RomanNum3ral
/
python-forensics-handbook
mirror of https://github.com/chapinb/python-forensics-handbook.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
python-forensics-handbook/docs/section1.html

648 lines
43 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Section 1 - Essential Scripts &mdash; Python Forensics Handbook 20191126 documentation</title>
<script type="text/javascript" src="_static/js/modernizr.min.js"></script>
<script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
<script type="text/javascript" src="_static/language_data.js"></script>
<script type="text/javascript" src="_static/js/theme.js"></script>
<link rel="stylesheet" href="_static/css/theme.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<link rel="index" title="Index" href="genindex.html" />
<link rel="search" title="Search" href="search.html" />
<link rel="next" title="Section 2 - Registry Parsing" href="section2.html" />
<link rel="prev" title="The Python Forensics Handbook" href="index.html" />
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-17386833-12"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-17386833-12');
</script>
</head>
<body class="wy-body-for-nav">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side">
<div class="wy-side-scroll">
<div class="wy-side-nav-search" >
<a href="index.html" class="icon icon-home"> Python Forensics Handbook
</a>
<div class="version">
20191126
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="search.html" method="get">
<input type="text" name="q" placeholder="Search docs" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div>
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
<p class="caption"><span class="caption-text">Table of Contents:</span></p>
<ul class="current">
<li class="toctree-l1 current"><a class="current reference internal" href="#">Section 1 - Essential Scripts</a><ul>
<li class="toctree-l2"><a class="reference internal" href="#module-sections.section_01.argparse_example">Section 1.1 - Argparse Example</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#argparse-configuration">Argparse configuration</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="#module-sections.section_01.logging_example">Section 1.2 - Logging Example</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#logging-configuration">Logging configuration</a></li>
<li class="toctree-l3"><a class="reference internal" href="#docstring-references">Docstring References</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="#module-sections.section_01.open_files">Section 1.3 - Open Files</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#open-files-with-proper-encoding">Open files with proper encoding</a></li>
<li class="toctree-l3"><a class="reference internal" href="#id1">Docstring References</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="#module-sections.section_01.csv_example">Section 1.4 - CSV Example</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#list-of-dictionaries-to-csv">List of dictionaries to CSV</a></li>
<li class="toctree-l3"><a class="reference internal" href="#list-of-ordered-lists-to-csv">List of ordered lists to CSV</a></li>
<li class="toctree-l3"><a class="reference internal" href="#id2">Docstring References</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="#module-sections.section_01.recursion_example">Section 1.5 - Directory Recursion</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#list-a-directory">List a directory</a></li>
<li class="toctree-l3"><a class="reference internal" href="#list-a-directory-recursively">List a directory recursively</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="#indices-and-tables">Indices and tables</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="section2.html">Section 2 - Registry Parsing</a></li>
<li class="toctree-l1"><a class="reference internal" href="section3.html">Section 3 - Windows Event Log Parsing</a></li>
</ul>
</div>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
<nav class="wy-nav-top" aria-label="top navigation">
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="index.html">Python Forensics Handbook</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="breadcrumbs navigation">
<ul class="wy-breadcrumbs">
<li><a href="index.html">Docs</a> &raquo;</li>
<li>Section 1 - Essential Scripts</li>
<li class="wy-breadcrumbs-aside">
<a href="_sources/section1.rst.txt" rel="nofollow"> View page source</a>
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
<div class="section" id="section-1-essential-scripts">
<h1>Section 1 - Essential Scripts<a class="headerlink" href="#section-1-essential-scripts" title="Permalink to this headline"></a></h1>
<div class="toctree-wrapper compound">
</div>
<div class="section" id="module-sections.section_01.argparse_example">
<span id="section-1-1-argparse-example"></span><h2>Section 1.1 - Argparse Example<a class="headerlink" href="#module-sections.section_01.argparse_example" title="Permalink to this headline"></a></h2>
<p>Example for setting up arguments for your command line utility.</p>
<p>Example Usage:</p>
<blockquote>
<div><p><code class="docutils literal notranslate"><span class="pre">$</span> <span class="pre">python</span> <span class="pre">argparse.py</span></code></p>
</div></blockquote>
<p>References:</p>
<ul class="simple">
<li><p><a class="reference external" href="https://docs.python.org/3/library/argparse.html">https://docs.python.org/3/library/argparse.html</a></p></li>
<li><p><a class="reference external" href="https://docs.python.org/3/library/os.html">https://docs.python.org/3/library/os.html</a></p></li>
<li><p><a class="reference external" href="https://docs.python.org/3/library/pathlib.html">https://docs.python.org/3/library/pathlib.html</a></p></li>
</ul>
<div class="section" id="argparse-configuration">
<h3>Argparse configuration<a class="headerlink" href="#argparse-configuration" title="Permalink to this headline"></a></h3>
<p>This function shows an example of creating an argparse instance
with required and optional parameters. Further, it demonstrates
how to set default values and boolean arguments. the <code class="docutils literal notranslate"><span class="pre">argparse</span></code>
module has many more features documented at
<a class="reference external" href="https://docs.python.org/3/library/argparse.html">https://docs.python.org/3/library/argparse.html</a></p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="k">def</span> <span class="nf">setup_argparse</span><span class="p">():</span>
<span class="c1"># Setup a parser instance with common fields including a</span>
<span class="c1"># description and epilog. The `formatter_class` instructs</span>
<span class="c1"># argparse to show default values set for parameters.</span>
<span class="n">parser</span> <span class="o">=</span> <span class="n">argparse</span><span class="o">.</span><span class="n">ArgumentParser</span><span class="p">(</span>
<span class="n">description</span><span class="o">=</span><span class="s1">&#39;Sample Argparse&#39;</span><span class="p">,</span>
<span class="n">formatter_class</span><span class="o">=</span><span class="n">argparse</span><span class="o">.</span><span class="n">ArgumentDefaultsHelpFormatter</span><span class="p">,</span>
<span class="n">epilog</span><span class="o">=</span><span class="n">f</span><span class="s2">&quot;Built by </span><span class="si">{__author__}</span><span class="s2">, v.</span><span class="si">{__date__}</span><span class="s2">&quot;</span>
<span class="p">)</span>
<span class="c1"># The simplest form of adding an argument, the name of the</span>
<span class="c1"># parameter and a description of its form.</span>
<span class="n">parser</span><span class="o">.</span><span class="n">add_argument</span><span class="p">(</span><span class="s1">&#39;INPUT_FILE&#39;</span><span class="p">,</span> <span class="n">help</span><span class="o">=</span><span class="s2">&quot;Input file to parse&quot;</span><span class="p">)</span>
<span class="n">parser</span><span class="o">.</span><span class="n">add_argument</span><span class="p">(</span><span class="s1">&#39;OUTPUT_FOLDER&#39;</span><span class="p">,</span>
<span class="n">help</span><span class="o">=</span><span class="s2">&quot;Folder to store output&quot;</span><span class="p">)</span>
<span class="c1"># An optional argument with multiple methods of specifying</span>
<span class="c1"># the parameter. Includes a default value</span>
<span class="n">parser</span><span class="o">.</span><span class="n">add_argument</span><span class="p">(</span><span class="s1">&#39;-l&#39;</span><span class="p">,</span> <span class="s1">&#39;--log&#39;</span><span class="p">,</span> <span class="n">help</span><span class="o">=</span><span class="s2">&quot;Path to log file&quot;</span><span class="p">,</span>
<span class="n">default</span><span class="o">=</span><span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">abspath</span><span class="p">(</span><span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">join</span><span class="p">(</span>
<span class="n">PurePath</span><span class="p">(</span><span class="vm">__file__</span><span class="p">)</span><span class="o">.</span><span class="n">parent</span><span class="p">,</span>
<span class="n">PurePath</span><span class="p">(</span><span class="vm">__file__</span><span class="p">)</span><span class="o">.</span><span class="n">name</span><span class="o">.</span><span class="n">rsplit</span><span class="p">(</span><span class="s1">&#39;.&#39;</span><span class="p">,</span> <span class="mi">1</span><span class="p">)[</span><span class="mi">0</span><span class="p">]</span> <span class="o">+</span> <span class="s1">&#39;.log&#39;</span><span class="p">))</span>
<span class="p">)</span>
<span class="c1"># An optional argument which does not accept a value, instead</span>
<span class="c1"># just modifies functionality.</span>
<span class="n">parser</span><span class="o">.</span><span class="n">add_argument</span><span class="p">(</span><span class="s1">&#39;-v&#39;</span><span class="p">,</span> <span class="s1">&#39;--verbose&#39;</span><span class="p">,</span> <span class="n">action</span><span class="o">=</span><span class="s1">&#39;store_true&#39;</span><span class="p">,</span>
<span class="n">help</span><span class="o">=</span><span class="s1">&#39;Include debug log messages&#39;</span><span class="p">)</span>
<span class="c1"># Once we&#39;ve specified our arguments we can parse them for</span>
<span class="c1"># reference</span>
<span class="n">args</span> <span class="o">=</span> <span class="n">parser</span><span class="o">.</span><span class="n">parse_args</span><span class="p">()</span>
<span class="c1"># Returning our parsed arguments for further use.</span>
<span class="k">return</span> <span class="n">args</span>
</pre></div>
</div>
</div>
</div>
<div class="section" id="module-sections.section_01.logging_example">
<span id="section-1-2-logging-example"></span><h2>Section 1.2 - Logging Example<a class="headerlink" href="#module-sections.section_01.logging_example" title="Permalink to this headline"></a></h2>
<p>Example for writing logging information to the console and a
log file.</p>
<p>Example Usage:</p>
<blockquote>
<div><p><code class="docutils literal notranslate"><span class="pre">$</span> <span class="pre">python</span> <span class="pre">logging_example.py</span></code></p>
</div></blockquote>
<p>References:</p>
<ul class="simple">
<li><p><a class="reference external" href="https://docs.python.org/3/library/logging.html">https://docs.python.org/3/library/logging.html</a></p></li>
<li><p><a class="reference external" href="https://docs.python.org/3/library/os.html">https://docs.python.org/3/library/os.html</a></p></li>
</ul>
<div class="section" id="logging-configuration">
<h3>Logging configuration<a class="headerlink" href="#logging-configuration" title="Permalink to this headline"></a></h3>
<p>This function shows an example of creating a logging instance that
writes messages to both STDERR and a file, allowing your script
to write content to STDOUT uninterrupted. Additionally, you can
set different logging levels for the two handlers - generally you
keep debugging information in the log file while writing more
critical messages to the console in STDERR.</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="k">def</span> <span class="nf">setup_logging</span><span class="p">():</span>
<span class="sd">&quot;&quot;&quot;Function to setup logging configuration and test it.&quot;&quot;&quot;</span>
<span class="c1"># Allow us to modify the `logger` variable within a function</span>
<span class="k">global</span> <span class="n">logger</span>
<span class="c1"># Set logger object, uses module&#39;s name</span>
<span class="n">logger</span> <span class="o">=</span> <span class="n">logging</span><span class="o">.</span><span class="n">getLogger</span><span class="p">(</span><span class="n">name</span><span class="o">=</span><span class="vm">__name__</span><span class="p">)</span>
<span class="c1"># Set default logger level to DEBUG. You can change this later</span>
<span class="n">logger</span><span class="o">.</span><span class="n">setLevel</span><span class="p">(</span><span class="n">logging</span><span class="o">.</span><span class="n">DEBUG</span><span class="p">)</span>
<span class="c1"># Logging formatter. Best to keep consistent for most usecases</span>
<span class="n">log_format</span> <span class="o">=</span> <span class="n">logging</span><span class="o">.</span><span class="n">Formatter</span><span class="p">(</span>
<span class="s1">&#39;</span><span class="si">%(asctime)s</span><span class="s1"> </span><span class="si">%(filename)s</span><span class="s1"> </span><span class="si">%(levelname)s</span><span class="s1"> </span><span class="si">%(module)s</span><span class="s1"> &#39;</span>
<span class="s1">&#39;</span><span class="si">%(funcName)s</span><span class="s1"> </span><span class="si">%(lineno)d</span><span class="s1"> </span><span class="si">%(message)s</span><span class="s1">&#39;</span><span class="p">)</span>
<span class="c1"># Setup STDERR logging, allowing you uninterrupted</span>
<span class="c1"># STDOUT redirection</span>
<span class="n">stderr_handle</span> <span class="o">=</span> <span class="n">logging</span><span class="o">.</span><span class="n">StreamHandler</span><span class="p">(</span><span class="n">stream</span><span class="o">=</span><span class="n">sys</span><span class="o">.</span><span class="n">stderr</span><span class="p">)</span>
<span class="n">stderr_handle</span><span class="o">.</span><span class="n">setLevel</span><span class="p">(</span><span class="n">logging</span><span class="o">.</span><span class="n">INFO</span><span class="p">)</span>
<span class="n">stderr_handle</span><span class="o">.</span><span class="n">setFormatter</span><span class="p">(</span><span class="n">log_format</span><span class="p">)</span>
<span class="c1"># Setup file logging</span>
<span class="n">file_handle</span> <span class="o">=</span> <span class="n">logging</span><span class="o">.</span><span class="n">FileHandler</span><span class="p">(</span><span class="s1">&#39;sample.log&#39;</span><span class="p">,</span> <span class="s1">&#39;a&#39;</span><span class="p">)</span>
<span class="n">file_handle</span><span class="o">.</span><span class="n">setLevel</span><span class="p">(</span><span class="n">logging</span><span class="o">.</span><span class="n">DEBUG</span><span class="p">)</span>
<span class="n">file_handle</span><span class="o">.</span><span class="n">setFormatter</span><span class="p">(</span><span class="n">log_format</span><span class="p">)</span>
<span class="c1"># Add handles</span>
<span class="n">logger</span><span class="o">.</span><span class="n">addHandler</span><span class="p">(</span><span class="n">stderr_handle</span><span class="p">)</span>
<span class="n">logger</span><span class="o">.</span><span class="n">addHandler</span><span class="p">(</span><span class="n">file_handle</span><span class="p">)</span>
<span class="c1"># Sample log messages</span>
<span class="n">logger</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span><span class="s2">&quot;This is a debug message&quot;</span><span class="p">)</span>
<span class="n">logger</span><span class="o">.</span><span class="n">info</span><span class="p">(</span><span class="s2">&quot;This is an info message&quot;</span><span class="p">)</span>
<span class="n">logger</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span><span class="s2">&quot;This is a warning message&quot;</span><span class="p">)</span>
<span class="n">logger</span><span class="o">.</span><span class="n">error</span><span class="p">(</span><span class="s2">&quot;This is a error message&quot;</span><span class="p">)</span>
<span class="n">logger</span><span class="o">.</span><span class="n">critical</span><span class="p">(</span><span class="s2">&quot;This is a critical message&quot;</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">sample_function</span><span class="p">():</span>
<span class="sd">&quot;&quot;&quot;Sample function to demonstrate logging formatting.&quot;&quot;&quot;</span>
<span class="n">logger</span><span class="o">.</span><span class="n">info</span><span class="p">(</span><span class="s2">&quot;Called from a function&quot;</span><span class="p">)</span>
<span class="n">sample_function</span><span class="p">()</span>
</pre></div>
</div>
</div>
<div class="section" id="docstring-references">
<h3>Docstring References<a class="headerlink" href="#docstring-references" title="Permalink to this headline"></a></h3>
<dl class="function">
<dt id="sections.section_01.logging_example.setup_logging">
<code class="descname">setup_logging</code><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#sections.section_01.logging_example.setup_logging" title="Permalink to this definition"></a></dt>
<dd><p>Function to setup logging configuration and test it.</p>
</dd></dl>
</div>
</div>
<div class="section" id="module-sections.section_01.open_files">
<span id="section-1-3-open-files"></span><h2>Section 1.3 - Open Files<a class="headerlink" href="#module-sections.section_01.open_files" title="Permalink to this headline"></a></h2>
<p>Example for reading data from encoded text files.</p>
<p>Demonstrates how to handle setting the proper encoding for
UTF-8, UTF-16-LE, and UTF-16-BE with the ability to easily
expand to support checking other file magic values/signatures.</p>
<p>Example Usage:</p>
<blockquote>
<div><p><code class="docutils literal notranslate"><span class="pre">$</span> <span class="pre">python</span> <span class="pre">open_files.py</span></code></p>
</div></blockquote>
<p>References:</p>
<ul class="simple">
<li><p><a class="reference external" href="https://docs.python.org/3/library/io.html">https://docs.python.org/3/library/io.html</a></p></li>
</ul>
<div class="section" id="open-files-with-proper-encoding">
<h3>Open files with proper encoding<a class="headerlink" href="#open-files-with-proper-encoding" title="Permalink to this headline"></a></h3>
<p>This first function shows an example of opening a file after checking for a
byte-order mark (BOM). While this method could be expanded to check for a files
magic value/file signature, this low-tech method will help with parsing a
collection of files that may be UTF-8, UTF-16-LE, and UTF-16-BE, three very
common text file encodings. Feel free to build and share on this.</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="k">def</span> <span class="nf">open_file</span><span class="p">(</span><span class="n">input_file</span><span class="p">):</span>
<span class="sd">&quot;&quot;&quot;Opens an encoded text file and prints the contents</span>
<span class="sd"> Arguments:</span>
<span class="sd"> input_file (str): Path to file to open</span>
<span class="sd"> &quot;&quot;&quot;</span>
<span class="n">test_encoding</span> <span class="o">=</span> <span class="nb">open</span><span class="p">(</span><span class="n">input_file</span><span class="p">,</span> <span class="s1">&#39;rb&#39;</span><span class="p">)</span>
<span class="n">bom</span> <span class="o">=</span> <span class="n">test_encoding</span><span class="o">.</span><span class="n">read</span><span class="p">(</span><span class="mi">2</span><span class="p">)</span>
<span class="n">file_encoding</span> <span class="o">=</span> <span class="s1">&#39;utf-8&#39;</span>
<span class="k">if</span> <span class="n">bom</span> <span class="o">==</span> <span class="sa">b</span><span class="s1">&#39;FEFF&#39;</span><span class="p">:</span>
<span class="n">file_encoding</span> <span class="o">=</span> <span class="s1">&#39;utf-16-le&#39;</span>
<span class="k">elif</span> <span class="n">bom</span> <span class="o">==</span> <span class="sa">b</span><span class="s1">&#39;FFFE&#39;</span><span class="p">:</span>
<span class="n">file_encoding</span> <span class="o">=</span> <span class="s1">&#39;utf-16-be&#39;</span>
<span class="k">with</span> <span class="nb">open</span><span class="p">(</span><span class="n">input_file</span><span class="p">,</span> <span class="s1">&#39;r&#39;</span><span class="p">,</span> <span class="n">encoding</span><span class="o">=</span><span class="n">file_encoding</span><span class="p">)</span> <span class="k">as</span> <span class="n">fopen</span><span class="p">:</span>
<span class="k">for</span> <span class="n">raw_line</span> <span class="ow">in</span> <span class="n">fopen</span><span class="p">:</span>
<span class="n">line</span> <span class="o">=</span> <span class="n">raw_line</span><span class="o">.</span><span class="n">strip</span><span class="p">()</span>
<span class="nb">print</span><span class="p">(</span><span class="n">line</span><span class="p">)</span>
</pre></div>
</div>
</div>
<div class="section" id="id1">
<h3>Docstring References<a class="headerlink" href="#id1" title="Permalink to this headline"></a></h3>
<dl class="function">
<dt id="sections.section_01.open_files.open_file">
<code class="descname">open_file</code><span class="sig-paren">(</span><em>input_file</em><span class="sig-paren">)</span><a class="headerlink" href="#sections.section_01.open_files.open_file" title="Permalink to this definition"></a></dt>
<dd><p>Opens an encoded text file and prints the contents</p>
<dl class="field-list simple">
<dt class="field-odd">Parameters</dt>
<dd class="field-odd"><p><strong>input_file</strong> (<em>str</em>) Path to file to open</p>
</dd>
</dl>
</dd></dl>
</div>
</div>
<div class="section" id="module-sections.section_01.csv_example">
<span id="section-1-4-csv-example"></span><h2>Section 1.4 - CSV Example<a class="headerlink" href="#module-sections.section_01.csv_example" title="Permalink to this headline"></a></h2>
<p>Example for writing datasets into CSV files.</p>
<p>Demonstrates source datasets comprised of lists of dictionaries
and lists of lists as separate functions. Example data is
provided in line and will generate two identical CSVs as output.</p>
<p>Example Usage:</p>
<blockquote>
<div><p><code class="docutils literal notranslate"><span class="pre">$</span> <span class="pre">python</span> <span class="pre">csv_example.py</span></code></p>
</div></blockquote>
<p>References:</p>
<ul class="simple">
<li><p><a class="reference external" href="https://docs.python.org/3/library/csv.html">https://docs.python.org/3/library/csv.html</a></p></li>
<li><p><a class="reference external" href="https://docs.python.org/3/library/os.html">https://docs.python.org/3/library/os.html</a></p></li>
</ul>
<div class="section" id="list-of-dictionaries-to-csv">
<h3>List of dictionaries to CSV<a class="headerlink" href="#list-of-dictionaries-to-csv" title="Permalink to this headline"></a></h3>
<p>Example <code class="docutils literal notranslate"><span class="pre">data</span></code> variable:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span>
<span class="p">{</span><span class="s1">&#39;name&#39;</span><span class="p">:</span> <span class="s1">&#39;apple&#39;</span><span class="p">,</span> <span class="s1">&#39;quantity&#39;</span><span class="p">:</span> <span class="mi">10</span><span class="p">,</span> <span class="s1">&#39;location&#39;</span><span class="p">:</span> <span class="s1">&#39;VT&#39;</span><span class="p">},</span>
<span class="p">{</span><span class="s1">&#39;name&#39;</span><span class="p">:</span> <span class="s1">&#39;orange&#39;</span><span class="p">,</span> <span class="s1">&#39;quantity&#39;</span><span class="p">:</span> <span class="mi">5</span><span class="p">,</span> <span class="s1">&#39;location&#39;</span><span class="p">:</span> <span class="s1">&#39;FL&#39;</span><span class="p">}</span>
<span class="p">]</span>
</pre></div>
</div>
<p>This first function shows an example of writing a list containing
multiple dictionaries to a CSV file. You can optionally provide
an ordered list of headers to filter what rows to show, or let the
function use the keys of the first dictionary in the list to
generate the header information. The latter option may produce
a new order each iteration and is not prefered if you can
determine the headers in advance.</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="k">def</span> <span class="nf">write_csv_dicts</span><span class="p">(</span><span class="n">outfile</span><span class="p">,</span> <span class="n">data</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span>
<span class="sd">&quot;&quot;&quot;Writes a list of dictionaries to a CSV file.</span>
<span class="sd"> Arguments:</span>
<span class="sd"> outfile (str): Path to output file</span>
<span class="sd"> data (list): List of dictionaries to write to file</span>
<span class="sd"> headers (list): Header row to use. If empty, will use the</span>
<span class="sd"> first dictionary in the `data` list.</span>
<span class="sd"> &quot;&quot;&quot;</span>
<span class="k">if</span> <span class="ow">not</span> <span class="n">headers</span><span class="p">:</span>
<span class="c1"># Use the first line of data</span>
<span class="n">headers</span> <span class="o">=</span> <span class="p">[</span><span class="nb">str</span><span class="p">(</span><span class="n">x</span><span class="p">)</span> <span class="k">for</span> <span class="n">x</span> <span class="ow">in</span> <span class="n">data</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span><span class="o">.</span><span class="n">keys</span><span class="p">()]</span>
<span class="k">with</span> <span class="nb">open</span><span class="p">(</span><span class="n">outfile</span><span class="p">,</span> <span class="s1">&#39;w&#39;</span><span class="p">,</span> <span class="n">newline</span><span class="o">=</span><span class="s2">&quot;&quot;</span><span class="p">)</span> <span class="k">as</span> <span class="n">open_file</span><span class="p">:</span>
<span class="c1"># Write only provided headers, ignore others</span>
<span class="n">csvfile</span> <span class="o">=</span> <span class="n">csv</span><span class="o">.</span><span class="n">DictWriter</span><span class="p">(</span><span class="n">open_file</span><span class="p">,</span> <span class="n">headers</span><span class="p">,</span>
<span class="n">extrasaction</span><span class="o">=</span><span class="s1">&#39;ignore&#39;</span><span class="p">)</span>
<span class="n">csvfile</span><span class="o">.</span><span class="n">writeheader</span><span class="p">()</span>
<span class="n">csvfile</span><span class="o">.</span><span class="n">writerows</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
</pre></div>
</div>
</div>
<div class="section" id="list-of-ordered-lists-to-csv">
<h3>List of ordered lists to CSV<a class="headerlink" href="#list-of-ordered-lists-to-csv" title="Permalink to this headline"></a></h3>
<p>Example <code class="docutils literal notranslate"><span class="pre">data</span></code> variable:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span>
<span class="p">[</span><span class="s1">&#39;name&#39;</span><span class="p">,</span> <span class="s1">&#39;quantity&#39;</span><span class="p">,</span> <span class="s1">&#39;location&#39;</span><span class="p">],</span>
<span class="p">[</span><span class="s1">&#39;apple&#39;</span><span class="p">,</span> <span class="mi">10</span><span class="p">,</span> <span class="s1">&#39;VT&#39;</span><span class="p">],</span>
<span class="p">[</span><span class="s1">&#39;orange&#39;</span><span class="p">,</span> <span class="mi">5</span><span class="p">,</span> <span class="s1">&#39;FL&#39;</span><span class="p">]</span>
<span class="p">]</span>
</pre></div>
</div>
<p>This function shows an example of writing a list containing
multiple lists to a CSV file. You can optionally provide
an ordered list of headers, or let the function use the values
of the first element in the list to generate the header
information. Unlike the dictionary option, you cannot filter
column data by adjusting the provided headers, you must write all
columns to the CSV.</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="k">def</span> <span class="nf">write_csv_lists</span><span class="p">(</span><span class="n">outfile</span><span class="p">,</span> <span class="n">data</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span>
<span class="sd">&quot;&quot;&quot;Writes a list of lists to a CSV file.</span>
<span class="sd"> Arguments:</span>
<span class="sd"> outfile (str): Path to output file</span>
<span class="sd"> data (list): List of lists to write to file</span>
<span class="sd"> headers (list): Header row to use. If empty, will use the</span>
<span class="sd"> first list in the `data` list.</span>
<span class="sd"> &quot;&quot;&quot;</span>
<span class="k">with</span> <span class="nb">open</span><span class="p">(</span><span class="n">outfile</span><span class="p">,</span> <span class="s1">&#39;w&#39;</span><span class="p">,</span> <span class="n">newline</span><span class="o">=</span><span class="s2">&quot;&quot;</span><span class="p">)</span> <span class="k">as</span> <span class="n">open_file</span><span class="p">:</span>
<span class="c1"># Write only provided headers, ignore others</span>
<span class="n">csvfile</span> <span class="o">=</span> <span class="n">csv</span><span class="o">.</span><span class="n">writer</span><span class="p">(</span><span class="n">open_file</span><span class="p">)</span>
<span class="k">for</span> <span class="n">count</span><span class="p">,</span> <span class="n">entry</span> <span class="ow">in</span> <span class="nb">enumerate</span><span class="p">(</span><span class="n">data</span><span class="p">):</span>
<span class="k">if</span> <span class="n">count</span> <span class="o">==</span> <span class="mi">0</span><span class="p">:</span>
<span class="c1"># If headers are defined, write them, otherwise</span>
<span class="c1"># continue as they will be written anyways</span>
<span class="k">if</span> <span class="n">headers</span><span class="p">:</span>
<span class="n">csvfile</span><span class="o">.</span><span class="n">writerow</span><span class="p">(</span><span class="n">headers</span><span class="p">)</span>
<span class="n">csvfile</span><span class="o">.</span><span class="n">writerow</span><span class="p">(</span><span class="n">entry</span><span class="p">)</span>
</pre></div>
</div>
</div>
<div class="section" id="id2">
<h3>Docstring References<a class="headerlink" href="#id2" title="Permalink to this headline"></a></h3>
<dl class="function">
<dt id="sections.section_01.csv_example.write_csv_dicts">
<code class="descname">write_csv_dicts</code><span class="sig-paren">(</span><em>outfile</em>, <em>data</em>, <em>headers=None</em><span class="sig-paren">)</span><a class="headerlink" href="#sections.section_01.csv_example.write_csv_dicts" title="Permalink to this definition"></a></dt>
<dd><p>Writes a list of dictionaries to a CSV file.</p>
<dl class="field-list simple">
<dt class="field-odd">Parameters</dt>
<dd class="field-odd"><ul class="simple">
<li><p><strong>outfile</strong> (<em>str</em>) Path to output file</p></li>
<li><p><strong>data</strong> (<em>list</em>) List of dictionaries to write to file</p></li>
<li><p><strong>headers</strong> (<em>list</em>) Header row to use. If empty, will use the
first dictionary in the <cite>data</cite> list.</p></li>
</ul>
</dd>
</dl>
</dd></dl>
<dl class="function">
<dt id="sections.section_01.csv_example.write_csv_lists">
<code class="descname">write_csv_lists</code><span class="sig-paren">(</span><em>outfile</em>, <em>data</em>, <em>headers=None</em><span class="sig-paren">)</span><a class="headerlink" href="#sections.section_01.csv_example.write_csv_lists" title="Permalink to this definition"></a></dt>
<dd><p>Writes a list of lists to a CSV file.</p>
<dl class="field-list simple">
<dt class="field-odd">Parameters</dt>
<dd class="field-odd"><ul class="simple">
<li><p><strong>outfile</strong> (<em>str</em>) Path to output file</p></li>
<li><p><strong>data</strong> (<em>list</em>) List of lists to write to file</p></li>
<li><p><strong>headers</strong> (<em>list</em>) Header row to use. If empty, will use the
first list in the <cite>data</cite> list.</p></li>
</ul>
</dd>
</dl>
</dd></dl>
</div>
</div>
<div class="section" id="module-sections.section_01.recursion_example">
<span id="section-1-5-directory-recursion"></span><h2>Section 1.5 - Directory Recursion<a class="headerlink" href="#module-sections.section_01.recursion_example" title="Permalink to this headline"></a></h2>
<p>File recursion example.</p>
<p>Demonstration of iterating through a directory to interact with
files.</p>
<p>Example Usage:</p>
<blockquote>
<div><p><code class="docutils literal notranslate"><span class="pre">$</span> <span class="pre">python</span> <span class="pre">recursion_example.py</span></code></p>
</div></blockquote>
<p>References:</p>
<ul class="simple">
<li><p><a class="reference external" href="https://docs.python.org/3/library/os.html">https://docs.python.org/3/library/os.html</a></p></li>
</ul>
<div class="section" id="list-a-directory">
<h3>List a directory<a class="headerlink" href="#list-a-directory" title="Permalink to this headline"></a></h3>
<p>This function shows an example of displaying all files and
folders within a single directory. From here you can further
interact with individual files and folders or iterate recursively
by calling the function on identified subdirectories.</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="k">def</span> <span class="nf">list_directory</span><span class="p">(</span><span class="n">path</span><span class="p">):</span>
<span class="sd">&quot;&quot;&quot;List all file and folder entries in `path`.&quot;&quot;&quot;</span>
<span class="nb">print</span><span class="p">(</span><span class="n">f</span><span class="s2">&quot;Files and folders in &#39;{os.path.abspath(path)}&#39;:&quot;</span><span class="p">)</span>
<span class="c1"># Quick and easy method for listing items within a single</span>
<span class="c1"># folder.</span>
<span class="k">for</span> <span class="n">entry</span> <span class="ow">in</span> <span class="n">os</span><span class="o">.</span><span class="n">listdir</span><span class="p">(</span><span class="n">path</span><span class="p">):</span>
<span class="c1"># Print all entry names</span>
<span class="nb">print</span><span class="p">(</span><span class="n">f</span><span class="s2">&quot;</span><span class="se">\t</span><span class="si">{entry}</span><span class="s2">&quot;</span><span class="p">)</span>
</pre></div>
</div>
</div>
<div class="section" id="list-a-directory-recursively">
<h3>List a directory recursively<a class="headerlink" href="#list-a-directory-recursively" title="Permalink to this headline"></a></h3>
<p>This function shows an example of displaying all files and
folders within a all directories. You dont need to worry about
additional function calls as the <code class="docutils literal notranslate"><span class="pre">os.walk()</span></code> method handles
the recursion on subdirectories and your logic can focus on
handling the processing of files. This sample shows a method of
counting the number of files, subdirectories, and files ending in
“.py” as an example.</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="k">def</span> <span class="nf">iterate_files</span><span class="p">(</span><span class="n">path</span><span class="p">):</span>
<span class="c1"># Though `os.walk()` exposes a list of directories in the</span>
<span class="c1"># current `root`, it is rarely used since we are generally</span>
<span class="c1"># interested in the files found within the subdirectories.</span>
<span class="c1"># For this reason, it is common to see `dirs` named `_`.</span>
<span class="c1"># DO NOT NAME `dirs` as `dir` since `dir` is a reserved word!</span>
<span class="k">for</span> <span class="n">root</span><span class="p">,</span> <span class="n">dirs</span><span class="p">,</span> <span class="n">files</span> <span class="ow">in</span> <span class="n">os</span><span class="o">.</span><span class="n">walk</span><span class="p">(</span><span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">abspath</span><span class="p">(</span><span class="n">path</span><span class="p">)):</span>
<span class="c1"># Both `dirs` and `files` are lists containing all entries</span>
<span class="c1"># at the current `root`.</span>
<span class="k">for</span> <span class="n">fentry</span> <span class="ow">in</span> <span class="n">files</span><span class="p">:</span>
<span class="c1"># To effectively reference a file, you should include</span>
<span class="c1"># the below line which creates a full path reference</span>
<span class="c1"># to the specific file, regardless of how nested it is</span>
<span class="n">file_entry</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">root</span><span class="p">,</span> <span class="n">fentry</span><span class="p">)</span>
<span class="c1"># We can then hand `file_entry` off to other functions.</span>
<span class="k">yield</span> <span class="n">file_entry</span>
</pre></div>
</div>
<dl class="function">
<dt id="sections.section_01.recursion_example.list_directory">
<code class="descname">list_directory</code><span class="sig-paren">(</span><em>path</em><span class="sig-paren">)</span><a class="headerlink" href="#sections.section_01.recursion_example.list_directory" title="Permalink to this definition"></a></dt>
<dd><p>List all file and folder entries in <cite>path</cite>.</p>
</dd></dl>
</div>
</div>
<div class="section" id="indices-and-tables">
<h2>Indices and tables<a class="headerlink" href="#indices-and-tables" title="Permalink to this headline"></a></h2>
<ul class="simple">
<li><p><a class="reference internal" href="genindex.html"><span class="std std-ref">Index</span></a></p></li>
<li><p><a class="reference internal" href="py-modindex.html"><span class="std std-ref">Module Index</span></a></p></li>
<li><p><a class="reference internal" href="search.html"><span class="std std-ref">Search Page</span></a></p></li>
</ul>
</div>
</div>
</div>
</div>
<footer>
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
<a href="section2.html" class="btn btn-neutral float-right" title="Section 2 - Registry Parsing" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right"></span></a>
<a href="index.html" class="btn btn-neutral float-left" title="The Python Forensics Handbook" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left"></span> Previous</a>
</div>
<hr/>
<div role="contentinfo">
<p>
&copy; Copyright 2019, Chapin Bryce
</p>
</div>
Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/rtfd/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
</div>
</div>
</section>
</div>
<script type="text/javascript">
jQuery(function () {
SphinxRtdTheme.Navigation.enable(true);
});
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink