def _collect(self) -> None:
filename: str = self.get_parameter('filename')
result = run_terminal_command(
['mdfind', self._get_mdfind_parameter(filename)])
if result is None or result == "":
self.data = f"Application '{filename}' not found."
else:
self.data = result
def _collect_extended_attributes(self):
if platform.system() != "Darwin":
self.data = f"Collection of extended attributes on platform '{platform.system()}' is not supported."
return
extended_attributes = run_terminal_command(['xattr', self.source_path])
if extended_attributes is not None and extended_attributes != "":
self.data = f"Extended Attributes: {extended_attributes}"
def _collect(self) -> None:
try:
if not path.exists(self.source_path):
self.data = f"File '{self.source_path}' does not exist."
return
except AttributeError:
raise (
CollectorParameterError("No 'filepath' parameter provided."))
plutil_path = self.tool_path
self.data = run_terminal_command([plutil_path, '-p', self.source_path])
self.data[-1].sourcepath = self.source_path
if plutil_path == 'plutil':
self.data = \
"WARNING: No own copy of 'PLUtil' provided. 'PLUtil' of the live artefact has been used."
def _collect(self) -> None:
self.data = run_terminal_command(
['system_profiler', 'SPApplicationsDataType'])
def _collect(self):
result = run_terminal_command(['diskutil', 'apfs', 'list'])
possible_filevault = 'FileVault: Yes' in result
self.data = f"Possible FileVault encryption detected: " \
f"{possible_filevault}\r\n\r\nDiskutil apfs list: \r\n{result}"
def _collect(self):
result = run_terminal_command(['diskutil', 'list'])
possible_fusion = 'Fusion' in result
self.data = f"Possible Fusion Drive detected: {possible_fusion}\r\n\r\nDiskutil list:\r\n{result}"
def _collect(self):
self.data = run_terminal_command(['zdump', '/etc/localtime'])
self.data[-1].sourcepath = '/etc/localtime'
def _collect(self):
nvramcontent = run_terminal_command(['nvram', '-xp'])
self.data = nvramcontent
self.data[-1].save_as_md5(nvramcontent)
def _collect(self) -> None:
self.data = run_terminal_command(
['system_profiler', 'SPHardwareDataType'])
def _collect(self) -> None:
self.data = run_terminal_command(['diskutil', 'list'])
self.data = run_terminal_command(['diskutil', 'apfs', 'list'])
def _collect(self) -> None:
self.data = run_terminal_command(['sudo', '-V'])