def run(self, evidence, result): """Task to execute hindsight.""" # Create the new Evidence object that will be generated by this Task. output_evidence = TextFile() # Create a path that we can write the new file to. output_file_path = os.path.join(self.output_dir, 'hindsight_report') output_evidence.local_path = output_file_path # Create a path for the log file hindsight_log = os.path.join(self.output_dir, 'hindsight.log') cmd = [ 'hindsight.py', '-i', evidence.local_path, '--format', evidence.output_format, '--browser_type', evidence.browser_type, '--output', output_file_path, '-l', hindsight_log ] result.log('Running hindsight as [{0:s}]'.format(' '.join(cmd))) self.execute(cmd, result, log_files=[hindsight_log], new_evidence=[output_evidence], close=True) return result
def run(self, evidence, result): """Run strings binary. Args: evidence (Evidence object): The evidence we will process result (TurbiniaTaskResult): The object to place task results into. Returns: TurbiniaTaskResult object. """ # Create the new Evidence object that will be generated by this Task. output_evidence = TextFile() # Create a path that we can write the new file to. base_name = os.path.basename(evidence.local_path) output_file_path = os.path.join(self.output_dir, '{0:s}.uni'.format(base_name)) # Add the output path to the evidence so we can automatically save it # later. output_evidence.local_path = output_file_path # Generate the command we want to run. cmd = 'strings -a -t d -e l {0:s} > {1:s}'.format( evidence.local_path, output_file_path) # Add a log line to the result that will be returned. result.log('Running strings as [{0:s}]'.format(cmd)) # Actually execute the binary self.execute(cmd, result, new_evidence=[output_evidence], close=True, shell=True) return result
def run(self, evidence, result): """Task to execute volatility.""" # Create the new Evidence object that will be generated by this Task. output_evidence = TextFile() # Create a path that we can write the new file to. # base_name = os.path.basename(evidence.local_path) output_file_path = os.path.join(self.output_dir, '{0:s}.txt'.format(self.id)) output_evidence.local_path = output_file_path # TODO: Add in config options for Turbinia cmd = 'python2 /bin/vol -f {0:s} --profile={1:s} {2:s} \ --output=text --output-file={3:s}'.format(evidence.local_path, evidence.profile, self.module, output_file_path) result.log('Running vol as [{0:s}]'.format(cmd)) self.execute(cmd, result, new_evidence=[output_evidence], close=True, shell=True) return result
class StringsJob(TurbiniaJob): """Strings collection Job. This will generate a Unicode and ASCII string collection task for each piece of evidence. """ # The types of evidence that this Job will process evidence_input = [ type(RawDisk()), type(GoogleCloudDisk()), type(GoogleCloudDiskRawEmbedded()) ] evidence_output = [type(TextFile())] def __init__(self): super(StringsJob, self).__init__(name='StringsJob') def create_tasks(self, evidence): """Create task for Strings. Args: evidence: List of evidence object to process Returns: A list of tasks to schedule. """ # Generate tasks for both types of Strings jobs tasks = [StringsAsciiTask() for _ in evidence] tasks.extend([StringsUnicodeTask() for _ in evidence]) return tasks
class GrepJob(TurbiniaJob): """Filter input based on regular expression patterns.""" # The types of evidence that this Job will process evidence_input = [type(TextFile()), type(PlasoCsvFile())] evidence_output = [type(FilteredTextFile())] def __init__(self): super(GrepJob, self).__init__(name='GrepJob') def create_tasks(self, evidence): """Create task. Args: evidence: List of evidence object to process Returns: A list of tasks to schedule. """ tasks = [GrepTask() for _ in evidence] return tasks