def main(param_options):
print r"""
______ _ _____ _____
| ____| | | |_ _| __ \
| |__ __ _ ___| |_ | | | |__) |
| __/ _` / __| __| | | | _ /
| | | (_| \__ \ |_ _| |_| | \ \
|_| \__,_|___/\__|_____|_| \_\
A forensic analysis tool
"""
import time
time.sleep(2)
# check administrative rights
if ctypes.windll.shell32.IsUserAnAdmin() == 0:
print "ERROR: FastIR Collector must run with administrative privileges\nPress ENTER to finish..."
sys.stdin.readline()
return 0
set_logger(param_options)
modules = factory.load_modules(param_options["packages"], param_options["output_dir"])
for m in modules:
classes = factory.load_classes(m, param_options["OS"], param_options["release"])
for cl in classes:
instance = cl(param_options)
if "dump" in str(cl):
for opt in param_options["dump"].split(","):
try:
if opt in EXTRACT_DUMP:
list_method = EXTRACT_DUMP[opt]
for method in list_method:
if method.startswith(param_options["output_type"]):
getattr(instance, method)()
except Exception:
param_options["logger"].error(traceback.format_exc())
continue
for name, method in inspect.getmembers(cl, predicate=inspect.ismethod):
if not name.startswith("_"):
try:
if param_options["output_type"] in name:
getattr(instance, name)()
except KeyboardInterrupt:
return 0
except Exception:
param_options["logger"].error(traceback.format_exc())
# Delete all shadow copies created during the acquisition process
_VSS._close_instances()
if "mount_letter" in param_options:
unmount_share(param_options["mount_letter"])
param_options['logger'].info('Check here %s for yours results' % os.path.abspath(param_options['output_dir']))
def main(param_options):
print r"""
______ _ _____ _____
| ____| | | |_ _| __ \
| |__ __ _ ___| |_ | | | |__) |
| __/ _` / __| __| | | | _ /
| | | (_| \__ \ |_ _| |_| | \ \
|_| \__,_|___/\__|_____|_| \_\
A forensic analysis tool
"""
import time
time.sleep(2)
# check administrative rights
if ctypes.windll.shell32.IsUserAnAdmin() == 0:
print "ERROR: FastIR Collector must run with administrative privileges\nPress ENTER to finish..."
sys.stdin.readline()
return 0
set_logger(param_options)
modules = factory.load_modules(param_options["packages"],
param_options["output_dir"])
for m in modules:
classes = factory.load_classes(m, param_options["OS"],
param_options["release"])
for cl in classes:
instance = cl(param_options)
if "dump" in str(cl):
for opt in param_options["dump"].split(","):
try:
if param_options["output_type"] in EXTRACT_DUMP[opt]:
getattr(instance, EXTRACT_DUMP[opt])()
except Exception:
param_options["logger"].error(traceback.format_exc())
continue
for name, method in inspect.getmembers(cl,
predicate=inspect.ismethod):
if not name.startswith("_"):
try:
if param_options["output_type"] in name:
getattr(instance, name)()
except KeyboardInterrupt:
return 0
except Exception:
param_options["logger"].error(traceback.format_exc())
# Delete all shadow copies created during the acquisition process
_VSS._close_instances()
if "output_share" in param_options:
unmount_share(param_options["mount_letter"])
def main(param_options):
print r"""
______ _ _____ _____
| ____| | | |_ _| __ \
| |__ __ _ ___| |_ | | | |__) |
| __/ _` / __| __| | | | _ /
| | | (_| \__ \ |_ _| |_| | \ \
|_| \__,_|___/\__|_____|_| \_\
A forensic analysis tool
"""
import time
time.sleep(2)
set_logger(param_options)
modules = factory.load_modules(param_options["packages"], param_options["output_dir"])
for m in modules:
classes = factory.load_classes(m, param_options["OS"], param_options["release"])
for cl in classes:
instance = cl(param_options)
if "dump" in str(cl):
for opt in param_options["dump"].split(","):
try:
if param_options["output_type"] in EXTRACT_DUMP[opt]:
getattr(instance, EXTRACT_DUMP[opt])()
except Exception:
param_options["logger"].error(traceback.format_exc())
continue
for name, method in inspect.getmembers(cl, predicate=inspect.ismethod):
if not name.startswith("_"):
try:
if param_options["output_type"] in name:
getattr(instance, name)()
except KeyboardInterrupt:
return 0
except Exception:
param_options["logger"].error(traceback.format_exc())
# Delete all shadow copies created during the acquisition process
_VSS._close_instances()
if "output_share" in param_options:
unmount_share(param_options["mount_letter"])
