def file_open(path): extension = sig_check(path) print('extension: ' + extension) if extension == 'MS Windows Vista Event Log': hash_v = calc_hash.get_hash(path, 'before') file = event_open(path) return log_analysis.EventAnalysis(file, path, hash_v) print("[Error] input file error by fortools\nPlease check your file") return -1
def file_open(path): extension = sig_check(path) print('extension: ' + str(extension)) if extension == 'MS Windows shortcut': hash_v = calc_hash.get_hash(path, 'before') file = lnk_open(path) return lnk_analysis.LnkAnalysis(file, path, hash_v) print("[Error] input file error by fortools\nPlease check your file") return -1
def file_open(path): extension = sig_check(path) print('extension: ' + str(extension)) if extension == 'Icon': hash_v = calc_hash.get_hash(path, 'before') file = iconcache_open(path) return iconcache_analysis.IconcacheAnalysis(file, path, hash_v) print("[Error] input file error by fortools\nPlease check your file") return -1
def file_open(path): extension = sig_check(path) print('extension: ' + str(extension)) if extension == 'Zip archive data': hash_v = calc_hash.get_hash(path, 'before') file = zip_open(path) return files_analysis.ZIPAnalysis(file, path, hash_v) print( "[Error] input file error by fortools\nPlease check your file") return -1
def file_open(path): extension = sig_check(path) print('extension: ' + str(extension)) if extension == 'PDF document': hash_v = calc_hash.get_hash(path, 'before') file = pdf_open(path) return files_analysis.PDFAnalysis(file, path, hash_v) print( "[Error] input file error by fortools\nPlease check your file") return -1
def file_open(path): extension = sig_check(path) print('extension: ' + str(extension)) if extension == 'Hangul (Korean) Word Processor File 5.x' or extension == 'Data': hash_v = calc_hash.get_hash(path, 'before') file = ole_open(path) return files_analysis.HWPAnalysis(file, path, hash_v) print( "[Error] input file error by fortools\nPlease check your file") return -1
def file_open(path): extension = sig_check(path) print('extension: ' + extension) if extension == 'Thumb_Icon': hash_v = calc_hash.get_hash(path, 'before') file = cache_open(path) return thumbnail_analysis.ThumbnailAnalysis_windows( file, path, hash_v) print("[Error] input file error by fortools\nPlease check your file") return -1
def file_open(path): extension = sig_check(path) print('extension: ' + extension) if extension == 'Composite Document File V2 Document': hash_v = calc_hash.get_hash(path, 'before') file = ole_open(path) return jump_analysis.JumplistAnalysis(file, path, hash_v) else: print( "[Error] input file error by fortools\nPlease check your file") return -1
def file_open(path): before_hash = [] if os.path.exists(path): cache_file_list = os.listdir(path) for i in range(0, len(cache_file_list)): hashdic = { cache_file_list[i]: calc_hash.get_hash(path + '\\' + cache_file_list[i], 'before') } before_hash.append(hashdic) chrome_file = browser_analysis.Chrome.Cache(path, before_hash) return chrome_file
def disk_open(path): hash_val = calc_hash.get_hash(path, 'before') try: if pyewf.check_file_signature(path) == True: filename = pyewf.glob(path) ewf_handle = pyewf.handle() ewf_handle.open(filename) return disk_analysis.E01Analysis(ewf_handle, path, hash_val) else: return disk_analysis.DDAnalysis(path, hash_val) except: print( "[Error] input file error by fortools\nPlease check your file") return -1
def file_open(path): hash_v = calc_hash.get_hash(path, 'before') extension = sig_check(path) if extension == 'MFT': print('extension: MFT') return filesystem_analysis.MFTAnalysis(filesystem_log_open(path), path, hash_v) elif extension == 'None in our sig DB' or extension == 'data': return filesystem_analysis.UsnJrnl(filesystem_log_open(path), path, hash_v) else: print('extension: ' + str(extension)) print( "[Error] input file error by fortools\nPlease check your file") return -1
def file_open(path): info_list = [] result = os.path.isfile(path) result = str(result) if result != 'True': for a in os.listdir(path): file_exetension = a.split('.')[-1] if file_exetension == 'pf': fullPath = os.path.join(path, a) file = Prefetch.file_open(fullPath) info = file.get_all_info() info_list = info + info_list if a == os.listdir(path)[-1]: return info_list extension = sig_check(path) print('extension: ' + str(extension)) if extension == 'prefetch': hash_v = calc_hash.get_hash(path, 'before') file = prefetch_open(path) file.seek(0) version = struct.unpack_from('I', file.read(4))[0] if version == 23: file = prefetch_open(path) path2 = None else: dirname = os.path.dirname(path) basename = os.path.basename(path) base = os.path.splitext(basename) basename = base[0] exetension = base[-1] file = prefetch_open(dirname + '\\' + basename + '-1' + exetension) path2 = dirname + '\\' + basename + '-1' + exetension file.seek(0) version = struct.unpack_from('I', file.read(4))[0] if version != 23 and version != 30: print('error: not supported version') return -1 return prefetch_analysis.PrefetchAnalysis(file, path, path2, hash_v) print("check your file format. This is not Prefetch file") return -1
def file_open(path): extension = sig_check(path) if extension == 'MS Windows registry file': file = reg_open(path) hash_val = calc_hash.get_hash(path, 'before') if Registry.HiveType.NTUSER == file.hive_type(): return reg_analysis.RegAnalysis(file, path, hash_val) elif Registry.HiveType.SAM == file.hive_type(): return reg_analysis.RegAnalysis(file, path, hash_val) elif Registry.HiveType.SOFTWARE == file.hive_type(): return reg_analysis.RegAnalysis(file, path, hash_val) elif Registry.HiveType.SYSTEM == file.hive_type(): return reg_analysis.RegAnalysis(file, path, hash_val) elif Registry.HiveType.SECURITY == file.hive_type(): return reg_analysis.RegAnalysis(file, path, hash_val) else: print( "[Error] input file error by fortools\nPlease check your file" ) return -1 else: print( "[Error] input file error by fortools\nPlease check your file") return -1
def __cal_hash(self): self.__hash_value.append(calc_hash.get_hash(self.__path, 'after'))
def __cal_hash(self): after_hash = calc_hash.get_hash(self.__file, 'after') self.__hash_val.append(after_hash)
def file_open(path): hash_v = calc_hash.get_hash(path, 'before') file = ie_edge_open(path) return winsearch_analysis.WinSearchAnalysis(file, path, hash_v)
def file_open(path): hash_v = calc_hash.get_hash(path, 'before') file = normal_file_oepn(path) return log_analysis.LinuxLogAnalysis.AuthLog(file, path, hash_v)
def file_open(path): hash_v = calc_hash.get_hash(path, 'before') ie_edge_file = browser_analysis.Ie_Edge.Download( ie_edge_open(path), path, hash_v) return ie_edge_file
def file_open(path): hash_v = calc_hash.get_hash(path, 'before') firefox_file = browser_analysis.Firefox.Cookie(path, hash_v) return firefox_file
def file_open(path): hash_v = calc_hash.get_hash(path, 'before') file = normal_file_oepn(path) return log_analysis.ApacheLog.Access(file, path, hash_v)
def file_open(path): hash_v = calc_hash.get_hash(path, 'before') chrome_file = browser_analysis.Chrome.Cookie(path, hash_v) return chrome_file
def file_open(path): hash_v = calc_hash.get_hash(path, 'before') file = normal_file_oepn(path) return log_analysis.IIS(file, path, hash_v)
def file_open(path): hash_v = calc_hash.get_hash(path, 'before') file = ole_open(path) return files_analysis.MSOldAnalysis(file, path, hash_v)
def mem_open(path): extension = sig_check(path) if extension == 'data' or extension == 'block special': hash_val = calc_hash.get_hash(path, 'before') return mem_analysis.MemAnalysis(path, hash_val)