def _csv_open_save_mru(self, str_opensave_mru):
"""Extracts OpenSaveMRU containing information about opened and saved windows"""
# TODO : Win XP
self.logger.info("Extracting open save MRU")
hive_list = self._get_list_from_registry_key(registry_obj.HKEY_USERS, str_opensave_mru)
to_csv_list = []
for item in hive_list:
if item[self.VALUE_NAME] != "MRUListEx":
l_printable = extract_filename_from_pidlmru(item[self.VALUE_DATA])
# FIXME: (dirty) if the list is empty it's probably because the string is off by 1...
if len(l_printable) == 0:
# So we take away the first char to have a correct offset (modulo 2)
l_printable = extract_filename_from_pidlmru(item[self.VALUE_DATA][1:])
if len(l_printable) != 0:
str_printable = l_printable[-1]
if item[self.KEY_VALUE_STR] == "VALUE":
to_csv_list.append((self.computer_name, item[self.VALUE_LAST_WRITE_TIME], "HKEY_USERS",
item[self.VALUE_PATH], item[self.VALUE_NAME], item[self.KEY_VALUE_STR],
registry_obj.get_str_type(item[self.VALUE_TYPE]), str_printable))
else: # if the length is still 0 then don't know
if item[self.KEY_VALUE_STR] == "VALUE":
to_csv_list.append((self.computer_name, item[self.VALUE_LAST_WRITE_TIME], "HKEY_USERS",
item[self.VALUE_PATH], item[self.VALUE_NAME], item[self.KEY_VALUE_STR],
registry_obj.get_str_type(item[self.VALUE_TYPE]), item[self.VALUE_DATA]))
with open(self.output_dir + "\\" + self.computer_name + "_opensaveMRU.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)
def csv_shell_bags(self):
"""Extracts shellbags: size, view, icon and position for Explorer folders"""
# TODO Check Vista and under
self.logger.info("Extracting shell bags")
paths = [r"Software\Microsoft\Windows\Shell\Bags",
r"Software\Microsoft\Windows\Shell\BagMRU",
r"Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags",
r"Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU"]
hive_list = []
for path in paths:
hive_list += self._get_list_from_registry_key(registry_obj.HKEY_USERS, path)
to_csv_list = []
for item in hive_list:
try:
datas = decode_shellbag_itempos_data(item[self.VALUE_NAME], item[self.VALUE_DATA])
except IndexError:
self.logger.error("Error in shellbag data format for " + item[self.VALUE_NAME])
datas = None
if datas:
for data in datas:
if item[self.KEY_VALUE_STR] == "VALUE":
to_csv_list.append((self.computer_name, item[self.VALUE_LAST_WRITE_TIME], "HKEY_USERS",
item[self.VALUE_PATH], item[self.VALUE_NAME], item[self.KEY_VALUE_STR],
registry_obj.get_str_type(item[self.VALUE_TYPE])) + tuple(data))
else:
if item[self.KEY_VALUE_STR] == "VALUE":
to_csv_list.append((self.computer_name, item[self.VALUE_LAST_WRITE_TIME], "HKEY_USERS",
item[self.VALUE_PATH], item[self.VALUE_NAME], item[self.KEY_VALUE_STR],
registry_obj.get_str_type(item[self.VALUE_TYPE]), item[self.VALUE_DATA]))
with open(self.output_dir + "\\" + self.computer_name + "_shellbags.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)
def csv_registry_services(self):
"""Extracts services"""
self.logger.info("Extracting services")
path = r"System\CurrentControlSet\Services"
to_csv_list = []
self._generate_hklm_csv_list(to_csv_list, path)
with open(self.output_dir + "\\" + self.computer_name + "_registry_services.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)
def csv_installer_folder(self):
"""Extracts information about folders which are created at installation"""
self.logger.info("Extracting installer folders")
path = r"Software\Microsoft\Windows\CurrentVersion\Installer\Folders"
to_csv_list = []
self._generate_hklm_csv_list(to_csv_list, path)
with open(self.output_dir + "\\" + self.computer_name + "_installer_folder.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)
def csv_run_mru_start(self):
"""Extracts run MRU, containing the 26 last oommands executed using the RUN command"""
self.logger.info("Extracting Run MRU")
path = r"Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU"
to_csv_list = []
self._generate_hku_csv_list(to_csv_list, path)
with open(self.output_dir + "\\" + self.computer_name + "_run_MRU_start.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)
def csv_installed_components(self):
"""Extracts installed components"""
self.logger.info("Extracting installed components")
path = r"Software\Microsoft\Active Setup\Installed Components"
to_csv_list = []
self._generate_hklm_csv_list(to_csv_list, path)
with open(self.output_dir + "\\" + self.computer_name + "_installed_components.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)
def csv_windows_values(self):
"""Extracts windows values"""
self.logger.info("Extracting windows values")
path = r"Software\Microsoft\Windows NT\CurrentVersion\Windows"
to_csv_list = []
self._generate_hklm_csv_list(to_csv_list, path)
self._generate_hku_csv_list(to_csv_list, path)
with open(self.output_dir + "\\" + self.computer_name + "_windows_values.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)
def csv_installed_components(self):
"""Extracts installed components"""
self.logger.info("Extracting installed components")
path = r"Software\Microsoft\Active Setup\Installed Components"
to_csv_list = []
self._generate_hklm_csv_list(to_csv_list, path)
with open(
self.output_dir + "\\" + self.computer_name +
"_installed_components.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)
def csv_installer_folder(self):
"""Extracts information about folders which are created at installation"""
self.logger.info("Extracting installer folders")
path = r"Software\Microsoft\Windows\CurrentVersion\Installer\Folders"
to_csv_list = []
self._generate_hklm_csv_list(to_csv_list, path)
with open(
self.output_dir + "\\" + self.computer_name +
"_installer_folder.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)
def csv_registry_services(self):
"""Extracts services"""
self.logger.info("Extracting services")
path = r"System\CurrentControlSet\Services"
to_csv_list = []
self._generate_hklm_csv_list(to_csv_list, path)
with open(
self.output_dir + "\\" + self.computer_name +
"_registry_services.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)
def csv_run_mru_start(self):
"""Extracts run MRU, containing the 26 last oommands executed using the RUN command"""
self.logger.info("Extracting Run MRU")
path = r"Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU"
to_csv_list = []
self._generate_hku_csv_list(to_csv_list, path)
with open(
self.output_dir + "\\" + self.computer_name +
"_run_MRU_start.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)
def csv_windows_values(self):
"""Extracts windows values"""
self.logger.info("Extracting windows values")
path = r"Software\Microsoft\Windows NT\CurrentVersion\Windows"
to_csv_list = []
self._generate_hklm_csv_list(to_csv_list, path)
self._generate_hku_csv_list(to_csv_list, path)
with open(
self.output_dir + "\\" + self.computer_name +
"_windows_values.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)
def _csv_user_assist(self, count_offset, is_win7_or_further):
"""Extracts information from UserAssist registry key which contains information about executed programs
The count offset is for Windows versions before 7, where it would start at 6...
"""
self.logger.info("Extracting user assist")
path = r"Software\Microsoft\Windows\CurrentVersion\Explorer\\UserAssist"
count = "\Count"
# logged on users
users = registry_obj.RegistryKey(registry_obj.HKEY_USERS)
hive_list = []
for i in xrange(users.get_number_of_sub_keys()):
user = users.get_sub_key(i)
user_assist_key = user.get_sub_key_by_path(path)
if user_assist_key:
for j in xrange(user_assist_key.get_number_of_sub_keys()):
# getting Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\*\Count
path_no_sid = "\\".join(
user_assist_key.get_sub_key(j).get_path().split("\\")
[1:])
hive_list += self._get_list_from_registry_key(
registry_obj.HKEY_USERS, path_no_sid + count)
to_csv_list = []
for item in hive_list:
if item[self.KEY_VALUE_STR] == "VALUE":
str_value_name = codecs.decode(item[self.VALUE_NAME], "rot_13")
str_value_datatmp = item[self.VALUE_DATA]
# some data are less than 16 bytes for some reason...
if len(str_value_datatmp) < 16:
to_csv_list.append(
(self.computer_name, item[self.VALUE_LAST_WRITE_TIME],
"HKEY_USERS", item[self.VALUE_PATH],
item[self.VALUE_NAME], item[self.KEY_VALUE_STR],
registry_obj.get_str_type(item[self.VALUE_TYPE]),
str_value_name))
else:
if is_win7_or_further:
data = csv_user_assist_value_decode_win7_and_after(
str_value_datatmp, count_offset)
else:
data = csv_user_assist_value_decode_before_win7(
str_value_datatmp, count_offset)
to_csv_list.append(
(self.computer_name, item[self.VALUE_LAST_WRITE_TIME],
"HKEY_USERS", item[self.VALUE_PATH],
item[self.VALUE_NAME], item[self.KEY_VALUE_STR],
registry_obj.get_str_type(item[self.VALUE_TYPE]),
str_value_name) + tuple(data))
with open(
self.output_dir + "\\" + self.computer_name +
"_user_assist.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)
def csv_startup_programs(self):
"""Extracts programs running at startup"""
self.logger.info("Extracting startup programs")
software = "Software"
wow = r"\Wow6432Node"
ts_run = (
r"\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software"
r"\Microsoft\Windows\CurrentVersion\Run")
ts_run_once = (
r"\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software"
r"\Microsoft\Windows\CurrentVersion\RunOnce")
paths = [
r"\Microsoft\Windows\CurrentVersion\Run",
r"\Microsoft\Windows\CurrentVersion\RunOnce",
r"\Microsoft\Windows\CurrentVersion\RunOnceEx",
r"\Microsoft\Windows\CurrentVersion\RunServices",
r"\Microsoft\Windows\CurrentVersion\RunServicesOnce",
r"\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit",
r"\Microsoft\Windows NT\CurrentVersion\Windows",
r"\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run", ts_run,
ts_run_once
]
to_csv_list = []
for path in paths:
full_path = software + path
self._generate_hklm_csv_list(to_csv_list, full_path)
full_path = software + wow + path
self._generate_hklm_csv_list(to_csv_list, full_path)
paths = [
r"\Microsoft\Windows\CurrentVersion\Run",
r"\Microsoft\Windows\CurrentVersion\RunOnce",
r"\Microsoft\Windows\CurrentVersion\RunOnceEx",
r"\Microsoft\Windows\CurrentVersion\RunServices",
r"\Microsoft\Windows\CurrentVersion\RunServicesOnce",
r"\Microsoft\Windows NT\CurrentVersion\Windows",
r"\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run", ts_run,
ts_run_once
]
for path in paths:
full_path = software + path
self._generate_hku_csv_list(to_csv_list, full_path)
full_path = software + wow + path
self._generate_hku_csv_list(to_csv_list, full_path)
with open(self.output_dir + "\\" + self.computer_name + "_startup.csv",
"wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)
def csv_recent_docs(self):
"""Extracts information about recently opened files saved location and opened date"""
self.logger.info("Extracting recent docs")
path = r"Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs"
hive_list = self._get_list_from_registry_key(registry_obj.HKEY_USERS, path)
to_csv_list = []
for item in hive_list:
if item[self.KEY_VALUE_STR] == "VALUE":
if item[self.VALUE_NAME] != "MRUListEx":
value_decoded = decode_recent_docs_mru(item[self.VALUE_DATA])
to_csv_list.append((self.computer_name, item[self.VALUE_LAST_WRITE_TIME], "HKEY_USERS",
item[self.VALUE_PATH], item[self.VALUE_NAME], item[self.KEY_VALUE_STR],
registry_obj.get_str_type(item[self.VALUE_TYPE])) + tuple(value_decoded))
with open(self.output_dir + "\\" + self.computer_name + "_recent_docs.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)
def csv_usb_history(self):
"""Extracts information about USB devices"""
self.logger.info("Extracting USB history")
hive_list = self._get_list_from_registry_key(
registry_obj.HKEY_LOCAL_MACHINE,
r"SYSTEM\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}",
is_recursive=False)
to_csv_list = []
for item in hive_list:
if item[self.KEY_VALUE_STR] == "KEY":
usb_decoded = get_usb_key_info(item[self.KEY_PATH])
to_csv_list.append((self.computer_name, item[self.KEY_LAST_WRITE_TIME], "HKEY_LOCAL_MACHINE",
item[self.KEY_PATH], item[self.KEY_VALUE_STR], usb_decoded))
with open(self.output_dir + "\\" + self.computer_name + "_USBHistory.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)
def csv_shell_bags(self):
"""Extracts shellbags: size, view, icon and position for Explorer folders"""
# TODO Check Vista and under
self.logger.info("Extracting shell bags")
paths = [
r"Software\Microsoft\Windows\Shell\Bags",
r"Software\Microsoft\Windows\Shell\BagMRU",
r"Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags",
r"Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU"
]
hive_list = []
for path in paths:
hive_list += self._get_list_from_registry_key(
registry_obj.HKEY_USERS, path)
to_csv_list = []
for item in hive_list:
try:
datas = decode_shellbag_itempos_data(item[self.VALUE_NAME],
item[self.VALUE_DATA])
except IndexError:
self.logger.error("Error in shellbag data format for " +
item[self.VALUE_NAME])
datas = None
if datas:
for data in datas:
if item[self.KEY_VALUE_STR] == "VALUE":
to_csv_list.append((
self.computer_name,
item[self.VALUE_LAST_WRITE_TIME], "HKEY_USERS",
item[self.VALUE_PATH], item[self.VALUE_NAME],
item[self.KEY_VALUE_STR],
registry_obj.get_str_type(item[self.VALUE_TYPE])) +
tuple(data))
else:
if item[self.KEY_VALUE_STR] == "VALUE":
to_csv_list.append(
(self.computer_name, item[self.VALUE_LAST_WRITE_TIME],
"HKEY_USERS", item[self.VALUE_PATH],
item[self.VALUE_NAME], item[self.KEY_VALUE_STR],
registry_obj.get_str_type(item[self.VALUE_TYPE]),
item[self.VALUE_DATA]))
with open(
self.output_dir + "\\" + self.computer_name + "_shellbags.csv",
"wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)
def csv_startup_programs(self):
"""Extracts programs running at startup"""
self.logger.info("Extracting startup programs")
software = "Software"
wow = r"\Wow6432Node"
ts_run = (r"\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software"
r"\Microsoft\Windows\CurrentVersion\Run")
ts_run_once = (r"\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software"
r"\Microsoft\Windows\CurrentVersion\RunOnce")
paths = [r"\Microsoft\Windows\CurrentVersion\Run",
r"\Microsoft\Windows\CurrentVersion\RunOnce",
r"\Microsoft\Windows\CurrentVersion\RunOnceEx",
r"\Microsoft\Windows\CurrentVersion\RunServices",
r"\Microsoft\Windows\CurrentVersion\RunServicesOnce",
r"\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit",
r"\Microsoft\Windows NT\CurrentVersion\Windows",
r"\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run",
ts_run,
ts_run_once]
to_csv_list = []
for path in paths:
full_path = software + path
self._generate_hklm_csv_list(to_csv_list, full_path)
full_path = software + wow + path
self._generate_hklm_csv_list(to_csv_list, full_path)
paths = [r"\Microsoft\Windows\CurrentVersion\Run",
r"\Microsoft\Windows\CurrentVersion\RunOnce",
r"\Microsoft\Windows\CurrentVersion\RunOnceEx",
r"\Microsoft\Windows\CurrentVersion\RunServices",
r"\Microsoft\Windows\CurrentVersion\RunServicesOnce",
r"\Microsoft\Windows NT\CurrentVersion\Windows",
r"\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run",
ts_run,
ts_run_once]
for path in paths:
full_path = software + path
self._generate_hku_csv_list(to_csv_list, full_path)
full_path = software + wow + path
self._generate_hku_csv_list(to_csv_list, full_path)
with open(self.output_dir + "\\" + self.computer_name + "_startup.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)
def csv_usb_history(self):
"""Extracts information about USB devices"""
self.logger.info("Extracting USB history")
hive_list = self._get_list_from_registry_key(
registry_obj.HKEY_LOCAL_MACHINE,
r"SYSTEM\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}",
is_recursive=False)
to_csv_list = []
for item in hive_list:
if item[self.KEY_VALUE_STR] == "KEY":
usb_decoded = get_usb_key_info(item[self.KEY_PATH])
to_csv_list.append(
(self.computer_name, item[self.KEY_LAST_WRITE_TIME],
"HKEY_LOCAL_MACHINE", item[self.KEY_PATH],
item[self.KEY_VALUE_STR], usb_decoded))
with open(
self.output_dir + "\\" + self.computer_name +
"_USBHistory.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)
def _csv_open_save_mru(self, str_opensave_mru):
"""Extracts OpenSaveMRU containing information about opened and saved windows"""
# TODO : Win XP
self.logger.info("Extracting open save MRU")
hive_list = self._get_list_from_registry_key(registry_obj.HKEY_USERS,
str_opensave_mru)
to_csv_list = []
for item in hive_list:
if item[self.VALUE_NAME] != "MRUListEx":
l_printable = extract_filename_from_pidlmru(
item[self.VALUE_DATA])
# FIXME: (dirty) if the list is empty it's probably because the string is off by 1...
if len(l_printable) == 0:
# So we take away the first char to have a correct offset (modulo 2)
l_printable = extract_filename_from_pidlmru(
item[self.VALUE_DATA][1:])
if len(l_printable) != 0:
str_printable = l_printable[-1]
if item[self.KEY_VALUE_STR] == "VALUE":
to_csv_list.append(
(self.computer_name,
item[self.VALUE_LAST_WRITE_TIME], "HKEY_USERS",
item[self.VALUE_PATH], item[self.VALUE_NAME],
item[self.KEY_VALUE_STR],
registry_obj.get_str_type(item[self.VALUE_TYPE]),
str_printable))
else: # if the length is still 0 then don't know
if item[self.KEY_VALUE_STR] == "VALUE":
to_csv_list.append(
(self.computer_name,
item[self.VALUE_LAST_WRITE_TIME], "HKEY_USERS",
item[self.VALUE_PATH], item[self.VALUE_NAME],
item[self.KEY_VALUE_STR],
registry_obj.get_str_type(item[self.VALUE_TYPE]),
item[self.VALUE_DATA]))
with open(
self.output_dir + "\\" + self.computer_name +
"_opensaveMRU.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)
def _csv_user_assist(self, count_offset, is_win7_or_further):
"""Extracts information from UserAssist registry key which contains information about executed programs
The count offset is for Windows versions before 7, where it would start at 6...
"""
self.logger.info("Extracting user assist")
path = r"Software\Microsoft\Windows\CurrentVersion\Explorer\\UserAssist"
count = "\Count"
# logged on users
users = registry_obj.RegistryKey(registry_obj.HKEY_USERS)
hive_list = []
for i in xrange(users.get_number_of_sub_keys()):
user = users.get_sub_key(i)
if user:
user_assist_key = user.get_sub_key_by_path(path)
if user_assist_key:
for j in xrange(user_assist_key.get_number_of_sub_keys()):
# getting Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\*\Count
path_no_sid = "\\".join(user_assist_key.get_sub_key(j).get_path().split("\\")[1:])
hive_list += self._get_list_from_registry_key(registry_obj.HKEY_USERS, path_no_sid + count)
to_csv_list = []
for item in hive_list:
if item[self.KEY_VALUE_STR] == "VALUE":
str_value_name = codecs.decode(item[self.VALUE_NAME], "rot_13")
str_value_datatmp = item[self.VALUE_DATA]
# some data are less than 16 bytes for some reason...
if len(str_value_datatmp) < 16:
to_csv_list.append((self.computer_name, item[self.VALUE_LAST_WRITE_TIME], "HKEY_USERS",
item[self.VALUE_PATH], item[self.VALUE_NAME], item[self.KEY_VALUE_STR],
registry_obj.get_str_type(item[self.VALUE_TYPE]), str_value_name))
else:
if is_win7_or_further:
data = csv_user_assist_value_decode_win7_and_after(str_value_datatmp, count_offset)
else:
data = csv_user_assist_value_decode_before_win7(str_value_datatmp, count_offset)
to_csv_list.append((self.computer_name, item[self.VALUE_LAST_WRITE_TIME], "HKEY_USERS",
item[self.VALUE_PATH], item[self.VALUE_NAME], item[self.KEY_VALUE_STR],
registry_obj.get_str_type(item[self.VALUE_TYPE]), str_value_name) + tuple(data))
with open(self.output_dir + "\\" + self.computer_name + "_user_assist.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)
def csv_recent_docs(self):
"""Extracts information about recently opened files saved location and opened date"""
self.logger.info("Extracting recent docs")
path = r"Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs"
hive_list = self._get_list_from_registry_key(registry_obj.HKEY_USERS,
path)
to_csv_list = []
for item in hive_list:
if item[self.KEY_VALUE_STR] == "VALUE":
if item[self.VALUE_NAME] != "MRUListEx":
value_decoded = decode_recent_docs_mru(
item[self.VALUE_DATA])
to_csv_list.append(
(self.computer_name, item[self.VALUE_LAST_WRITE_TIME],
"HKEY_USERS", item[self.VALUE_PATH],
item[self.VALUE_NAME], item[self.KEY_VALUE_STR],
registry_obj.get_str_type(item[self.VALUE_TYPE])) +
tuple(value_decoded))
with open(
self.output_dir + "\\" + self.computer_name +
"_recent_docs.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)
loss_ae = (torch.mean(dist_1,axis=1)) + (torch.mean(dist_2,axis=1))
lst_loss_vae.append(loss_vae)
lst_loss_ae.append(loss_ae)
avg_loss_vae=torch.cat(lst_loss_vae).mean().item()
avg_loss_ae=torch.cat(lst_loss_ae).mean().item()
return avg_loss_vae, avg_loss_ae
dataset_test=ut.IteratePointCouldDataset(dir_data,dict_info[args.name],'valtest',N=N_hold,device=device)
dataloader_test = DataLoader(dataset_test, batch_size=args.batch_size,shuffle=False)
dataset_train=ut.IteratePointCouldDataset(dir_data,dict_info[args.name],'train',N=N_hold,device=device)
dataloader_train = DataLoader(dataset_train, batch_size=args.batch_size,shuffle=False)
#test loss
print('*'*20+'Evaluating test performance'+'*'*20)
avg_loss_vae_test,avg_loss_ae_test=eval(dataloader_test)
#train loss
print('*'*20+'Evaluating train performance'+'*'*20)
avg_loss_vae_train,avg_loss_ae_train=eval(dataloader_train)
############################################
# log result
############################################
lst_result=[args.ind,args.name,'VAE',avg_loss_vae_train,avg_loss_vae_test]
ut.write_list_to_csv(lst_result,dir_log)
lst_result=[args.ind_ae,args.name,'AE',avg_loss_ae_train,avg_loss_ae_test]
ut.write_list_to_csv(lst_result,dir_log)
