def main():
args_parser = argparse.ArgumentParser(description="Tests get_version.")
options = args_parser.parse_args()
try:
pyewf.get_version()
except Exception:
return False
return True
def main():
args_parser = argparse.ArgumentParser(
description="Tests get_version.")
options = args_parser.parse_args()
try:
pyewf.get_version()
except Exception:
return False
return True
def LogLibraryVersions(log):
'''Log the versions of libraries used'''
log.info('Python version = {}'.format(sys.version))
log.info('Pytsk version = {}'.format(pytsk3.get_version()))
log.info('Pyewf version = {}'.format(pyewf.get_version()))
log.info('Pyvmdk version = {}'.format(pyvmdk.get_version()))
log.info('PyAFF4 version = {}'.format(
pyaff4._version.raw_versions()['version']))
#
__author__ = "Joachim Metz"
__version__ = "20110104"
__date__ = "Jan 4, 2011"
__copyright__ = "Copyright (c) 2006-2012, Joachim Metz <*****@*****.**>"
__license__ = "GNU LGPL version 3"
import sys
import pyewf
# ----------------------------------------------------------------------------
# Main
# ----------------------------------------------------------------------------
print "glob.py " + __version__ + " (libewf " + pyewf.get_version() + ")\n"
argc = len(sys.argv)
if argc != 2:
print "Usage: glob.py filename\n"
sys.exit(1)
try:
filenames = pyewf.glob(sys.argv[1])
except:
print "Unable to glob filename(s)\n"
print sys.exc_info()[1]
def LogLibraryVersions(log):
'''Log the versions of libraries used'''
log.info('Pytsk version = {}'.format(pytsk3.get_version()))
log.info('Pyewf version = {}'.format(pyewf.get_version()))
log.info('Pyvmdk version= {}'.format(pyvmdk.get_version()))
# __author__ = "Joachim Metz" __version__ = "20110104" __date__ = "Jan 4, 2011" __copyright__ = "Copyright (c) 2006-2012, Joachim Metz <*****@*****.**>" __license__ = "GNU LGPL version 3" import sys import pyewf # ---------------------------------------------------------------------------- # Main # ---------------------------------------------------------------------------- print "metadata.py " + __version__ + " (libewf " + pyewf.get_version() + ")\n" argc = len( sys.argv ) if argc < 2: print "Usage: metadata.py filename(s)\n" sys.exit( 1 ) if argc == 2: try: filenames = pyewf.glob( sys.argv[ 1 ] ) except: print "Unable to glob filename(s)\n"
# __author__ = "Joachim Metz" __version__ = "20130120" __date__ = "Jan 20, 2013" __copyright__ = "Copyright (c) 2006-2013, Joachim Metz <*****@*****.**>" __license__ = "GNU LGPL version 3" import sys import pyewf # ---------------------------------------------------------------------------- # Main # ---------------------------------------------------------------------------- print "glob.py " + __version__ + " (libewf " + pyewf.get_version() + ")\n" argc = len( sys.argv ) if argc != 2: print "Usage: glob.py filename\n" sys.exit( 1 ) try: filenames = pyewf.glob( sys.argv[ 1 ] ) except: print "Unable to glob filename(s)\n" print sys.exc_info()[ 1 ]
def main():
# commands and arguments
# argparse https://docs.python.org/3/library/argparse.html#module-argparse
parser = ArgumentParser(description="Extract the file slack spaces.")
parser.add_argument("image", metavar="disk image", nargs=1, action="store")
parser.add_argument(
"-e",
"--encoding",
default="",
help=
"Display slack space in LATIN-1 or Hex. Supported options 'latin-1', 'hex'.",
)
parser.add_argument(
"-t",
"--type",
required=True,
help=
"Type of the disk image. Currently supported options 'raw' and 'ewf'.",
)
parser.add_argument(
"-p",
"--pprint",
action="store_true",
help="Pretty print all found file slack spaces.",
)
# create a temporary dir for slacks
tmpdir = tempfile.TemporaryDirectory(prefix="slacks_")
parser.add_argument(
"-d",
"--dump",
action="store",
default=tmpdir.name,
help=
"Dump file slack spaces of each file in raw format to a directory if specified, by default temporary dir.",
)
parser.add_argument(
"-c",
"--csv",
action="store",
default=None,
help="Write file slacks information to a CSV file.",
)
parser.add_argument(
"-v",
"--verbose",
action="store_true",
default=False,
help="Control the verbosity of the output.",
)
parser.add_argument("--version", action="version", version="v0.2.10")
global arguments
arguments = parser.parse_args()
global all_slacks
all_slacks = []
if arguments.image is not None:
CWD = Path().cwd()
if not CWD.joinpath(arguments.image[0]).exists():
print(
f"The disk image '{arguments.image[0]}' is not found.",
file=sys.stderr,
)
sys.exit(1)
# print versions
print("SleuthKit lib version:", pytsk3.TSK_VERSION_STR)
print("Module pytsk3 version:", pytsk3.get_version())
print("Module pyewf version:", pyewf.get_version())
# open image
if arguments.image is not None:
if arguments.type == "raw":
img_handler = pytsk3.Img_Info(arguments.image[0])
elif arguments.type == "ewf":
print(arguments.image)
ewf_handle = pyewf.handle()
filenames = pyewf.glob(arguments.image[0])
ewf_handle.open(filenames)
img_handler = ewf.ewf_Img_Info(ewf_handle)
elif arguments.type == "aff":
print("Not Supported Yet ! ", file=sys.stderr)
sys.exit(1)
elif arguments.type not in ["raw", "ewf"]:
print("Not Supported Yet ! Only 'raw' and 'ewf'. ",
file=sys.stderr)
sys.exit(1)
# open the image volume for the partitions within it
try:
partition_table = pytsk3.Volume_Info(img_handler)
print_partition_table(partition_table)
except OSError as e:
# there is no Volume in the image.
print(
"Maybe there is no Volume in the provided disk image.\n",
e,
file=sys.stderr,
)
else:
for partition in partition_table:
if b"NTFS" in partition.desc:
# open the filesystem with offset set to the absolute offset of
# the beginning of the NTFS partition.
fs = pytsk3.FS_Info(img_handler,
offset=(partition.start * 512))
# The Cluster Size (blocksize) can be chosen when the volume is formatted.
global blocksize
blocksize = fs.info.block_size
print("NTFS Cluster size: ", blocksize, "in bytes.")
# get the sector size
global sector
sector = fs.info.dev_bsize
print("NTFS Sector size: ", sector, "in bytes.\n")
# open the directory node for recursiveness and enqueue all
# directories in image fs from the root dir "/"
queue_all_dirs = []
directory = fs.open_dir(path="/")
processing(
partition,
directory=directory,
queue=queue_all_dirs,
parent_names=["/"],
)
# pretty printing the all_slack files
if arguments.pprint:
pp = pprint.PrettyPrinter(indent=4)
pp.pprint(all_slacks)
# writing out file slack spaces into seperate files located in 'slacks' directory
if arguments.dump:
if arguments.verbose:
print(
f"{arguments.dump} is the temporary output dir for file slacks."
)
for s in all_slacks:
CWD = Path().cwd()
SLACKS_DIR = CWD.joinpath(arguments.dump)
SLACKS_DIR.mkdir(exist_ok=True)
file_slack_name = SLACKS_DIR.joinpath(s.get_s_name())
file_slack_name.write_bytes(s.get_s_bytes())
# print slack bytes with encoding 'latin-1', 'hex'.
if arguments.encoding is not None:
for s in all_slacks:
s_bytes = s.get_s_bytes()
if arguments.encoding == "latin-1":
print(s_bytes.decode("latin-1"))
elif arguments.encoding == "hex":
print(s_bytes.hex())
# handle csv argument
if arguments.csv is not None:
csv_filename = arguments.csv
if arguments.verbose:
print(f"Writing CSV report to '{arguments.csv}'.")
with open(csv_filename, "w", newline="") as csvfile:
fieldnames = [
"slack filename",
"slack size",
"partition address",
"MD5",
"SHA1",
"parent dirs",
]
writer = csv.DictWriter(csvfile, fieldnames=fieldnames)
writer.writeheader()
for s in all_slacks:
writer.writerow({
"slack filename": s.get_s_name(),
"slack size": s.get_s_size(),
"partition address": s.get_s_partition_addr(),
"MD5": s.get_s_md5(),
"SHA1": s.get_s_sha1(),
"parent dirs": s.get_s_dirs(),
})
tmpdir.cleanup()
def test_get_version(self): """Tests the get_version function.""" version = pyewf.get_version() self.assertIsNotNone(version)
# __author__ = "Joachim Metz" __version__ = "20130126" __date__ = "Jan 26, 2013" __copyright__ = "Copyright (c) 2006-2012, Joachim Metz <*****@*****.**>" __license__ = "GNU LGPL version 3" import sys import pyewf # ---------------------------------------------------------------------------- # Main # ---------------------------------------------------------------------------- print "open_close.py " + __version__ + " (libewf " + pyewf.get_version() + ")\n" argc = len( sys.argv ) if argc < 2: print "Usage: open_close.py filename(s)\n" sys.exit( 1 ) filenames = sys.argv[ 1: ] handle = pyewf.handle(); if handle == None: print "Missing handle object\n"
sub_file_entry = file_entry.get_sub_file_entry( sub_file_entry_index ) except: print "Unable to retrieve number of file entry: " + sub_file_entry_index + "\n" print sys.exc_info()[ 1 ] sys.exit( 1 ) print_file_entry( sub_file_entry ) # ---------------------------------------------------------------------------- # Main # ---------------------------------------------------------------------------- print "file_entries.py " + __version__ + " (libewf " + pyewf.get_version() + ")\n" argc = len( sys.argv ) if argc < 2: print "Usage: file_entries.py filename(s)\n" sys.exit( 1 ) if argc == 2: try: filenames = pyewf.glob( sys.argv[ 1 ] ) except: print "Unable to glob filename(s)\n"
def test_get_version(self):
"""Tests the get_version function."""
version = pyewf.get_version()
# __author__ = "Joachim Metz" __version__ = "20110104" __date__ = "Jan 4, 2011" __copyright__ = "Copyright (c) 2010-2011, Joachim Metz <*****@*****.**>" __license__ = "GNU LGPL version 3" import sys import pyewf # ---------------------------------------------------------------------------- # Main # ---------------------------------------------------------------------------- print "metadata.py " + __version__ + " (libewf " + pyewf.get_version() + ")\n" argc = len( sys.argv ) if argc < 2: print "Usage: metadata.py filename(s)\n" sys.exit( 1 ) if argc == 2: try: filenames = pyewf.glob( sys.argv[ 1 ] ) except: print "Unable to glob filename(s)\n"
def test_get_version(self): """Tests the get_version function.""" version = pyewf.get_version()