def carve_file(db_info, image, string):
#icat = icat -o 32 image offset + " > " + output
db_query = "SELECT * FROM files WHERE name LIKE ?"
db_info["db_cursor"].execute(db_query,('%'+string+'%',))
new_directory = image+"_"+string+"_"+str(carver_common.get_time(image))
carver_common.make_directory(new_directory, image)
log = open(os.getcwd()+"/"+new_directory+"/log","a")
while True:
carve = db_info["db_cursor"].fetchone()
if carve != None:
if re.match('.*/', carve[0]):
out_file = re.sub('.*/','',carve[0])
else:
out_file = carve[0]
icat = "icat -o "+str(carve[3])+" "+image+" "+str(carve[1])+" > "+new_directory+"/"+out_file
carver_common.ipc_shell(icat)
hash = carver_common.hashfile(new_directory+"/"+out_file)
print "File duplicated to "+os.getcwd()+"/"+new_directory+"/"+out_file
print "\t MD5: "+hash[0]
print "\t SHA1: "+hash[1]+"\n"
try:
log.write(out_file+"\n\tMD5: "+hash[0]+"\n\tSHA1: "+hash[1])
except OSError:
pass
else:
break
log.close()
print "\n"
return;
def main():
arguments = argparse.ArgumentParser()
arguments.add_argument("-n", "--nohash", help="Disable Image Hashing", action="store_true", required=False)
arguments.add_argument("-i", "--image", help="Pass Image Name", action="store", required=False)
arguments.set_defaults(n=False, nohash=False, i="", image="")
passed_arguments = arguments.parse_args()
if passed_arguments.image != "":
image = passed_arguments.image
else:
image = raw_input("\nImage Name? ")
if not passed_arguments.nohash:
original_digest = carver_common.hashfile(image)
main_menu(image)
if not passed_arguments.nohash:
final_digest = carver_common.hashfile(image)
if original_digest != final_digest:
print "\n\n\n Warning File Altered \n\n\n"
else:
print "File Unaltered"
return
