def process(self,fname):
self.prior_fname = self.current_fname
self.current_fname = fname
if fname.endswith("xml"):
with open(fname,'rb') as xmlfile:
for fi in dfxml.iter_dfxml(xmlfile, preserve_elements=True):
self.process_fi(fi)
else:
fiwalk.fiwalk_using_sax(imagefile=open(fname,'rb'), flags=fiwalk.ALLOC_ONLY, callback=self.process_fi)
def process(self, fname):
self.prior_fname = self.current_fname
self.current_fname = fname
if fname.endswith("xml"):
with open(fname, 'rb') as xmlfile:
for fi in dfxml.iter_dfxml(xmlfile, preserve_elements=True):
self.process_fi(fi)
else:
fiwalk.fiwalk_using_sax(imagefile=open(fname, 'rb'),
flags=fiwalk.ALLOC_ONLY,
callback=self.process_fi)
"--debug",
help="prints debugging info",
dest="debug",
action="store_true")
parser.add_option("-c",
"--commit",
help="Really do the redaction",
action="store_true")
parser.add_option("--all", help="Do all", action="store_true")
(options, args) = parser.parse_args()
# First read all of the redaction files
for fn in glob("*redacted.xml*"):
try:
fiwalk.fiwalk_using_sax(
xmlfile=open(fn),
callback=lambda fi: redact_filenames.add(fi.filename()))
except xml.parsers.expat.ExpatError:
print("Invalid XML file:", fn)
print("number of filenames in redaction XML:", len(redact_filenames))
if options.all:
fns = glob("*.raw")
else:
fns = args
for fn in fns:
print "Redacting %s" % fn
xml_out = open(fn.replace(".raw", "-redacted.xml"), "w")
xml_out.write("<?xml version='1.0' encoding='ISO-8859-1'?>\n")
xml_out.write("<redaction_report>\n")
def ingest_dfxml(self,fname):
fiwalk.fiwalk_using_sax(xmlfile=open(fname,'rb'),flags=fiwalk.ALLOC_ONLY,callback=self.process_fi)
if __name__ == "__main__":
import sys, time
from optparse import OptionParser
from subprocess import Popen, PIPE
global options
parser = OptionParser()
parser.usage = "%prog [options] config-file"
parser.add_option("-d",
"--debug",
help="prints debugging info",
dest="debug")
(options, args) = parser.parse_args()
t0 = time.time()
# Read the redaction configuration file
rc = RedactConfig(args[0])
if not rc.imagefile:
print "Error: a filename must be specified in the redaction config file"
sys.exit(1)
fiwalk.fiwalk_using_sax(imagefile=rc.imagefile,
xmlfile=rc.xmlfile,
callback=rc.process_file)
t1 = time.time()
rc.close_files()
print "Time to run: %d seconds" % (t1 - t0)
parser.usage = '%prog [options] imagefile zipfile [x1 x2 x3]\nFind files x1, x2, x3 ... in imagefile and write to zipfile'
(options, args) = parser.parse_args()
if len(args) < 3:
parser.print_help()
exit(1)
imagefilename = args[0]
xmlfilename = options.xmlfilename
xmlfh = None
if xmlfilename != None:
xmlfh = open(xmlfilename, "r")
zipfilename = args[1]
targets = set([fn.lower() for fn in args[2:]])
zfile = zipfile.ZipFile(zipfilename, "w", allowZip64=True)
def proc(fi):
basename = os.path.basename(fi.filename()).lower()
if basename in targets:
info = zipfile.ZipInfo(
fi.filename(),
datetime.datetime.fromtimestamp(
fi.mtime().timestamp()).utctimetuple())
info.internal_attr = 1
info.external_attr = 2175008768 # specifies mode 0644
zfile.writestr(info, fi.contents())
fiwalk.fiwalk_using_sax(imagefile=open(imagefilename),
xmlfile=xmlfh,
callback=proc)
sys.exit(1)
imagefile = open(args[0], "r")
annotated_runs = []
if options.debug:
print("Read %d file objects from %s" %
(len(fileobjects), imagefile.name))
def cb(fi):
if options.debug: print("Read " + str(fi))
fragment_num = 1
for run in fi.byte_runs():
annotated_runs.append((run.img_offset, run, fragment_num, fi))
fragment_num += 1
fiwalk.fiwalk_using_sax(imagefile=imagefile, callback=cb)
next_sector = 0
for (ip, run, fragment_num, fi) in sorted(annotated_runs):
extra = ""
fragment = ""
start_sector = run.img_offset / 512
sector_count = int(run.bytes / 512)
partial = run.bytes % 512
if not fi.allocated():
print("***")
if not fi.file_present(): # it's not here!
continue
from optparse import OptionParser
from subprocess import Popen,PIPE
global options,xml_out
from glob import glob
parser = OptionParser()
parser.usage = "%prog [options] imagefile"
parser.add_option("-d","--debug",help="prints debugging info",dest="debug",action="store_true")
parser.add_option("-c","--commit",help="Really do the redaction",action="store_true")
parser.add_option("--all",help="Do all",action="store_true")
(options,args) = parser.parse_args()
# First read all of the redaction files
for fn in glob("*redacted.xml*"):
try:
fiwalk.fiwalk_using_sax(xmlfile=open(fn),callback=lambda fi:redact_filenames.add(fi.filename()))
except xml.parsers.expat.ExpatError:
print "Invalid XML file:",fn
print "number of filenames in redaction XML:",len(redact_filenames)
if options.all:
for fn in glob("*.aff"):
raw = fn.replace(".aff",".raw")
if not os.path.exists(raw):
print "%s --> %s" % (fn,raw)
if call(['afconvert','-e','raw',fn])!=0:
raise RuntimeError,"afconvert of %s failed" % fn
fns = glob("*.raw")
else:
fns = args
self.imagefile.close()
if self.xmlfile and self.xmlfile.closed == False:
print "Closing file: %s" % self.xmlfile.name
self.xmlfile.close()
if __name__=="__main__":
import sys,time
from optparse import OptionParser
from subprocess import Popen,PIPE
global options
parser = OptionParser()
parser.usage = "%prog [options] config-file"
parser.add_option("-d","--debug",help="prints debugging info",dest="debug")
(options,args) = parser.parse_args()
t0 = time.time()
# Read the redaction configuration file
rc = RedactConfig(args[0])
if not rc.imagefile:
print "Error: a filename must be specified in the redaction config file"
sys.exit(1)
fiwalk.fiwalk_using_sax(imagefile=rc.imagefile,xmlfile=rc.xmlfile,callback=rc.process_file)
t1 = time.time()
rc.close_files()
print "Time to run: %d seconds" % (t1-t0)
#output is to stdout
outfile = sys.stdout
#find partition information, blocksize and filesystem
#1st partition has no. 1, to correspond to fiwalk output
partitioncounter = 0
f.write("********************************** PARTITIONS **********************************")
f.write("\nNo\tBlocksize\tFilesystem\n")
for line in f:
if re.search("block_size", line):
partitioncounter += 1
f_out.write(str(partitioncounter))
f_out.write("\t")
f_out.write(re.split(">|<", line)[2])
if re.search("ftype_str", line):
f_out.write("\t\t")
f_out.write(re.split(">|<", line)[2])
f_out.write("\n")
f_out.write("\n\n************************************* DATA *************************************\n")
f_out.write("Partition\tFilename\tSize\tTimestamps\n")
f.close()
#re-open file for binary reading
#file processing
f = open(file_name, "rb")
fiwalk.fiwalk_using_sax(xmlfile=f,callback=proc)
if len(args)<1:
parser.print_help()
sys.exit(1)
imagefile = open(args[0],"r")
annotated_runs = []
if options.debug: print("Read %d file objects from %s" % (len(fileobjects),imagefile.name))
def cb(fi):
if options.debug: print("Read "+str(fi))
fragment_num = 1
for run in fi.byte_runs():
annotated_runs.append((run.img_offset,run,fragment_num,fi))
fragment_num += 1
fiwalk.fiwalk_using_sax(imagefile=imagefile,callback=cb)
next_sector = 0
for (ip,run,fragment_num,fi) in sorted(annotated_runs):
extra = ""
fragment = ""
start_sector = run.img_offset/512
sector_count = int(run.bytes/512)
partial = run.bytes % 512
if not fi.allocated():
print("***")
if not fi.file_present(): # it's not here!
continue
