dissect.target 3.15.dev8__py3-none-any.whl → 3.15.dev10__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- dissect/target/loaders/velociraptor.py +12 -3
- {dissect.target-3.15.dev8.dist-info → dissect.target-3.15.dev10.dist-info}/METADATA +1 -1
- {dissect.target-3.15.dev8.dist-info → dissect.target-3.15.dev10.dist-info}/RECORD +8 -8
- {dissect.target-3.15.dev8.dist-info → dissect.target-3.15.dev10.dist-info}/COPYRIGHT +0 -0
- {dissect.target-3.15.dev8.dist-info → dissect.target-3.15.dev10.dist-info}/LICENSE +0 -0
- {dissect.target-3.15.dev8.dist-info → dissect.target-3.15.dev10.dist-info}/WHEEL +0 -0
- {dissect.target-3.15.dev8.dist-info → dissect.target-3.15.dev10.dist-info}/entry_points.txt +0 -0
- {dissect.target-3.15.dev8.dist-info → dissect.target-3.15.dev10.dist-info}/top_level.txt +0 -0
|
@@ -22,7 +22,8 @@ def find_fs_directories(path: Path) -> tuple[Optional[OperatingSystem], Optional
|
|
|
22
22
|
# As of Velociraptor version 0.7.0 the structure of the Velociraptor Offline Collector varies by operating system.
|
|
23
23
|
# Generic.Collectors.File (Unix) uses the accessors file and auto.
|
|
24
24
|
# Generic.Collectors.File (Windows) and Windows.KapeFiles.Targets (Windows) uses the accessors
|
|
25
|
-
# mft, ntfs, lazy_ntfs, ntfs_vss and auto.
|
|
25
|
+
# mft, ntfs, lazy_ntfs, ntfs_vss and auto. The loader only supports a collection where a single accessor is used.
|
|
26
|
+
# For Windows usage of the ntfs_vss accessor can be forced by configuring VSSAnalysisAge to be greater than 0.
|
|
26
27
|
|
|
27
28
|
fs_root = path.joinpath(FILESYSTEMS_ROOT)
|
|
28
29
|
|
|
@@ -36,14 +37,22 @@ def find_fs_directories(path: Path) -> tuple[Optional[OperatingSystem], Optional
|
|
|
36
37
|
|
|
37
38
|
# Windows
|
|
38
39
|
volumes = set()
|
|
40
|
+
vss_volumes = set()
|
|
39
41
|
for accessor in WINDOWS_ACCESSORS:
|
|
40
42
|
accessor_root = fs_root.joinpath(accessor)
|
|
41
43
|
if accessor_root.exists():
|
|
42
44
|
# If the accessor directory exists, assume all the subdirectories are volumes
|
|
43
|
-
|
|
45
|
+
for volume in accessor_root.iterdir():
|
|
46
|
+
# https://github.com/Velocidex/velociraptor/blob/87368e7cc678144592a1614bb3bbd0a0f900ded9/accessors/ntfs/vss.go#L82
|
|
47
|
+
if "HarddiskVolumeShadowCopy" in volume.name:
|
|
48
|
+
vss_volumes.add(volume)
|
|
49
|
+
else:
|
|
50
|
+
volumes.add(volume)
|
|
44
51
|
|
|
45
52
|
if volumes:
|
|
46
|
-
|
|
53
|
+
# The volumes that represent drives (C, D) are mounted first,
|
|
54
|
+
# otherwise one of the volume shadow copies could be detected as the root filesystem which results in errors.
|
|
55
|
+
return OperatingSystem.WINDOWS, list(volumes) + list(vss_volumes)
|
|
47
56
|
|
|
48
57
|
return None, None
|
|
49
58
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: dissect.target
|
|
3
|
-
Version: 3.15.
|
|
3
|
+
Version: 3.15.dev10
|
|
4
4
|
Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
|
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
|
6
6
|
License: Affero General Public License v3
|
|
@@ -88,7 +88,7 @@ dissect/target/loaders/targetd.py,sha256=sfbn2_j3il2G-rPywAoNT5YPtD5KmKkmBv1zrPD
|
|
|
88
88
|
dissect/target/loaders/utm.py,sha256=e5x5ZI3HeL0STh4S-CaQb68Rnug4SVZR9zlmHaGFj0M,978
|
|
89
89
|
dissect/target/loaders/vb.py,sha256=CnQcn7bAkMzIB1y-lWLtPPXdIVsyeDaT6hTZEurjkV4,2072
|
|
90
90
|
dissect/target/loaders/vbox.py,sha256=8JD7D8iAY9JRvTHsrosp5ZMsZezuLhZ10Zt8sEL7KBI,732
|
|
91
|
-
dissect/target/loaders/velociraptor.py,sha256=
|
|
91
|
+
dissect/target/loaders/velociraptor.py,sha256=tikJEVCUDloWJNd5J3jJjNcVkOp-OnEe1O79DY2WLWw,4372
|
|
92
92
|
dissect/target/loaders/vma.py,sha256=AAY5-s-nz6wgvmcFkptJD7nNXhpkdf6SqEKVOrJaIKs,644
|
|
93
93
|
dissect/target/loaders/vmwarevm.py,sha256=1MlKoIuWSwpYmpuLxDuVacvaYHUhAGO1KgZxzrc4fyg,428
|
|
94
94
|
dissect/target/loaders/vmx.py,sha256=o1rYYKu6ReleqqHf2aeRcNrmoRcngWZNhz1h7GlmggQ,962
|
|
@@ -305,10 +305,10 @@ dissect/target/volumes/luks.py,sha256=v_mHW05KM5iG8JDe47i2V4Q9O0r4rnAMA9m_qc9cYw
|
|
|
305
305
|
dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
|
|
306
306
|
dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
|
|
307
307
|
dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
|
|
308
|
-
dissect.target-3.15.
|
|
309
|
-
dissect.target-3.15.
|
|
310
|
-
dissect.target-3.15.
|
|
311
|
-
dissect.target-3.15.
|
|
312
|
-
dissect.target-3.15.
|
|
313
|
-
dissect.target-3.15.
|
|
314
|
-
dissect.target-3.15.
|
|
308
|
+
dissect.target-3.15.dev10.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
|
|
309
|
+
dissect.target-3.15.dev10.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
|
|
310
|
+
dissect.target-3.15.dev10.dist-info/METADATA,sha256=ejmdkEyrDCTWqaIq7QC0dXgbPUIA5S-fNopxO72qcII,11107
|
|
311
|
+
dissect.target-3.15.dev10.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
|
|
312
|
+
dissect.target-3.15.dev10.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
|
|
313
|
+
dissect.target-3.15.dev10.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
|
|
314
|
+
dissect.target-3.15.dev10.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|