def main(): if (len(sys.argv) == 1): dsz.ui.Echo('====================================') dsz.ui.Echo('= Getting a list of prefetch files =') dsz.ui.Echo('====================================') prefetch = getpretchfiles('c:\\windows\\prefetch') pprint(prefetch, header=['Index', 'Name', 'Size', 'Created', 'Modified', 'Accessed'], dictorder=['index', 'name', 'size', 'created', 'modified', 'accessed']) dsz.ui.Echo('Found the above files in the prefetch, please select which you would like to pull and parse', dsz.GOOD) wantlist = getlist(prefetch) shortparse = [] for file in wantlist: localfile = getfile(file) file['localfile'] = localfile data = readfile(localfile) good_data = {'index': file['index'], 'name': file['name'], 'bytes': data['prefetchfilelength'], 'runs': data['numexec'], 'last': data['lastexectimestamp'], 'localfile': file['localfile'], 'sectionc': data['sectionc'], 'sectiond': data['sectiond']} shortparse.append(good_data) print '' dsz.ui.Echo('====================================') dsz.ui.Echo('=========== Short Parse ============') dsz.ui.Echo('====================================') pprint(shortparse, header=['Index', 'Name', 'Byte Length', 'Number of Runs', 'Last Execute Time'], dictorder=['index', 'name', 'bytes', 'runs', 'last']) dsz.ui.Echo('Of the files you pulled back, which would you like to see the called files?', dsz.GOOD) parselist = getlist(shortparse) print '' for file in parselist: bannerstring = ('================ %s ====================' % file['name']) bannercap = ('=' * len(bannerstring)) dsz.ui.Echo(bannercap, dsz.GOOD) dsz.ui.Echo(bannerstring, dsz.GOOD) dsz.ui.Echo(bannercap, dsz.GOOD) dsz.ui.Echo('Files Accessed:') for dll in file['sectionc']: dsz.ui.Echo(('\t\t%s' % ops.utf8(dll))) dsz.ui.Echo('\\Volumes Accessed:') for sectiond in file['sectiond']: dsz.ui.Echo(('\tVolume Label: %s' % sectiond['vollabel'])) dsz.ui.Echo(('\tVolume Serial: %s' % sectiond['volserial'])) dsz.ui.Echo(('\tAccess timestamp: %s' % sectiond['accesstimestamp'])) dsz.ui.Echo('\tDirectories Accessed:') for directory in sectiond['subsec2']: dsz.ui.Echo(('\t\t%s' % ops.utf8(directory[1]))) else: prefetchFile = sys.argv[1] data = readfile(prefetchFile) good_data = [{'bytes': data['prefetchfilelength'], 'runs': data['numexec'], 'last': data['lastexectimestamp'], 'sectionc': data['sectionc'], 'sectiond': data['sectiond']}] pprint(good_data, header=['Byte Length', 'Number of Runs', 'Last Execute Time'], dictorder=['bytes', 'runs', 'last']) dsz.ui.Echo('Files Accessed:') for dll in data['sectionc']: dsz.ui.Echo(('\t\t%s' % ops.utf8(dll))) dsz.ui.Echo('\\Volumes Accessed:') for sectiond in data['sectiond']: dsz.ui.Echo(('\tVolume Label: %s' % sectiond['vollabel'])) dsz.ui.Echo(('\tVolume Serial: %s' % sectiond['volserial'])) dsz.ui.Echo(('\tAccess timestamp: %s' % sectiond['accesstimestamp'])) dsz.ui.Echo('\tDirectories Accessed:') for directory in sectiond['subsec2']: dsz.ui.Echo(('\t\t%s' % ops.utf8(directory[1])))
def runCmd(cmd, show=False): if show: dsz.control.echo.On() else: dsz.control.echo.Off() (suc, cmdid) = dsz.cmd.RunEx(ops.utf8(cmd), dsz.RUN_FLAG_RECORD) if show: dsz.control.echo.Off() else: dsz.control.echo.On() return (suc, cmdid)
def __str__(self): cmdstr = '' for prefix in self.prefixes: cmdstr += ('%s ' % prefix) cmdstr += ('%s ' % self.plugin) for arg in self.arglist: cmdstr += ('%s ' % arg) for optkey in self.optdict: if (type(self.optdict[optkey]) == bool): if (self.optdict[optkey] == True): cmdstr += ('-%s ' % optkey) elif (self.optdict[optkey] is not None): cmdstr += ('-%s %s ' % (optkey, self.optdict[optkey])) return ops.utf8(cmdstr)
def main(): if (len(sys.argv) == 1): dsz.ui.Echo('====================================') dsz.ui.Echo('= Getting a list of prefetch files =') dsz.ui.Echo('====================================') prefetch = getpretchfiles('c:\\windows\\prefetch') pprint(prefetch, header=[ 'Index', 'Name', 'Size', 'Created', 'Modified', 'Accessed' ], dictorder=[ 'index', 'name', 'size', 'created', 'modified', 'accessed' ]) dsz.ui.Echo( 'Found the above files in the prefetch, please select which you would like to pull and parse', dsz.GOOD) wantlist = getlist(prefetch) shortparse = [] for file in wantlist: localfile = getfile(file) file['localfile'] = localfile data = readfile(localfile) good_data = { 'index': file['index'], 'name': file['name'], 'bytes': data['prefetchfilelength'], 'runs': data['numexec'], 'last': data['lastexectimestamp'], 'localfile': file['localfile'], 'sectionc': data['sectionc'], 'sectiond': data['sectiond'] } shortparse.append(good_data) print '' dsz.ui.Echo('====================================') dsz.ui.Echo('=========== Short Parse ============') dsz.ui.Echo('====================================') pprint(shortparse, header=[ 'Index', 'Name', 'Byte Length', 'Number of Runs', 'Last Execute Time' ], dictorder=['index', 'name', 'bytes', 'runs', 'last']) dsz.ui.Echo( 'Of the files you pulled back, which would you like to see the called files?', dsz.GOOD) parselist = getlist(shortparse) print '' for file in parselist: bannerstring = ('================ %s ====================' % file['name']) bannercap = ('=' * len(bannerstring)) dsz.ui.Echo(bannercap, dsz.GOOD) dsz.ui.Echo(bannerstring, dsz.GOOD) dsz.ui.Echo(bannercap, dsz.GOOD) dsz.ui.Echo('Files Accessed:') for dll in file['sectionc']: dsz.ui.Echo(('\t\t%s' % ops.utf8(dll))) dsz.ui.Echo('\\Volumes Accessed:') for sectiond in file['sectiond']: dsz.ui.Echo(('\tVolume Label: %s' % sectiond['vollabel'])) dsz.ui.Echo(('\tVolume Serial: %s' % sectiond['volserial'])) dsz.ui.Echo( ('\tAccess timestamp: %s' % sectiond['accesstimestamp'])) dsz.ui.Echo('\tDirectories Accessed:') for directory in sectiond['subsec2']: dsz.ui.Echo(('\t\t%s' % ops.utf8(directory[1]))) else: prefetchFile = sys.argv[1] data = readfile(prefetchFile) good_data = [{ 'bytes': data['prefetchfilelength'], 'runs': data['numexec'], 'last': data['lastexectimestamp'], 'sectionc': data['sectionc'], 'sectiond': data['sectiond'] }] pprint(good_data, header=['Byte Length', 'Number of Runs', 'Last Execute Time'], dictorder=['bytes', 'runs', 'last']) dsz.ui.Echo('Files Accessed:') for dll in data['sectionc']: dsz.ui.Echo(('\t\t%s' % ops.utf8(dll))) dsz.ui.Echo('\\Volumes Accessed:') for sectiond in data['sectiond']: dsz.ui.Echo(('\tVolume Label: %s' % sectiond['vollabel'])) dsz.ui.Echo(('\tVolume Serial: %s' % sectiond['volserial'])) dsz.ui.Echo( ('\tAccess timestamp: %s' % sectiond['accesstimestamp'])) dsz.ui.Echo('\tDirectories Accessed:') for directory in sectiond['subsec2']: dsz.ui.Echo(('\t\t%s' % ops.utf8(directory[1])))
def _statehash(fileitem): myhash = hashlib.md5() myhash.update(ops.utf8(('%s%s%s' % (fileitem.filetimes.modified.time, fileitem.dszparent.path, fileitem.name)))) return binascii.hexlify(myhash.digest())