How to use the turbinia.evidence function in turbinia
To help you get started, we’ve selected a few turbinia examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
google / turbinia / tests / evidence.py View on Github 
def testEvidenceSerializationNoTypeAttribute(self):
"""Test that evidence_decode throws error on dict with no type attribute."""
test = {1: 2, 3: 4}
self.assertRaises(TurbiniaException, evidence.evidence_decode, test)name=args.name, source_path=source_path, source=args.source)
elif args.command == 'compressedirectory':
archive.ValidateTarFile(args.source_path)
args.name = args.name if args.name else args.source_path
source_path = os.path.abspath(args.source_path)
evidence_ = evidence.CompressedDirectory(
name=args.name, source_path=source_path, source=args.source)
elif args.command == 'googleclouddisk':
args.name = args.name if args.name else args.disk_name
evidence_ = evidence.GoogleCloudDisk(
name=args.name, disk_name=args.disk_name, project=args.project,
mount_partition=args.mount_partition, zone=args.zone,
source=args.source)
elif args.command == 'googleclouddiskembedded':
args.name = args.name if args.name else args.disk_name
parent_evidence_ = evidence.GoogleCloudDisk(
name=args.name, disk_name=args.disk_name, project=args.project,
mount_partition=args.mount_partition, zone=args.zone,
source=args.source)
evidence_ = evidence.GoogleCloudDiskRawEmbedded(
name=args.name, disk_name=args.disk_name, project=args.project,
mount_partition=args.mount_partition, zone=args.zone,
embedded_path=args.embedded_path,
embedded_partition=args.embedded_mount_partition)
evidence_.parent_evidence = parent_evidence_
elif args.command == 'hindsight':
if args.format not in ['xlsx', 'sqlite', 'jsonl']:
log.error('Invalid output format.')
sys.exit(1)
if args.browser_type not in ['Chrome', 'Brave']:
log.error('Browser type not supported.')
sys.exit(1)if args.project and args.project != config.TURBINIA_PROJECT:
new_disk = libcloudforensics.create_disk_copy(
args.project, config.TURBINIA_PROJECT, None, config.TURBINIA_ZONE,
args.disk_name)
args.disk_name = new_disk.name
if args.copy_only:
log.info('--copy_only specified, so not processing with Turbinia')
sys.exit(0)
# Start Evidence configuration
evidence_ = None
if args.command == 'rawdisk':
args.name = args.name if args.name else args.source_path
source_path = os.path.abspath(args.source_path)
evidence_ = evidence.RawDisk(
name=args.name, source_path=source_path,
mount_partition=args.mount_partition, source=args.source)
elif args.command == 'apfs':
if not args.password and not args.recovery_key:
log.error('Neither recovery key nor password is specified.')
sys.exit(1)
args.name = args.name if args.name else args.source_path
source_path = os.path.abspath(args.source_path)
evidence_ = evidence.APFSEncryptedDisk(
name=args.name, source_path=source_path, recovery_key=args.recovery_key,
password=args.password, source=args.source)
elif args.command == 'bitlocker':
if not args.password and not args.recovery_key:
log.error('Neither recovery key nor password is specified.')
sys.exit(1)
args.name = args.name if args.name else args.source_pathevidence_ = evidence.GoogleCloudDiskRawEmbedded(
name=args.name, disk_name=args.disk_name, project=args.project,
mount_partition=args.mount_partition, zone=args.zone,
embedded_path=args.embedded_path,
embedded_partition=args.embedded_mount_partition)
evidence_.parent_evidence = parent_evidence_
elif args.command == 'hindsight':
if args.format not in ['xlsx', 'sqlite', 'jsonl']:
log.error('Invalid output format.')
sys.exit(1)
if args.browser_type not in ['Chrome', 'Brave']:
log.error('Browser type not supported.')
sys.exit(1)
args.name = args.name if args.name else args.source_path
source_path = os.path.abspath(args.source_path)
evidence_ = evidence.ChromiumProfile(
name=args.name, source_path=source_path, output_format=args.format,
browser_type=args.browser_type)
elif args.command == 'rawmemory':
args.name = args.name if args.name else args.source_path
source_path = os.path.abspath(args.source_path)
evidence_ = evidence.RawMemory(
name=args.name, source_path=source_path, profile=args.profile,
module_list=args.module_list)
elif args.command == 'psqworker':
# Set up root logger level which is normally set by the psqworker command
# which we are bypassing.
logger.setup()
worker = TurbiniaPsqWorker(
jobs_blacklist=args.jobs_blacklist, jobs_whitelist=args.jobs_whitelist)
worker.start()
elif args.command == 'celeryworker':# Start Evidence configuration
evidence_ = None
if args.command == 'rawdisk':
args.name = args.name if args.name else args.source_path
source_path = os.path.abspath(args.source_path)
evidence_ = evidence.RawDisk(
name=args.name, source_path=source_path,
mount_partition=args.mount_partition, source=args.source)
elif args.command == 'apfs':
if not args.password and not args.recovery_key:
log.error('Neither recovery key nor password is specified.')
sys.exit(1)
args.name = args.name if args.name else args.source_path
source_path = os.path.abspath(args.source_path)
evidence_ = evidence.APFSEncryptedDisk(
name=args.name, source_path=source_path, recovery_key=args.recovery_key,
password=args.password, source=args.source)
elif args.command == 'bitlocker':
if not args.password and not args.recovery_key:
log.error('Neither recovery key nor password is specified.')
sys.exit(1)
args.name = args.name if args.name else args.source_path
source_path = os.path.abspath(args.source_path)
evidence_ = evidence.BitlockerDisk(
name=args.name, source_path=source_path, recovery_key=args.recovery_key,
password=args.password, source=args.source)
elif args.command == 'directory':
args.name = args.name if args.name else args.source_path
source_path = os.path.abspath(args.source_path)
evidence_ = evidence.Directory(
name=args.name, source_path=source_path, source=args.source)"""Generates the Tasks to finalize the given request ID.
Args:
job (TurbiniaJob): The last Job that was run for this request.
"""
request_id = job.request_id
final_job = jobs_manager.JobsManager.GetJobInstance('FinalizeRequestJob')
final_job.request_id = request_id
final_job.evidence.config = job.evidence.config
log.debug(
'Request {0:s} done, but not finalized, creating FinalizeRequestJob '
'{1:s}'.format(request_id, final_job.id))
# Finalize tasks use EvidenceCollection with all evidence created by the
# request or job.
final_evidence = evidence.EvidenceCollection()
final_evidence.request_id = request_id
self.running_jobs.append(final_job)
# Gather evidence created by every Job in the request.
for running_job in self.running_jobs:
if running_job.request_id == request_id:
final_evidence.collection.extend(running_job.evidence.collection)
for finalize_task in final_job.create_tasks([final_evidence]):
self.add_task(finalize_task, final_job, final_evidence)turbinia
Automation and Scaling of Digital Forensics Tools
Package Health Score
84 / 100Popular turbinia functions
- turbinia.client.TurbiniaStats
- turbinia.config
- turbinia.config.LoadConfig
- turbinia.config.TURBINIA_PROJECT
- turbinia.evidence
- turbinia.evidence.Evidence
- turbinia.evidence.GoogleCloudDisk
- turbinia.evidence.RawDisk
- turbinia.evidence.ReportText
- turbinia.jobs.interface.TurbiniaJob
- turbinia.jobs.manager
- turbinia.jobs.manager.JobsManager
- turbinia.jobs.manager.JobsManager.RegisterJob
- turbinia.lib.text_formatter
- turbinia.lib.text_formatter.bold
- turbinia.lib.text_formatter.bullet
- turbinia.lib.text_formatter.heading4
- turbinia.message.TurbiniaRequest
- turbinia.TurbiniaException
- turbinia.workers.TurbiniaTask