def main():
p = ArgumentParser()
p.add_argument("-c",
"--csv",
help="Present results in CSV format",
action="store_true")
p.add_argument("-d",
"--directory",
help="Parse all PF files in a given directory")
p.add_argument("-e",
"--executed",
help="Sort PF files by ALL execution times")
p.add_argument("-f", "--file", help="Parse a given Prefetch file")
args = p.parse_args()
if args.file:
if args.file.endswith(".pf"):
if os.path.getsize(args.file) > 0:
try:
p = Prefetch(args.file)
except Exception, e:
print "[ - ] {}".format(e)
sys.exit("[ - ] {} could not be parsed".format(args.file))
if args.csv:
print "Last Executed, Executable Name, Run Count"
print "{}, {}-{}, {}".format(p.timestamps[0],
p.executableName, p.hash,
p.runCount)
else:
p.prettyPrint()
else:
print "[ - ] {}: Zero byte Prefetch file".format(args.file)
def main():
p = ArgumentParser()
p.add_argument("-c", "--csv", help="Present results in CSV format", action="store_true")
p.add_argument("-d", "--directory", help="Parse all PF files in a given directory")
p.add_argument("-e", "--executed", help="Sort PF files by ALL execution times")
p.add_argument("-f", "--file", help="Parse a given Prefetch file")
args = p.parse_args()
if args.file:
if args.file.endswith(".pf"):
if os.path.getsize(args.file) > 0:
try:
p = Prefetch(args.file)
except Exception, e:
print "[ - ] {}".format(e)
sys.exit("[ - ] {} could not be parsed".format(args.file))
if args.csv:
print "Last Executed, Executable Name, Run Count"
print "{}, {}-{}, {}".format(p.timestamps[0], p.executableName, p.hash, p.runCount)
else:
p.prettyPrint()
else:
print "[ - ] {}: Zero byte Prefetch file".format(args.file)
def main():
p = ArgumentParser()
p.add_argument("-c",
"--csv",
help="Present results in CSV format",
action="store_true")
p.add_argument("-d",
"--directory",
help="Parse all PF files in a given directory")
p.add_argument("-e",
"--executed",
help="Sort PF files by ALL execution times")
p.add_argument("-f", "--file", help="Parse a given Prefetch file")
args = p.parse_args()
if args.file:
if args.file.endswith(".pf"):
if os.path.getsize(args.file) > 0:
try:
p = Prefetch(args.file)
except Exception as e:
print("[ - ] {}".format(e))
sys.exit("[ - ] {} could not be parsed".format(args.file))
if args.csv:
print("Last Executed, Executable Name, Run Count")
print("{}, {}-{}, {}".format(p.timestamps[0],
p.executableName, p.hash,
p.runCount))
else:
p.prettyPrint()
else:
print("[ - ] {}: Zero byte Prefetch file".format(args.file))
elif args.directory:
if not (args.directory.endswith("/") or args.directory.endswith("\\")):
sys.exit(
"\n[ - ] When enumerating a directory, add a trailing slash\n")
if os.path.isdir(args.directory):
if args.csv:
print(
"Last Executed, MFT Seq Number, MFT Record Number, Executable Name, Run Count"
)
for i in os.listdir(args.directory):
if i.endswith(".pf"):
if os.path.getsize(args.directory + i) > 0:
try:
p = Prefetch(args.directory + i)
except Exception as e:
print("[ - ] {} could not be parsed".format(i))
print("{},{},{},{},{}".format(
p.timestamps[0], p.mftSeqNumber,
p.mftRecordNumber, p.executableName,
p.runCount))
else:
print(
"[ - ] {}: Zero-byte Prefetch File".format(i))
else:
continue
else:
for i in os.listdir(args.directory):
if i.endswith(".pf"):
if os.path.getsize(args.directory + i):
try:
p = Prefetch(args.directory + i)
p.prettyPrint()
except Exception as e:
print("[ - ] {} could not be parsed".format(i))
else:
print("[ - ] Zero-byte Prefetch file")
elif args.executed:
print("Execution Time, File Executed")
for i in sortTimestamps(args.executed):
print("{}, {}".format(convertTimestamp(i[0]), i[1]))
