def get_e_mail_attachments(self):
"""Checks OST and PST windows in correct directories and zip it in a given archive"""
outlook_dirs = look_for_outlook_dirs(get_userprofiles_from_reg())
for outlook_dir in outlook_dirs:
outlook_pst_files = look_for_files(outlook_dir + '\\*.pst')
outlook_ost_files = look_for_files(outlook_dir + '\\*.ost')
if len(outlook_pst_files) > 0:
zip_archive(outlook_pst_files, self.output_dir, 'pst', self.logger)
if len(outlook_ost_files) > 0:
zip_archive(outlook_ost_files, self.output_dir, 'ost', self.logger)
def get_e_mail_attachments(self):
"""Checks OST and PST windows in correct directories and zip it in a given archive"""
outlook_dirs = look_for_outlook_dirs(get_userprofiles_from_reg())
for outlook_dir in outlook_dirs:
outlook_pst_files = look_for_files(outlook_dir + '\\*.pst')
outlook_ost_files = look_for_files(outlook_dir + '\\*.ost')
if len(outlook_pst_files) > 0:
zip_archive(outlook_pst_files, self.output_dir, 'pst',
self.logger)
if len(outlook_ost_files) > 0:
zip_archive(outlook_ost_files, self.output_dir, 'ost',
self.logger)
def _get_startup_files(self, path):
files = look_for_files(path)
zip_archive(files, self.output_dir, 'autoruns', self.logger, 'a')
for start_file in files:
md5, sha1, sha256 = process_hashes(start_file)
user = start_file.replace(self.userprofile + '\\',
'').split('\\', 1)[0]
filename = os.path.split(start_file)[1]
yield [
self.computer_name, 'startup_file', filename, user, md5, sha1,
sha256
]
def __data_from_userprofile(self, zipname, directories_to_search):
"""Retrieves data from userprofile.
Creates a zip archive containing windows from the directories given in parameters."""
userprofiles = get_userprofiles_from_reg()
# File mode is write and truncate for the first iteration, append after
file_mode = 'w'
for userprofile in userprofiles:
if userprofile.startswith('%'):
usrp_tokens = userprofile.split('\\')
prefix = usrp_tokens[0]
env = prefix.replace('%', '')
userprofile = userprofile.replace(prefix, os.environ[env.upper()])
for directory_to_search in directories_to_search:
full_path = userprofile + '\\' + directory_to_search
# construct the list of windows in the directory_to_search for the zip function
list_directories = look_for_files(full_path)
for directory in list_directories:
list_files = self.__enum_directory(directory)
zip_archive(list_files, self.output_dir, zipname, self.logger, file_mode)
file_mode = 'a'
def __data_from_userprofile(self, zipname, directories_to_search):
"""Retrieves data from userprofile.
Creates a zip archive containing windows from the directories given in parameters."""
userprofiles = get_userprofiles_from_reg()
# File mode is write and truncate for the first iteration, append after
file_mode = 'w'
for userprofile in userprofiles:
if userprofile.startswith('%'):
usrp_tokens = userprofile.split('\\')
prefix = usrp_tokens[0]
env = prefix.replace('%', '')
userprofile = userprofile.replace(prefix, os.environ[env])
for directory_to_search in directories_to_search:
full_path = userprofile + '\\' + directory_to_search
# construct the list of windows in the directory_to_search for the zip function
list_directories = look_for_files(full_path)
for directory in list_directories:
list_files = self.__enum_directory(directory)
zip_archive(list_files, self.output_dir, zipname,
self.logger, file_mode)
file_mode = 'a'
