Understanding "fiwalk"

[e_tective]

Hello All,

I am in the process of learning the operation of "fiwalk", but must admit to being completely Python illiterate! In fact I have only started to look at learning Python in the last few days and as a result of reading about "fiwalk" and other tools.

Anyway, I understand the concept behind "fiwalk", have installed it (Xubuntu 11.10) and then run it across a test image to produce a "test.xml" file. I am happy that I understand the xml content but it is processing that xml file that is giving me issues.

From some material found via Google, I tested the process using the following Python code:

import fiwalk

f = open("/home/stu/research/fiwalk/test.xml")

(doc,fobjs) = fiwalk.fileobjects_using_dom(imagefile=f)

for fi in fobjs:

print(fi.partition(),fi.filename(),fi.filesize())

After some false starts I managed to get the script to run correctly but it just returns the prompt. I was assuming that I would get some sort of output showing the partition number, file name and file size for all files in the image? When I run it in debug mode through "geany" it returns "(program exited with code: 0)" so it appears to be running properly.

If it helps the image file I am using is the "able2.dd" test image provided by Barry Grundy at http://linuxleo.com. This is a linux image partitioned as below:

DOS Partition Table

Offset Sector: 0

Units are in 512-byte sectors

     Slot    Start        End          Length       Description

00:  Meta    0000000000   0000000000   0000000001   Primary Table (#0)

01:  -----   0000000000   0000000056   0000000057   Unallocated

02:  00:00   0000000057   0000010259   0000010203   Linux (0x83)

03:  00:01   0000010260   0000112859   0000102600   Linux (0x83)

04:  00:02   0000112860   0000178694   0000065835   Linux Swap / Solaris x86 (0x82)

05:  00:03   0000178695   0000675449   0000496755   Linux (0x83)

So, I suppose the questions are, am I on the right track in respect of using "fiwalk" in the most productive way? What if anything have I got wrong in the above attempt which has resulted in the "null" output?

I realise that I have a lot to learn in respect of Python, but if anyone can point me in the right direction so that I can at least see some results it would be appreciated.

Thanks

Stu

 

[Simson Garfinkel]

I am sorry for my delay in responding to this. Without seeing your test.xml file, i cannot provide you with any assistance. You can look through the XML file to see if there are any file objects in it. If there are not, then the dfxml won't be very useful. 

I strongly suggest using the callback mechanism, rather than getting a list of file objects. 

I strongly suggest NOT using the DOM. It is hugely memory intensive and, from your example program below, you do not need the DOM.

I am not able to provide you with a tutorial in learning Python. I recommend looking at the most recent DFXML publication, at:

http://simson.net/clips/academic/2012.DI.dfxml.pdf

--
You received this message because you are subscribed to the Google Groups "aff-discuss" group.
To view this discussion on the web visit https://groups.google.com/d/msg/aff-discuss/-/x1k6A7JAUSEJ.
To post to this group, send email to aff-d...@googlegroups.com.
To unsubscribe from this group, send email to aff-discuss...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/aff-discuss?hl=en.