예제 #1
0
    def bcGenPremisXmlBulkExtractor(self, beReportFile, premis_file, isFirstEvent=False):
        # Extract some values from the corresponding input XML file
        beReportXml_command_line = fiwalk.fiwalk_xml_command_line(beReportFile)

        image_name = self.extractImageName(beReportXml_command_line, "be")
        be_version = fiwalk.fiwalk_xml_version(beReportFile)

        # BE is the last event. So open the outfile to write
        if not os.path.exists(premis_file):
            of_premis = open(premis_file,"wb")
        else:
            of_premis = "null"

        print(">>> Generating bulk_extractor PREMIS event")

        eventIdType = 0  # If this is 0, we will generate UUID
        eventDetail = beReportXml_command_line

        eventType = "bulk_extractor"
        eDateTime = fiwalk.fiwalk_xml_start_time(beReportFile)

        # We don't check the flag for eOutcome as we don't run the 
        # bulk extractor on command line. We already have th feature files
        # from a previous run of the beViewer. We just use the information from
        # the report.xml file for generating premis events.
        eOutcome = "Completed" 

        # FIXME: Need more input on what to extract for Details
        eoDetail = "bulk_extractor version: "+be_version

        line1 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
        of_premis.write(bytes(line1, 'UTF-8'))

        self.bcGenPremisEvent(root, eventIdType, eventType, eventDetail, eDateTime, eOutcome, eoDetail, of_premis, True)
예제 #2
0
    def bcGenPremisXmlBulkExtractor(self, beReportFile, premis_file, isFirstEvent=False):
        # Extract some values from the corresponding input XML file
        beReportXml_command_line = fiwalk.fiwalk_xml_command_line(beReportFile)

        image_name = self.extractImageName(beReportXml_command_line, "be")
        be_version = fiwalk.fiwalk_xml_version(beReportFile)

        # BE is the last event. So open the outfile to write
        if not os.path.exists(premis_file):
            of_premis = open(premis_file,"wb")
        else:
            of_premis = "null"

        print(">>> Generating Bulk Extractor Premis Events XML ")

        eventIdType = 0  # If this is 0, we will generate UUID
        eventIdVal = beReportXml_command_line
        eventType = "Feature Stream Analysis"
        eDateTime = fiwalk.fiwalk_xml_start_time(beReportFile)

        # FIXME: Need more input on what to extract for Details
        eoDetail = "version: "+be_version

        # We don't check the flag for eOutcome as we don't run the 
        # bulk extractor on command line. We already have th feature files
        # from a previous run of the beViewer. We just use the information from
        # the report.xml file for generating premis events.
        eOutcome = "Bulk Extractor Output" 

        line1 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
        of_premis.write(bytes(line1, 'UTF-8'))

        self.bcGenPremisEvent(root, eventIdType, eventIdVal,  eventType, eDateTime, eOutcome, eoDetail, of_premis, True)
예제 #3
0
    def bcGenPremisXmlFiwalk(self,
                             dfxmlfile,
                             premis_file,
                             outcome=True,
                             fw_tab=False):

        # If dfxmlfile doesn't exist, Fiwalk command probably failed.
        # If outcome is False, it is confirmed to have failed.
        # Generate premis event accordingly.
        # FIXME: Add premis event for failed case here.

        # We don't write to the file till the last event is done. If this
        # routine is invoked by a Fiwalk-tab, this is the last event.
        # For such a case, create a new file.

        ## print("D: bcGenPremisXmlFiwalk: XmlFile: ", dfxmlfile)
        ## print("D: bcGenPremisXmlFiwalk: Premis file: ", premis_file)
        if fw_tab == True:
            if os.path.exists(premis_file):
                of_premis = open(premis_file, "wb")
                line1 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
                of_premis.write(bytes(line1, 'UTF-8'))
            else:
                of_premis = "null"
        else:
            of_premis = "premis_file"

        # Get the image name from "command_line" part of dfxml file:
        dfxml_command_line = fiwalk.fiwalk_xml_command_line(dfxmlfile)
        image_name = self.extractImageName(dfxml_command_line, "fw")

        # Generate the Fiwalk Event:
        eventIdType = 0  # UUID

        #eventIdVal = dfxml_command_line
        eventDetail = dfxml_command_line

        eDateTime = fiwalk.fiwalk_xml_start_time(dfxmlfile)
        eoDetail = "Produced DFXML file: " + dfxmlfile
        if (outcome == True):
            eOutcome = "Completed"
        else:
            eOutcome = "Failed"

        if of_premis != "null":
            self.bcGenPremisEvent(root, eventIdType, "File System Analysis",
                                  eventDetail, eDateTime, eOutcome, eoDetail,
                                  of_premis, fw_tab)

        return root
예제 #4
0
    def bcGenPremisXmlFiwalk(self, dfxmlfile, premis_file, outcome=True, fw_tab=False):
    
        # If dfxmlfile doesn't exist, Fiwalk command probably failed.
        # If outcome is False, it is confirmed to have failed.
        # Generate premis event accordingly.
        # FIXME: Add premis event for failed case here.

        # We don't write to the file till the last event is done. If this
        # routine is invoked by a Fiwalk-tab, this is the last event.
        # For such a case, create a new file.

        ## print("D: bcGenPremisXmlFiwalk: XmlFile: ", dfxmlfile)
        ## print("D: bcGenPremisXmlFiwalk: Premis file: ", premis_file)
        if fw_tab == True:
          if os.path.exists(premis_file):
            of_premis = open(premis_file,"wb")
            line1 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
            of_premis.write(bytes(line1, 'UTF-8'))
          else:
            of_premis = "null"
        else:
            of_premis = "premis_file"

        # Get the image name from "command_line" part of dfxml file:
        dfxml_command_line = fiwalk.fiwalk_xml_command_line(dfxmlfile)
        image_name = self.extractImageName(dfxml_command_line, "fw")
        
        # Generate the Fiwalk Event:
        eventIdType = 0  # UUID

        #eventIdVal = dfxml_command_line
        eventDetail = dfxml_command_line

        eDateTime = fiwalk.fiwalk_xml_start_time(dfxmlfile)
        eoDetail = "Produced DFXML file: " + dfxmlfile
        if (outcome == True):
            eOutcome = "Completed" 
        else:
            eOutcome = "Failed" 

        if of_premis != "null":
           self.bcGenPremisEvent(root, eventIdType, "File System Analysis", eventDetail, eDateTime, eOutcome, eoDetail, of_premis, fw_tab)

        return root