def extract_usnjrnl(filesystem, path):
with NamedTemporaryFile(buffering=0) as tempfile:
root = filesystem.inspect_get_roots()[0]
inode = filesystem.stat(path)['ino']
filesystem.download_inode(root, inode, tempfile.name)
return [e._asdict() for e in usn_journal(tempfile.name)]
def extract_usnjrnl(filesystem, path):
with NamedTemporaryFile(buffering=0) as tempfile:
root = filesystem.inspect_get_roots()[0]
inode = filesystem.stat(path)['ino']
filesystem.download_inode(root, inode, tempfile.name)
return [e._asdict() for e in usn_journal(tempfile.name)]
def _read_journal(self):
"""Extracts the USN journal from the disk and parses its content."""
root = self._filesystem.inspect_get_roots()[0]
inode = self._filesystem.stat('C:\\$Extend\\$UsnJrnl')['ino']
with NamedTemporaryFile(buffering=0) as tempfile:
self._filesystem.download_inode(root, inode, tempfile.name)
journal = usn_journal(tempfile.name)
return parse_journal(journal)
def _read_journal(self):
"""Extracts the USN journal from the disk and parses its content."""
root = self._filesystem.inspect_get_roots()[0]
inode = self._filesystem.stat('C:\\$Extend\\$UsnJrnl')['ino']
with NamedTemporaryFile(buffering=0) as tempfile:
self._filesystem.download_inode(root, inode, tempfile.name)
journal = usn_journal(tempfile.name)
return parse_journal(journal)
def parse_usnjrnl(usnjrnl, disk=None):
if disk is not None:
with FileSystem(disk) as filesystem:
return extract_usnjrnl(filesystem, usnjrnl)
else:
return [e._asdict() for e in usn_journal(usnjrnl)]
def parse_usnjrnl(usnjrnl, disk=None):
if disk is not None:
with FileSystem(disk) as filesystem:
return extract_usnjrnl(filesystem, usnjrnl)
else:
return [e._asdict() for e in usn_journal(usnjrnl)]
