def is_valid_for(self, target_file: TargetPath): if "Event Log" in target_file.get_type() and \ target_file.is_file() and \ isinstance(target_file, TargetFile) and \ target_file.get_extension() == ".evtx": return True return False
def is_valid_for(self, target_file: TargetPath): if target_file.is_file(): if "ASCII text" in target_file.get_type(): return True if "UTF-8 Unicode text" in target_file.get_type(): return True return False
def is_valid_for(self, target_file: TargetPath): if target_file.is_file(): if isinstance(target_file, TargetFile): if target_file.get_extension() in [ ".cer", ".crt", ".cer", ".der", ".pem" ]: return True return False
def is_valid_for(self, target_file: TargetPath): if target_file.is_file(): if "ignore_extensions" in self.get_params(): if isinstance(target_file, TargetFile): if target_file.get_extension() in self.get_params( )["ignore_extensions"].split(","): return False return True return False
def _check_extensions(self, target_file: TargetPath): if target_file.is_file(): if EXTENSIONS in self._params: if self._extensions is None: self._extensions = self._read_file( self._params[EXTENSIONS]) if isinstance(target_file, TargetFile): if target_file.get_extension() in self._extensions: self._ignore()
def _check_sizes(self, target_file: TargetPath): info = target_file.get_info() if target_file.is_file() and "st_size" in info: if IGNORE_MAX in self._params: if self._max_size is None: self._max_size = int(self._params[IGNORE_MAX]) if info["st_size"] >= self._max_size: self._ignore() if IGNORE_MIN in self._params: if self._min_size is None: self._min_size = int(self._params[IGNORE_MIN]) if info["st_size"] <= self._min_size: self._ignore()
def is_valid_for(self, target_file: TargetPath): if target_file.is_file(): if "PDF document" in target_file.get_type(): return True elif "Composite Document" in target_file.get_type(): return True elif "OpenDocument" in target_file.get_type(): return True elif "Microsoft Word" in target_file.get_type(): return True elif "Microsoft Excel" in target_file.get_type(): return True elif "Microsoft PowerPoint" in target_file.get_type(): return True if isinstance(target_file, TargetFile): if target_file.get_extension() in [ ".pages", ".numbers", ".keynote" ]: return True return False
def is_valid_for(self, target_file: TargetPath): if target_file.is_file(): if ("Zip archive data" in target_file.get_type()): return True return False
def is_valid_for(self, target_file: TargetPath): if "Windows registry" in target_file.get_type() and \ target_file.is_file(): return True return False
def is_valid_for(self, target_file: TargetPath): if target_file.is_file( ) and "Microsoft Outlook email" in target_file.get_type(): return True return False
def is_valid_for(self, target_file: TargetPath): if target_file.is_file() \ and isinstance(target_file, TargetFile) \ and target_file.get_extension() == ".pf": return True return False
def is_valid_for(self, target_file: TargetPath): if target_file.is_file(): if "SQLite" in target_file.get_type() and ("History" in target_file.get_name() \ or "places" in target_file.get_name()): return True return False
def is_valid_for(self, target_file: TargetPath): if target_file.is_file(): if "data" in target_file.get_type( ) and "MFT" in target_file.get_name(): return True return False