def _ConfigureStorageMediaFileTest(self):
"""Configure a test against a storage media file.
Returns:
A front-end object (instance of PregFrontend).
"""
front_end = preg.PregFrontend()
front_end.SetSingleFile(False)
knowledge_base_object = knowledge_base.KnowledgeBase()
front_end.SetKnowledgeBase(knowledge_base_object)
storage_media_path = self._GetTestFilePath([u'registry_test.dd'])
test_source_scanner = source_scanner.SourceScanner()
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(storage_media_path)
test_source_scanner.Scan(scan_context)
# Getting the most upper node.
scan_node = scan_context.GetRootScanNode()
while scan_node.sub_nodes:
scan_node = scan_node.sub_nodes[0]
front_end.SetSourcePath(storage_media_path)
front_end.SetSourcePathSpecs([scan_node.path_spec])
return front_end
def __init__(self, input_reader=None, output_writer=None):
"""Initializes the CLI tool object.
Args:
input_reader (Optional[InputReader]): input reader, where None indicates
that the stdin input reader should be used.
output_writer (Optional[OutputWriter]): output writer, where None
indicates that the stdout output writer should be used.
"""
super(StorageMediaTool, self).__init__(input_reader=input_reader,
output_writer=output_writer)
self._custom_artifacts_path = None
self._artifact_definitions_path = None
self._artifact_filters = None
self._credentials = []
self._credential_configurations = []
self._filter_file = None
self._partitions = None
self._process_vss = False
self._source_scanner = source_scanner.SourceScanner()
self._source_path = None
self._source_path_specs = []
self._textwrapper = textwrap.TextWrapper()
self._user_selected_vss_stores = False
self._volumes = None
self._vss_only = False
self._vss_stores = None
def Read(self, input_path):
"""
Read disk image from a provided input path.
:param input_path: Path to the disk image.
:type input_path: ``str``
"""
self._source_scanner = source_scanner.SourceScanner()
base_path_specs = self._GetBasePathSpecs(input_path.decode('utf-8'))
self._Extract(base_path_specs)
def __init__(self, source=None, settings=[], interactive=True):
"""Initializes the dfvfs util object."""
super(DfvfsUtil, self).__init__()
self._source_scanner = source_scanner.SourceScanner()
self.settings = settings
self.env = jinja2.Environment()
self.env.filters['datetime'] = self.format_datetime
#filters['datetime'] = self.format_datetime
if source:
self.base_path_specs = self.get_base_pathspecs(source, interactive)
def __init__(self, mediator=None):
"""Initializes a volume scanner.
Args:
mediator (Optional[VolumeScannerMediator]): a volume scanner mediator.
"""
super(VolumeScanner, self).__init__()
self._mediator = mediator
self._source_path = None
self._source_scanner = source_scanner.SourceScanner()
self._source_type = None
def __init__(self, auto_recurse=True):
"""Initializes a source analyzer.
Args:
auto_recurse (Optional[bool]): True if the scan should automatically
recurse as far as possible.
"""
super(SourceAnalyzer, self).__init__()
self._auto_recurse = auto_recurse
self._encode_errors = 'strict'
self._preferred_encoding = locale.getpreferredencoding()
self._source_scanner = source_scanner.SourceScanner()
def __init__(self, mediator=None):
"""Initializes the scanner object.
Args:
mediator: a volume scanner mediator (instance of
VolumeScannerMediator) or None.
"""
super(VolumeScanner, self).__init__()
self._mediator = mediator
self._source_path = None
self._source_scanner = source_scanner.SourceScanner()
self._source_type = None
self._vss_stores = None
def __init__(self, auto_recurse=True):
"""Initializes the source analyzer object.
Args:
auto_recurse: optional boolean value to indicate if the scan should
automatically recurse as far as possible. The default
is True.
"""
super(SourceAnalyzer, self).__init__()
self._auto_recurse = auto_recurse
self._encode_errors = u'strict'
self._preferred_encoding = locale.getpreferredencoding()
self._source_scanner = source_scanner.SourceScanner()
def __init__(self):
"""Initializes the front-end object."""
# TODO: remove the need to pass input_reader and output_writer.
input_reader = frontend.StdinFrontendInputReader()
output_writer = frontend.StdoutFrontendOutputWriter()
super(StorageMediaFrontend, self).__init__(input_reader, output_writer)
self._resolver_context = context.Context()
self._scan_context = source_scanner.SourceScannerContext()
self._source_path = None
self._source_scanner = source_scanner.SourceScanner()
# TODO: move this into a source handler to support multiple sources.
self.partition_offset = None
self.process_vss = True
self.vss_stores = None
def __init__(self, input_reader, output_writer):
"""Initializes the front-end object.
Args:
input_reader: the input reader (instance of FrontendInputReader).
The default is None which indicates to use the stdin
input reader.
output_writer: the output writer (instance of FrontendOutputWriter).
The default is None which indicates to use the stdout
output writer.
"""
super(StorageMediaFrontend, self).__init__(input_reader, output_writer)
self._partition_offset = None
self._process_vss = True
self._resolver_context = context.Context()
self._scan_context = source_scanner.SourceScannerContext()
self._source_path = None
self._source_scanner = source_scanner.SourceScanner()
self._vss_stores = None
def __init__(self, input_reader=None, output_writer=None):
"""Initializes the CLI tool object.
Args:
input_reader (Optional[InputReader]): input reader, where None indicates
that the stdin input reader should be used.
output_writer (Optional[OutputWriter]): output writer, where None
indicates that the stdout output writer should be used.
"""
super(StorageMediaTool, self).__init__(input_reader=input_reader,
output_writer=output_writer)
self._credentials = []
self._filter_file = None
self._partitions = None
self._partition_offset = None
self._process_vss = False
self._source_scanner = source_scanner.SourceScanner()
self._source_path = None
self._source_path_specs = []
self._vss_only = False
self._vss_stores = None
def EnumerateEvidenceSource(self,filename):
evidenceContainer = EvidenceContainer()
evidenceContainer.OpenSourcePath(filename)
match = re.match(r"^\\\\\.\\([a-zA-Z])\:$",filename)
if match:
os_path_spec = path_spec_factory.Factory.NewPathSpec(
definitions.TYPE_INDICATOR_OS,
location=filename
)
logical_path_spec = path_spec_factory.Factory.NewPathSpec(
definitions.TYPE_INDICATOR_TSK,
location=u'/',
parent=os_path_spec
)
scan_path_spec = logical_path_spec
else:
scan_path_spec = None
_source_scanner = source_scanner.SourceScanner()
_source_scanner.Scan(
evidenceContainer,
auto_recurse=True,
scan_path_spec=scan_path_spec
)
if match:
evidenceContainer.AddScanNode(
logical_path_spec,
evidenceContainer.GetRootScanNode()
)
_root_node = evidenceContainer.GetRootScanNode()
root = self.mainFrame.tree_fs.GetRootItem()
evidenceContainer._EnumerateTree(
self.mainFrame.tree_fs,
root
)
def __init__(self, input_reader=None, output_writer=None):
"""Initializes the CLI tool object.
Args:
input_reader: the input reader (instance of InputReader).
The default is None which indicates the use of the stdin
input reader.
output_writer: the output writer (instance of OutputWriter).
The default is None which indicates the use of the stdout
output writer.
"""
super(StorageMediaTool, self).__init__(input_reader=input_reader,
output_writer=output_writer)
self._credentials = []
self._filter_file = None
# TODO: refactor to partitions.
self._partition_string = None
self._partition_offset = None
self._process_vss = False
self._source_scanner = source_scanner.SourceScanner()
self._source_path = None
self._source_path_specs = []
self._vss_stores = None
def __init__(self, input_reader=None, output_writer=None):
super(StorageMediaTool, self).__init__(input_reader=input_reader,
output_writer=output_writer)
self._custom_artifacts_path = None
self._artifact_definitions_path = None
self._source_scanner = source_scanner.SourceScanner()
self._source_path_specs = []
self._storage_file_path = None
self._credentials = []
config = configparser.ConfigParser()
conf_file = os.path.dirname(os.path.dirname(os.path.abspath(
__file__))) + os.sep + 'config' + os.sep + 'carpe.conf'
if not os.path.exists(conf_file):
raise Exception('%s file does not exist.\n' % conf_file)
config.read(conf_file)
root_storage_path = config.get('paths', 'root_storage_path')
root_tmp_path = config.get('paths', 'root_tmp_path')
self._root_storage_path = root_storage_path
self._root_tmp_path = root_tmp_path
self._partition_list = {}
self._partitions = None
self._volumes = None
self._process_vss = False
self._vss_only = False
self._vss_stores = None
self.standalone_check = None
self.signature_check = None
self._signature_tool = signature_tool.SignatureTool()
self._rds = None
self._rds_set = None
def _ConfigureStorageMediaFileTest(self):
"""Configures a test against a storage media file.
Returns:
PregTool: preg tool.
"""
storage_media_path = self._GetTestFilePath(['registry_test.dd'])
test_source_scanner = source_scanner.SourceScanner()
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(storage_media_path)
test_source_scanner.Scan(scan_context)
# Getting the most upper node.
scan_node = scan_context.GetRootScanNode()
while scan_node.sub_nodes:
scan_node = scan_node.sub_nodes[0]
test_tool = preg_tool.PregTool()
test_tool._single_file = False
test_tool._source_path = storage_media_path
test_tool._source_path_specs = [scan_node.path_spec]
test_tool.knowledge_base_object = knowledge_base.KnowledgeBase()
return test_tool
def __init__(self):
"""Initializes the recursive hasher object."""
super(RecursiveHasher, self).__init__()
self._source_scanner = source_scanner.SourceScanner()
def setUp(self): """Sets up the needed objects used throughout the test.""" self._source_scanner = source_scanner.SourceScanner()
def __init__(self):
super(DiskScanner, self).__init__()
self._source_scanner = source_scanner.SourceScanner()
self.base_path_specs = None
self.prefix = 'p'