dissect.evidence#
Subpackages#
Submodules#
Package Contents#
Classes#
ASDF file reader. |
|
ASDF stream from a snapshot. |
|
Expert Witness disk image Format |
- class dissect.evidence.AsdfSnapshot(fh: BinaryIO, recover: bool = False)#
ASDF file reader.
- Parameters:
fh – File-like object to read the ASDF file from.
- contains(idx: int) bool#
Check whether this file contains the given stream index.
- Parameters:
idx – The stream to check.
- open(idx: int) AsdfStream#
Open a specific stream in the file.
- Parameters:
idx – The stream to open.
- streams() AsdfStream#
Iterate over all streams in the file.
- disks() AsdfStream#
Iterate over all non-reserved streams in the file.
- class dissect.evidence.AsdfStream(asdf: AsdfSnapshot, idx: int)#
Bases:
dissect.util.stream.AlignedStreamASDF stream from a snapshot.
- Parameters:
asdf –
AsdfSnapshotparent object.idx – Stream index in the
AsdfSnapshot.
- class dissect.evidence.EWF(fh)#
Bases:
dissect.util.stream.AlignedStreamExpert Witness disk image Format
- read_sectors(sector, count)#