def start(self):
"""
Start our analysis by spawning a new process that will bridge the
semantic gap for disk accesses
"""
from lophi_semanticgap.disk import DiskEngine
# Setup a queue to communicate with the process
self.command_queue = multiprocessing.Queue()
# Connect to our disk sensor
self.machine.disk._connect()
# Initialize our Volatility wrapper
self.analysis_engine = DiskEngine(self.machine, self.command_queue,
self.output_queue)
if self.analysis_engine is None:
logger.error("Analysis could not be started.")
return
# Spawn a new proccess
logger.debug("Starting DiskAnalysisEngine...")
self.analysis_engine.start()
def start(self):
"""
Start our analysis by spawning a new process that will bridge the
semantic gap for disk accesses
"""
from lophi_semanticgap.disk import DiskEngine
# Setup a queue to communicate with the process
self.command_queue = multiprocessing.Queue()
# Connect to our disk sensor
self.machine.disk._connect()
# Initialize our Volatility wrapper
self.analysis_engine = DiskEngine(self.machine,
self.command_queue,
self.output_queue)
if self.analysis_engine is None:
logger.error("Analysis could not be started.")
return
# Spawn a new proccess
logger.debug("Starting DiskAnalysisEngine...")
self.analysis_engine.start()
class DiskAnalysisEngine(AnalysisEngine):
"""
This small class serves as our analysis engine for disk analysis
"""
def __init__(self, machine, output_queue):
"""
Initialize our disk analysis
@param machine: Machine object that we will be performing analysis on
@param output_queue: Queue that resulting data will be returned on
"""
if machine.disk is None:
logger.error(
"Machine (%s) does not have a disk sensor associated with it to use for analysis."
% machine.config.name)
return None
# set our variables for later
self.machine = machine
self.output_queue = output_queue
# Initialize the analysis engine
self.analysis_engine = None
AnalysisEngine.__init__(self)
def start(self):
"""
Start our analysis by spawning a new process that will bridge the
semantic gap for disk accesses
"""
from lophi_semanticgap.disk import DiskEngine
# Setup a queue to communicate with the process
self.command_queue = multiprocessing.Queue()
# Connect to our disk sensor
self.machine.disk._connect()
# Initialize our Volatility wrapper
self.analysis_engine = DiskEngine(self.machine, self.command_queue,
self.output_queue)
if self.analysis_engine is None:
logger.error("Analysis could not be started.")
return
# Spawn a new proccess
logger.debug("Starting DiskAnalysisEngine...")
self.analysis_engine.start()
def stop(self):
"""
Stop any disk analysis nicely
"""
logger.debug("Stopping disk analysis.")
# Close our socket for the disk sensor
# self.machine.disk.sata_disable()
self.machine.disk._disconnect()
# terminate the analysis (It could be blocking)
self.analysis_engine.terminate()
# Join process to wait for closure
self.analysis_engine.join(5)
self.analysis_engine = None
self.command_queue.close()
class DiskAnalysisEngine(AnalysisEngine):
"""
This small class serves as our analysis engine for disk analysis
"""
def __init__(self,
machine,
output_queue):
"""
Initialize our disk analysis
@param machine: Machine object that we will be performing analysis on
@param output_queue: Queue that resulting data will be returned on
"""
if machine.disk is None:
logger.error("Machine (%s) does not have a disk sensor associated with it to use for analysis."%machine.config.name)
return None
# set our variables for later
self.machine = machine
self.output_queue = output_queue
# Initialize the analysis engine
self.analysis_engine = None
AnalysisEngine.__init__(self)
def start(self):
"""
Start our analysis by spawning a new process that will bridge the
semantic gap for disk accesses
"""
from lophi_semanticgap.disk import DiskEngine
# Setup a queue to communicate with the process
self.command_queue = multiprocessing.Queue()
# Connect to our disk sensor
self.machine.disk._connect()
# Initialize our Volatility wrapper
self.analysis_engine = DiskEngine(self.machine,
self.command_queue,
self.output_queue)
if self.analysis_engine is None:
logger.error("Analysis could not be started.")
return
# Spawn a new proccess
logger.debug("Starting DiskAnalysisEngine...")
self.analysis_engine.start()
def stop(self):
"""
Stop any disk analysis nicely
"""
logger.debug("Stopping disk analysis.")
# Close our socket for the disk sensor
# self.machine.disk.sata_disable()
self.machine.disk._disconnect()
# terminate the analysis (It could be blocking)
self.analysis_engine.terminate()
# Join process to wait for closure
self.analysis_engine.join(5)
self.analysis_engine = None
self.command_queue.close()
