def run(self, evidence, result):
"""Task to execute hindsight."""
# Create the new Evidence object that will be generated by this Task.
output_evidence = TextFile()
# Create a path that we can write the new file to.
output_file_path = os.path.join(self.output_dir, 'hindsight_report')
output_evidence.local_path = output_file_path
# Create a path for the log file
hindsight_log = os.path.join(self.output_dir, 'hindsight.log')
cmd = [
'hindsight.py', '-i', evidence.local_path, '--format',
evidence.output_format, '--browser_type', evidence.browser_type,
'--output', output_file_path, '-l', hindsight_log
]
result.log('Running hindsight as [{0:s}]'.format(' '.join(cmd)))
self.execute(cmd,
result,
log_files=[hindsight_log],
new_evidence=[output_evidence],
close=True)
return result
def run(self, evidence, result):
"""Run strings binary.
Args:
evidence (Evidence object): The evidence we will process
result (TurbiniaTaskResult): The object to place task results into.
Returns:
TurbiniaTaskResult object.
"""
# Create the new Evidence object that will be generated by this Task.
output_evidence = TextFile()
# Create a path that we can write the new file to.
base_name = os.path.basename(evidence.local_path)
output_file_path = os.path.join(self.output_dir,
'{0:s}.uni'.format(base_name))
# Add the output path to the evidence so we can automatically save it
# later.
output_evidence.local_path = output_file_path
# Generate the command we want to run.
cmd = 'strings -a -t d -e l {0:s} > {1:s}'.format(
evidence.local_path, output_file_path)
# Add a log line to the result that will be returned.
result.log('Running strings as [{0:s}]'.format(cmd))
# Actually execute the binary
self.execute(cmd,
result,
new_evidence=[output_evidence],
close=True,
shell=True)
return result
def run(self, evidence, result):
"""Task to execute volatility."""
# Create the new Evidence object that will be generated by this Task.
output_evidence = TextFile()
# Create a path that we can write the new file to.
# base_name = os.path.basename(evidence.local_path)
output_file_path = os.path.join(self.output_dir,
'{0:s}.txt'.format(self.id))
output_evidence.local_path = output_file_path
# TODO: Add in config options for Turbinia
cmd = 'python2 /bin/vol -f {0:s} --profile={1:s} {2:s} \
--output=text --output-file={3:s}'.format(evidence.local_path,
evidence.profile,
self.module,
output_file_path)
result.log('Running vol as [{0:s}]'.format(cmd))
self.execute(cmd,
result,
new_evidence=[output_evidence],
close=True,
shell=True)
return result
class StringsJob(TurbiniaJob):
"""Strings collection Job.
This will generate a Unicode and ASCII string collection task for each piece
of evidence.
"""
# The types of evidence that this Job will process
evidence_input = [
type(RawDisk()),
type(GoogleCloudDisk()),
type(GoogleCloudDiskRawEmbedded())
]
evidence_output = [type(TextFile())]
def __init__(self):
super(StringsJob, self).__init__(name='StringsJob')
def create_tasks(self, evidence):
"""Create task for Strings.
Args:
evidence: List of evidence object to process
Returns:
A list of tasks to schedule.
"""
# Generate tasks for both types of Strings jobs
tasks = [StringsAsciiTask() for _ in evidence]
tasks.extend([StringsUnicodeTask() for _ in evidence])
return tasks
class GrepJob(TurbiniaJob):
"""Filter input based on regular expression patterns."""
# The types of evidence that this Job will process
evidence_input = [type(TextFile()), type(PlasoCsvFile())]
evidence_output = [type(FilteredTextFile())]
def __init__(self):
super(GrepJob, self).__init__(name='GrepJob')
def create_tasks(self, evidence):
"""Create task.
Args:
evidence: List of evidence object to process
Returns:
A list of tasks to schedule.
"""
tasks = [GrepTask() for _ in evidence]
return tasks