Пример #1
0
    def run(self, evidence, result):
        """Task that processes Plaso storage files with Psort.

    Args:
        evidence: Path to data to process.
        result: A TurbiniaTaskResult object to place task results into.

    Returns:
        TurbiniaTaskResult object.
    """
        psort_evidence = PlasoCsvFile()

        psort_file = os.path.join(self.output_dir, '{0:s}.csv'.format(self.id))
        psort_evidence.local_path = psort_file
        psort_log = os.path.join(self.output_dir, '{0:s}.log'.format(self.id))

        cmd = ['psort.py', '--status_view', 'none', '--logfile', psort_log]
        cmd.extend(['-w', psort_file, evidence.local_path])

        result.log('Running psort as [{0:s}]'.format(' '.join(cmd)))

        self.execute(cmd,
                     result,
                     save_files=[psort_log],
                     new_evidence=[psort_evidence],
                     close=True)

        return result
Пример #2
0
    def run(self, evidence, result):
        """Task that processes Plaso storage files with Psort."""

        config.LoadConfig()

        psort_file = os.path.join(self.output_dir, '{0:s}.csv'.format(self.id))
        psort_evidence = PlasoCsvFile(source_path=psort_file)
        psort_log = os.path.join(self.output_dir, '{0:s}.log'.format(self.id))

        cmd = self.build_plaso_command('psort.py', self.task_config)

        cmd.extend(['--logfile', psort_log])
        if config.DEBUG_TASKS or self.task_config.get('debug_tasks'):
            cmd.append('-d')

        cmd.extend(['-w', psort_file, evidence.local_path])

        result.log('Running psort as [{0:s}]'.format(' '.join(cmd)))

        self.execute(cmd,
                     result,
                     log_files=[psort_log],
                     new_evidence=[psort_evidence],
                     close=True)

        return result
Пример #3
0
    def run(self, evidence, result):
        """Task that processes Plaso storage files with Psort.

    Args:
        evidence (Evidence object):  The evidence we will process.
        result (TurbiniaTaskResult): The object to place task results into.

    Returns:
        TurbiniaTaskResult object.
    """
        config.LoadConfig()

        psort_file = os.path.join(self.output_dir, '{0:s}.csv'.format(self.id))
        psort_evidence = PlasoCsvFile(source_path=psort_file)
        psort_log = os.path.join(self.output_dir, '{0:s}.log'.format(self.id))

        cmd = ['psort.py', '--status_view', 'none', '--logfile', psort_log]
        if config.DEBUG_TASKS or evidence.config.get('debug_tasks'):
            cmd.append('-d')

        cmd.extend(['--additional_fields', 'yara_match'])
        cmd.extend(['-w', psort_file, evidence.local_path])
        cmd.extend(['--temporary_directory', self.tmp_dir])

        result.log('Running psort as [{0:s}]'.format(' '.join(cmd)))

        self.execute(cmd,
                     result,
                     log_files=[psort_log],
                     new_evidence=[psort_evidence],
                     close=True)

        return result
Пример #4
0
class PsortJob(TurbiniaJob):
    """Run psort on PlasoFile to generate a CSV file."""

    # The types of evidence that this Job will process
    evidence_input = [type(PlasoFile())]
    evidence_output = [type(PlasoCsvFile())]

    def __init__(self):
        super(PsortJob, self).__init__(name='PsortJob')

    def create_tasks(self, evidence):
        """Create task for Psort.

    Args:
      evidence: List of evidence object to process

    Returns:
        A list of PsortTasks.
    """
        return [PsortTask() for e in evidence]
Пример #5
0
class GrepJob(TurbiniaJob):
    """Filter input based on regular expression patterns."""

    # The types of evidence that this Job will process
    evidence_input = [type(TextFile()), type(PlasoCsvFile())]
    evidence_output = [type(FilteredTextFile())]

    def __init__(self):
        super(GrepJob, self).__init__(name='GrepJob')

    def create_tasks(self, evidence):
        """Create task.

    Args:
      evidence: List of evidence object to process

    Returns:
        A list of tasks to schedule.
    """
        tasks = [GrepTask() for _ in evidence]
        return tasks