def get_os_version(self):
product_name = registry.get_registry_key_specific_value(
self.software_hive, "Microsoft\\Windows NT\\CurrentVersion",
"ProductName")[0]['Value']
CSD_version = registry.get_registry_key_specific_value(
self.software_hive, "Microsoft\\Windows NT\\CurrentVersion",
"CSDVersion")[0]['Value']
return product_name + " " + CSD_version
def find_installed_browser(config):
"""
Find the installed browser in the analysed disk.
For now, the tool only supports IE, Firefox and Chrome, which
should nonetheless represents the majority of users on Windows.
Return: List of (name, version) for all installed browser
"""
#TODO: Check what happens if multiple version of same browser are installed
browsers_list = []
try:
new_ie = registry.get_registry_key_specific_value(config.software_hive,
"Microsoft\\Internet Explorer", "svcVersion")
if new_ie:
browsers_list.append({'Browser Name': "Internet Explorer",
'Browser Version': new_ie[0]['Value']})
except:
pass
try:
ie = registry.get_registry_key_specific_value(config.software_hive,
"Microsoft\\Internet Explorer", "Version")
if ie:
browsers_list.append({'Browser Name': "Internet Explorer",
'Browser Version': ie[0]['Value']})
except:
pass
try:
firefox = registry.get_registry_key_specific_value(config.software_hive,
"Mozilla\\Mozilla Firefox", "CurrentVersion")
if firefox:
browsers_list.append({'Browser Name': "Mozilla Firefox",
'Browser Version': firefox[0]['Value']})
except:
pass
for (user, hive) in config.users_hives:
try:
chrome = registry.get_registry_key_specific_value(hive,
"Software\\Google\\Chrome\\BLBeacon", "version")
if chrome:
browsers_list.append({'Browser Name': "Google Chrome",
'Browser Version': chrome[0]['Value'],
'User': user})
except:
pass
try:
chromium = registry.get_registry_key_specific_value(hive,
"Software\\Chromium\\BLBeacon", "version")
if chromium:
browsers_list.append({'Browser Name': "Chromium",
'Browser Version': chromium[0]['Value'],
'User': user})
except:
pass
return browsers_list
def get_timezone(self):
timezone_bias = int(registry.get_registry_key_specific_value(
self.system_hive,
self.current_control_set + "\\Control\\TimezoneInformation",
"Bias")[0]['Value'])
if timezone_bias > 0:
return "UTC +" + str(timezone_bias/60)
elif timezone_bias < 0:
return "UTC " + str(timezone_bias/60)
else:
return "UTC"
def get_os(self):
product_name = registry.get_registry_key_specific_value(
self.software_hive, "Microsoft\\Windows NT\\CurrentVersion",
"ProductName")[0]['Value']
if "Windows Vista" in product_name:
return "Windows Vista"
elif "Windows 7" in product_name:
return "Windows 7"
elif "Windows 8" in product_name:
return "Windows 8"
elif "Windows 10" in product_name:
return "Windows 10"
else:
raise Exception("Impossible to detect OS version !")
def get_computer_name(self):
return registry.get_registry_key_specific_value(self.system_hive,
self.current_control_set + "\\Control\\ComputerName\\ComputerName",
"ComputerName")[0]['Value']
def get_last_reboot(self):
shutdown_time = registry.get_registry_key_specific_value(
self.system_hive, self.current_control_set + "\\Control\\Windows",
"ShutdownTime")[0]['Value']
return format(registry.filetime_to_date(shutdown_time),
'%a, %d %B %Y %H:%M:%S %Z')
def get_os_registered_owner(self):
return registry.get_registry_key_specific_value(
self.software_hive, "Microsoft\\Windows NT\\CurrentVersion",
"RegisteredOwner")[0]['Value']
def get_os_build(self):
return registry.get_registry_key_specific_value(
self.software_hive, "Microsoft\\Windows NT\\CurrentVersion",
"CurrentBuild")[0]['Value']
def get_current_control_set(self):
return "ControlSet00" + registry.get_registry_key_specific_value(
self.system_hive, "Select", "Current")[0]['Value']
