Exemplo n.º 1
0
def getFileHaveBeenOpen():
    """ Lấy danh sách các file trong MRU cache. File được lưu vào thư mục "tmpFolder/FileHaveBeenOpen/" được tạo bởi start.preEnv()
	"""
    api.copyFile(outputDir + "tmpFolder/reg/userReg",
                 outputDir + "tmpFolder/FileHaveBeenOpen")
    listFolder = api.retCmd("ls " + outputDir +
                            "tmpFolder/FileHaveBeenOpen/userReg").split("\n")
    for userFolder in listFolder:
        if len(userFolder) > 2:
            listReg = api.retCmd("ls " + outputDir +
                                 "tmpFolder/FileHaveBeenOpen/userReg/" +
                                 userFolder).split("\n")
            tmpPath = outputDir + "tmpFolder/FileHaveBeenOpen/userReg/" + userFolder + "/"

            for regName in listReg:
                if len(regName) > 2 and "ntus" in regName.lower(
                ) and "txt" not in regName.lower():
                    cmd = "rip.pl -r " + tmpPath + regName + " -p userassist > " + tmpPath + regName.replace(
                        ".DAT", "Full.txt").replace(".dat", "Full.txt")
                    api.retCmd(cmd)
                    f = open(
                        tmpPath + regName.replace(".DAT", "Full.txt").replace(
                            ".dat", "Full.txt"), "r").read().split("\n")
                    retFile = open(
                        tmpPath + regName.replace(".DAT", ".txt").replace(
                            ".dat", ".txt"), "w")
                    tmpCE = commonExtension.split("-")
                    for line in f:
                        for cE in tmpCE:
                            if cE.lower() in line.lower():
                                retFile.write(line.strip() + "\n")

                    retFile.close()
Exemplo n.º 2
0
def copyChosenFile():
    f = open("FileNeedCopy.txt", "r").read().split("\n")

    count = 0
    for file in f:
        if len(file) > 2:
            path = outputDir + "tmpFolder/fileCopyOption/" + str(count)
            api.retCmd("mkdir -p " + path)
            api.copyFile(inputPath + file, path)
            count += 1
Exemplo n.º 3
0
def copyChosenFile():
    """ 
	Copy các file được yêu cầu trong "FileNeedCopy.txt". File được lưu vào thư mục "tmpFolder/fileCopyOption/" được tạo bởi start.preEnv()
	"""
    f = open("FileNeedCopy.txt", "r").read().split("\n")

    count = 0
    for file in f:
        if len(file) > 2:
            path = outputDir + "tmpFolder/fileCopyOption/" + str(count)
            api.retCmd("mkdir -p " + path)
            api.copyFile(inputPath + file, path)
            count += 1
Exemplo n.º 4
0
def getRoughData():
    """ 
	Lấy Dữ liệu thô gồm windows logs và registry. File được lưu vào thư mục "tmpFolder" được tạo bởi start.preEnv()
	"""
    try:
        api.copyFile(inputPath + "Windows/System32/config",
                     outputDir + "tmpFolder/reg")  #registry
        api.copyFile(inputPath + "Windows/System32/winevt/Logs",
                     outputDir + "tmpFolder/winLog")  #winlog

        api.retCmd("rip.pl -r " + outputDir +
                   "tmpFolder/reg/config/SAM -p samparse > " + outputDir +
                   "tmpFolder/reg/config/SAMparse")
    except:
        print "loi getRoughData phase 1"

    try:
        getUserAndSID()

        for userName in userList:
            cacheStore = outputDir + "tmpFolder/reg/userReg/" + userName
            api.retCmd("mkdir -p " + cacheStore)
            api.copyFile(inputPath + "Users/" + userName + "/NTUSER.DAT",
                         cacheStore)  #user registry
    except:
        print "loi getRoughData phase 2"
    return 0
Exemplo n.º 5
0
def getRoughData():

    # get reg file and some thing we want to use
    try:
        api.copyFile(inputPath + "Windows/System32/config",
                     outputDir + "tmpFolder/reg")  #registry
        api.copyFile(inputPath + "Windows/System32/winevt/Logs",
                     outputDir + "tmpFolder/winLog")  #winlog

        api.retCmd("rip.pl -r " + outputDir +
                   "tmpFolder/reg/config/SAM -p samparse > " + outputDir +
                   "tmpFolder/reg/config/SAMparse")
    except:
        print "loi getRoughData phase 1"

    try:
        getUserAndSID()

        for userName in userList:
            cacheStore = outputDir + "tmpFolder/reg/userReg/" + userName
            api.retCmd("mkdir -p " + cacheStore)
            api.copyFile(inputPath + "Users/" + userName + "/NTUSER.DAT",
                         cacheStore)  #user registry
    except:
        print "loi getRoughData phase 2"
    return 0
Exemplo n.º 6
0
def getBrowserCache():
    """ 
	Lấy cache các trình duyệt phổ biến gồm: chrome, coccoc, IE, firefox, opera. File được lưu vào thư mục "tmpFolder/browserCache/" được tạo bởi start.preEnv()
	"""
    getUserAndSID()
    for userName in userList:
        cacheStore = outputDir + "tmpFolder/browserCache/" + userName
        api.retCmd("mkdir -p " + cacheStore)

        # -------------------------------------------- test chay binh thuong --------------------------------------------
        chromeCache = inputPath + "Users/" + userName + "/AppData/Local/Google/Chrome/User Data/Default/Cache"
        if os.path.exists(chromeCache):
            api.copyFile(chromeCache, cacheStore + "/chrome")

        coccocCache = inputPath + "Users/" + userName + "/AppData/Local/CocCoc/Browser/User Data/Default/Cache"
        if os.path.exists(coccocCache):
            api.copyFile(coccocCache, cacheStore + "/coccoc")

        ieCache = inputPath + "Users/" + userName + "/AppData/Local/Microsoft/Windows/INetCache/IE"
        if os.path.exists(ieCache):
            api.copyFile(ieCache, cacheStore + "/IE1")
        ieCache = inputPath + "Users/" + userName + "/AppData/Local/Microsoft/Windows/Caches"
        if os.path.exists(ieCache):
            api.copyFile(ieCache, cacheStore + "/IE2")
        ieCache = inputPath + "Users/" + userName + "/AppData/Local/Microsoft/Windows/Profiles/INetCache/IE"
        if os.path.exists(ieCache):
            api.copyFile(ieCache, cacheStore + "/IE3")
        # ---------------------------------------------------------------------------------------

        operaCache = inputPath + "Users/" + userName + "AppData/Local/Opera Software/Opera Stable"
        if os.path.exists(operaCache):
            api.copyFile(operaCache, cacheStore + "/opera")

        firefoxCache = inputPath + "Users/" + userName + "/AppData/Local/Mozilla/Firefox/Profiles"
        if os.path.exists(firefoxCache):
            api.copyFile(firefoxCache, cacheStore + "/firefox")
Exemplo n.º 7
0
def getMRUCache():
    api.copyFile(outputDir + "tmpFolder/reg/userReg",
                 outputDir + "tmpFolder/MRUCache")