Skip to content

Add NTDS BitLocker recovery information#44

Open
Schamper wants to merge 1 commit intomainfrom
fve-recovery-information
Open

Add NTDS BitLocker recovery information#44
Schamper wants to merge 1 commit intomainfrom
fve-recovery-information

Conversation

@Schamper
Copy link
Member

@Schamper Schamper commented Feb 24, 2026

Adds parsing of FVE (BitLocker) recovery information. Currently depends on #39 to correctly iterate children objects.

@Schamper Schamper requested review from Copilot and joost-j February 24, 2026 21:26
Copilot AI reviewed Feb 24, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds support for parsing BitLocker (FVE) recovery information objects from NTDS and exposes them via the existing NTDS object model.

Changes:

  • Introduces a new MSFVERecoveryInformation NTDS object with convenience accessors for volume/recovery GUIDs, recovery password, and key package.
  • Adds Computer.fve_recovery_information() to enumerate msFVE-RecoveryInformation child objects for a computer.
  • Exports MSFVERecoveryInformation from the NTDS objects package.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File Description
dissect/database/ese/ntds/objects/msfve_recoveryinformation.py New object wrapper for msFVE-RecoveryInformation with attribute accessors and parent computer linkage.
dissect/database/ese/ntds/objects/computer.py Adds an iterator to yield BitLocker recovery info child objects for a computer.
dissect/database/ese/ntds/objects/__init__.py Registers/exports the new MSFVERecoveryInformation class.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@Schamper Schamper force-pushed the fve-recovery-information branch from 71cfcba to b4a462d Compare February 24, 2026 21:40
@codspeed-hq
Copy link

codspeed-hq bot commented Feb 24, 2026
edited
Loading

Merging this PR will not alter performance

✅ 6 untouched benchmarks

Comparing fve-recovery-information (b4a462d) with main (5422893)

Open in CodSpeed

@codecov
Copy link

codecov bot commented Feb 24, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 0% with 28 lines in your changes missing coverage. Please review.
✅ Project coverage is 0.00%. Comparing base (5422893) to head (b4a462d).

Files with missing lines Patch % Lines
...base/ese/ntds/objects/msfve_recoveryinformation.py 0.00% 22 Missing ⚠️
dissect/database/ese/ntds/objects/computer.py 0.00% 5 Missing ⚠️
dissect/database/ese/ntds/objects/__init__.py 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@          Coverage Diff          @@
##            main     #44   +/-   ##
=====================================
  Coverage   0.00%   0.00%           
=====================================
  Files        151     152    +1     
  Lines       4163    4191   +28     
=====================================
- Misses      4163    4191   +28
Flag Coverage Δ
unittests 0.00% <0.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@joost-j joost-j Awaiting requested review from joost-j

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Schamper