dissect.target 3.17.dev33__py3-none-any.whl → 3.17.dev34__py3-none-any.whl

dissect/target/loaders/dir.py

@@ -1,9 +1,11 @@
 from __future__ import annotations
 
 import zipfile
+from collections import defaultdict
 from pathlib import Path
 from typing import TYPE_CHECKING
 
+from dissect.target.filesystem import LayerFilesystem
 from dissect.target.filesystems.dir import DirectoryFilesystem
 from dissect.target.filesystems.zip import ZipFilesystem
 from dissect.target.helpers import loaderutil
@@ -48,6 +50,7 @@ def map_dirs(target: Target, dirs: list[Path | tuple[str, Path]], os_type: str,
         alt_separator = "\\"
         case_sensitive = False
 
+    drive_letter_map = defaultdict(list)
     for path in dirs:
         drive_letter = None
         if isinstance(path, tuple):
@@ -59,13 +62,28 @@ def map_dirs(target: Target, dirs: list[Path | tuple[str, Path]], os_type: str,
             dfs = ZipFilesystem(path.root.fp, path.at, alt_separator=alt_separator, case_sensitive=case_sensitive)
         else:
             dfs = DirectoryFilesystem(path, alt_separator=alt_separator, case_sensitive=case_sensitive)
-        target.filesystems.add(dfs)
 
-        if os_type == OperatingSystem.WINDOWS:
-            loaderutil.add_virtual_ntfs_filesystem(target, dfs, **kwargs)
+        drive_letter_map[drive_letter].append(dfs)
+
+    fs_to_add = []
+    for drive_letter, dfs in drive_letter_map.items():
+        if drive_letter is not None:
+            if len(dfs) > 1:
+                vfs = LayerFilesystem()
+                for fs in dfs:
+                    vfs.append_fs_layer(fs)
+            else:
+                vfs = dfs[0]
 
-            if drive_letter is not None:
-                target.fs.mount(drive_letter.lower() + ":", dfs)
+            fs_to_add.append(vfs)
+            target.fs.mount(drive_letter.lower() + ":", vfs)
+        else:
+            fs_to_add.extend(dfs)
+
+    for fs in fs_to_add:
+        target.filesystems.add(fs)
+        if os_type == OperatingSystem.WINDOWS:
+            loaderutil.add_virtual_ntfs_filesystem(target, fs, **kwargs)
 
 
 def find_and_map_dirs(target: Target, path: Path, **kwargs) -> None:

dissect/target/loaders/velociraptor.py

@@ -61,6 +61,10 @@ def extract_drive_letter(name: str) -> Optional[str]:
     if len(name) == 14 and name.startswith("%5C%5C.%5C") and name.endswith("%3A"):
         return name[10].lower()
 
+    # X: in URL encoding
+    if len(name) == 4 and name.endswith("%3A"):
+        return name[0].lower()
+
 
 class VelociraptorLoader(DirLoader):
     """Load Rapid7 Velociraptor forensic image files.
@@ -71,10 +75,7 @@ class VelociraptorLoader(DirLoader):
         {"Generic.Collectors.File":{"Root":"/","collectionSpec":"Glob\\netc/**\\nvar/log/**"}}
 
     Generic.Collectors.File (Windows) and Windows.KapeFiles.Targets (Windows) uses the accessors mft, ntfs, lazy_ntfs,
-    ntfs_vss and auto. The loader only supports a collection where a single accessor is used, which can be forced by
-    using the following configuration::
-
-        {"Windows.KapeFiles.Targets":{"VSSAnalysisAge":"1000","_SANS_Triage":"Y"}}
+    ntfs_vss and auto. The loader supports a collection where multiple accessors were used.
 
     References:
         - https://www.rapid7.com/products/velociraptor/

{dissect.target-3.17.dev33.dist-info → dissect.target-3.17.dev34.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.17.dev33
+Version: 3.17.dev34
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.17.dev33.dist-info → dissect.target-3.17.dev34.dist-info}/RECORD

@@ -80,7 +80,7 @@ dissect/target/loaders/ad1.py,sha256=1_VmPZckDzXVvNF-HNtoUZqabnhCKBLUD3vVaitHQ00
 dissect/target/loaders/asdf.py,sha256=dvPPDBrnz2JPXpCbqsu-NgQWIdVGMOit2KAdhIO1iiQ,972
 dissect/target/loaders/cb.py,sha256=EGhdytBKBdofTd89juavDZZbmupEZmMBadeUXvVIK20,6612
 dissect/target/loaders/cyber.py,sha256=Ip2hI7L98ZP7gUZuHQr0GxBdmbTzD-PntXmLJ5KpBuQ,1533
-dissect/target/loaders/dir.py,sha256=Q5oVS48SuI0vA_QKgzWBiAFsQ4aQaW3tr-701vLk3AQ,5245
+dissect/target/loaders/dir.py,sha256=F-PgvBw82XmL0rdKyBxznUkDc5Oct6-_Y9xM4fhvA6I,5791
 dissect/target/loaders/hyperv.py,sha256=_IOUJEO0BXaCBZ6sjIX0DZTkG9UNW5Vs9VcNHYv073w,5928
 dissect/target/loaders/itunes.py,sha256=rKOhlDRypQBGkuSZudMDS1Mlb9XV6BD5FRvM7tGq9jU,13128
 dissect/target/loaders/kape.py,sha256=t5TfrGLqPeIpUUpXzIl6aHsqXMEGDqJ5YwDCs07DiBA,1237
@@ -106,7 +106,7 @@ dissect/target/loaders/targetd.py,sha256=sfbn2_j3il2G-rPywAoNT5YPtD5KmKkmBv1zrPD
 dissect/target/loaders/utm.py,sha256=e5x5ZI3HeL0STh4S-CaQb68Rnug4SVZR9zlmHaGFj0M,978
 dissect/target/loaders/vb.py,sha256=CdimOMeoJEDq8xYDgtldGSiwhR-dY5uxac1L0sYwAEU,2078
 dissect/target/loaders/vbox.py,sha256=8JD7D8iAY9JRvTHsrosp5ZMsZezuLhZ10Zt8sEL7KBI,732
-dissect/target/loaders/velociraptor.py,sha256=FNxZgs_ehmgGO_Giw5oNl7cVOWNqI2nEiPWT4GjF2e0,4955
+dissect/target/loaders/velociraptor.py,sha256=bMrmJsyrYFVr5loRbIttpLgddtX94d65UH_BM-PuIXQ,4911
 dissect/target/loaders/vma.py,sha256=AAY5-s-nz6wgvmcFkptJD7nNXhpkdf6SqEKVOrJaIKs,644
 dissect/target/loaders/vmwarevm.py,sha256=1MlKoIuWSwpYmpuLxDuVacvaYHUhAGO1KgZxzrc4fyg,428
 dissect/target/loaders/vmx.py,sha256=o1rYYKu6ReleqqHf2aeRcNrmoRcngWZNhz1h7GlmggQ,962
@@ -339,10 +339,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.17.dev33.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.17.dev33.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.17.dev33.dist-info/METADATA,sha256=O6Od8zLhbjTimLupfsgID3ll7FFs13NO3G6boYbvr4w,11300
-dissect.target-3.17.dev33.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-dissect.target-3.17.dev33.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
-dissect.target-3.17.dev33.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.17.dev33.dist-info/RECORD,,
+dissect.target-3.17.dev34.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.17.dev34.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.17.dev34.dist-info/METADATA,sha256=dCuOpFpGY7DjCc27MwZjfgtTnPx1iobAUR1GrzbpOZI,11300
+dissect.target-3.17.dev34.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+dissect.target-3.17.dev34.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
+dissect.target-3.17.dev34.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.17.dev34.dist-info/RECORD,,