def create_output_dir(output_dir, letter=None):
"""Creates 'output_dir' recursively"""
reg_env = re.compile("%([^%]*)%")
result = reg_env.match(output_dir)
if result:
env_var = result.group(1)
try:
output_dir = output_dir.replace("%" + env_var + "%",
os.environ[env_var])
except KeyError:
sys.stderr.write("Environment variable '%s' doesn't exist\n" %
env_var)
sys.stderr.write("'%s' doesn't exist\n" % output_dir)
unmount_share(letter)
sys.exit(1)
if letter:
output_dir = letter + os.path.sep + output_dir + os.path.sep + datetime.now(
).strftime("%Y-%m-%d_%H%M%S") + os.path.sep
else:
output_dir = output_dir + os.path.sep + datetime.now().strftime(
"%Y-%m-%d_%H%M%S") + os.path.sep
create_dir(output_dir)
return output_dir
def main(param_options):
print r"""
______ _ _____ _____
| ____| | | |_ _| __ \
| |__ __ _ ___| |_ | | | |__) |
| __/ _` / __| __| | | | _ /
| | | (_| \__ \ |_ _| |_| | \ \
|_| \__,_|___/\__|_____|_| \_\
A forensic analysis tool
"""
import time
time.sleep(2)
# check administrative rights
if ctypes.windll.shell32.IsUserAnAdmin() == 0:
print "ERROR: FastIR Collector must run with administrative privileges\nPress ENTER to finish..."
sys.stdin.readline()
return 0
set_logger(param_options)
modules = factory.load_modules(param_options["packages"], param_options["output_dir"])
for m in modules:
classes = factory.load_classes(m, param_options["OS"], param_options["release"])
for cl in classes:
instance = cl(param_options)
if "dump" in str(cl):
for opt in param_options["dump"].split(","):
try:
if opt in EXTRACT_DUMP:
list_method = EXTRACT_DUMP[opt]
for method in list_method:
if method.startswith(param_options["output_type"]):
getattr(instance, method)()
except Exception:
param_options["logger"].error(traceback.format_exc())
continue
for name, method in inspect.getmembers(cl, predicate=inspect.ismethod):
if not name.startswith("_"):
try:
if param_options["output_type"] in name:
getattr(instance, name)()
except KeyboardInterrupt:
return 0
except Exception:
param_options["logger"].error(traceback.format_exc())
# Delete all shadow copies created during the acquisition process
_VSS._close_instances()
if "mount_letter" in param_options:
unmount_share(param_options["mount_letter"])
param_options['logger'].info('Check here %s for yours results' % os.path.abspath(param_options['output_dir']))
def main(param_options):
print r"""
______ _ _____ _____
| ____| | | |_ _| __ \
| |__ __ _ ___| |_ | | | |__) |
| __/ _` / __| __| | | | _ /
| | | (_| \__ \ |_ _| |_| | \ \
|_| \__,_|___/\__|_____|_| \_\
A forensic analysis tool
"""
import time
time.sleep(2)
# check administrative rights
if ctypes.windll.shell32.IsUserAnAdmin() == 0:
print "ERROR: FastIR Collector must run with administrative privileges\nPress ENTER to finish..."
sys.stdin.readline()
return 0
set_logger(param_options)
modules = factory.load_modules(param_options["packages"],
param_options["output_dir"])
for m in modules:
classes = factory.load_classes(m, param_options["OS"],
param_options["release"])
for cl in classes:
instance = cl(param_options)
if "dump" in str(cl):
for opt in param_options["dump"].split(","):
try:
if param_options["output_type"] in EXTRACT_DUMP[opt]:
getattr(instance, EXTRACT_DUMP[opt])()
except Exception:
param_options["logger"].error(traceback.format_exc())
continue
for name, method in inspect.getmembers(cl,
predicate=inspect.ismethod):
if not name.startswith("_"):
try:
if param_options["output_type"] in name:
getattr(instance, name)()
except KeyboardInterrupt:
return 0
except Exception:
param_options["logger"].error(traceback.format_exc())
# Delete all shadow copies created during the acquisition process
_VSS._close_instances()
if "output_share" in param_options:
unmount_share(param_options["mount_letter"])
def main(param_options):
print r"""
______ _ _____ _____
| ____| | | |_ _| __ \
| |__ __ _ ___| |_ | | | |__) |
| __/ _` / __| __| | | | _ /
| | | (_| \__ \ |_ _| |_| | \ \
|_| \__,_|___/\__|_____|_| \_\
A forensic analysis tool
"""
import time
time.sleep(2)
set_logger(param_options)
modules = factory.load_modules(param_options["packages"], param_options["output_dir"])
for m in modules:
classes = factory.load_classes(m, param_options["OS"], param_options["release"])
for cl in classes:
instance = cl(param_options)
if "dump" in str(cl):
for opt in param_options["dump"].split(","):
try:
if param_options["output_type"] in EXTRACT_DUMP[opt]:
getattr(instance, EXTRACT_DUMP[opt])()
except Exception:
param_options["logger"].error(traceback.format_exc())
continue
for name, method in inspect.getmembers(cl, predicate=inspect.ismethod):
if not name.startswith("_"):
try:
if param_options["output_type"] in name:
getattr(instance, name)()
except KeyboardInterrupt:
return 0
except Exception:
param_options["logger"].error(traceback.format_exc())
# Delete all shadow copies created during the acquisition process
_VSS._close_instances()
if "output_share" in param_options:
unmount_share(param_options["mount_letter"])
def create_output_dir(output_dir, letter=None):
"""Creates 'output_dir' recursively"""
reg_env = re.compile("%([^%]*)%")
result = reg_env.match(output_dir)
if result:
env_var = result.group(1)
try:
output_dir = output_dir.replace("%" + env_var + "%", os.environ[env_var])
except KeyError:
sys.stderr.write("Environment variable '%s' doesn't exist\n" % env_var)
sys.stderr.write("'%s' doesn't exist\n" % output_dir)
unmount_share(letter)
sys.exit(1)
if letter:
output_dir = letter + os.path.sep + output_dir + os.path.sep + datetime.now().strftime(
"%Y-%m-%d_%H%M%S") + os.path.sep
else:
output_dir = output_dir + os.path.sep + datetime.now().strftime("%Y-%m-%d_%H%M%S") + os.path.sep
create_dir(output_dir)
return output_dir