def testParseVista(self):
"""Tests the Parse function on a Windows Vista RecycleBin file."""
parser = recycler.WinRecycleBinParser()
storage_writer = self._ParseFile(['$II3DF3L.zip'], parser)
self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 1)
events = list(storage_writer.GetEvents())
event = events[0]
self.CheckTimestamp(event.timestamp, '2012-03-12 20:49:58.633000')
expected_filename = (
'C:\\Users\\nfury\\Documents\\Alloy Research\\StarFury.zip')
self.assertEqual(event.original_filename, expected_filename)
self.assertEqual(event.file_size, 724919)
expected_message = '{0:s} (from drive: UNKNOWN)'.format(
expected_filename)
expected_short_message = 'Deleted file: {0:s}'.format(
expected_filename)
self._TestGetMessageStrings(event, expected_message,
expected_short_message)
def testParse(self):
"""Tests the Parse function."""
parser_object = recycler.WinRecycleBinParser()
test_file = self._GetTestFilePath([u'$II3DF3L.zip'])
event_queue_consumer = self._ParseFile(parser_object, test_file)
event_objects = self._GetEventObjectsFromQueue(event_queue_consumer)
self.assertEqual(len(event_objects), 1)
event_object = event_objects[0]
self.assertEqual(
event_object.orig_filename,
(u'C:\\Users\\nfury\\Documents\\Alloy Research\\StarFury.zip'))
expected_timestamp = timelib.Timestamp.CopyFromString(
u'2012-03-12 20:49:58.633')
self.assertEqual(event_object.timestamp, expected_timestamp)
self.assertEqual(event_object.file_size, 724919)
expected_msg = (
u'C:\\Users\\nfury\\Documents\\Alloy Research\\StarFury.zip '
u'(from drive: UNKNOWN)')
expected_msg_short = (
u'Deleted file: C:\\Users\\nfury\\Documents\\Alloy Research\\'
u'StarFury.zip')
self._TestGetMessageStrings(event_object, expected_msg,
expected_msg_short)
def testParseVista(self):
"""Tests the Parse function on a Windows Vista RecycleBin file."""
parser = recycler.WinRecycleBinParser()
storage_writer = self._ParseFile(['$II3DF3L.zip'], parser)
number_of_events = storage_writer.GetNumberOfAttributeContainers(
'event')
self.assertEqual(number_of_events, 1)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'extraction_warning')
self.assertEqual(number_of_warnings, 0)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'recovery_warning')
self.assertEqual(number_of_warnings, 0)
events = list(storage_writer.GetEvents())
expected_event_values = {
'date_time':
'2012-03-12 20:49:58.6330000',
'data_type':
'windows:metadata:deleted_item',
'file_size':
724919,
'original_filename':
('C:\\Users\\nfury\\Documents\\Alloy Research\\StarFury.zip')
}
self.CheckEventValues(storage_writer, events[0], expected_event_values)
def testParseWindows10(self):
"""Tests the Parse function on a Windows 10 RecycleBin file."""
parser = recycler.WinRecycleBinParser()
storage_writer = self._ParseFile(['$I103S5F.jpg'], parser)
number_of_events = storage_writer.GetNumberOfAttributeContainers(
'event')
self.assertEqual(number_of_events, 1)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'extraction_warning')
self.assertEqual(number_of_warnings, 0)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'recovery_warning')
self.assertEqual(number_of_warnings, 0)
events = list(storage_writer.GetEvents())
expected_event_values = {
'date_time': '2016-06-29 21:37:45.6180000',
'data_type': 'windows:metadata:deleted_item',
'file_size': 222255,
'original_filename': ('C:\\Users\\random\\Downloads\\bunnies.jpg')
}
self.CheckEventValues(storage_writer, events[0], expected_event_values)
def testParseWindows10(self):
"""Tests the Parse function on a Windows 10 RecycleBin file."""
parser = recycler.WinRecycleBinParser()
storage_writer = self._ParseFile(['$I103S5F.jpg'], parser)
self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 1)
events = list(storage_writer.GetEvents())
event = events[0]
self.CheckTimestamp(event.timestamp, '2016-06-29 21:37:45.618000')
event_data = self._GetEventDataOfEvent(storage_writer, event)
expected_filename = ('C:\\Users\\random\\Downloads\\bunnies.jpg')
self.assertEqual(event_data.original_filename, expected_filename)
self.assertEqual(event_data.file_size, 222255)
expected_message = '{0:s} (from drive: UNKNOWN)'.format(
expected_filename)
expected_short_message = 'Deleted file: {0:s}'.format(
expected_filename)
self._TestGetMessageStrings(event_data, expected_message,
expected_short_message)
def testParseWindows10(self):
"""Tests the Parse function on a Windows 10 RecycleBin file."""
parser = recycler.WinRecycleBinParser()
storage_writer = self._ParseFile(['$I103S5F.jpg'], parser)
self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 1)
events = list(storage_writer.GetEvents())
expected_filename = ('C:\\Users\\random\\Downloads\\bunnies.jpg')
expected_event_values = {
'file_size': 222255,
'original_filename': expected_filename,
'timestamp': '2016-06-29 21:37:45.618000'
}
self.CheckEventValues(storage_writer, events[0], expected_event_values)
expected_message = expected_filename
expected_short_message = 'Deleted file: {0:s}'.format(
expected_filename)
event_data = self._GetEventDataOfEvent(storage_writer, events[0])
self._TestGetMessageStrings(event_data, expected_message,
expected_short_message)
def testParseVista(self):
"""Tests the Parse function on a Windows Vista RecycleBin file."""
parser = recycler.WinRecycleBinParser()
storage_writer = self._ParseFile(['$II3DF3L.zip'], parser)
self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 1)
events = list(storage_writer.GetEvents())
expected_filename = (
'C:\\Users\\nfury\\Documents\\Alloy Research\\StarFury.zip')
expected_event_values = {
'file_size': 724919,
'original_filename': expected_filename,
'timestamp': '2012-03-12 20:49:58.633000'
}
self.CheckEventValues(storage_writer, events[0], expected_event_values)
expected_message = expected_filename
expected_short_message = 'Deleted file: {0:s}'.format(
expected_filename)
event_data = self._GetEventDataOfEvent(storage_writer, events[0])
self._TestGetMessageStrings(event_data, expected_message,
expected_short_message)
def setUp(self): """Sets up the needed objects used throughout the test.""" self._parser = recycler.WinRecycleBinParser()
def setUp(self): """Makes preparations before running an individual test.""" self._parser = recycler.WinRecycleBinParser()
