if (EsedbTable_Record.get_value_data(Column_Number) == None): return Record_List.append('') else: return Record_List.append(str(EsedbTable_Record.get_value_data(Column_Number).decode('utf-16', 'ignore'))) elif (Column_Type == 17): #INTEGER_16BIT_UNSIGNED return Record_List.append(EsedbTable_Record.get_value_data_as_integer(Column_Number)) args = sys.argv[1:] File_To_Parse = args[0] SQLite_DB_Name = args[1] Table_Name = args[2] Begin_Record_Number = args[3] End_Record_Number = args[4] SQLitedb = SQLiteDb() SQLitedb.Open(SQLite_DB_Name) file_object = open(File_To_Parse, "rb") esedb_file = pyesedb.file() esedb_file.open_file_object(file_object) EsedbTable = esedb_file.get_table_by_name(Table_Name) print ("Inserting records into table ==> " + Table_Name) for i in range(int(Begin_Record_Number), int(End_Record_Number)): SQL_Bind_Values = [] SQL_Statement_Table = 'Insert into ' + Table_Name + ' ' EsedbTable_Record = EsedbTable.get_record(i) EsedbTable_Num_Columns = EsedbTable.get_number_of_columns() Column_Name = EsedbTable_Record.get_column_name(0) SQL_Statement_Columns = SQLitedb.Check_SQL_Reserved_Word(Column_Name) SQL_Bind_Variables = SQLitedb.create_question_bind_variables(EsedbTable.get_number_of_columns()) Column_Type = EsedbTable_Record.get_column_type(0)
import sys import os from Database import SQLiteDb def removeChars(text): return ''.join([i if (ord(i) > 31 and ord(i) < 128) else '' for i in text]) args = sys.argv[1:] if len(args) != 2: print ("Wrong Parameters need 2, LevelDB directory and output csv file") exit() levelDbDir = args[0] outputFile = args[1] SQLitedb = SQLiteDb() SQLitedb.RemoveDB_File(outputFile + ".db3") SQLitedb.Open(outputFile + ".db3") SQLitedb.CreateTable("Leveldb", 'key text, value text, byte_key text, byte_value text') try: levelDb = leveldb.LevelDB(levelDbDir) try: print (levelDb.GetStats()) except: print ("No Stats") numRecords = 0 with open(outputFile + ".csv", 'w') as f:
interfaces = load_interfaces(SoftwareHive) interfaceIds = interfaces.keys() for interfaceId in interfaceIds: SQLitedb.InsertValues("interfaces", "L2ProfileId, ProfileName", '"'+ interfaceId + '", "' + interfaces[interfaceId] + '"') LUIDInterfacesIds = LUIDInterfaces.keys() for LUIDInterfacesId in LUIDInterfacesIds: SQLitedb.InsertValues("LUIDInterfaces", "LUID, LUIDName", '"'+ LUIDInterfacesId + '", "' + LUIDInterfaces[LUIDInterfacesId] + '"') args = sys.argv[1:] File_To_Parse = args[0] SoftwareHive = args[1] SQLite_DB_Name = args[2] SQLitedb = SQLiteDb() SQLitedb.RemoveDB_File(SQLite_DB_Name) SQLitedb.Open(SQLite_DB_Name) getUserSids(SoftwareHive) getInterfaces(SoftwareHive) #print ("sids => " + str(sids)) #print ("interfaces => " + str(interfaces)) Parse_ESEDB_File(File_To_Parse) Populate_ESEDB_DB(File_To_Parse) #Post_Database_Processing() Add_Application_Userids() Create_Permanent_Tables()
fileMetricsTabName = "file_metrics" fileMetricsColumnNames = "Prefetch_file_name text, file_metric_number int, file_metric_path text, file_metric_name text" fileMetricsColumns = "Prefetch_file_name, file_metric_number, file_metric_path, file_metric_name" fileMetricsBindVals = "?, ?, ?, ?" fileTabName = "file_names" fileColumnNames = "Prefetch_file_name text, file_path text, file_name text" fileColumns = "Prefetch_file_name, file_path, file_name" fileBindVals = "?, ?, ?" args = sys.argv[1:] prefetchDirectory = args[0] SQLiteDbName = args[1] print('Prefetch Directory is ', str(prefetchDirectory)) print('DB file is ', SQLiteDbName) SQLitedb = SQLiteDb() SQLitedb.RemoveDB_File(SQLiteDbName) SQLitedb.Open(SQLiteDbName) SQLitedb.CreateTable(tableName, tableColumns) SQLitedb.CreateTable(fileMetricsTabName, fileMetricsColumnNames) SQLitedb.CreateTable(volumeTabName, volumeColumnNames) SQLitedb.CreateTable(fileTabName, fileColumnNames) for root, dirs, files in os.walk(prefetchDirectory): # print ("root = > " + str(root)) # print ("dirs = > " + str(dirs)) # print ("files = > " + str(files)) for file in files: if ".pf" in file: prefetchRecord = [] try: