mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-07 09:58:54 +00:00
15 lines
626 B
Plaintext
15 lines
626 B
Plaintext
table_name("device_partitions")
|
|
description("Use TSK to enumerate details about partitions on a disk device.")
|
|
schema([
|
|
Column("device", TEXT, "Absolute file path to device node", required=True),
|
|
Column("partition", INTEGER, "A partition number or description"),
|
|
Column("label", TEXT, ""),
|
|
Column("type", TEXT, ""),
|
|
Column("offset", BIGINT, ""),
|
|
Column("blocks_size", BIGINT, "Byte size of each block"),
|
|
Column("blocks", BIGINT, "Number of blocks"),
|
|
Column("inodes", BIGINT, "Number of meta nodes"),
|
|
Column("flags", INTEGER, ""),
|
|
])
|
|
implementation("forensic/sleuthkit@genDevicePartitions")
|