def testInitialize(self):
"""Tests the path specification initialization."""
path_spec = qcow_path_spec.QCOWPathSpec(parent=self._path_spec)
self.assertIsNotNone(path_spec)
with self.assertRaises(ValueError):
qcow_path_spec.QCOWPathSpec(parent=None)
with self.assertRaises(ValueError):
qcow_path_spec.QCOWPathSpec(parent=self._path_spec, bogus='BOGUS')
def setUp(self):
"""Sets up the needed objects used throughout the test."""
super(QCOWFileTest, self).setUp()
test_file = os.path.join(u'test_data', u'image.qcow2')
self._os_path_spec = os_path_spec.OSPathSpec(location=test_file)
self._qcow_path_spec = qcow_path_spec.QCOWPathSpec(
parent=self._os_path_spec)
def testScanForVolumeSystem(self):
"""Test the ScanForVolumeSystem() function."""
test_file = os.path.join(u'test_data', u'tsk_volume_system.raw')
source_path_spec = os_path_spec.OSPathSpec(location=test_file)
path_spec = self._source_scanner.ScanForVolumeSystem(source_path_spec)
self.assertIsNotNone(path_spec)
self.assertEqual(path_spec.type_indicator,
definitions.TYPE_INDICATOR_TSK_PARTITION)
test_file = os.path.join(u'test_data', u'vsstest.qcow2')
source_path_spec = os_path_spec.OSPathSpec(location=test_file)
source_path_spec = qcow_path_spec.QCOWPathSpec(parent=source_path_spec)
path_spec = self._source_scanner.ScanForVolumeSystem(source_path_spec)
self.assertIsNotNone(path_spec)
self.assertEqual(path_spec.type_indicator,
definitions.TYPE_INDICATOR_VSHADOW)
test_file = os.path.join(u'test_data', u'bdetogo.raw')
source_path_spec = os_path_spec.OSPathSpec(location=test_file)
path_spec = self._source_scanner.ScanForVolumeSystem(source_path_spec)
self.assertIsNotNone(path_spec)
self.assertEqual(path_spec.type_indicator,
definitions.TYPE_INDICATOR_BDE)
test_file = os.path.join(u'test_data', u'mactime.body')
source_path_spec = os_path_spec.OSPathSpec(location=test_file)
path_spec = self._source_scanner.ScanForVolumeSystem(source_path_spec)
self.assertIsNone(path_spec)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
test_file = self._GetTestFilePath([u'vsstest.qcow2'])
path_spec = os_path_spec.OSPathSpec(location=test_file)
path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
self._vshadow_path_spec = vshadow_path_spec.VShadowPathSpec(
location=u'/', parent=path_spec)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
super(QCOWFileTest, self).setUp()
test_file = self._GetTestFilePath([u'image.qcow2'])
self._os_path_spec = os_path_spec.OSPathSpec(location=test_file)
self._qcow_path_spec = qcow_path_spec.QCOWPathSpec(
parent=self._os_path_spec)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
test_file = os.path.join(u'test_data', u'vsstest.qcow2')
path_spec = os_path_spec.OSPathSpec(location=test_file)
path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
self._vshadow_path_spec = vshadow_path_spec.VShadowPathSpec(
location=u'/', parent=path_spec)
def testReadADS(self):
"""Test the read functionality on an alternate data stream (ADS)."""
test_file = self._GetTestFilePath(['vsstest.qcow2'])
self._SkipIfPathNotExists(test_file)
path_spec = os_path_spec.OSPathSpec(location=test_file)
path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
path_spec = tsk_path_spec.TSKPathSpec(data_stream='$SDS',
inode=9,
location='\\$Secure',
parent=path_spec)
file_object = tsk_file_io.TSKFile(self._resolver_context)
file_object.open(path_spec=path_spec)
expected_buffer = (
b'H\n\x80\xb9\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
read_buffer = file_object.read(size=16)
self.assertEqual(read_buffer, expected_buffer)
file_object.seek(0x00040000, os.SEEK_SET)
read_buffer = file_object.read(size=16)
self.assertEqual(read_buffer, expected_buffer)
file_object.seek(0x000401a0, os.SEEK_SET)
expected_buffer = (
b'\xc3\xb4\xb1\x34\x03\x01\x00\x00\xa0\x01\x00\x00\x00\x00\x00\x00'
)
read_buffer = file_object.read(size=16)
self.assertEqual(read_buffer, expected_buffer)
def testGetVolumeSystemTypeIndicators(self):
"""Function to test the get volume system type indicators function."""
test_file = os.path.join(u'test_data', u'tsk_volume_system.raw')
path_spec = os_path_spec.OSPathSpec(location=test_file)
expected_type_indicators = [definitions.TYPE_INDICATOR_TSK_PARTITION]
type_indicators = analyzer.Analyzer.GetVolumeSystemTypeIndicators(
path_spec)
self.assertEqual(type_indicators, expected_type_indicators)
test_file = os.path.join(u'test_data', u'vsstest.qcow2')
path_spec = os_path_spec.OSPathSpec(location=test_file)
path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
expected_type_indicators = [definitions.TYPE_INDICATOR_VSHADOW]
type_indicators = analyzer.Analyzer.GetVolumeSystemTypeIndicators(
path_spec)
self.assertEqual(type_indicators, expected_type_indicators)
test_file = os.path.join(u'test_data', u'bdetogo.raw')
path_spec = os_path_spec.OSPathSpec(location=test_file)
expected_type_indicators = [definitions.TYPE_INDICATOR_BDE]
type_indicators = analyzer.Analyzer.GetVolumeSystemTypeIndicators(
path_spec)
self.assertEqual(type_indicators, expected_type_indicators)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
test_file = self._GetTestFilePath(['lvmtest.qcow2'])
path_spec = os_path_spec.OSPathSpec(location=test_file)
path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
self._lvm_path_spec = lvm_path_spec.LVMPathSpec(location='/',
parent=path_spec)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
super(LVMImageFileTest, self).setUp()
test_file = os.path.join(u'test_data', u'lvmtest.qcow2')
path_spec = os_path_spec.OSPathSpec(location=test_file)
self._qcow_path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
self._lvm_path_spec = lvm_path_spec.LVMPathSpec(
parent=self._qcow_path_spec, volume_index=0)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._resolver_context = context.Context()
test_file = self._GetTestFilePath(['lvm.qcow2'])
self._SkipIfPathNotExists(test_file)
path_spec = os_path_spec.OSPathSpec(location=test_file)
self._qcow_path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._resolver_context = context.Context()
test_file = os.path.join(u'test_data', u'vsstest.qcow2')
path_spec = os_path_spec.OSPathSpec(location=test_file)
self._qcow_path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
self._ntfs_path_spec = ntfs_path_spec.NTFSPathSpec(
location=u'\\', parent=self._qcow_path_spec)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._resolver_context = context.Context()
test_file = self._GetTestFilePath(['vsstest.qcow2'])
path_spec = os_path_spec.OSPathSpec(location=test_file)
self._qcow_path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
self._ntfs_path_spec = ntfs_path_spec.NTFSPathSpec(
location='\\', parent=self._qcow_path_spec)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
super(NTFSFileTest, self).setUp()
self._resolver_context = context.Context()
test_file = self._GetTestFilePath([u'vsstest.qcow2'])
self._os_path_spec = os_path_spec.OSPathSpec(location=test_file)
self._qcow_path_spec = qcow_path_spec.QCOWPathSpec(
parent=self._os_path_spec)
def testComparable(self):
"""Tests the path specification comparable property."""
path_spec = qcow_path_spec.QCOWPathSpec(parent=self._path_spec)
self.assertIsNotNone(path_spec)
expected_comparable = u'\n'.join([u'type: TEST', u'type: QCOW', u''])
self.assertEqual(path_spec.comparable, expected_comparable)
def testOpenCloseLocation(self):
"""Test the open and close functionality using a location."""
self._TestOpenCloseLocation(self._qcow_path_spec)
# Try open with a path specification that has no parent.
path_spec = qcow_path_spec.QCOWPathSpec(parent=self._os_path_spec)
path_spec.parent = None
with self.assertRaises(errors.PathSpecError):
self._TestOpenCloseLocation(path_spec)
def testScanForVolumeSystemVSS(self):
"""Test the ScanForVolumeSystem function on VSS."""
test_file = self._GetTestFilePath([u'vsstest.qcow2'])
source_path_spec = os_path_spec.OSPathSpec(location=test_file)
source_path_spec = qcow_path_spec.QCOWPathSpec(parent=source_path_spec)
path_spec = self._source_scanner.ScanForVolumeSystem(source_path_spec)
self.assertIsNotNone(path_spec)
self.assertEqual(path_spec.type_indicator,
definitions.TYPE_INDICATOR_VSHADOW)
def testGetVolumeSystemTypeIndicatorsVSS(self):
"""Tests the GetVolumeSystemTypeIndicators function on a VSS volume."""
test_file = self._GetTestFilePath(['vsstest.qcow2'])
path_spec = os_path_spec.OSPathSpec(location=test_file)
path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
expected_type_indicators = [definitions.TYPE_INDICATOR_VSHADOW]
type_indicators = analyzer.Analyzer.GetVolumeSystemTypeIndicators(
path_spec)
self.assertEqual(type_indicators, expected_type_indicators)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
super(LVMImageFileTest, self).setUp()
test_file = self._GetTestFilePath(['lvm.qcow2'])
self._SkipIfPathNotExists(test_file)
path_spec = os_path_spec.OSPathSpec(location=test_file)
self._qcow_path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
self._lvm_path_spec = lvm_path_spec.LVMPathSpec(
parent=self._qcow_path_spec, volume_index=0)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._resolver_context = context.Context()
test_file = os.path.join(u'test_data', u'vsstest.qcow2')
path_spec = os_path_spec.OSPathSpec(location=test_file)
self._qcow_path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
self._tsk_path_spec = tsk_path_spec.TSKPathSpec(
location=u'\\', parent=self._qcow_path_spec)
self._file_system = tsk_file_system.TSKFileSystem(self._resolver_context)
self._file_system.Open(self._tsk_path_spec)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._resolver_context = context.Context()
test_file = self._GetTestFilePath(['fvdetest.qcow2'])
path_spec = os_path_spec.OSPathSpec(location=test_file)
path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
path_spec = tsk_partition_path_spec.TSKPartitionPathSpec(
location='/p1', parent=path_spec)
self._fvde_path_spec = fvde_path_spec.FVDEPathSpec(parent=path_spec)
resolver.Resolver.key_chain.SetCredential(
self._fvde_path_spec, 'password', self._FVDE_PASSWORD)
def testGetFileSystemTypeIndicators(self):
"""Function to test the get file system type indicators function."""
test_file = os.path.join(u'test_data', u'vsstest.qcow2')
path_spec = os_path_spec.OSPathSpec(location=test_file)
path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
path_spec = vshadow_path_spec.VShadowPathSpec(store_index=1,
parent=path_spec)
expected_type_indicators = [definitions.PREFERRED_NTFS_BACK_END]
type_indicators = analyzer.Analyzer.GetFileSystemTypeIndicators(
path_spec)
self.assertEqual(type_indicators, expected_type_indicators)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._resolver_context = context.Context()
test_file = self._GetTestFilePath([u'vsstest.qcow2'])
path_spec = os_path_spec.OSPathSpec(location=test_file)
self._qcow_path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
self._vshadow_path_spec = vshadow_path_spec.VShadowPathSpec(
location=u'/', parent=self._qcow_path_spec)
self._file_system = vshadow_file_system.VShadowFileSystem(
self._resolver_context)
self._file_system.Open(self._vshadow_path_spec)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._resolver_context = context.Context()
test_file = self._GetTestFilePath(['lvmtest.qcow2'])
path_spec = os_path_spec.OSPathSpec(location=test_file)
self._qcow_path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
self._lvm_path_spec = lvm_path_spec.LVMPathSpec(
location='/', parent=self._qcow_path_spec)
self._file_system = lvm_file_system.LVMFileSystem(
self._resolver_context)
self._file_system.Open(self._lvm_path_spec)
def testGetFileSystemTypeIndicators(self):
"""Tests the GetFileSystemTypeIndicators function on a .qcow2 file."""
test_file = self._GetTestFilePath(['vsstest.qcow2'])
path_spec = os_path_spec.OSPathSpec(location=test_file)
path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
path_spec = vshadow_path_spec.VShadowPathSpec(store_index=1,
parent=path_spec)
expected_type_indicators = [definitions.PREFERRED_NTFS_BACK_END]
type_indicators = analyzer.Analyzer.GetFileSystemTypeIndicators(
path_spec)
self.assertEqual(type_indicators, expected_type_indicators)
def testGetVolumeSystemTypeIndicatorsFVDE(self):
"""Tests the GetVolumeSystemTypeIndicators function on a FVDE volume."""
test_file = self._GetTestFilePath(['fvdetest.qcow2'])
path_spec = os_path_spec.OSPathSpec(location=test_file)
path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
path_spec = tsk_partition_path_spec.TSKPartitionPathSpec(
location='/p1', parent=path_spec)
expected_type_indicators = [definitions.TYPE_INDICATOR_FVDE]
type_indicators = analyzer.Analyzer.GetVolumeSystemTypeIndicators(
path_spec)
self.assertEqual(type_indicators, expected_type_indicators)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
super(FVDEFileWithPathSpecCredentialsTest, self).setUp()
test_file = self._GetTestFilePath([u'fvdetest.qcow2'])
path_spec = os_path_spec.OSPathSpec(location=test_file)
path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
self._tsk_partition_path_spec = (
tsk_partition_path_spec.TSKPartitionPathSpec(
location=u'/p1', parent=path_spec))
self._fvde_path_spec = fvde_path_spec.FVDEPathSpec(
password=self._FVDE_PASSWORD, parent=self._tsk_partition_path_spec)
resolver.Resolver.key_chain.SetCredential(
self._fvde_path_spec, u'password', self._FVDE_PASSWORD)
def testScanForFileSystemVSS(self):
"""Test the ScanForFileSystem function on VSS."""
test_file = self._GetTestFilePath([u'vsstest.qcow2'])
source_path_spec = os_path_spec.OSPathSpec(location=test_file)
source_path_spec = qcow_path_spec.QCOWPathSpec(parent=source_path_spec)
source_path_spec = vshadow_path_spec.VShadowPathSpec(
store_index=1, parent=source_path_spec)
path_spec = self._source_scanner.ScanForFileSystem(source_path_spec)
self.assertIsNotNone(path_spec)
expected_type_indicator = definitions.PREFERRED_NTFS_BACK_END
self.assertEqual(path_spec.type_indicator, expected_type_indicator)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._resolver_context = context.Context()
test_file = self._GetTestFilePath(['vsstest.qcow2'])
self._SkipIfPathNotExists(test_file)
path_spec = os_path_spec.OSPathSpec(location=test_file)
self._qcow_path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
self._tsk_path_spec = tsk_path_spec.TSKPathSpec(
location='\\', parent=self._qcow_path_spec)
self._file_system = tsk_file_system.TSKFileSystem(
self._resolver_context)
self._file_system.Open(self._tsk_path_spec)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._resolver_context = context.Context()
test_file = os.path.join(u'test_data', u'fvdetest.qcow2')
path_spec = os_path_spec.OSPathSpec(location=test_file)
path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
path_spec = tsk_partition_path_spec.TSKPartitionPathSpec(
location=u'/p1', parent=path_spec)
self._fvde_path_spec = fvde_path_spec.FVDEPathSpec(parent=path_spec)
resolver.Resolver.key_chain.SetCredential(self._fvde_path_spec,
u'password',
self._FVDE_PASSWORD)
self._file_system = fvde_file_system.FVDEFileSystem(
self._resolver_context)
self._file_system.Open(self._fvde_path_spec)
