Пример #1
0
 def get_typed_urls(self):
     """
     /!\ Only urls directly typed
     """
     #TODO: convert time into human readable dates
     typed_urls_list = []
     for (user, hive) in self.config.users_hives:
         try:
             urls_list = []
             urls = registry.get_registry_subkeys(hive, "Software\\Microsoft\\Internet Explorer\\TypedURLs")
             times = registry.get_registry_subkeys(hive, "Software\\Microsoft\\Internet Explorer\\TypedURLsTime")
             for url in urls[0]['Values']:
                 for time in times[0]['Values']:
                     if time['Name'] == url['Name']:
                         urls_list.append({'Url': url['Value'],
                                           'Time': time['Value']})
             typed_urls_list.append({'User': user,
                                     'Last Write Time': urls[0]['Last Write Time'],
                                     'Urls': urls_list})
         except:
             pass
     return typed_urls_list
Пример #2
0
 def get_startup_list(self):
     startup_list = []
     key_list = []
     for key_name in ["Microsoft\\Windows\\CurrentVersion\\Run",
         "Microsoft\\Windows\\CurrentVersion\\RunOnce",
         "Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
         "Microsoft\\Windows\\CurrentVersion\\RunServices",
         "Microsoft\\Windows\\CurrentVersion\\RunServicesOnce",
         "Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Userinit",
         "Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify",
         "Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Shell"]:
         try:
             key = registry.get_registry_subkeys(self.software_hive,
                 key_name)
             key_list += key
         except:
             pass
     for subkey in key_list:
         startup_list.append(subkey)
     return startup_list
Пример #3
0
Файл: usb.py Проект: Daudau/daf
def find_mounteddevices_info(config, serial_number):
    """
    Parse the SYSTEM\MountedDevices registry key looking for informations
    corresponding to the USB device with the given serial number.

    Arguments: The Configuration object for the analyzed disk.
               The serial number of the device to look for.

    Return: A list with the drive where the USB device was mount and his guid.
            A None object if the informations couldn't be retrieved.
    """
    drive = None
    device_guid = None
    for subkey in registry.get_registry_subkeys(config.system_hive, 
        "MountedDevices")[0]['Values']:
        subkey_value = "".join(chr(ord(c)) for c in subkey['Value'] if c != '\x00')
        if serial_number in subkey_value and "DosDevices" in subkey['Name']:
            drive = subkey['Name'].split("\\")[-1]
        else:
            device_guid = subkey['Name'].split("Volume")[-1]
    if drive and device_guid:
        return [drive, device_guid]
    return ["Drive couldn't be found :(", "GUID couldn't be found :("]
Пример #4
0
 def get_registered_applications(self):
     return registry.get_registry_subkeys(self.software_hive,
         "RegisteredApplications")