📄 ewfacquire.c

📁 sleuthit-2.09 一个磁盘的工具集
💻 C
📖 第 1 页 / 共 3 页
字号:
	}	if( input_size <= 0 )	{		fprintf( stderr, "Unable to determine input size.\n" );		return( EXIT_FAILURE );	}	acquiry_operating_system = ewfcommon_determine_operating_system();	acquiry_software_version = LIBEWF_VERSION;	do	{		libewf_common_free( case_number );		libewf_common_free( description );		libewf_common_free( evidence_number );		libewf_common_free( examiner_name );		libewf_common_free( notes );		/* Request the necessary case data		 */		fprintf( stdout, "Acquiry parameters required, please provide the necessary input\n" );		/* Output filename		 */		while( filename == NULL )		{			filename = ewfcommon_get_user_input_variable_char_t( stdout, _S_LIBEWF_CHAR( "Image path and filename without extension" ) );			if( filename == NULL )			{				fprintf( stdout, "Filename is required, please try again or terminate using Ctrl^C.\n" );			}		}		/* Case number		 */		case_number = ewfcommon_get_user_input_variable( stdout, _S_LIBEWF_CHAR( "Case number" ) );		/* Description		 */		description = ewfcommon_get_user_input_variable( stdout, _S_LIBEWF_CHAR( "Description" ) );		/* Evidence number		 */		evidence_number = ewfcommon_get_user_input_variable( stdout, _S_LIBEWF_CHAR( "Evidence number" ) );		/* Examiner name		 */		examiner_name = ewfcommon_get_user_input_variable( stdout, _S_LIBEWF_CHAR( "Examiner name" ) );		/* Notes		 */		notes = ewfcommon_get_user_input_variable( stdout, _S_LIBEWF_CHAR( "Notes" ) );		/* Media type		 */		user_input = ewfcommon_get_user_input_fixed_value( stdout, _S_LIBEWF_CHAR( "Media type" ), media_types, 2, 0 );		if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "fixed" ), 5 ) == 0 )		{			media_type = LIBEWF_MEDIA_TYPE_FIXED;		}		else if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "removable" ), 9 ) == 0 )		{			media_type = LIBEWF_MEDIA_TYPE_REMOVABLE;		}		else		{			fprintf( stderr, "ewfacquire: unsuported media type.\n" );			return( EXIT_FAILURE );		}		libewf_common_free( user_input );		/* Volume type		 */		user_input = ewfcommon_get_user_input_fixed_value( stdout, _S_LIBEWF_CHAR( "Volume type" ), volume_types, 2, 1 );		if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "logical" ), 7 ) == 0 )		{			volume_type = LIBEWF_VOLUME_TYPE_LOGICAL;		}		else if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "physical" ), 8 ) == 0 )		{			volume_type = LIBEWF_VOLUME_TYPE_PHYSICAL;		}		else		{			fprintf( stderr, "ewfacquire: unsuported volume type.\n" );			return( EXIT_FAILURE );		}		libewf_common_free( user_input );		/* Compression		 */		user_input = ewfcommon_get_user_input_fixed_value( stdout, _S_LIBEWF_CHAR( "Use compression" ), compression_types, 3, 0 );		if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "none" ), 4 ) == 0 )		{			compression_level = LIBEWF_COMPRESSION_NONE;		}		else if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "fast" ), 4 ) == 0 )		{			compression_level = LIBEWF_COMPRESSION_FAST;		}		else if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "best" ), 4 ) == 0 )		{			compression_level = LIBEWF_COMPRESSION_BEST;		}		else		{			fprintf( stderr, "ewfacquire: unsuported compression type.\n" );			return( EXIT_FAILURE );		}		libewf_common_free( user_input );		/* Empty block compression		 */		if( compression_level == LIBEWF_COMPRESSION_NONE )		{			user_input = ewfcommon_get_user_input_fixed_value( stdout, _S_LIBEWF_CHAR( "Compress empty blocks" ), yes_no, 2, 1 );			if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "yes" ), 3 ) == 0 )			{				compress_empty_block = 1;			}			else if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "no" ), 2 ) == 0 )			{				compress_empty_block = 0;			}			else			{				fprintf( stderr, "ewfacquire: unsuported answer.\n" );				return( EXIT_FAILURE );			}			libewf_common_free( user_input );		}		/* File format		 */		user_input = ewfcommon_get_user_input_fixed_value( stdout, _S_LIBEWF_CHAR( "Use EWF file format" ), format_types, 12, 7 );		if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "smart" ), 5 ) == 0 )		{			libewf_format = LIBEWF_FORMAT_SMART;		}		else if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "ftk" ), 3 ) == 0 )		{			libewf_format = LIBEWF_FORMAT_FTK;		}		else if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "encase1" ), 7 ) == 0 )		{			libewf_format = LIBEWF_FORMAT_ENCASE1;		}		else if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "encase2" ), 7 ) == 0 )		{			libewf_format = LIBEWF_FORMAT_ENCASE2;		}		else if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "encase3" ), 7 ) == 0 )		{			libewf_format = LIBEWF_FORMAT_ENCASE3;		}		else if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "encase4" ), 7 ) == 0 )		{			libewf_format = LIBEWF_FORMAT_ENCASE4;		}		else if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "encase5" ), 7 ) == 0 )		{			libewf_format = LIBEWF_FORMAT_ENCASE5;		}		else if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "encase6" ), 7 ) == 0 )		{			libewf_format = LIBEWF_FORMAT_ENCASE6;		}		else if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "linen5" ), 6 ) == 0 )		{			libewf_format = LIBEWF_FORMAT_LINEN5;		}		else if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "linen6" ), 6 ) == 0 )		{			libewf_format = LIBEWF_FORMAT_LINEN6;		}		else if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "ewfx" ), 4 ) == 0 )		{			libewf_format = LIBEWF_FORMAT_EWFX;		}		else if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "ewf" ), 3 ) == 0 )		{			libewf_format = LIBEWF_FORMAT_EWF;		}		else		{			fprintf( stderr, "ewfacquire: unsuported EWF file format type.\n" );			libewf_common_free( user_input );			exit( EXIT_FAILURE );		}		libewf_common_free( user_input );		/* Size and offset of data to acquire		 */		acquiry_offset = ewfcommon_get_user_input_size_variable( stdout, _S_LIBEWF_CHAR( "Start to acquire at offset" ), 0, input_size, 0 );		acquiry_size   = ewfcommon_get_user_input_size_variable( stdout, _S_LIBEWF_CHAR( "Amount of bytes to acquire" ), 0, input_size, input_size );		/* File size		 */		segment_file_size  = ewfcommon_get_user_input_size_variable( stdout, _S_LIBEWF_CHAR( "Evidence segment file size in kbytes (2^10)" ), 1440, ( 2 * 1024 * 1024 ), ( 650 * 1024 ) );		segment_file_size *= 1024;		/* Make sure the segment file size is 1 byte smaller than 2 Gb (2 * 1024 * 1024 * 1024)		 */		if( segment_file_size >= (int64_t) INT32_MAX )		{			segment_file_size = (int64_t) INT32_MAX - 1;		}		/* Chunk size (sectors per block)		 */		user_input = ewfcommon_get_user_input_fixed_value( stdout, _S_LIBEWF_CHAR( "The amount of sectors to read at once" ), sector_per_block_sizes, 10, 0 );		sectors_per_chunk = libewf_string_to_int64( user_input, libewf_string_length( user_input ) );		libewf_common_free( user_input );		/* Error granularity		 */		sector_error_granularity = (uint32_t) ewfcommon_get_user_input_size_variable( stdout, _S_LIBEWF_CHAR( "The amount of sectors to be used as error granularity" ), 1, sectors_per_chunk, 64 );		/* The amount of read error retry		 */		read_error_retry = (uint8_t) ewfcommon_get_user_input_size_variable( stdout, _S_LIBEWF_CHAR( "The amount of retries when a read error occurs" ), 0, 255, 2 );		/* Wipe the sector on error		 */		user_input = ewfcommon_get_user_input_fixed_value( stdout, _S_LIBEWF_CHAR( "Wipe sectors on read error (mimic EnCase like behavior)" ), yes_no, 2, 0 );		if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "yes" ), 3 ) == 0 )		{			wipe_block_on_read_error = 1;		}		else if( libewf_string_compare( user_input, _S_LIBEWF_CHAR( "no" ), 2 ) == 0 )		{			wipe_block_on_read_error = 0;		}		else		{			fprintf( stderr, "ewfacquire: unsuported answer.\n" );			return( EXIT_FAILURE );		}		libewf_common_free( user_input );		fprintf( stdout, "\n" );	}	/* Check if user is content with values	 */	while( confirm_input( filename, case_number, description, evidence_number, examiner_name, notes, media_type, volume_type, compression_level, compress_empty_block, libewf_format, acquiry_offset, acquiry_size, (uint32_t) segment_file_size, sectors_per_chunk, sector_error_granularity, read_error_retry, wipe_block_on_read_error ) == 0 );	/* Done asking user input set up the libewf handle	 */	filenames[ 0 ] = filename;	handle = libewf_open( (CHAR_T * const *) filenames, 1, LIBEWF_OPEN_WRITE );	if( handle == NULL )	{		fprintf( stderr, "Unable to create EWF file handle.\n" );		if( libewf_common_close( file_descriptor ) != 0 )		{			fprintf( stderr, "Unable to close input.\n" );		}		libewf_common_free( filename );		return( EXIT_FAILURE );	}	if( libewf_set_media_values( handle, (uint32_t) sectors_per_chunk, 512 ) != 1 )	{		fprintf( stderr, "Unable to set media values in handle.\n" );		if( libewf_close( handle ) != 0 )		{			fprintf( stderr, "Unable to close EWF file handle.\n" );		}		if( libewf_common_close( file_descriptor ) != 0 )		{			fprintf( stderr, "Unable to close input.\n" );		}		libewf_common_free( filename );		return( EXIT_FAILURE );	}	if( libewf_set_write_segment_file_size( handle, (uint32_t) segment_file_size ) != 1 )	{		fprintf( stderr, "Unable to set write segment file size in handle.\n" );		if( libewf_close( handle ) != 0 )		{			fprintf( stderr, "Unable to close EWF file handle.\n" );		}		if( libewf_common_close( file_descriptor ) != 0 )		{			fprintf( stderr, "Unable to close input.\n" );		}		libewf_common_free( filename );		return( EXIT_FAILURE );	}	if( libewf_set_write_error_granularity( handle, sector_error_granularity ) != 1 )	{		fprintf( stderr, "Unable to set write error granularity in handle.\n" );		if( libewf_close( handle ) != 0 )		{			fprintf( stderr, "Unable to close EWF file handle.\n" );		}		if( libewf_common_close( file_descriptor ) != 0 )		{			fprintf( stderr, "Unable to close input.\n" );		}		libewf_common_free( filename );		return( EXIT_FAILURE );	}	if( libewf_set_write_media_type( handle, media_type, volume_type ) != 1 )	{		fprintf( stderr, "Unable to set write media type in handle.\n" );		if( libewf_close( handle ) != 0 )		{			fprintf( stderr, "Unable to close EWF file handle.\n" );		}		if( libewf_common_close( file_descriptor ) != 0 )		{			fprintf( stderr, "Unable to close input.\n" );		}		libewf_common_free( filename );		return( EXIT_FAILURE );	}	if( libewf_set_write_compression_values( handle, compression_level, compress_empty_block ) != 1 )	{		fprintf( stderr, "Unable to set write compression values in handle.\n" );		if( libewf_close( handle ) != 0 )		{			fprintf( stderr, "Unable to close EWF file handle.\n" );		}		if( libewf_common_close( file_descriptor ) != 0 )		{			fprintf( stderr, "Unable to close input.\n" );		}		libewf_common_free( filename );		return( EXIT_FAILURE );	}	if( libewf_set_write_format( handle, libewf_format ) != 1 )	{		fprintf( stderr, "Unable to set write format in handle.\n" );		if( libewf_close( handle ) != 0 )		{			fprintf( stderr, "Unable to close EWF file handle.\n" );		}		if( libewf_common_close( file_descriptor ) != 0 )		{			fprintf( stderr, "Unable to close input.\n" );		}		libewf_common_free( filename );		return( EXIT_FAILURE );	}	if( libewf_set_swap_byte_pairs( handle, swap_byte_pairs ) != 1 )	{		fprintf( stderr, "Unable to set swap byte pairs in handle.\n" );		if( libewf_close( handle ) != 0 )		{			fprintf( stderr, "Unable to close EWF file handle.\n" );		}		if( libewf_common_close( file_descriptor ) != 0 )		{			fprintf( stderr, "Unable to close input.\n" );		}		libewf_common_free( filename );		return( EXIT_FAILURE );	}	if( case_number == NULL )	{		string_length = 0;	}	else	{		string_length = libewf_string_length( case_number );	}	if( libewf_set_header_value_case_number( handle, case_number, string_length ) != 1 )	{		fprintf( stderr, "Unable to set header value case number in handle.\n" );		if( libewf_close( handle ) != 0 )
💿 文件大小 2232 K
👤 上传用户 xackw
📂 所属分类磁盘编程
🏷️ 相关标签

#sleuthit #2.09 #磁盘
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -