dissect.evidence¶
Subpackages¶
Submodules¶
Package Contents¶
Classes¶
ASDF file reader. |
|
ASDF stream from a snapshot. |
|
Expert Witness Disk Image Format. |
- class dissect.evidence.AsdfSnapshot(fh: BinaryIO, recover: bool = False)¶
ASDF file reader.
- Parameters:
fh – File-like object to read the ASDF file from.
- contains(idx: int) bool¶
Check whether this file contains the given stream index.
- Parameters:
idx – The stream to check.
- open(idx: int) AsdfStream¶
Open a specific stream in the file.
- Parameters:
idx – The stream to open.
- streams() AsdfStream¶
Iterate over all streams in the file.
- disks() AsdfStream¶
Iterate over all non-reserved streams in the file.
- class dissect.evidence.AsdfStream(asdf: AsdfSnapshot, idx: int)¶
Bases:
dissect.util.stream.AlignedStreamASDF stream from a snapshot.
- Parameters:
asdf –
AsdfSnapshotparent object.idx – Stream index in the
AsdfSnapshot.