def disk_image(victim):
"""
Wrapper function to create disk image of victim vm with ansible
args:
victim - location of vagrantfile
return:
None
"""
tmpfile = victim + 'filesystem.image.gz'
runner = AnsibleRunner(
'./scenario_builder/forensics/playbooks/diskimage-linux.yaml',
hosts='./scenario_builder/forensics/hosts')
runner.run()
os.rename(tmpfile, './filesystem.image.gz')
def memory_dump(victim):
"""
Wrapper function to create memory dump of victim vm with ansible
args:
victim - location of vagrantfile
return:
None
"""
runner = AnsibleRunner(
'./scenario_builder/forensics/playbooks/mem-dump-linux.yaml',
hosts='./scenario_builder/forensics/hosts')
runner.run()
tmpfile = victim + 'mem-image.lime'
os.rename(tmpfile, './mem-image.lime')
def logs(logs_loc):
"""
Wrapper function to pull logs off of the victim vm with ansible
args:
logs_loc - location of the log files on the victim vm
return:
None
"""
logger = logging.getLogger('root')
log_path = "log_path={}".format(logs_loc)
logger.debug('Pulling logs from {}'.format(log_path))
runner = AnsibleRunner(
'./scenario_builder/forensics/playbooks/logs-linux.yaml',
hosts='./scenario_builder/forensics/hosts',
extra_var=log_path)
runner.run()
os.rename('./scenario_builder/forensics/playbooks/logs.zip', './logs.zip')
