-
Notifications
You must be signed in to change notification settings - Fork 4
/
carver.py
144 lines (133 loc) · 5.38 KB
/
carver.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
#!/usr/bin/python
################################################################################
# Alexander Leary, Scott Fenwick, Melissa Parker
# April 2013
#
# Main file for carving program
# Requires carver_files and carver_partitions carving actions
# All three files require carver_common for database related tasks
################################################################################
import sys
import re
import argparse
import carver_files
import carver_partitions
import carver_common
################################################################################
# Function: main_menu(image)
# Variables: image, choice, type, string, slice, start, stop
# Launches all program functions by looping through and getting user input
################################################################################
def main_menu(image):
while True:
choice = raw_input("\
\n\
1. Open Database \n\
2. Print Database Contents \n\
3. Search Files Database \n\
4. Carve File \n\
5. Carve Partition \n\
6. Exit \nSelection: ")
if re.match('^Populate|1$', choice, re.IGNORECASE):
while True:
choice = raw_input("\t\t1. New Database \n\t\t2. Existing Database \nSelection: ")
if re.match('^new|1$', choice, re.IGNORECASE):
db_info = carver_common.new_db(raw_input("Database Name? "))
carver_common.insert_list_db(db_info,image)
break
elif re.match('^old|existing|2$', choice, re.IGNORECASE):
db_info = carver_common.open_db(raw_input("Database Name? "))
break
else:
print "Bad Input"
elif re.match('^Print|2$', choice, re.IGNORECASE):
carver_files.query_files_table_db(db_info)
carver_partitions.query_partitions_table_db(db_info)
elif re.match('^Search|3$', choice, re.IGNORECASE):
while True:
type = raw_input("\tType of Search? \n\t\t1. By Name \n\t\t2. By Disk Location \nSelection: ")
if re.match('^Name|1$', type, re.IGNORECASE):
carver_files.query_name_db(db_info, raw_input("\nString to search for? "))
break
elif re.match('^Inode|2$', type, re.IGNORECASE):
carver_files.query_inode_db(db_info, raw_input("\nString to search for? "))
break
else:
print "Bad Input"
elif re.match('^File|4$', choice, re.IGNORECASE):
while True:
type = raw_input("\tCarve By: \n\t\t1. By Name \n\t\t2. By Location \n\t\t3. File Number \n\t\t4. Back \nSelection: ")
if re.match('^Name|1$', type, re.IGNORECASE):
string = raw_input("\nName to search for? ")
carver_files.query_name_db(db_info, string)
if re.match('^Yes|Y$', raw_input("\nContinue? "), re.IGNORECASE):
carver_files.carve_file(db_info, image, string)
break
elif re.match('^Inode|2$', type, re.IGNORECASE):
string = raw_input("\nDisk Location to search for? ")
carver_files.query_inode_db(db_info, string)
if re.match('^Yes|Y$', raw_input("\nContinue? "), re.IGNORECASE):
carver_files.carve_file(db_info, image, string)
break
elif re.match('^Number|3$', type, re.IGNORECASE):
string = raw_input("\nDB File Number to search for? ")
carver_files.query_file_number_db(db_info, string)
if re.match('^Yes|Y$', raw_input("\nContinue? "), re.IGNORECASE):
carver_files.carve_file(db_info, image, string)
break
elif re.match('^Back|4$', type, re.IGNORECASE):
break
else:
print "Bad Input"
elif re.match('^Partition|5$', choice, re.IGNORECASE):
carver_partitions.query_partitions_table_db(db_info)
while True:
slice = raw_input("\tCarve By: \n\t\t1. By Name \n\t\t2. By Sector \n\t\t3. Back \nSelection: ")
if re.match('^Name|1$', slice, re.IGNORECASE):
string = raw_input("\nPartition name? ")
carver_partitions.query_partition_name_db(db_info, string)
if re.match('^Yes|Y$', raw_input("\nContinue? "), re.IGNORECASE):
carver_partitions.carve_partition(db_info, image, string)
break
elif re.match('^Sector|2$', slice, re.IGNORECASE):
start = raw_input("\nStart Sector? ")
stop = raw_input("\nStop Sector? ")
carver_partitions.carve_partition(db_info, start, stop)
#query check input
break
elif re.match('^Back|3$', slice, re.IGNORECASE):
break
else:
print "Bad Input"
elif re.match('^Exit|6$', choice, re.IGNORECASE):
break
else:
print "Bad Input"
################################################################################
# Function: main()
# Variables: image, original_digest, final_digest
# Hashes original file, opens the main menu, the checks the file hasn't been
# altered in any way.
################################################################################
def main():
arguments = argparse.ArgumentParser()
arguments.add_argument('-n','--nohash', help='Disable Image Hashing', action='store_true', required=False)
arguments.add_argument('-i','--image', help='Pass Image Name', action="store", required=False)
arguments.set_defaults(n=False, nohash=False, i="", image="")
passed_arguments = arguments.parse_args()
if passed_arguments.image != "":
image = passed_arguments.image
else:
image = raw_input("\nImage Name? ")
if not passed_arguments.nohash:
original_digest = carver_common.hash_file(image)
main_menu(image)
if not passed_arguments.nohash:
final_digest = carver_common.hash_file(image)
if original_digest != final_digest:
print "\n\n\n Warning File Altered \n\n\n"
else:
print "File Unaltered"
return;
if __name__ == "__main__":
main()