def __init__(self, args):
self.artifact_registry = Registry()
self.artifact_registry.read_folder(args.artifacts_path)
if not self.artifact_registry.artifacts:
LOGGER.warning("Could not read any artifact definition from %s",
args.artifacts_path)
self.args = args
def __init__(self, args):
self.artifact_registry = Registry()
self.artifact_registry.read_folder(args.artifacts_path)
if not self.artifact_registry.artifacts:
LOGGER.warning("Could not read any artifact definition from %s", args.artifacts_path)
artifact_names = list([a.name for a in self.artifact_registry.artifacts.values()])
artifact_names.sort()
self.args = args
class ArtifactExtractionCommand:
# pylint: disable=too-few-public-methods
def __init__(self, args):
self.artifact_registry = Registry()
self.artifact_registry.read_folder(args.artifacts_path)
if not self.artifact_registry.artifacts:
LOGGER.warning("Could not read any artifact definition from %s",
args.artifacts_path)
self.args = args
def run(self):
# do we have a key list for decryption?
encryption_keys = []
if self.args.keyfile:
try:
with open(self.args.keyfile, 'r') as keyfile:
encryption_keys = encryption_handlers.read_key_list(
keyfile)
except OSError as err:
LOGGER.error("Could not open key file: %s", err.strerror)
extractor = None
store_file = self.args.output_store
print("Using output forensicstore:", store_file)
store = forensicstore.open(store_file)
try:
handler = encryption_handlers.ConsoleEncryptionHandler(
encryption_keys)
extractor = ArtifactExtractor(self.args.input_evidence, store,
self.artifact_registry, handler,
self.args.zip_mode)
to_extract = [
a.strip() for a in self.args.artifact_names.split(',')
]
for artifact in to_extract:
print("Extract %s" % artifact)
extractor.extract_artifact(artifact)
except Exception as error:
LOGGER.exception("Uncaught exception during job: %s", error)
finally:
store.close()
if extractor:
extractor.clean_up()
class ArtifactExtractionCommand:
# pylint: disable=too-few-public-methods
def __init__(self, args):
self.artifact_registry = Registry()
self.artifact_registry.read_folder(args.artifacts_path)
if not self.artifact_registry.artifacts:
LOGGER.warning("Could not read any artifact definition from %s", args.artifacts_path)
artifact_names = list([a.name for a in self.artifact_registry.artifacts.values()])
artifact_names.sort()
self.args = args
def run(self):
# create output evidence folder using pyfs
# os.makedirs(self.args.output_dir, exist_ok=True)
# do we have a key list for decryption?
encryption_keys = []
if self.args.keyfile:
with open(self.args.keyfile, 'r') as keyfile:
encryption_keys = encryption_handlers.read_key_list(keyfile)
extractor = None
try:
handler = encryption_handlers.ConsoleEncryptionHandler(encryption_keys)
in_evidence = [self.args.input_evidence] # f for f in self.args.input_evidence if f]
in_files = []
for f in in_evidence:
for root, dirs, files in os.walk(f):
for name in files:
in_files.append(os.path.join(root, name))
for store in self.args.forensicstores:
extractor = ArtifactExtractor(in_files, os.path.join(self.args.output_dir, os.path.basename(store)),
self.artifact_registry, handler)
for artifact in self.args.artifact_names:
print("Extract %s" % artifact)
extractor.extract_artifact(artifact)
except Exception as error:
LOGGER.exception("Uncaught exception during job: %s", error)
finally:
if extractor:
extractor.clean_up()