def __enter__(self): self.filesystems = (FileSystem(self.disks[0]), FileSystem(self.disks[1])) for filesystem in self.filesystems: filesystem.mount() return self
def parse_registry(hive, disk=None, sort=False): if disk is not None: with FileSystem(disk) as filesystem: registry = extract_registry(filesystem, hive) else: registry = RegistryHive(hive) registry.rootkey = registry_root(hive) if sort: keys = sorted((k for k in registry.keys()), key=lambda k: k.timestamp) return OrderedDict((k.path, (k.timestamp, k.values)) for k in keys) else: return {k.path: (k.timestamp, k.values) for k in registry.keys()}
def list_files(disk, identify=False, size=False): logger = logging.getLogger('filesystem') with FileSystem(disk) as filesystem: logger.debug("Listing files.") files = hash_filesystem(filesystem) if identify: logger.debug("Gatering file types.") for file_meta in files: file_meta['type'] = filesystem.file(file_meta['path']) if size: logger.debug("Gatering file sizes.") for file_meta in files: file_meta['size'] = filesystem.stat(file_meta['path'])['size'] return files
def parse_usnjrnl(usnjrnl, disk=None): if disk is not None: with FileSystem(disk) as filesystem: return extract_usnjrnl(filesystem, usnjrnl) else: return [e._asdict() for e in usn_journal(usnjrnl)]
def __enter__(self): self._filesystem = FileSystem(self._disk) self._filesystem.mount() return self