def run(self, evidence, result):
"""Task that processes Plaso storage files with Psort.
Args:
evidence: Path to data to process.
result: A TurbiniaTaskResult object to place task results into.
Returns:
TurbiniaTaskResult object.
"""
psort_evidence = PlasoCsvFile()
psort_file = os.path.join(self.output_dir, '{0:s}.csv'.format(self.id))
psort_evidence.local_path = psort_file
psort_log = os.path.join(self.output_dir, '{0:s}.log'.format(self.id))
cmd = ['psort.py', '--status_view', 'none', '--logfile', psort_log]
cmd.extend(['-w', psort_file, evidence.local_path])
result.log('Running psort as [{0:s}]'.format(' '.join(cmd)))
self.execute(cmd,
result,
save_files=[psort_log],
new_evidence=[psort_evidence],
close=True)
return result
def run(self, evidence, result):
"""Task that processes Plaso storage files with Psort."""
config.LoadConfig()
psort_file = os.path.join(self.output_dir, '{0:s}.csv'.format(self.id))
psort_evidence = PlasoCsvFile(source_path=psort_file)
psort_log = os.path.join(self.output_dir, '{0:s}.log'.format(self.id))
cmd = self.build_plaso_command('psort.py', self.task_config)
cmd.extend(['--logfile', psort_log])
if config.DEBUG_TASKS or self.task_config.get('debug_tasks'):
cmd.append('-d')
cmd.extend(['-w', psort_file, evidence.local_path])
result.log('Running psort as [{0:s}]'.format(' '.join(cmd)))
self.execute(cmd,
result,
log_files=[psort_log],
new_evidence=[psort_evidence],
close=True)
return result
def run(self, evidence, result):
"""Task that processes Plaso storage files with Psort.
Args:
evidence (Evidence object): The evidence we will process.
result (TurbiniaTaskResult): The object to place task results into.
Returns:
TurbiniaTaskResult object.
"""
config.LoadConfig()
psort_file = os.path.join(self.output_dir, '{0:s}.csv'.format(self.id))
psort_evidence = PlasoCsvFile(source_path=psort_file)
psort_log = os.path.join(self.output_dir, '{0:s}.log'.format(self.id))
cmd = ['psort.py', '--status_view', 'none', '--logfile', psort_log]
if config.DEBUG_TASKS or evidence.config.get('debug_tasks'):
cmd.append('-d')
cmd.extend(['--additional_fields', 'yara_match'])
cmd.extend(['-w', psort_file, evidence.local_path])
cmd.extend(['--temporary_directory', self.tmp_dir])
result.log('Running psort as [{0:s}]'.format(' '.join(cmd)))
self.execute(cmd,
result,
log_files=[psort_log],
new_evidence=[psort_evidence],
close=True)
return result
class PsortJob(TurbiniaJob):
"""Run psort on PlasoFile to generate a CSV file."""
# The types of evidence that this Job will process
evidence_input = [type(PlasoFile())]
evidence_output = [type(PlasoCsvFile())]
def __init__(self):
super(PsortJob, self).__init__(name='PsortJob')
def create_tasks(self, evidence):
"""Create task for Psort.
Args:
evidence: List of evidence object to process
Returns:
A list of PsortTasks.
"""
return [PsortTask() for e in evidence]
class GrepJob(TurbiniaJob):
"""Filter input based on regular expression patterns."""
# The types of evidence that this Job will process
evidence_input = [type(TextFile()), type(PlasoCsvFile())]
evidence_output = [type(FilteredTextFile())]
def __init__(self):
super(GrepJob, self).__init__(name='GrepJob')
def create_tasks(self, evidence):
"""Create task.
Args:
evidence: List of evidence object to process
Returns:
A list of tasks to schedule.
"""
tasks = [GrepTask() for _ in evidence]
return tasks