def start(self):
"""
Start our analysis by spawning a new process that will poll memory
at a fixed interval.
"""
from lophi_semanticgap.memory import VolatilityEngine
# Setup a queue to communicate with the process
self.command_queue = multiprocessing.Queue()
# Initialize our Volatility wrapper
self.analysis_engine = VolatilityEngine(
self.machine,
self.plugins,
self.command_queue,
self.output_queue,
poll_interval=self.poll_interval)
if self.analysis_engine is None:
logger.error("Analysis could not be started.")
return
# Spawn a new proccess
self.analysis_engine.start()
def start(self):
"""
Start our analysis by spawning a new process that will poll memory
at a fixed interval.
"""
from lophi_semanticgap.memory import VolatilityEngine
# Setup a queue to communicate with the process
self.command_queue = multiprocessing.Queue()
# Initialize our Volatility wrapper
self.analysis_engine = VolatilityEngine(self.machine,
self.plugins,
self.command_queue,
self.output_queue,
poll_interval=self.poll_interval)
if self.analysis_engine is None:
logger.error("Analysis could not be started.")
return
# Spawn a new proccess
self.analysis_engine.start()
class MemoryAnalysisEngine(AnalysisEngine):
"""
This small class serves as our analysis engine for memory
"""
def __init__(self, machine, output_queue, plugins=None, poll_interval=1):
"""
Initialize our memory analysis
@param machine: Machine object that we will be performing analysis on
@param output_queue: Queue that resulting data will be returned on
@param plugins: Volatility plugins that we want to execute
@param poll_interval: Time between analysis
"""
if machine.memory is None:
logging.error(
"Machine (%s) does not have a memory sensor associated with it to use for analysis."
% machine.config.name)
return None
# set our variables for later
self.machine = machine
self.output_queue = output_queue
self.poll_interval = poll_interval
from lophi_semanticgap.memory import MODULES_DICTIONARY
# Figure out what plugins we are using
if plugins is not None:
self.plugins = plugins
elif machine.config.volatility_profile in MODULES_DICTIONARY:
logger.warn(
"No memory plugins specified. Defaulting to base set.")
self.plugins = MODULES_DICTIONARY[
machine.config.volatility_profile]
else:
logger.error(
"No memory plugins were specified, and no default plugins could be found for %s."
% machine.config.volatility_profile)
return False
# Initialize the analysis engine
self.analysis_engine = None
AnalysisEngine.__init__(self)
def start(self):
"""
Start our analysis by spawning a new process that will poll memory
at a fixed interval.
"""
from lophi_semanticgap.memory import VolatilityEngine
# Setup a queue to communicate with the process
self.command_queue = multiprocessing.Queue()
# Initialize our Volatility wrapper
self.analysis_engine = VolatilityEngine(
self.machine,
self.plugins,
self.command_queue,
self.output_queue,
poll_interval=self.poll_interval)
if self.analysis_engine is None:
logger.error("Analysis could not be started.")
return
# Spawn a new proccess
self.analysis_engine.start()
class MemoryAnalysisEngine(AnalysisEngine):
"""
This small class serves as our analysis engine for memory
"""
def __init__(self,
machine,
output_queue,
plugins=None,
poll_interval=1):
"""
Initialize our memory analysis
@param machine: Machine object that we will be performing analysis on
@param output_queue: Queue that resulting data will be returned on
@param plugins: Volatility plugins that we want to execute
@param poll_interval: Time between analysis
"""
if machine.memory is None:
logging.error("Machine (%s) does not have a memory sensor associated with it to use for analysis."%machine.config.name)
return None
# set our variables for later
self.machine = machine
self.output_queue = output_queue
self.poll_interval = poll_interval
from lophi_semanticgap.memory import MODULES_DICTIONARY
# Figure out what plugins we are using
if plugins is not None:
self.plugins = plugins
elif machine.config.volatility_profile in MODULES_DICTIONARY:
logger.warn("No memory plugins specified. Defaulting to base set.")
self.plugins = MODULES_DICTIONARY[machine.config.volatility_profile]
else:
logger.error("No memory plugins were specified, and no default plugins could be found for %s."%machine.config.volatility_profile)
return False
# Initialize the analysis engine
self.analysis_engine = None
AnalysisEngine.__init__(self)
def start(self):
"""
Start our analysis by spawning a new process that will poll memory
at a fixed interval.
"""
from lophi_semanticgap.memory import VolatilityEngine
# Setup a queue to communicate with the process
self.command_queue = multiprocessing.Queue()
# Initialize our Volatility wrapper
self.analysis_engine = VolatilityEngine(self.machine,
self.plugins,
self.command_queue,
self.output_queue,
poll_interval=self.poll_interval)
if self.analysis_engine is None:
logger.error("Analysis could not be started.")
return
# Spawn a new proccess
self.analysis_engine.start()