pytsk question

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

pytsk question

David Nides

On windows, running Python 2.7 and pytsk3 version 20140506 opening a file entity is slow on the order of 2 – 4 seconds. The fs_info object is for an active drive. We have tried directly opening the entity using fs_info.open and fs_info.open_dir with similar results. Is there a more performant option to opening directories when traversing a directory tree? Are these times abnormal?


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org
Reply | Threaded
Open this post in threaded view
|

Re: pytsk question

Brian Carrier-2
Hey David,

My first disclaimer is that I’ve never used pytsk.  However, I can speak in general terms that some file systems that have a large number of files (and large MFTs) can be slow to open large directories because it preloads all of the information about the directory when it is opened. Is it for all file systems and all directories or are  you just seeing it now with a new image?

brian



> On Jul 18, 2016, at 11:11 AM, David Nides <[hidden email]> wrote:
>
> On windows, running Python 2.7 and pytsk3 version 20140506 opening a file entity is slow on the order of 2 – 4 seconds. The fs_info object is for an active drive. We have tried directly opening the entity using fs_info.open and fs_info.open_dir with similar results. Is there a more performant option to opening directories when traversing a directory tree? Are these times abnormal?
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity planning
> reports.http://sdm.link/zohodev2dev_______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org