def run(self, evidence, result):
"""Task that process data with Plaso.
Args:
evidence: Path to data to process.
result: A TurbiniaTaskResult object to place task results into.
Returns:
TurbiniaTaskResult object.
"""
plaso_evidence = PlasoFile()
plaso_file = os.path.join(self.output_dir, '{0:s}.plaso'.format(self.id))
plaso_evidence.local_path = plaso_file
plaso_log = os.path.join(self.output_dir, '{0:s}.log'.format(self.id))
# TODO(aarontp): Move these flags into a recipe
cmd = (
'log2timeline.py --status_view none --hashers all '
'--partition all --vss_stores all').split()
cmd.extend(['--logfile', plaso_log])
cmd.extend([plaso_file, evidence.local_path])
result.log('Running plaso as [{0:s}]'.format(' '.join(cmd)))
self.execute(cmd, result, save_files=[plaso_log],
new_evidence=[plaso_evidence], close=True)
return result
def run(self, evidence, result):
"""Task that process data with Plaso.
Args:
evidence: Path to data to process.
result: A TurbiniaTaskResult object to place task results into.
Returns:
TurbiniaTaskResult object.
"""
config.LoadConfig()
plaso_evidence = PlasoFile()
# Write plaso file into tmp_dir because sqlite has issues with some shared
# filesystems (e.g NFS).
plaso_file = os.path.join(self.tmp_dir, '{0:s}.plaso'.format(self.id))
plaso_evidence.local_path = plaso_file
plaso_log = os.path.join(self.output_dir, '{0:s}.log'.format(self.id))
# TODO(aarontp): Move these flags into a recipe
cmd = (
'log2timeline.py --status_view none --hashers all '
'--partition all --vss_stores all').split()
if config.DEBUG_TASKS:
cmd.append('-d')
if isinstance(evidence, (APFSEncryptedDisk, BitlockerDisk)):
if evidence.recovery_key:
cmd.extend([
'--credential', 'recovery_password:{0:s}'.format(
evidence.recovery_key)
])
elif evidence.password:
cmd.extend(['--credential', 'password:{0:s}'.format(evidence.password)])
else:
result.close(
self, False, 'No credentials were provided '
'for a bitlocker disk.')
return result
cmd.extend(['--logfile', plaso_log])
cmd.extend([plaso_file, evidence.local_path])
result.log('Running plaso as [{0:s}]'.format(' '.join(cmd)))
self.execute(
cmd, result, log_files=[plaso_log], new_evidence=[plaso_evidence],
close=True)
return result
def run(self, evidence, result):
"""Task that process data with Plaso.
Args:
evidence: Path to data to process.
result: A TurbiniaTaskResult object to place task results into.
Returns:
TurbiniaTaskResult object.
"""
plaso_result = PlasoFile()
plaso_file = os.path.join(self.output_dir,
u'{0:s}.plaso'.format(self.id))
plaso_log = os.path.join(self.output_dir, u'{0:s}.log'.format(self.id))
# TODO(aarontp): Move these flags into a recipe
cmd = (u'log2timeline.py --status_view none --hashers all '
u'--partition all --vss_stores all').split()
cmd.extend([u'--logfile', plaso_log])
cmd.extend([plaso_file, evidence.local_path])
result.log(u'Running plaso as [{0:s}]'.format(' '.join(cmd)))
# TODO(aarontp): Create helper function to do all this
plaso_proc = subprocess.Popen(cmd)
stdout, stderr = plaso_proc.communicate()
result.error['stdout'] = stdout
result.error['stderr'] = stderr
ret = plaso_proc.returncode
if ret:
msg = u'Plaso execution failed with status {0:d}'.format(ret)
result.log(msg)
result.close(success=False, status=msg)
else:
# TODO(aarontp): Get and set plaso version here
result.log('Plaso output file in {0:s}'.format(plaso_file))
plaso_result.local_path = plaso_file
result.add_evidence(plaso_result)
result.close(success=True)
return result
def run(self, evidence, result):
"""Task that process data with Plaso.
Args:
evidence: Path to data to process.
result: A TurbiniaTaskResult object to place task results into.
Returns:
TurbiniaTaskResult object.
"""
config.LoadConfig()
plaso_evidence = PlasoFile()
# Write plaso file into tmp_dir because sqlite has issues with some shared
# filesystems (e.g NFS).
plaso_file = os.path.join(self.tmp_dir, '{0:s}.plaso'.format(self.id))
plaso_evidence.local_path = plaso_file
plaso_log = os.path.join(self.output_dir, '{0:s}.log'.format(self.id))
# TODO(aarontp): Move these flags into a recipe
cmd = ('log2timeline.py --status_view none --hashers all '
'--partition all --vss_stores all').split()
if config.DEBUG_TASKS:
cmd.append('-d')
cmd.extend(['--logfile', plaso_log])
cmd.extend([plaso_file, evidence.local_path])
result.log('Running plaso as [{0:s}]'.format(' '.join(cmd)))
self.execute(cmd,
result,
save_files=[plaso_log],
new_evidence=[plaso_evidence],
close=True)
return result
