Update the manifest tool to support bitlocker

Update the manifest tool to support bitlocker, adding in password field for single source.
2025-07-06 12:50:22 +00:00 · 2025-01-21 12:00:09 -05:00 · 2025-01-21 12:00:09 -05:00 · ecaf281c15
commit ecaf281c15
parent 4a8a66754f
3 changed files with 82 additions and 50 deletions
--- a/Tools/ManifestTool/ManifestGenerationAlgorithms.au3
+++ b/Tools/ManifestTool/ManifestGenerationAlgorithms.au3
@ -25,7 +25,7 @@
 #include <GuiEdit.au3>
 #include <Date.au3>

-;Get the list of names of algorithms 
+;Get the list of names of algorithms
 Global $algorithms[3] ;increase size of array when adding new algorithms
 $algorithms[0] = "Single data source"
 $algorithms[1] = "Folder of logical files"
@ -45,7 +45,7 @@ Global $manifestExtension = ".xml"
 ;Return an array containing the names of all algorithms
 Func GetAlgorithmNames()
 	Return $algorithms
-EndFunc   
+EndFunc

 ;Return the description for the specified algorithm index
 Func GetAlgorithmDescription($index)
@ -82,29 +82,29 @@ Func GenerateCaseNameAndWriteManifestFile($caseDir, $subDirName, $manifestFile)
 	Local $dataSourcePath = ""
 	;If the manifestDirectory is not Null use it for the file name
 	if ($subDirName <> Null) Then
-		$manifestName = $subDirName 
-		$dataSourcePath = $manifestName 
+		$manifestName = $subDirName
+		$dataSourcePath = $manifestName
 		if ($manifestFile <> Null) Then
 			$dataSourcePath = $dataSourcePath & "\" & $manifestFile
 		EndIf
-	;If the manifestDirectory was Null then use the file name 
+	;If the manifestDirectory was Null then use the file name
 	ElseIf ($manifestFile <> Null) Then
 		$manifestName = $manifestFile
-		$dataSourcePath = $manifestName 
-	Else 
+		$dataSourcePath = $manifestName
+	Else
 		UpdateProgressArea("ERROR: Invalid arguements provided, unable to create manifest file")
 		Return
 	EndIf
-	
+
 	Local $splitCaseDir = StringSplit($caseDir, "\", $STR_ENTIRESPLIT)
 	$caseName = $splitCaseDir[$splitCaseDir[0]]
-	
+
 	Local $manfiestFilePath = $caseDir & "\" & $manifestName & "_" & $manifestFileNameEnd & $manifestExtension
-	WriteManifestFile($manfiestFilePath, $manifestName, $caseName, $dataSourcePath)
+	WriteManifestFile($manfiestFilePath, $manifestName, $caseName, "", $dataSourcePath)
 EndFunc

-;Write the specified manifest file.  
-Func WriteManifestFile($manifestFilePath, $manifestName, $caseName, $dataSourcePath)
+;Write the specified manifest file.
+Func WriteManifestFile($manifestFilePath, $manifestName, $caseName, $password, $dataSourcePath)
 	_FileCreate($manifestFilePath)
 	Local $fileHandle = FileOpen($manifestFilePath, $FO_APPEND)
 	If $fileHandle == -1 Then
@ -114,41 +114,49 @@ Func WriteManifestFile($manifestFilePath, $manifestName, $caseName, $dataSourceP
 	FileWrite($fileHandle,'<?xml version="1.0" encoding="UTF-8" standalone="no"?>' & @CRLF)
 	FileWrite($fileHandle,'<AutopsyManifest>' & @CRLF)
 	FileWrite($fileHandle,'<CaseName>' & $caseName &'</CaseName>' & @CRLF)
-	;Device ID is not a required field 
+	if Not($password == "") or Not(StringLen($password) == 0) Then
+		FileWrite($fileHandle,'<Password>' & $password &'</Password>' & @CRLF)
+	EndIf
+	;Device ID is not a required field
 	FileWrite($fileHandle,'<DataSource>' & $dataSourcePath & '</DataSource>' & @CRLF)
 	FileWrite($fileHandle,'</AutopsyManifest>' & @CRLF)
 	FileClose($fileHandle)
 	UpdateProgressArea($manifestName & " manifest created")
 EndFunc

-;get the extension of a file 
+;get the extension of a file
 Func GetFileExtension($fileName)
+	Local $drive
+	Local $dir
+	Local $fName
 	Local $fileExtension
-	_PathSplit ($fileName, "", "", "", $fileExtension)
+	local $pathSplit = _PathSplit ($fileName, $drive, $dir, $fName, $fileExtension)
 	Return $fileExtension
 EndFunc

 ;Return 0 for false if no manifest files exist in the caseDir, or 1 for true if manifest files do exist
 Func ManifestFilesAlreadyExist($fileList)
-	Local $fileName 
+	Local $fileName
 	Local $fileExtension
+	Local $drive
+	Local $dir
 	For $i = 1 To $fileList[0] Step 1
-		_PathSplit ($fileList[$i], "", "", $fileName, $fileExtension)
+		_PathSplit ($fileList[$i], $drive, $dir, $fileName, $fileExtension)
 		If StringCompare($fileExtension, $manifestExtension, $STR_NOCASESENSE) == 0 Then
 			Local $splitFileName = StringSplit($fileName, "_", $STR_ENTIRESPLIT)
-			if $splitFileName[0] > 1 Then ;It split into more than one chunk so the last chunk should match our _Manifest 
+			if $splitFileName[0] > 1 Then ;It split into more than one chunk so the last chunk should match our _Manifest
 				If StringCompare($splitFileName[$splitFileName[0]], $manifestFileNameEnd, $STR_NOCASESENSE) == 0 Then
 					UpdateProgressArea("Folder already contains manifest file: " & $fileList[$i])
 					Return 1
 				EndIf
 			EndIf
-		EndIf		
+		EndIf
 	Next
 	Return 0
 EndFunc

 ;Check if a manifest file already exists for a specific datasource in the case Dir
-;Return 1 if a manifest exists 
+;Return 1 if a manifest exists
 ;Return 0 if no manifest exists
 Func ManifestAlreadyExists($manifestFilePath)
 	If FileExists($manifestFilePath) == 1 Then
@ -159,7 +167,7 @@ Func ManifestAlreadyExists($manifestFilePath)
 EndFunc


-;Algorithm for the "One Data Source Per Folder" 
+;Algorithm for the "One Data Source Per Folder"
 ;Creates manifest files
 Func OneDataSourcePerFolder($settings)
 	Local $validDirectory = 1
@ -171,9 +179,9 @@ Func OneDataSourcePerFolder($settings)
 	if ($caseDirSplit[0] > 1) Then
 		;if case folder is longer than one directory display just the directory name in progress messages
 		$caseDirName = $caseDirSplit[$caseDirSplit[0]]
-	Else 
+	Else
 		;if there is only one directory use the entire case dir path
-	EndIf	
+	EndIf
 	If (@error == 1)	Then
 		$validDirectory = 0
 		UpdateProgressArea("ERROR: " & $caseDirName & " not found")
@ -188,7 +196,7 @@ Func OneDataSourcePerFolder($settings)
 		MsgBox($MB_OK, "Selected Directory Empty", "Selected directory " & $caseDirName & " did not contain any subfolders to use as data sources for manifest files.")
 		$validDirectory = 0
 	EndIf
-	
+
 	If $validDirectory = 1 Then
 		Local $validExtensions[4] = [".e01", ".l01", ".001", ".ad1"]  ;valid extensions for the One Data Source Per Folder algorithm
 		Local $subDirectoryFileList
@ -222,7 +230,7 @@ Func OneDataSourcePerFolder($settings)
 				If (ManifestAlreadyExists($manifestFilePath) <> 1) Then
 					;should only be one file and it should end with a valid extension add as image file, or the whole directory is added as a logical file set
 					GenerateCaseNameAndWriteManifestFile($caseDir, $manifestDirName, $manifestFile)
-				Else 
+				Else
 					UpdateProgressArea($manifestDirName & " manifest exists, skipping")
 				EndIf
 			EndIf
@ -233,22 +241,23 @@ EndFunc

 ;Create a manifest file for a single data source in the same directory that contains the data source (also used for Folder of Logical Files)
 Func SingleDataSource($settings)
-	Local $dataSourcePath = $settings[0] 
+	Local $dataSourcePath = $settings[0]
 	Local $caseDir = ""
 	Local $caseDrive = ""
 	Local $dsName = ""
 	Local $dsExtension = ""
 	_PathSplit ($dataSourcePath, $caseDrive, $caseDir, $dsName, $dsExtension)
-	$caseDir = $caseDrive & $caseDir 
+	$caseDir = $caseDrive & $caseDir
 	Local $caseName = $settings[1]
+	Local $password = $settings[2]
 	Local $manfiestFilePath = $caseDir & "\" & $dsName & "_" & $manifestFileNameEnd & $manifestExtension
 	If (ManifestAlreadyExists($manfiestFilePath) <> 1) Then
 		;should only be one file and it should end with a valid extension add as image file, or the whole directory is added as a logical file set
-		WriteManifestFile($manfiestFilePath, $dsName, $caseName, $dsName & $dsExtension)
-	Else 
+		WriteManifestFile($manfiestFilePath, $dsName, $caseName, $password, $dsName & $dsExtension)
+	Else
 		UpdateProgressArea($dsName & " manifest exists, skipping")
 	EndIf
-	
+
 EndFunc

 ;Algorithm for the All Files in One Folder
@ -270,7 +279,7 @@ Func AllFilesInOneFolder($settings)
 			$validDirectory = 0
 		EndIf
 		;An acceptable condition as no files means no manifest files
-	ElseIf ManifestFilesAlreadyExist($fileList) == 1 Then  
+	ElseIf ManifestFilesAlreadyExist($fileList) == 1 Then
 		UpdateProgressArea("Selected directory " & $caseDir & " already contains manifest files, they must be deleted before generating new ones")
 		MsgBox($MB_OK, "Manifest Files Exist", "Selected directory " & $caseDir & " already contains manifest files, they must be deleted before generating new ones")
 		$validDirectory = 0
--- a/Tools/ManifestTool/ManifestTool.au3
+++ b/Tools/ManifestTool/ManifestTool.au3
@ -89,9 +89,17 @@ $distanceFromLeft = $leftMargin
 $distanceFromTop = $distanceFromTop + $fieldHeight + $gapBetweenHeight

 Global $caseNameLabel = GUICtrlCreateLabel("Case Name", $distanceFromLeft, $distanceFromTop+$labelOffset)
-$distanceFromLeft = $distanceFromLeft+$labelWidth+$gapBetweenWidth 
+$distanceFromLeft = $distanceFromLeft+$labelWidth+$gapBetweenWidth
 Global $caseNameField = GUICtrlCreateInput("", $distanceFromLeft, $distanceFromTop, $fieldWidth, $fieldHeight)
+$distanceFromLeft = $leftMargin
+$distanceFromTop = $distanceFromTop + $fieldHeight + $gapBetweenHeight
+
+Global $passwordLabel = GUICtrlCreateLabel("Password", $distanceFromLeft, $distanceFromTop+$labelOffset)
+$distanceFromLeft = $distanceFromLeft+$labelWidth+$gapBetweenWidth
+Global $passwordField = GUICtrlCreateInput("", $distanceFromLeft, $distanceFromTop, $fieldWidth, $fieldHeight)
 $distanceFromLeft = $distanceFromLeft +$fieldWidth+$gapBetweenWidth
+Global $optionalLabel = GUICtrlCreateLabel("* Optional", $distanceFromLeft, $distanceFromTop)
+;$distanceFromLeft = $distanceFromLeft-$fieldWidth+$gapBetweenWidth
 $distanceFromTop = $distanceFromTop + $fieldHeight + $gapBetweenHeight

 $distanceFromTop = $distanceFromTop + $gapBetweenHeight ;add an extra gap before Generate Manifest button
@ -167,7 +175,7 @@ Func WritePropertiesFile()
 	EndIf
 	FileWrite($propertiesFileHandle, GUICtrlRead($algorithmComboBox) & @CRLF)
 	FileWrite($propertiesFileHandle, $defaultDirectory & @CRLF)
-	FileClose($propertiesFileHandle) 
+	FileClose($propertiesFileHandle)
 EndFunc


@ -195,10 +203,13 @@ Func ChangeToSingleDataSourceGUI()
 	GUICtrlSetData($caseDirectoryLabel, "Data Source")
 	GUICtrlSetState($caseNameField, $GUI_SHOW)
 	GUICtrlSetState($caseNameLabel, $GUI_SHOW)
+	GUICtrlSetState($passwordField, $GUI_SHOW)
+	GUICtrlSetState($passwordLabel, $GUI_SHOW)
+	GUICtrlSetState($optionalLabel, $GUI_SHOW)
 	GUICtrlSetOnEvent($browseButton, "BrowseForDataSourceFile")
 	GUICtrlSetState($generateManifestButton, $GUI_DISABLE)

-EndFunc 
+EndFunc

 ;Change the controls displayed in the GUI to the ones needed for the Folder of Logical Files algorithm
 Func ChangeToFolderOfLogicalFilesGUI()
@ -207,9 +218,12 @@ Func ChangeToFolderOfLogicalFilesGUI()
 	GUICtrlSetData($caseDirectoryLabel, "Data Source")
 	GUICtrlSetState($caseNameField, $GUI_SHOW)
 	GUICtrlSetState($caseNameLabel, $GUI_SHOW)
+	GUICtrlSetState($passwordField, $GUI_HIDE)
+	GUICtrlSetState($passwordLabel, $GUI_HIDE)
+	GUICtrlSetState($optionalLabel, $GUI_HIDE)
 	GUICtrlSetOnEvent($browseButton, "Browse")
 	GUICtrlSetState($generateManifestButton, $GUI_DISABLE)
-EndFunc 
+EndFunc

 ;Change the controls displayed in the GUI to the ones needed for One Data Source Per Folder
 Func ChangeToDefaultGUI()
@ -219,6 +233,9 @@ Func ChangeToDefaultGUI()
 	GUICtrlSetState($caseDirectoryLabel, $GUI_SHOW)
 	GUICtrlSetState($caseNameField, $GUI_HIDE)
 	GUICtrlSetState($caseNameLabel, $GUI_HIDE)
+	GUICtrlSetState($passwordField, $GUI_HIDE)
+	GUICtrlSetState($passwordLabel, $GUI_HIDE)
+	GUICtrlSetState($optionalLabel, $GUI_HIDE)
 	GUICtrlSetOnEvent($browseButton, "Browse")
 	;rename to RootDirectory to root directory
 	;hide case name field
@ -241,28 +258,29 @@ Func ValidateFields($oldCaseName, $oldRootFolder)
 	EndIf
 EndFunc

-;ensure that the settings for the default algorithm are valid before enabling it 
+;ensure that the settings for the default algorithm are valid before enabling it
 Func ValidateDefaultFields($rootFolderPath)
 	if ($rootFolderPath <> "" And FileExists($rootFolderPath)) Then
-		GUICtrlSetState($generateManifestButton, $GUI_ENABLE)			
+		GUICtrlSetState($generateManifestButton, $GUI_ENABLE)
 	Else
-		GUICtrlSetState($generateManifestButton, $GUI_DISABLE)	
+		GUICtrlSetState($generateManifestButton, $GUI_DISABLE)
 	EndIf
 EndFunc

-;ensure that the settings for the Single Data Source and Folder of Logical Files algorithms are valid 
+;ensure that the settings for the Single Data Source and Folder of Logical Files algorithms are valid
 Func ValidateSingleDataSourceFields($dataSourcePath, $caseName)
 	if ($dataSourcePath <> "" And FileExists($dataSourcePath) And $caseName <> "") Then
 		GUICtrlSetState($generateManifestButton, $GUI_ENABLE)
-	Else		
-		GUICtrlSetState($generateManifestButton, $GUI_DISABLE)	
-	EndIf	
+	Else
+		GUICtrlSetState($generateManifestButton, $GUI_DISABLE)
+	EndIf
 EndFunc

 ;clear all input fields, and reset them to an empty string
 Func ClearFields()
 	GUICtrlSetData($rootFolderField, "")
 	GUICtrlSetData($caseNameField, "")
+	GUICtrlSetData($passwordField, "")
 EndFunc

 ;Open a directory chooser
@ -272,9 +290,11 @@ Func Browse()
 	Local $selectedDirectory = FileSelectFolder("Select Folder", $defaultDirectory)
 	Local $caseDir = ""
 	Local $caseDrive = ""
+	Local $fileName = ""
+	Local $fileExtension = ""
 	If (FileExists($selectedDirectory)) Then
-		_PathSplit($selectedDirectory, $caseDrive, $caseDir, "", "")
-		$defaultDirectory  = $caseDrive & $caseDir 
+		_PathSplit($selectedDirectory, $caseDrive, $caseDir, $fileName, $fileExtension)
+		$defaultDirectory  = $caseDrive & $caseDir
 		GUICtrlSetData($rootFolderField, $selectedDirectory)
 	EndIf
 	If  GUICtrlRead($algorithmComboBox) == $allAlgorithmNames[2] Then ;"One Data Source Per Folder"
@ -290,13 +310,15 @@ EndFunc   ;==>BrowseButton
 ; Open a file chooser
 Func BrowseForDataSourceFile()
    ; Note: At this point @GUI_CtrlId would equal $browseButton
-	GUICtrlSetState($browseButton, $GUI_DISABLE)	
+	GUICtrlSetState($browseButton, $GUI_DISABLE)
 	Local $selectedDataSource = FileOpenDialog("Select Data Source", $defaultDirectory, "All Supported Types (*.img; *.dd; *.001; *.aa; *.raw; *.bin; *.E01; *.vmdk; *.vhd) |Raw Images (*.img; *.dd; *.001; *.aa; *.raw; *.bin) |Encase Images (*.E01) |Virtual Machines (*.vmdk; *.vhd) |Logical Evidence File (*.L01) |All Files (*.*)", $FD_FILEMUSTEXIST)
 	Local $caseDir = ""
 	Local $caseDrive = ""
+	Local $fileName = ""
+	Local $fileExtension = ""
 	If (FileExists($selectedDataSource)) Then
-		_PathSplit ($selectedDataSource, $caseDrive, $caseDir, "", "")
-		$defaultDirectory  = $caseDrive & $caseDir 
+		_PathSplit ($selectedDataSource, $caseDrive, $caseDir, $fileName, $fileExtension)
+		$defaultDirectory  = $caseDrive & $caseDir
 		GUICtrlSetData($rootFolderField, $selectedDataSource)
 	EndIf
 	GUICtrlSetState($caseNameField, $GUI_FOCUS)
@ -313,11 +335,12 @@ EndFunc   ;==>GenerateManifestButton

 ;Get an array of settings as they are set on this panel
 Func GetSettings()
-	Local $settings[2]
+	Local $settings[3]
 	$settings[0] =  GUICtrlRead($rootFolderField)
 	$settings[1] = GUICtrlRead($caseNameField)
+	$settings[2] = GUICtrlRead($passwordField)
 	Return $settings
-EndFunc 
+EndFunc

 ;Close the tool
 Func CLOSEButton()
@ -329,4 +352,4 @@ Func CLOSEButton()
 		Exit
    EndIf
 	GUICtrlSetState($exitButton, $GUI_ENABLE)
-EndFunc   ;==>CLOSEButton 
+EndFunc   ;==>CLOSEButton
--- a/Tools/ManifestTool/ManifestTool.exe
+++ b/Tools/ManifestTool/ManifestTool.exe