def file_open(path):
extension = sig_check(path)
print('extension: ' + extension)
if extension == 'MS Windows Vista Event Log':
hash_v = calc_hash.get_hash(path, 'before')
file = event_open(path)
return log_analysis.EventAnalysis(file, path, hash_v)
print("[Error] input file error by fortools\nPlease check your file")
return -1
def file_open(path):
extension = sig_check(path)
print('extension: ' + str(extension))
if extension == 'MS Windows shortcut':
hash_v = calc_hash.get_hash(path, 'before')
file = lnk_open(path)
return lnk_analysis.LnkAnalysis(file, path, hash_v)
print("[Error] input file error by fortools\nPlease check your file")
return -1
def file_open(path):
extension = sig_check(path)
print('extension: ' + str(extension))
if extension == 'Icon':
hash_v = calc_hash.get_hash(path, 'before')
file = iconcache_open(path)
return iconcache_analysis.IconcacheAnalysis(file, path, hash_v)
print("[Error] input file error by fortools\nPlease check your file")
return -1
def file_open(path):
extension = sig_check(path)
print('extension: ' + str(extension))
if extension == 'Zip archive data':
hash_v = calc_hash.get_hash(path, 'before')
file = zip_open(path)
return files_analysis.ZIPAnalysis(file, path, hash_v)
print(
"[Error] input file error by fortools\nPlease check your file")
return -1
def file_open(path):
extension = sig_check(path)
print('extension: ' + str(extension))
if extension == 'PDF document':
hash_v = calc_hash.get_hash(path, 'before')
file = pdf_open(path)
return files_analysis.PDFAnalysis(file, path, hash_v)
print(
"[Error] input file error by fortools\nPlease check your file")
return -1
def file_open(path):
extension = sig_check(path)
print('extension: ' + str(extension))
if extension == 'Hangul (Korean) Word Processor File 5.x' or extension == 'Data':
hash_v = calc_hash.get_hash(path, 'before')
file = ole_open(path)
return files_analysis.HWPAnalysis(file, path, hash_v)
print(
"[Error] input file error by fortools\nPlease check your file")
return -1
def file_open(path):
extension = sig_check(path)
print('extension: ' + extension)
if extension == 'Thumb_Icon':
hash_v = calc_hash.get_hash(path, 'before')
file = cache_open(path)
return thumbnail_analysis.ThumbnailAnalysis_windows(
file, path, hash_v)
print("[Error] input file error by fortools\nPlease check your file")
return -1
def file_open(path):
extension = sig_check(path)
print('extension: ' + extension)
if extension == 'Composite Document File V2 Document':
hash_v = calc_hash.get_hash(path, 'before')
file = ole_open(path)
return jump_analysis.JumplistAnalysis(file, path, hash_v)
else:
print(
"[Error] input file error by fortools\nPlease check your file")
return -1
def file_open(path):
before_hash = []
if os.path.exists(path):
cache_file_list = os.listdir(path)
for i in range(0, len(cache_file_list)):
hashdic = {
cache_file_list[i]:
calc_hash.get_hash(path + '\\' + cache_file_list[i],
'before')
}
before_hash.append(hashdic)
chrome_file = browser_analysis.Chrome.Cache(path, before_hash)
return chrome_file
def disk_open(path):
hash_val = calc_hash.get_hash(path, 'before')
try:
if pyewf.check_file_signature(path) == True:
filename = pyewf.glob(path)
ewf_handle = pyewf.handle()
ewf_handle.open(filename)
return disk_analysis.E01Analysis(ewf_handle, path, hash_val)
else:
return disk_analysis.DDAnalysis(path, hash_val)
except:
print(
"[Error] input file error by fortools\nPlease check your file")
return -1
def file_open(path):
hash_v = calc_hash.get_hash(path, 'before')
extension = sig_check(path)
if extension == 'MFT':
print('extension: MFT')
return filesystem_analysis.MFTAnalysis(filesystem_log_open(path),
path, hash_v)
elif extension == 'None in our sig DB' or extension == 'data':
return filesystem_analysis.UsnJrnl(filesystem_log_open(path), path,
hash_v)
else:
print('extension: ' + str(extension))
print(
"[Error] input file error by fortools\nPlease check your file")
return -1
def file_open(path):
info_list = []
result = os.path.isfile(path)
result = str(result)
if result != 'True':
for a in os.listdir(path):
file_exetension = a.split('.')[-1]
if file_exetension == 'pf':
fullPath = os.path.join(path, a)
file = Prefetch.file_open(fullPath)
info = file.get_all_info()
info_list = info + info_list
if a == os.listdir(path)[-1]:
return info_list
extension = sig_check(path)
print('extension: ' + str(extension))
if extension == 'prefetch':
hash_v = calc_hash.get_hash(path, 'before')
file = prefetch_open(path)
file.seek(0)
version = struct.unpack_from('I', file.read(4))[0]
if version == 23:
file = prefetch_open(path)
path2 = None
else:
dirname = os.path.dirname(path)
basename = os.path.basename(path)
base = os.path.splitext(basename)
basename = base[0]
exetension = base[-1]
file = prefetch_open(dirname + '\\' + basename + '-1' +
exetension)
path2 = dirname + '\\' + basename + '-1' + exetension
file.seek(0)
version = struct.unpack_from('I', file.read(4))[0]
if version != 23 and version != 30:
print('error: not supported version')
return -1
return prefetch_analysis.PrefetchAnalysis(file, path, path2,
hash_v)
print("check your file format. This is not Prefetch file")
return -1
def file_open(path):
extension = sig_check(path)
if extension == 'MS Windows registry file':
file = reg_open(path)
hash_val = calc_hash.get_hash(path, 'before')
if Registry.HiveType.NTUSER == file.hive_type():
return reg_analysis.RegAnalysis(file, path, hash_val)
elif Registry.HiveType.SAM == file.hive_type():
return reg_analysis.RegAnalysis(file, path, hash_val)
elif Registry.HiveType.SOFTWARE == file.hive_type():
return reg_analysis.RegAnalysis(file, path, hash_val)
elif Registry.HiveType.SYSTEM == file.hive_type():
return reg_analysis.RegAnalysis(file, path, hash_val)
elif Registry.HiveType.SECURITY == file.hive_type():
return reg_analysis.RegAnalysis(file, path, hash_val)
else:
print(
"[Error] input file error by fortools\nPlease check your file"
)
return -1
else:
print(
"[Error] input file error by fortools\nPlease check your file")
return -1
def __cal_hash(self):
self.__hash_value.append(calc_hash.get_hash(self.__path, 'after'))
def __cal_hash(self):
after_hash = calc_hash.get_hash(self.__file, 'after')
self.__hash_val.append(after_hash)
def file_open(path):
hash_v = calc_hash.get_hash(path, 'before')
file = ie_edge_open(path)
return winsearch_analysis.WinSearchAnalysis(file, path, hash_v)
def file_open(path):
hash_v = calc_hash.get_hash(path, 'before')
file = normal_file_oepn(path)
return log_analysis.LinuxLogAnalysis.AuthLog(file, path, hash_v)
def file_open(path):
hash_v = calc_hash.get_hash(path, 'before')
ie_edge_file = browser_analysis.Ie_Edge.Download(
ie_edge_open(path), path, hash_v)
return ie_edge_file
def file_open(path):
hash_v = calc_hash.get_hash(path, 'before')
firefox_file = browser_analysis.Firefox.Cookie(path, hash_v)
return firefox_file
def file_open(path):
hash_v = calc_hash.get_hash(path, 'before')
file = normal_file_oepn(path)
return log_analysis.ApacheLog.Access(file, path, hash_v)
def file_open(path):
hash_v = calc_hash.get_hash(path, 'before')
chrome_file = browser_analysis.Chrome.Cookie(path, hash_v)
return chrome_file
def file_open(path):
hash_v = calc_hash.get_hash(path, 'before')
file = normal_file_oepn(path)
return log_analysis.IIS(file, path, hash_v)
def file_open(path):
hash_v = calc_hash.get_hash(path, 'before')
file = ole_open(path)
return files_analysis.MSOldAnalysis(file, path, hash_v)
def mem_open(path):
extension = sig_check(path)
if extension == 'data' or extension == 'block special':
hash_val = calc_hash.get_hash(path, 'before')
return mem_analysis.MemAnalysis(path, hash_val)
