dissect.fve.bde.eow
¶
Module Contents¶
Classes¶
Bitlocker EOW Information. |
|
Bitlocker EOW Bitmap. |
|
Bitlocker EOW Bitmap Record. |
- class dissect.fve.bde.eow.EowInformation(fh: BinaryIO, offset: int)¶
Bitlocker EOW Information.
- fh¶
- offset¶
- header¶
- is_valid() bool ¶
- property size: int¶
- property chunk_size: int¶
- property conv_log_size: int¶
- class dissect.fve.bde.eow.EowBitmap(fh: BinaryIO, offset: int)¶
Bitlocker EOW Bitmap.
A bitmap contains multiple bitmap records, but only one record is active. The active record is determined by the Lsn field in the header. The record with the highest Lsn is the active record.
It looks like the number of bitmap records is hardcoded to 2, but let’s keep the implementation flexible.
- fh¶
- offset¶
- header¶
- __repr__() str ¶
- is_valid() bool ¶
- runs(chunk: int, length: int) Iterator[tuple[int, int]] ¶
- property size: int¶
- property region_offset: int¶
- property region_size: int¶
- property conv_log_offset: int¶
- property active_record: EowBitmapRecord¶
- property records: list[EowBitmapRecord]¶
- class dissect.fve.bde.eow.EowBitmapRecord(fh: BinaryIO)¶
Bitlocker EOW Bitmap Record.
The record holding the actual bitmap. Each bit indicates a chunk with the size defined by the EOW information. The Lsn is the sequence number of that record.
The flags are currently unknown, but seem related to an encrypted/decrypted state.
- fh¶
- header¶
- __repr__() str ¶
- is_valid() bool ¶
- runs(chunk: int, length: int) Iterator[tuple[int, int]] ¶
- property size: int¶
- property bitmap_size: int¶
- property sequence_number: int¶