dissect.target 3.20.dev13__py3-none-any.whl → 3.20.dev14__py3-none-any.whl
Sign up to get free protection for your applications and to get access to all the features.
- dissect/target/plugins/filesystem/ntfs/mft.py +8 -6
- {dissect.target-3.20.dev13.dist-info → dissect.target-3.20.dev14.dist-info}/METADATA +1 -1
- {dissect.target-3.20.dev13.dist-info → dissect.target-3.20.dev14.dist-info}/RECORD +8 -8
- {dissect.target-3.20.dev13.dist-info → dissect.target-3.20.dev14.dist-info}/COPYRIGHT +0 -0
- {dissect.target-3.20.dev13.dist-info → dissect.target-3.20.dev14.dist-info}/LICENSE +0 -0
- {dissect.target-3.20.dev13.dist-info → dissect.target-3.20.dev14.dist-info}/WHEEL +0 -0
- {dissect.target-3.20.dev13.dist-info → dissect.target-3.20.dev14.dist-info}/entry_points.txt +0 -0
- {dissect.target-3.20.dev13.dist-info → dissect.target-3.20.dev14.dist-info}/top_level.txt +0 -0
|
@@ -105,6 +105,7 @@ FilesystemMACBRecord = TargetRecordDescriptor(
|
|
|
105
105
|
("filesize", "filesize"),
|
|
106
106
|
("boolean", "resident"),
|
|
107
107
|
("boolean", "inuse"),
|
|
108
|
+
("boolean", "ads"),
|
|
108
109
|
("string", "volume_uuid"),
|
|
109
110
|
],
|
|
110
111
|
)
|
|
@@ -151,7 +152,7 @@ class MftPlugin(Plugin):
|
|
|
151
152
|
"--macb",
|
|
152
153
|
group="fmt",
|
|
153
154
|
action="store_true",
|
|
154
|
-
help="compacts
|
|
155
|
+
help="compacts MFT timestamps into MACB bitfield (format: MACB[standard|ads]/MACB[filename])",
|
|
155
156
|
)
|
|
156
157
|
def mft(
|
|
157
158
|
self, compact: bool = False, fs: int | None = None, start: int = 0, end: int = -1, macb: bool = False
|
|
@@ -342,12 +343,13 @@ def macb_aggr(records: list[Record]) -> Iterator[Record]:
|
|
|
342
343
|
for record in records:
|
|
343
344
|
found = False
|
|
344
345
|
|
|
345
|
-
|
|
346
|
-
|
|
346
|
+
offset = 0
|
|
347
|
+
if not getattr(record, "ads", False):
|
|
348
|
+
offset = int(record._desc.name == "filesystem/ntfs/mft/filename") * 5
|
|
347
349
|
|
|
348
|
-
field = "MACB".find(record.ts_type) +
|
|
350
|
+
field = "MACB".find(record.ts_type) + offset
|
|
349
351
|
for macb in macbs:
|
|
350
|
-
if macb.ts == record.ts:
|
|
352
|
+
if macb.ts == record.ts and macb.path == record.path:
|
|
351
353
|
macb.macb = macb_set(macb.macb, field, record.ts_type)
|
|
352
354
|
found = True
|
|
353
355
|
break
|
|
@@ -356,7 +358,7 @@ def macb_aggr(records: list[Record]) -> Iterator[Record]:
|
|
|
356
358
|
continue
|
|
357
359
|
|
|
358
360
|
macb = FilesystemMACBRecord.init_from_record(record)
|
|
359
|
-
macb.macb = "
|
|
361
|
+
macb.macb = "..../...."
|
|
360
362
|
macb.macb = macb_set(macb.macb, field, record.ts_type)
|
|
361
363
|
|
|
362
364
|
macbs.append(macb)
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: dissect.target
|
|
3
|
-
Version: 3.20.
|
|
3
|
+
Version: 3.20.dev14
|
|
4
4
|
Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
|
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
|
6
6
|
License: Affero General Public License v3
|
|
@@ -170,7 +170,7 @@ dissect/target/plugins/filesystem/resolver.py,sha256=HfyASUFV4F9uD-yFXilFpPTORAs
|
|
|
170
170
|
dissect/target/plugins/filesystem/walkfs.py,sha256=rklbN805roy2fKAQe5L1JhTvI0qNgGS70ZNGFwevLB0,2740
|
|
171
171
|
dissect/target/plugins/filesystem/yara.py,sha256=zh4hU3L_egddLqDeaHDVuCWYhTlNzPYPVak36Q6IMxI,6621
|
|
172
172
|
dissect/target/plugins/filesystem/ntfs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
173
|
-
dissect/target/plugins/filesystem/ntfs/mft.py,sha256=
|
|
173
|
+
dissect/target/plugins/filesystem/ntfs/mft.py,sha256=2YEkdPpMz4WcXHUD4SnB8kCkZgXRgeXgXf827F1nh3w,12429
|
|
174
174
|
dissect/target/plugins/filesystem/ntfs/mft_timeline.py,sha256=vvNFAZbr7s3X2OTYf4ES_L6-XsouTXcTymfxnHfZ1Rw,6791
|
|
175
175
|
dissect/target/plugins/filesystem/ntfs/usnjrnl.py,sha256=uiT1ipmcAo__6VIUi8R_vvIu22vdnjMACKwLSAbzYjs,3704
|
|
176
176
|
dissect/target/plugins/filesystem/ntfs/utils.py,sha256=xG7Lgw9NX4tDDrZVRm0vycFVJTOM7j-HrjqzDh0f4uA,3136
|
|
@@ -365,10 +365,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
|
|
|
365
365
|
dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
|
|
366
366
|
dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
|
|
367
367
|
dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
|
|
368
|
-
dissect.target-3.20.
|
|
369
|
-
dissect.target-3.20.
|
|
370
|
-
dissect.target-3.20.
|
|
371
|
-
dissect.target-3.20.
|
|
372
|
-
dissect.target-3.20.
|
|
373
|
-
dissect.target-3.20.
|
|
374
|
-
dissect.target-3.20.
|
|
368
|
+
dissect.target-3.20.dev14.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
|
|
369
|
+
dissect.target-3.20.dev14.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
|
|
370
|
+
dissect.target-3.20.dev14.dist-info/METADATA,sha256=yLrkWdIhYUoYMdbxfNR2byfx4W0uKfC0LWE9ldpzZVg,12897
|
|
371
|
+
dissect.target-3.20.dev14.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
|
|
372
|
+
dissect.target-3.20.dev14.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
|
|
373
|
+
dissect.target-3.20.dev14.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
|
|
374
|
+
dissect.target-3.20.dev14.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{dissect.target-3.20.dev13.dist-info → dissect.target-3.20.dev14.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
|
File without changes
|