acquire.acquire.hashes

Module Contents

Classes

HashFunc

Sortable and serializible string-based enum

Functions

get_paths_from_dir

Yield paths that match provided glob pattern and extensions values

get_path_details

Calculate and return the details for specified path.

filter_out_nonfiles

Filter out paths that are not files

filter_out_huge_files

Filter out paths that are larger than max_size_bytes value

filter_out_by_value_match

Filter out paths where file data matches the provided value at the specified offsets

filter_out_by_path_match

Filter out paths that match provided regex pattern

collect_hashes

Walk through the paths, calculate hashes and return details per path.

serialize_into_csv

Serialize provided rows into normal or gzip-compressed CSV, and return a tuple

Attributes

log

PROGRESS_LOG_STEP

CSV_COLUMNS

acquire.acquire.hashes.log
class acquire.acquire.hashes.HashFunc

Bases: acquire.utils.StrEnum

Sortable and serializible string-based enum

MD5 = 'md5'
SHA1 = 'sha1'
SHA256 = 'sha256'
as_hashlib_method() Callable[Ellipsis, Any] | None
acquire.acquire.hashes.PROGRESS_LOG_STEP = 10000
acquire.acquire.hashes.CSV_COLUMNS
acquire.acquire.hashes.get_paths_from_dir(target: dissect.target.Target, glob: str, extensions: set[str] | None = None) collections.abc.Iterator[pathlib.Path]

Yield paths that match provided glob pattern and extensions values

acquire.acquire.hashes.get_path_details(path: dissect.target.helpers.fsutil.TargetPath, hash_funcs: collections.abc.Iterator[HashFunc] | None = None) tuple

Calculate and return the details for specified path.

The details include file size and hashes, calculated for hash functions provided in hash_funcs.

acquire.acquire.hashes.filter_out_nonfiles(paths: collections.abc.Iterator[pathlib.Path]) collections.abc.Iterator[pathlib.Path]

Filter out paths that are not files

acquire.acquire.hashes.filter_out_huge_files(paths: collections.abc.Iterator[pathlib.Path], *, max_size_bytes: int) collections.abc.Iterator[pathlib.Path]

Filter out paths that are larger than max_size_bytes value

acquire.acquire.hashes.filter_out_by_value_match(paths: collections.abc.Iterator[pathlib.Path], *, value: bytes, offsets: collections.abc.Iterator[int] = (0,)) collections.abc.Iterator[pathlib.Path]

Filter out paths where file data matches the provided value at the specified offsets

acquire.acquire.hashes.filter_out_by_path_match(paths: collections.abc.Iterator[pathlib.Path], *, re_pattern: str, re_flags: re.RegexFlag = re.IGNORECASE) collections.abc.Iterator[pathlib.Path]

Filter out paths that match provided regex pattern

acquire.acquire.hashes.collect_hashes(target: dissect.target.Target, specs: collections.abc.Iterator[collections.abc.Iterator[tuple]], path_filters: collections.abc.Iterator[Callable[[collections.abc.Iterator[pathlib.Path]], collections.abc.Iterator[pathlib.Path]]] | None = None) collections.abc.Iterator[tuple]

Walk through the paths, calculate hashes and return details per path.

Spec contains a path selector and a list of hash functions to compute against the paths. For example:

[
    ("dir", ("sysvol/Windows/", ("exe", "dll", "sys"))),
    (HashFunc.MD5, HashFunc.SHA1)
]
acquire.acquire.hashes.serialize_into_csv(rows: collections.abc.Iterator[list], compress: bool = True) tuple[int, bytes]

Serialize provided rows into normal or gzip-compressed CSV, and return a tuple containing the number of rows processed and the result bytes.