def _TestScanSourceDirectory(self, source_path):
"""Tests the ScanSource function on a directory.
Args:
source_path (str): path of the source device, directory or file.
"""
test_tool = storage_media_tool.StorageMediaTool()
options = test_lib.TestOptions()
options.source = source_path
test_tool._ParseStorageMediaImageOptions(options)
test_tool._ParseVSSProcessingOptions(options)
test_tool._ParseCredentialOptions(options)
test_tool._ParseSourcePathOption(options)
scan_context = test_tool.ScanSource(source_path)
self.assertIsNotNone(scan_context)
scan_node = scan_context.GetRootScanNode()
self.assertIsNotNone(scan_node)
self.assertEqual(scan_node.type_indicator,
dfvfs_definitions.TYPE_INDICATOR_OS)
path_spec = scan_node.path_spec
self.assertEqual(path_spec.location, os.path.abspath(source_path))
def testNormalizedVolumeIdentifiersPartitionedImage(self):
"""Tests the _NormalizedVolumeIdentifiers function."""
test_tool = storage_media_tool.StorageMediaTool()
test_path = self._GetTestFilePath(['tsk_volume_system.raw'])
test_os_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location=test_path)
test_raw_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_RAW, parent=test_os_path_spec)
test_tsk_partition_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_TSK_PARTITION,
parent=test_raw_path_spec)
volume_system = tsk_volume_system.TSKVolumeSystem()
volume_system.Open(test_tsk_partition_path_spec)
volume_identifiers = test_tool._NormalizedVolumeIdentifiers(
volume_system, ['p1', 'p2'], prefix='p')
self.assertEqual(volume_identifiers, ['p1', 'p2'])
volume_identifiers = test_tool._NormalizedVolumeIdentifiers(
volume_system, [1, 2], prefix='p')
self.assertEqual(volume_identifiers, ['p1', 'p2'])
volume_identifiers = test_tool._NormalizedVolumeIdentifiers(
volume_system, ['1', '2'], prefix='p')
self.assertEqual(volume_identifiers, ['p1', 'p2'])
# Test error conditions.
with self.assertRaises(errors.SourceScannerError):
test_tool._NormalizedVolumeIdentifiers(
volume_system, ['p3'], prefix='p')
def testParseVolumeIdentifiersString(self):
"""Tests the _ParseVolumeIdentifiersString function."""
test_tool = storage_media_tool.StorageMediaTool()
volume_identifiers = test_tool._ParseVolumeIdentifiersString('')
self.assertEqual(volume_identifiers, [])
volume_identifiers = test_tool._ParseVolumeIdentifiersString('all')
self.assertEqual(volume_identifiers, ['all'])
volume_identifiers = test_tool._ParseVolumeIdentifiersString('v1')
self.assertEqual(volume_identifiers, ['v1'])
volume_identifiers = test_tool._ParseVolumeIdentifiersString('1')
self.assertEqual(volume_identifiers, ['v1'])
volume_identifiers = test_tool._ParseVolumeIdentifiersString('1,3')
self.assertEqual(volume_identifiers, ['v1', 'v3'])
volume_identifiers = test_tool._ParseVolumeIdentifiersString('1..3')
self.assertEqual(volume_identifiers, ['v1', 'v2', 'v3'])
volume_identifiers = test_tool._ParseVolumeIdentifiersString('v1..v3')
self.assertEqual(volume_identifiers, ['v1', 'v2', 'v3'])
volume_identifiers = test_tool._ParseVolumeIdentifiersString('1..3,5')
self.assertEqual(volume_identifiers, ['v1', 'v2', 'v3', 'v5'])
with self.assertRaises(ValueError):
test_tool._ParseVolumeIdentifiersString('bogus')
with self.assertRaises(ValueError):
test_tool._ParseVolumeIdentifiersString('1..bogus')
def testNormalizedVolumeIdentifiersVSS(self):
"""Tests the _NormalizedVolumeIdentifiers function on a VSS."""
test_tool = storage_media_tool.StorageMediaTool()
test_path = self._GetTestFilePath(['vsstest.qcow2'])
test_os_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location=test_path)
test_qcow_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_QCOW, parent=test_os_path_spec)
test_vss_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_VSHADOW, parent=test_qcow_path_spec)
volume_system = vshadow_volume_system.VShadowVolumeSystem()
volume_system.Open(test_vss_path_spec)
volume_identifiers = test_tool._NormalizedVolumeIdentifiers(
volume_system, ['vss1', 'vss2'], prefix='vss')
self.assertEqual(volume_identifiers, ['vss1', 'vss2'])
volume_identifiers = test_tool._NormalizedVolumeIdentifiers(
volume_system, [1, 2], prefix='vss')
self.assertEqual(volume_identifiers, ['vss1', 'vss2'])
# Test error conditions.
with self.assertRaises(errors.SourceScannerError):
test_tool._NormalizedVolumeIdentifiers(
volume_system, ['vss3'], prefix='vss')
def testGetNormalizedVShadowVolumeIdentifiers(self):
"""Tests the _GetNormalizedVShadowVolumeIdentifiers function."""
test_tool = storage_media_tool.StorageMediaTool()
test_path = self._GetTestFilePath(['vsstest.qcow2'])
os_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location=test_path)
qcow_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_QCOW, parent=os_path_spec)
vss_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_VSHADOW, parent=qcow_path_spec)
volume_system = vshadow_volume_system.VShadowVolumeSystem()
volume_system.Open(vss_path_spec)
volume_identifiers = test_tool._GetNormalizedVShadowVolumeIdentifiers(
volume_system, ['vss1', 'vss2'])
self.assertEqual(volume_identifiers, [1, 2])
with self.assertRaises(KeyError):
test_tool._GetNormalizedTSKVolumeIdentifiers(volume_system, [1, 2])
with self.assertRaises(KeyError):
test_tool._GetNormalizedTSKVolumeIdentifiers(
volume_system, ['vss3'])
def _TestScanSourceAPFSImage(self, source_path):
"""Tests the ScanSource function on an APFS image.
Args:
source_path (str): path of the source device, directory or file.
"""
test_tool = storage_media_tool.StorageMediaTool()
options = test_lib.TestOptions()
options.credentials = ['password:{0:s}'.format(self._APFS_PASSWORD)]
options.partitions = 'all'
options.source = source_path
options.volumes = 'all'
test_tool._ParseStorageMediaImageOptions(options)
test_tool._ParseVSSProcessingOptions(options)
test_tool._ParseCredentialOptions(options)
test_tool._ParseSourcePathOption(options)
scan_context = test_tool.ScanSource(source_path)
self.assertIsNotNone(scan_context)
scan_node = self._GetTestScanNode(scan_context)
self.assertIsNotNone(scan_node)
self.assertEqual(
scan_node.type_indicator,
dfvfs_definitions.TYPE_INDICATOR_TSK_PARTITION)
self.assertEqual(len(scan_node.sub_nodes), 6)
for scan_node in scan_node.sub_nodes:
if getattr(scan_node.path_spec, 'location', None) == '/p1':
break
self.assertIsNotNone(scan_node)
self.assertEqual(
scan_node.type_indicator,
dfvfs_definitions.TYPE_INDICATOR_TSK_PARTITION)
self.assertEqual(len(scan_node.sub_nodes), 1)
path_spec = scan_node.path_spec
self.assertEqual(path_spec.start_offset, 20480)
scan_node = scan_node.sub_nodes[0]
self.assertIsNotNone(scan_node)
self.assertEqual(
scan_node.type_indicator,
dfvfs_definitions.TYPE_INDICATOR_APFS_CONTAINER)
self.assertEqual(len(scan_node.sub_nodes), 1)
scan_node = scan_node.sub_nodes[0]
self.assertIsNotNone(scan_node)
self.assertEqual(
scan_node.type_indicator,
dfvfs_definitions.TYPE_INDICATOR_APFS_CONTAINER)
self.assertEqual(len(scan_node.sub_nodes), 1)
scan_node = scan_node.sub_nodes[0]
self.assertIsNotNone(scan_node)
self.assertEqual(
scan_node.type_indicator, dfvfs_definitions.TYPE_INDICATOR_APFS)
def testParseCredentialOptions(self):
"""Tests the _ParseCredentialOptions function."""
test_tool = storage_media_tool.StorageMediaTool()
options = test_lib.TestOptions()
test_tool._ParseCredentialOptions(options)
def testScanVolumeOnVSS(self):
"""Tests the _ScanVolume function on VSS."""
test_tool = storage_media_tool.StorageMediaTool()
test_tool._process_vss = True
test_tool._vss_only = False
test_tool._vss_stores = 'all'
test_path = self._GetTestFilePath(['vsstest.qcow2'])
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_path)
test_tool._source_scanner.Scan(scan_context)
scan_node = self._GetTestScanNode(scan_context)
vss_scan_node = scan_node.sub_nodes[0]
# Test on volume system root node.
base_path_specs = []
test_tool._ScanVolume(scan_context, vss_scan_node, base_path_specs)
self.assertEqual(len(base_path_specs), 2)
# Test on volume system sub node.
base_path_specs = []
test_tool._ScanVolume(
scan_context, vss_scan_node.sub_nodes[0], base_path_specs)
self.assertEqual(len(base_path_specs), 1)
def testScanVolumeOnAPFS(self):
"""Tests the _ScanVolume function on an APFS image."""
resolver.Resolver.key_chain.Empty()
test_tool = storage_media_tool.StorageMediaTool()
test_path = self._GetTestFilePath(['apfs.dmg'])
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_path)
test_tool._source_scanner.Scan(scan_context)
scan_node = self._GetTestScanNode(scan_context)
apfs_container_scan_node = scan_node.sub_nodes[4].sub_nodes[0]
# Test on volume system root node.
base_path_specs = []
test_tool._ScanVolume(
scan_context, apfs_container_scan_node, base_path_specs)
self.assertEqual(len(base_path_specs), 1)
# Test on volume system sub node.
base_path_specs = []
test_tool._ScanVolume(
scan_context, apfs_container_scan_node.sub_nodes[0], base_path_specs)
self.assertEqual(len(base_path_specs), 1)
def testParseVSSProcessingOptions(self):
"""Tests the _ParseVSSProcessingOptions function."""
test_tool = storage_media_tool.StorageMediaTool()
options = test_lib.TestOptions()
test_tool._ParseVSSProcessingOptions(options)
def testParseStorageMediaImageOptions(self):
"""Tests the _ParseStorageMediaImageOptions function."""
test_tool = storage_media_tool.StorageMediaTool()
options = test_lib.TestOptions()
options.partitions = 'all'
test_tool._ParseStorageMediaImageOptions(options)
def testParseStorageMediaOptions(self):
"""Tests the _ParseStorageMediaOptions function."""
test_tool = storage_media_tool.StorageMediaTool()
options = test_lib.TestOptions()
options.partitions = 'all'
options.source = self._GetTestFilePath(['ímynd.dd'])
test_tool._ParseStorageMediaImageOptions(options)
def testAddStorageMediaImageOptions(self):
"""Tests the AddStorageMediaImageOptions function."""
argument_parser = argparse.ArgumentParser(
prog=u'storage_media_tool_test.py',
description=u'Test argument parser.',
add_help=False)
test_tool = storage_media_tool.StorageMediaTool()
test_tool.AddStorageMediaImageOptions(argument_parser)
output = argument_parser.format_help()
self.assertEqual(output, self._EXPECTED_OUTPUT_STORAGE_MEDIA_OPTIONS)
def testAddVSSProcessingOptions(self):
"""Tests the AddVSSProcessingOptions function."""
argument_parser = argparse.ArgumentParser(
prog=u'storage_media_tool_test.py',
description=u'Test argument parser.', add_help=False,
formatter_class=argparse.RawDescriptionHelpFormatter)
test_tool = storage_media_tool.StorageMediaTool()
test_tool.AddVSSProcessingOptions(argument_parser)
output = self._RunArgparseFormatHelp(argument_parser)
self.assertEqual(output, self._EXPECTED_OUTPUT_VSS_PROCESSING_OPTIONS)
def testParseSourcePathOption(self):
"""Tests the _ParseSourcePathOption function."""
test_tool = storage_media_tool.StorageMediaTool()
options = test_lib.TestOptions()
with self.assertRaises(errors.BadConfigOption):
test_tool._ParseSourcePathOption(options)
options.source = self._GetTestFilePath(['ímynd.dd'])
test_tool._ParseSourcePathOption(options)
def testAddStorageMediaImageOptions(self):
"""Tests the AddStorageMediaImageOptions function."""
argument_parser = argparse.ArgumentParser(
prog='storage_media_tool_test.py',
description='Test argument parser.', add_help=False,
formatter_class=test_lib.SortedArgumentsHelpFormatter)
test_tool = storage_media_tool.StorageMediaTool()
test_tool.AddStorageMediaImageOptions(argument_parser)
output = self._RunArgparseFormatHelp(argument_parser)
self.assertEqual(output, self._EXPECTED_OUTPUT_STORAGE_MEDIA_OPTIONS)
def testScanVolume(self):
"""Tests the _ScanVolume function."""
test_tool = storage_media_tool.StorageMediaTool()
scan_context = source_scanner.SourceScannerContext()
# Test error conditions.
with self.assertRaises(errors.SourceScannerError):
test_tool._ScanVolume(scan_context, None, [])
scan_node = source_scanner.SourceScanNode(None)
with self.assertRaises(errors.SourceScannerError):
test_tool._ScanVolume(scan_context, scan_node, [])
def testScanVolumeOnRAW(self):
"""Tests the _ScanVolume function on a RAW image."""
test_tool = storage_media_tool.StorageMediaTool()
test_path = self._GetTestFilePath(['ímynd.dd'])
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_path)
test_tool._source_scanner.Scan(scan_context)
scan_node = scan_context.GetRootScanNode()
base_path_specs = []
test_tool._ScanVolume(scan_context, scan_node, base_path_specs)
self.assertEqual(len(base_path_specs), 1)
def testAddVssProcessingOptions(self):
"""Tests the AddVssProcessingOptions function."""
argument_parser = argparse.ArgumentParser(
prog=u'storage_media_tool_test.py',
description=u'Test argument parser.')
output = argument_parser.format_help()
self.assertEqual(output, self._EXPECTED_OUTPUT_DEFAULT)
test_tool = storage_media_tool.StorageMediaTool()
test_tool.AddVssProcessingOptions(argument_parser)
output = argument_parser.format_help()
self.assertEqual(output, self._EXPECTED_OUTPUT_VSS_PROCESSING_OPTIONS)
def testScanVolumeSystemRootOnPartitionedImage(self):
"""Tests the _ScanVolumeSystemRoot function on a partitioned image."""
test_tool = storage_media_tool.StorageMediaTool()
test_path = self._GetTestFilePath(['tsk_volume_system.raw'])
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_path)
test_tool._source_scanner.Scan(scan_context)
scan_node = self._GetTestScanNode(scan_context)
# Test error conditions.
with self.assertRaises(errors.SourceScannerError):
test_tool._ScanVolumeSystemRoot(scan_context, scan_node, [])
def testScanEncryptedVolumeOnBDE(self):
"""Tests the _ScanEncryptedVolume function on a BDE image."""
resolver.Resolver.key_chain.Empty()
test_tool = storage_media_tool.StorageMediaTool()
test_tool._credentials = [('password', self._BDE_PASSWORD)]
test_path = self._GetTestFilePath(['bdetogo.raw'])
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_path)
test_tool._source_scanner.Scan(scan_context)
scan_node = self._GetTestScanNode(scan_context)
bde_scan_node = scan_node.sub_nodes[0]
test_tool._ScanEncryptedVolume(scan_context, bde_scan_node)
def testScanVolumeSystemRootOnVSSDisabled(self):
"""Tests the _ScanVolumeSystemRoot function on VSS with VSS turned off."""
test_tool = storage_media_tool.StorageMediaTool()
test_tool._process_vss = False
test_path = self._GetTestFilePath(['vsstest.qcow2'])
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_path)
test_tool._source_scanner.Scan(scan_context)
scan_node = self._GetTestScanNode(scan_context)
vss_scan_node = scan_node.sub_nodes[0]
base_path_specs = []
test_tool._ScanVolumeSystemRoot(
scan_context, vss_scan_node, base_path_specs)
self.assertEqual(len(base_path_specs), 0)
def _TestScanSourceVSSImage(self, source_path):
"""Tests the ScanSource function on a VSS storage media image.
Args:
source_path (str): path of the source device, directory or file.
"""
test_tool = storage_media_tool.StorageMediaTool()
options = test_lib.TestOptions()
options.source = source_path
options.vss_stores = 'all'
test_tool._ParseStorageMediaImageOptions(options)
test_tool._ParseVSSProcessingOptions(options)
test_tool._ParseCredentialOptions(options)
test_tool._ParseSourcePathOption(options)
scan_context = test_tool.ScanSource(source_path)
self.assertIsNotNone(scan_context)
scan_node = self._GetTestScanNode(scan_context)
self.assertIsNotNone(scan_node)
self.assertEqual(
scan_node.type_indicator,
dfvfs_definitions.TYPE_INDICATOR_QCOW)
self.assertEqual(len(scan_node.sub_nodes), 2)
volume_scan_node = scan_node
scan_node = volume_scan_node.sub_nodes[0]
self.assertEqual(
scan_node.type_indicator, dfvfs_definitions.TYPE_INDICATOR_VSHADOW)
self.assertEqual(len(scan_node.sub_nodes), 2)
scan_node = scan_node.sub_nodes[0]
self.assertEqual(
scan_node.type_indicator, dfvfs_definitions.TYPE_INDICATOR_VSHADOW)
# By default the file system inside a VSS volume is not scanned.
self.assertEqual(len(scan_node.sub_nodes), 0)
scan_node = volume_scan_node.sub_nodes[1]
self.assertEqual(
scan_node.type_indicator, dfvfs_definitions.TYPE_INDICATOR_TSK)
def _TestScanSourcePartitionedImage(self, source_path):
"""Tests the ScanSource function on an image containing multiple partitions.
Args:
source_path (str): path of the source device, directory or file.
"""
test_tool = storage_media_tool.StorageMediaTool()
options = test_lib.TestOptions()
options.partitions = 'all'
options.source = source_path
test_tool._ParseStorageMediaImageOptions(options)
test_tool._ParseVSSProcessingOptions(options)
test_tool._ParseCredentialOptions(options)
test_tool._ParseSourcePathOption(options)
scan_context = test_tool.ScanSource(source_path)
self.assertIsNotNone(scan_context)
scan_node = self._GetTestScanNode(scan_context)
self.assertIsNotNone(scan_node)
self.assertEqual(
scan_node.type_indicator,
dfvfs_definitions.TYPE_INDICATOR_TSK_PARTITION)
self.assertEqual(len(scan_node.sub_nodes), 7)
for scan_node in scan_node.sub_nodes:
if getattr(scan_node.path_spec, 'location', None) == '/p2':
break
self.assertIsNotNone(scan_node)
self.assertEqual(
scan_node.type_indicator,
dfvfs_definitions.TYPE_INDICATOR_TSK_PARTITION)
self.assertEqual(len(scan_node.sub_nodes), 1)
path_spec = scan_node.path_spec
self.assertEqual(path_spec.start_offset, 180224)
scan_node = scan_node.sub_nodes[0]
self.assertIsNotNone(scan_node)
self.assertEqual(
scan_node.type_indicator, dfvfs_definitions.TYPE_INDICATOR_TSK)
def testFormatHumanReadableSize(self):
"""Tests the _FormatHumanReadableSize function."""
test_tool = storage_media_tool.StorageMediaTool()
expected_size_string = '1000 B'
size_string = test_tool._FormatHumanReadableSize(1000)
self.assertEqual(size_string, expected_size_string)
expected_size_string = '1.0KiB / 1.0kB (1024 B)'
size_string = test_tool._FormatHumanReadableSize(1024)
self.assertEqual(size_string, expected_size_string)
expected_size_string = '976.6KiB / 1.0MB (1000000 B)'
size_string = test_tool._FormatHumanReadableSize(1000000)
self.assertEqual(size_string, expected_size_string)
expected_size_string = '1.0MiB / 1.0MB (1048576 B)'
size_string = test_tool._FormatHumanReadableSize(1048576)
self.assertEqual(size_string, expected_size_string)
def _TestScanSourceImage(self, source_path):
"""Tests the ScanSource function on an image containing a single partition.
Args:
source_path: the path of the source device, directory or file.
"""
test_tool = storage_media_tool.StorageMediaTool()
options = test_lib.TestOptions()
options.source = source_path
test_tool.ParseOptions(options)
scan_context = test_tool.ScanSource()
self.assertIsNotNone(scan_context)
scan_node = self._GetTestScanNode(scan_context)
self.assertIsNotNone(scan_node)
self.assertEqual(
scan_node.type_indicator, dfvfs_definitions.TYPE_INDICATOR_TSK)
def testScanEncryptedVolumeOnEncryptedAPFS(self):
"""Tests the _ScanEncryptedVolume function on an encrypted APFS image."""
resolver.Resolver.key_chain.Empty()
test_tool = storage_media_tool.StorageMediaTool()
test_tool._credentials = [('password', self._APFS_PASSWORD)]
test_path = self._GetTestFilePath(['apfs_encrypted.dmg'])
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_path)
test_tool._source_scanner.Scan(scan_context)
scan_node = self._GetTestScanNode(scan_context)
apfs_container_scan_node = scan_node.sub_nodes[4].sub_nodes[0]
# Test on volume system sub node.
test_tool._ScanEncryptedVolume(
scan_context, apfs_container_scan_node.sub_nodes[0])
def testPrintAPFSVolumeIdentifiersOverview(self):
"""Tests the _PrintAPFSVolumeIdentifiersOverview function."""
test_path = self._GetTestFilePath(['apfs.dmg'])
test_os_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location=test_path)
test_raw_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_RAW, parent=test_os_path_spec)
test_tsk_partition_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_TSK_PARTITION, location='/p1',
parent=test_raw_path_spec)
test_apfs_container_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_APFS_CONTAINER, location='/',
parent=test_tsk_partition_path_spec)
volume_system = apfs_volume_system.APFSVolumeSystem()
volume_system.Open(test_apfs_container_path_spec)
file_object = io.BytesIO()
test_output_writer = tools.FileObjectOutputWriter(file_object)
test_tool = storage_media_tool.StorageMediaTool(
output_writer=test_output_writer)
test_tool._PrintAPFSVolumeIdentifiersOverview(volume_system, ['apfs1'])
file_object.seek(0, os.SEEK_SET)
output_data = file_object.read()
expected_output_data = [
b'The following Apple File System (APFS) volumes were found:',
b'',
b'Identifier Name',
b'apfs1 SingleVolume',
b'',
b'']
if not win32console:
# Using join here since Python 3 does not support format of bytes.
expected_output_data[2] = b''.join([
b'\x1b[1m', expected_output_data[2], b'\x1b[0m'])
self.assertEqual(output_data.split(b'\n'), expected_output_data)
def testPrintTSKPartitionIdentifiersOverview(self):
"""Tests the _PrintTSKPartitionIdentifiersOverview function."""
test_path = self._GetTestFilePath(['tsk_volume_system.raw'])
test_os_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location=test_path)
test_raw_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_RAW, parent=test_os_path_spec)
test_tsk_partition_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_TSK_PARTITION,
parent=test_raw_path_spec)
volume_system = tsk_volume_system.TSKVolumeSystem()
volume_system.Open(test_tsk_partition_path_spec)
file_object = io.BytesIO()
test_output_writer = tools.FileObjectOutputWriter(file_object)
test_tool = storage_media_tool.StorageMediaTool(
output_writer=test_output_writer)
test_tool._PrintTSKPartitionIdentifiersOverview(volume_system, ['p1', 'p2'])
file_object.seek(0, os.SEEK_SET)
output_data = file_object.read()
expected_output_data = [
b'The following partitions were found:',
b'',
b'Identifier Offset (in bytes) Size (in bytes)',
(b'p1 512 (0x00000200) 175.0KiB / 179.2kB '
b'(179200 B)'),
b'p2 180224 (0x0002c000) 1.2MiB / 1.3MB (1294336 B)',
b'',
b'']
if not win32console:
# Using join here since Python 3 does not support format of bytes.
expected_output_data[2] = b''.join([
b'\x1b[1m', expected_output_data[2], b'\x1b[0m'])
self.assertEqual(output_data.split(b'\n'), expected_output_data)
def testPrintVSSStoreIdentifiersOverview(self):
"""Tests the _PrintVSSStoreIdentifiersOverview function."""
test_path = self._GetTestFilePath(['vsstest.qcow2'])
test_os_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location=test_path)
test_qcow_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_QCOW, parent=test_os_path_spec)
test_vss_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_VSHADOW, parent=test_qcow_path_spec)
volume_system = vshadow_volume_system.VShadowVolumeSystem()
volume_system.Open(test_vss_path_spec)
file_object = io.BytesIO()
test_output_writer = tools.FileObjectOutputWriter(file_object)
test_tool = storage_media_tool.StorageMediaTool(
output_writer=test_output_writer)
test_tool._PrintVSSStoreIdentifiersOverview(volume_system, ['vss1', 'vss2'])
file_object.seek(0, os.SEEK_SET)
output_data = file_object.read()
expected_output_data = [
b'The following Volume Shadow Snapshots (VSS) were found:',
b'',
b'Identifier Creation Time',
b'vss1 2013-12-03 06:35:09.7363787',
b'vss2 2013-12-03 06:37:48.9190583',
b'',
b'']
if not win32console:
# Using join here since Python 3 does not support format of bytes.
expected_output_data[2] = b''.join([
b'\x1b[1m', expected_output_data[2], b'\x1b[0m'])
self.assertEqual(output_data.split(b'\n'), expected_output_data)
