Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(960)
Issues Repositories Search
Open Issues | Closed Issues | All Issues | Sign in with your Google Account to create issues and add comments

Issue 247350043: Improvements to source scanner. (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
9 years, 4 months ago by Joachim Metz
Modified:
9 years, 4 months ago
Reviewers:
kiddi, onager
CC:
log2timeline-dev_googlegroups.com
Visibility:
Public.

Description

Improvements to source scanner. * TSK analyzer is not signature based * initial BDE support * code clean up

Patch Set 1 #

Total comments: 8

Patch Set 2 : Changes after review. #

Total comments: 2
Unified diffs Side-by-side diffs Delta from patch set Stats (+475 lines, -310 lines) Patch
M dfvfs/analyzer/analyzer.py View 1 2 chunks +3 lines, -0 lines 0 comments Download
M dfvfs/analyzer/tsk_analyzer_helper.py View 2 chunks +29 lines, -17 lines 2 comments Download
M dfvfs/credentials/manager.py View 1 chunk +3 lines, -0 lines 0 comments Download
M dfvfs/dependencies.py View 1 chunk +1 line, -1 line 0 comments Download
M dfvfs/helpers/source_scanner.py View 1 18 chunks +242 lines, -139 lines 0 comments Download
M dfvfs/lib/definitions.py View 1 chunk +3 lines, -0 lines 0 comments Download
M examples/source_analyzer.py View 1 8 chunks +95 lines, -59 lines 0 comments Download
M tests/helpers/source_scanner.py View 2 chunks +99 lines, -94 lines 0 comments Download

Messages

Total messages: 6
Joachim Metz
9 years, 4 months ago (2015-06-27 12:48:43 UTC) #1
onager
https://codereview.appspot.com/247350043/diff/1/dfvfs/analyzer/analyzer.py File dfvfs/analyzer/analyzer.py (right): https://codereview.appspot.com/247350043/diff/1/dfvfs/analyzer/analyzer.py#newcode114 dfvfs/analyzer/analyzer.py:114: scanner_object.set_scan_buffer_size(33 * 1024) Why this size? Extra to a ...
9 years, 4 months ago (2015-06-29 13:43:14 UTC) #2
Joachim Metz
https://codereview.appspot.com/247350043/diff/1/dfvfs/analyzer/analyzer.py File dfvfs/analyzer/analyzer.py (right): https://codereview.appspot.com/247350043/diff/1/dfvfs/analyzer/analyzer.py#newcode114 dfvfs/analyzer/analyzer.py:114: scanner_object.set_scan_buffer_size(33 * 1024) On 2015/06/29 13:43:14, onager wrote: > ...
9 years, 4 months ago (2015-06-29 17:35:21 UTC) #3
Joachim Metz
Code updated.
9 years, 4 months ago (2015-06-29 17:38:08 UTC) #4
kiddi
LGTM, one minor comment. Can we then add support for this into plaso? https://codereview.appspot.com/247350043/diff/20001/dfvfs/analyzer/tsk_analyzer_helper.py File ...
9 years, 4 months ago (2015-06-30 03:32:50 UTC) #5
Joachim Metz
9 years, 4 months ago (2015-06-30 04:54:19 UTC) #6 
https://codereview.appspot.com/247350043/diff/20001/dfvfs/analyzer/tsk_analyz...
File dfvfs/analyzer/tsk_analyzer_helper.py (right):

https://codereview.appspot.com/247350043/diff/20001/dfvfs/analyzer/tsk_analyz...
dfvfs/analyzer/tsk_analyzer_helper.py:2: """The SleuthKit (TSK) format analyzer
helper implementation."""
On 2015/06/30 03:32:50, kiddi wrote:
> is this really Sleuthkit TSK format analyzer at this point?

In the sense that it matches the TSK back-end, yes. In the sense that it uses
TSK, no.
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b