$RunnableAdapter.call(Executors.java:511) DataSourceIngestTask.execute(DataSourceIngestTask.java:30) IngestJobPipeline.process(IngestJobPipeline.java:943) DataSourceIngestPipeline.process(DataSourceIngestPipeline.java:111) DataSourceIngestPipeline$PipelineModule.process(DataSourceIngestPipeline.java:198) _Bin$RecBin2IngestModule$569.process(Unknown Source) Java.io.FileNotFoundException: java.io.FileNotFoundException: C:\Users\forensics\Downloads\Case Registry Testing\Temp\recyclebin\NTUSER.DAT (The requested operation cannot be performed on a file with a user-mapped section open) SEVERE: Recycle Bin Module experienced an error during analysis (data source = nps-2009-domexusers.E01, objId = 1, pipeline id = 1, ingest job id = 9)Īt java.io.FileOutputStream.open0(Native Method)Īt java.io.FileOutputStream.open(FileOutputStream.java:270)Īt java.io.FileOutputStream.(FileOutputStream.java:213)Īt .ContentUtils.writeToFile(ContentUtils.java:218)Īt .ContentUtils.writeToFile(ContentUtils.java:254)Īt 0(Native Method)Īt (NativeMethodAccessorImpl.java:62)Īt (DelegatingMethodAccessorImpl.java:43)Īt .invoke(Method.java:498) When key not found, I am getting below error in next loop. ![]() Since I put this 4 lines in try and except I am getting this error below that’s the code Self.log(Level.INFO, "Current Key is => " + str(currentKey))īytes = for i in range(0, len(bytes), 2)]īytes = (''.join(filter(lambda a: a !='00', bytes))) Self.log(Level.INFO, "Key value is => " + key) IngestServices.getInstance().postMessage(message)ĭef findRegistryKey(self, registryHiveFile, registryKey): "RecycleBin", " Recycle Bin Files Have Been Analyzed " ) Self.log(Level.INFO, "removal of directory tree failed " + temp_dir) Self.log(Level.INFO, "Skipping File " + file.getName() + " In Path " + file.getParentPath()) Message3 = IngestMessage.createMessage(, "Key Found", str(currentKey), str(currentKey)) Message2 = IngestMessage.createMessage(, "files found", str(numFiles), str(numFiles)) Self.log(Level.INFO, "Number of Files found => " + str(numFiles)) Self.log(Level.INFO, "recyclebin Directory already exists " + temp_dir)įiles = fileManager.findFiles(dataSource, "ntuser.dat", "") Self.log(Level.INFO, "create Directory " + temp_dir) Temp_dir = os.path.join(Temp_Dir, "recyclebin") Temp_Dir = Case.getCurrentCase().getTempDirectory() SkCase = Case.getCurrentCase().getSleuthkitCase() įileManager = Case.getCurrentCase().getServices().getFileManager() Self.registryKeyToFind = 'HKLM\System\MountedDevices'ĭef process(self, dataSource, progressBar): Self._logger.logp(level, self._class_._name_, inspect.stack(), msg) ![]() ![]() _logger = Logger.getLogger(RecBin2IngestModuleFactory.moduleName) Return RecBin2IngestModule(ttings)Ĭlass RecBin2IngestModule(DataSourceIngestModule): Return "Parse Recycle Bin Information for Vista and beyond"ĭef isDataSourceIngestModuleFactory(self):ĭef createDataSourceIngestModule(self, ingestOptions): class RecBin2IngestModuleFactory(IngestModuleFactoryAdapter): I want to find registry for key HKLM\System\MountedDevices ( currently only this key, but the list of keys will be 1000 …i am just trying one key for now). However the issue is i am getting 0 files for ntuser.dat ? Also please check below for my logic. IngestServices.getInstance().postMessage(message3) Message3 = IngestMessage.createMessage(, “Key Found”, str(currentKey), str(currentKey)) SamRegFile = RegistryHiveFile(File(lclDbPath))ĬurrentKey = self.findRegistryKey(samRegFile, self.registryKeyToFind) LclDbPath = os.path.join(temp_dir, file.getName())ĬontentUtils.writeToFile(file, File(lclDbPath)) I am trying to do, based on what you have done in recycle bin moduleįiles = fileManager.findFiles(dataSource, “ntuser.dat”, “”) The whole code i am trying is below quoted.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |