PyPI - dissect.target - Versions diffs - 3.13.dev26__py3-none-any.whl → 3.14__py3-none-any.whl - Mend

dissect.target 3.13.dev26py3-none-any.whl → 3.14py3-none-any.whl

Files changed (138) hide show

dissect/target/container.py +9 -1
dissect/target/containers/asdf.py +2 -0
dissect/target/containers/ewf.py +2 -0
dissect/target/containers/hdd.py +2 -0
dissect/target/containers/hds.py +2 -0
dissect/target/containers/qcow2.py +2 -0
dissect/target/containers/raw.py +2 -0
dissect/target/containers/split.py +2 -0
dissect/target/containers/vdi.py +2 -0
dissect/target/containers/vhd.py +2 -0
dissect/target/containers/vhdx.py +2 -0
dissect/target/containers/vmdk.py +2 -0
dissect/target/filesystem.py +108 -15
dissect/target/filesystems/ad1.py +1 -1
dissect/target/filesystems/btrfs.py +180 -0
dissect/target/filesystems/cb.py +4 -4
dissect/target/filesystems/config.py +161 -31
dissect/target/filesystems/dir.py +1 -1
dissect/target/filesystems/exfat.py +1 -1
dissect/target/filesystems/extfs.py +5 -1
dissect/target/filesystems/fat.py +1 -1
dissect/target/filesystems/ffs.py +1 -1
dissect/target/filesystems/itunes.py +1 -1
dissect/target/filesystems/ntfs.py +1 -1
dissect/target/filesystems/smb.py +1 -1
dissect/target/filesystems/squashfs.py +1 -1
dissect/target/filesystems/tar.py +1 -1
dissect/target/filesystems/vmfs.py +1 -1
dissect/target/filesystems/xfs.py +1 -1
dissect/target/filesystems/zip.py +1 -1
dissect/target/helpers/cache.py +2 -2
dissect/target/helpers/configutil.py +283 -83
dissect/target/helpers/fsutil.py +9 -6
dissect/target/helpers/hashutil.py +20 -19
dissect/target/helpers/utils.py +14 -3
dissect/target/loaders/ad1.py +1 -1
dissect/target/loaders/asdf.py +1 -1
dissect/target/loaders/log.py +2 -2
dissect/target/loaders/smb.py +23 -13
dissect/target/loaders/targetd.py +12 -2
dissect/target/loaders/vma.py +1 -1
dissect/target/loaders/xva.py +1 -1
dissect/target/plugin.py +14 -2
dissect/target/plugins/apps/av/sophos.py +1 -2
dissect/target/plugins/apps/av/symantec.py +3 -4
dissect/target/plugins/apps/av/trendmicro.py +2 -3
dissect/target/plugins/{browsers → apps/browser}/chrome.py +6 -3
dissect/target/plugins/{browsers → apps/browser}/chromium.py +18 -13
dissect/target/plugins/{browsers → apps/browser}/edge.py +6 -3
dissect/target/plugins/{browsers → apps/browser}/firefox.py +3 -7
dissect/target/plugins/{browsers → apps/browser}/iexplore.py +14 -4
dissect/target/plugins/apps/remoteaccess/teamviewer.py +55 -27
dissect/target/plugins/apps/ssh/opensshd.py +31 -30
dissect/target/plugins/apps/{webservers → webserver}/apache.py +1 -1
dissect/target/plugins/apps/{webservers → webserver}/caddy.py +1 -1
dissect/target/plugins/apps/{webservers → webserver}/iis.py +1 -1
dissect/target/plugins/apps/{webservers → webserver}/nginx.py +1 -1
dissect/target/plugins/child/hyperv.py +1 -2
dissect/target/plugins/child/vmware_workstation.py +1 -3
dissect/target/plugins/filesystem/acquire_handles.py +2 -0
dissect/target/plugins/filesystem/acquire_hash.py +1 -7
dissect/target/plugins/filesystem/icat.py +5 -5
dissect/target/plugins/filesystem/ntfs/mft.py +2 -2
dissect/target/plugins/filesystem/ntfs/mft_timeline.py +2 -2
dissect/target/plugins/filesystem/ntfs/usnjrnl.py +2 -3
dissect/target/plugins/filesystem/resolver.py +1 -1
dissect/target/plugins/filesystem/unix/capability.py +77 -66
dissect/target/plugins/filesystem/walkfs.py +25 -19
dissect/target/plugins/filesystem/yara.py +20 -19
dissect/target/plugins/general/config.py +28 -11
dissect/target/plugins/os/unix/_os.py +28 -21
dissect/target/plugins/os/unix/bsd/osx/user.py +1 -3
dissect/target/plugins/os/unix/cronjobs.py +4 -16
dissect/target/plugins/os/unix/{linux/esxi → esxi}/_os.py +5 -6
dissect/target/plugins/os/unix/generic.py +5 -1
dissect/target/plugins/os/unix/history.py +2 -1
dissect/target/plugins/os/unix/linux/_os.py +12 -5
dissect/target/plugins/os/unix/linux/services.py +112 -0
dissect/target/plugins/os/unix/linux/suse/zypper.py +4 -4
dissect/target/plugins/os/unix/locale.py +3 -1
dissect/target/plugins/os/unix/log/journal.py +7 -6
dissect/target/plugins/os/unix/packagemanager.py +3 -3
dissect/target/plugins/os/unix/shadow.py +1 -1
dissect/target/plugins/os/windows/_os.py +2 -1
dissect/target/plugins/os/windows/amcache.py +9 -10
dissect/target/plugins/os/windows/catroot.py +2 -2
dissect/target/plugins/os/windows/cim.py +5 -4
dissect/target/plugins/os/windows/datetime.py +4 -1
dissect/target/plugins/os/windows/defender.py +3 -3
dissect/target/plugins/os/windows/generic.py +10 -11
dissect/target/plugins/os/windows/lnk.py +6 -6
dissect/target/plugins/os/windows/log/amcache.py +3 -5
dissect/target/plugins/os/windows/log/pfro.py +1 -3
dissect/target/plugins/os/windows/prefetch.py +5 -6
dissect/target/plugins/os/windows/recyclebin.py +3 -4
dissect/target/plugins/os/windows/regf/7zip.py +2 -4
dissect/target/plugins/os/windows/regf/bam.py +1 -2
dissect/target/plugins/os/windows/regf/cit.py +4 -5
dissect/target/plugins/os/windows/regf/mru.py +6 -2
dissect/target/plugins/os/windows/regf/muicache.py +1 -3
dissect/target/plugins/os/windows/regf/recentfilecache.py +1 -2
dissect/target/plugins/os/windows/regf/shimcache.py +1 -2
dissect/target/plugins/os/windows/regf/trusteddocs.py +1 -1
dissect/target/plugins/os/windows/regf/userassist.py +1 -2
dissect/target/plugins/os/windows/services.py +2 -4
dissect/target/plugins/os/windows/sru.py +4 -4
dissect/target/plugins/os/windows/startupinfo.py +5 -6
dissect/target/plugins/os/windows/syscache.py +2 -3
dissect/target/target.py +65 -32
dissect/target/tools/info.py +2 -1
dissect/target/tools/mount.py +2 -12
dissect/target/tools/shell.py +3 -2
dissect/target/volume.py +10 -9
dissect/target/volumes/bde.py +1 -1
dissect/target/volumes/ddf.py +2 -0
dissect/target/volumes/disk.py +2 -0
dissect/target/volumes/luks.py +1 -1
dissect/target/volumes/lvm.py +2 -0
dissect/target/volumes/md.py +2 -0
dissect/target/volumes/vmfs.py +2 -0
{dissect.target-3.13.dev26.dist-info → dissect.target-3.14.dist-info}/METADATA +2 -1
{dissect.target-3.13.dev26.dist-info → dissect.target-3.14.dist-info}/RECORD +137 -136
{dissect.target-3.13.dev26.dist-info → dissect.target-3.14.dist-info}/WHEEL +1 -1
dissect/target/plugins/os/unix/services.py +0 -151
/dissect/target/plugins/apps/{containers → browser}/__init__.py +0 -0
/dissect/target/plugins/{browsers → apps/browser}/browser.py +0 -0
/dissect/target/plugins/apps/{vpns → container}/__init__.py +0 -0
/dissect/target/plugins/apps/{containers → container}/docker.py +0 -0
/dissect/target/plugins/apps/{webservers → vpn}/__init__.py +0 -0
/dissect/target/plugins/apps/{vpns → vpn}/openvpn.py +0 -0
/dissect/target/plugins/apps/{vpns → vpn}/wireguard.py +0 -0
/dissect/target/plugins/{browsers → apps/webserver}/__init__.py +0 -0
/dissect/target/plugins/apps/{webservers/webservers.py → webserver/webserver.py} +0 -0
/dissect/target/plugins/os/unix/{linux/esxi → esxi}/__init__.py +0 -0
{dissect.target-3.13.dev26.dist-info → dissect.target-3.14.dist-info}/COPYRIGHT +0 -0
{dissect.target-3.13.dev26.dist-info → dissect.target-3.14.dist-info}/LICENSE +0 -0
{dissect.target-3.13.dev26.dist-info → dissect.target-3.14.dist-info}/entry_points.txt +0 -0
{dissect.target-3.13.dev26.dist-info → dissect.target-3.14.dist-info}/top_level.txt +0 -0

dissect/target/plugins/os/windows/cim.py CHANGED Viewed

@@ -64,10 +64,11 @@ class CimPlugin(Plugin):
         try:
             for binding in subscription_ns.class_("__filtertoconsumerbinding").instances:
                 consumer = subscription_ns.query(binding.properties["Consumer"].value)
-                yield ConsumerBindingRecord(
-                    query=consumer.properties["CommandLineTemplate"].value,
-                    _target=self.target,
-                )
+                if query := consumer.properties.get("CommandLineTemplate"):
+                    yield ConsumerBindingRecord(
+                        query=query.value,
+                        _target=self.target,
+                    )
         except Exception as e:  # noqa
             self.target.log.warning("Error during consumerbindings execution", exc_info=e)
             pass

dissect/target/plugins/os/windows/datetime.py CHANGED Viewed

@@ -37,7 +37,10 @@ c_tz = cstruct.cstruct()
 c_tz.load(tz_def)
-SundayFirstCalendar = calendar.Calendar(calendar.SUNDAY)
+# Althoug calendar.SUNDAY is only officially documented since Python 3.10, it
+# is present in Python 3.9, so we ignore the vermin warnings.
+SUNDAY = calendar.SUNDAY  # novermin
+SundayFirstCalendar = calendar.Calendar(SUNDAY)
 TimezoneInformation = namedtuple(
     "TimezoneInformation",
     (

dissect/target/plugins/os/windows/defender.py CHANGED Viewed

@@ -203,9 +203,9 @@ struct QuarantineEntryFileHeader {
     CHAR        _Padding[32];
     DWORD       Section1Size;
     DWORD       Section2Size;
-    DWORD       Section1CrC;
-    DWORD       Section2CrC;
-    char        MagicFooter[4];
+    DWORD       Section1CRC;
+    DWORD       Section2CRC;
+    CHAR        MagicFooter[4];
 };
 struct QuarantineEntrySection1 {

dissect/target/plugins/os/windows/generic.py CHANGED Viewed

@@ -2,7 +2,6 @@ from datetime import datetime
 from typing import Optional
 from dissect.util.ts import from_unix
-from flow.record.fieldtypes import path
 from dissect.target.exceptions import RegistryError, UnsupportedPluginError
 from dissect.target.helpers.descriptor_extensions import (
@@ -250,7 +249,7 @@ class GenericPlugin(Plugin):
                     value = r.value(name)
                     yield AppInitRecord(
                         ts=r.ts,
-                        path=path.from_windows(value.value),
+                        path=self.target.fs.path(value.value),
                         _target=self.target,
                         _user=user,
                         _key=r,
@@ -279,7 +278,7 @@ class GenericPlugin(Plugin):
                 for value in r.values():
                     yield KnownDllRecord(
                         ts=r.ts,
-                        path=path.from_windows(value.value),
+                        path=self.target.fs.path(value.value),
                         _target=self.target,
                         _user=user,
                         _key=r,
@@ -325,7 +324,7 @@ class GenericPlugin(Plugin):
                         yield SessionManagerRecord(
                             ts=r.ts,
-                            path=path.from_windows(d),
+                            path=self.target.fs.path(d),
                             _target=self.target,
                             _user=user,
                             _key=r,
@@ -333,7 +332,7 @@ class GenericPlugin(Plugin):
                 else:
                     yield SessionManagerRecord(
                         ts=r.ts,
-                        path=path.from_windows(data.split(" ")[0]),
+                        path=self.target.fs.path(data.split(" ")[0]),
                         _target=self.target,
                         _user=user,
                         _key=r,
@@ -427,7 +426,7 @@ class GenericPlugin(Plugin):
                     value = r.value(name)
                     yield CommandProcAutoRunRecord(
                         ts=r.ts,
-                        path=path.from_windows(value.value),
+                        path=self.target.fs.path(value.value),
                         _target=self.target,
                         _user=user,
                         _key=r,
@@ -453,7 +452,7 @@ class GenericPlugin(Plugin):
             value = r.value("AlternateShell")
             yield AlternateShellRecord(
                 ts=r.ts,
-                path=path.from_windows(value.value),
+                path=self.target.fs.path(value.value),
                 _target=self.target,
                 _user=user,
                 _key=r,
@@ -477,7 +476,7 @@ class GenericPlugin(Plugin):
             yield BootShellRecord(
                 ts=r.ts,
-                path=path.from_windows(value.value),
+                path=self.target.fs.path(value.value),
                 _target=self.target,
                 _user=user,
                 _key=r,
@@ -500,7 +499,7 @@ class GenericPlugin(Plugin):
             user = self.target.registry.get_user(r)
             try:
                 value = r.value("PendingFileRenameOperations")
-                paths = map(path.from_windows, value.value)
+                paths = map(self.target.fs.path, value.value)
             except RegistryError:
                 continue
@@ -528,7 +527,7 @@ class GenericPlugin(Plugin):
                 for v in r.values():
                     yield WinRarRecord(
                         ts=r.ts,
-                        path=path.from_windows(v.value),
+                        path=self.target.fs.path(v.value),
                         _target=self.target,
                         _user=user,
                         _key=r,
@@ -552,7 +551,7 @@ class GenericPlugin(Plugin):
                 for s in r.subkeys():
                     yield WinSockNamespaceProviderRecord(
                         ts=r.ts,
-                        librarypath=path.from_windows(s.value("LibraryPath").value),
+                        librarypath=self.target.fs.path(s.value("LibraryPath").value),
                         displaystring=s.value("DisplayString").value,
                         providerid=s.value("ProviderID").value,
                         enabled=s.value("Enabled").value,

dissect/target/plugins/os/windows/lnk.py CHANGED Viewed

@@ -2,7 +2,6 @@ from typing import Iterator, Optional
 from dissect.shellitem.lnk import Lnk
 from dissect.util import ts
-from flow.record.fieldtypes import path
 from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers.fsutil import TargetPath
@@ -88,17 +87,17 @@ class LnkPlugin(Plugin):
                 lnk_ctime = ts.from_unix(entry.stat().st_ctime)
                 lnk_relativepath = (
-                    path.from_windows(lnk_file.stringdata.relative_path.string)
+                    self.target.fs.path(lnk_file.stringdata.relative_path.string)
                     if lnk_file.flag("has_relative_path")
                     else None
                 )
                 lnk_workdir = (
-                    path.from_windows(lnk_file.stringdata.working_dir.string)
+                    self.target.fs.path(lnk_file.stringdata.working_dir.string)
                     if lnk_file.flag("has_working_dir")
                     else None
                 )
                 lnk_iconlocation = (
-                    path.from_windows(lnk_file.stringdata.icon_location.string)
+                    self.target.fs.path(lnk_file.stringdata.icon_location.string)
                     if lnk_file.flag("has_icon_location")
                     else None
                 )
@@ -115,9 +114,9 @@ class LnkPlugin(Plugin):
                 )
                 if local_base_path and common_path_suffix:
-                    lnk_full_path = path.from_windows(local_base_path + common_path_suffix)
+                    lnk_full_path = self.target.fs.path(local_base_path + common_path_suffix)
                 elif local_base_path and not common_path_suffix:
-                    lnk_full_path = path.from_windows(local_base_path)
+                    lnk_full_path = self.target.fs.path(local_base_path)
                 else:
                     lnk_full_path = None
@@ -161,6 +160,7 @@ class LnkPlugin(Plugin):
                     target_mtime=target_mtime,
                     target_atime=target_atime,
                     target_ctime=target_ctime,
+                    _target=self.target,
                 )
     def lnk_entries(self, path: Optional[str] = None) -> Iterator[TargetPath]:

dissect/target/plugins/os/windows/log/amcache.py CHANGED Viewed

@@ -4,8 +4,6 @@ import re
 from datetime import datetime
 from typing import TYPE_CHECKING, Iterator, Union
-from flow.record.fieldtypes import path
 from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers.record import TargetRecordDescriptor
 from dissect.target.plugin import Plugin, export
@@ -78,9 +76,9 @@ def create_record(
         modified=_to_log_timestamp(install_properties.get("modified")),
         access=_to_log_timestamp(install_properties.get("lastaccessed")),
         link_date=_to_log_timestamp(install_properties.get("linkdate")),
-        path=path.from_windows(install_properties.get("path")),
-        filename=path.from_windows(filename),
-        create=path.from_windows(create),
+        path=target.fs.path(install_properties.get("path")),
+        filename=target.fs.path(filename),
+        create=target.fs.path(create),
         size_of_image=install_properties.get("sizeofimage"),
         file_description=install_properties.get("filedescription"),
         size=install_properties.get("size"),

dissect/target/plugins/os/windows/log/pfro.py CHANGED Viewed

@@ -1,8 +1,6 @@
 import datetime
 import re
-from flow.record.fieldtypes import path
 from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers.record import TargetRecordDescriptor
 from dissect.target.plugin import Plugin, export
@@ -70,7 +68,7 @@ class PfroPlugin(Plugin):
                 yield PfroRecord(
                     ts=datetime.datetime.strptime(date, "%m/%d/%Y %H:%M:%S"),
-                    path=path.from_windows(file_path),
+                    path=self.target.fs.path(file_path),
                     operation=operation,
                     _target=self.target,
                 )

dissect/target/plugins/os/windows/prefetch.py CHANGED Viewed

@@ -3,7 +3,6 @@ from io import BytesIO
 from dissect import cstruct
 from dissect.util import lzxpress_huffman
 from dissect.util.ts import wintimestamp
-from flow.record.fieldtypes import path
 from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers.record import TargetRecordDescriptor
@@ -212,7 +211,7 @@ class Prefetch:
                 self.fn.filename_strings_offset + entry.filename_string_offset,
                 entry.filename_string_number_of_characters,
             )
-            metrics.append(path.from_windows(filename.decode("utf-16-le")))
+            metrics.append(filename.decode("utf-16-le"))
         return metrics
     def read_filename(self, off, size):
@@ -290,15 +289,15 @@ class PrefetchPlugin(Plugin):
                 self.target.log.warning("Failed to parse prefetch file: %s", entry, exc_info=e)
                 continue
-            filename = path.from_windows(scca.header.name.decode("utf-16-le", errors="ignore").split("\x00")[0])
-            entry_name = path.from_windows(entry.name)
+            filename = self.target.fs.path(scca.header.name.decode("utf-16-le", errors="ignore").split("\x00")[0])
+            entry_name = self.target.fs.path(entry.name)
             if grouped:
                 yield GroupedPrefetchRecord(
                     ts=scca.latest_timestamp,
                     filename=filename,
                     prefetch=entry_name,
-                    linkedfiles=list(map(path.from_windows, scca.metrics)),
+                    linkedfiles=list(map(self.target.fs.path, scca.metrics)),
                     runcount=scca.fn.run_count,
                     previousruns=scca.previous_timestamps,
                     _target=self.target,
@@ -311,7 +310,7 @@ class PrefetchPlugin(Plugin):
                             ts=date,
                             filename=filename,
                             prefetch=entry_name,
-                            linkedfile=path.from_windows(linked_file),
+                            linkedfile=self.target.fs.path(linked_file),
                             runcount=scca.fn.run_count,
                             _target=self.target,
                         )

dissect/target/plugins/os/windows/recyclebin.py CHANGED Viewed

@@ -2,7 +2,6 @@ from typing import Generator
 from dissect import cstruct
 from dissect.util.ts import wintimestamp
-from flow.record.fieldtypes import path
 from dissect.target import Target
 from dissect.target.exceptions import UnsupportedPluginError
@@ -115,10 +114,10 @@ class RecyclebinPlugin(Plugin):
         return RecycleBinRecord(
             ts=wintimestamp(entry.timestamp),
-            path=path.from_windows(entry.filename.rstrip("\x00")),
-            source=path.from_windows(source_path),
+            path=self.target.fs.path(entry.filename.rstrip("\x00")),
+            source=self.target.fs.path(source_path),
             filesize=entry.file_size,
-            deleted_path=path.from_windows(deleted_path),
+            deleted_path=self.target.fs.path(deleted_path),
             _target=self.target,
             _user=user,
         )

dissect/target/plugins/os/windows/regf/7zip.py CHANGED Viewed

@@ -1,5 +1,3 @@
-from flow.record.fieldtypes import path
 from dissect.target.exceptions import RegistryError, UnsupportedPluginError
 from dissect.target.helpers.record import TargetRecordDescriptor
 from dissect.target.plugin import Plugin, export
@@ -66,7 +64,7 @@ class SevenZipPlugin(Plugin):
                 yield record(
                     ts=subkey.ts,
-                    path=path.from_windows(file_path),
+                    path=self.target.fs.path(file_path),
                     _target=self.target,
                 )
         except RegistryError:
@@ -90,7 +88,7 @@ class SevenZipPlugin(Plugin):
                 value = subkey.value("PanelPath0").value
                 yield PanelPathRecord(
                     ts=subkey.ts,
-                    path=path.from_windows(value),
+                    path=self.target.fs.path(value),
                     _target=self.target,
                 )
             except RegistryError:

dissect/target/plugins/os/windows/regf/bam.py CHANGED Viewed

@@ -1,6 +1,5 @@
 from dissect.cstruct import cstruct
 from dissect.util.ts import wintimestamp
-from flow.record.fieldtypes import path
 from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers.record import TargetRecordDescriptor
@@ -57,6 +56,6 @@ class BamDamPlugin(Plugin):
                         data = c_bam.entry(entry.value)
                         yield BamDamRecord(
                             ts=wintimestamp(data.ts),
-                            path=path.from_windows(entry.name),
+                            path=self.target.fs.path(entry.name),
                             _target=self.target,
                         )

dissect/target/plugins/os/windows/regf/cit.py CHANGED Viewed

@@ -11,7 +11,6 @@ from io import BytesIO
 from dissect.cstruct import cstruct
 from dissect.util.compression import lznt1
 from dissect.util.ts import wintimestamp
-from flow.record.fieldtypes import path
 from dissect.target.exceptions import RegistryValueNotFoundError, UnsupportedPluginError
 from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
@@ -735,7 +734,7 @@ class CITPlugin(Plugin):
                             start_time=local_wintimestamp(self.target, cit.header.StartTimeLocal),
                             current_time=local_wintimestamp(self.target, cit.header.CurrentTimeLocal),
                             aggregation_period_in_s=cit.header.AggregationPeriodInS,
-                            path=path.from_windows(entry.file_path),
+                            path=self.target.fs.path(entry.file_path),
                             command_line=entry.command_line,
                             pe_timedatestamp=program_data.PeTimeDateStamp,
                             pe_checksum=program_data.PeCheckSum,
@@ -895,7 +894,7 @@ class CITPlugin(Plugin):
                     yield CITTelemetryRecord(
                         regf_mtime=version_key.ts,
                         version=version_key.name,
-                        path=path.from_windows(value.name),
+                        path=self.target.fs.path(value.name),
                         value=str(c_cit.TELEMETRY_ANSWERS(value.value)).split(".")[1],
                         _target=self.target,
                     )
@@ -941,8 +940,8 @@ class CITPlugin(Plugin):
                     yield CITModuleRecord(
                         last_loaded=wintimestamp(value.value),
                         regf_mtime=monitored_dll.ts,
-                        tracked_module=path.from_windows(monitored_dll.name),
-                        executable=path.from_windows(value.name),
+                        tracked_module=self.target.fs.path(monitored_dll.name),
+                        executable=self.target.fs.path(value.name),
                         # These are actually specific for the tracked module, but just include them in every record
                         overflow_quota=overflow_quota,
                         overflow_value=overflow_value,

dissect/target/plugins/os/windows/regf/mru.py CHANGED Viewed

@@ -322,13 +322,17 @@ class MRUPlugin(Plugin):
 def parse_mru_key(target, key, record):
     user = target.registry.get_user(key)
-    mrulist = key.value("MRUList").value
+    try:
+        mrulist = key.value("MRUList").value
+    except RegistryError:
+        mrulist = None
     for value in key.values():
         if value.name == "MRUList":
             continue
-        entry_index = mrulist.index(value.name)
+        entry_index = mrulist.index(value.name) if mrulist else None
         entry_value = value.value
         yield record(

dissect/target/plugins/os/windows/regf/muicache.py CHANGED Viewed

@@ -1,7 +1,5 @@
 from typing import Generator
-from flow.record.fieldtypes import path
 from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers.descriptor_extensions import (
     RegistryRecordDescriptorExtension,
@@ -84,7 +82,7 @@ class MuiCachePlugin(Plugin):
                     index=index,
                     name=name,
                     value=entry.value,
-                    path=path.from_windows(entry_path),
+                    path=self.target.fs.path(entry_path),
                     _target=self.target,
                     _key=key,
                     _user=user,

dissect/target/plugins/os/windows/regf/recentfilecache.py CHANGED Viewed

@@ -1,5 +1,4 @@
 from dissect import cstruct
-from flow.record.fieldtypes import path
 from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers.record import TargetRecordDescriptor
@@ -59,7 +58,7 @@ class RecentFileCachePlugin(Plugin):
                 entry.path = entry.path.rstrip("\x00")
                 yield RecentFileCacheRecord(
-                    path=path.from_windows(entry.path),
+                    path=self.target.fs.path(entry.path),
                     _target=self.target,
                 )
             except EOFError:

dissect/target/plugins/os/windows/regf/shimcache.py CHANGED Viewed

@@ -6,7 +6,6 @@ from typing import Callable, Generator, Optional, Tuple, Union
 from dissect.cstruct import Structure, cstruct
 from dissect.util.ts import wintimestamp
-from flow.record.fieldtypes import path
 from dissect.target.exceptions import Error, RegistryError, UnsupportedPluginError
 from dissect.target.helpers.record import TargetRecordDescriptor
@@ -358,6 +357,6 @@ class ShimcachePlugin(Plugin):
                 last_modified=ts,
                 name=name,
                 index=index,
-                path=path.from_windows(self.target.resolve(file_path)),
+                path=self.target.fs.path(self.target.resolve(file_path)),
                 _target=self.target,
             )

dissect/target/plugins/os/windows/regf/trusteddocs.py CHANGED Viewed

@@ -73,7 +73,7 @@ class TrustedDocumentsPlugin(Plugin):
                     ts=key.ts,
                     type=value.type,
                     application=application,
-                    document_path=self.target.resolve(value.name),
+                    document_path=self.target.fs.path(self.target.resolve(value.name)),
                     value=value.value,
                     _key=key,
                     _user=user,

dissect/target/plugins/os/windows/regf/userassist.py CHANGED Viewed

@@ -2,7 +2,6 @@ import codecs
 from dissect import cstruct
 from dissect.util.ts import wintimestamp
-from flow.record.fieldtypes import path
 from dissect.target.exceptions import RegistryValueNotFoundError, UnsupportedPluginError
 from dissect.target.helpers.descriptor_extensions import (
@@ -128,7 +127,7 @@ class UserAssistPlugin(Plugin):
                         yield UserAssistRecord(
                             ts=wintimestamp(timestamp),
-                            path=path.from_windows(value),
+                            path=self.target.fs.path(value),
                             number_of_executions=number_of_executions,
                             application_focus_count=application_focus_count,
                             application_focus_duration=application_focus_duration,

dissect/target/plugins/os/windows/services.py CHANGED Viewed

@@ -1,7 +1,5 @@
 import re
-from flow.record.fieldtypes import path
 from dissect.target.exceptions import (
     RegistryError,
     RegistryValueNotFoundError,
@@ -100,7 +98,7 @@ class ServicesPlugin(Plugin):
                 try:
                     servicedll = key.subkey("Parameters").value("ServiceDll").value
-                    servicedll = path.from_windows(servicedll)
+                    servicedll = self.target.fs.path(servicedll)
                 except RegistryError:
                     pass
@@ -138,7 +136,7 @@ class ServicesPlugin(Plugin):
                                 image_path = image_path[: m.end(0)].strip()
                             else:
                                 pass
-                        image_path = path.from_windows(image_path)
+                        image_path = self.target.fs.path(image_path)
                 except RegistryError:
                     pass

dissect/target/plugins/os/windows/sru.py CHANGED Viewed

@@ -1,6 +1,5 @@
 from dissect.esedb.exceptions import Error
 from dissect.esedb.tools import sru
-from flow.record.fieldtypes import path
 from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers.record import TargetRecordDescriptor
@@ -329,7 +328,6 @@ def transform_app_id(value):
             value = value.decode()
         else:
             value = str(value)
-        value = path.from_windows(value)
     return value
@@ -355,7 +353,7 @@ class SRUPlugin(Plugin):
         super().__init__(target)
         self._sru = None
-        srupath = self.target.fs.path("sysvol/Windows/System32/sru/SRUDB.dat")
+        srupath = target.fs.path("sysvol/Windows/System32/sru/SRUDB.dat")
         if srupath.exists():
             try:
                 self._sru = sru.SRU(srupath.open())
@@ -382,7 +380,9 @@ class SRUPlugin(Plugin):
             record_values = {}
             for column, value in column_values:
-                new_value = TRANSFORMS[column](value) if column in TRANSFORMS else value
+                new_value = value
+                if new_value and (transform := TRANSFORMS.get(column)):
+                    new_value = self.target.fs.path(transform(new_value))
                 new_column = FIELD_MAPPINGS.get(column, column)
                 record_values[new_column] = new_value

dissect/target/plugins/os/windows/startupinfo.py CHANGED Viewed

@@ -1,7 +1,6 @@
 import datetime
 from defusedxml import ElementTree
-from flow.record.fieldtypes import path
 from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers.record import TargetRecordDescriptor
@@ -65,8 +64,8 @@ class StartupInfoPlugin(Plugin):
         References:
             - https://www.trustedsec.com/blog/who-left-the-backdoor-open-using-startupinfo-for-the-win/
         """
-        for file in self._files:
-            fh = file.open("rb")
+        for path in self._files:
+            fh = path.open("rb")
             try:
                 root = ElementTree.fromstring(fh.read().decode("utf-16-le"), forbid_dtd=True)
@@ -76,12 +75,12 @@ class StartupInfoPlugin(Plugin):
                     yield StartupInfoRecord(
                         ts=parse_ts(start_time),
-                        path=path.from_windows(process.get("Name")),
-                        commandline=path.from_windows(process.findtext("CommandLine")),
+                        path=self.target.fs.path(process.get("Name")),
+                        commandline=self.target.fs.path(process.findtext("CommandLine")),
                         pid=process.get("PID"),
                         parent_pid=process.findtext("ParentPID"),
                         parent_start_time=parse_ts(parent_start_time),
-                        parent_name=path.from_windows(process.findtext("ParentName")),
+                        parent_name=self.target.fs.path(process.findtext("ParentName")),
                         disk_usage=process.findtext("DiskUsage"),
                         cpu_usage=process.findtext("CpuUsage"),
                         _target=self.target,

dissect/target/plugins/os/windows/syscache.py CHANGED Viewed

@@ -1,5 +1,4 @@
 from dissect.ntfs import ntfs
-from flow.record.fieldtypes import path
 from dissect.target.exceptions import RegistryValueNotFoundError, UnsupportedPluginError
 from dissect.target.helpers import regutil
@@ -48,7 +47,7 @@ class SyscachePlugin(Plugin):
         # Try to get the system volume
         mft = None
         sysvol = self.target.fs.mounts["sysvol"]
-        if sysvol.__fstype__ == "ntfs" or hasattr(sysvol, "ntfs"):  # Nasty TarLoader hack
+        if sysvol.__type__ == "ntfs" or hasattr(sysvol, "ntfs"):  # Nasty TarLoader hack
             mft = sysvol.ntfs.mft
         # There's some other stuff here like an IndexTable and LruList
@@ -76,7 +75,7 @@ class SyscachePlugin(Plugin):
                 full_path = None
                 if mft:
                     try:
-                        full_path = path.from_windows("\\".join(["sysvol", mft.mft(file_segment).fullpath()]))
+                        full_path = self.target.fs.path("\\".join(["sysvol", mft.mft(file_segment).fullpath()]))
                     except ntfs.Error:
                         pass

dissect.target 3.13.dev26__py3-none-any.whl → 3.14__py3-none-any.whl

dissect.target 3.13.dev26py3-none-any.whl → 3.14py3-none-any.whl