dissect.target 3.14.dev8__py3-none-any.whl → 3.14.dev10__py3-none-any.whl

dissect/target/filesystem.py

@@ -45,10 +45,12 @@ class Filesystem:
     # This has the added benefit of having a readily available "pretty name" for each implementation
     __type__: str = None
     """A short string identifying the type of filesystem."""
+    __multi_volume__: bool = False
+    """Whether this filesystem supports multiple volumes (disks)."""
 
     def __init__(
         self,
-        volume: Optional[BinaryIO] = None,
+        volume: Optional[Union[BinaryIO, list[BinaryIO]]] = None,
         alt_separator: str = "",
         case_sensitive: bool = True,
     ) -> None:
@@ -56,7 +58,7 @@ class Filesystem:
 
         Args:
             volume: A volume or other file-like object associated with the filesystem.
-            case_sensitive: Defines if the paths in the Filesystem are case sensitive or not.
+            case_sensitive: Defines if the paths in the filesystem are case sensitive or not.
             alt_separator: The alternative separator used to distingish between directories in a path.
 
         Raises:
@@ -82,7 +84,7 @@ class Filesystem:
         return cls.__type__
 
     def path(self, *args) -> fsutil.TargetPath:
-        """Get a specific path from the filesystem."""
+        """Instantiate a new path-like object on this filesystem."""
         return fsutil.TargetPath(self, *args)
 
     @classmethod
@@ -125,6 +127,52 @@ class Filesystem:
         """
         raise NotImplementedError()
 
+    @classmethod
+    def detect_id(cls, fh: BinaryIO) -> Optional[bytes]:
+        """Return a filesystem set identifier.
+
+        Only used in filesystems that support multiple volumes (disks) to find all volumes
+        belonging to a single filesystem.
+
+        Args:
+            fh: A file-like object, usually a disk or partition.
+        """
+        if not cls.__multi_volume__:
+            return None
+
+        offset = fh.tell()
+        try:
+            fh.seek(0)
+            return cls._detect_id(fh)
+        except NotImplementedError:
+            raise
+        except Exception as e:
+            log.warning("Failed to detect ID on %s filesystem", cls.__fstype__)
+            log.debug("", exc_info=e)
+        finally:
+            fh.seek(offset)
+
+        return None
+
+    @staticmethod
+    def _detect_id(fh: BinaryIO) -> Optional[bytes]:
+        """Return a filesystem set identifier.
+
+        This method should be implemented by subclasses of filesystems that support multiple volumes (disks).
+        The position of ``fh`` is guaranteed to be ``0``.
+
+        Args:
+            fh: A file-like object, usually a disk or partition.
+
+        Returns:
+            An identifier that can be used to combine the given ``fh`` with others beloning to the same set.
+        """
+        raise NotImplementedError()
+
+    def iter_subfs(self) -> Iterator[Filesystem]:
+        """Yield possible sub-filesystems."""
+        yield from ()
+
     def get(self, path: str) -> FilesystemEntry:
         """Retrieve a :class:`FilesystemEntry` from the filesystem.
 
@@ -1461,6 +1509,18 @@ def register(module: str, class_name: str, internal: bool = True) -> None:
     FILESYSTEMS.append(getattr(import_lazy(module), class_name))
 
 
+def is_multi_volume_filesystem(fh: BinaryIO) -> bool:
+    for filesystem in FILESYSTEMS:
+        try:
+            if filesystem.__multi_volume__ and filesystem.detect(fh):
+                return True
+        except ImportError as e:
+            log.info("Failed to import %s", filesystem)
+            log.debug("", exc_info=e)
+
+    return False
+
+
 def open(fh: BinaryIO, *args, **kwargs) -> Filesystem:
     offset = fh.tell()
     fh.seek(0)
@@ -1469,10 +1529,7 @@ def open(fh: BinaryIO, *args, **kwargs) -> Filesystem:
         for filesystem in FILESYSTEMS:
             try:
                 if filesystem.detect(fh):
-                    instance = filesystem(fh, *args, **kwargs)
-                    instance.volume = fh
-
-                    return instance
+                    return filesystem(fh, *args, **kwargs)
             except ImportError as e:
                 log.info("Failed to import %s", filesystem)
                 log.debug("", exc_info=e)
@@ -1482,12 +1539,35 @@ def open(fh: BinaryIO, *args, **kwargs) -> Filesystem:
     raise FilesystemError(f"Failed to open filesystem for {fh}")
 
 
+def open_multi_volume(fhs: list[BinaryIO], *args, **kwargs) -> Filesystem:
+    for filesystem in FILESYSTEMS:
+        try:
+            if not filesystem.__multi_volume__:
+                continue
+
+            volumes = defaultdict(list)
+            for fh in fhs:
+                if not filesystem.detect(fh):
+                    continue
+
+                identifier = filesystem.detect_id(fh)
+                volumes[identifier].append(fh)
+
+            for vols in volumes.values():
+                yield filesystem(vols, *args, **kwargs)
+
+        except ImportError as e:
+            log.info("Failed to import %s", filesystem)
+            log.debug("", exc_info=e)
+
+
 register("ntfs", "NtfsFilesystem")
 register("extfs", "ExtFilesystem")
 register("xfs", "XfsFilesystem")
 register("fat", "FatFilesystem")
 register("ffs", "FfsFilesystem")
 register("vmfs", "VmfsFilesystem")
+register("btrfs", "BtrfsFilesystem")
 register("exfat", "ExfatFilesystem")
 register("squashfs", "SquashFSFilesystem")
 register("zip", "ZipFilesystem")

dissect/target/filesystems/btrfs.py

@@ -0,0 +1,180 @@
+from __future__ import annotations
+
+from typing import BinaryIO, Iterator, Optional, Union
+
+import dissect.btrfs as btrfs
+from dissect.btrfs.c_btrfs import c_btrfs
+
+from dissect.target.exceptions import (
+    FileNotFoundError,
+    FilesystemError,
+    IsADirectoryError,
+    NotADirectoryError,
+    NotASymlinkError,
+)
+from dissect.target.filesystem import Filesystem, FilesystemEntry
+from dissect.target.helpers import fsutil
+
+
+class BtrfsFilesystem(Filesystem):
+    __fstype__ = "btrfs"
+    __multi_volume__ = True
+
+    def __init__(self, fh: Union[BinaryIO, list[BinaryIO]], *args, **kwargs):
+        super().__init__(fh, *args, **kwargs)
+        self.btrfs = btrfs.Btrfs(fh)
+        self.subfs = self.open_subvolume()
+        self.subvolume = self.subfs.subvolume
+
+    @staticmethod
+    def _detect(fh: BinaryIO) -> bool:
+        fh.seek(c_btrfs.BTRFS_SUPER_INFO_OFFSET)
+        block = fh.read(4096)
+        magic = int.from_bytes(block[64:72], "little")
+
+        return magic == c_btrfs.BTRFS_MAGIC
+
+    @staticmethod
+    def _detect_id(fh: BinaryIO) -> Optional[bytes]:
+        # First field is csum, followed by fsid
+        fh.seek(c_btrfs.BTRFS_SUPER_INFO_OFFSET + c_btrfs.BTRFS_CSUM_SIZE)
+        return fh.read(c_btrfs.BTRFS_FSID_SIZE)
+
+    def iter_subfs(self) -> Iterator[BtrfsSubvolumeFilesystem]:
+        for subvol in self.btrfs.subvolumes():
+            if subvol.objectid == self.subfs.subvolume.objectid:
+                # Skip the default volume as it's already opened by the main filesystem
+                continue
+            yield self.open_subvolume(subvolid=subvol.objectid)
+
+    def open_subvolume(self, subvol: Optional[str] = None, subvolid: Optional[int] = None) -> BtrfsSubvolumeFilesystem:
+        return BtrfsSubvolumeFilesystem(self, subvol, subvolid)
+
+    def get(self, path: str) -> FilesystemEntry:
+        return self.subfs.get(path)
+
+
+class BtrfsSubvolumeFilesystem(Filesystem):
+    __fstype__ = "btrfs"
+
+    def __init__(self, fs: BtrfsFilesystem, subvol: Optional[str] = None, subvolid: Optional[int] = None):
+        super().__init__(fs.volume, alt_separator=fs.alt_separator, case_sensitive=fs.case_sensitive)
+        if subvol is not None and subvolid is not None:
+            raise ValueError("Only one of subvol or subvolid is allowed")
+
+        self.fs = fs
+        self.btrfs = fs.btrfs
+        if subvol:
+            self.subvolume = self.btrfs.find_subvolume(subvol)
+        elif subvolid:
+            self.subvolume = self.btrfs.open_subvolume(subvolid)
+        else:
+            self.subvolume = self.btrfs.default_subvolume
+
+    def get(self, path: str) -> FilesystemEntry:
+        return BtrfsFilesystemEntry(self, path, self._get_node(path))
+
+    def _get_node(self, path: str, node: Optional[btrfs.INode] = None) -> btrfs.INode:
+        try:
+            return self.subvolume.get(path, node)
+        except btrfs.FileNotFoundError as e:
+            raise FileNotFoundError(path, cause=e)
+        except btrfs.NotADirectoryError as e:
+            raise NotADirectoryError(path, cause=e)
+        except btrfs.NotASymlinkError as e:
+            raise NotASymlinkError(path, cause=e)
+        except btrfs.Error as e:
+            raise FileNotFoundError(path, cause=e)
+
+
+class BtrfsFilesystemEntry(FilesystemEntry):
+    fs: BtrfsFilesystem
+    entry: btrfs.INode
+
+    def get(self, path: str) -> FilesystemEntry:
+        entry_path = fsutil.join(self.path, path, alt_separator=self.fs.alt_separator)
+        entry = self.fs._get_node(path, self.entry)
+        return BtrfsFilesystemEntry(self.fs, entry_path, entry)
+
+    def open(self) -> BinaryIO:
+        if self.is_dir():
+            raise IsADirectoryError(self.path)
+        return self._resolve().entry.open()
+
+    def _iterdir(self) -> Iterator[btrfs.INode]:
+        if not self.is_dir():
+            raise NotADirectoryError(self.path)
+
+        if self.is_symlink():
+            for entry in self.readlink_ext().iterdir():
+                yield entry
+        else:
+            for name, entry in self.entry.iterdir():
+                if name in (".", ".."):
+                    continue
+
+                yield name, entry
+
+    def iterdir(self) -> Iterator[str]:
+        for name, _ in self._iterdir():
+            yield name
+
+    def scandir(self) -> Iterator[FilesystemEntry]:
+        for name, entry in self._iterdir():
+            entry_path = fsutil.join(self.path, name, alt_separator=self.fs.alt_separator)
+            yield BtrfsFilesystemEntry(self.fs, entry_path, entry)
+
+    def is_dir(self, follow_symlinks: bool = True) -> bool:
+        try:
+            return self._resolve(follow_symlinks=follow_symlinks).entry.is_dir()
+        except FilesystemError:
+            return False
+
+    def is_file(self, follow_symlinks: bool = True) -> bool:
+        try:
+            return self._resolve(follow_symlinks=follow_symlinks).entry.is_file()
+        except FilesystemError:
+            return False
+
+    def is_symlink(self) -> bool:
+        return self.entry.is_symlink()
+
+    def readlink(self) -> str:
+        if not self.is_symlink():
+            raise NotASymlinkError()
+
+        return self.entry.link
+
+    def stat(self, follow_symlinks: bool = True) -> fsutil.stat_result:
+        return self._resolve(follow_symlinks=follow_symlinks).lstat()
+
+    def lstat(self) -> fsutil.stat_result:
+        entry = self.entry
+        node = self.entry.inode
+
+        # mode, ino, dev, nlink, uid, gid, size, atime, mtime, ctime
+        st_info = st_info = fsutil.stat_result(
+            [
+                entry.mode,
+                entry.inum,
+                0,
+                node.nlink,
+                entry.uid,
+                entry.gid,
+                entry.size,
+                # timestamp() returns a float which will fill both the integer and float fields
+                entry.atime.timestamp(),
+                entry.mtime.timestamp(),
+                entry.ctime.timestamp(),
+            ]
+        )
+
+        # Set the nanosecond resolution separately
+        st_info.st_atime_ns = entry.atime_ns
+        st_info.st_mtime_ns = entry.mtime_ns
+        st_info.st_ctime_ns = entry.ctime_ns
+
+        # Btrfs has a birth time, called otime
+        st_info.st_birthtime = entry.otime.timestamp()
+
+        return st_info

dissect/target/helpers/utils.py

@@ -4,7 +4,7 @@ import urllib.parse
 from datetime import datetime, timezone, tzinfo
 from enum import Enum
 from pathlib import Path
-from typing import BinaryIO, Iterator, Union
+from typing import BinaryIO, Callable, Iterator, Optional, Union
 
 from dissect.util.ts import from_unix
 
@@ -17,7 +17,7 @@ class StrEnum(str, Enum):
     """Sortable and serializible string-based enum"""
 
 
-def list_to_frozen_set(function):
+def list_to_frozen_set(function: Callable) -> Callable:
     def wrapper(*args):
         args = [frozenset(x) if isinstance(x, list) else x for x in args]
         return function(*args)
@@ -25,7 +25,7 @@ def list_to_frozen_set(function):
     return wrapper
 
 
-def parse_path_uri(path):
+def parse_path_uri(path: Path) -> tuple[Optional[str], Optional[str], Optional[str]]:
     if path is None:
         return None, None, None
     parsed_path = urllib.parse.urlparse(str(path))
@@ -33,6 +33,17 @@ def parse_path_uri(path):
     return parsed_path.scheme, parsed_path.path, parsed_query
 
 
+def parse_options_string(options: str) -> dict[str, Union[str, bool]]:
+    result = {}
+    for opt in options.split(","):
+        if "=" in opt:
+            key, _, value = opt.partition("=")
+            result[key] = value
+        else:
+            result[opt] = True
+    return result
+
+
 SLUG_RE = re.compile(r"[/\\ ]")
 
 

dissect/target/plugins/apps/av/symantec.py

@@ -199,10 +199,9 @@ class SymantecPlugin(Plugin):
 
     def check_compatible(self) -> None:
         for log_file in self.LOGS:
-            if self.target.fs.glob(log_file):
-                break
-        else:
-            raise UnsupportedPluginError("No Symantec SEP logs found")
+            if list(self.target.fs.glob(log_file)):
+                return
+        raise UnsupportedPluginError("No Symantec SEP logs found")
 
     def _fw_cell(self, line: list, cell_id: int) -> str:
         return line[cell_id].decode("utf-8")

dissect/target/plugins/os/unix/_os.py

@@ -11,6 +11,7 @@ from flow.record.fieldtypes import posix_path
 from dissect.target.filesystem import Filesystem
 from dissect.target.helpers.fsutil import TargetPath
 from dissect.target.helpers.record import UnixUserRecord
+from dissect.target.helpers.utils import parse_options_string
 from dissect.target.plugin import OperatingSystem, OSPlugin, arg, export
 from dissect.target.target import Target
 
@@ -177,33 +178,41 @@ class UnixPlugin(OSPlugin):
     def _add_mounts(self) -> None:
         fstab = self.target.fs.path("/etc/fstab")
 
-        volumes_to_mount = [v for v in self.target.volumes if v.fs]
-
-        for dev_id, volume_name, _, mount_point in parse_fstab(fstab, self.target.log):
-            for volume in volumes_to_mount:
+        for dev_id, volume_name, mount_point, _, options in parse_fstab(fstab, self.target.log):
+            opts = parse_options_string(options)
+            subvol = opts.get("subvol", None)
+            subvolid = opts.get("subvolid", None)
+            for fs in self.target.filesystems:
                 fs_id = None
+                fs_subvol = None
+                fs_subvolid = None
+                fs_volume_name = fs.volume.name if fs.volume and not isinstance(fs.volume, list) else None
                 last_mount = None
 
                 if dev_id:
-                    if volume.fs.__type__ == "xfs":
-                        fs_id = volume.fs.xfs.uuid
-                    elif volume.fs.__type__ == "ext":
-                        fs_id = volume.fs.extfs.uuid
-                        last_mount = volume.fs.extfs.last_mount
-                    elif volume.fs.__type__ == "fat":
-                        fs_id = volume.fs.fatfs.volume_id
+                    if fs.__type__ == "xfs":
+                        fs_id = fs.xfs.uuid
+                    elif fs.__type__ == "ext":
+                        fs_id = fs.extfs.uuid
+                        last_mount = fs.extfs.last_mount
+                    elif fs.__type__ == "btrfs":
+                        fs_id = fs.btrfs.uuid
+                        fs_subvol = fs.subvolume.path
+                        fs_subvolid = fs.subvolume.objectid
+                    elif fs.__type__ == "fat":
+                        fs_id = fs.fatfs.volume_id
                         # This normalizes fs_id to comply with libblkid generated UUIDs
                         # This is needed because FAT filesystems don't have a real UUID,
                         # but instead a volume_id which is not case-sensitive
                         fs_id = fs_id[:4].upper() + "-" + fs_id[4:].upper()
 
                 if (
-                    (fs_id and (fs_id == dev_id))
-                    or (volume.name and (volume.name == volume_name))
+                    (fs_id and (fs_id == dev_id and (subvol == fs_subvol or subvolid == fs_subvolid)))
+                    or (fs_volume_name and (fs_volume_name == volume_name))
                     or (last_mount and (last_mount == mount_point))
                 ):
-                    self.target.log.debug("Mounting %s at %s", volume, mount_point)
-                    self.target.fs.mount(mount_point, volume.fs)
+                    self.target.log.debug("Mounting %s (%s) at %s", fs, fs.volume, mount_point)
+                    self.target.fs.mount(mount_point, fs)
 
     def _parse_os_release(self, glob: Optional[str] = None) -> dict[str, str]:
         """Parse files containing Unix version information.
@@ -283,7 +292,7 @@ class UnixPlugin(OSPlugin):
 def parse_fstab(
     fstab: TargetPath,
     log: logging.Logger = log,
-) -> Iterator[tuple[Union[uuid.UUID, str], str, str, str]]:
+) -> Iterator[tuple[Union[uuid.UUID, str], str, str, str, str]]:
     """Parse fstab file and return a generator that streams the details of entries,
     with unsupported FS types and block devices filtered away.
     """
@@ -310,7 +319,7 @@ def parse_fstab(
         if len(entry_parts) != 6:
             continue
 
-        dev, mount_point, fs_type, _, _, _ = entry_parts
+        dev, mount_point, fs_type, options, _, _ = entry_parts
 
         if fs_type in SKIP_FS_TYPES:
             log.warning("Skipped FS type: %s, %s, %s", fs_type, dev, mount_point)
@@ -341,4 +350,4 @@ def parse_fstab(
             except ValueError:
                 pass
 
-        yield dev_id, volume_name, fs_type, mount_point
+        yield dev_id, volume_name, mount_point, fs_type, options

dissect/target/target.py

@@ -155,6 +155,7 @@ class Target:
         """Resolve all disks, volumes and filesystems and load an operating system on the current ``Target``."""
         self.disks.apply()
         self.volumes.apply()
+        self.filesystems.apply()
         self._init_os()
         self._applied = True
 
@@ -712,19 +713,12 @@ class DiskCollection(Collection[container.Container]):
 
 
 class VolumeCollection(Collection[volume.Volume]):
-    def open(self, vol: volume.Volume) -> None:
-        try:
-            if not hasattr(vol, "fs") or vol.fs is None:
-                vol.fs = filesystem.open(vol)
-                self.target.log.debug("Opened filesystem: %s on %s", vol.fs, vol)
-            self.target.filesystems.add(vol.fs)
-        except FilesystemError as e:
-            self.target.log.warning("Can't identify filesystem: %s", vol)
-            self.target.log.debug("", exc_info=e)
-
     def apply(self) -> None:
         # We don't want later additions to modify the todo, so make a copy
         todo = self.entries[:]
+        fs_volumes = []
+        lvm_volumes = []
+        encrypted_volumes = []
 
         while todo:
             new_volumes = []
@@ -751,19 +745,19 @@ class VolumeCollection(Collection[volume.Volume]):
                     if vol.offset == 0 and vol.vs and vol.vs.__type__ == "disk":
                         # We are going to re-open a volume system on itself, bail out
                         self.target.log.info("Found volume with offset 0, opening as raw volume instead")
-                        self.open(vol)
+                        fs_volumes.append(vol)
                         continue
 
                     try:
                         vs = volume.open(vol)
                     except Exception:
                         # If opening a volume system fails, there's likely none, so open as a filesystem instead
-                        self.open(vol)
+                        fs_volumes.append(vol)
                         continue
 
                     if not len(vs.volumes):
                         # We opened an empty volume system, discard
-                        self.open(vol)
+                        fs_volumes.append(vol)
                         continue
 
                     self.entries.extend(vs.volumes)
@@ -786,20 +780,30 @@ class VolumeCollection(Collection[volume.Volume]):
 
             todo = new_volumes
 
-        # ASDF - getting the correct starting system volume
-        start_fs = None
-        start_vol = None
-        for idx, vol in enumerate(self.entries):
-            if start_fs is None and (vol.name is None):
-                start_fs = idx
+        mv_fs_volumes = []
+        for vol in fs_volumes:
+            try:
+                if getattr(vol, "fs", None) is None:
+                    if filesystem.is_multi_volume_filesystem(vol):
+                        mv_fs_volumes.append(vol)
+                    else:
+                        vol.fs = filesystem.open(vol)
+                        self.target.log.debug("Opened filesystem: %s on %s", vol.fs, vol)
 
-            if start_vol is None and start_fs is not None and (vol.name is not None and vol.fs is None):
-                start_vol = idx
+                if getattr(vol, "fs", None) is not None:
+                    self.target.filesystems.add(vol.fs)
+            except FilesystemError as e:
+                self.target.log.warning("Can't identify filesystem: %s", vol)
+                self.target.log.debug("", exc_info=e)
 
-            if start_fs is not None and start_vol is not None and (vol.name is not None and vol.fs is None):
-                rel_vol = idx - start_vol
-                vol.fs = self.entries[start_fs + rel_vol].fs
+        for fs in filesystem.open_multi_volume(mv_fs_volumes):
+            self.target.filesystems.add(fs)
+            for vol in fs.volume:
+                vol.fs = fs
 
 
 class FilesystemCollection(Collection[filesystem.Filesystem]):
-    pass
+    def apply(self) -> None:
+        for fs in self.entries:
+            for subfs in fs.iter_subfs():
+                self.add(subfs)

dissect/target/tools/mount.py

@@ -3,6 +3,7 @@ import logging
 from typing import Union
 
 from dissect.target import Target, filesystem
+from dissect.target.helpers.utils import parse_options_string
 from dissect.target.tools.utils import (
     catch_sigpipe,
     configure_generic_arguments,
@@ -70,7 +71,7 @@ def main():
         vfs.mount(fname, fs)
 
     # This is kinda silly because fusepy will convert this back into string arguments
-    options = _parse_options(args.options) if args.options else {}
+    options = parse_options_string(args.options) if args.options else {}
 
     options["nothreads"] = True
     options["allow_other"] = True
@@ -83,17 +84,6 @@ def main():
         parser.exit("FUSE error")
 
 
-def _parse_options(options: str) -> dict[str, Union[str, bool]]:
-    result = {}
-    for opt in options.split(","):
-        if "=" in opt:
-            key, _, value = opt.partition("=")
-            result[key] = value
-        else:
-            result[opt] = True
-    return result
-
-
 def _format_options(options: dict[str, Union[str, bool]]) -> str:
     return ",".join([key if value is True else f"{key}={value}" for key, value in options.items()])
 

{dissect.target-3.14.dev8.dist-info → dissect.target-3.14.dev10.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.14.dev8
+Version: 3.14.dev10
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3
@@ -38,6 +38,7 @@ Requires-Dist: dissect.target[full] ; extra == 'cb'
 Requires-Dist: carbon-black-cloud-sdk-python ~=1.4.3 ; extra == 'cb'
 Provides-Extra: full
 Requires-Dist: asn1crypto ; extra == 'full'
+Requires-Dist: dissect.btrfs <2.0.dev,>=1.0.dev ; extra == 'full'
 Requires-Dist: dissect.cim <4.0.dev,>=3.0.dev ; extra == 'full'
 Requires-Dist: dissect.clfs <2.0.dev,>=1.0.dev ; extra == 'full'
 Requires-Dist: dissect.esedb <4.0.dev,>=3.0.dev ; extra == 'full'

{dissect.target-3.14.dev8.dist-info → dissect.target-3.14.dev10.dist-info}/RECORD

@@ -1,11 +1,11 @@
 dissect/target/__init__.py,sha256=Oc7ounTgq2hE4nR6YcNabetc7SQA40ldSa35VEdZcQU,63
 dissect/target/container.py,sha256=9ixufT1_0WhraqttBWwQjG80caToJqvCX8VjFk8d5F0,9307
 dissect/target/exceptions.py,sha256=VVW_Rq_vQinapz-2mbJ3UkxBEZpb2pE_7JlhMukdtrY,2877
-dissect/target/filesystem.py,sha256=iENm42dxq3H-AlI3LN5qFud14P0FcR5ANTGPS5LDhCI,50857
+dissect/target/filesystem.py,sha256=_7hxYD34P5Dxnc7WZZsAHvQcF8KxGUJfGgc1gCyQZA8,53412
 dissect/target/loader.py,sha256=4ZdX-QJY83NPswTyNG31LUwYXdV1tuByrR2vKKg7d5k,7214
 dissect/target/plugin.py,sha256=7Gss9pofcWKemwwfeAJ7E6nmJSNnZkBkxTcxUY2wzmk,40526
 dissect/target/report.py,sha256=06uiP4MbNI8cWMVrC1SasNS-Yg6ptjVjckwj8Yhe0Js,7958
-dissect/target/target.py,sha256=tvMIHh-lWhXK_7_PHCs6Bu-tJEopdjDtPR0WyAMayqM,31348
+dissect/target/target.py,sha256=zARjjT1tSMW4opble1KfDIISt3pcxPa50cTwhWC_90c,31431
 dissect/target/volume.py,sha256=aQZAJiny8jjwkc9UtwIRwy7nINXjCxwpO-_UDfh6-BA,15801
 dissect/target/containers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/containers/asdf.py,sha256=DJp0QEFwUjy2MFwKYcYqIR_BS1fQT1Yi9Kcmqt0aChM,1366
@@ -22,6 +22,7 @@ dissect/target/containers/vmdk.py,sha256=5fQGkJy4esXONXrKLbhpkQDt8Fwx19YENK2mOm7
 dissect/target/data/autocompletion/target_bash_completion.sh,sha256=wrOQ_ED-h8WFcjCmY6n4qKl84tWJv9l8ShFHDfJqJyA,3592
 dissect/target/filesystems/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/filesystems/ad1.py,sha256=nEPzaaRsb6bL4ItFo0uLdmdLvrmK9BjqHeD3FOp3WQI,2413
+dissect/target/filesystems/btrfs.py,sha256=X8HUZJHzArpo04v_A42LM4SQIfQt07TZJJNsYiSvXOE,6247
 dissect/target/filesystems/cb.py,sha256=kFyZ7oFMkICSEGGFna2vhKnZx9KQKZ2ZSG_ckEWTIBE,5329
 dissect/target/filesystems/config.py,sha256=Xih61MoEup1rCwQu66SezmTDG4XLOn1hC8ECn_WxX7I,5949
 dissect/target/filesystems/dir.py,sha256=1RVT0-lomceRLQG5sXHpiyii4Vu7S1MGeQSyT-7BCPY,3851
@@ -56,7 +57,7 @@ dissect/target/helpers/regutil.py,sha256=kX-sSZbW8Qkg29Dn_9zYbaQrwLumrr4Y8zJ1EhH
 dissect/target/helpers/shell_folder_ids.py,sha256=Behhb8oh0kMxrEk6YYKYigCDZe8Hw5QS6iK_d2hTs2Y,24978
 dissect/target/helpers/ssh.py,sha256=LPssHXyfL8QYmLi2vpa3wElsGboLG_A1Y8kvOehpUr4,6338
 dissect/target/helpers/targetd.py,sha256=ELhUulzQ4OgXgHsWhsLgM14vut8Wm6btr7qTynlwKaE,1812
-dissect/target/helpers/utils.py,sha256=0v0HkVKzzYvUVMuMWF0rifXS-k9PomJU-DKAZTCiQzA,3636
+dissect/target/helpers/utils.py,sha256=r36Bn0UL0E6Z8ajmQrHzC6RyUxTRdwJ1PNsd904Lmzs,4027
 dissect/target/helpers/data/windowsZones.xml,sha256=4OijeR7oxI0ZwPTSwCkmtcofOsUCjSnbZ4dQxVOM_4o,50005
 dissect/target/loaders/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/loaders/ad1.py,sha256=k0bkY0L6NKuQBboua-jM_KgeyIcXAo59NjExDZHMy0o,572
@@ -96,7 +97,7 @@ dissect/target/plugins/apps/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMp
 dissect/target/plugins/apps/av/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/av/mcafee.py,sha256=4lro9iwcL2Vl9Lyy69Sk1D9JWSRTXv5yjpV6NJbbZXE,5409
 dissect/target/plugins/apps/av/sophos.py,sha256=6a4N44VPwrXucGcTspwkCEhKPw5cfmqi-AQrXXDBKps,4140
-dissect/target/plugins/apps/av/symantec.py,sha256=MTs9wL0byS_GDq5JVbE4sWpoAOQMVUwxNSBvphXgdfw,14120
+dissect/target/plugins/apps/av/symantec.py,sha256=RFLyNW6FyuoGcirJ4xHbQM8oGjua9W4zXmC7YDF-H20,14109
 dissect/target/plugins/apps/av/trendmicro.py,sha256=SDSFcjbabP3IORuVovoZNxTEpMw_rPxbm_JQ5Yg9xeQ,4649
 dissect/target/plugins/apps/browser/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/browser/browser.py,sha256=LpGs4IXpO5t7A3QDxP3zv5Cb0DQXwh3h1vcBKAWT2HY,2187
@@ -159,7 +160,7 @@ dissect/target/plugins/general/scrape.py,sha256=Fz7BNXflvuxlnVulyyDhLpyU8D_hJdH6
 dissect/target/plugins/general/users.py,sha256=IOqopQ9Y7CKGkALRUr16y8DwxsidYC5tcPErGZCXxyA,2845
 dissect/target/plugins/os/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/os/unix/_os.py,sha256=7EMlRzSvziov2DnkTiFj07VzQLmgmop6JeTj0xolIKA,12840
+dissect/target/plugins/os/unix/_os.py,sha256=33xAyHYG5vqpMupoIk_vbwsxAXBBRV1hqwkOOU5Gvg8,13409
 dissect/target/plugins/os/unix/cronjobs.py,sha256=tVRnUxN0w2IqhOKs68hNeovRUu_ag0W35j9PziPprgQ,3508
 dissect/target/plugins/os/unix/datetime.py,sha256=gKfBdPyUirt3qmVYfOJ1oZXRPn8wRzssbZxR_ARrtk8,1518
 dissect/target/plugins/os/unix/etc.py,sha256=HoPEC1hxqurSnAXQAK-jf_HxdBIDe-1z_qSw_n-ViI4,258
@@ -286,7 +287,7 @@ dissect/target/tools/dd.py,sha256=Nlh2CFOCV0ksxyedFp7BuyoQ3tBFi6rK6UO0_k5GR_8,17
 dissect/target/tools/fs.py,sha256=IL71ntXA_oS92l0NPpqyOVrHOZ-bf3qag1amZzAaeHc,3548
 dissect/target/tools/info.py,sha256=LcR0WLBo2w0QiOmM0llQfcF0a_hfrqImbJ_QNW1mtbo,5174
 dissect/target/tools/logging.py,sha256=5ZnumtMWLyslxfrUGZ4ntRyf3obOOhmn8SBjKfdLcEg,4174
-dissect/target/tools/mount.py,sha256=jZn5U4CqabxDSu8q8tGggHvZl7eLUateywFJDpcpkAU,2796
+dissect/target/tools/mount.py,sha256=m6Ise8H82jgIW2FN0hXKO4l9t3emKiOi55O4LyEqvxk,2581
 dissect/target/tools/query.py,sha256=qbQI2kAeFP0_1CxT3UbTIZZ1EZIhotD0rRNXqihZcy4,14926
 dissect/target/tools/reg.py,sha256=ZB5WDmKfiDvs988kHZVyzF-RIoDLXcXuvdLjuEYvDi4,2181
 dissect/target/tools/shell.py,sha256=zgabhrXMBFA36g7Rc-8VkF5BL6xc4148vblYnjfI88I,42281
@@ -303,10 +304,10 @@ dissect/target/volumes/luks.py,sha256=v_mHW05KM5iG8JDe47i2V4Q9O0r4rnAMA9m_qc9cYw
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.14.dev8.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.14.dev8.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.14.dev8.dist-info/METADATA,sha256=yZF0uFs7bUJukmL46OHuJvl7HliEDAszKA4x3O-2iRg,10975
-dissect.target-3.14.dev8.dist-info/WHEEL,sha256=Xo9-1PvkuimrydujYJAjF7pCkriuXBpUPEjma1nZyJ0,92
-dissect.target-3.14.dev8.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
-dissect.target-3.14.dev8.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.14.dev8.dist-info/RECORD,,
+dissect.target-3.14.dev10.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.14.dev10.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.14.dev10.dist-info/METADATA,sha256=k9I3m8_nSD3iQchZl7cyxC4H3_Hu6EFQAoszbRjdevg,11042
+dissect.target-3.14.dev10.dist-info/WHEEL,sha256=Xo9-1PvkuimrydujYJAjF7pCkriuXBpUPEjma1nZyJ0,92
+dissect.target-3.14.dev10.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
+dissect.target-3.14.dev10.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.14.dev10.dist-info/RECORD,,