def ParseImage(self, options):
'''
Module to analyze the image file.
This module parse the partition list in image file.
'''
# Get Partition list in image file
disk_scanner = scan_disk.DiskScanner()
disk_info = disk_scanner.Analyze(self.path)
# Insert Partition info
db = carpe_db.Mariadb()
db.open()
for disk in disk_info:
par_id = 'p1' + str(uuid.uuid4()).replace('-', '')
par_name = str(disk['vol_name'])
par_type = str(disk['type_indicator'])
sector_size = str(disk['bytes_per_sector'])
par_size = str(disk['length'])
start_sector = str(disk['start_sector'])
if par_type == 'VSHADOW' and options['vss'] != 'True':
continue
else:
query = "INSERT INTO partition_info(par_id, par_name, evd_id, par_type, sector_size, par_size, start_sector) VALUES('" + par_id + "', '" + par_name + "', '" + self.evd_id + "', '" + par_type + "', '" + sector_size + "', '" + par_size + "', '" + start_sector + "');"
db.execute_query(query)
db.close()
# Split VSS Partition
if options['vss'] == 'True':
output_writer = split_disk.FileOutputWriter(self.path)
disk_spliter = split_disk.DiskSpliter(disk_info)
disk_spliter.SplitDisk(output_writer)
def Preprocess(self, case_no, evd_no, user_id): ''' Module to analyze the image file. This module parse the partition list in image file. And split image by partition. ''' # Connect Carpe Database db = mariadb.Mariadb() conn = db.open() # Get Source Path query = 'SELECT path FROM carpe_evidence_info WHERE evd_no = ' + str(evd_no) + ';' self.src_path = db.execute_query(conn, query) # Get Case & Evidence Name query = 'SELECT case_name FROM tn_case WHERE case_no = ' + str(case_no) + ';' case_name = db.execute_query(conn, query) query = 'SELECT evd_name FROM tn_evidence WHERE evd_no = ' + str(evd_no) + ';' evd_name = db.execute_query(conn, query) db.close(conn) # Create directory to store splitted image self.dst_path = '/data/share/image' + '/' + case_name + '/' + evd_name + '/splitted' if not os.path.exists(self.dst_path): os.mkdir(self.dst_path) # Get partition list in image file output_writer = split_disk.FileOutputWriter(self.dst_path) mediator = scan_disk.DiskScannerMediator() disk_scanner = scan_disk.DiskScanner(mediator=mediator) base_path_specs = disk_scanner.GetBasePathSpecs(self.src_path) disk_info = disk_scanner.ScanDisk(base_path_specs) # Split image file disk_spliter = split_disk.DiskSpliter(disk_info) disk_spliter.SplitDisk(output_writer)
def Preprocess(self, case_id, evd_id, user_id): # Connect MariaDB db = mariadb.Mariadb() conn = db.open() # Get Source Path query = 'SELECT file_path FROM tn_evidence WHERE evd_no = ' + str(evd_id) + ';' self.src_path = db.execute_query(conn, query) # Get Case & Evidence Name query = 'SELECT case_name FROM tn_case WHERE case_no = ' + str(case_id) + ';' case_name = db.execute_query(conn, query) query = 'SELECT evd_name FROM tn_evidence WHERE evd_no = ' + str(evd_id) + ';' evd_name = db.execute_query(conn, query) db.close(conn) # Create directory to store splitted image self.dst_path = '/data/share/image' + '/' + case_name + '/' + evd_name + '/split' if not os.path.exists(self.dst_path): os.mkdir(self.dst_path) # Get partition list in image file output_writer = split_disk.FileOutputWriter(self.dst_path) mediator = scan_disk.DiskScannerMediator() disk_scanner = scan_disk.DiskScanner(mediator=mediator) try: base_path_specs = disk_scanner.GetBasePathSpecs(self.src_path) disk_info = disk_scanner.ScanDisk(base_path_specs) except KeyboardInterrupt: return if disk_info is None: return disk_spliter = split_disk.DiskSpliter(disk_info) disk_spliter.SplitDisk(output_writer)
def Preprocess(self, case_no, evd_no, inv_no, option): ''' Module to analyze the image file. This module parse the partition list in image file. And split image by partition. ''' if not os.path.exists(self.dst_path): os.mkdir(self.dst_path) # Get partition list in image file output_writer = split_disk.FileOutputWriter(self.dst_path) mediator = scan_disk.DiskScannerMediator() disk_scanner = scan_disk.DiskScanner(mediator=mediator) base_path_specs = disk_scanner.GetBasePathSpecs(self.src_path) disk_info = disk_scanner.ScanDisk(base_path_specs) # Insert partition list # Split image file if option['vss']: disk_spliter = split_disk.DiskSpliter(disk_info) disk_spliter.SplitDisk(output_writer)
def Main():
argument_parser = argparse.ArgumentParser(
description=('Split disk into several volume images.'))
argument_parser.add_argument('--output_directory',
'--output-directory',
dest='output_dir',
action='store',
metavar='source.hashed',
default=None,
help=('path of the output directory.'))
argument_parser.add_argument(
'source',
nargs='?',
action='store',
metavar='image.raw',
default=None,
help='path of the directory or storage media image.')
options = argument_parser.parse_args()
if not options.source:
print('Source value is missing.')
print('')
argument_parser.print_help()
print('')
return False
logging.basicConfig(level=logging.INFO,
format='[%(levelname)s] %(message)s')
if options.output_dir:
output_dir = options.output_dir
else:
output_dir = os.getcwd()
output_writer = split_disk.FileOutputWriter(output_dir)
return_value = True
#mediator = scan_disk.DiskScannerMediator()
disk_scanner = scan_disk.DiskScanner()
try:
disk_info = disk_scanner.Analyze(options.source)
except errors.ScannerError as exception:
return_value = False
print('')
print('[ERROR] {0!s}'.format(exception))
except KeyboardInterrupt:
return_value = False
print('')
print('Aborted by user.')
if disk_info is None:
return False
disk_spliter = split_disk.DiskSpliter(disk_info)
disk_spliter.SplitDisk(output_writer)
return return_value