def bcGenPremisXmlBulkExtractor(self, beReportFile, premis_file, isFirstEvent=False):
# Extract some values from the corresponding input XML file
beReportXml_command_line = fiwalk.fiwalk_xml_command_line(beReportFile)
image_name = self.extractImageName(beReportXml_command_line, "be")
be_version = fiwalk.fiwalk_xml_version(beReportFile)
# BE is the last event. So open the outfile to write
if not os.path.exists(premis_file):
of_premis = open(premis_file,"wb")
else:
of_premis = "null"
print(">>> Generating bulk_extractor PREMIS event")
eventIdType = 0 # If this is 0, we will generate UUID
eventDetail = beReportXml_command_line
eventType = "bulk_extractor"
eDateTime = fiwalk.fiwalk_xml_start_time(beReportFile)
# We don't check the flag for eOutcome as we don't run the
# bulk extractor on command line. We already have th feature files
# from a previous run of the beViewer. We just use the information from
# the report.xml file for generating premis events.
eOutcome = "Completed"
# FIXME: Need more input on what to extract for Details
eoDetail = "bulk_extractor version: "+be_version
line1 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
of_premis.write(bytes(line1, 'UTF-8'))
self.bcGenPremisEvent(root, eventIdType, eventType, eventDetail, eDateTime, eOutcome, eoDetail, of_premis, True)
def bcGenPremisXmlBulkExtractor(self, beReportFile, premis_file, isFirstEvent=False):
# Extract some values from the corresponding input XML file
beReportXml_command_line = fiwalk.fiwalk_xml_command_line(beReportFile)
image_name = self.extractImageName(beReportXml_command_line, "be")
be_version = fiwalk.fiwalk_xml_version(beReportFile)
# BE is the last event. So open the outfile to write
if not os.path.exists(premis_file):
of_premis = open(premis_file,"wb")
else:
of_premis = "null"
print(">>> Generating Bulk Extractor Premis Events XML ")
eventIdType = 0 # If this is 0, we will generate UUID
eventIdVal = beReportXml_command_line
eventType = "Feature Stream Analysis"
eDateTime = fiwalk.fiwalk_xml_start_time(beReportFile)
# FIXME: Need more input on what to extract for Details
eoDetail = "version: "+be_version
# We don't check the flag for eOutcome as we don't run the
# bulk extractor on command line. We already have th feature files
# from a previous run of the beViewer. We just use the information from
# the report.xml file for generating premis events.
eOutcome = "Bulk Extractor Output"
line1 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
of_premis.write(bytes(line1, 'UTF-8'))
self.bcGenPremisEvent(root, eventIdType, eventIdVal, eventType, eDateTime, eOutcome, eoDetail, of_premis, True)
def bcGenPremisXmlFiwalk(self,
dfxmlfile,
premis_file,
outcome=True,
fw_tab=False):
# If dfxmlfile doesn't exist, Fiwalk command probably failed.
# If outcome is False, it is confirmed to have failed.
# Generate premis event accordingly.
# FIXME: Add premis event for failed case here.
# We don't write to the file till the last event is done. If this
# routine is invoked by a Fiwalk-tab, this is the last event.
# For such a case, create a new file.
## print("D: bcGenPremisXmlFiwalk: XmlFile: ", dfxmlfile)
## print("D: bcGenPremisXmlFiwalk: Premis file: ", premis_file)
if fw_tab == True:
if os.path.exists(premis_file):
of_premis = open(premis_file, "wb")
line1 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
of_premis.write(bytes(line1, 'UTF-8'))
else:
of_premis = "null"
else:
of_premis = "premis_file"
# Get the image name from "command_line" part of dfxml file:
dfxml_command_line = fiwalk.fiwalk_xml_command_line(dfxmlfile)
image_name = self.extractImageName(dfxml_command_line, "fw")
# Generate the Fiwalk Event:
eventIdType = 0 # UUID
#eventIdVal = dfxml_command_line
eventDetail = dfxml_command_line
eDateTime = fiwalk.fiwalk_xml_start_time(dfxmlfile)
eoDetail = "Produced DFXML file: " + dfxmlfile
if (outcome == True):
eOutcome = "Completed"
else:
eOutcome = "Failed"
if of_premis != "null":
self.bcGenPremisEvent(root, eventIdType, "File System Analysis",
eventDetail, eDateTime, eOutcome, eoDetail,
of_premis, fw_tab)
return root
def bcGenPremisXmlFiwalk(self, dfxmlfile, premis_file, outcome=True, fw_tab=False):
# If dfxmlfile doesn't exist, Fiwalk command probably failed.
# If outcome is False, it is confirmed to have failed.
# Generate premis event accordingly.
# FIXME: Add premis event for failed case here.
# We don't write to the file till the last event is done. If this
# routine is invoked by a Fiwalk-tab, this is the last event.
# For such a case, create a new file.
## print("D: bcGenPremisXmlFiwalk: XmlFile: ", dfxmlfile)
## print("D: bcGenPremisXmlFiwalk: Premis file: ", premis_file)
if fw_tab == True:
if os.path.exists(premis_file):
of_premis = open(premis_file,"wb")
line1 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
of_premis.write(bytes(line1, 'UTF-8'))
else:
of_premis = "null"
else:
of_premis = "premis_file"
# Get the image name from "command_line" part of dfxml file:
dfxml_command_line = fiwalk.fiwalk_xml_command_line(dfxmlfile)
image_name = self.extractImageName(dfxml_command_line, "fw")
# Generate the Fiwalk Event:
eventIdType = 0 # UUID
#eventIdVal = dfxml_command_line
eventDetail = dfxml_command_line
eDateTime = fiwalk.fiwalk_xml_start_time(dfxmlfile)
eoDetail = "Produced DFXML file: " + dfxmlfile
if (outcome == True):
eOutcome = "Completed"
else:
eOutcome = "Failed"
if of_premis != "null":
self.bcGenPremisEvent(root, eventIdType, "File System Analysis", eventDetail, eDateTime, eOutcome, eoDetail, of_premis, fw_tab)
return root