[sleuthkit-users] python tsk
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] python tsk
|
From: alan b. <ala...@gm...> - 2013-09-20 11:46:25
|
Hello list
I seem to be stuck at step 3. I have been able to open the filesystem at
a particular offset to get access to the partition but I am looking at
how I can get a list of directory paths and/or inodes within that
partition. As per the wiki page, to open the directory node assumes that
I know the inode or directory path.
## Step 1: get an IMG_INFO object
img= pytsk3.Img_Info(url)
## Step 2: Open the filesystem
fs= pytsk3.FS_Info(img)
## Step 3: Open the directory node this will open the node based on path
## or inode as specified.
directory= fs.open_dir(path=path, inode=inode)
## Step 4: Iterate over all files in the directory and print their
## name. What you get in each iteration is a proxy object for the
## TSK_FS_FILE struct - you can further dereference this struct into a
## TSK_FS_NAME and TSK_FS_META structs.
for fin directory:
print f.info.meta.size, f.info.name.name
--
Regards
###########################
# #
# Alan Browne #
# #
###########################
|
