Merge branch 'develop' of github.com:sleuthkit/sleuthkit into develop

9fb87b80 · esaunders · 49a42fb5 · a8607c11 · 9fb87b80 · 9fb87b80
Commit 9fb87b80 authored 5 years ago by esaunders
--- a/tools/logicalimager/LogicalImagerPathRule.cpp
+++ b/tools/logicalimager/LogicalImagerPathRule.cpp
@@ -19,11 +19,6 @@
 static char *userFolderRegex = "/?(documents and settings|users|home)/[^/]+";
 static std::string lowerCaseUserFolder;

-bool endsWith(const std::string &str, const std::string &suffix) {
-    return str.size() >= suffix.size() &&
-        str.compare(str.size() - suffix.size(), suffix.size(), suffix) == 0;
-}
-
 /*
 * Construct a path rule.
 *
@@ -47,7 +42,7 @@ LogicalImagerPathRule::LogicalImagerPathRule(const std::set<std::string> &paths)
            // special case, add to regex
            std::string newPattern(lowerCasePath);
            newPattern.replace(newPattern.find(lowerCaseUserFolder), lowerCaseUserFolder.length(), userFolderRegex);
-            if (endsWith(lowerCasePath, "/")) {
+            if (TskHelper::endsWith(lowerCasePath, "/")) {
                newPattern.append(".*");
            } else {
                newPattern.append("/.*");

--- a/tools/logicalimager/TskHelper.cpp
+++ b/tools/logicalimager/TskHelper.cpp
@@ -156,6 +156,14 @@ bool TskHelper::startsWith(const std::string &bigStr, const std::string &lilStr)
        && equal(lilStr.begin(), lilStr.end(), bigStr.begin());
 }

+/*
+* Check if the string str ends with suffix
+*/
+bool TskHelper::endsWith(const std::string &str, const std::string &suffix) {
+    return str.size() >= suffix.size() &&
+        str.compare(str.size() - suffix.size(), suffix.size(), suffix) == 0;
+}
+
 /**
 * \ingroup fslib
 *

--- a/tools/logicalimager/TskHelper.h
+++ b/tools/logicalimager/TskHelper.h
@@ -81,6 +81,7 @@ class TskHelper {
    static std::string toNarrow(const std::wstring& a_utf16Str);
    static std::wstring toWide(const std::string& a_utf8Str);
    static bool startsWith(const std::string &bigStr, const std::string &lilStr);
+    static bool endsWith(const std::string &str, const std::string &suffix);
    static std::string intToStr(long l);
    static std::string intToStr(size_t l);
    static void replaceAll(std::string& str, const std::string& from, const std::string& to);

--- a/tools/logicalimager/tsk_logical_imager.cpp
+++ b/tools/logicalimager/tsk_logical_imager.cpp
@@ -562,10 +562,16 @@ main(int argc, char **argv1)
        ReportUtil::consoleOutput(stdout, "%s - Searching for registry\n", driveToProcess.c_str());
        SetConsoleTitleA(std::string("Analyzing drive " + driveToProcess + " - Searching for registry").c_str());

-        string usersFileName = directoryPath + "/users.txt";
+        std::string prefix;
+        if (iFlagUsed) {
+            prefix = "sparse_image";
+        } else {
+            prefix = driveToProcess;
+        }
+        std::string userFilename = directoryPath + "/" + prefix + "_users.txt";

        // Enumerate Users with RegistryAnalyzer
-        RegistryAnalyzer registryAnalyzer(usersFileName);
+        RegistryAnalyzer registryAnalyzer(userFilename);
        registryAnalyzer.analyzeSAMUsers();

        TskHelper::getInstance().reset();