def __init__(self): """Initializes the front-end object.""" input_reader = frontend.StdinFrontendInputReader() output_writer = frontend.StdoutFrontendOutputWriter() super(PinfoFrontend, self).__init__(input_reader, output_writer) self._printer = pprint.PrettyPrinter(indent=8) self._verbose = False
def setUp(self): """Sets up the objects used throughout the test.""" # This is necessary since TimeRangeCache uses class members. # TODO: remove this work around and properly fix TimeRangeCache. pfilter.TimeRangeCache.ResetTimeConstraints() self._input_reader = frontend.StdinFrontendInputReader() self._output_writer = frontend.StdoutFrontendOutputWriter() self._temp_directory = tempfile.mkdtemp()
def __init__(self): """Initialize the process information frontend.""" self._input_reader = frontend.StdinFrontendInputReader() self._output_writer = frontend.StdoutFrontendOutputWriter() self._parent_list = [] self._process_list = [] super(ProcessInformationFrontend, self).__init__(self._input_reader, self._output_writer)
def __init__(self): """Initializes the front-end object.""" input_reader = frontend.StdinFrontendInputReader() output_writer = frontend.StdoutFrontendOutputWriter() super(ImageExportFrontend, self).__init__(input_reader, output_writer) self._knowledge_base = None self._remove_duplicates = True self._source_path_spec = None
def __init__(self): """Initializes the front-end object.""" input_reader = frontend.StdinFrontendInputReader() output_writer = frontend.StdoutFrontendOutputWriter() super(PlasmFrontend, self).__init__(input_reader, output_writer) self._cluster_closeness = None self._cluster_threshold = None self._quiet = False self._tagging_file_path = None self.mode = None
def __init__(self): """Initializes the front-end object.""" input_reader = frontend.StdinFrontendInputReader() output_writer = frontend.StdoutFrontendOutputWriter() super(PsortFrontend, self).__init__(input_reader, output_writer) self._analysis_processes = [] self._filter_buffer = None self._filter_expression = None self._filter_object = None self._output_module_class = None self._output_stream = None self._slice_size = 5
def __init__(self): """Initializes the front-end object.""" input_reader = frontend.StdinFrontendInputReader() output_writer = frontend.StdoutFrontendOutputWriter() super(PsortFrontend, self).__init__(input_reader, output_writer) self._analysis_processes = [] self._filter_buffer = None self._filter_expression = None self._filter_object = None self._output_filename = None self._output_format = None self._preferred_language = u'en-US' self._slice_size = 5
def __init__(self): """Initializes the front-end object.""" # TODO: remove the need to pass input_reader and output_writer. input_reader = frontend.StdinFrontendInputReader() output_writer = frontend.StdoutFrontendOutputWriter() super(StorageMediaFrontend, self).__init__(input_reader, output_writer) self._resolver_context = context.Context() self._scan_context = source_scanner.SourceScannerContext() self._source_path = None self._source_scanner = source_scanner.SourceScanner() # TODO: move this into a source handler to support multiple sources. self.partition_offset = None self.process_vss = True self.vss_stores = None
def setUp(self): """Sets up the objects used throughout the test.""" self._input_reader = frontend.StdinFrontendInputReader() self._output_writer = frontend.StdoutFrontendOutputWriter()
def __init__(self): """Initializes the front-end object.""" input_reader = frontend.StdinFrontendInputReader() output_writer = frontend.StdoutFrontendOutputWriter() super(Log2TimelineFrontend, self).__init__(input_reader, output_writer)
def Main(): """Run the tool.""" output_writer = frontend.StdoutFrontendOutputWriter() front_end = preg.PregFrontend(output_writer) epilog = textwrap.dedent(""" Example usage: Parse the SOFTWARE hive from an image: {0:s} [--vss] [--vss-stores VSS_STORES] -i IMAGE_PATH [-o OFFSET] -c SOFTWARE Parse an userassist key within an extracted hive: {0:s} -p userassist MYNTUSER.DAT Parse the run key from all Registry keys (in vss too): {0:s} --vss -i IMAGE_PATH [-o OFFSET] -p run Open up a console session for the SYSTEM hive inside an image: {0:s} -i IMAGE_PATH [-o OFFSET] -c SYSTEM """).format(os.path.basename(sys.argv[0])) description = textwrap.dedent(""" preg is a simple Windows Registry parser using the plaso Registry plugins and image parsing capabilities. It uses the back-end libraries of plaso to read raw image files and extract Registry files from VSS and restore points and then runs the Registry plugins of plaso against the Registry hive and presents it in a textual format. """) arg_parser = argparse.ArgumentParser( epilog=epilog, description=description, add_help=False, formatter_class=argparse.RawDescriptionHelpFormatter) # Create the different argument groups. mode_options = arg_parser.add_argument_group(u'Run Mode Options') image_options = arg_parser.add_argument_group(u'Image Options') info_options = arg_parser.add_argument_group(u'Informational Options') additional_data = arg_parser.add_argument_group(u'Additional Options') mode_options.add_argument( '-c', '--console', dest='console', action='store_true', default=False, help= u'Drop into a console session Instead of printing output to STDOUT.') additional_data.add_argument( '-r', '--restore_points', dest='restore_points', action='store_true', default=False, help=u'Include restore points for hive locations.') image_options.add_argument( '-i', '--image', dest='image', action='store', type=unicode, default='', metavar='IMAGE_PATH', help=( u'If the Registry file is contained within a storage media image, ' u'set this option to specify the path of image file.')) front_end.AddImageOptions(image_options) info_options.add_argument('-v', '--verbose', dest='verbose', action='store_true', default=False, help=u'Print sub key information.') info_options.add_argument('-h', '--help', action='help', help=u'Show this help message and exit.') front_end.AddVssProcessingOptions(additional_data) info_options.add_argument( '--info', dest='info', action='store_true', default=False, help=u'Print out information about supported plugins.') mode_options.add_argument( '-p', '--plugins', dest='plugin_names', action='append', default=[], type=unicode, metavar='PLUGIN_NAME', help=(u'Substring match of the Registry plugin to be used, this ' u'parameter can be repeated to create a list of plugins to be ' u'run against, eg: "-p userassist -p rdp" or "-p userassist".')) mode_options.add_argument( '-k', '--key', dest='key', action='store', default='', type=unicode, metavar='REGISTRY_KEYPATH', help=(u'A Registry key path that the tool should parse using all ' u'available plugins.')) arg_parser.add_argument( 'regfile', action='store', metavar='REGHIVE', nargs='?', help=(u'The Registry hive to read key from (not needed if running ' u'using a plugin)')) # Parse the command line arguments. options = arg_parser.parse_args() if options.info: print front_end.GetListOfAllPlugins() return True try: front_end.ParseOptions(options, source_option='image') except errors.BadConfigOption as exception: arg_parser.print_usage() print u'' logging.error('{0:s}'.format(exception)) return False # Run the tool, using the run mode according to the options passed # to the tool. if front_end.run_mode == front_end.RUN_MODE_CONSOLE: RunModeConsole(front_end, options) if front_end.run_mode == front_end.RUN_MODE_REG_KEY: front_end.RunModeRegistryKey(options, options.plugin_names) elif front_end.run_mode == front_end.RUN_MODE_REG_PLUGIN: front_end.RunModeRegistryPlugin(options, options.plugin_names) elif front_end.run_mode == front_end.RUN_MODE_REG_FILE: front_end.RunModeRegistryFile(options, options.regfile) return True