def main():
if (len(sys.argv) == 1):
dsz.ui.Echo('====================================')
dsz.ui.Echo('= Getting a list of prefetch files =')
dsz.ui.Echo('====================================')
prefetch = getpretchfiles('c:\\windows\\prefetch')
pprint(prefetch, header=['Index', 'Name', 'Size', 'Created', 'Modified', 'Accessed'], dictorder=['index', 'name', 'size', 'created', 'modified', 'accessed'])
dsz.ui.Echo('Found the above files in the prefetch, please select which you would like to pull and parse', dsz.GOOD)
wantlist = getlist(prefetch)
shortparse = []
for file in wantlist:
localfile = getfile(file)
file['localfile'] = localfile
data = readfile(localfile)
good_data = {'index': file['index'], 'name': file['name'], 'bytes': data['prefetchfilelength'], 'runs': data['numexec'], 'last': data['lastexectimestamp'], 'localfile': file['localfile'], 'sectionc': data['sectionc'], 'sectiond': data['sectiond']}
shortparse.append(good_data)
print ''
dsz.ui.Echo('====================================')
dsz.ui.Echo('=========== Short Parse ============')
dsz.ui.Echo('====================================')
pprint(shortparse, header=['Index', 'Name', 'Byte Length', 'Number of Runs', 'Last Execute Time'], dictorder=['index', 'name', 'bytes', 'runs', 'last'])
dsz.ui.Echo('Of the files you pulled back, which would you like to see the called files?', dsz.GOOD)
parselist = getlist(shortparse)
print ''
for file in parselist:
bannerstring = ('================ %s ====================' % file['name'])
bannercap = ('=' * len(bannerstring))
dsz.ui.Echo(bannercap, dsz.GOOD)
dsz.ui.Echo(bannerstring, dsz.GOOD)
dsz.ui.Echo(bannercap, dsz.GOOD)
dsz.ui.Echo('Files Accessed:')
for dll in file['sectionc']:
dsz.ui.Echo(('\t\t%s' % ops.utf8(dll)))
dsz.ui.Echo('\\Volumes Accessed:')
for sectiond in file['sectiond']:
dsz.ui.Echo(('\tVolume Label: %s' % sectiond['vollabel']))
dsz.ui.Echo(('\tVolume Serial: %s' % sectiond['volserial']))
dsz.ui.Echo(('\tAccess timestamp: %s' % sectiond['accesstimestamp']))
dsz.ui.Echo('\tDirectories Accessed:')
for directory in sectiond['subsec2']:
dsz.ui.Echo(('\t\t%s' % ops.utf8(directory[1])))
else:
prefetchFile = sys.argv[1]
data = readfile(prefetchFile)
good_data = [{'bytes': data['prefetchfilelength'], 'runs': data['numexec'], 'last': data['lastexectimestamp'], 'sectionc': data['sectionc'], 'sectiond': data['sectiond']}]
pprint(good_data, header=['Byte Length', 'Number of Runs', 'Last Execute Time'], dictorder=['bytes', 'runs', 'last'])
dsz.ui.Echo('Files Accessed:')
for dll in data['sectionc']:
dsz.ui.Echo(('\t\t%s' % ops.utf8(dll)))
dsz.ui.Echo('\\Volumes Accessed:')
for sectiond in data['sectiond']:
dsz.ui.Echo(('\tVolume Label: %s' % sectiond['vollabel']))
dsz.ui.Echo(('\tVolume Serial: %s' % sectiond['volserial']))
dsz.ui.Echo(('\tAccess timestamp: %s' % sectiond['accesstimestamp']))
dsz.ui.Echo('\tDirectories Accessed:')
for directory in sectiond['subsec2']:
dsz.ui.Echo(('\t\t%s' % ops.utf8(directory[1])))
def runCmd(cmd, show=False):
if show:
dsz.control.echo.On()
else:
dsz.control.echo.Off()
(suc, cmdid) = dsz.cmd.RunEx(ops.utf8(cmd), dsz.RUN_FLAG_RECORD)
if show:
dsz.control.echo.Off()
else:
dsz.control.echo.On()
return (suc, cmdid)
def runCmd(cmd, show=False):
if show:
dsz.control.echo.On()
else:
dsz.control.echo.Off()
(suc, cmdid) = dsz.cmd.RunEx(ops.utf8(cmd), dsz.RUN_FLAG_RECORD)
if show:
dsz.control.echo.Off()
else:
dsz.control.echo.On()
return (suc, cmdid)
def __str__(self):
cmdstr = ''
for prefix in self.prefixes:
cmdstr += ('%s ' % prefix)
cmdstr += ('%s ' % self.plugin)
for arg in self.arglist:
cmdstr += ('%s ' % arg)
for optkey in self.optdict:
if (type(self.optdict[optkey]) == bool):
if (self.optdict[optkey] == True):
cmdstr += ('-%s ' % optkey)
elif (self.optdict[optkey] is not None):
cmdstr += ('-%s %s ' % (optkey, self.optdict[optkey]))
return ops.utf8(cmdstr)
def main():
if (len(sys.argv) == 1):
dsz.ui.Echo('====================================')
dsz.ui.Echo('= Getting a list of prefetch files =')
dsz.ui.Echo('====================================')
prefetch = getpretchfiles('c:\\windows\\prefetch')
pprint(prefetch,
header=[
'Index', 'Name', 'Size', 'Created', 'Modified', 'Accessed'
],
dictorder=[
'index', 'name', 'size', 'created', 'modified', 'accessed'
])
dsz.ui.Echo(
'Found the above files in the prefetch, please select which you would like to pull and parse',
dsz.GOOD)
wantlist = getlist(prefetch)
shortparse = []
for file in wantlist:
localfile = getfile(file)
file['localfile'] = localfile
data = readfile(localfile)
good_data = {
'index': file['index'],
'name': file['name'],
'bytes': data['prefetchfilelength'],
'runs': data['numexec'],
'last': data['lastexectimestamp'],
'localfile': file['localfile'],
'sectionc': data['sectionc'],
'sectiond': data['sectiond']
}
shortparse.append(good_data)
print ''
dsz.ui.Echo('====================================')
dsz.ui.Echo('=========== Short Parse ============')
dsz.ui.Echo('====================================')
pprint(shortparse,
header=[
'Index', 'Name', 'Byte Length', 'Number of Runs',
'Last Execute Time'
],
dictorder=['index', 'name', 'bytes', 'runs', 'last'])
dsz.ui.Echo(
'Of the files you pulled back, which would you like to see the called files?',
dsz.GOOD)
parselist = getlist(shortparse)
print ''
for file in parselist:
bannerstring = ('================ %s ====================' %
file['name'])
bannercap = ('=' * len(bannerstring))
dsz.ui.Echo(bannercap, dsz.GOOD)
dsz.ui.Echo(bannerstring, dsz.GOOD)
dsz.ui.Echo(bannercap, dsz.GOOD)
dsz.ui.Echo('Files Accessed:')
for dll in file['sectionc']:
dsz.ui.Echo(('\t\t%s' % ops.utf8(dll)))
dsz.ui.Echo('\\Volumes Accessed:')
for sectiond in file['sectiond']:
dsz.ui.Echo(('\tVolume Label: %s' % sectiond['vollabel']))
dsz.ui.Echo(('\tVolume Serial: %s' % sectiond['volserial']))
dsz.ui.Echo(
('\tAccess timestamp: %s' % sectiond['accesstimestamp']))
dsz.ui.Echo('\tDirectories Accessed:')
for directory in sectiond['subsec2']:
dsz.ui.Echo(('\t\t%s' % ops.utf8(directory[1])))
else:
prefetchFile = sys.argv[1]
data = readfile(prefetchFile)
good_data = [{
'bytes': data['prefetchfilelength'],
'runs': data['numexec'],
'last': data['lastexectimestamp'],
'sectionc': data['sectionc'],
'sectiond': data['sectiond']
}]
pprint(good_data,
header=['Byte Length', 'Number of Runs', 'Last Execute Time'],
dictorder=['bytes', 'runs', 'last'])
dsz.ui.Echo('Files Accessed:')
for dll in data['sectionc']:
dsz.ui.Echo(('\t\t%s' % ops.utf8(dll)))
dsz.ui.Echo('\\Volumes Accessed:')
for sectiond in data['sectiond']:
dsz.ui.Echo(('\tVolume Label: %s' % sectiond['vollabel']))
dsz.ui.Echo(('\tVolume Serial: %s' % sectiond['volserial']))
dsz.ui.Echo(
('\tAccess timestamp: %s' % sectiond['accesstimestamp']))
dsz.ui.Echo('\tDirectories Accessed:')
for directory in sectiond['subsec2']:
dsz.ui.Echo(('\t\t%s' % ops.utf8(directory[1])))
def _statehash(fileitem):
myhash = hashlib.md5()
myhash.update(ops.utf8(('%s%s%s' % (fileitem.filetimes.modified.time, fileitem.dszparent.path, fileitem.name))))
return binascii.hexlify(myhash.digest())