mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-09 06:39:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove object ID from unalloc files in tsk_files and from regripper output file names.

Browse Source
This commit is contained in:
apriestman 2020-07-13 20:50:58 -04:00
parent 8787bb69e4
commit ff6ebb1fb5
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
test/script/tskdbdiff.py
View File

@ -465,6 +465,8 @@ def normalize_db_entry(line, files_table, vs_parts_table, vs_info_table, fs_info
# remove object ID # remove object ID
if files_index: if files_index:
newLine = ('INSERT INTO "tsk_files" VALUES(' + ', '.join(fields_list[1:]) + ');') newLine = ('INSERT INTO "tsk_files" VALUES(' + ', '.join(fields_list[1:]) + ');')
# Remove object ID from Unalloc file name
newLine = re.sub('Unalloc_[0-9]+_', 'Unalloc_', newLine)
return newLine return newLine
# remove object ID # remove object ID
elif vs_parts_index: elif vs_parts_index:
@ -504,6 +506,7 @@ def normalize_db_entry(line, files_table, vs_parts_table, vs_info_table, fs_info
obj_id = fields_list[0] obj_id = fields_list[0]
path= files_table[int(obj_id)] path= files_table[int(obj_id)]
newLine = ('INSERT INTO "tsk_file_layout" VALUES(' + path + ', ' + ', '.join(fields_list[1:]) + ');') newLine = ('INSERT INTO "tsk_file_layout" VALUES(' + path + ', ' + ', '.join(fields_list[1:]) + ');')
# Remove object ID from Unalloc file name
newLine = re.sub('Unalloc_[0-9]+_', 'Unalloc_', newLine) newLine = re.sub('Unalloc_[0-9]+_', 'Unalloc_', newLine)
return newLine return newLine
# remove object ID # remove object ID
@ -565,7 +568,9 @@ def normalize_db_entry(line, files_table, vs_parts_table, vs_info_table, fs_info
parent_path = parent_path[parent_path.find('ModuleOutput'):] parent_path = parent_path[parent_path.find('ModuleOutput'):]
if path and parent_path: if path and parent_path:
# Remove object ID from Unalloc file names and regripper output
path = re.sub('Unalloc_[0-9]+_', 'Unalloc_', path) path = re.sub('Unalloc_[0-9]+_', 'Unalloc_', path)
path = re.sub('regripper\-[0-9]+\-full', 'regripper-full', path)
parent_path = re.sub('Unalloc_[0-9]+_', 'Unalloc_', parent_path) parent_path = re.sub('Unalloc_[0-9]+_', 'Unalloc_', parent_path)
return newLine + path + ', ' + parent_path + ', ' + ', '.join(fields_list[2:]) + ');' return newLine + path + ', ' + parent_path + ', ' + ', '.join(fields_list[2:]) + ');'
else: else: