def main(): args_parser = argparse.ArgumentParser(description="Tests get_version.") options = args_parser.parse_args() try: pyewf.get_version() except Exception: return False return True
def main(): args_parser = argparse.ArgumentParser( description="Tests get_version.") options = args_parser.parse_args() try: pyewf.get_version() except Exception: return False return True
def LogLibraryVersions(log): '''Log the versions of libraries used''' log.info('Python version = {}'.format(sys.version)) log.info('Pytsk version = {}'.format(pytsk3.get_version())) log.info('Pyewf version = {}'.format(pyewf.get_version())) log.info('Pyvmdk version = {}'.format(pyvmdk.get_version())) log.info('PyAFF4 version = {}'.format( pyaff4._version.raw_versions()['version']))
# __author__ = "Joachim Metz" __version__ = "20110104" __date__ = "Jan 4, 2011" __copyright__ = "Copyright (c) 2006-2012, Joachim Metz <*****@*****.**>" __license__ = "GNU LGPL version 3" import sys import pyewf # ---------------------------------------------------------------------------- # Main # ---------------------------------------------------------------------------- print "glob.py " + __version__ + " (libewf " + pyewf.get_version() + ")\n" argc = len(sys.argv) if argc != 2: print "Usage: glob.py filename\n" sys.exit(1) try: filenames = pyewf.glob(sys.argv[1]) except: print "Unable to glob filename(s)\n" print sys.exc_info()[1]
def LogLibraryVersions(log): '''Log the versions of libraries used''' log.info('Pytsk version = {}'.format(pytsk3.get_version())) log.info('Pyewf version = {}'.format(pyewf.get_version())) log.info('Pyvmdk version= {}'.format(pyvmdk.get_version()))
# __author__ = "Joachim Metz" __version__ = "20110104" __date__ = "Jan 4, 2011" __copyright__ = "Copyright (c) 2006-2012, Joachim Metz <*****@*****.**>" __license__ = "GNU LGPL version 3" import sys import pyewf # ---------------------------------------------------------------------------- # Main # ---------------------------------------------------------------------------- print "metadata.py " + __version__ + " (libewf " + pyewf.get_version() + ")\n" argc = len( sys.argv ) if argc < 2: print "Usage: metadata.py filename(s)\n" sys.exit( 1 ) if argc == 2: try: filenames = pyewf.glob( sys.argv[ 1 ] ) except: print "Unable to glob filename(s)\n"
# __author__ = "Joachim Metz" __version__ = "20130120" __date__ = "Jan 20, 2013" __copyright__ = "Copyright (c) 2006-2013, Joachim Metz <*****@*****.**>" __license__ = "GNU LGPL version 3" import sys import pyewf # ---------------------------------------------------------------------------- # Main # ---------------------------------------------------------------------------- print "glob.py " + __version__ + " (libewf " + pyewf.get_version() + ")\n" argc = len( sys.argv ) if argc != 2: print "Usage: glob.py filename\n" sys.exit( 1 ) try: filenames = pyewf.glob( sys.argv[ 1 ] ) except: print "Unable to glob filename(s)\n" print sys.exc_info()[ 1 ]
def main(): # commands and arguments # argparse https://docs.python.org/3/library/argparse.html#module-argparse parser = ArgumentParser(description="Extract the file slack spaces.") parser.add_argument("image", metavar="disk image", nargs=1, action="store") parser.add_argument( "-e", "--encoding", default="", help= "Display slack space in LATIN-1 or Hex. Supported options 'latin-1', 'hex'.", ) parser.add_argument( "-t", "--type", required=True, help= "Type of the disk image. Currently supported options 'raw' and 'ewf'.", ) parser.add_argument( "-p", "--pprint", action="store_true", help="Pretty print all found file slack spaces.", ) # create a temporary dir for slacks tmpdir = tempfile.TemporaryDirectory(prefix="slacks_") parser.add_argument( "-d", "--dump", action="store", default=tmpdir.name, help= "Dump file slack spaces of each file in raw format to a directory if specified, by default temporary dir.", ) parser.add_argument( "-c", "--csv", action="store", default=None, help="Write file slacks information to a CSV file.", ) parser.add_argument( "-v", "--verbose", action="store_true", default=False, help="Control the verbosity of the output.", ) parser.add_argument("--version", action="version", version="v0.2.10") global arguments arguments = parser.parse_args() global all_slacks all_slacks = [] if arguments.image is not None: CWD = Path().cwd() if not CWD.joinpath(arguments.image[0]).exists(): print( f"The disk image '{arguments.image[0]}' is not found.", file=sys.stderr, ) sys.exit(1) # print versions print("SleuthKit lib version:", pytsk3.TSK_VERSION_STR) print("Module pytsk3 version:", pytsk3.get_version()) print("Module pyewf version:", pyewf.get_version()) # open image if arguments.image is not None: if arguments.type == "raw": img_handler = pytsk3.Img_Info(arguments.image[0]) elif arguments.type == "ewf": print(arguments.image) ewf_handle = pyewf.handle() filenames = pyewf.glob(arguments.image[0]) ewf_handle.open(filenames) img_handler = ewf.ewf_Img_Info(ewf_handle) elif arguments.type == "aff": print("Not Supported Yet ! ", file=sys.stderr) sys.exit(1) elif arguments.type not in ["raw", "ewf"]: print("Not Supported Yet ! Only 'raw' and 'ewf'. ", file=sys.stderr) sys.exit(1) # open the image volume for the partitions within it try: partition_table = pytsk3.Volume_Info(img_handler) print_partition_table(partition_table) except OSError as e: # there is no Volume in the image. print( "Maybe there is no Volume in the provided disk image.\n", e, file=sys.stderr, ) else: for partition in partition_table: if b"NTFS" in partition.desc: # open the filesystem with offset set to the absolute offset of # the beginning of the NTFS partition. fs = pytsk3.FS_Info(img_handler, offset=(partition.start * 512)) # The Cluster Size (blocksize) can be chosen when the volume is formatted. global blocksize blocksize = fs.info.block_size print("NTFS Cluster size: ", blocksize, "in bytes.") # get the sector size global sector sector = fs.info.dev_bsize print("NTFS Sector size: ", sector, "in bytes.\n") # open the directory node for recursiveness and enqueue all # directories in image fs from the root dir "/" queue_all_dirs = [] directory = fs.open_dir(path="/") processing( partition, directory=directory, queue=queue_all_dirs, parent_names=["/"], ) # pretty printing the all_slack files if arguments.pprint: pp = pprint.PrettyPrinter(indent=4) pp.pprint(all_slacks) # writing out file slack spaces into seperate files located in 'slacks' directory if arguments.dump: if arguments.verbose: print( f"{arguments.dump} is the temporary output dir for file slacks." ) for s in all_slacks: CWD = Path().cwd() SLACKS_DIR = CWD.joinpath(arguments.dump) SLACKS_DIR.mkdir(exist_ok=True) file_slack_name = SLACKS_DIR.joinpath(s.get_s_name()) file_slack_name.write_bytes(s.get_s_bytes()) # print slack bytes with encoding 'latin-1', 'hex'. if arguments.encoding is not None: for s in all_slacks: s_bytes = s.get_s_bytes() if arguments.encoding == "latin-1": print(s_bytes.decode("latin-1")) elif arguments.encoding == "hex": print(s_bytes.hex()) # handle csv argument if arguments.csv is not None: csv_filename = arguments.csv if arguments.verbose: print(f"Writing CSV report to '{arguments.csv}'.") with open(csv_filename, "w", newline="") as csvfile: fieldnames = [ "slack filename", "slack size", "partition address", "MD5", "SHA1", "parent dirs", ] writer = csv.DictWriter(csvfile, fieldnames=fieldnames) writer.writeheader() for s in all_slacks: writer.writerow({ "slack filename": s.get_s_name(), "slack size": s.get_s_size(), "partition address": s.get_s_partition_addr(), "MD5": s.get_s_md5(), "SHA1": s.get_s_sha1(), "parent dirs": s.get_s_dirs(), }) tmpdir.cleanup()
def test_get_version(self): """Tests the get_version function.""" version = pyewf.get_version() self.assertIsNotNone(version)
# __author__ = "Joachim Metz" __version__ = "20130126" __date__ = "Jan 26, 2013" __copyright__ = "Copyright (c) 2006-2012, Joachim Metz <*****@*****.**>" __license__ = "GNU LGPL version 3" import sys import pyewf # ---------------------------------------------------------------------------- # Main # ---------------------------------------------------------------------------- print "open_close.py " + __version__ + " (libewf " + pyewf.get_version() + ")\n" argc = len( sys.argv ) if argc < 2: print "Usage: open_close.py filename(s)\n" sys.exit( 1 ) filenames = sys.argv[ 1: ] handle = pyewf.handle(); if handle == None: print "Missing handle object\n"
sub_file_entry = file_entry.get_sub_file_entry( sub_file_entry_index ) except: print "Unable to retrieve number of file entry: " + sub_file_entry_index + "\n" print sys.exc_info()[ 1 ] sys.exit( 1 ) print_file_entry( sub_file_entry ) # ---------------------------------------------------------------------------- # Main # ---------------------------------------------------------------------------- print "file_entries.py " + __version__ + " (libewf " + pyewf.get_version() + ")\n" argc = len( sys.argv ) if argc < 2: print "Usage: file_entries.py filename(s)\n" sys.exit( 1 ) if argc == 2: try: filenames = pyewf.glob( sys.argv[ 1 ] ) except: print "Unable to glob filename(s)\n"
def test_get_version(self): """Tests the get_version function.""" version = pyewf.get_version()
# __author__ = "Joachim Metz" __version__ = "20110104" __date__ = "Jan 4, 2011" __copyright__ = "Copyright (c) 2010-2011, Joachim Metz <*****@*****.**>" __license__ = "GNU LGPL version 3" import sys import pyewf # ---------------------------------------------------------------------------- # Main # ---------------------------------------------------------------------------- print "metadata.py " + __version__ + " (libewf " + pyewf.get_version() + ")\n" argc = len( sys.argv ) if argc < 2: print "Usage: metadata.py filename(s)\n" sys.exit( 1 ) if argc == 2: try: filenames = pyewf.glob( sys.argv[ 1 ] ) except: print "Unable to glob filename(s)\n"