if (EsedbTable_Record.get_value_data(Column_Number) == None):
return Record_List.append('')
else:
return Record_List.append(str(EsedbTable_Record.get_value_data(Column_Number).decode('utf-16', 'ignore')))
elif (Column_Type == 17): #INTEGER_16BIT_UNSIGNED
return Record_List.append(EsedbTable_Record.get_value_data_as_integer(Column_Number))
args = sys.argv[1:]
File_To_Parse = args[0]
SQLite_DB_Name = args[1]
Table_Name = args[2]
Begin_Record_Number = args[3]
End_Record_Number = args[4]
SQLitedb = SQLiteDb()
SQLitedb.Open(SQLite_DB_Name)
file_object = open(File_To_Parse, "rb")
esedb_file = pyesedb.file()
esedb_file.open_file_object(file_object)
EsedbTable = esedb_file.get_table_by_name(Table_Name)
print ("Inserting records into table ==> " + Table_Name)
for i in range(int(Begin_Record_Number), int(End_Record_Number)):
SQL_Bind_Values = []
SQL_Statement_Table = 'Insert into ' + Table_Name + ' '
EsedbTable_Record = EsedbTable.get_record(i)
EsedbTable_Num_Columns = EsedbTable.get_number_of_columns()
Column_Name = EsedbTable_Record.get_column_name(0)
SQL_Statement_Columns = SQLitedb.Check_SQL_Reserved_Word(Column_Name)
SQL_Bind_Variables = SQLitedb.create_question_bind_variables(EsedbTable.get_number_of_columns())
Column_Type = EsedbTable_Record.get_column_type(0)
import sys
import os
from Database import SQLiteDb
def removeChars(text):
return ''.join([i if (ord(i) > 31 and ord(i) < 128) else '' for i in text])
args = sys.argv[1:]
if len(args) != 2:
print ("Wrong Parameters need 2, LevelDB directory and output csv file")
exit()
levelDbDir = args[0]
outputFile = args[1]
SQLitedb = SQLiteDb()
SQLitedb.RemoveDB_File(outputFile + ".db3")
SQLitedb.Open(outputFile + ".db3")
SQLitedb.CreateTable("Leveldb", 'key text, value text, byte_key text, byte_value text')
try:
levelDb = leveldb.LevelDB(levelDbDir)
try:
print (levelDb.GetStats())
except:
print ("No Stats")
numRecords = 0
with open(outputFile + ".csv", 'w') as f:
interfaces = load_interfaces(SoftwareHive)
interfaceIds = interfaces.keys()
for interfaceId in interfaceIds:
SQLitedb.InsertValues("interfaces", "L2ProfileId, ProfileName", '"'+ interfaceId + '", "' + interfaces[interfaceId] + '"')
LUIDInterfacesIds = LUIDInterfaces.keys()
for LUIDInterfacesId in LUIDInterfacesIds:
SQLitedb.InsertValues("LUIDInterfaces", "LUID, LUIDName", '"'+ LUIDInterfacesId + '", "' + LUIDInterfaces[LUIDInterfacesId] + '"')
args = sys.argv[1:]
File_To_Parse = args[0]
SoftwareHive = args[1]
SQLite_DB_Name = args[2]
SQLitedb = SQLiteDb()
SQLitedb.RemoveDB_File(SQLite_DB_Name)
SQLitedb.Open(SQLite_DB_Name)
getUserSids(SoftwareHive)
getInterfaces(SoftwareHive)
#print ("sids => " + str(sids))
#print ("interfaces => " + str(interfaces))
Parse_ESEDB_File(File_To_Parse)
Populate_ESEDB_DB(File_To_Parse)
#Post_Database_Processing()
Add_Application_Userids()
Create_Permanent_Tables()
fileMetricsTabName = "file_metrics"
fileMetricsColumnNames = "Prefetch_file_name text, file_metric_number int, file_metric_path text, file_metric_name text"
fileMetricsColumns = "Prefetch_file_name, file_metric_number, file_metric_path, file_metric_name"
fileMetricsBindVals = "?, ?, ?, ?"
fileTabName = "file_names"
fileColumnNames = "Prefetch_file_name text, file_path text, file_name text"
fileColumns = "Prefetch_file_name, file_path, file_name"
fileBindVals = "?, ?, ?"
args = sys.argv[1:]
prefetchDirectory = args[0]
SQLiteDbName = args[1]
print('Prefetch Directory is ', str(prefetchDirectory))
print('DB file is ', SQLiteDbName)
SQLitedb = SQLiteDb()
SQLitedb.RemoveDB_File(SQLiteDbName)
SQLitedb.Open(SQLiteDbName)
SQLitedb.CreateTable(tableName, tableColumns)
SQLitedb.CreateTable(fileMetricsTabName, fileMetricsColumnNames)
SQLitedb.CreateTable(volumeTabName, volumeColumnNames)
SQLitedb.CreateTable(fileTabName, fileColumnNames)
for root, dirs, files in os.walk(prefetchDirectory):
# print ("root = > " + str(root))
# print ("dirs = > " + str(dirs))
# print ("files = > " + str(files))
for file in files:
if ".pf" in file:
prefetchRecord = []
try: