def testOpenAndClose(self):
"""Test the open and close functionality."""
file_system = ntfs_file_system.NTFSFileSystem(self._resolver_context,
self._ntfs_path_spec)
self.assertIsNotNone(file_system)
file_system.Open()
def testGetFileEntryByPathSpec(self):
"""Tests the GetFileEntryByPathSpec function."""
file_system = ntfs_file_system.NTFSFileSystem(self._resolver_context)
self.assertIsNotNone(file_system)
file_system.Open(self._ntfs_path_spec)
path_spec = ntfs_path_spec.NTFSPathSpec(mft_attribute=1,
mft_entry=41,
parent=self._qcow_path_spec)
file_entry = file_system.GetFileEntryByPathSpec(path_spec)
self.assertIsNotNone(file_entry)
# There is no way to determine the file_entry.name without a location string
# in the path_spec or retrieving the file_entry from its parent.
path_spec = ntfs_path_spec.NTFSPathSpec(location='\\password.txt',
mft_entry=41,
parent=self._qcow_path_spec)
file_entry = file_system.GetFileEntryByPathSpec(path_spec)
self.assertIsNotNone(file_entry)
self.assertEqual(file_entry.name, 'password.txt')
path_spec = ntfs_path_spec.NTFSPathSpec(location='\\bogus.txt',
mft_entry=19,
parent=self._qcow_path_spec)
file_entry = file_system.GetFileEntryByPathSpec(path_spec)
self.assertIsNone(file_entry)
file_system.Close()
def _GetAlias(self,scan_node):
alias = scan_node.type_indicator
if scan_node.type_indicator == definitions.TYPE_INDICATOR_OS:
alias = getattr(scan_node.path_spec, 'location', None)
match = re.match(r"^\\\\\.\\([a-zA-Z])\:$",alias)
if match:
alias = alias[4:6]
else:
alias = os.path.basename(alias)
elif scan_node.type_indicator == definitions.TYPE_INDICATOR_TSK_PARTITION:
if scan_node.path_spec.part_index is not None:
alias = u'Partition Index - {}'.format(scan_node.path_spec.part_index)
file_system = resolver.Resolver.OpenFileSystem(scan_node.path_spec)
for volume in file_system._tsk_volume:
if volume.addr == scan_node.path_spec.part_index:
alias = u'{}'.format(volume.desc)
break
else:
return None
elif scan_node.type_indicator == definitions.TYPE_INDICATOR_TSK:
file_system = None
try:
file_system = resolver.Resolver.OpenFileSystem(scan_node.path_spec)
except Exception as error:
print(
u"Cannot open file system. [comparable]({})".format(
scan_node.path_spec.comparable)
)
if file_system is not None:
if file_system.IsNTFS():
# Get File System Label
ntfs = ntfs_file_system.NTFSFileSystem(None)
ntfs._Open(scan_node.path_spec)
if ntfs._fsntfs_volume.name is not None:
alias = ntfs._fsntfs_volume.name
else:
#alias = unicode(file_system._tsk_fs_type)
alias = u'NONAME'
else:
alias = getattr(scan_node.path_spec, 'location', None)
alias = os.path.basename(alias)
elif scan_node.type_indicator == definitions.TYPE_INDICATOR_VSHADOW:
alias = getattr(scan_node.path_spec, 'location', None)
# Remove preceding '/'
if alias is not None:
alias = alias[1:]
# If no location, then set as 'VSHADOW' (for a vss root)
if alias == '':
alias = 'Volume Shadow Stores'
else:
alias = os.path.basename(alias)
return alias
def NewFileSystem(self, resolver_context):
"""Creates a new file system object.
Args:
resolver_context (Context): resolver context.
Returns:
FileSystem: file system.
"""
return ntfs_file_system.NTFSFileSystem(resolver_context)
def NewFileSystem(self, resolver_context, path_spec):
"""Creates a new file system object.
Args:
resolver_context (Context): resolver context.
path_spec (PathSpec): a path specification.
Returns:
FileSystem: file system.
"""
return ntfs_file_system.NTFSFileSystem(resolver_context, path_spec)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._resolver_context = context.Context()
test_file = self._GetTestFilePath(['vsstest.qcow2'])
path_spec = os_path_spec.OSPathSpec(location=test_file)
self._qcow_path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
self._ntfs_path_spec = ntfs_path_spec.NTFSPathSpec(
location='\\', parent=self._qcow_path_spec)
self._file_system = ntfs_file_system.NTFSFileSystem(
self._resolver_context)
self._file_system.Open(self._ntfs_path_spec)
def testGetRootFileEntry(self):
"""Test the get root file entry functionality."""
file_system = ntfs_file_system.NTFSFileSystem(self._resolver_context,
self._ntfs_path_spec)
self.assertIsNotNone(file_system)
file_system.Open()
file_entry = file_system.GetRootFileEntry()
self.assertIsNotNone(file_entry)
self.assertEqual(file_entry.name, '')
def testFileEntryExistsByPathSpec(self):
"""Test the file entry exists by path specification functionality."""
file_system = ntfs_file_system.NTFSFileSystem(self._resolver_context)
self.assertIsNotNone(file_system)
file_system.Open(self._ntfs_path_spec)
path_spec = ntfs_path_spec.NTFSPathSpec(
location=u'\\password.txt', mft_attribute=1, mft_entry=41,
parent=self._qcow_path_spec)
self.assertTrue(file_system.FileEntryExistsByPathSpec(path_spec))
path_spec = ntfs_path_spec.NTFSPathSpec(
location=u'\\bogus.txt', mft_entry=19, parent=self._qcow_path_spec)
self.assertFalse(file_system.FileEntryExistsByPathSpec(path_spec))
file_system.Close()
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._resolver_context = context.Context()
test_path = self._GetTestFilePath(['vsstest.qcow2'])
self._SkipIfPathNotExists(test_path)
test_os_path_spec = path_spec_factory.Factory.NewPathSpec(
definitions.TYPE_INDICATOR_OS, location=test_path)
self._qcow_path_spec = path_spec_factory.Factory.NewPathSpec(
definitions.TYPE_INDICATOR_QCOW, parent=test_os_path_spec)
self._ntfs_path_spec = path_spec_factory.Factory.NewPathSpec(
definitions.TYPE_INDICATOR_NTFS, location='\\',
parent=self._qcow_path_spec)
self._file_system = ntfs_file_system.NTFSFileSystem(
self._resolver_context, self._ntfs_path_spec)
self._file_system.Open()
def testFileEntryExistsByPathSpec(self):
"""Test the file entry exists by path specification functionality."""
file_system = ntfs_file_system.NTFSFileSystem(self._resolver_context,
self._ntfs_path_spec)
self.assertIsNotNone(file_system)
file_system.Open()
path_spec = path_spec_factory.Factory.NewPathSpec(
definitions.TYPE_INDICATOR_NTFS,
location='\\password.txt',
mft_attribute=1,
mft_entry=41,
parent=self._qcow_path_spec)
self.assertTrue(file_system.FileEntryExistsByPathSpec(path_spec))
path_spec = path_spec_factory.Factory.NewPathSpec(
definitions.TYPE_INDICATOR_NTFS,
location='\\bogus.txt',
mft_entry=19,
parent=self._qcow_path_spec)
self.assertFalse(file_system.FileEntryExistsByPathSpec(path_spec))
