Issue 276290043: Added initial version of NTFS UsnJrnl parser #316

Issue 276290043: Added initial version of NTFS UsnJrnl parser #316 (Closed)

Can't Edit
Can't Publish+Mail
Start Review

Created:
8 years, 4 months ago by Joachim Metz

Modified:
8 years, 4 months ago

Reviewers:
Joachim Metz, kiddi, onager

CC:
log2timeline-dev_googlegroups.com

Visibility:
Public.

More Reviews

Description

Added initial version of NTFS UsnJrnl parser #316

Patch Set 2 : Changes after review #

Patch Set 3 : Changes after review #

Total comments: 2

Patch Set 4 : Changes after review. #

Created: 8 years, 4 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+412 lines, -91 lines)			Patch
M	plaso/dependencies.py	View		1 chunk	+1 line, -1 line	0 comments	Download
M	plaso/engine/worker.py	View	1 2 3	6 chunks	+49 lines, -25 lines	0 comments	Download
M	plaso/events/file_system_events.py	View	1	3 chunks	+66 lines, -13 lines	0 comments	Download
M	plaso/formatters/file_system.py	View	1	2 chunks	+104 lines, -5 lines	0 comments	Download
M	plaso/lib/binary.py	View	1	7 chunks	+8 lines, -8 lines	0 comments	Download
M	plaso/parsers/ntfs.py	View	1 2	2 chunks	+98 lines, -1 line	0 comments	Download
M	plaso/parsers/olecf_plugins/automatic_destinations.py	View	1	2 chunks	+2 lines, -2 lines	0 comments	Download
M	plaso/parsers/recycler.py	View	1	2 chunks	+2 lines, -2 lines	0 comments	Download
M	plaso/parsers/winjob.py	View	1	2 chunks	+6 lines, -6 lines	0 comments	Download
M	plaso/parsers/winprefetch.py	View	1	4 chunks	+4 lines, -4 lines	0 comments	Download
M	plaso/parsers/winreg_plugins/appcompatcache.py	View	1	3 chunks	+3 lines, -3 lines	0 comments	Download
M	plaso/parsers/winreg_plugins/mrulist.py	View	1	1 chunk	+1 line, -1 line	0 comments	Download
M	plaso/parsers/winreg_plugins/mrulistex.py	View	1	1 chunk	+1 line, -1 line	0 comments	Download
M	plaso/parsers/winreg_plugins/sam_users.py	View	1	1 chunk	+3 lines, -3 lines	0 comments	Download
A +	test_data/usnjrnl.qcow2	View		0 chunks	+-1 lines, --1 lines	0 comments	Download
M	tests/lib/binary.py	View	1	5 chunks	+17 lines, -17 lines	0 comments	Download
M	tests/parsers/ntfs.py	View		1 chunk	+48 lines, -0 lines	0 comments	Download

Messages

Total messages: 10

Expand All Messages | Collapse All Messages

onager

https://codereview.appspot.com/276290043/diff/1/plaso/engine/worker.py File plaso/engine/worker.py (right): https://codereview.appspot.com/276290043/diff/1/plaso/engine/worker.py#newcode488 plaso/engine/worker.py:488: logging.debug(u'[ProcessFileEntry] parsing file: {0:s}'.format( Can you change this log ...

8 years, 4 months ago (2015-12-04 11:11:45 UTC) #2

Joachim Metz

8 years, 4 months ago (2015-12-05 07:28:19 UTC) #3

onager

https://codereview.appspot.com/276290043/diff/1/plaso/parsers/ntfs.py File plaso/parsers/ntfs.py (right): https://codereview.appspot.com/276290043/diff/1/plaso/parsers/ntfs.py#newcode276 plaso/parsers/ntfs.py:276: u'{0:s}').format(exception)) On 2015/12/05 07:28:19, Joachim Metz wrote: > On ...

8 years, 4 months ago (2015-12-05 08:21:43 UTC) #5

Joachim Metz

8 years, 4 months ago (2015-12-06 17:32:57 UTC) #6

onager

One little tidy up, but LGTM https://codereview.appspot.com/276290043/diff/40001/plaso/engine/worker.py File plaso/engine/worker.py (right): https://codereview.appspot.com/276290043/diff/40001/plaso/engine/worker.py#newcode494 plaso/engine/worker.py:494: is_metadata_file = self._IsMetadataFile(file_entry) ...

8 years, 4 months ago (2015-12-08 20:25:02 UTC) #8

Joachim Metz

8 years, 4 months ago (2015-12-08 22:06:18 UTC) #10

https://codereview.appspot.com/276290043/diff/40001/plaso/engine/worker.py
File plaso/engine/worker.py (right):

https://codereview.appspot.com/276290043/diff/40001/plaso/engine/worker.py#ne...
plaso/engine/worker.py:494: is_metadata_file = self._IsMetadataFile(file_entry)
On 2015/12/08 20:25:01, onager wrote:
> This can be moved to the condition now, no need for a separate variable.

Acknowledged.

Expand All Messages | Collapse All Messages