Update for TSK>4.7.0 (APFS support)?

py4n6 / pytsk

Python bindings for The Sleuth Kit (libtsk)

Apache License 2.0

92 stars 24 forks source link

Update for TSK>4.7.0 (APFS support)? #59

Closed ewalkup closed 4 years ago

ewalkup commented 4 years ago

I'd like to use pytsk to parse APFS filesystems, which TSK added support for in 4.8.0 (they are currently on release 4.9.0).

Any chance of getting an update?

I did try:

using python3 setup.py update --use-head
changing the tag in setup.py to 4.8.0 or 4.9.0 (and updating) before building

But in both cases, running import pytsk3 afterwards causes Python to segfault.

Using Python 3.6.9 on Ubuntu 18.04.

joachimmetz commented 4 years ago

Any chance of getting an update?

Not soon, unless you want to put some effort into this yourself. libtsk 4.8 broke many things (including clang and HFS support), so I definitely not recommend running that version. Not sure if the HFS issues have been addressed in 4.9 since the issue on the github tracker is till open.

However pytsk would also need to be extended with the libtsk "pool system" support to handle APFS, unclear how much work this is.

I'd like to use pytsk to parse APFS filesystems

I recommend using an alternative like pyfsapfs or dfVFS instead

ewalkup commented 4 years ago

Makes sense, sadly. Thanks for the suggestions, I'll look into them.

joachimmetz commented 4 years ago

https://github.com/py4n6/pytsk/issues/64