def startUp(self, context): self.context = context #Show parameters that are passed in self.log(Level.INFO, "Username =====>" + str(self.userName)) self.log(Level.INFO, "password =====>" + str(self.password)) self.log(Level.INFO, "IP Address =====>" + str(self.IP_Address)) self.log(Level.INFO, "Port_Number =====>" + str(self.Port_Number)) self.log(Level.INFO, "Sketch Name =====> " + str(self.sketchName)) self.log(Level.INFO, "sketch Description =====> " + str(self.sketchDescription)) # Check to see if the file to execute exists, if it does not then raise an exception and log error # data is taken from the UI if PlatformUtil.isWindowsOS(): self.path_to_Timesketch_exe = os.path.join(os.path.dirname(os.path.abspath(__file__)), "timesketch_autopsy.exe") if not os.path.exists(self.path_to_Timesketch_exe): raise IngestModuleException("Windows Executable was not found in module folder") elif PlatformUtil.getOSName() == 'Linux': self.path_to_Timesketch_exe = os.path.join(os.path.dirname(os.path.abspath(__file__)), "Timesketch_Autopsy") if not os.path.exists(self.path_to_Timesketch_exe): raise IngestModuleException("Linux Executable was not found in module folder") # Throw an IngestModule.IngestModuleException exception if there was a problem setting up # raise IngestModuleException(IngestModule(), "Oh No!") pass
def startUp(self, context): self.context = context # Get path to EXE based on where this script is run from. # Assumes EXE is in same folder as script # Verify it is there before any ingest starts if PlatformUtil.isWindowsOS(): self.path_to_exe = os.path.join(os.path.dirname(os.path.abspath(__file__)), "export_EVTX.exe") if not os.path.exists(self.path_to_exe): raise IngestModuleException("EXE was not found in module folder") else: self.path_to_exe = os.path.join(os.path.dirname(os.path.abspath(__file__)), "Export_EVTX") if not os.path.exists(self.path_to_exe): raise IngestModuleException("Linux executable was not found in module folder") if self.local_settings.getFlag(): self.List_Of_Events.append('ALL') #self.logger.logp(Level.INFO, Process_EVTX1WithUI.__name__, "startUp", "All Events CHecked") else: if self.local_settings.getFlag4(): #self.List_Of_Events.append('Other') Event_List = self.local_settings.getArea().split() self.log(Level.INFO, "Event List ==> " + str(Event_List)) for evt in Event_List: self.List_Of_Events.append(str(evt)) #self.Event_Id_List = "','".join(self.List_Of_Events) self.Event_Id_List = self.local_settings.getArea().replace(',','\',\'') self.Event_Id_List.replace(',','\',\'') # Throw an IngestModule.IngestModuleException exception if there was a problem setting up # raise IngestModuleException(IngestModule(), "Oh No!") pass
def startUp(self, context): self.context = context # Get path to EXE based on where this script is run from. # Assumes EXE is in same folder as script # Verify it is there before any ingest starts if PlatformUtil.isWindowsOS(): self.path_to_exe = os.path.join( os.path.dirname(os.path.abspath(__file__)), "export_jl_ad.exe") if not os.path.exists(self.path_to_exe): raise IngestModuleException( "EXE was not found in module folder") elif PlatformUtil.getOSName() == 'Linux': self.path_to_exe = os.path.join( os.path.dirname(os.path.abspath(__file__)), 'Export_JL_Ad') if not os.path.exists(self.path_to_exe): raise IngestModuleException( "Linux Executable was not found in module folder") self.path_to_app_id_db = os.path.join( os.path.dirname(os.path.abspath(__file__)), "Jump_List_App_Ids.db3") # Throw an IngestModule.IngestModuleException exception if there was a problem setting up # raise IngestModuleException(IngestModule(), "Oh No!") pass
def startUp(self, context): self.context = context #Show parameters that are passed in if PlatformUtil.isWindowsOS(): self.path_to_exe = os.path.join( os.path.dirname(os.path.abspath(__file__)), "fseparser_v2.1.exe") if not os.path.exists(self.path_to_exe): raise IngestModuleException( "Windows Executable was not found in module folder") elif PlatformUtil.getOSName() == 'Linux': self.path_to_exe = os.path.join( os.path.dirname(os.path.abspath(__file__)), "FSEParser_V2.1") if not os.path.exists(self.path_to_exe): raise IngestModuleException( "Linux Executable was not found in module folder") self.MacFSEvents_Executable = self.path_to_exe self.log(Level.INFO, "MacFSEvents Executable ==> " + self.MacFSEvents_Executable) # Throw an IngestModule.IngestModuleException exception if there was a problem setting up # raise IngestModuleException(IngestModule(), "Oh No!") pass
def startUp(self, context): # Determine if user configured a flag in UI if self.local_settings.getFlag(): self.stanpl = True else: self.stanpl = False # Counters self.jobId = context.getJobId() self.filesFound = 0 self.dbFound = 0 self.picFound = 0 self.jsonFound = 0 self.lastFile_rep = '' self.el_rep = None self.lastFile = '' self.el = None # Inits the xml element self.root = et.Element("androidgeodata") self.root_report = et.Element("report") # File where the xml is stored self.xmlname = os.path.join( Case.getCurrentCase().getReportDirectory(), Case.getCurrentCase().getName()+"_"+str(self.jobId)) # Checks whether the JSON file exists, if not the module doesn't run path_to_dict = os.path.dirname(os.path.abspath(__file__)) + '/dictionary.json' if not os.path.exists(path_to_dict): raise IngestModuleException("The dictionary file was not found in module folder") else: try: self.dict = json.load( open(path_to_dict) ) except: raise IngestModuleException("The dictionary file was not loaded")
def startUp(self, context): self.context = context # Get path to EXE based on where this script is run from. # Assumes EXE is in same folder as script # Verify it is there before any ingest starts if PlatformUtil.isWindowsOS(): self.path_to_exe = os.path.join( os.path.dirname(os.path.abspath(__file__)), "amcache_parser.exe") if not os.path.exists(self.path_to_exe): raise IngestModuleException( "Windows Executable was not found in module folder") elif PlatformUtil.getOSName() == 'Linux': self.path_to_exe = os.path.join( os.path.dirname(os.path.abspath(__file__)), 'amcache_parser') if not os.path.exists(self.path_to_exe): raise IngestModuleException( "Linux Executable was not found in module folder") if self.local_settings.getSetting('associateFileEntries') == 'true': self.List_Of_tables.append('associated_file_entries') if self.local_settings.getSetting('programEntries') == 'true': self.List_Of_tables.append('program_entries') if self.local_settings.getSetting('unassociatePrograms') == 'true': self.List_Of_tables.append('unassociated_programs') #self.logger.logp(Level.INFO, Process_EVTX1WithUI.__name__, "startUp", str(self.List_Of_Events)) self.log( Level.INFO, str(self.List_Of_tables) + " >> " + str(len(self.List_Of_tables))) # Throw an IngestModule.IngestModuleException exception if there was a problem setting up # raise IngestModuleException(IngestModule(), "Oh No!") pass
def startUp(self, context): self.context = context # Get path to executable based on where this script is run from. # Assumes executable is in same folder as script # Verify it is there before any ingest starts if PlatformUtil.isWindowsOS(): self.pathToExe = os.path.join( os.path.dirname(os.path.abspath(__file__)), "export_esedb.exe") if not os.path.exists(self.pathToExe): raise IngestModuleException( "export_esedb.exe was not found in module folder") if not os.path.exists( os.path.join(os.path.dirname(os.path.abspath(__file__)), "export_esedb_records.exe")): raise IngestModuleException( "export_esedb_records.exe was not found in module folder") else: self.pathToExe2 = os.path.dirname(os.path.abspath(__file__)) self.pathToExe = os.path.join( os.path.dirname(os.path.abspath(__file__)), "export_esedb") if not os.path.exists(self.pathToExe): raise IngestModuleException( "export_esedb was not found in module folder") if not os.path.exists( os.path.join(os.path.dirname(os.path.abspath(__file__)), "export_esedb_records")): raise IngestModuleException( "export_esedb_records was not found in module folder")
def startUp(self, context): self.context = context if not PlatformUtil.isWindowsOS(): raise IngestModuleException("Not running on Windows") self.EXE_PATH = os.path.join( os.path.dirname(os.path.abspath(__file__)), "w10-facemessenger.exe") if not os.path.exists(self.EXE_PATH): raise IngestModuleException( "w10-facemessenger.exe was not found in module folder") self.CSV_DELIMITER = "\x1E" # ASCII non-printing character 30 (Record Separator) self._startUpAttributeTypes()
def startUp(self, context): self.context = context #Show parameters that are passed in self.log( Level.INFO, "Plaso directory ==> " + self.local_settings.getPlaso_Directory()) self.log( Level.INFO, "Plaso Storage File ==> " + self.local_settings.getPlaso_Storage_File()) self.exclude_file_sources = self.local_settings.getExclude_File_Sources( ) if self.local_settings.getExclude_File_Sources(): self.log(Level.INFO, "Exclude File Information from import process") else: self.log(Level.INFO, "Include File Information in import process") # Create path to plaso storage file if self.local_settings.getRun_Plaso(): self.log(Level.INFO, "This is a plaso run") self.run_plaso = True self.vss_opt = self.local_settings.getComboBox() if (self.vss_opt == "VSS Only"): self.vss_option = "--vss_only" elif (self.vss_opt == "No VSS"): self.vss_option = "--no_vss" else: self.vss_option = "--vss_stores" else: self.run_plaso = False self.log(Level.INFO, "This is a plaso import run") self.log(Level.INFO, self.local_settings.getPlaso_Storage_File()) self.path_to_storage_file = self.local_settings.getPlaso_Storage_File( ) # Check to see if the file to execute exists, if it does not then raise an exception and log error # data is taken from the UI self.path_to_exe_psort = os.path.join( self.local_settings.getPlaso_Directory(), "psort.exe") if not os.path.exists(self.path_to_exe_psort): raise IngestModuleException( "Psort File to Run/execute does not exist.") self.path_to_exe_log2t = os.path.join( self.local_settings.getPlaso_Directory(), "log2timeline.exe") if not os.path.exists(self.path_to_exe_log2t): raise IngestModuleException( "log2timeline File to Run/execute does not exist.") # Throw an IngestModule.IngestModuleException exception if there was a problem setting up # raise IngestModuleException(IngestModule(), "Oh No!") pass
def startUp(self, context): self.context = context # Get path to EXE based on where this script is run from. # Assumes EXE is in same folder as script # Verify it is there before any ingest starts if PlatformUtil.isWindowsOS(): self.path_to_exe = os.path.join( os.path.dirname(os.path.abspath(__file__)), "export_SRUDB.exe") if not os.path.exists(self.path_to_exe): raise IngestModuleException( "EXE was not found in module folder") else: self.path_to_exe = os.path.join( os.path.dirname(os.path.abspath(__file__)), "Export_SRUDB") if not os.path.exists(self.path_to_exe): raise IngestModuleException( "Linux Executable was not found in module folder") if self.local_settings.getSetting('all') == 'true': self.List_Of_SRUDB.append('application_resource_usage') self.List_Of_SRUDB.append('energy_estimation_provider') self.List_Of_SRUDB.append('energy_usage_data') self.List_Of_SRUDB.append('network_connectivity') self.List_Of_SRUDB.append('network_usage') self.List_Of_SRUDB.append('windows_push_notification') #self.logger.logp(Level.INFO, Parse_SRUDBWithUI.__name__, "startUp", "All Events CHecked") else: #self.logger.logp(Level.INFO, Parse_SRUDBWithUI.__name__, "startUp", "No Boxes Checked") if self.local_settings.getSetting( 'application_resource_usage') == 'true': self.List_Of_SRUDB.append('application_resource_usage') if self.local_settings.getSetting( 'energy_estimation_provider') == 'true': self.List_Of_SRUDB.append('energy_estimation_provider') if self.local_settings.getSetting('energy_usage_data') == 'true': self.List_Of_SRUDB.append('energy_usage_data') if self.local_settings.getSetting( 'network_connectivity') == 'true': self.List_Of_SRUDB.append('network_connectivity') if self.local_settings.getSetting('network_usage') == 'true': self.List_Of_SRUDB.append('network_usage') if self.local_settings.getSetting( 'windows_push_notification') == 'true': self.List_Of_SRUDB.append('windows_push_notification') #self.logger.logp(Level.INFO, Parse_SRUDBWithUI.__name__, "startUp", str(self.List_Of_Events)) self.log(Level.INFO, str(self.List_Of_SRUDB)) # Throw an IngestModule.IngestModuleException exception if there was a problem setting up # raise IngestModuleException(IngestModule(), "Oh No!") pass
def startUp(self, context): self.context = context # Get path to EXE based on where this script is run from. # Assumes EXE is in same folder as script # Verify it is there before any ingest starts if PlatformUtil.isWindowsOS(): self.path_to_exe = os.path.join(os.path.dirname(os.path.abspath(__file__)), "export_Webcache.exe") if not os.path.exists(self.path_to_exe): raise IngestModuleException("Windows Executable was not found in module folder") elif PlatformUtil.getOSName() == 'Linux': self.path_to_exe = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'Export_Webcache') if not os.path.exists(self.path_to_exe): raise IngestModuleException("Linux Executable was not found in module folder")
def startUp(self, context): self.context = context if PlatformUtil.isWindowsOS(): self.pathToExe = os.path.join( os.path.dirname(os.path.abspath(__file__)), "fb_chat.exe") if not os.path.exists(self.pathToExe): raise IngestModuleException( "fb_chat.exe was not found in module folder") else: self.pathToExe = os.path.join( os.path.dirname(os.path.abspath(__file__)), "fb_chat") if not os.path.exists(self.pathToExe): raise IngestModuleException( "fb_chat was not found in module folder")
def startUp(self, context): self.context = context if PlatformUtil.isWindowsOS(): self.path_to_exe = os.path.join( os.path.dirname(os.path.abspath(__file__)), "appxreg.exe") if not os.path.exists(self.path_to_exe): raise IngestModuleException( "Windows Executable was not found in module folder") elif PlatformUtil.getOSName() == 'Linux': self.path_to_exe = os.path.join( os.path.dirname(os.path.abspath(__file__)), 'Appxreg') if not os.path.exists(self.path_to_exe): raise IngestModuleException( "Linux Executable was not found in module folder") pass
def startUp(self, context): self.context = context self.path_to_exe = os.path.join( os.path.dirname(os.path.abspath(__file__)), "appxreg.exe") if not os.path.exists(self.path_to_exe): raise IngestModuleException("EXE was not found in module folder") pass
def startUp(self, context): self.context = context # Get path to EXE based on where this script is run from. # Assumes EXE is in same folder as script # Verify it is there before any ingest starts self.path_to_exe = os.path.join( os.path.dirname(os.path.abspath(__file__)), "amcache_parser.exe") if not os.path.exists(self.path_to_exe): raise IngestModuleException("EXE was not found in module folder") if self.local_settings.getFlag(): self.List_Of_tables.append('associated_file_entries') #self.logger.logp(Level.INFO, Process_EVTX1WithUI.__name__, "startUp", "All Events CHecked") if self.local_settings.getFlag1(): self.List_Of_tables.append('program_entries') if self.local_settings.getFlag2(): self.List_Of_tables.append('unassociated_programs') #self.logger.logp(Level.INFO, Process_EVTX1WithUI.__name__, "startUp", str(self.List_Of_Events)) self.log( Level.INFO, str(self.List_Of_tables) + " >> " + str(len(self.List_Of_tables))) # Throw an IngestModule.IngestModuleException exception if there was a problem setting up # raise IngestModuleException(IngestModule(), "Oh No!") pass
def startUp(self, context): self.context = context # Get path to EXE based on where this script is run from. # Assumes EXE is in same folder as script # Verify it is there before any ingest starts self.path_to_exe = os.path.join( os.path.dirname(os.path.abspath(__file__)), "export_EVTX.exe") if not os.path.exists(self.path_to_exe): raise IngestModuleException("EXE was not found in module folder") if self.local_settings.getFlag(): self.List_Of_Events.append('ALL') #self.logger.logp(Level.INFO, Process_EVTX1WithUI.__name__, "startUp", "All Events CHecked") else: #self.logger.logp(Level.INFO, Process_EVTX1WithUI.__name__, "startUp", "No Boxes Checked") if self.local_settings.getFlag1(): self.List_Of_Events.append('Application.Evtx') if self.local_settings.getFlag2(): self.List_Of_Events.append('Security.Evtx') if self.local_settings.getFlag3(): self.List_Of_Events.append('System.Evtx') if self.local_settings.getFlag4(): self.List_Of_Events.append('Other') Event_List = self.local_settings.getArea().split() for evt in Event_List: self.List_Of_Events.append(str(evt)) #self.logger.logp(Level.INFO, Process_EVTX1WithUI.__name__, "startUp", str(self.List_Of_Events)) self.log(Level.INFO, str(self.List_Of_Events)) # Throw an IngestModule.IngestModuleException exception if there was a problem setting up # raise IngestModuleException(IngestModule(), "Oh No!") pass
def startUp(self, context): self.context = context self.API_Key = self.local_settings.getAPI_Key() self.Private = self.local_settings.getPrivate() self.root_file_exists = 0 self.root_file_count = 0 self.inventory_application_file_exists = 0 self.inventory_application_file_count = 0 self.count = 0 self.sum = 0 #Record Parameters self.log(Level.INFO, "API_Key: " + str(self.API_Key)) self.log(Level.INFO, "Private: " + str(self.Private)) self.my_exe = os.path.join(os.path.dirname(os.path.abspath(__file__)), "amcache2sqlite.exe") if not os.path.exists(self.my_exe): raise IngestModuleException("EXE was not found in module folder") #create my tables self.List_Of_tables.append('root_file') self.List_Of_tables.append('root_programs') self.List_Of_tables.append('inventory_application_file') self.List_Of_tables.append('inventory_device_container') self.List_Of_tables.append('inventory_device_pnp') self.List_Of_tables.append('inventory_driver_binary') self.List_Of_tables.append('inventory_driver_package') self.List_Of_tables.append('inventory_application_shortcut') #self.List_Of_tables.append('inventory_application_framework') self.List_Of_tables.append('root_file_virustotal_scan') self.List_Of_tables.append('inventory_application_file_virustotal_scan')
def startUp(self, context): self.context = context #Show parameters that are passed in self.log( Level.INFO, "Plaso directory ==> " + self.local_settings.getPlaso_Directory()) self.log( Level.INFO, "Plaso Storage File ==> " + self.local_settings.getPlaso_Storage_File()) self.exclude_file_sources = self.local_settings.getExclude_File_Sources( ) if self.local_settings.getExclude_File_Sources(): self.log(Level.INFO, "Exclude File Information from import process") else: self.log(Level.INFO, "Include File Information in import process") # Create path to plaso storage file self.path_to_storage_file = self.local_settings.getPlaso_Storage_File() # Check to see if the file to execute exists, if it does not then raise an exception and log error # data is taken from the UI self.path_to_exe = os.path.join( self.local_settings.getPlaso_Directory(), "psort.exe") if not os.path.exists(self.path_to_exe): raise IngestModuleException( "Psort File to Run/execute does not exist.") # Throw an IngestModule.IngestModuleException exception if there was a problem setting up # raise IngestModuleException(IngestModule(), "Oh No!") pass
def startUp(self, context): self.context = context #Show parameters that are passed in self.MacFSEvents_Executable = os.path.join( os.path.dirname(os.path.abspath(__file__)), "fseparser_v2.0.exe") self.Plugins = self.local_settings.getPluginListBox() self.log(Level.INFO, "MacFSEvents Executable ==> " + self.MacFSEvents_Executable) self.log(Level.INFO, "MacFSEvents Plugins to use ==> " + str(self.Plugins)) # for plugin in self.Plugins: # if plugin in self.Plugins_for_SQL: # self.Plugins_for_SQL(plugin) # if plugin_count < len(self.Plugins): # plugin_count = 0 # for plugin in self.Plugins_for_SQL: # self.Plugin_Like_Stmt = self.Plugin_Like_Stmt + " mask like '%" + plugin + "%' " # if plugin_count < len(self.Plugins): # self.Plugin_Like_Stmt = Self.Plugin_Like_Stmt + " or " # Check to see if the file to execute exists, if it does not then raise an exception and log error # data is taken from the UI if not os.path.exists(self.MacFSEvents_Executable): raise IngestModuleException( "FSEvents File to Run/execute does not exist.") # Throw an IngestModule.IngestModuleException exception if there was a problem setting up # raise IngestModuleException(IngestModule(), "Oh No!") pass
def startUp(self, context): """Where module setup and configuration is done Args: context (IngestJobContext): Context of the ingest module """ self.log(Level.INFO, "GBoard Data Source Ingest Module is starting up...") # setup the current context self.context = context # check if executable exists module_path = os.path.dirname(os.path.abspath(__file__)) exe_ext = '.exe' if 'win' in System.getProperty("os.name").encode('ascii','ignore').lower() else '' self.path_to_exe = os.path.join(module_path, 'gboard-forensics' + exe_ext) if not os.path.exists(self.path_to_exe): raise IngestModuleException('Executable file not found!') try: current_case = Case.getCurrentCaseThrows() # create artifacts self.dictionary_art_type = self.createCustomArtifactType(current_case, self.GBOARD_DICTIONARY_ARTIFACT, 'Gboard Dictionary') self.tc_history_timeline_art_type = self.createCustomArtifactType(current_case, self.GBOARD_TC_HISTORY_TIMELINE_ARTIFACT, 'Gboard History Timeline') self.tc_raw_assembled_timeline_art_type = self.createCustomArtifactType(current_case, self.GBOARD_TC_RAW_ASSEMBLED_TIMELINE_ARTIFACT, 'Gboard Assembled Timeline') self.tc_processed_history_art_type = self.createCustomArtifactType(current_case, self.GBOARD_TC_PROCESSED_HISTORY_ARTIFACT, 'Gboard Processed History') self.emojis_art_type = self.createCustomArtifactType(current_case, self.GBOARD_EMOJIS_ARTIFACT, 'Gboard Expression History: Emojis') self.emoticons_art_type = self.createCustomArtifactType(current_case, self.GBOARD_EMOTICONS_ARTIFACT, 'Gboard Expression History: Emoticons') self.translate_art_type = self.createCustomArtifactType(current_case, self.GBOARD_TRANSLATE_ARTIFACT, 'Gboard Translate Cache') # emojis and emoticons attributes self.expression_shares_attr_type = self.createCustomAttributeType(current_case, self.GBOARD_EXPRESSION_SHARES_ATTRIBUTE, 'Shares') self.expression_emoji_attr_type = self.createCustomAttributeType(current_case, self.GBOARD_EXPRESSION_EMOJI_ATTRIBUTE, 'Emoji') self.expression_base_emoji_attr_type = self.createCustomAttributeType(current_case, self.GBOARD_EXPRESSION_BASE_EMOJI_ATTRIBUTE, 'Base Emoji') self.expression_emoticon_attr_type = self.createCustomAttributeType(current_case, self.GBOARD_EXPRESSION_EMOTICON_ATTRIBUTE, 'Emoticon') # training cache attributes self.tc_delete_flag_attr_type = self.createCustomAttributeType(current_case, self.GBOARD_TC_DELETE_FLAG_ATTRIBUTE, 'Deleted?') # clipboard attributes self.clipboard_attr_type = self.createCustomAttributeType(current_case, self.GBOARD_CLIPBOARD_ATTRIBUTE, 'Gboard Clipboard') self.clipboard_html_text_attr_type = self.createCustomAttributeType(current_case, self.GBOARD_CLIPBOARD_HTML_TEXT_ATTRIBUTE, 'HTML Text') # dictionary attributes self.dictionary_word_attr_type = self.createCustomAttributeType(current_case, self.GBOARD_DICTIONARY_WORD_ATTRIBUTE, 'Word') self.dictionary_shortcut_attr_type = self.createCustomAttributeType(current_case, self.GBOARD_DICTIONARY_SHORTCUT_ATTRIBUTE, 'Shortcut') self.dictionary_locale_attr_type = self.createCustomAttributeType(current_case, self.GBOARD_DICTIONARY_LOCALE_ATTRIBUTE, 'Locale') # translation cache attributes self.translate_original_attr_type = self.createCustomAttributeType(current_case, self.GBOARD_TRANSLATE_ORIGINAL_ATTRIBUTE, 'Original Text') self.translate_translated_attr_type = self.createCustomAttributeType(current_case, self.GBOARD_TRANSLATE_TRANSLATED_ATTRIBUTE, 'Translated Text') self.translate_from_attr_type = self.createCustomAttributeType(current_case, self.GBOARD_TRANSLATE_FROM_ATTRIBUTE, 'From Language') self.translate_to_attr_type = self.createCustomAttributeType(current_case, self.GBOARD_TRANSLATE_TO_ATTRIBUTE, 'To Language') self.translate_url_attr_type = self.createCustomAttributeType(current_case, self.GBOARD_TRANSLATE_URL_ATTRIBUTE, 'Request URL') except NoCurrentCaseException as ex: self.log(Level.WARNING, "No case currently open. " + ex)
def startUp(self, context): self.context = context # Get path to EXE based on where this script is run from. # Assumes EXE is in same folder as script # Verify it is there before any ingest starts if PlatformUtil.isWindowsOS(): self.path_to_exe = os.path.join( os.path.dirname(os.path.abspath(__file__)), "export_EVTX.exe") if not os.path.exists(self.path_to_exe): raise IngestModuleException( "EXE was not found in module folder") else: self.path_to_exe = os.path.join( os.path.dirname(os.path.abspath(__file__)), "Export_EVTX") if not os.path.exists(self.path_to_exe): raise IngestModuleException( "Linux executable was not found in module folder") if self.local_settings.getFlag(): self.List_Of_Events.append('ALL') #self.logger.logp(Level.INFO, Process_EVTX1WithUI.__name__, "startUp", "All Events CHecked") else: #self.logger.logp(Level.INFO, Process_EVTX1WithUI.__name__, "startUp", "No Boxes Checked") if self.local_settings.getFlag1(): self.List_Of_Events.append('Application.Evtx') if self.local_settings.getFlag2(): self.List_Of_Events.append('Security.Evtx') if self.local_settings.getFlag3(): self.List_Of_Events.append('System.Evtx') if self.local_settings.getFlag4(): self.List_Of_Events.append('Other') Event_List = self.local_settings.getArea().split() for evt in Event_List: self.List_Of_Events.append(str(evt)) #self.logger.logp(Level.INFO, Process_EVTX1WithUI.__name__, "startUp", str(self.List_Of_Events)) # self.log(Level.INFO, "List Of Events ==> " + str(self.List_Of_Events) + " <== Number of Events ==> " + str(len(self.List_Of_Events))) # if len(self.List_Of_Events) < 1: # message = IngestMessage.createMessage(IngestMessage.MessageType.DATA, "ParseEvtx", " No Event Logs Selected to Parse " ) # IngestServices.getInstance().postMessage(message) # raise IngestModuleException("No Events were Selected") # Throw an IngestModule.IngestModuleException exception if there was a problem setting up # raise IngestModuleException(IngestModule(), "Oh No!") pass
def process(self, file): skCase = Case.getCurrentCase().getSleuthkitCase() artID_ns_ss = skCase.getArtifactType("TSK_ART_NS_SCREENSHOTS") artID_ns_ss_id = skCase.getArtifactTypeID("TSK_ART_NS_SCREENSHOTS") attID_ns_gid = skCase.getAttributeType("TSK_ATT_NS_GAME") attID_ns_ts = skCase.getAttributeType("TSK_ATT_NS_TIMESTAMP") # Skip non-files if ((file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS) or (file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS) or (file.isFile() is False)): return IngestModule.ProcessResult.OK # Flag files with .jpg in the name and make a blackboard artifact. if file.getName().lower().endswith(".jpg") or file.getName().lower().endswith(".mp4") or file.getName().lower().endswith(".png"): if re.match(r"[0-9]{16}-[0-9a-fA-F]{32}\.(jpg|png|mp4)", file.getName()): self.log(Level.INFO, "Found a Switch screenshot: " + file.getName()) self.filesFound += 1 self.path_to_data = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'game_hash_ids.json') if not os.path.exists(self.path_to_data): raise IngestModuleException("game_ids was not found in module folder") filename = file.getName().upper() timestamp = filename.split("-")[0] parsed_ts = datetime.strptime(timestamp, "%Y%m%d%H%M%S%f").strftime('%H:%M %d/%m/%Y') gameID = filename.split("-")[1].split(".")[0] with open(self.path_to_data, "r") as data_file: gids = json.load(data_file) if gameID in gids: game = gids[gameID] else: game = "Unknown gameID" # Don't add to blackboard if the artifact already exists artifactList = file.getArtifacts(artID_ns_ss_id) for artifact in artifactList: dupe_test = artifact.getAttribute(attID_ns_gid) if dupe_test: return IngestModule.ProcessResult.OK art = file.newArtifact(artID_ns_ss_id) art.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(), FindScreenshotsIngestModuleFactory.moduleName, "Nintendo Switch - Screenshots")) art.addAttribute(BlackboardAttribute(attID_ns_gid, FindScreenshotsIngestModuleFactory.moduleName, game)) art.addAttribute(BlackboardAttribute(attID_ns_ts, FindScreenshotsIngestModuleFactory.moduleName, parsed_ts)) # Fire an event to notify the UI and others that there is a new artifact IngestServices.getInstance().fireModuleDataEvent(ModuleDataEvent(FindScreenshotsIngestModuleFactory.moduleName, artID_ns_ss, None)) return IngestModule.ProcessResult.OK
def startUp(self, context): self.context = context # Get path to EXE based on where this script is run from. # Assumes EXE is in same folder as script # Verify it is there before any ingest starts self.path_to_exe = os.path.join(os.path.dirname(os.path.abspath(__file__)), "img_stat.exe") if not os.path.exists(self.path_to_exe): raise IngestModuleException("EXE was not found in module folder")
def startUp(self, context): self.context = context # Get path to EXE based on where this script is run from. # Assumes EXE is in same folder as script # Verify it is there before any ingest starts if PlatformUtil.isWindowsOS(): self.path_to_recentApps_exe = os.path.join(os.path.dirname(os.path.abspath(__file__)), "show_ccm_recentlyusedapps.exe") if not os.path.exists(self.path_to_recentApps_exe): raise IngestModuleException("Windows executable was not found in module folder") elif PlatformUtil.getOSName() == 'Linux': self.path_to_recentApps_exe = os.path.join(os.path.dirname(os.path.abspath(__file__)), "show_CCM_RecentlyUsedApps") if not os.path.exists(self.path_to_recentApps_exe): raise IngestModuleException("Linux Executable was not found in module folder") # Throw an IngestModule.IngestModuleException exception if there was a problem setting up # raise IngestModuleException(IngestModule(), "Oh No!") pass
def getIngestJobSettingsPanel(self, settings): if not isinstance(settings, AutopsyImageClassificationModuleWithUISettings): err_1 = "Expected 'settings' argument to be" \ "'AutopsyImageClassificationModuleWithUISettings'" raise IngestModuleException(err_1) self.settings = settings return AutopsyImageClassificationModuleWithUISettingsPanel( self.settings)
def startUp(self, context): self.context = context #Show parameters that are passed in self.Volatility_Executable = self.local_settings.getSetting( 'Volatility_Directory') Plugins = self.local_settings.getSetting('PluginListBox') Plugins = Plugins.replace("[", "") Plugins = Plugins.replace("]", "") Plugins = Plugins.replace(" ", "") self.Plugins = Plugins.split(",") self.log(Level.INFO, "List Box Entry Starts here =====>") self.log(Level.INFO, str(self.Plugins)) for num in range(0, len(self.Plugins)): self.log(Level.INFO, str(self.Plugins[num])) self.log(Level.INFO, "<====== List Box Entry Ends here") self.Profile = self.local_settings.getSetting('Profile') self.Volatility_Version = self.local_settings.getSetting('Version') #self.Process_Ids_To_Dump = self.local_settings.getProcessIDs() Pids = self.local_settings.getSetting('ProcessIDs') if Pids == None: pass else: self.Process_Ids_To_Dump = Pids.split(",") if self.Profile == 'Autodetect': self.isAutodetect = True else: self.isAutodetect = False self.log( Level.INFO, "Volatility Executable ==> " + self.local_settings.getSetting('Volatility_Directory')) self.log(Level.INFO, "Volatility Profile to use ==> " + self.Profile) self.log(Level.INFO, "Volatility Plugins to use ==> " + str(self.Plugins)) self.log( Level.INFO, "Additional Parms ==> " + str(self.Process_Ids_To_Dump) + "<<") self.log(Level.INFO, "Additional Parms ==> " + Pids + "<<") # Check to see if the file to execute exists, if it does not then raise an exception and log error # data is taken from the UI if 'vol.py' in self.Volatility_Executable: self.Python_Program = True if not os.path.exists(self.Volatility_Executable): raise IngestModuleException( "Volatility File to Run/execute does not exist.") # Throw an IngestModule.IngestModuleException exception if there was a problem setting up #raise IngestModuleException(IngestModule(), "Oh No!") pass
def startUp(self, context): self.context = context # Get path to EXE based on where this script is run from. # Assumes EXE is in same folder as script # Verify it is there before any ingest starts absolute_path = os.path.dirname(os.path.abspath(__file__)) self.path_to_exe = absolute_path + "\\atpr_exe\\ATPR.exe" self.log(Level.INFO, self.path_to_exe) #self.path_to_exe = os.path.join(os.path.dirname(os.path.abspath(__file__)), "\\atpr_exe\\ATPR.exe") if not os.path.exists(self.path_to_exe): raise IngestModuleException("EXE was not found in module folder") #self.path_to_dirs = os.path.join(os.path.dirname(os.path.abspath(__file__)), "\\dicts\\") self.path_to_dirs = absolute_path + "\\dicts\\" if not os.path.exists(self.path_to_dirs): raise IngestModuleException( "Dicts were not found in module folder")
def startUp(self, context): self.context = context # Check if the arser for .evtx is in place - i.e., the export_evtx.exe if PlatformUtil.isWindowsOS(): self.path_to_exe = os.path.join( os.path.dirname(os.path.abspath(__file__)), "export_EVTX.exe") if not os.path.exists(self.path_to_exe): # stop ingest module and return error raise IngestModuleException( "EXE was not found in module folder")
def getSettings(self): if not os.path.isfile(self.config_location): self.log( Level.INFO, "Configuration file not found, loading the default configuration" ) self.local_settings.setServerHost(DEFAULT_HOST) self.local_settings.setServerPort(DEFAULT_PORT) self.local_settings.setImageFormats(DEFAULT_IMAGES_FORMAT) self.local_settings.setMinFileSize(DEFAULT_MIN_FILE_SIZE) self.local_settings.setMinProbability(DEFAULT_MIN_PROBABILITY) self.local_settings.setClassesOfInterest( json.loads(DEFAULT_CLASSES_OF_INTEREST)) # self.saveSettings(None) return self.local_settings else: if not os.access(self.config_location, os.R_OK): err_string = "Cannot access configuration file, please review the file permissions" raise IngestModuleException(err_string) with io.open(self.config_location, 'r', encoding='utf-8') as f: self.log(Level.INFO, "Configuration file read") json_configs = json.load(f) self.local_settings.setServerHost(json_configs['server']['host']) self.local_settings.setServerPort(json_configs['server']['port']) image_formats = json_configs['imageFormats'] if not isinstance(image_formats, list) or len(image_formats) == 0: err_string = "Invalid list of image formats given" raise IngestModuleException(err_string) self.local_settings.setImageFormats(image_formats) self.local_settings.setMinFileSize(json_configs['minFileSize']) self.local_settings.setMinProbability( json_configs['minProbability']) self.local_settings.setClassesOfInterest( json_configs['classesOfInterest']) return self.local_settings
def get_input_dir(self, file_manager): files = file_manager.findFiles("%" + GBOARD_PACKAGE_NAME + "%") for file in files: if file.isFile(): path = file.getLocalAbsPath() if not path: continue return find_first_folder(path, GBOARD_PACKAGE_NAME) raise IngestModuleException('Folder ' + GBOARD_PACKAGE_NAME + ' not found in current case!')