dissect.target 3.14.dev20__py3-none-any.whl → 3.14.dev23__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. dissect/target/filesystem.py +1 -1
  2. dissect/target/filesystems/btrfs.py +2 -2
  3. dissect/target/helpers/cache.py +2 -2
  4. dissect/target/helpers/fsutil.py +9 -6
  5. dissect/target/helpers/hashutil.py +1 -5
  6. dissect/target/loaders/log.py +2 -2
  7. dissect/target/loaders/smb.py +23 -13
  8. dissect/target/plugins/apps/av/sophos.py +1 -2
  9. dissect/target/plugins/apps/av/trendmicro.py +2 -3
  10. dissect/target/plugins/apps/browser/chromium.py +4 -11
  11. dissect/target/plugins/apps/browser/firefox.py +2 -6
  12. dissect/target/plugins/child/hyperv.py +1 -2
  13. dissect/target/plugins/child/vmware_workstation.py +1 -3
  14. dissect/target/plugins/filesystem/acquire_handles.py +2 -0
  15. dissect/target/plugins/filesystem/acquire_hash.py +1 -7
  16. dissect/target/plugins/filesystem/ntfs/usnjrnl.py +1 -2
  17. dissect/target/plugins/filesystem/resolver.py +1 -1
  18. dissect/target/plugins/filesystem/unix/capability.py +77 -66
  19. dissect/target/plugins/filesystem/walkfs.py +23 -19
  20. dissect/target/plugins/filesystem/yara.py +20 -19
  21. dissect/target/plugins/os/unix/_os.py +1 -3
  22. dissect/target/plugins/os/unix/bsd/osx/user.py +1 -3
  23. dissect/target/plugins/os/unix/esxi/_os.py +1 -2
  24. dissect/target/plugins/os/unix/log/journal.py +7 -6
  25. dissect/target/plugins/os/windows/_os.py +2 -1
  26. dissect/target/plugins/os/windows/amcache.py +9 -10
  27. dissect/target/plugins/os/windows/catroot.py +2 -2
  28. dissect/target/plugins/os/windows/generic.py +10 -11
  29. dissect/target/plugins/os/windows/lnk.py +5 -6
  30. dissect/target/plugins/os/windows/log/amcache.py +3 -5
  31. dissect/target/plugins/os/windows/log/pfro.py +1 -3
  32. dissect/target/plugins/os/windows/prefetch.py +5 -6
  33. dissect/target/plugins/os/windows/recyclebin.py +3 -4
  34. dissect/target/plugins/os/windows/regf/7zip.py +2 -4
  35. dissect/target/plugins/os/windows/regf/bam.py +1 -2
  36. dissect/target/plugins/os/windows/regf/cit.py +4 -5
  37. dissect/target/plugins/os/windows/regf/muicache.py +1 -3
  38. dissect/target/plugins/os/windows/regf/recentfilecache.py +1 -2
  39. dissect/target/plugins/os/windows/regf/shimcache.py +1 -2
  40. dissect/target/plugins/os/windows/regf/trusteddocs.py +1 -1
  41. dissect/target/plugins/os/windows/regf/userassist.py +1 -2
  42. dissect/target/plugins/os/windows/services.py +2 -4
  43. dissect/target/plugins/os/windows/sru.py +4 -4
  44. dissect/target/plugins/os/windows/startupinfo.py +5 -6
  45. dissect/target/plugins/os/windows/syscache.py +1 -2
  46. dissect/target/target.py +2 -1
  47. {dissect.target-3.14.dev20.dist-info → dissect.target-3.14.dev23.dist-info}/METADATA +1 -1
  48. {dissect.target-3.14.dev20.dist-info → dissect.target-3.14.dev23.dist-info}/RECORD +53 -53
  49. {dissect.target-3.14.dev20.dist-info → dissect.target-3.14.dev23.dist-info}/COPYRIGHT +0 -0
  50. {dissect.target-3.14.dev20.dist-info → dissect.target-3.14.dev23.dist-info}/LICENSE +0 -0
  51. {dissect.target-3.14.dev20.dist-info → dissect.target-3.14.dev23.dist-info}/WHEEL +0 -0
  52. {dissect.target-3.14.dev20.dist-info → dissect.target-3.14.dev23.dist-info}/entry_points.txt +0 -0
  53. {dissect.target-3.14.dev20.dist-info → dissect.target-3.14.dev23.dist-info}/top_level.txt +0 -0
@@ -5,7 +5,7 @@ try:
5
5
  except ImportError:
6
6
  raise ImportError("Please install 'yara-python' to use 'target-query -f yara'.")
7
7
 
8
- from dissect.target.exceptions import FileNotFoundError, UnsupportedPluginError
8
+ from dissect.target.exceptions import FileNotFoundError
9
9
  from dissect.target.helpers.record import TargetRecordDescriptor
10
10
  from dissect.target.plugin import Plugin, arg, export
11
11
 
@@ -26,8 +26,7 @@ class YaraPlugin(Plugin):
26
26
  DEFAULT_MAX_SIZE = 10 * 1024 * 1024
27
27
 
28
28
  def check_compatible(self) -> None:
29
- if not self.target.has_function("walkfs"):
30
- raise UnsupportedPluginError("No walkfs plugin found")
29
+ pass
31
30
 
32
31
  @arg("--rule-files", "-r", type=Path, nargs="+", required=True, help="path to YARA rule file")
33
32
  @arg("--scan-path", default="/", help="path to recursively scan")
@@ -43,20 +42,22 @@ class YaraPlugin(Plugin):
43
42
  rule_data = "\n".join([rule_file.read_text() for rule_file in rule_files])
44
43
 
45
44
  rules = yara.compile(source=rule_data)
46
- for entry, _ in self.target.walkfs_ext(scan_path):
47
- try:
48
- if not entry.is_file() or entry.stat().st_size > max_size:
45
+ for _, _, files in self.target.fs.walk_ext(scan_path):
46
+ for file_entry in files:
47
+ path = self.target.fs.path(file_entry.path)
48
+ try:
49
+ if path.stat().st_size > max_size:
50
+ continue
51
+
52
+ for match in rules.match(data=path.read_bytes()):
53
+ yield YaraMatchRecord(
54
+ path=path,
55
+ digest=path.get().hash(),
56
+ rule=match.rule,
57
+ tags=match.tags,
58
+ _target=self.target,
59
+ )
60
+ except FileNotFoundError:
49
61
  continue
50
-
51
- for match in rules.match(data=entry.read_bytes()):
52
- yield YaraMatchRecord(
53
- path=entry,
54
- digest=entry.get().hash(),
55
- rule=match.rule,
56
- tags=match.tags,
57
- _target=self.target,
58
- )
59
- except FileNotFoundError:
60
- continue
61
- except Exception:
62
- self.target.log.exception("Error scanning file: %s", entry)
62
+ except Exception:
63
+ self.target.log.exception("Error scanning file: %s", path)
@@ -6,8 +6,6 @@ import uuid
6
6
  from struct import unpack
7
7
  from typing import Iterator, Optional, Union
8
8
 
9
- from flow.record.fieldtypes import posix_path
10
-
11
9
  from dissect.target.filesystem import Filesystem
12
10
  from dissect.target.helpers.fsutil import TargetPath
13
11
  from dissect.target.helpers.record import UnixUserRecord
@@ -62,7 +60,7 @@ class UnixPlugin(OSPlugin):
62
60
  uid=pwent.get(2),
63
61
  gid=pwent.get(3),
64
62
  gecos=pwent.get(4),
65
- home=posix_path(pwent.get(5)),
63
+ home=self.target.fs.path(pwent.get(5)),
66
64
  shell=pwent.get(6),
67
65
  source=passwd_file,
68
66
  _target=self.target,
@@ -1,8 +1,6 @@
1
1
  import plistlib
2
2
  from typing import Iterator
3
3
 
4
- from flow.record.fieldtypes import posix_path
5
-
6
4
  from dissect.target.exceptions import UnsupportedPluginError
7
5
  from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
8
6
  from dissect.target.helpers.record import create_extended_descriptor
@@ -49,7 +47,7 @@ class UserPlugin(Plugin):
49
47
  password_last_time=account_policy.get("passwordLastSetTime"),
50
48
  failed_login_count=account_policy.get("failedLoginCount"),
51
49
  failed_login_time=account_policy.get("failedLoginTimestamp"),
52
- source=posix_path(user_details.user.source),
50
+ source=self.target.fs.path(user_details.user.source),
53
51
  _user=user_details.user,
54
52
  _target=self.target,
55
53
  )
@@ -12,7 +12,6 @@ from typing import Any, BinaryIO, Iterator, Optional, TextIO
12
12
  from defusedxml import ElementTree
13
13
  from dissect.hypervisor.util import vmtar
14
14
  from dissect.sql import sqlite3
15
- from flow.record.fieldtypes import path
16
15
 
17
16
  try:
18
17
  from dissect.hypervisor.util.envelope import Envelope, KeyStore
@@ -159,7 +158,7 @@ class ESXiPlugin(UnixPlugin):
159
158
  root = ElementTree.fromstring(inv_file.read_text("utf-8"))
160
159
  for entry in root.iter("ConfigEntry"):
161
160
  yield VirtualMachineRecord(
162
- path=path.from_posix(entry.findtext("vmxCfgPath")),
161
+ path=self.target.fs.path(entry.findtext("vmxCfgPath")),
163
162
  _target=self.target,
164
163
  )
165
164
 
@@ -5,7 +5,6 @@ import zstandard
5
5
  from dissect.cstruct import Instance, cstruct
6
6
  from dissect.util import ts
7
7
  from dissect.util.compression import lz4
8
- from flow.record.fieldtypes import path
9
8
 
10
9
  from dissect.target import Target
11
10
  from dissect.target.exceptions import UnsupportedPluginError
@@ -394,6 +393,8 @@ class JournalPlugin(Plugin):
394
393
  - https://github.com/systemd/systemd/blob/9203abf79f1d05fdef9b039e7addf9fc5a27752d/man/systemd.journal-fields.xml
395
394
  """ # noqa: E501
396
395
 
396
+ path_function = self.target.fs.path
397
+
397
398
  for _path in self.journal_paths:
398
399
  fh = _path.open()
399
400
 
@@ -409,7 +410,7 @@ class JournalPlugin(Plugin):
409
410
  message=entry.get("message"),
410
411
  message_id=entry.get("message_id"),
411
412
  priority=get_optional(entry.get("priority"), int),
412
- code_file=get_optional(entry.get("code_file"), path.from_posix),
413
+ code_file=get_optional(entry.get("code_file"), path_function),
413
414
  code_line=get_optional(entry.get("code_line"), int),
414
415
  code_func=entry.get("code_func"),
415
416
  errno=get_optional(entry.get("errno"), int),
@@ -427,12 +428,12 @@ class JournalPlugin(Plugin):
427
428
  uid=get_optional(entry.get("uid"), int),
428
429
  gid=get_optional(entry.get("gid"), int),
429
430
  comm=entry.get("comm"),
430
- exe=get_optional(entry.get("exe"), path.from_posix),
431
+ exe=get_optional(entry.get("exe"), path_function),
431
432
  cmdline=entry.get("cmdline"),
432
433
  cap_effective=entry.get("cap_effective"),
433
434
  audit_session=get_optional(entry.get("audit_session"), int),
434
435
  audit_loginuid=get_optional(entry.get("audit_loginuid"), int),
435
- systemd_cgroup=get_optional(entry.get("systemd_cgroup"), path.from_posix),
436
+ systemd_cgroup=get_optional(entry.get("systemd_cgroup"), path_function),
436
437
  systemd_slice=entry.get("systemd_slice"),
437
438
  systemd_unit=entry.get("systemd_unit"),
438
439
  systemd_user_unit=entry.get("systemd_user_unit"),
@@ -451,8 +452,8 @@ class JournalPlugin(Plugin):
451
452
  kernel_device=entry.get("kernel_device"),
452
453
  kernel_subsystem=entry.get("kernel_subsystem"),
453
454
  udev_sysname=entry.get("udev_sysname"),
454
- udev_devnode=get_optional(entry.get("udev_devnode"), path.from_posix),
455
- udev_devlink=get_optional(entry.get("udev_devlink"), path.from_posix),
455
+ udev_devnode=get_optional(entry.get("udev_devnode"), path_function),
456
+ udev_devlink=get_optional(entry.get("udev_devlink"), path_function),
456
457
  journal_hostname=entry.get("hostname"),
457
458
  filepath=_path,
458
459
  _target=self.target,
@@ -77,7 +77,8 @@ class WindowsPlugin(OSPlugin):
77
77
  self.target.fs.mount(drive, volume.fs)
78
78
  break
79
79
  except Exception as e:
80
- self.target.log.warning("Failed to map drive letters", exc_info=e)
80
+ self.target.log.warning("Failed to map drive letters")
81
+ self.target.log.debug("", exc_info=e)
81
82
 
82
83
  @export(property=True)
83
84
  def hostname(self) -> Optional[str]:
@@ -1,7 +1,6 @@
1
1
  from datetime import datetime, timezone
2
2
 
3
3
  from dissect.util.ts import wintimestamp
4
- from flow.record.fieldtypes import path
5
4
 
6
5
  from dissect.target.exceptions import RegistryKeyNotFoundError, UnsupportedPluginError
7
6
  from dissect.target.helpers import regutil
@@ -220,7 +219,7 @@ class AmcachePluginOldMixin:
220
219
  created_timestamp=parse_win_timestamp(subkey_data.get("created_timestamp")),
221
220
  mtime_regf=subkey.timestamp,
222
221
  reference=int(subkey.name, 16),
223
- path=path.from_windows(subkey_data["full_path"]) if subkey_data.get("full_path") else None,
222
+ path=self.target.fs.path(subkey_data["full_path"]) if subkey_data.get("full_path") else None,
224
223
  language_code=subkey_data.get("language_code"),
225
224
  digests=[None, subkey_data["sha1"][-40:] if subkey_data.get("sha1") else None, None],
226
225
  program_id=subkey_data.get("program_id"),
@@ -265,7 +264,7 @@ class AmcachePluginOldMixin:
265
264
  language_code=entry_data.get("LanguageCode"),
266
265
  entry_type=entry_data.get("EntryType"),
267
266
  uninstall_key=entry_data.get("UninstallKey"),
268
- path=path.from_windows(file_path_entry),
267
+ path=self.target.fs.path(file_path_entry),
269
268
  product_code=entry_data.get("ProductCode"),
270
269
  package_code=entry_data.get("PackageCode"),
271
270
  msi_package_code=entry_data.get("MsiPackageCode"),
@@ -284,7 +283,7 @@ class AmcachePluginOldMixin:
284
283
  language_code=entry_data.get("LanguageCode"),
285
284
  entry_type=entry_data.get("EntryType"),
286
285
  uninstall_key=entry_data.get("UninstallKey"),
287
- path=path.from_windows(file_entry),
286
+ path=self.target.fs.path(file_entry),
288
287
  product_code=entry_data.get("ProductCode"),
289
288
  package_code=entry_data.get("PackageCode"),
290
289
  msi_package_code=entry_data.get("MsiPackageCode"),
@@ -416,7 +415,7 @@ class AmcachePlugin(AmcachePluginOldMixin, Plugin):
416
415
  program_instance_id=entry_data.get("ProgramInstanceId"),
417
416
  publisher=entry_data.get("Publisher"),
418
417
  registry_key_path=entry_data.get("RegistryKeyPath"),
419
- root_dir_path=path.from_windows(entry_data.get("RootDirPath")),
418
+ root_dir_path=self.target.fs.path(entry_data.get("RootDirPath")),
420
419
  source=entry_data.get("Source"),
421
420
  uninstall_string=entry_data.get("UninstallString"),
422
421
  type=entry_data.get("Type"),
@@ -467,7 +466,7 @@ class AmcachePlugin(AmcachePluginOldMixin, Plugin):
467
466
  mtime_regf=entry.timestamp,
468
467
  program_id=entry_data.get("ProgramId"),
469
468
  digests=[None, sha1_digest, None],
470
- path=path.from_windows(entry_data.get("LowerCaseLongPath")),
469
+ path=self.target.fs.path(entry_data.get("LowerCaseLongPath")),
471
470
  link_date=parse_win_datetime(entry_data.get("LinkDate")),
472
471
  hash_path=entry_data.get("LongPathHash"),
473
472
  name=entry_data.get("Name"),
@@ -492,8 +491,8 @@ class AmcachePlugin(AmcachePluginOldMixin, Plugin):
492
491
 
493
492
  yield BinaryAppcompatRecord(
494
493
  mtime_regf=entry.timestamp,
495
- driver_name=path.from_windows(entry_data.get("DriverName")),
496
- inf=path.from_windows(entry_data.get("Inf")),
494
+ driver_name=self.target.fs.path(entry_data.get("DriverName")),
495
+ inf=self.target.fs.path(entry_data.get("Inf")),
497
496
  driver_version=entry_data.get("DriverVersion"),
498
497
  product=entry_data.get("Product"),
499
498
  product_version=entry_data.get("ProductVersion"),
@@ -515,7 +514,7 @@ class AmcachePlugin(AmcachePluginOldMixin, Plugin):
515
514
  for entry in self.read_key_subkeys(key):
516
515
  yield ShortcutAppcompatRecord(
517
516
  mtime_regf=entry.timestamp,
518
- path=path.from_windows(entry.value("ShortCutPath").value),
517
+ path=self.target.fs.path(entry.value("ShortCutPath").value),
519
518
  _target=self.target,
520
519
  )
521
520
 
@@ -637,7 +636,7 @@ class AmcachePlugin(AmcachePluginOldMixin, Plugin):
637
636
  parts = line.rstrip().split("|")
638
637
  yield AppLaunchAppcompatRecord(
639
638
  ts=datetime.strptime(parts[-1], "%Y-%m-%d %H:%M:%S.%f").replace(tzinfo=timezone.utc),
640
- path=path.from_windows(parts[0]),
639
+ path=self.target.fs.path(parts[0]),
641
640
  _target=self.target,
642
641
  )
643
642
 
@@ -1,5 +1,5 @@
1
1
  from asn1crypto import algos, core
2
- from flow.record.fieldtypes import digest, path
2
+ from flow.record.fieldtypes import digest
3
3
 
4
4
  from dissect.target.exceptions import UnsupportedPluginError
5
5
  from dissect.target.helpers.record import TargetRecordDescriptor
@@ -118,7 +118,7 @@ class CatrootPlugin(Plugin):
118
118
 
119
119
  yield CatrootRecord(
120
120
  digest=fdigest,
121
- hint=path.from_windows(filehint) if filehint else None,
121
+ hint=self.target.fs.path(filehint) if filehint else None,
122
122
  source=f,
123
123
  _target=self.target,
124
124
  )
@@ -2,7 +2,6 @@ from datetime import datetime
2
2
  from typing import Optional
3
3
 
4
4
  from dissect.util.ts import from_unix
5
- from flow.record.fieldtypes import path
6
5
 
7
6
  from dissect.target.exceptions import RegistryError, UnsupportedPluginError
8
7
  from dissect.target.helpers.descriptor_extensions import (
@@ -250,7 +249,7 @@ class GenericPlugin(Plugin):
250
249
  value = r.value(name)
251
250
  yield AppInitRecord(
252
251
  ts=r.ts,
253
- path=path.from_windows(value.value),
252
+ path=self.target.fs.path(value.value),
254
253
  _target=self.target,
255
254
  _user=user,
256
255
  _key=r,
@@ -279,7 +278,7 @@ class GenericPlugin(Plugin):
279
278
  for value in r.values():
280
279
  yield KnownDllRecord(
281
280
  ts=r.ts,
282
- path=path.from_windows(value.value),
281
+ path=self.target.fs.path(value.value),
283
282
  _target=self.target,
284
283
  _user=user,
285
284
  _key=r,
@@ -325,7 +324,7 @@ class GenericPlugin(Plugin):
325
324
 
326
325
  yield SessionManagerRecord(
327
326
  ts=r.ts,
328
- path=path.from_windows(d),
327
+ path=self.target.fs.path(d),
329
328
  _target=self.target,
330
329
  _user=user,
331
330
  _key=r,
@@ -333,7 +332,7 @@ class GenericPlugin(Plugin):
333
332
  else:
334
333
  yield SessionManagerRecord(
335
334
  ts=r.ts,
336
- path=path.from_windows(data.split(" ")[0]),
335
+ path=self.target.fs.path(data.split(" ")[0]),
337
336
  _target=self.target,
338
337
  _user=user,
339
338
  _key=r,
@@ -427,7 +426,7 @@ class GenericPlugin(Plugin):
427
426
  value = r.value(name)
428
427
  yield CommandProcAutoRunRecord(
429
428
  ts=r.ts,
430
- path=path.from_windows(value.value),
429
+ path=self.target.fs.path(value.value),
431
430
  _target=self.target,
432
431
  _user=user,
433
432
  _key=r,
@@ -453,7 +452,7 @@ class GenericPlugin(Plugin):
453
452
  value = r.value("AlternateShell")
454
453
  yield AlternateShellRecord(
455
454
  ts=r.ts,
456
- path=path.from_windows(value.value),
455
+ path=self.target.fs.path(value.value),
457
456
  _target=self.target,
458
457
  _user=user,
459
458
  _key=r,
@@ -477,7 +476,7 @@ class GenericPlugin(Plugin):
477
476
 
478
477
  yield BootShellRecord(
479
478
  ts=r.ts,
480
- path=path.from_windows(value.value),
479
+ path=self.target.fs.path(value.value),
481
480
  _target=self.target,
482
481
  _user=user,
483
482
  _key=r,
@@ -500,7 +499,7 @@ class GenericPlugin(Plugin):
500
499
  user = self.target.registry.get_user(r)
501
500
  try:
502
501
  value = r.value("PendingFileRenameOperations")
503
- paths = map(path.from_windows, value.value)
502
+ paths = map(self.target.fs.path, value.value)
504
503
  except RegistryError:
505
504
  continue
506
505
 
@@ -528,7 +527,7 @@ class GenericPlugin(Plugin):
528
527
  for v in r.values():
529
528
  yield WinRarRecord(
530
529
  ts=r.ts,
531
- path=path.from_windows(v.value),
530
+ path=self.target.fs.path(v.value),
532
531
  _target=self.target,
533
532
  _user=user,
534
533
  _key=r,
@@ -552,7 +551,7 @@ class GenericPlugin(Plugin):
552
551
  for s in r.subkeys():
553
552
  yield WinSockNamespaceProviderRecord(
554
553
  ts=r.ts,
555
- librarypath=path.from_windows(s.value("LibraryPath").value),
554
+ librarypath=self.target.fs.path(s.value("LibraryPath").value),
556
555
  displaystring=s.value("DisplayString").value,
557
556
  providerid=s.value("ProviderID").value,
558
557
  enabled=s.value("Enabled").value,
@@ -2,7 +2,6 @@ from typing import Iterator, Optional
2
2
 
3
3
  from dissect.shellitem.lnk import Lnk
4
4
  from dissect.util import ts
5
- from flow.record.fieldtypes import path
6
5
 
7
6
  from dissect.target.exceptions import UnsupportedPluginError
8
7
  from dissect.target.helpers.fsutil import TargetPath
@@ -88,17 +87,17 @@ class LnkPlugin(Plugin):
88
87
  lnk_ctime = ts.from_unix(entry.stat().st_ctime)
89
88
 
90
89
  lnk_relativepath = (
91
- path.from_windows(lnk_file.stringdata.relative_path.string)
90
+ self.target.fs.path(lnk_file.stringdata.relative_path.string)
92
91
  if lnk_file.flag("has_relative_path")
93
92
  else None
94
93
  )
95
94
  lnk_workdir = (
96
- path.from_windows(lnk_file.stringdata.working_dir.string)
95
+ self.target.fs.path(lnk_file.stringdata.working_dir.string)
97
96
  if lnk_file.flag("has_working_dir")
98
97
  else None
99
98
  )
100
99
  lnk_iconlocation = (
101
- path.from_windows(lnk_file.stringdata.icon_location.string)
100
+ self.target.fs.path(lnk_file.stringdata.icon_location.string)
102
101
  if lnk_file.flag("has_icon_location")
103
102
  else None
104
103
  )
@@ -115,9 +114,9 @@ class LnkPlugin(Plugin):
115
114
  )
116
115
 
117
116
  if local_base_path and common_path_suffix:
118
- lnk_full_path = path.from_windows(local_base_path + common_path_suffix)
117
+ lnk_full_path = self.target.fs.path(local_base_path + common_path_suffix)
119
118
  elif local_base_path and not common_path_suffix:
120
- lnk_full_path = path.from_windows(local_base_path)
119
+ lnk_full_path = self.target.fs.path(local_base_path)
121
120
  else:
122
121
  lnk_full_path = None
123
122
 
@@ -4,8 +4,6 @@ import re
4
4
  from datetime import datetime
5
5
  from typing import TYPE_CHECKING, Iterator, Union
6
6
 
7
- from flow.record.fieldtypes import path
8
-
9
7
  from dissect.target.exceptions import UnsupportedPluginError
10
8
  from dissect.target.helpers.record import TargetRecordDescriptor
11
9
  from dissect.target.plugin import Plugin, export
@@ -78,9 +76,9 @@ def create_record(
78
76
  modified=_to_log_timestamp(install_properties.get("modified")),
79
77
  access=_to_log_timestamp(install_properties.get("lastaccessed")),
80
78
  link_date=_to_log_timestamp(install_properties.get("linkdate")),
81
- path=path.from_windows(install_properties.get("path")),
82
- filename=path.from_windows(filename),
83
- create=path.from_windows(create),
79
+ path=target.fs.path(install_properties.get("path")),
80
+ filename=target.fs.path(filename),
81
+ create=target.fs.path(create),
84
82
  size_of_image=install_properties.get("sizeofimage"),
85
83
  file_description=install_properties.get("filedescription"),
86
84
  size=install_properties.get("size"),
@@ -1,8 +1,6 @@
1
1
  import datetime
2
2
  import re
3
3
 
4
- from flow.record.fieldtypes import path
5
-
6
4
  from dissect.target.exceptions import UnsupportedPluginError
7
5
  from dissect.target.helpers.record import TargetRecordDescriptor
8
6
  from dissect.target.plugin import Plugin, export
@@ -70,7 +68,7 @@ class PfroPlugin(Plugin):
70
68
 
71
69
  yield PfroRecord(
72
70
  ts=datetime.datetime.strptime(date, "%m/%d/%Y %H:%M:%S"),
73
- path=path.from_windows(file_path),
71
+ path=self.target.fs.path(file_path),
74
72
  operation=operation,
75
73
  _target=self.target,
76
74
  )
@@ -3,7 +3,6 @@ from io import BytesIO
3
3
  from dissect import cstruct
4
4
  from dissect.util import lzxpress_huffman
5
5
  from dissect.util.ts import wintimestamp
6
- from flow.record.fieldtypes import path
7
6
 
8
7
  from dissect.target.exceptions import UnsupportedPluginError
9
8
  from dissect.target.helpers.record import TargetRecordDescriptor
@@ -212,7 +211,7 @@ class Prefetch:
212
211
  self.fn.filename_strings_offset + entry.filename_string_offset,
213
212
  entry.filename_string_number_of_characters,
214
213
  )
215
- metrics.append(path.from_windows(filename.decode("utf-16-le")))
214
+ metrics.append(filename.decode("utf-16-le"))
216
215
  return metrics
217
216
 
218
217
  def read_filename(self, off, size):
@@ -290,15 +289,15 @@ class PrefetchPlugin(Plugin):
290
289
  self.target.log.warning("Failed to parse prefetch file: %s", entry, exc_info=e)
291
290
  continue
292
291
 
293
- filename = path.from_windows(scca.header.name.decode("utf-16-le", errors="ignore").split("\x00")[0])
294
- entry_name = path.from_windows(entry.name)
292
+ filename = self.target.fs.path(scca.header.name.decode("utf-16-le", errors="ignore").split("\x00")[0])
293
+ entry_name = self.target.fs.path(entry.name)
295
294
 
296
295
  if grouped:
297
296
  yield GroupedPrefetchRecord(
298
297
  ts=scca.latest_timestamp,
299
298
  filename=filename,
300
299
  prefetch=entry_name,
301
- linkedfiles=list(map(path.from_windows, scca.metrics)),
300
+ linkedfiles=list(map(self.target.fs.path, scca.metrics)),
302
301
  runcount=scca.fn.run_count,
303
302
  previousruns=scca.previous_timestamps,
304
303
  _target=self.target,
@@ -311,7 +310,7 @@ class PrefetchPlugin(Plugin):
311
310
  ts=date,
312
311
  filename=filename,
313
312
  prefetch=entry_name,
314
- linkedfile=path.from_windows(linked_file),
313
+ linkedfile=self.target.fs.path(linked_file),
315
314
  runcount=scca.fn.run_count,
316
315
  _target=self.target,
317
316
  )
@@ -2,7 +2,6 @@ from typing import Generator
2
2
 
3
3
  from dissect import cstruct
4
4
  from dissect.util.ts import wintimestamp
5
- from flow.record.fieldtypes import path
6
5
 
7
6
  from dissect.target import Target
8
7
  from dissect.target.exceptions import UnsupportedPluginError
@@ -115,10 +114,10 @@ class RecyclebinPlugin(Plugin):
115
114
 
116
115
  return RecycleBinRecord(
117
116
  ts=wintimestamp(entry.timestamp),
118
- path=path.from_windows(entry.filename.rstrip("\x00")),
119
- source=path.from_windows(source_path),
117
+ path=self.target.fs.path(entry.filename.rstrip("\x00")),
118
+ source=self.target.fs.path(source_path),
120
119
  filesize=entry.file_size,
121
- deleted_path=path.from_windows(deleted_path),
120
+ deleted_path=self.target.fs.path(deleted_path),
122
121
  _target=self.target,
123
122
  _user=user,
124
123
  )
@@ -1,5 +1,3 @@
1
- from flow.record.fieldtypes import path
2
-
3
1
  from dissect.target.exceptions import RegistryError, UnsupportedPluginError
4
2
  from dissect.target.helpers.record import TargetRecordDescriptor
5
3
  from dissect.target.plugin import Plugin, export
@@ -66,7 +64,7 @@ class SevenZipPlugin(Plugin):
66
64
 
67
65
  yield record(
68
66
  ts=subkey.ts,
69
- path=path.from_windows(file_path),
67
+ path=self.target.fs.path(file_path),
70
68
  _target=self.target,
71
69
  )
72
70
  except RegistryError:
@@ -90,7 +88,7 @@ class SevenZipPlugin(Plugin):
90
88
  value = subkey.value("PanelPath0").value
91
89
  yield PanelPathRecord(
92
90
  ts=subkey.ts,
93
- path=path.from_windows(value),
91
+ path=self.target.fs.path(value),
94
92
  _target=self.target,
95
93
  )
96
94
  except RegistryError:
@@ -1,6 +1,5 @@
1
1
  from dissect.cstruct import cstruct
2
2
  from dissect.util.ts import wintimestamp
3
- from flow.record.fieldtypes import path
4
3
 
5
4
  from dissect.target.exceptions import UnsupportedPluginError
6
5
  from dissect.target.helpers.record import TargetRecordDescriptor
@@ -57,6 +56,6 @@ class BamDamPlugin(Plugin):
57
56
  data = c_bam.entry(entry.value)
58
57
  yield BamDamRecord(
59
58
  ts=wintimestamp(data.ts),
60
- path=path.from_windows(entry.name),
59
+ path=self.target.fs.path(entry.name),
61
60
  _target=self.target,
62
61
  )
@@ -11,7 +11,6 @@ from io import BytesIO
11
11
  from dissect.cstruct import cstruct
12
12
  from dissect.util.compression import lznt1
13
13
  from dissect.util.ts import wintimestamp
14
- from flow.record.fieldtypes import path
15
14
 
16
15
  from dissect.target.exceptions import RegistryValueNotFoundError, UnsupportedPluginError
17
16
  from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
@@ -735,7 +734,7 @@ class CITPlugin(Plugin):
735
734
  start_time=local_wintimestamp(self.target, cit.header.StartTimeLocal),
736
735
  current_time=local_wintimestamp(self.target, cit.header.CurrentTimeLocal),
737
736
  aggregation_period_in_s=cit.header.AggregationPeriodInS,
738
- path=path.from_windows(entry.file_path),
737
+ path=self.target.fs.path(entry.file_path),
739
738
  command_line=entry.command_line,
740
739
  pe_timedatestamp=program_data.PeTimeDateStamp,
741
740
  pe_checksum=program_data.PeCheckSum,
@@ -895,7 +894,7 @@ class CITPlugin(Plugin):
895
894
  yield CITTelemetryRecord(
896
895
  regf_mtime=version_key.ts,
897
896
  version=version_key.name,
898
- path=path.from_windows(value.name),
897
+ path=self.target.fs.path(value.name),
899
898
  value=str(c_cit.TELEMETRY_ANSWERS(value.value)).split(".")[1],
900
899
  _target=self.target,
901
900
  )
@@ -941,8 +940,8 @@ class CITPlugin(Plugin):
941
940
  yield CITModuleRecord(
942
941
  last_loaded=wintimestamp(value.value),
943
942
  regf_mtime=monitored_dll.ts,
944
- tracked_module=path.from_windows(monitored_dll.name),
945
- executable=path.from_windows(value.name),
943
+ tracked_module=self.target.fs.path(monitored_dll.name),
944
+ executable=self.target.fs.path(value.name),
946
945
  # These are actually specific for the tracked module, but just include them in every record
947
946
  overflow_quota=overflow_quota,
948
947
  overflow_value=overflow_value,
@@ -1,7 +1,5 @@
1
1
  from typing import Generator
2
2
 
3
- from flow.record.fieldtypes import path
4
-
5
3
  from dissect.target.exceptions import UnsupportedPluginError
6
4
  from dissect.target.helpers.descriptor_extensions import (
7
5
  RegistryRecordDescriptorExtension,
@@ -84,7 +82,7 @@ class MuiCachePlugin(Plugin):
84
82
  index=index,
85
83
  name=name,
86
84
  value=entry.value,
87
- path=path.from_windows(entry_path),
85
+ path=self.target.fs.path(entry_path),
88
86
  _target=self.target,
89
87
  _key=key,
90
88
  _user=user,
@@ -1,5 +1,4 @@
1
1
  from dissect import cstruct
2
- from flow.record.fieldtypes import path
3
2
 
4
3
  from dissect.target.exceptions import UnsupportedPluginError
5
4
  from dissect.target.helpers.record import TargetRecordDescriptor
@@ -59,7 +58,7 @@ class RecentFileCachePlugin(Plugin):
59
58
  entry.path = entry.path.rstrip("\x00")
60
59
 
61
60
  yield RecentFileCacheRecord(
62
- path=path.from_windows(entry.path),
61
+ path=self.target.fs.path(entry.path),
63
62
  _target=self.target,
64
63
  )
65
64
  except EOFError:
@@ -6,7 +6,6 @@ from typing import Callable, Generator, Optional, Tuple, Union
6
6
 
7
7
  from dissect.cstruct import Structure, cstruct
8
8
  from dissect.util.ts import wintimestamp
9
- from flow.record.fieldtypes import path
10
9
 
11
10
  from dissect.target.exceptions import Error, RegistryError, UnsupportedPluginError
12
11
  from dissect.target.helpers.record import TargetRecordDescriptor
@@ -358,6 +357,6 @@ class ShimcachePlugin(Plugin):
358
357
  last_modified=ts,
359
358
  name=name,
360
359
  index=index,
361
- path=path.from_windows(self.target.resolve(file_path)),
360
+ path=self.target.fs.path(self.target.resolve(file_path)),
362
361
  _target=self.target,
363
362
  )
@@ -73,7 +73,7 @@ class TrustedDocumentsPlugin(Plugin):
73
73
  ts=key.ts,
74
74
  type=value.type,
75
75
  application=application,
76
- document_path=self.target.resolve(value.name),
76
+ document_path=self.target.fs.path(self.target.resolve(value.name)),
77
77
  value=value.value,
78
78
  _key=key,
79
79
  _user=user,