Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
S
Sleuthkit
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Requirements
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Test cases
Artifacts
Deploy
Releases
Package registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
IRT
Sleuthkit
Commits
e3be0f4b
Commit
e3be0f4b
authored
6 years ago
by
U-BASIS\dsmyda
Browse files
Options
Downloads
Patches
Plain Diff
Added SHA1 information in EWF images to the database.
parent
0931e420
No related branches found
No related tags found
No related merge requests found
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
tsk/auto/auto_db.cpp
+5
-1
5 additions, 1 deletion
tsk/auto/auto_db.cpp
tsk/img/ewf.c
+23
-0
23 additions, 0 deletions
tsk/img/ewf.c
tsk/img/ewf.h
+2
-0
2 additions, 0 deletions
tsk/img/ewf.h
with
30 additions
and
1 deletion
tsk/auto/auto_db.cpp
100644 → 100755
+
5
−
1
View file @
e3be0f4b
...
...
@@ -208,6 +208,7 @@ uint8_t
TskAutoDb
::
addImageDetails
(
const
char
*
deviceId
)
{
string
md5
=
""
;
string
sha1
=
""
;
#if HAVE_LIBEWF
if
(
m_img_info
->
itype
==
TSK_IMG_TYPE_EWF_EWF
)
{
// @@@ This should really probably be inside of a tsk_img_ method
...
...
@@ -215,6 +216,9 @@ TskAutoDb::addImageDetails(const char* deviceId)
if
(
ewf_info
->
md5hash_isset
)
{
md5
=
ewf_info
->
md5hash
;
}
if
(
ewf_info
->
sha1hash_isset
)
{
sha1
=
ewf_info
->
sha1hash
;
}
}
#endif
...
...
@@ -225,7 +229,7 @@ TskAutoDb::addImageDetails(const char* deviceId)
devId
=
""
;
}
if
(
m_db
->
addImageInfo
(
m_img_info
->
itype
,
m_img_info
->
sector_size
,
m_curImgId
,
m_curImgTZone
,
m_img_info
->
size
,
md5
,
""
,
""
,
devId
))
{
m_curImgId
,
m_curImgTZone
,
m_img_info
->
size
,
md5
,
sha1
,
""
,
devId
))
{
registerError
();
return
1
;
}
...
...
This diff is collapsed.
Click to expand it.
tsk/img/ewf.c
100644 → 100755
+
23
−
0
View file @
e3be0f4b
...
...
@@ -406,6 +406,29 @@ ewf_open(int a_num_img,
}
ewf_info
->
md5hash_isset
=
result
;
int
sha1_result
=
libewf_handle_get_hash_value_sha1
(
ewf_info
->
handle
,
(
uint8_t
*
)
ewf_info
->
sha1hash
,
41
,
&
ewf_error
);
if
(
sha1_result
==
-
1
)
{
tsk_error_reset
();
tsk_error_set_errno
(
TSK_ERR_IMG_OPEN
);
getError
(
ewf_error
,
error_string
);
tsk_error_set_errstr
(
"ewf_open file: %"
PRIttocTSK
": Error getting MD5 of image (%s)"
,
a_images
[
0
],
error_string
);
libewf_error_free
(
&
ewf_error
);
tsk_img_free
(
ewf_info
);
if
(
tsk_verbose
!=
0
)
{
tsk_fprintf
(
stderr
,
"Error getting size of EWF file
\n
"
);
}
return
(
NULL
);
}
ewf_info
->
sha1hash_isset
=
result
;
#else // V1 API
// Check the file signature before we call the library open
...
...
This diff is collapsed.
Click to expand it.
tsk/img/ewf.h
100644 → 100755
+
2
−
0
View file @
e3be0f4b
...
...
@@ -38,6 +38,8 @@ extern "C" {
libewf_handle_t
*
handle
;
char
md5hash
[
33
];
int
md5hash_isset
;
char
sha1hash
[
41
];
int
sha1hash_isset
;
uint8_t
used_ewf_glob
;
// 1 if libewf_glob was used during open
tsk_lock_t
read_lock
;
///< Lock for reads since libewf is not thread safe -- only works if you have a single instance of EWF_INFO for all threads.
}
IMG_EWF_INFO
;
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment