"specaccts", "userinit", "imagefile", "removdev", "networklist", "clsid", "init_dlls", "codeid", "snapshot", "defbrowser", "soft_run", "EMDMgmt.pl", "winlivemail.pl", "dfrg", "direct", "run", "tracing", "trappoll", "wbem") #set up array for security plugins security_plugins = ("lsasecrets", "auditpol", "polacdms") #get datetime now = datetime.datetime.now() #set Mount Point mount_point = "/mnt/" + now.strftime("%Y-%m-%d_%H_%M_%S") #get case number case_number = get_case_number() #get output location folder_path = get_output_location(case_number) #open a log file for output log_file = folder_path + "/" + case_number + "_logfile.txt" outfile = open(log_file, 'wt+') #select dd image to process Image_Path = select_file_to_process(outfile) #check if Image file is in Encase format if re.search(".E01", Image_Path): #strip out single quotes from the quoted path
#set up plugins to run against software hive software_plugins = ("appinitdlls", "winver", "secctr", "urlzone", "cmd_shell", "notify", "schedagent", "ie_version", "kb950582", "port_dev", "sql_lastconnect", "bitbucket", "regback", "bho", "sfc", "banner", "macaddr", "apppaths", "msis", "svchost", "taskman", "networkuid", "vista_wireless", "installedcomp", "drwatson", "shelloverlay", "winlogon", "ctrlpnl", "virut", "winnt_cv", "ssid", "shellexec", "win_cv", "renocide", "uninstall", "networkcards", "product", "profilelist", "shellext", "landesk", "assoc", "specaccts", "userinit", "imagefile", "removdev", "networklist", "clsid", "init_dlls", "codeid", "snapshot", "defbrowser", "soft_run", "EMDMgmt.pl", "winlivemail.pl", "dfrg", "direct", "run", "tracing", "trappoll", "wbem") #set up array for security plugins security_plugins = ("lsasecrets", "auditpol", "polacdms") #get datetime now = datetime.datetime.now() #set Mount Point mount_point = "/mnt/" + now.strftime("%Y-%m-%d_%H_%M_%S") #get case number case_number = get_case_number() #get output location folder_path = get_output_location(case_number) #open a log file for output log_file = folder_path + "/" + case_number + "_logfile.txt" outfile = open(log_file, 'wt+') #select dd image to process Image_Path = select_file_to_process(outfile) #check if Image file is in Encase format if re.search(".E01", Image_Path): #strip out single quotes from the quoted path