PyPI - dissect.target - Versions diffs - 3.20.dev12__py3-none-any.whl → 3.20.dev14__py3-none-any.whl - Mend

dissect.target 3.20.dev12py3-none-any.whl → 3.20.dev14py3-none-any.whl

Files changed (9) hide show

dissect/target/plugins/filesystem/ntfs/mft.py CHANGED Viewed

@@ -105,6 +105,7 @@ FilesystemMACBRecord = TargetRecordDescriptor(
         ("filesize", "filesize"),
         ("boolean", "resident"),
         ("boolean", "inuse"),
+        ("boolean", "ads"),
         ("string", "volume_uuid"),
     ],
 )
@@ -151,7 +152,7 @@ class MftPlugin(Plugin):
         "--macb",
         group="fmt",
         action="store_true",
-        help="compacts the MFT entry timestamps into aggregated records with MACB bitfield",
+        help="compacts MFT timestamps into MACB bitfield (format: MACB[standard|ads]/MACB[filename])",
     )
     def mft(
         self, compact: bool = False, fs: int | None = None, start: int = 0, end: int = -1, macb: bool = False
@@ -342,12 +343,13 @@ def macb_aggr(records: list[Record]) -> Iterator[Record]:
     for record in records:
         found = False
-        offset_std = int(record._desc.name == "filesystem/ntfs/mft/std") * 5
-        offset_ads = (int(record.ads) * 10) if offset_std == 0 else 0
+        offset = 0
+        if not getattr(record, "ads", False):
+            offset = int(record._desc.name == "filesystem/ntfs/mft/filename") * 5
-        field = "MACB".find(record.ts_type) + offset_std + offset_ads
+        field = "MACB".find(record.ts_type) + offset
         for macb in macbs:
-            if macb.ts == record.ts:
+            if macb.ts == record.ts and macb.path == record.path:
                 macb.macb = macb_set(macb.macb, field, record.ts_type)
                 found = True
                 break
@@ -356,7 +358,7 @@ def macb_aggr(records: list[Record]) -> Iterator[Record]:
             continue
         macb = FilesystemMACBRecord.init_from_record(record)
-        macb.macb = "..../..../...."
+        macb.macb = "..../...."
         macb.macb = macb_set(macb.macb, field, record.ts_type)
         macbs.append(macb)

dissect/target/plugins/os/unix/bsd/osx/_os.py CHANGED Viewed

@@ -3,6 +3,8 @@ from __future__ import annotations
 import plistlib
 from typing import Iterator, Optional
+from flow.record.fieldtypes import posix_path
 from dissect.target.filesystem import Filesystem
 from dissect.target.helpers.record import UnixUserRecord
 from dissect.target.plugin import OperatingSystem, export
@@ -71,7 +73,7 @@ class MacPlugin(BsdPlugin):
                         uid=user.get("uid", [None])[0],
                         gid=user.get("gid", [None])[0],
                         gecos=user.get("realname", [None])[0],
-                        home=home_dir,
+                        home=posix_path(home_dir) if home_dir else None,
                         shell=user.get("shell", [None])[0],
                         source=path,
                     )

{dissect.target-3.20.dev12.dist-info → dissect.target-3.20.dev14.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.20.dev12
+Version: 3.20.dev14
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.20.dev12.dist-info → dissect.target-3.20.dev14.dist-info}/RECORD RENAMED Viewed

@@ -170,7 +170,7 @@ dissect/target/plugins/filesystem/resolver.py,sha256=HfyASUFV4F9uD-yFXilFpPTORAs
 dissect/target/plugins/filesystem/walkfs.py,sha256=rklbN805roy2fKAQe5L1JhTvI0qNgGS70ZNGFwevLB0,2740
 dissect/target/plugins/filesystem/yara.py,sha256=zh4hU3L_egddLqDeaHDVuCWYhTlNzPYPVak36Q6IMxI,6621
 dissect/target/plugins/filesystem/ntfs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/filesystem/ntfs/mft.py,sha256=6r2uQrvJsuHGpKxx4vQPBuZ9yGLj-d8RS5y289-VoZI,12384
+dissect/target/plugins/filesystem/ntfs/mft.py,sha256=2YEkdPpMz4WcXHUD4SnB8kCkZgXRgeXgXf827F1nh3w,12429
 dissect/target/plugins/filesystem/ntfs/mft_timeline.py,sha256=vvNFAZbr7s3X2OTYf4ES_L6-XsouTXcTymfxnHfZ1Rw,6791
 dissect/target/plugins/filesystem/ntfs/usnjrnl.py,sha256=uiT1ipmcAo__6VIUi8R_vvIu22vdnjMACKwLSAbzYjs,3704
 dissect/target/plugins/filesystem/ntfs/utils.py,sha256=xG7Lgw9NX4tDDrZVRm0vycFVJTOM7j-HrjqzDh0f4uA,3136
@@ -211,7 +211,7 @@ dissect/target/plugins/os/unix/bsd/ios/_os.py,sha256=VlJXGxkQZ4RbGbSC-FlbR2YWOJp
 dissect/target/plugins/os/unix/bsd/openbsd/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/bsd/openbsd/_os.py,sha256=9npz-osM-wHmjOACUqof5N5HJeps7J8KuyenUS5MZDs,923
 dissect/target/plugins/os/unix/bsd/osx/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/os/unix/bsd/osx/_os.py,sha256=PKh8VM_O0FmmYy7UMPth6uhusCJzekla20sUPK6esRg,3416
+dissect/target/plugins/os/unix/bsd/osx/_os.py,sha256=_ceh3R9hHsQrYM-vX8c_9igT3luM3oQebTMem8vFb1E,3497
 dissect/target/plugins/os/unix/bsd/osx/network.py,sha256=j2yq2QTAmAuZBu3j0vHnHHxkUyeB4b-6WdUSWCE_QsE,3691
 dissect/target/plugins/os/unix/bsd/osx/user.py,sha256=qopB0s3n7e6Q7NjWzn8Z-dKtDtU7e6In4Vm7hIvvedo,2322
 dissect/target/plugins/os/unix/esxi/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -365,10 +365,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.20.dev12.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.20.dev12.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.20.dev12.dist-info/METADATA,sha256=PD0L9p9grMOhAAKSl17OUW03GOBhlRdnI6qX6nyKWT0,12897
-dissect.target-3.20.dev12.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
-dissect.target-3.20.dev12.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
-dissect.target-3.20.dev12.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.20.dev12.dist-info/RECORD,,
+dissect.target-3.20.dev14.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.20.dev14.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.20.dev14.dist-info/METADATA,sha256=yLrkWdIhYUoYMdbxfNR2byfx4W0uKfC0LWE9ldpzZVg,12897
+dissect.target-3.20.dev14.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
+dissect.target-3.20.dev14.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
+dissect.target-3.20.dev14.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.20.dev14.dist-info/RECORD,,

{dissect.target-3.20.dev12.dist-info → dissect.target-3.20.dev14.dist-info}/COPYRIGHT RENAMED Viewed

File without changes

{dissect.target-3.20.dev12.dist-info → dissect.target-3.20.dev14.dist-info}/LICENSE RENAMED Viewed

File without changes

{dissect.target-3.20.dev12.dist-info → dissect.target-3.20.dev14.dist-info}/WHEEL RENAMED Viewed

File without changes

{dissect.target-3.20.dev12.dist-info → dissect.target-3.20.dev14.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{dissect.target-3.20.dev12.dist-info → dissect.target-3.20.dev14.dist-info}/top_level.txt RENAMED Viewed

File without changes

dissect.target 3.20.dev12__py3-none-any.whl → 3.20.dev14__py3-none-any.whl

dissect.target 3.20.dev12py3-none-any.whl → 3.20.dev14py3-none-any.whl