forgeosi

Release 1.0

A forensic generator for operating system images

Homepage PyPI Python

License
BSD-2-Clause
Install
pip install forgeosi==1.0

Documentation

ForGeOSI

Image

ForGeOSI is a wrapper for pyvbox, designed to be used in the education in computer forensics. It simplifies the creation of virtual machines and their automation, while providing a log and reasonable abstraction. The automation of guest systems supports modern Windows Versions with Powershell 2 or newer, while any modern Linux system should be supported in theory, only Ubuntu 12.04 and Ubuntu 13.10 are tested though.

##Requirements As host, a Linux system with VirtualBox 4.3 and the VirtualBox API is expected, Python 2.7 is required, while my software in theory should support Python 3 as well, vboxapi has some hiccups, so it is not advised. Further more, the following Python packets are required:

  • pyvbox
  • decorator
  • enum34
  • lxml

The Guest systems should be prepared with Guest Additions installed, further hints are given in the docstring documentation, standalone documentation can be generated with pydoc forgeosi.py

##Installation you can either clone this repository, or install it using pip install forgeosi.

##First Steps Lets start a virtual machine, without cloning it

>ipython
In [1]: import forgeosi

In [2]: print forgeosi.VboxInfo().list_vms()
ubuntu-lts-base
xubuntu-lts-base
windows-8-base

In [3]: vbox = forgeosi.Vbox(mode=forgeosi.VboxMode.use, basename='ubuntu-lts-base')

In [4]: vbox.start(session_type=forgeosi.SessionType.gui)

In [5]: vbox.stop()

Generate input, open webbrowser, send keyboard shortcut, get log

In [1]: import forgeosi

In [2]: vbox = forgeosi.Vbox(mode=forgeosi.VboxMode.use, basename='ubuntu-lts-base')

In [3]: vbox.start(session_type=forgeosi.SessionType.gui)
#top secret password
In [4]: vbox.keyboard_input('12345\n')
#needed to access os-specific and Guest Additions functionality
In [5]: vbox.create_guest_session()

In [6]: vbox.os.open_browser('github.com')

In [7]: vbox.keyboard_combination(['alt','f4'])

In [8]: vbox.stop()

In [9]: print vbox.log.get_pretty_log()
LogVM:
	osType: Ubuntu_64
	basename: ubuntu-lts-base
	vmname: testvm
LogRawKeyboard:
	time_rate: 100
	keyboard input: 12345\n
	up_time: 0
	time: 1395224126.58
	real_time: 1395224126.58
LogProcess:
	up_time: 0
	stdout: 
	process: <virtualbox.library.IGuestProcess object at 0x2a95d90>
	time_rate: 100
	pid: 1843
	key_input: 
	path: /bin/bash
	stdin: 
	arguments: [\'-c\', \'/usr/bin/firefox -new-tab github.com\']
	stderr: 
	time: 1395224228.1
	real_time: 1395224228.1
LogRawKeyboard:
	time_rate: 100
	keyboard input: makecode: alt
	up_time: 0
	time: 1395224237.56
	real_time: 1395224237.56
LogRawKeyboard:
	time_rate: 100
	keyboard input: makecode: f4
	up_time: 0
	time: 1395224237.56
	real_time: 1395224237.56
LogRawKeyboard:
	time_rate: 100
	keyboard input: breakcode: alt
	up_time: 0
	time: 1395224237.56
	real_time: 1395224237.56
LogRawKeyboard:
	time_rate: 100
	keyboard input: breakcode: f4
	up_time: 0
	time: 1395224237.56
	real_time: 1395224237.56

Export virtual machine

In [1]: import forgeosi

In [2]: vbox = forgeosi.Vbox(mode=forgeosi.VboxMode.us, basename='ubuntu-lts-base')

In [3]: vbox.export(path='/tmp/image.vdi')

##Hacking The basic architecture:

  • forgeosi.py
    • VboxInfo Helper to get info about the VirtualBox instance
    • VboxConfig Helper to configure the NAT Network feature
    • Vbox Main class containing everything generic to manage virtual machines
  • lib/logger.py Logger to provide a protocol of all actions
  • lib/oslinux.py Linux guest specific code
  • lib/oswindow.py Windows guest specific code
  • lib/param.py Types for typesave parameters

Feel free to extend, I will accept pull requests on a reasonable base, especially additions to support a wider range of guest systems are welcome.

##Testing There are testcases to be found test/, but they are not portable and will need fixing to run on other systems. The tests further depend of following tools:

  • bash
  • Python 3
  • The Sleuth Kit ver 4.1 or higher, including fiwalk
  • idifference

###Issues Please report issues on github

###Documentation Documentation can be found in docs/ after building with doxygen doxygen.conf or accessed here. Additionaly, you can find my presentation here.

###Known bugs and limitations

  • Python 3 compatibility needs to be tested
  • raw-disk-export in the python API is broken, I'm using vboxmanage instead
  • Running programs in Windows guests with '-' in arguments, breaks things, be careful with that.
  • limited support for Windows hosts

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
1
Latest release
First release
Stars
6
Forks
2
Watchers
2
Contributors
2
Repository size
952 KB
SourceRank
6

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

1.0

Contributors

maxfragg cmoch


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2023-12-02 17:39:43 UTC

Login to resync this project