?? sorter.base
字號:
} foreach my $cat (keys %cat_handle) { if ($HTML == 1) { my $tmphandle = $cat_handle{$cat}; print $tmphandle "</BODY></HTML>\n"; } close($cat_handle{$cat}); unlink "${DIR}/${cat}${EXT}" if ($output_used{$cat} == 0); if (($cat eq "images") && ($SAVE == 1) && ($HTML == 1)) { print IMG_INDEX "</UL>\n</HTML>\n"; close(IMG_INDEX); } } }}sub check_execs { unless (-e "$SK_FLS") { print "Missing Sleuth Kit fls executable: $SK_FLS\n"; exit(1); } unless (-e "$SK_FILE") { print "Missing file executable: $SK_FILE\n"; exit(1); } unless (-e "$SK_ICAT") { print "Missing Sleuth Kit icat executable: $SK_ICAT\n"; exit(1); } unless (-e "$SK_HFIND") { print "Missing Sleuth Kit hfind executable: $SK_HFIND\n"; exit(1); } unless (-e "$SK_IMGSTAT") { print "Missing Sleuth Kit img_stat executable: $SK_IMGSTAT\n"; exit(1); } if ($DO_SHA1 == 1) { unless (-e "$SK_SHA1") { print "Missing sha1 executable: $SK_SHA1\n"; exit(1); } } if ($DO_MD5 == 1) { unless (-e "$SK_MD5") { print "Missing md5 executable: $SK_MD5\n"; exit(1); } }}# Set the $PLATFORM value from $FSTYPEsub set_platform { if ( ($FSTYPE eq "-f ntfs") || ($FSTYPE eq "-f fat") || ($FSTYPE eq "-f fat32") || ($FSTYPE eq "-f fat16") || ($FSTYPE eq "-f fat12")) { $PLATFORM = "windows"; } elsif ($FSTYPE eq "-f solaris") { $PLATFORM = "solaris"; } elsif ($FSTYPE eq "-f openbsd") { $PLATFORM = "openbsd"; } elsif ($FSTYPE eq "-f freebsd") { $PLATFORM = "freebsd"; } # Use freebsd as a default for UFS elsif ($FSTYPE eq "-f ufs") { $PLATFORM = "freebsd"; } elsif (($FSTYPE eq "-f linux-ext2") || ($FSTYPE eq "-f linux-ext3") || ($FSTYPE eq "-f ext")) { $PLATFORM = "linux"; } else { print "Unknown file system type: $FSTYPE\n"; exit(1); } print "Platform set to: $PLATFORM\n" if ($VERBOSE);}sub check_args { # Sanity check the arguments if ("$IMGTYPE" eq "") { # Test that autodetect works my $out = `\"$SK_IMGSTAT\" -t $IMG`; if ($out =~ /^(\w+)$/) { $IMGTYPE = "-i $1"; } else { print "Missing image file type (and autodetect is not working)\n"; usage(); } } if ("$FSTYPE" eq "") { # Test that autodetect works my $out = `\"$SK_FSSTAT\" $IMGTYPE -o $IMGOFF -t $IMG`; if ($out =~ /^([\w\-]+)$/) { $FSTYPE = "-f $1"; } else { print "Missing file system type (and autodetect is not working)\n"; usage(); } } else { my $out = `\"$SK_FSSTAT\" $IMGTYPE -o $IMGOFF $FSTYPE -t $IMG`; unless ($out =~ /^([\w\d\-]+)$/) { print "Incorrect file system type ($FSTYPE)\n"; exit(1); } } if (("$DIR" eq "") && ($LIST == 0)) { print "Missing directory location\n"; usage(); } elsif (("$DIR" ne "") && ($LIST == 1)) { print "Directory (-d) and List (-l) flags cannot be used together\n"; usage(); } elsif (($SAVE == 1) && ($LIST == 1)) { print "Save Files (-s) and List (-l) flags cannot be used together\n"; usage(); }}# Print a summary of results to the screensub print_summary { if ($HTML == 1) { print_index(); return; } my $str = ""; $str .= "Images\n" . $img_str . ${NL}; $str .= "Files (" . ($alloc_cnt) . ")\n\n"; $str .= "Files Skipped (" . ($dirskip_cnt + $ignore_cnt) . ")\n" . "- Non-Files ($dirskip_cnt)\n" . "- 'ignore' category ($ignore_cnt)\n\n"; if (("$EXCLUDE_DB" ne "") || ("$NSRL" ne "") || ("$ALERT_DB" ne "")) { $str .= "Hash Databases\n"; if ("$ALERT_DB" ne "") { $str .= "- Hash Database Alerts" . " ($alert_cnt)\n"; } if (("$EXCLUDE_DB" ne "") || ("$NSRL" ne "")) { $str .= "- Hash Database Exclusions ($excl_cnt)\n"; } $str .= "\n"; } if ($DO_EXT == 1) { $str .= "Extensions\n"; $str .= "- Extension Mismatches" . " ($mis_cnt)\n"; if (("$EXCLUDE_DB" ne "") || ("$NSRL" ne "")) { $str .="- Hash Database Exclusions with Extension Mismatch ($exclmis_cnt)\n"; } $str .= "\n"; } if ($DO_INDEX == 1) { my $tot = 0; my $str2 = ""; foreach my $cat (sort { lc($a) cmp lc($b) } keys %output_used) { $str2 .= "- $cat ($output_used{$cat})\n"; $tot += $output_used{$cat}; } $str .= "Categories ($tot)\n" . $str2 . "\n"; } if ($LIST == 1) { print "\n--------------------------------------------------\n" . $str; } else { open(SUM, ">${DIR}/${SUMMARY_NAME}") or die "Can't open ${SUMMARY_NAME}"; print SUM $str; close(SUM); } return;}# index.html file with links to specific sectionssub print_index { return if (($HTML == 0) || ($LIST == 1)); open(INDEX, ">${DIR}/index.html") or die "Can't open index.html"; print INDEX "<HTML><HEAD><TITLE>sorter output</TITLE>" . "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\"></HEAD>\n" . "<BODY>" . "<CENTER><H2>sorter output</H2></CENTER>\n" . "<P><B>Images</B><BR>" . "<UL>$img_str</UL>\n" . "<P><B>Files</B> (" . ($alloc_cnt) . ")\n" . "<P><B>Files Skipped</B> (" . ($dirskip_cnt + $ignore_cnt) . ")\n<UL>\n" . " <LI>Non-Files ($dirskip_cnt)\n" . " <LI>'ignore' category ($ignore_cnt)\n" . "</UL>\n"; if (("$EXCLUDE_DB" ne "") || ("$NSRL" ne "") || ("$ALERT_DB" ne "")) { print INDEX "<P><B>Hash Databases</B>\n<UL>\n"; } if ("$ALERT_DB" ne "") { if ($alert_cnt > 0) { print INDEX "<LI><A HREF=\"./${ALERT_NAME}${EXT}\">" . "Hash Database Alerts</A> ($alert_cnt)\n"; } else { print INDEX "<LI>Hash Database Alerts" . " ($alert_cnt)\n"; } } if (("$EXCLUDE_DB" ne "") || ("$NSRL" ne "")) { if ($excl_cnt > 0) { print INDEX "<LI><A HREF=\"./${EXCLUDE_NAME}${EXT}\">" . "Hash Database Exclusions</A> ($excl_cnt)\n"; } else { print INDEX "<LI>Hash Database Exclusions ($excl_cnt)\n"; } } if (("$EXCLUDE_DB" ne "") || ("$NSRL" ne "") || ("$ALERT_DB" ne "")) { print INDEX "</UL>\n"; } if ($DO_EXT == 1) { print INDEX "<P><B>Extensions</B>\n<UL>\n"; if ($mis_cnt > 0) { print INDEX "<LI><A HREF=\"./${MIS_NAME}${EXT}\">" . "Extension Mismatches</A>" . " ($mis_cnt)\n"; } else { print INDEX "<LI>Extension Mismatches" . " ($mis_cnt)\n"; } if (("$EXCLUDE_DB" ne "") || ("$NSRL" ne "")) { if ($exclmis_cnt > 0) { print INDEX "<LI><A HREF=\"./${EXCLUDEMIS_NAME}${EXT}\">" . "Hash Database Exclusions with Extension Mismatch</A> ($exclmis_cnt)\n"; } else { print INDEX"<LI>Hash Database Exclusions with Extension Mismatch ($exclmis_cnt)\n"; } } print INDEX "</UL>\n"; } if ($DO_INDEX == 1) { my $str = "<UL>\n"; my $tot = 0; foreach my $cat (sort { lc($a) cmp lc($b) } keys %output_used) { # Print no link if there were no files or we are not saving # the unknown files if ( ($output_used{$cat} == 0) || (($cat eq $UNK_NAME) && ($DO_UNKNOWN == 0))) { $str .= " <LI>$cat ($output_used{$cat})\n"; } else { $str .= " <LI><A HREF=\"./${cat}${EXT}\">" . "$cat</A> ($output_used{$cat})\n"; } # Note that an Autopsy regexp that removes the link # may need to be changed if this line is changed $str .= " (<A HREF=\"./images/index.html\">thumbnails</A>)\n" if (($cat eq 'images') && ($img_cnt > 0)); $tot += $output_used{$cat}; } print INDEX "<P><B>Categories</B> ($tot)\n" . $str . "</UL>\n"; } close(INDEX); return;}sub print_thumb_footer { return if (($HTML == 0) || ($LIST == 1)); my $close_page; # Get the location of the page that we are closing if (($img_cnt % $IMG_PAGE) == 0) { # We are closing a page because we hit the limit $close_page = ($img_cnt - 1) / $IMG_PAGE + 1; } else { # we are closing the page because we are done $close_page = ($img_cnt) / $IMG_PAGE + 1; } # This could be called to close off the final file, so check if # we need to finish off the last row print IMG_THUMB "</TR>\n" unless (($img_cnt % 4) == 0); print IMG_THUMB "</TABLE>\n"; # Print a previous unless we are closing page 1 unless ($close_page == 1) { my $tmp = $close_page - 1; print IMG_THUMB "<A HREF=./thumbs-${tmp}.html>previous $IMG_PAGE</A> \n"; } print IMG_THUMB "<A HREF=./index.html>Main Index</A> \n"; # only do next if we are making a new page next if (($img_cnt % $IMG_PAGE) == 0) { my $tmp = $close_page + 1; print IMG_THUMB "<A HREF=./thumbs-${tmp}.html>next $IMG_PAGE</A>\n"; } print IMG_THUMB "</BODY></HTML>"; close IMG_THUMB;}# Arguments: Saved name and pathsub print_thumb { return if (($HTML == 0) || ($LIST == 1)); my $save_name = shift; my $path = shift; # A new page is required # $IMG_PAGE per page if (($img_cnt % $IMG_PAGE) == 0) { my $page = $img_cnt / $IMG_PAGE + 1; # Close off the current one - if there is one if ($img_cnt != 0) { print_thumb_footer(); } open(IMG_THUMB, ">${DIR}/images/thumbs-" . $page . ".html") or die "Can't open ${DIR}/images/thumbs-" . $page . ".html"; print IMG_THUMB "<HTML><HEAD>\n" . "<TITLE>Image Thumbnails - Page $page</TITLE>" . "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\"></HEAD>\n" . "<BODY>\n" . "<CENTER><H2>Image Thumbnails - Page $page</H2>\n<P>" . "<TABLE WIDTH=630 CELLSPACING=5 CELLPADDING=0 BORDER=0>\n" . "<TR><TD></TD><TD ALIGN=CENTER>A</TD><TD ALIGN=CENTER>B</TD>" . "<TD ALIGN=CENTER>C</TD><TD ALIGN=CENTER>D</TD></TR>\n"; # Add to the main index print IMG_INDEX "<LI><A HREF=\"./thumbs-${page}.html\">Page $page</A></LI>\n"; } # A new row if (($img_cnt % 4) == 0) { my $row = (($img_cnt % 100) / 4) + 1; print IMG_THUMB "<TR>\n <TD>$row</TD>\n"; } my $img_shrt = $path; $img_shrt = substr($path, rindex($path, '/') + 1) if ($path =~ /\//); print IMG_THUMB " <TD WIDTH=150>" . "<A HREF=\"./$save_name\" TARGET=_blank>" . "<IMG SRC=\"./$save_name\" " . "WIDTH=150 HEIGHT=150 ALT=\"$img_shrt\"></A><BR>" . "$img_shrt<BR>" . "<A HREF=\"../images.html#${save_name}\" TARGET=\"_blank\">details</A>" . "</TD>\n"; $img_cnt++; # Ending a row print IMG_THUMB "</TR>\n" if (($img_cnt % 4) == 0); return;}?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -