Example #1
0
def main():
    args_parser = argparse.ArgumentParser(description="Tests get_version.")

    options = args_parser.parse_args()

    try:
        pyewf.get_version()
    except Exception:
        return False

    return True
Example #2
0
def main():
  args_parser = argparse.ArgumentParser(
      description="Tests get_version.")

  options = args_parser.parse_args()

  try:
    pyewf.get_version()
  except Exception:
    return False

  return True
Example #3
0
def LogLibraryVersions(log):
    '''Log the versions of libraries used'''
    log.info('Python version = {}'.format(sys.version))
    log.info('Pytsk  version = {}'.format(pytsk3.get_version()))
    log.info('Pyewf  version = {}'.format(pyewf.get_version()))
    log.info('Pyvmdk version = {}'.format(pyvmdk.get_version()))
    log.info('PyAFF4 version = {}'.format(
        pyaff4._version.raw_versions()['version']))
Example #4
0
#

__author__ = "Joachim Metz"
__version__ = "20110104"
__date__ = "Jan 4, 2011"
__copyright__ = "Copyright (c) 2006-2012, Joachim Metz <*****@*****.**>"
__license__ = "GNU LGPL version 3"

import sys
import pyewf

# ----------------------------------------------------------------------------
# Main
# ----------------------------------------------------------------------------

print "glob.py " + __version__ + " (libewf " + pyewf.get_version() + ")\n"

argc = len(sys.argv)

if argc != 2:
    print "Usage: glob.py filename\n"

    sys.exit(1)

try:
    filenames = pyewf.glob(sys.argv[1])

except:
    print "Unable to glob filename(s)\n"
    print sys.exc_info()[1]
Example #5
0
def LogLibraryVersions(log):
    '''Log the versions of libraries used'''
    log.info('Pytsk version = {}'.format(pytsk3.get_version()))
    log.info('Pyewf version = {}'.format(pyewf.get_version()))
    log.info('Pyvmdk version= {}'.format(pyvmdk.get_version()))
Example #6
0
#

__author__    = "Joachim Metz"
__version__   = "20110104"
__date__      = "Jan 4, 2011"
__copyright__ = "Copyright (c) 2006-2012, Joachim Metz <*****@*****.**>"
__license__   = "GNU LGPL version 3"

import sys
import pyewf

# ----------------------------------------------------------------------------
# Main
# ----------------------------------------------------------------------------

print "metadata.py " + __version__ + " (libewf " + pyewf.get_version() + ")\n"

argc = len( sys.argv )

if argc < 2:
	print "Usage: metadata.py filename(s)\n"

	sys.exit( 1 )

if argc == 2:
	try:
		filenames = pyewf.glob(
		             sys.argv[ 1 ] )

	except:
		print "Unable to glob filename(s)\n"
Example #7
0
#

__author__    = "Joachim Metz"
__version__   = "20130120"
__date__      = "Jan 20, 2013"
__copyright__ = "Copyright (c) 2006-2013, Joachim Metz <*****@*****.**>"
__license__   = "GNU LGPL version 3"

import sys
import pyewf

# ----------------------------------------------------------------------------
# Main
# ----------------------------------------------------------------------------

print "glob.py " + __version__ + " (libewf " + pyewf.get_version() + ")\n"

argc = len( sys.argv )

if argc != 2:
	print "Usage: glob.py filename\n"

	sys.exit( 1 )

try:
	filenames = pyewf.glob(
	             sys.argv[ 1 ] )

except:
	print "Unable to glob filename(s)\n"
	print sys.exc_info()[ 1 ]
Example #8
0
def main():

    # commands and arguments
    # argparse https://docs.python.org/3/library/argparse.html#module-argparse
    parser = ArgumentParser(description="Extract the file slack spaces.")
    parser.add_argument("image", metavar="disk image", nargs=1, action="store")
    parser.add_argument(
        "-e",
        "--encoding",
        default="",
        help=
        "Display slack space in LATIN-1 or Hex. Supported options 'latin-1', 'hex'.",
    )
    parser.add_argument(
        "-t",
        "--type",
        required=True,
        help=
        "Type of the disk image. Currently supported options 'raw' and 'ewf'.",
    )
    parser.add_argument(
        "-p",
        "--pprint",
        action="store_true",
        help="Pretty print all found file slack spaces.",
    )

    # create a temporary dir for slacks
    tmpdir = tempfile.TemporaryDirectory(prefix="slacks_")
    parser.add_argument(
        "-d",
        "--dump",
        action="store",
        default=tmpdir.name,
        help=
        "Dump file slack spaces of each file in raw format to a directory if specified, by default temporary dir.",
    )
    parser.add_argument(
        "-c",
        "--csv",
        action="store",
        default=None,
        help="Write file slacks information to a CSV file.",
    )
    parser.add_argument(
        "-v",
        "--verbose",
        action="store_true",
        default=False,
        help="Control the verbosity of the output.",
    )
    parser.add_argument("--version", action="version", version="v0.2.10")

    global arguments
    arguments = parser.parse_args()

    global all_slacks
    all_slacks = []

    if arguments.image is not None:
        CWD = Path().cwd()
        if not CWD.joinpath(arguments.image[0]).exists():
            print(
                f"The disk image '{arguments.image[0]}' is not found.",
                file=sys.stderr,
            )
            sys.exit(1)

        # print versions
    print("SleuthKit lib version:", pytsk3.TSK_VERSION_STR)
    print("Module pytsk3 version:", pytsk3.get_version())
    print("Module pyewf version:", pyewf.get_version())

    # open image
    if arguments.image is not None:
        if arguments.type == "raw":
            img_handler = pytsk3.Img_Info(arguments.image[0])
        elif arguments.type == "ewf":
            print(arguments.image)
            ewf_handle = pyewf.handle()
            filenames = pyewf.glob(arguments.image[0])
            ewf_handle.open(filenames)
            img_handler = ewf.ewf_Img_Info(ewf_handle)
        elif arguments.type == "aff":
            print("Not Supported Yet ! ", file=sys.stderr)
            sys.exit(1)
        elif arguments.type not in ["raw", "ewf"]:
            print("Not Supported Yet ! Only 'raw' and 'ewf'. ",
                  file=sys.stderr)
            sys.exit(1)

        # open the image volume for the partitions within it
    try:
        partition_table = pytsk3.Volume_Info(img_handler)
        print_partition_table(partition_table)
    except OSError as e:
        # there is no Volume in the image.
        print(
            "Maybe there is no Volume in the provided disk image.\n",
            e,
            file=sys.stderr,
        )
    else:
        for partition in partition_table:
            if b"NTFS" in partition.desc:
                # open the filesystem with offset set to the absolute offset of
                # the beginning of the NTFS partition.
                fs = pytsk3.FS_Info(img_handler,
                                    offset=(partition.start * 512))

                #  The Cluster Size (blocksize) can be chosen when the volume is formatted.
                global blocksize
                blocksize = fs.info.block_size
                print("NTFS Cluster size: ", blocksize, "in bytes.")

                # get the sector size
                global sector
                sector = fs.info.dev_bsize
                print("NTFS Sector size: ", sector, "in bytes.\n")
                # open the directory node for recursiveness and enqueue all
                # directories in image fs from the root dir "/"
                queue_all_dirs = []
                directory = fs.open_dir(path="/")

                processing(
                    partition,
                    directory=directory,
                    queue=queue_all_dirs,
                    parent_names=["/"],
                )

        # pretty printing the all_slack files
    if arguments.pprint:
        pp = pprint.PrettyPrinter(indent=4)
        pp.pprint(all_slacks)

        # writing out file slack spaces into seperate files located in 'slacks' directory
    if arguments.dump:
        if arguments.verbose:
            print(
                f"{arguments.dump} is the temporary output dir for file slacks."
            )

        for s in all_slacks:
            CWD = Path().cwd()
            SLACKS_DIR = CWD.joinpath(arguments.dump)
            SLACKS_DIR.mkdir(exist_ok=True)
            file_slack_name = SLACKS_DIR.joinpath(s.get_s_name())
            file_slack_name.write_bytes(s.get_s_bytes())

        # print slack bytes with encoding 'latin-1', 'hex'.
    if arguments.encoding is not None:
        for s in all_slacks:
            s_bytes = s.get_s_bytes()
            if arguments.encoding == "latin-1":
                print(s_bytes.decode("latin-1"))
            elif arguments.encoding == "hex":
                print(s_bytes.hex())

    #  handle csv argument
    if arguments.csv is not None:
        csv_filename = arguments.csv
        if arguments.verbose:
            print(f"Writing CSV report to '{arguments.csv}'.")

        with open(csv_filename, "w", newline="") as csvfile:
            fieldnames = [
                "slack filename",
                "slack size",
                "partition address",
                "MD5",
                "SHA1",
                "parent dirs",
            ]
            writer = csv.DictWriter(csvfile, fieldnames=fieldnames)

            writer.writeheader()
            for s in all_slacks:
                writer.writerow({
                    "slack filename": s.get_s_name(),
                    "slack size": s.get_s_size(),
                    "partition address": s.get_s_partition_addr(),
                    "MD5": s.get_s_md5(),
                    "SHA1": s.get_s_sha1(),
                    "parent dirs": s.get_s_dirs(),
                })

    tmpdir.cleanup()
Example #9
0
 def test_get_version(self):
   """Tests the get_version function."""
   version = pyewf.get_version()
   self.assertIsNotNone(version)
Example #10
0
#

__author__    = "Joachim Metz"
__version__   = "20130126"
__date__      = "Jan 26, 2013"
__copyright__ = "Copyright (c) 2006-2012, Joachim Metz <*****@*****.**>"
__license__   = "GNU LGPL version 3"

import sys
import pyewf

# ----------------------------------------------------------------------------
# Main
# ----------------------------------------------------------------------------

print "open_close.py " + __version__ + " (libewf " + pyewf.get_version() + ")\n"

argc = len( sys.argv )

if argc < 2:
	print "Usage: open_close.py filename(s)\n"

	sys.exit( 1 )

filenames = sys.argv[ 1: ]

handle = pyewf.handle();

if handle == None:
	print "Missing handle object\n"
Example #11
0
			sub_file_entry = file_entry.get_sub_file_entry( sub_file_entry_index )

		except:
			print "Unable to retrieve number of file entry: " + sub_file_entry_index + "\n"
			print sys.exc_info()[ 1 ]

			sys.exit( 1 )

		print_file_entry( sub_file_entry )


# ----------------------------------------------------------------------------
# Main
# ----------------------------------------------------------------------------

print "file_entries.py " + __version__ + " (libewf " + pyewf.get_version() + ")\n"

argc = len( sys.argv )

if argc < 2:
	print "Usage: file_entries.py filename(s)\n"

	sys.exit( 1 )

if argc == 2:
	try:
		filenames = pyewf.glob(
		             sys.argv[ 1 ] )

	except:
		print "Unable to glob filename(s)\n"
Example #12
0
 def test_get_version(self):
     """Tests the get_version function."""
     version = pyewf.get_version()
Example #13
0
#

__author__    = "Joachim Metz"
__version__   = "20110104"
__date__      = "Jan 4, 2011"
__copyright__ = "Copyright (c) 2010-2011, Joachim Metz <*****@*****.**>"
__license__   = "GNU LGPL version 3"

import sys
import pyewf

# ----------------------------------------------------------------------------
# Main
# ----------------------------------------------------------------------------

print "metadata.py " + __version__ + " (libewf " + pyewf.get_version() + ")\n"

argc = len( sys.argv )

if argc < 2:
	print "Usage: metadata.py filename(s)\n"

	sys.exit( 1 )

if argc == 2:
	try:
		filenames = pyewf.glob(
		             sys.argv[ 1 ] )

	except:
		print "Unable to glob filename(s)\n"
Example #14
0
 def test_get_version(self):
   """Tests the get_version function."""
   version = pyewf.get_version()