/usr/share/autopsy/lib/Filesystem.pm is in autopsy 2.24-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 | #
# File system layer functions
#
# Brian Carrier [carrier@sleuthkit.org]
# Copyright (c) 2001-2005 by Brian Carrier. All rights reserved
#
# This file is part of the Autopsy Forensic Browser (Autopsy)
#
# Autopsy is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Autopsy is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Autopsy; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR PURPOSE.
# IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, LOSS OF USE, DATA, OR PROFITS OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Updated 1/13
package Filesystem;
$Filesystem::STATS = 0;
sub main {
# By default, show the main window
$Args::args{'view'} = $Args::enc_args{'view'} = $Filesystem::STATS
unless (exists $Args::args{'view'});
Args::check_view();
my $view = Args::get_view();
# Check Basic Args
Args::check_vol('vol');
# These windows don't need the meta data address
if ($view == $Filesystem::STATS) {
return stats();
}
else {
Print::print_check_err("Invalid File System View");
}
}
sub stats_disk {
Print::print_html_header("Disk Status");
my $vol = Args::get_vol('vol');
my $img = $Caseman::vol2path{$vol};
my $imgtype = $Caseman::vol2itype{$vol};
my $offset = $Caseman::vol2start{$vol};
my $dtype = $Caseman::vol2dtype{$vol};
# Run 'mmls' on the image
Exec::exec_pipe(*OUT,
"'$::TSKDIR/mmls' -o $offset -i $imgtype -t $dtype -r $img");
# cycle through results and add each to table with file system type
print "<center><h3>Disk Image Details</h3></center>\n";
print "<b>PARTITION INFORMATION</b><p>\n";
while ($_ = Exec::read_pipe_line(*OUT)) {
print "<tt>$_</tt><br>\n";
}
return 0;
}
############ FILE SYSTEM ##################
sub stats {
my $vol = Args::get_vol('vol');
return stats_disk() if ($Caseman::vol2cat{$vol} eq "disk");
Print::print_html_header("File System Status");
my $ftype = $Caseman::vol2ftype{$vol};
my $img = $Caseman::vol2path{$vol};
my $offset = $Caseman::vol2start{$vol};
my $imgtype = $Caseman::vol2itype{$vol};
Print::log_host_inv(
"$Caseman::vol2sname{$vol}: Displaying file system details");
print "<center><h3>General File System Details</h3></center><p>\n";
my $fat = 0;
local *OUT;
Exec::exec_pipe(*OUT,
"'$::TSKDIR/fsstat' -f $ftype -o $offset -i $imgtype $img");
while ($_ = Exec::read_pipe_line(*OUT)) {
if (/\-\-\-\-\-\-\-\-\-\-/) {
# Ignore these and print them ahead of the headers
}
# need the space to prevent NTFS STD_INFORMATION from triggering it
elsif (/ INFORMATION/) {
print "<hr><b>$_</b><p>\n";
}
elsif (($ftype =~ /fat/) && ($_ =~ /FAT CONTENTS/)) {
print "<hr><b>$_</b><p>\n";
# Set the flag if we reach the FAT
$fat = 1;
}
# Special case for FAT
# We will be giving hyperlinks in the FAT table dump
elsif ($fat == 1) {
# Ignore the divider
if (/\-\-\-\-\-\-\-\-\-\-/) {
print "$_<br>";
next;
}
if (/^((\d+)\-\d+\s+\((\d+)\)) \-\> ([\w]+)$/) {
my $full = $1;
my $blk = $2;
my $len = $3;
my $next = $4;
# Print the tag so that other FAT entries can link to it
print "<a name=\"$blk\">\n";
print
"<a href=\"$::PROGNAME?$Args::baseargs&mod=$::MOD_FRAME&submod=$::MOD_DATA&"
. "block=$blk&len=$len\" target=\"_top\">$full</a> -> ";
if ($next eq 'EOF') {
print "EOF<br>\n";
}
else {
print "<a href=\"#$next\">$next</a><br>\n";
}
}
else {
$fat = 0;
print "$_<br>";
}
}
else {
print "$_<br>";
}
}
close(OUT);
Print::print_html_footer();
return 0;
}
1;
|