modified photorec and regripper to work on linux

This commit is contained in:
rishwanth 2018-02-12 08:54:43 -05:00
parent 4718cf7c28
commit 683f0b7430
6 changed files with 44 additions and 43 deletions

View File

@ -79,7 +79,6 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {
private static final String PHOTOREC_DIRECTORY = "photorec_exec"; //NON-NLS
private static final String PHOTOREC_EXECUTABLE = "photorec_win.exe"; //NON-NLS
private static String photorec_linux_directory;
private static final String PHOTOREC_LINUX_EXECUTABLE = "photorec";
private static final String PHOTOREC_RESULTS_BASE = "results"; //NON-NLS
private static final String PHOTOREC_RESULTS_EXTENDED = "results.1"; //NON-NLS
@ -140,11 +139,7 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {
this.rootOutputDirPath = createModuleOutputDirectoryForCase();
//Set photorec executable directory based on operating system.
try {
executableFile = locateExecutable();
} catch (IOException ex) {
Exceptions.printStackTrace(ex);
}
if (PhotoRecCarverFileIngestModule.refCounter.incrementAndGet(this.jobId) == 1) {
try {
@ -442,20 +437,22 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {
*
* @throws IngestModuleException
*/
public static File locateExecutable() throws IngestModule.IngestModuleException, IOException {
public static File locateExecutable() throws IngestModule.IngestModuleException {
File exeFile = null;
Path execName = null;
String photorec_linux_directory = "/usr/bin";
if (PlatformUtil.isWindowsOS()) {
execName = Paths.get(PHOTOREC_DIRECTORY, PHOTOREC_EXECUTABLE);
exeFile = InstalledFileLocator.getDefault().locate(execName.toString(), PhotoRecCarverFileIngestModule.class.getPackage().getName(), false);
} else {
if (checkPhotorec("photorec", new File("/usr/bin"))) {
File usrBin = new File("/usr/bin/photorec");
File usrLocalBin = new File("/usr/local/bin/photorec");
if (usrBin.canExecute() && usrBin.exists() && !usrBin.isDirectory()) {
photorec_linux_directory = "/usr/bin";
}else if(checkPhotorec("photorec", new File("/usr/local/bin"))){
}else if(usrLocalBin.canExecute() && usrLocalBin.exists() && !usrLocalBin.isDirectory()){
photorec_linux_directory = "/usr/local/bin";
}else{
exeFile = null;
throw new IngestModule.IngestModuleException("Photorec not found");
}
execName = Paths.get(photorec_linux_directory, PHOTOREC_LINUX_EXECUTABLE);
exeFile = new File(execName.toString());
@ -473,18 +470,4 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {
return exeFile;
}
public static boolean checkPhotorec(String name, File file) {
File[] list = file.listFiles();
if (list != null) {
for (File fil : list) {
if (fil.isDirectory()) {
checkPhotorec(name, fil);
} else if (name.equals(fil.getName())) {
return true;
}
}
}
return false;
}
}

View File

@ -76,10 +76,13 @@ class ExtractRegistry extends Extract {
final private static UsbDeviceIdMapper USB_MAPPER = new UsbDeviceIdMapper();
final private static String RIP_EXE = "rip.exe";
final private static String RIP_PL = "rip.pl";
private static String PERL = "perl ";
private List<String> rrCmd = new ArrayList<>();
private List<String> rrFullCmd= new ArrayList<>();
ExtractRegistry() throws IngestModuleException {
moduleName = NbBundle.getMessage(ExtractIE.class, "ExtractRegistry.moduleName.text");
final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false); //NON-NLS
if (rrRoot == null) {
throw new IngestModuleException(Bundle.RegRipperNotFound());
@ -105,12 +108,26 @@ class ExtractRegistry extends Extract {
if (!(new File(RR_FULL_PATH).exists())) {
throw new IngestModuleException(Bundle.RegRipperFullNotFound());
}
if (!PlatformUtil.isWindowsOS()) {
PERL = "/usr/bin/perl";
if(PlatformUtil.isWindowsOS()){
rrCmd.add(RR_PATH);
rrFullCmd.add(RR_FULL_PATH);
}else{
String perl;
File usrBin = new File("/usr/bin/perl");
File usrLocalBin = new File("/usr/local/bin/perl");
if(usrBin.canExecute() && usrBin.exists() && !usrBin.isDirectory()){
perl = "/usr/bin/perl";
}else if(usrLocalBin.canExecute() && usrLocalBin.exists() && !usrLocalBin.isDirectory()){
perl = "/usr/local/bin/perl";
}else{
throw new IngestModuleException("perl not found in your system");
}
rrCmd.add(perl);
rrCmd.add(RR_PATH);
rrFullCmd.add(perl);
rrFullCmd.add(RR_FULL_PATH);
}
}
/**
* Search for the registry hives on the system.
*/
@ -261,7 +278,7 @@ class ExtractRegistry extends Extract {
regOutputFiles.autopsyPlugins = outFilePathBase + "-autopsy.txt"; //NON-NLS
String errFilePath = outFilePathBase + "-autopsy.err.txt"; //NON-NLS
logger.log(Level.INFO, "Writing RegRipper results to: {0}", regOutputFiles.autopsyPlugins); //NON-NLS
executeRegRipper(RR_PATH, rrHome, regFilePath, autopsyType, regOutputFiles.autopsyPlugins, errFilePath);
executeRegRipper(rrCmd, rrHome, regFilePath, autopsyType, regOutputFiles.autopsyPlugins, errFilePath);
}
if (context.dataSourceIngestIsCancelled()) {
return regOutputFiles;
@ -272,16 +289,17 @@ class ExtractRegistry extends Extract {
regOutputFiles.fullPlugins = outFilePathBase + "-full.txt"; //NON-NLS
String errFilePath = outFilePathBase + "-full.err.txt"; //NON-NLS
logger.log(Level.INFO, "Writing Full RegRipper results to: {0}", regOutputFiles.fullPlugins); //NON-NLS
executeRegRipper(RR_FULL_PATH, rrFullHome, regFilePath, fullType, regOutputFiles.fullPlugins, errFilePath);
executeRegRipper(rrFullCmd, rrFullHome, regFilePath, fullType, regOutputFiles.fullPlugins, errFilePath);
}
return regOutputFiles;
}
private void executeRegRipper(String regRipperPath, Path regRipperHomeDir, String hiveFilePath, String hiveFileType, String outputFile, String errFile) {
private void executeRegRipper(List<String> regRipperPath, Path regRipperHomeDir, String hiveFilePath, String hiveFileType, String outputFile, String errFile) {
try {
List<String> commandLine = new ArrayList<>();
commandLine.add(PERL);
commandLine.add(regRipperPath);
for(String cmd: regRipperPath){
commandLine.add(cmd);
}
commandLine.add("-r"); //NON-NLS
commandLine.add(hiveFilePath);
commandLine.add("-f"); //NON-NLS

View File

@ -1,4 +1,4 @@
#! /usr/bin/perl
#! c:\perl\bin\perl.exe
#-------------------------------------------------------------------------
# Rip - RegRipper, CLI version
# Use this utility to run a plugins file or a single plugin against a Reg

View File

@ -1,4 +1,4 @@
#! /usr/bin/perl
#! c:\perl\bin\perl.exe
#-----------------------------------------------------------
# Registry Ripper
# Parse a Registry hive file for data pertinent to an investigation

View File

@ -1,4 +1,4 @@
#! /usr/bin/perl
#! c:\perl\bin\perl.exe
#-------------------------------------------------------------------------
# Rip - RegRipper, CLI version
# Use this utility to run a plugins file or a single plugin against a Reg

2
thirdparty/rr/rr.pl vendored
View File

@ -1,4 +1,4 @@
#!/usr/bin/perl
#! c:\perl\bin\perl.exe
#-----------------------------------------------------------
# Registry Ripper
# Parse a Registry hive file for data pertinent to an investigation