Created section 6
This commit is contained in:
		
							parent
							
								
									8f28036f3e
								
							
						
					
					
						commit
						3fe34bd613
					
				|  | @ -1,4 +1,4 @@ | ||||||
| # Sphinx build info version 1 | # Sphinx build info version 1 | ||||||
| # This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done. | # This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done. | ||||||
| config: 3d75c43fddb36f788157bf623c0e7c72 | config: 0fd78b0e82109c48196c34369f16014f | ||||||
| tags: 645f666f9bcd5a90fca523b33c5a78b7 | tags: 645f666f9bcd5a90fca523b33c5a78b7 | ||||||
|  |  | ||||||
|  | @ -16,6 +16,7 @@ A guide for developing Python scripts in DFIR | ||||||
|    section1 |    section1 | ||||||
|    section2 |    section2 | ||||||
|    section3 |    section3 | ||||||
|  |    section6 | ||||||
| 
 | 
 | ||||||
| Handbook Sections | Handbook Sections | ||||||
| ============================== | ============================== | ||||||
|  |  | ||||||
|  | @ -0,0 +1,17 @@ | ||||||
|  | Section 6 - Sqlite & MacOS/Mobile/Browsers | ||||||
|  | ========================================== | ||||||
|  | .. toctree:: | ||||||
|  |    :maxdepth: 2 | ||||||
|  |    :caption: Contents: | ||||||
|  | 
 | ||||||
|  | Section 6.1 - Opening Sqlite | ||||||
|  | -------------------------------- | ||||||
|  | .. automodule:: sections.section_06.opening_sqlite | ||||||
|  |    :members: | ||||||
|  | 
 | ||||||
|  | Indices and tables | ||||||
|  | -------------------------------- | ||||||
|  | 
 | ||||||
|  | * :ref:`genindex` | ||||||
|  | * :ref:`modindex` | ||||||
|  | * :ref:`search` | ||||||
|  | @ -99,6 +99,7 @@ | ||||||
| <li class="toctree-l1"><a class="reference internal" href="section1.html">Section 1 - Essential Scripts</a></li> | <li class="toctree-l1"><a class="reference internal" href="section1.html">Section 1 - Essential Scripts</a></li> | ||||||
| <li class="toctree-l1"><a class="reference internal" href="section2.html">Section 2 - Registry Parsing</a></li> | <li class="toctree-l1"><a class="reference internal" href="section2.html">Section 2 - Registry Parsing</a></li> | ||||||
| <li class="toctree-l1"><a class="reference internal" href="section3.html">Section 3 - Windows Event Log Parsing</a></li> | <li class="toctree-l1"><a class="reference internal" href="section3.html">Section 3 - Windows Event Log Parsing</a></li> | ||||||
|  | <li class="toctree-l1"><a class="reference internal" href="section6.html">Section 6 - Sqlite & MacOS/Mobile/Browsers</a></li> | ||||||
| </ul> | </ul> | ||||||
| 
 | 
 | ||||||
|              |              | ||||||
|  | @ -255,6 +256,8 @@ | ||||||
|       <li><a href="section2.html#module-sections.section_02.yarp_ntuser">sections.section_02.yarp_ntuser (module)</a> |       <li><a href="section2.html#module-sections.section_02.yarp_ntuser">sections.section_02.yarp_ntuser (module)</a> | ||||||
| </li> | </li> | ||||||
|       <li><a href="section3.html#module-sections.section_03.open_evtx">sections.section_03.open_evtx (module)</a> |       <li><a href="section3.html#module-sections.section_03.open_evtx">sections.section_03.open_evtx (module)</a> | ||||||
|  | </li> | ||||||
|  |       <li><a href="section6.html#module-sections.section_06.opening_sqlite">sections.section_06.opening_sqlite (module)</a> | ||||||
| </li> | </li> | ||||||
|       <li><a href="section1.html#sections.section_01.logging_example.setup_logging">setup_logging() (in module sections.section_01.logging_example)</a> |       <li><a href="section1.html#sections.section_01.logging_example.setup_logging">setup_logging() (in module sections.section_01.logging_example)</a> | ||||||
| </li> | </li> | ||||||
|  |  | ||||||
|  | @ -99,6 +99,7 @@ | ||||||
| <li class="toctree-l1"><a class="reference internal" href="section1.html">Section 1 - Essential Scripts</a></li> | <li class="toctree-l1"><a class="reference internal" href="section1.html">Section 1 - Essential Scripts</a></li> | ||||||
| <li class="toctree-l1"><a class="reference internal" href="section2.html">Section 2 - Registry Parsing</a></li> | <li class="toctree-l1"><a class="reference internal" href="section2.html">Section 2 - Registry Parsing</a></li> | ||||||
| <li class="toctree-l1"><a class="reference internal" href="section3.html">Section 3 - Windows Event Log Parsing</a></li> | <li class="toctree-l1"><a class="reference internal" href="section3.html">Section 3 - Windows Event Log Parsing</a></li> | ||||||
|  | <li class="toctree-l1"><a class="reference internal" href="section6.html">Section 6 - Sqlite & MacOS/Mobile/Browsers</a></li> | ||||||
| </ul> | </ul> | ||||||
| 
 | 
 | ||||||
|              |              | ||||||
|  | @ -173,6 +174,7 @@ | ||||||
| <li class="toctree-l1"><a class="reference internal" href="section1.html">Section 1 - Essential Scripts</a></li> | <li class="toctree-l1"><a class="reference internal" href="section1.html">Section 1 - Essential Scripts</a></li> | ||||||
| <li class="toctree-l1"><a class="reference internal" href="section2.html">Section 2 - Registry Parsing</a></li> | <li class="toctree-l1"><a class="reference internal" href="section2.html">Section 2 - Registry Parsing</a></li> | ||||||
| <li class="toctree-l1"><a class="reference internal" href="section3.html">Section 3 - Windows Event Log Parsing</a></li> | <li class="toctree-l1"><a class="reference internal" href="section3.html">Section 3 - Windows Event Log Parsing</a></li> | ||||||
|  | <li class="toctree-l1"><a class="reference internal" href="section6.html">Section 6 - Sqlite & MacOS/Mobile/Browsers</a></li> | ||||||
| </ul> | </ul> | ||||||
| </div> | </div> | ||||||
| </div> | </div> | ||||||
|  |  | ||||||
							
								
								
									
										
											BIN
										
									
								
								docs/objects.inv
								
								
								
								
							
							
						
						
									
										
											BIN
										
									
								
								docs/objects.inv
								
								
								
								
							
										
											Binary file not shown.
										
									
								
							|  | @ -101,6 +101,7 @@ | ||||||
| <li class="toctree-l1"><a class="reference internal" href="section1.html">Section 1 - Essential Scripts</a></li> | <li class="toctree-l1"><a class="reference internal" href="section1.html">Section 1 - Essential Scripts</a></li> | ||||||
| <li class="toctree-l1"><a class="reference internal" href="section2.html">Section 2 - Registry Parsing</a></li> | <li class="toctree-l1"><a class="reference internal" href="section2.html">Section 2 - Registry Parsing</a></li> | ||||||
| <li class="toctree-l1"><a class="reference internal" href="section3.html">Section 3 - Windows Event Log Parsing</a></li> | <li class="toctree-l1"><a class="reference internal" href="section3.html">Section 3 - Windows Event Log Parsing</a></li> | ||||||
|  | <li class="toctree-l1"><a class="reference internal" href="section6.html">Section 6 - Sqlite & MacOS/Mobile/Browsers</a></li> | ||||||
| </ul> | </ul> | ||||||
| 
 | 
 | ||||||
|              |              | ||||||
|  | @ -224,6 +225,11 @@ | ||||||
|        <td>    |        <td>    | ||||||
|        <a href="section3.html#module-sections.section_03.open_evtx"><code class="xref">sections.section_03.open_evtx</code></a></td><td> |        <a href="section3.html#module-sections.section_03.open_evtx"><code class="xref">sections.section_03.open_evtx</code></a></td><td> | ||||||
|        <em></em></td></tr> |        <em></em></td></tr> | ||||||
|  |      <tr class="cg-2"> | ||||||
|  |        <td></td> | ||||||
|  |        <td>    | ||||||
|  |        <a href="section6.html#module-sections.section_06.opening_sqlite"><code class="xref">sections.section_06.opening_sqlite</code></a></td><td> | ||||||
|  |        <em></em></td></tr> | ||||||
|    </table> |    </table> | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -99,6 +99,7 @@ | ||||||
| <li class="toctree-l1"><a class="reference internal" href="section1.html">Section 1 - Essential Scripts</a></li> | <li class="toctree-l1"><a class="reference internal" href="section1.html">Section 1 - Essential Scripts</a></li> | ||||||
| <li class="toctree-l1"><a class="reference internal" href="section2.html">Section 2 - Registry Parsing</a></li> | <li class="toctree-l1"><a class="reference internal" href="section2.html">Section 2 - Registry Parsing</a></li> | ||||||
| <li class="toctree-l1"><a class="reference internal" href="section3.html">Section 3 - Windows Event Log Parsing</a></li> | <li class="toctree-l1"><a class="reference internal" href="section3.html">Section 3 - Windows Event Log Parsing</a></li> | ||||||
|  | <li class="toctree-l1"><a class="reference internal" href="section6.html">Section 6 - Sqlite & MacOS/Mobile/Browsers</a></li> | ||||||
| </ul> | </ul> | ||||||
| 
 | 
 | ||||||
|              |              | ||||||
|  |  | ||||||
										
											
												File diff suppressed because one or more lines are too long
											
										
									
								
							|  | @ -0,0 +1,276 @@ | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | <!DOCTYPE html> | ||||||
|  | <!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]--> | ||||||
|  | <!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]--> | ||||||
|  | <head> | ||||||
|  |   <meta charset="utf-8"> | ||||||
|  |    | ||||||
|  |   <meta name="viewport" content="width=device-width, initial-scale=1.0"> | ||||||
|  |    | ||||||
|  |   <title>Section 6 - Sqlite & MacOS/Mobile/Browsers — Python Forensics Handbook 20191126 documentation</title> | ||||||
|  |    | ||||||
|  | 
 | ||||||
|  |    | ||||||
|  |    | ||||||
|  |    | ||||||
|  |    | ||||||
|  | 
 | ||||||
|  |    | ||||||
|  |   <script type="text/javascript" src="_static/js/modernizr.min.js"></script> | ||||||
|  |    | ||||||
|  |      | ||||||
|  |       <script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script> | ||||||
|  |         <script type="text/javascript" src="_static/jquery.js"></script> | ||||||
|  |         <script type="text/javascript" src="_static/underscore.js"></script> | ||||||
|  |         <script type="text/javascript" src="_static/doctools.js"></script> | ||||||
|  |         <script type="text/javascript" src="_static/language_data.js"></script> | ||||||
|  |      | ||||||
|  |     <script type="text/javascript" src="_static/js/theme.js"></script> | ||||||
|  | 
 | ||||||
|  |      | ||||||
|  | 
 | ||||||
|  |    | ||||||
|  |   <link rel="stylesheet" href="_static/css/theme.css" type="text/css" /> | ||||||
|  |   <link rel="stylesheet" href="_static/pygments.css" type="text/css" /> | ||||||
|  |     <link rel="index" title="Index" href="genindex.html" /> | ||||||
|  |     <link rel="search" title="Search" href="search.html" /> | ||||||
|  |     <link rel="prev" title="Section 3 - Windows Event Log Parsing" href="section3.html" /> | ||||||
|  |   | ||||||
|  | <!-- Global site tag (gtag.js) - Google Analytics --> | ||||||
|  | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-17386833-12"></script> | ||||||
|  | <script> | ||||||
|  |   window.dataLayer = window.dataLayer || []; | ||||||
|  |   function gtag(){dataLayer.push(arguments);} | ||||||
|  |   gtag('js', new Date()); | ||||||
|  | 
 | ||||||
|  |   gtag('config', 'UA-17386833-12'); | ||||||
|  | </script> | ||||||
|  | 
 | ||||||
|  | </head> | ||||||
|  | 
 | ||||||
|  | <body class="wy-body-for-nav"> | ||||||
|  | 
 | ||||||
|  |     | ||||||
|  |   <div class="wy-grid-for-nav"> | ||||||
|  |      | ||||||
|  |     <nav data-toggle="wy-nav-shift" class="wy-nav-side"> | ||||||
|  |       <div class="wy-side-scroll"> | ||||||
|  |         <div class="wy-side-nav-search" > | ||||||
|  |            | ||||||
|  | 
 | ||||||
|  |            | ||||||
|  |             <a href="index.html" class="icon icon-home"> Python Forensics Handbook | ||||||
|  |            | ||||||
|  | 
 | ||||||
|  |            | ||||||
|  |           </a> | ||||||
|  | 
 | ||||||
|  |            | ||||||
|  |              | ||||||
|  |              | ||||||
|  |               <div class="version"> | ||||||
|  |                 20191126 | ||||||
|  |               </div> | ||||||
|  |              | ||||||
|  |            | ||||||
|  | 
 | ||||||
|  |            | ||||||
|  | <div role="search"> | ||||||
|  |   <form id="rtd-search-form" class="wy-form" action="search.html" method="get"> | ||||||
|  |     <input type="text" name="q" placeholder="Search docs" /> | ||||||
|  |     <input type="hidden" name="check_keywords" value="yes" /> | ||||||
|  |     <input type="hidden" name="area" value="default" /> | ||||||
|  |   </form> | ||||||
|  | </div> | ||||||
|  | 
 | ||||||
|  |            | ||||||
|  |         </div> | ||||||
|  | 
 | ||||||
|  |         <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation"> | ||||||
|  |            | ||||||
|  |              | ||||||
|  |              | ||||||
|  |                | ||||||
|  |              | ||||||
|  |              | ||||||
|  |               <p class="caption"><span class="caption-text">Table of Contents:</span></p> | ||||||
|  | <ul class="current"> | ||||||
|  | <li class="toctree-l1"><a class="reference internal" href="section1.html">Section 1 - Essential Scripts</a></li> | ||||||
|  | <li class="toctree-l1"><a class="reference internal" href="section2.html">Section 2 - Registry Parsing</a></li> | ||||||
|  | <li class="toctree-l1"><a class="reference internal" href="section3.html">Section 3 - Windows Event Log Parsing</a></li> | ||||||
|  | <li class="toctree-l1 current"><a class="current reference internal" href="#">Section 6 - Sqlite & MacOS/Mobile/Browsers</a><ul> | ||||||
|  | <li class="toctree-l2"><a class="reference internal" href="#module-sections.section_06.opening_sqlite">Section 6.1 - Opening Sqlite</a><ul> | ||||||
|  | <li class="toctree-l3"><a class="reference internal" href="#opening-sqlite-configuration">Opening Sqlite configuration</a></li> | ||||||
|  | <li class="toctree-l3"><a class="reference internal" href="#listing-tables-configuration">Listing Tables configuration</a></li> | ||||||
|  | </ul> | ||||||
|  | </li> | ||||||
|  | <li class="toctree-l2"><a class="reference internal" href="#indices-and-tables">Indices and tables</a></li> | ||||||
|  | </ul> | ||||||
|  | </li> | ||||||
|  | </ul> | ||||||
|  | 
 | ||||||
|  |              | ||||||
|  |            | ||||||
|  |         </div> | ||||||
|  |       </div> | ||||||
|  |     </nav> | ||||||
|  | 
 | ||||||
|  |     <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"> | ||||||
|  | 
 | ||||||
|  |        | ||||||
|  |       <nav class="wy-nav-top" aria-label="top navigation"> | ||||||
|  |          | ||||||
|  |           <i data-toggle="wy-nav-top" class="fa fa-bars"></i> | ||||||
|  |           <a href="index.html">Python Forensics Handbook</a> | ||||||
|  |          | ||||||
|  |       </nav> | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  |       <div class="wy-nav-content"> | ||||||
|  |          | ||||||
|  |         <div class="rst-content"> | ||||||
|  |          | ||||||
|  |            | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | <div role="navigation" aria-label="breadcrumbs navigation"> | ||||||
|  | 
 | ||||||
|  |   <ul class="wy-breadcrumbs"> | ||||||
|  |      | ||||||
|  |       <li><a href="index.html">Docs</a> »</li> | ||||||
|  |          | ||||||
|  |       <li>Section 6 - Sqlite & MacOS/Mobile/Browsers</li> | ||||||
|  |      | ||||||
|  |      | ||||||
|  |       <li class="wy-breadcrumbs-aside"> | ||||||
|  |          | ||||||
|  |              | ||||||
|  |             <a href="_sources/section6.rst.txt" rel="nofollow"> View page source</a> | ||||||
|  |            | ||||||
|  |          | ||||||
|  |       </li> | ||||||
|  |      | ||||||
|  |   </ul> | ||||||
|  | 
 | ||||||
|  |    | ||||||
|  |   <hr/> | ||||||
|  | </div> | ||||||
|  |           <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article"> | ||||||
|  |            <div itemprop="articleBody"> | ||||||
|  |              | ||||||
|  |   <div class="section" id="section-6-sqlite-macos-mobile-browsers"> | ||||||
|  | <h1>Section 6 - Sqlite & MacOS/Mobile/Browsers<a class="headerlink" href="#section-6-sqlite-macos-mobile-browsers" title="Permalink to this headline">¶</a></h1> | ||||||
|  | <div class="toctree-wrapper compound"> | ||||||
|  | </div> | ||||||
|  | <div class="section" id="module-sections.section_06.opening_sqlite"> | ||||||
|  | <span id="section-6-1-opening-sqlite"></span><h2>Section 6.1 - Opening Sqlite<a class="headerlink" href="#module-sections.section_06.opening_sqlite" title="Permalink to this headline">¶</a></h2> | ||||||
|  | <p>Example for opening and exploring Sqlite databased | ||||||
|  | for your command line utility.</p> | ||||||
|  | <p>Example Usage:</p> | ||||||
|  | <blockquote> | ||||||
|  | <div><p><code class="docutils literal notranslate"><span class="pre">$</span> <span class="pre">python</span> <span class="pre">opening_sqlite.py</span> <span class="pre">history_db</span></code></p> | ||||||
|  | </div></blockquote> | ||||||
|  | <p>References:</p> | ||||||
|  | <ul class="simple"> | ||||||
|  | <li><p><a class="reference external" href="https://docs.python.org/3/library/argparse.html">https://docs.python.org/3/library/argparse.html</a></p></li> | ||||||
|  | <li><p><a class="reference external" href="https://docs.python.org/3/library/os.html">https://docs.python.org/3/library/os.html</a></p></li> | ||||||
|  | <li><p><a class="reference external" href="https://docs.python.org/3/library/sqlite3.html">https://docs.python.org/3/library/sqlite3.html</a></p></li> | ||||||
|  | </ul> | ||||||
|  | <div class="section" id="opening-sqlite-configuration"> | ||||||
|  | <h3>Opening Sqlite configuration<a class="headerlink" href="#opening-sqlite-configuration" title="Permalink to this headline">¶</a></h3> | ||||||
|  | <p>This function shows an example of opening a Sqlite database with Python. | ||||||
|  | Additional information regarding Sqlite modules can be | ||||||
|  | seen at <a class="reference external" href="https://docs.python.org/3/library/sqlite3.html">https://docs.python.org/3/library/sqlite3.html</a>.</p> | ||||||
|  | <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="k">def</span> <span class="nf">open_sqlite</span><span class="p">(</span><span class="n">inputdb</span><span class="p">):</span> | ||||||
|  |     <span class="nb">print</span><span class="p">(</span><span class="s2">"Provided Database: </span><span class="si">{}</span><span class="s2">"</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">inputdb</span><span class="p">))</span> | ||||||
|  |     <span class="k">return</span> <span class="n">sqlite3</span><span class="o">.</span><span class="n">connect</span><span class="p">(</span><span class="n">inputdb</span><span class="p">)</span> | ||||||
|  | </pre></div> | ||||||
|  | </div> | ||||||
|  | </div> | ||||||
|  | <div class="section" id="listing-tables-configuration"> | ||||||
|  | <h3>Listing Tables configuration<a class="headerlink" href="#listing-tables-configuration" title="Permalink to this headline">¶</a></h3> | ||||||
|  | <p>This function shows an example of listing available tables in an opened Sqlite database.</p> | ||||||
|  | <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="k">def</span> <span class="nf">list_tables</span><span class="p">(</span><span class="n">conn</span><span class="p">):</span> | ||||||
|  |     <span class="n">cur</span> <span class="o">=</span> <span class="n">conn</span><span class="o">.</span><span class="n">cursor</span><span class="p">()</span> | ||||||
|  |     <span class="n">cur</span><span class="o">.</span><span class="n">execute</span><span class="p">(</span><span class="s2">"SELECT name FROM sqlite_master"</span><span class="p">)</span> | ||||||
|  |     <span class="n">table_list</span> <span class="o">=</span> <span class="p">[]</span> | ||||||
|  |     <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="n">cur</span><span class="o">.</span><span class="n">fetchall</span><span class="p">():</span> | ||||||
|  |         <span class="n">table_list</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="n">i</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span> | ||||||
|  |      | ||||||
|  |     <span class="k">return</span> <span class="n">table_list</span> | ||||||
|  | </pre></div> | ||||||
|  | </div> | ||||||
|  | </div> | ||||||
|  | </div> | ||||||
|  | <div class="section" id="indices-and-tables"> | ||||||
|  | <h2>Indices and tables<a class="headerlink" href="#indices-and-tables" title="Permalink to this headline">¶</a></h2> | ||||||
|  | <ul class="simple"> | ||||||
|  | <li><p><a class="reference internal" href="genindex.html"><span class="std std-ref">Index</span></a></p></li> | ||||||
|  | <li><p><a class="reference internal" href="py-modindex.html"><span class="std std-ref">Module Index</span></a></p></li> | ||||||
|  | <li><p><a class="reference internal" href="search.html"><span class="std std-ref">Search Page</span></a></p></li> | ||||||
|  | </ul> | ||||||
|  | </div> | ||||||
|  | </div> | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  |            </div> | ||||||
|  |             | ||||||
|  |           </div> | ||||||
|  |           <footer> | ||||||
|  |    | ||||||
|  |     <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation"> | ||||||
|  |        | ||||||
|  |        | ||||||
|  |         <a href="section3.html" class="btn btn-neutral float-left" title="Section 3 - Windows Event Log Parsing" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left"></span> Previous</a> | ||||||
|  |        | ||||||
|  |     </div> | ||||||
|  |    | ||||||
|  | 
 | ||||||
|  |   <hr/> | ||||||
|  | 
 | ||||||
|  |   <div role="contentinfo"> | ||||||
|  |     <p> | ||||||
|  |         © Copyright 2019, Chapin Bryce | ||||||
|  | 
 | ||||||
|  |     </p> | ||||||
|  |   </div> | ||||||
|  |   Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/rtfd/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.  | ||||||
|  | 
 | ||||||
|  | </footer> | ||||||
|  | 
 | ||||||
|  |         </div> | ||||||
|  |       </div> | ||||||
|  | 
 | ||||||
|  |     </section> | ||||||
|  | 
 | ||||||
|  |   </div> | ||||||
|  |    | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  |   <script type="text/javascript"> | ||||||
|  |       jQuery(function () { | ||||||
|  |           SphinxRtdTheme.Navigation.enable(true); | ||||||
|  |       }); | ||||||
|  |   </script> | ||||||
|  | 
 | ||||||
|  |    | ||||||
|  |    | ||||||
|  |      | ||||||
|  |     | ||||||
|  | 
 | ||||||
|  | </body> | ||||||
|  | </html> | ||||||
|  | @ -16,6 +16,7 @@ A guide for developing Python scripts in DFIR | ||||||
|    section1 |    section1 | ||||||
|    section2 |    section2 | ||||||
|    section3 |    section3 | ||||||
|  |    section6 | ||||||
| 
 | 
 | ||||||
| Handbook Sections | Handbook Sections | ||||||
| ============================== | ============================== | ||||||
|  |  | ||||||
|  | @ -35,4 +35,4 @@ goto end | ||||||
| popd | popd | ||||||
| 
 | 
 | ||||||
| REM copy HTML to docs folder | REM copy HTML to docs folder | ||||||
| robocopy _build\html ..\docs /S /E | robocopy _build\html ..\docs /S /E /NFL /NDL /NJH /NJS | ||||||
|  | @ -0,0 +1,17 @@ | ||||||
|  | Section 6 - Sqlite & MacOS/Mobile/Browsers | ||||||
|  | ========================================== | ||||||
|  | .. toctree:: | ||||||
|  |    :maxdepth: 2 | ||||||
|  |    :caption: Contents: | ||||||
|  | 
 | ||||||
|  | Section 6.1 - Opening Sqlite | ||||||
|  | -------------------------------- | ||||||
|  | .. automodule:: sections.section_06.opening_sqlite | ||||||
|  |    :members: | ||||||
|  | 
 | ||||||
|  | Indices and tables | ||||||
|  | -------------------------------- | ||||||
|  | 
 | ||||||
|  | * :ref:`genindex` | ||||||
|  | * :ref:`modindex` | ||||||
|  | * :ref:`search` | ||||||
|  | @ -0,0 +1,91 @@ | ||||||
|  | """Example for opening and exploring Sqlite databased  | ||||||
|  | for your command line utility. | ||||||
|  | 
 | ||||||
|  | Example Usage: | ||||||
|  | 
 | ||||||
|  |     ``$ python opening_sqlite.py history_db`` | ||||||
|  | 
 | ||||||
|  | References: | ||||||
|  | 
 | ||||||
|  | * https://docs.python.org/3/library/argparse.html | ||||||
|  | * https://docs.python.org/3/library/os.html | ||||||
|  | * https://docs.python.org/3/library/sqlite3.html | ||||||
|  | 
 | ||||||
|  | Opening Sqlite configuration | ||||||
|  | ============================ | ||||||
|  | 
 | ||||||
|  | This function shows an example of opening a Sqlite database with Python.  | ||||||
|  | Additional information regarding Sqlite modules can be | ||||||
|  | seen at https://docs.python.org/3/library/sqlite3.html. | ||||||
|  | 
 | ||||||
|  | .. literalinclude:: ../sections/section_06/opening_sqlite.py | ||||||
|  |     :pyobject: open_sqlite | ||||||
|  | 
 | ||||||
|  | Listing Tables configuration | ||||||
|  | ============================ | ||||||
|  | 
 | ||||||
|  | This function shows an example of listing available tables in an opened Sqlite database. | ||||||
|  | 
 | ||||||
|  | .. literalinclude:: ../sections/section_06/opening_sqlite.py | ||||||
|  |     :pyobject: list_tables | ||||||
|  | """ | ||||||
|  | import argparse | ||||||
|  | import os | ||||||
|  | import sqlite3 | ||||||
|  | 
 | ||||||
|  | """ | ||||||
|  | Copyright 2019 Brittney Argirakis | ||||||
|  | 
 | ||||||
|  | Permission is hereby granted, free of charge, to any person | ||||||
|  | obtaining a copy of this software and associated documentation | ||||||
|  | files (the "Software"), to deal in the Software without | ||||||
|  | restriction, including without limitation the rights to use, copy, | ||||||
|  | modify, merge, publish, distribute, sublicense, and/or sell copies | ||||||
|  | of the Software, and to permit persons to whom the Software is | ||||||
|  | furnished to do so, subject to the following conditions: | ||||||
|  | 
 | ||||||
|  | The above copyright notice and this permission notice shall be | ||||||
|  | included in all copies or substantial portions of the Software. | ||||||
|  | 
 | ||||||
|  | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | ||||||
|  | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES | ||||||
|  | OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND | ||||||
|  | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT | ||||||
|  | HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, | ||||||
|  | WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||||||
|  | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER | ||||||
|  | DEALINGS IN THE SOFTWARE. | ||||||
|  | """ | ||||||
|  | 
 | ||||||
|  | __author__ = 'Brittney Argirakis' | ||||||
|  | __date__ = 20191126 | ||||||
|  | __license__ = 'MIT Copyright 2019 Brittney Argirakis' | ||||||
|  | __desc__ = '''Sample script to open a SqLite DB.''' | ||||||
|  | __docs__ = [ | ||||||
|  |     'https://docs.python.org/3/library/argparse.html', | ||||||
|  |     'https://docs.python.org/3/library/os.html', | ||||||
|  |     'https://docs.python.org/3/library/sqlite3.html' | ||||||
|  | ] | ||||||
|  | 
 | ||||||
|  | def open_sqlite(inputdb): | ||||||
|  |     print("Provided Database: {}".format(inputdb)) | ||||||
|  |     return sqlite3.connect(inputdb) | ||||||
|  | 
 | ||||||
|  | def list_tables(conn): | ||||||
|  |     cur = conn.cursor() | ||||||
|  |     cur.execute("SELECT name FROM sqlite_master") | ||||||
|  |     table_list = [] | ||||||
|  |     for i in cur.fetchall(): | ||||||
|  |         table_list.append(i[0]) | ||||||
|  |      | ||||||
|  |     return table_list | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | if __name__ == "__main__": | ||||||
|  |     parser = argparse.ArgumentParser() | ||||||
|  |     parser.add_argument("db", help="path to the database to read") | ||||||
|  |     args = parser.parse_args() | ||||||
|  |     conn = open_sqlite(args.db) | ||||||
|  |     listed_tables = list_tables(conn) | ||||||
|  | 
 | ||||||
|  |     print(listed_tables) | ||||||
		Loading…
	
		Reference in New Issue