acquire.acquire.hashes

Module Contents

Classes

HashFunc

Sortable and serializible string-based enum

Functions

get_paths_from_dir

Yield paths that match provided glob pattern and extensions values

get_path_details

Calculate and return the details for specified path.

filter_out_nonfiles

Filter out paths that are not files

filter_out_huge_files

Filter out paths that are larger than max_size_bytes value

filter_out_by_value_match

Filter out paths where file data matches the provided value at the specified offsets

filter_out_by_path_match

Filter out paths that match provided regex pattern

collect_hashes

Walk through the paths, calculate hashes and return details per path.

serialize_into_csv

Serialize provided rows into normal or gzip-compressed CSV, and return a tuple

Attributes

log

PROGRESS_LOG_STEP

CSV_COLUMNS

acquire.acquire.hashes.log
class acquire.acquire.hashes.HashFunc

Bases: acquire.utils.StrEnum

Sortable and serializible string-based enum

MD5 = 'md5'
SHA1 = 'sha1'
SHA256 = 'sha256'
as_hashlib_method()
acquire.acquire.hashes.PROGRESS_LOG_STEP = 10000
acquire.acquire.hashes.CSV_COLUMNS
acquire.acquire.hashes.get_paths_from_dir(target: dissect.target.Target, glob: str, extensions: Set[str] | None = None) Generator[pathlib.Path, None, None]

Yield paths that match provided glob pattern and extensions values

acquire.acquire.hashes.get_path_details(path: dissect.target.helpers.fsutil.TargetPath, hash_funcs: Iterable[HashFunc] | None = None) Tuple

Calculate and return the details for specified path.

The details include file size and hashes, calculated for hash functions provided in hash_funcs.

acquire.acquire.hashes.filter_out_nonfiles(paths: Iterable[pathlib.Path]) Generator[pathlib.Path, None, None]

Filter out paths that are not files

acquire.acquire.hashes.filter_out_huge_files(paths: Iterable[pathlib.Path], *, max_size_bytes: int) Iterable[pathlib.Path]

Filter out paths that are larger than max_size_bytes value

acquire.acquire.hashes.filter_out_by_value_match(paths: Iterable[pathlib.Path], *, value: bytes, offsets: Iterable[int] = (0,)) Generator[pathlib.Path, None, None]

Filter out paths where file data matches the provided value at the specified offsets

acquire.acquire.hashes.filter_out_by_path_match(paths: Iterable[pathlib.Path], *, re_pattern: str, re_flags: re.RegexFlag = re.IGNORECASE) Iterable[pathlib.Path]

Filter out paths that match provided regex pattern

acquire.acquire.hashes.collect_hashes(target: dissect.target.Target, specs: Iterable[Iterable[Tuple]], path_filters: Iterable[Callable[[Iterable[pathlib.Path]], Iterable[pathlib.Path]]] = None) Generator[Tuple, None, None]

Walk through the paths, calculate hashes and return details per path.

Spec contains a path selector and a list of hash functions to compute against the paths. For example:

[

(“dir”, (“sysvol/Windows/”, (“exe”, “dll”, “sys”))), (HashFunc.MD5, HashFunc.SHA1)

]

acquire.acquire.hashes.serialize_into_csv(rows: Iterable[List], compress: bool = True) Tuple[int, bytes]

Serialize provided rows into normal or gzip-compressed CSV, and return a tuple containing the number of rows processed and the result bytes.