def testOpenAndClose(self): """Test the open and close functionality.""" file_system = ntfs_file_system.NTFSFileSystem(self._resolver_context, self._ntfs_path_spec) self.assertIsNotNone(file_system) file_system.Open()
def testGetFileEntryByPathSpec(self): """Tests the GetFileEntryByPathSpec function.""" file_system = ntfs_file_system.NTFSFileSystem(self._resolver_context) self.assertIsNotNone(file_system) file_system.Open(self._ntfs_path_spec) path_spec = ntfs_path_spec.NTFSPathSpec(mft_attribute=1, mft_entry=41, parent=self._qcow_path_spec) file_entry = file_system.GetFileEntryByPathSpec(path_spec) self.assertIsNotNone(file_entry) # There is no way to determine the file_entry.name without a location string # in the path_spec or retrieving the file_entry from its parent. path_spec = ntfs_path_spec.NTFSPathSpec(location='\\password.txt', mft_entry=41, parent=self._qcow_path_spec) file_entry = file_system.GetFileEntryByPathSpec(path_spec) self.assertIsNotNone(file_entry) self.assertEqual(file_entry.name, 'password.txt') path_spec = ntfs_path_spec.NTFSPathSpec(location='\\bogus.txt', mft_entry=19, parent=self._qcow_path_spec) file_entry = file_system.GetFileEntryByPathSpec(path_spec) self.assertIsNone(file_entry) file_system.Close()
def _GetAlias(self,scan_node): alias = scan_node.type_indicator if scan_node.type_indicator == definitions.TYPE_INDICATOR_OS: alias = getattr(scan_node.path_spec, 'location', None) match = re.match(r"^\\\\\.\\([a-zA-Z])\:$",alias) if match: alias = alias[4:6] else: alias = os.path.basename(alias) elif scan_node.type_indicator == definitions.TYPE_INDICATOR_TSK_PARTITION: if scan_node.path_spec.part_index is not None: alias = u'Partition Index - {}'.format(scan_node.path_spec.part_index) file_system = resolver.Resolver.OpenFileSystem(scan_node.path_spec) for volume in file_system._tsk_volume: if volume.addr == scan_node.path_spec.part_index: alias = u'{}'.format(volume.desc) break else: return None elif scan_node.type_indicator == definitions.TYPE_INDICATOR_TSK: file_system = None try: file_system = resolver.Resolver.OpenFileSystem(scan_node.path_spec) except Exception as error: print( u"Cannot open file system. [comparable]({})".format( scan_node.path_spec.comparable) ) if file_system is not None: if file_system.IsNTFS(): # Get File System Label ntfs = ntfs_file_system.NTFSFileSystem(None) ntfs._Open(scan_node.path_spec) if ntfs._fsntfs_volume.name is not None: alias = ntfs._fsntfs_volume.name else: #alias = unicode(file_system._tsk_fs_type) alias = u'NONAME' else: alias = getattr(scan_node.path_spec, 'location', None) alias = os.path.basename(alias) elif scan_node.type_indicator == definitions.TYPE_INDICATOR_VSHADOW: alias = getattr(scan_node.path_spec, 'location', None) # Remove preceding '/' if alias is not None: alias = alias[1:] # If no location, then set as 'VSHADOW' (for a vss root) if alias == '': alias = 'Volume Shadow Stores' else: alias = os.path.basename(alias) return alias
def NewFileSystem(self, resolver_context): """Creates a new file system object. Args: resolver_context (Context): resolver context. Returns: FileSystem: file system. """ return ntfs_file_system.NTFSFileSystem(resolver_context)
def NewFileSystem(self, resolver_context, path_spec): """Creates a new file system object. Args: resolver_context (Context): resolver context. path_spec (PathSpec): a path specification. Returns: FileSystem: file system. """ return ntfs_file_system.NTFSFileSystem(resolver_context, path_spec)
def setUp(self): """Sets up the needed objects used throughout the test.""" self._resolver_context = context.Context() test_file = self._GetTestFilePath(['vsstest.qcow2']) path_spec = os_path_spec.OSPathSpec(location=test_file) self._qcow_path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec) self._ntfs_path_spec = ntfs_path_spec.NTFSPathSpec( location='\\', parent=self._qcow_path_spec) self._file_system = ntfs_file_system.NTFSFileSystem( self._resolver_context) self._file_system.Open(self._ntfs_path_spec)
def testGetRootFileEntry(self): """Test the get root file entry functionality.""" file_system = ntfs_file_system.NTFSFileSystem(self._resolver_context, self._ntfs_path_spec) self.assertIsNotNone(file_system) file_system.Open() file_entry = file_system.GetRootFileEntry() self.assertIsNotNone(file_entry) self.assertEqual(file_entry.name, '')
def testFileEntryExistsByPathSpec(self): """Test the file entry exists by path specification functionality.""" file_system = ntfs_file_system.NTFSFileSystem(self._resolver_context) self.assertIsNotNone(file_system) file_system.Open(self._ntfs_path_spec) path_spec = ntfs_path_spec.NTFSPathSpec( location=u'\\password.txt', mft_attribute=1, mft_entry=41, parent=self._qcow_path_spec) self.assertTrue(file_system.FileEntryExistsByPathSpec(path_spec)) path_spec = ntfs_path_spec.NTFSPathSpec( location=u'\\bogus.txt', mft_entry=19, parent=self._qcow_path_spec) self.assertFalse(file_system.FileEntryExistsByPathSpec(path_spec)) file_system.Close()
def setUp(self): """Sets up the needed objects used throughout the test.""" self._resolver_context = context.Context() test_path = self._GetTestFilePath(['vsstest.qcow2']) self._SkipIfPathNotExists(test_path) test_os_path_spec = path_spec_factory.Factory.NewPathSpec( definitions.TYPE_INDICATOR_OS, location=test_path) self._qcow_path_spec = path_spec_factory.Factory.NewPathSpec( definitions.TYPE_INDICATOR_QCOW, parent=test_os_path_spec) self._ntfs_path_spec = path_spec_factory.Factory.NewPathSpec( definitions.TYPE_INDICATOR_NTFS, location='\\', parent=self._qcow_path_spec) self._file_system = ntfs_file_system.NTFSFileSystem( self._resolver_context, self._ntfs_path_spec) self._file_system.Open()
def testFileEntryExistsByPathSpec(self): """Test the file entry exists by path specification functionality.""" file_system = ntfs_file_system.NTFSFileSystem(self._resolver_context, self._ntfs_path_spec) self.assertIsNotNone(file_system) file_system.Open() path_spec = path_spec_factory.Factory.NewPathSpec( definitions.TYPE_INDICATOR_NTFS, location='\\password.txt', mft_attribute=1, mft_entry=41, parent=self._qcow_path_spec) self.assertTrue(file_system.FileEntryExistsByPathSpec(path_spec)) path_spec = path_spec_factory.Factory.NewPathSpec( definitions.TYPE_INDICATOR_NTFS, location='\\bogus.txt', mft_entry=19, parent=self._qcow_path_spec) self.assertFalse(file_system.FileEntryExistsByPathSpec(path_spec))