def main(options):
set_logger(options)
options['output_dir']=create_output_dir(options['output_dir'])
modules = factory.load_modules(options['packages'], options['output_dir'])
for m in modules:
classes = factory.load_classes(m, options['OS'], options['release'])
for cl in classes:
instance = cl(options)
if 'dump' in str(cl):
for m in options['dump'].split(','):
try:
if options['output_type'] in EXTRACT_DUMP[m]:
getattr(instance, EXTRACT_DUMP[m])()
except Exception:
options['logger'].error(traceback.format_exc())
continue
if 'intel' in str(cl):
for m in options['intel'].split(','):
try:
if options['output_type'] in EXTRACT_INTEL[m]:
print EXTRACT_INTEL[m]
getattr(instance,EXTRACT_INTEL[m])()
except Exception:
options['logger'].error(traceback.format_exc())
continue
for name, method in inspect.getmembers(cl, predicate=inspect.ismethod):
if not name.startswith('_'):
try:
if options['output_type'] in name:
getattr(instance, name)()
except Exception:
options['logger'].error(traceback.format_exc())
def main(param_options):
print r"""
______ _ _____ _____
| ____| | | |_ _| __ \
| |__ __ _ ___| |_ | | | |__) |
| __/ _` / __| __| | | | _ /
| | | (_| \__ \ |_ _| |_| | \ \
|_| \__,_|___/\__|_____|_| \_\
A forensic analysis tool
"""
import time
time.sleep(2)
# check administrative rights
if ctypes.windll.shell32.IsUserAnAdmin() == 0:
print "ERROR: FastIR Collector must run with administrative privileges\nPress ENTER to finish..."
sys.stdin.readline()
return 0
set_logger(param_options)
modules = factory.load_modules(param_options["packages"], param_options["output_dir"])
for m in modules:
classes = factory.load_classes(m, param_options["OS"], param_options["release"])
for cl in classes:
instance = cl(param_options)
if "dump" in str(cl):
for opt in param_options["dump"].split(","):
try:
if opt in EXTRACT_DUMP:
list_method = EXTRACT_DUMP[opt]
for method in list_method:
if method.startswith(param_options["output_type"]):
getattr(instance, method)()
except Exception:
param_options["logger"].error(traceback.format_exc())
continue
for name, method in inspect.getmembers(cl, predicate=inspect.ismethod):
if not name.startswith("_"):
try:
if param_options["output_type"] in name:
getattr(instance, name)()
except KeyboardInterrupt:
return 0
except Exception:
param_options["logger"].error(traceback.format_exc())
# Delete all shadow copies created during the acquisition process
_VSS._close_instances()
if "mount_letter" in param_options:
unmount_share(param_options["mount_letter"])
param_options['logger'].info('Check here %s for yours results' % os.path.abspath(param_options['output_dir']))
def main(param_options):
print r"""
______ _ _____ _____
| ____| | | |_ _| __ \
| |__ __ _ ___| |_ | | | |__) |
| __/ _` / __| __| | | | _ /
| | | (_| \__ \ |_ _| |_| | \ \
|_| \__,_|___/\__|_____|_| \_\
A forensic analysis tool
"""
import time
time.sleep(2)
# check administrative rights
if ctypes.windll.shell32.IsUserAnAdmin() == 0:
print "ERROR: FastIR Collector must run with administrative privileges\nPress ENTER to finish..."
sys.stdin.readline()
return 0
set_logger(param_options)
modules = factory.load_modules(param_options["packages"],
param_options["output_dir"])
for m in modules:
classes = factory.load_classes(m, param_options["OS"],
param_options["release"])
for cl in classes:
instance = cl(param_options)
if "dump" in str(cl):
for opt in param_options["dump"].split(","):
try:
if param_options["output_type"] in EXTRACT_DUMP[opt]:
getattr(instance, EXTRACT_DUMP[opt])()
except Exception:
param_options["logger"].error(traceback.format_exc())
continue
for name, method in inspect.getmembers(cl,
predicate=inspect.ismethod):
if not name.startswith("_"):
try:
if param_options["output_type"] in name:
getattr(instance, name)()
except KeyboardInterrupt:
return 0
except Exception:
param_options["logger"].error(traceback.format_exc())
# Delete all shadow copies created during the acquisition process
_VSS._close_instances()
if "output_share" in param_options:
unmount_share(param_options["mount_letter"])
def main(param_options):
print r"""
______ _ _____ _____
| ____| | | |_ _| __ \
| |__ __ _ ___| |_ | | | |__) |
| __/ _` / __| __| | | | _ /
| | | (_| \__ \ |_ _| |_| | \ \
|_| \__,_|___/\__|_____|_| \_\
A forensic analysis tool
"""
import time
time.sleep(2)
set_logger(param_options)
modules = factory.load_modules(param_options["packages"], param_options["output_dir"])
for m in modules:
classes = factory.load_classes(m, param_options["OS"], param_options["release"])
for cl in classes:
instance = cl(param_options)
if "dump" in str(cl):
for opt in param_options["dump"].split(","):
try:
if param_options["output_type"] in EXTRACT_DUMP[opt]:
getattr(instance, EXTRACT_DUMP[opt])()
except Exception:
param_options["logger"].error(traceback.format_exc())
continue
for name, method in inspect.getmembers(cl, predicate=inspect.ismethod):
if not name.startswith("_"):
try:
if param_options["output_type"] in name:
getattr(instance, name)()
except KeyboardInterrupt:
return 0
except Exception:
param_options["logger"].error(traceback.format_exc())
# Delete all shadow copies created during the acquisition process
_VSS._close_instances()
if "output_share" in param_options:
unmount_share(param_options["mount_letter"])
