def stop_processing_handler(self, event):
log_path = os.path.join(self.configuration['results_folder'],
"network.log")
self.logger.debug("Event %s: waiting Pcap analysis.", event)
collect_process_output(self.analysis_process, log_path)
def stop_processing_handler(self, event):
log_path = os.path.join(self.configuration['results_folder'],
"network.log")
self.logger.debug("Event %s: waiting Pcap analysis.", event)
collect_process_output(self.analysis_process, log_path)
def process_memory_snapshot(snapshot_path, profile, plugin):
process = launch_process('volatility',
'--profile=%s' % profile,
'--filename=%s' % snapshot_path,
plugin)
file_name = '%s_%s.log' % (snapshot_path.split('.')[0], plugin)
collect_process_output(process, file_name)
def snapshot_to_checkpoint(volume, snapshot, folder_path):
"""Turns a QEMU internal snapshot into a QCOW file."""
create_folder(folder_path)
name = snapshot.getName()
path = os.path.join(folder_path, '%s.qcow2' % name)
process = launch_process(QEMU_IMG, "convert", "-f", "qcow2", "-o",
"backing_file=%s" % volume_backing_path(volume),
"-O", "qcow2", "-s", name,
volume_path(volume), path)
collect_process_output(process)
return path
def process_memory_snapshot(snapshot_path, profile, plugin):
process = launch_process('volatility', '--profile=%s' % profile,
'--filename=%s' % snapshot_path, plugin)
file_name = '%s_%s.log' % (snapshot_path.split('.')[0], plugin)
collect_process_output(process, file_name)
