esedbrc package
Submodules
esedbrc.definitions module
Definitions.
esedbrc.file_entry_lister module
Volume scanner for ESE databases.
- class esedbrc.file_entry_lister.ESEDatabaseFileEntryLister(*args: Any, **kwargs: Any)[source]
Bases:
FileEntryLister
ESE database file entry lister.
esedbrc.resources module
ESE database resources.
- class esedbrc.resources.DatabaseDefinition[source]
Bases:
object
Database definition.
- artifact_definition
name of the corresponding Digital Forensics Artifact definition.
- Type:
str
- database_identifier
identifier of the database type.
- Type:
str
- class esedbrc.resources.EseColumnDefinition(column_identifier, column_name, column_type)[source]
Bases:
object
ESE database column definition.
- identifier
column identifier.
- Type:
str
- name
column name.
- Type:
str
- type
column type.
- Type:
str
- class esedbrc.resources.EseTableDefinition(table_name, template_table_name)[source]
Bases:
object
ESE database table definition.
- aliases
table name aliases.
- Type:
list[str]
- column_definitions
column definitions.
- Type:
list[EseColumnDefinition]
- name
table name.
- Type:
str
- template_table_name
template table name.
- Type:
str
- AddColumnDefinition(column_identifier, column_name, column_type)[source]
Adds a column.
- Parameters:
column_identifier (int) – column identifier.
column_name (str) – column name.
column_type (int) – column type.
esedbrc.schema_extractor module
ESE database schema extractor.
- class esedbrc.schema_extractor.EseDbSchemaExtractor(artifact_definitions, mediator=None)[source]
Bases:
object
ESE database schema extractor.
- ExtractSchemas(path, options=None)[source]
Extracts database schemas from the path.
- Parameters:
path (str) – path of a ESE database file or storage media image containing ESE database files.
options (Optional[dfvfs.VolumeScannerOptions]) – volume scanner options. If None the default volume scanner options are used, which are defined in the dfVFS VolumeScannerOptions class.
- Yields:
tuple[str, dict[str, str]] –
- known database type identifier or the name of
the ESE database file if not known and schema.
- FormatSchema(schema, output_format)[source]
Formats a schema into a word-wrapped string.
- Parameters:
schema (dict[str, str]) – schema as an SQL query per table name.
output_format (str) – output format.
- Returns:
formatted schema.
- Return type:
str
- Raises:
RuntimeError – if a query could not be parsed.
- GetDisplayPath(path_segments, data_stream_name=None)[source]
Retrieves a path to display.
- Parameters:
path_segments (list[str]) – path segments of the full path of the file entry.
data_stream_name (Optional[str]) – name of the data stream.
- Returns:
path to display.
- Return type:
str
- __init__(artifact_definitions, mediator=None)[source]
Initializes a ESE database file schema extractor.
- Parameters:
artifact_definitions (str) – path to a single artifact definitions YAML file or a directory of definitions YAML files.
mediator (Optional[dfvfs.VolumeScannerMediator]) – a volume scanner mediator.
esedbrc.yaml_definitions_file module
YAML-based database definitions file.
- class esedbrc.yaml_definitions_file.YAMLDatabaseDefinitionsFile[source]
Bases:
object
YAML-based database definitions file.
A YAML-based database definitions file contains one or more database definitions. A database definition consists of:
artifact_definition: SafariCacheSQLiteDatabaseFile database_identifier: safari:cache.db
Where: * artifact_definition, name of the corresponding Digital Forensics Artifact
definition.
database_identifier, identifier of the database type.
Module contents
Extensible Storage Engine (ESE) Database resources (esedbrc).