def run(self, evidence, result): """Task that process data with Plaso. Args: evidence: Path to data to process. result: A TurbiniaTaskResult object to place task results into. Returns: TurbiniaTaskResult object. """ plaso_evidence = PlasoFile() plaso_file = os.path.join(self.output_dir, '{0:s}.plaso'.format(self.id)) plaso_evidence.local_path = plaso_file plaso_log = os.path.join(self.output_dir, '{0:s}.log'.format(self.id)) # TODO(aarontp): Move these flags into a recipe cmd = ( 'log2timeline.py --status_view none --hashers all ' '--partition all --vss_stores all').split() cmd.extend(['--logfile', plaso_log]) cmd.extend([plaso_file, evidence.local_path]) result.log('Running plaso as [{0:s}]'.format(' '.join(cmd))) self.execute(cmd, result, save_files=[plaso_log], new_evidence=[plaso_evidence], close=True) return result
def run(self, evidence, result): """Task that process data with Plaso. Args: evidence: Path to data to process. result: A TurbiniaTaskResult object to place task results into. Returns: TurbiniaTaskResult object. """ config.LoadConfig() plaso_evidence = PlasoFile() # Write plaso file into tmp_dir because sqlite has issues with some shared # filesystems (e.g NFS). plaso_file = os.path.join(self.tmp_dir, '{0:s}.plaso'.format(self.id)) plaso_evidence.local_path = plaso_file plaso_log = os.path.join(self.output_dir, '{0:s}.log'.format(self.id)) # TODO(aarontp): Move these flags into a recipe cmd = ( 'log2timeline.py --status_view none --hashers all ' '--partition all --vss_stores all').split() if config.DEBUG_TASKS: cmd.append('-d') if isinstance(evidence, (APFSEncryptedDisk, BitlockerDisk)): if evidence.recovery_key: cmd.extend([ '--credential', 'recovery_password:{0:s}'.format( evidence.recovery_key) ]) elif evidence.password: cmd.extend(['--credential', 'password:{0:s}'.format(evidence.password)]) else: result.close( self, False, 'No credentials were provided ' 'for a bitlocker disk.') return result cmd.extend(['--logfile', plaso_log]) cmd.extend([plaso_file, evidence.local_path]) result.log('Running plaso as [{0:s}]'.format(' '.join(cmd))) self.execute( cmd, result, log_files=[plaso_log], new_evidence=[plaso_evidence], close=True) return result
def run(self, evidence, result): """Task that process data with Plaso. Args: evidence: Path to data to process. result: A TurbiniaTaskResult object to place task results into. Returns: TurbiniaTaskResult object. """ plaso_result = PlasoFile() plaso_file = os.path.join(self.output_dir, u'{0:s}.plaso'.format(self.id)) plaso_log = os.path.join(self.output_dir, u'{0:s}.log'.format(self.id)) # TODO(aarontp): Move these flags into a recipe cmd = (u'log2timeline.py --status_view none --hashers all ' u'--partition all --vss_stores all').split() cmd.extend([u'--logfile', plaso_log]) cmd.extend([plaso_file, evidence.local_path]) result.log(u'Running plaso as [{0:s}]'.format(' '.join(cmd))) # TODO(aarontp): Create helper function to do all this plaso_proc = subprocess.Popen(cmd) stdout, stderr = plaso_proc.communicate() result.error['stdout'] = stdout result.error['stderr'] = stderr ret = plaso_proc.returncode if ret: msg = u'Plaso execution failed with status {0:d}'.format(ret) result.log(msg) result.close(success=False, status=msg) else: # TODO(aarontp): Get and set plaso version here result.log('Plaso output file in {0:s}'.format(plaso_file)) plaso_result.local_path = plaso_file result.add_evidence(plaso_result) result.close(success=True) return result
def run(self, evidence, result): """Task that process data with Plaso. Args: evidence: Path to data to process. result: A TurbiniaTaskResult object to place task results into. Returns: TurbiniaTaskResult object. """ config.LoadConfig() plaso_evidence = PlasoFile() # Write plaso file into tmp_dir because sqlite has issues with some shared # filesystems (e.g NFS). plaso_file = os.path.join(self.tmp_dir, '{0:s}.plaso'.format(self.id)) plaso_evidence.local_path = plaso_file plaso_log = os.path.join(self.output_dir, '{0:s}.log'.format(self.id)) # TODO(aarontp): Move these flags into a recipe cmd = ('log2timeline.py --status_view none --hashers all ' '--partition all --vss_stores all').split() if config.DEBUG_TASKS: cmd.append('-d') cmd.extend(['--logfile', plaso_log]) cmd.extend([plaso_file, evidence.local_path]) result.log('Running plaso as [{0:s}]'.format(' '.join(cmd))) self.execute(cmd, result, save_files=[plaso_log], new_evidence=[plaso_evidence], close=True) return result