def testProcess(self):
"""Tests the Process function."""
plugin = file_history.FileHistoryESEDBPlugin()
storage_writer = self._ParseESEDBFileWithPlugin(['Catalog1.edb'],
plugin)
self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 2713)
events = list(storage_writer.GetEvents())
expected_filename = '?UP\\Favorites\\Links\\Lenovo'
expected_event_values = {
'identifier': 356,
'original_filename': expected_filename,
'timestamp': '2013-10-12 17:34:36.688581',
'timestamp_desc': definitions.TIME_DESCRIPTION_MODIFICATION,
'usn_number': 9251162904
}
self.CheckEventValues(storage_writer, events[702],
expected_event_values)
expected_message = ('Filename: {0:s} '
'Identifier: 356 '
'Parent Identifier: 230 '
'Attributes: 16 '
'USN number: 9251162904').format(expected_filename)
expected_short_message = 'Filename: {0:s}'.format(expected_filename)
event_data = self._GetEventDataOfEvent(storage_writer, events[702])
self._TestGetMessageStrings(event_data, expected_message,
expected_short_message)
def testProcess(self):
"""Tests the Process function."""
plugin = file_history.FileHistoryESEDBPlugin()
storage_writer = self._ParseESEDBFileWithPlugin(['Catalog1.edb'],
plugin)
number_of_events = storage_writer.GetNumberOfAttributeContainers(
'event')
self.assertEqual(number_of_events, 2713)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'extraction_warning')
self.assertEqual(number_of_warnings, 0)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'recovery_warning')
self.assertEqual(number_of_warnings, 0)
events = list(storage_writer.GetEvents())
expected_event_values = {
'data_type': 'file_history:namespace:event',
'date_time': '2013-10-12 17:34:36.6885806',
'file_attribute': 16,
'identifier': 356,
'original_filename': '?UP\\Favorites\\Links\\Lenovo',
'parent_identifier': 230,
'timestamp_desc': definitions.TIME_DESCRIPTION_MODIFICATION,
'usn_number': 9251162904
}
self.CheckEventValues(storage_writer, events[702],
expected_event_values)
def testProcess(self):
"""Tests the Process function."""
plugin = file_history.FileHistoryESEDBPlugin()
storage_writer = self._ParseESEDBFileWithPlugin(['Catalog1.edb'],
plugin)
self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 2713)
events = list(storage_writer.GetEvents())
event = events[702]
self.CheckTimestamp(event.timestamp, '2013-10-12 17:34:36.688581')
self.assertEqual(event.timestamp_desc,
definitions.TIME_DESCRIPTION_MODIFICATION)
self.assertEqual(event.usn_number, 9251162904)
self.assertEqual(event.identifier, 356)
filename = '?UP\\Favorites\\Links\\Lenovo'
self.assertEqual(event.original_filename, filename)
expected_message = ('Filename: {0:s} '
'Identifier: 356 '
'Parent Identifier: 230 '
'Attributes: 16 '
'USN number: 9251162904').format(filename)
expected_short_message = 'Filename: {0:s}'.format(filename)
self._TestGetMessageStrings(event, expected_message,
expected_short_message)
