dissect.target 3.17.dev33__py3-none-any.whl → 3.17.dev34__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of dissect.target might be problematic. Click here for more details.

Files changed (9) hide show
  1. dissect/target/loaders/dir.py +23 -5
  2. dissect/target/loaders/velociraptor.py +5 -4
  3. {dissect.target-3.17.dev33.dist-info → dissect.target-3.17.dev34.dist-info}/METADATA +1 -1
  4. {dissect.target-3.17.dev33.dist-info → dissect.target-3.17.dev34.dist-info}/RECORD +9 -9
  5. {dissect.target-3.17.dev33.dist-info → dissect.target-3.17.dev34.dist-info}/COPYRIGHT +0 -0
  6. {dissect.target-3.17.dev33.dist-info → dissect.target-3.17.dev34.dist-info}/LICENSE +0 -0
  7. {dissect.target-3.17.dev33.dist-info → dissect.target-3.17.dev34.dist-info}/WHEEL +0 -0
  8. {dissect.target-3.17.dev33.dist-info → dissect.target-3.17.dev34.dist-info}/entry_points.txt +0 -0
  9. {dissect.target-3.17.dev33.dist-info → dissect.target-3.17.dev34.dist-info}/top_level.txt +0 -0
dissect/target/loaders/dir.py CHANGED
@@ -1,9 +1,11 @@
1
1
  from __future__ import annotations
2
2
 
3
3
  import zipfile
4
+ from collections import defaultdict
4
5
  from pathlib import Path
5
6
  from typing import TYPE_CHECKING
6
7
 
8
+ from dissect.target.filesystem import LayerFilesystem
7
9
  from dissect.target.filesystems.dir import DirectoryFilesystem
8
10
  from dissect.target.filesystems.zip import ZipFilesystem
9
11
  from dissect.target.helpers import loaderutil
@@ -48,6 +50,7 @@ def map_dirs(target: Target, dirs: list[Path | tuple[str, Path]], os_type: str,
48
50
  alt_separator = "\\"
49
51
  case_sensitive = False
50
52
 
53
+ drive_letter_map = defaultdict(list)
51
54
  for path in dirs:
52
55
  drive_letter = None
53
56
  if isinstance(path, tuple):
@@ -59,13 +62,28 @@ def map_dirs(target: Target, dirs: list[Path | tuple[str, Path]], os_type: str,
59
62
  dfs = ZipFilesystem(path.root.fp, path.at, alt_separator=alt_separator, case_sensitive=case_sensitive)
60
63
  else:
61
64
  dfs = DirectoryFilesystem(path, alt_separator=alt_separator, case_sensitive=case_sensitive)
62
- target.filesystems.add(dfs)
63
65
 
64
- if os_type == OperatingSystem.WINDOWS:
65
- loaderutil.add_virtual_ntfs_filesystem(target, dfs, **kwargs)
66
+ drive_letter_map[drive_letter].append(dfs)
67
+
68
+ fs_to_add = []
69
+ for drive_letter, dfs in drive_letter_map.items():
70
+ if drive_letter is not None:
71
+ if len(dfs) > 1:
72
+ vfs = LayerFilesystem()
73
+ for fs in dfs:
74
+ vfs.append_fs_layer(fs)
75
+ else:
76
+ vfs = dfs[0]
66
77
 
67
- if drive_letter is not None:
68
- target.fs.mount(drive_letter.lower() + ":", dfs)
78
+ fs_to_add.append(vfs)
79
+ target.fs.mount(drive_letter.lower() + ":", vfs)
80
+ else:
81
+ fs_to_add.extend(dfs)
82
+
83
+ for fs in fs_to_add:
84
+ target.filesystems.add(fs)
85
+ if os_type == OperatingSystem.WINDOWS:
86
+ loaderutil.add_virtual_ntfs_filesystem(target, fs, **kwargs)
69
87
 
70
88
 
71
89
  def find_and_map_dirs(target: Target, path: Path, **kwargs) -> None:
dissect/target/loaders/velociraptor.py CHANGED
@@ -61,6 +61,10 @@ def extract_drive_letter(name: str) -> Optional[str]:
61
61
  if len(name) == 14 and name.startswith("%5C%5C.%5C") and name.endswith("%3A"):
62
62
  return name[10].lower()
63
63
 
64
+ # X: in URL encoding
65
+ if len(name) == 4 and name.endswith("%3A"):
66
+ return name[0].lower()
67
+
64
68
 
65
69
  class VelociraptorLoader(DirLoader):
66
70
  """Load Rapid7 Velociraptor forensic image files.
@@ -71,10 +75,7 @@ class VelociraptorLoader(DirLoader):
71
75
  {"Generic.Collectors.File":{"Root":"/","collectionSpec":"Glob\\netc/**\\nvar/log/**"}}
72
76
 
73
77
  Generic.Collectors.File (Windows) and Windows.KapeFiles.Targets (Windows) uses the accessors mft, ntfs, lazy_ntfs,
74
- ntfs_vss and auto. The loader only supports a collection where a single accessor is used, which can be forced by
75
- using the following configuration::
76
-
77
- {"Windows.KapeFiles.Targets":{"VSSAnalysisAge":"1000","_SANS_Triage":"Y"}}
78
+ ntfs_vss and auto. The loader supports a collection where multiple accessors were used.
78
79
 
79
80
  References:
80
81
  - https://www.rapid7.com/products/velociraptor/
{dissect.target-3.17.dev33.dist-info → dissect.target-3.17.dev34.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: dissect.target
3
- Version: 3.17.dev33
3
+ Version: 3.17.dev34
4
4
  Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{dissect.target-3.17.dev33.dist-info → dissect.target-3.17.dev34.dist-info}/RECORD RENAMED
@@ -80,7 +80,7 @@ dissect/target/loaders/ad1.py,sha256=1_VmPZckDzXVvNF-HNtoUZqabnhCKBLUD3vVaitHQ00
80
80
  dissect/target/loaders/asdf.py,sha256=dvPPDBrnz2JPXpCbqsu-NgQWIdVGMOit2KAdhIO1iiQ,972
81
81
  dissect/target/loaders/cb.py,sha256=EGhdytBKBdofTd89juavDZZbmupEZmMBadeUXvVIK20,6612
82
82
  dissect/target/loaders/cyber.py,sha256=Ip2hI7L98ZP7gUZuHQr0GxBdmbTzD-PntXmLJ5KpBuQ,1533
83
- dissect/target/loaders/dir.py,sha256=Q5oVS48SuI0vA_QKgzWBiAFsQ4aQaW3tr-701vLk3AQ,5245
83
+ dissect/target/loaders/dir.py,sha256=F-PgvBw82XmL0rdKyBxznUkDc5Oct6-_Y9xM4fhvA6I,5791
84
84
  dissect/target/loaders/hyperv.py,sha256=_IOUJEO0BXaCBZ6sjIX0DZTkG9UNW5Vs9VcNHYv073w,5928
85
85
  dissect/target/loaders/itunes.py,sha256=rKOhlDRypQBGkuSZudMDS1Mlb9XV6BD5FRvM7tGq9jU,13128
86
86
  dissect/target/loaders/kape.py,sha256=t5TfrGLqPeIpUUpXzIl6aHsqXMEGDqJ5YwDCs07DiBA,1237
@@ -106,7 +106,7 @@ dissect/target/loaders/targetd.py,sha256=sfbn2_j3il2G-rPywAoNT5YPtD5KmKkmBv1zrPD
106
106
  dissect/target/loaders/utm.py,sha256=e5x5ZI3HeL0STh4S-CaQb68Rnug4SVZR9zlmHaGFj0M,978
107
107
  dissect/target/loaders/vb.py,sha256=CdimOMeoJEDq8xYDgtldGSiwhR-dY5uxac1L0sYwAEU,2078
108
108
  dissect/target/loaders/vbox.py,sha256=8JD7D8iAY9JRvTHsrosp5ZMsZezuLhZ10Zt8sEL7KBI,732
109
- dissect/target/loaders/velociraptor.py,sha256=FNxZgs_ehmgGO_Giw5oNl7cVOWNqI2nEiPWT4GjF2e0,4955
109
+ dissect/target/loaders/velociraptor.py,sha256=bMrmJsyrYFVr5loRbIttpLgddtX94d65UH_BM-PuIXQ,4911
110
110
  dissect/target/loaders/vma.py,sha256=AAY5-s-nz6wgvmcFkptJD7nNXhpkdf6SqEKVOrJaIKs,644
111
111
  dissect/target/loaders/vmwarevm.py,sha256=1MlKoIuWSwpYmpuLxDuVacvaYHUhAGO1KgZxzrc4fyg,428
112
112
  dissect/target/loaders/vmx.py,sha256=o1rYYKu6ReleqqHf2aeRcNrmoRcngWZNhz1h7GlmggQ,962
@@ -339,10 +339,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
339
339
  dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
340
340
  dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
341
341
  dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
342
- dissect.target-3.17.dev33.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
343
- dissect.target-3.17.dev33.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
344
- dissect.target-3.17.dev33.dist-info/METADATA,sha256=O6Od8zLhbjTimLupfsgID3ll7FFs13NO3G6boYbvr4w,11300
345
- dissect.target-3.17.dev33.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
346
- dissect.target-3.17.dev33.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
347
- dissect.target-3.17.dev33.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
348
- dissect.target-3.17.dev33.dist-info/RECORD,,
342
+ dissect.target-3.17.dev34.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
343
+ dissect.target-3.17.dev34.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
344
+ dissect.target-3.17.dev34.dist-info/METADATA,sha256=dCuOpFpGY7DjCc27MwZjfgtTnPx1iobAUR1GrzbpOZI,11300
345
+ dissect.target-3.17.dev34.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
346
+ dissect.target-3.17.dev34.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
347
+ dissect.target-3.17.dev34.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
348
+ dissect.target-3.17.dev34.dist-info/RECORD,,