identify:
logger.debug("Gatering file types.")
for file_meta in files:
file_meta['type'] = filesystem.file(file_meta['path'])
if size:
logger.debug("Gatering file sizes.")
for file_meta in files:
file_meta['size'] = filesystem.stat(file_meta['path'])['size']
return files
def parse_usnjrnl(usnjrnl, disk=None):
if disk is not None:
with FileSystem(disk) as filesystem:
return extract_usnjrnl(filesystem, usnjrnl)
else:
return [e._asdict() for e in usn_journal(usnjrnl)]
def __enter__(self):
self._filesystem = FileSystem(self._disk)
self._filesystem.mount()
return self
