Skip to content

Python development

Jump to bottom
Joachim Metz edited this page Jan 8, 2022 · 1 revision

libphdi comes with Python-bindings named pyphdi.

Below are examples how use pyphdi. They assume you have a working version of pyphdi on your system. To build pyphdi see Building.

Import

To be able to use pyphdi in your Python scripts add the following import:

import pyphdi

Get version

The get_version() module function can be used to retrieve the version of the pyphdi.

pyphdi.get_version()

This will return a textual string (Unicode) that contains the libphdi version. Since pyphdi is a wrapper around libphdi it does not have a separate version.

Open handle

Open a handle by path

phdi_handle = pyphdi.handle()

phdi_handle.open("harddisk.hdd")
phdi_handle.open_extent_data_files()

...

phdi_handle.close()

The explicit call to phdi_handle.close() is not required. Close only must be called once all operations on the handle have been completed.

Open a handle using a file-like object

file_object = open("harddisk.hdd", "rb")

phdi_handle = pyphdi.handle()

phdi_handle.open_file_object(file_object)
base_directory = os.path.dirname(filename)

extent_data_files = []
for extent_descriptor in phdi_handle.extent_descriptors:
  extent_data_filename = extent_descriptor.filename

  _, path_separator, filename = extent_data_filename.rpartition("/")
  if not path_separator:
    _, path_separator, filename = extent_data_filename.rpartition("\\")

  if not path_separator:
    filename = extent_data_filename

  extent_data_file_path = os.path.join(base_directory, filename)

  if not os.path.exists(extent_data_file_path):
    break

  extent_data_files.append(extent_data_file_path)

if len(extent_data_files) != phdi_handle.number_of_extents:
  raise RuntimeError("Unable to locate all extent data files.")

file_objects = []
for extent_data_file_path in extent_data_files:
  file_object = open(extent_data_file_path, "rb")
  file_objects.append(file_object)

phdi_handle.open_extent_data_files_file_objects(file_objects)

...

phdi_handle.close()

The explicit call to phdi_handle.close() is not required. Close only must be called once all operations on the handle have been completed and will not close the file-like object itself.

Examples

Combining pyphdi with pytsk3

The following additional import is required:

import pytsk3

class phdi_Img_Info(pytsk3.Img_Info):
  def __init__(self, phdi_handle):
    self._phdi_handle = phdi_handle
    super(phdi_Img_Info, self).__init__(
        url="", type=pytsk3.TSK_IMG_TYPE_EXTERNAL)

  def close(self):
    self._phdi_handle.close()

  def read(self, offset, size):
    self._phdi_handle.seek(offset)
    return self._phdi_handle.read(size)

  def get_size(self):
    return self._phdi_handle.get_media_size()


phdi_handle = pyphdi.handle()

phdi_handle.open("harddisk.hdd")
phdi_handle.open_extent_data_files()

img_info = phdi_Img_Info(phdi_handle)

fs_info = pytsk3.FS_Info(img_info, offset=63 * 512)

Also see

import pyphdi

help(pyphdi)
help(pyphdi.handle)

Clone this wiki locally