Nothing Special   »   [go: up one dir, main page]

Skip to content

4n6ir/getblocks

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

getblocks

NORMALIZATION

Clean data is mission-critical for collecting operating system artifacts, especially with user home directories.

APPLE, LINUX, & UNIX

    if path[:1] == '/':
        out = path.split('/')
        try:
            if out[1] == 'home':
                out[2] = 'user'
                path = '/'.join(out)
            elif out[1] == 'Users':
                if out[2] != 'Shared':
                    out[2] = 'user'
                    path = '/'.join(out)
        except:
            pass

MICROSOFT WINDOWS

    elif path[1] == ':':
        out = path.split('\\')
        try:
            if out[1] == 'Users' or out[1] == 'Documents and Settings':
                if out[2] != 'Default' and out[2] != 'Public' and out[2] != 'All Users' and out[2] != 'Default User':
                    out[0] = 'C:'
                    out[2] = 'Administrator'
                    path = '\\'.join(out)
        except:
            pass

CAPTURED DATA

  1. ami
  2. path
  3. file
  4. size
  5. md5
  6. sha256
  7. b3
  8. md5path
  9. sha256path
  10. b3path
  11. md5dir
  12. sha256dir
  13. b3dir
  14. md5name
  15. sha256name
  16. b3name
  17. type
  18. entropy
  19. block
  20. location

REQUIREMENTS

curl https://sh.rustup.rs -sSf | sh -s -- -y
source "$HOME/.cargo/env"

INSTALLATION

pip install getblocks

DEVELOPMENT

python setup.py install --user

META INFORMATION

Meta Information