Location: PHPKode > projects > Ptk-forensics > ptk/lib/lib_commands.php
<?
/*
PTK  - DFLabs
Copyright (C) 2008 - DFLabs srl - All rights reserved
hide@address.com
*/
include("check_session.php");
include("sanitize.php");
/****************************************************************
Returns filesystem informations of an image (FSSTAT/MMLS)
****************************************************************/
function get_image_filesystem($path){
	$path = sanitize($path,PARANOID);
	include("../config/conf.php");
	$result = shell_exec("$fsstat_bin -t $path");
	if ($result==''){
		$exec = shell_exec("$mmls_bin -b $path");
		$exec = explode ("\n", $exec);
		$arr = "var arr = new Array(";		
		foreach($exec as $a){
			if(preg_match("/^(\d+:\s+[\d:]+\s+)(\d+)(\s+)(\d+)(\s+\d+\s+)(\s+)(\S+)(\s+)(\S.*)$/", $a, $out)){
				$ret = shell_exec("$fsstat_bin -t -o ".$out[2]." $path");
				if($ret!=''){
					$ret = preg_replace("/\n/", "", $ret);
					$arr .= "'$out[2]','$out[7]','$ret',";				
				}
			}
		}
		$arr .= "'ARRAYEND');";		
		$result = $arr;
		if($exec[0]==''){
			$result='Cannot determine file system type';			
		}
	}
	return $result;
}
/****************************************************************
Returns raw image details (MMLS)
****************************************************************/
function get_raw_image_details($path){
	$path = sanitize($path,PARANOID);
	include("../config/conf.php");
	$result = shell_exec("$mmls_bin -b $path");
	$result = preg_replace("/\n/", "<br>", $result);
	return $result;	
}
/****************************************************************
Returns image details (FSSTAT)
****************************************************************/
function get_image_details($path, $offset){
	$path = sanitize($path,PARANOID);
	$offset = sanitize($offset,INT);
	include("../config/conf.php");
	if($offset == 'null' || $offset == '0'){
		$offset = '';
	}else{
		$offset = "-o $offset";
	}
	if($inode == 'null') $inode = '';
	$result = shell_exec("$fsstat_bin $offset $path");
	$result = preg_replace("/\n/", "<br>", $result);
	return $result;	
}
/****************************************************************
Returns folders of an image (FLS)
****************************************************************/
function get_folder_browsing($path, $offset, $inode){
	$path = sanitize($path,PARANOID);
	$offset = sanitize($offset,INT);
	$inode = sanitize($inode,PARANOID);
	include("../config/conf.php");
	if($offset == 'null' || $offset == '0'){
		$offset = '';
	}else{
		$offset = "-o $offset";
	}
	if($inode == 'null') $inode = '';
	$result = shell_exec("$fls_bin -m / -D $offset $path $inode");
	$result = htmlspecialchars($result);
	return $result;
}
/****************************************************************
Checks if a folder contains subfolders (FLS)
****************************************************************/
function check_subfolders($path, $offset, $inode){
	$path = sanitize($path,PARANOID);
	$offset = sanitize($offset,INT);
	$inode = sanitize($inode,PARANOID);
	include("../config/conf.php");
	if($offset == 'null' || $offset == '0'){
		$offset = '';
	}else{
		$offset = "-o $offset";
	}
	if($inode == 'null') $inode = '';
	$result = shell_exec("$fls_bin -m / -D $offset $path $inode");
	if($result!='') return 1;
	else return 0;
}
/****************************************************************
Gets folder's content (FLS)
****************************************************************/
function get_folder_content($path, $offset, $inode,$tz,$listall){
	$path = sanitize($path,PARANOID);
	$offset = sanitize($offset,INT);
	$inode = sanitize($inode,PARANOID);
	$tz = preg_replace("/[^a-zA-Z0-9\/\_\-\+\|]/", "", $tz);
	$listall = sanitize($listall,PARANOID);
	include("../config/conf.php");
	if($offset == 'null' || $offset == '0'){
		$offset = '';
	}else{
		$offset = "-o $offset";
	}
	if($inode == 'null') $inode = '';
	//$result = shell_exec("$fls_bin -z $tz -F -m / $offset $path $inode");
	$result = shell_exec("$fls_bin $listall -l -z $tz -F $offset $path $inode");
	$result = htmlspecialchars($result);
	return $result;
}
/****************************************************************
Gets recursive folder's content (FLS)
****************************************************************/
function get_folder_recursive_content($path, $offset, $inode){
	$path = sanitize($path,PARANOID);
	$offset = sanitize($offset,INT);
	$inode = sanitize($inode,PARANOID);
	include("../config/conf.php");
	if($offset == 'null' || $offset == '0'){
		$offset = '';
	}else{
		$offset = "-o $offset";
	}
	if($inode == 'null') $inode = '';
	$result = shell_exec("$fls_bin -F -r -m / $offset $path $inode");
	$result = htmlspecialchars($result);
	return $result;
}
/****************************************************************
Reverse a unix timestamp
****************************************************************/
function reverse_unix_timestamp($timestamp){
	$timestamp = sanitize($timestamp,PARANOID);
	include("../config/conf.php");
	//$result = shell_exec("$date_bin -d @$timestamp +\"%d-%m-%Y %H:%M:%S\"");
	$result = shell_exec("$date_bin -d @$timestamp +\"%Y-%m-%d %H:%M:%S\"");
	return $result;	
}
/****************************************************************
Returns the type of a file (ICAT)
****************************************************************/
function get_file_type($path, $offset, $inode){
	$path = sanitize($path,PARANOID);
	$offset = sanitize($offset,INT);
	$inode = sanitize($inode,PARANOID);
	include("../config/conf.php");
	if($offset == 'null' || $offset == '0'){
		$offset = '';
	}else{
		$offset = "-o $offset";
	}
	if($inode == 'null') $inode = '';
	$result = shell_exec("$icat_bin -r $offset $path $inode | $file_bin -zb -");
	if(preg_match("/(image data)|(PC bitmap data)/", $result)){
		$_SESSION['is_graphic'] = 1;
	}
	return $result;
}
/****************************************************************
Returns ASCII content of a file (ICAT)
****************************************************************/
function get_file_content_ascii($path, $offset, $inode){
	$path = sanitize($path,PARANOID);
	$offset = sanitize($offset,INT);
	$inode = sanitize($inode,PARANOID);
	include("../config/conf.php");
	if($offset == 'null' || $offset == '0'){
		$offset = '';
	}else{
		$offset = "-o $offset";
	}
	if($inode == 'null') $inode = '';
	$result = shell_exec("$icat_bin -r $offset $path $inode");
	$result = htmlspecialchars($result);
	return $result;
}
/****************************************************************
Returns ASCII content of a file (ICAT)
****************************************************************/
function get_live_file_content_ascii($path, $offset, $inode){
    $path = sanitize($path,PARANOID);
    $offset = sanitize($offset,INT);
    $inode = sanitize($inode,PARANOID);
    include("../config/conf.php");
    if($offset == 'null' || $offset == '0'){
		$offset = '';
    }else{
		$offset = "-o $offset";
    }
    if($inode == 'null') $inode = '';
	$result = shell_exec("$dcat_bin $offset $path $inode");
    $result = htmlspecialchars($result);
    return $result;
}

/****************************************************************
Returns HEX content of a file (ICAT + HEXDUMP)
****************************************************************/
function get_file_content_hex($path, $offset, $inode){
	$path = sanitize($path,PARANOID);
	$offset = sanitize($offset,INT);
	$inode = sanitize($inode,PARANOID);
	include("../config/conf.php");
	if($offset == 'null' || $offset == '0'){
		$offset = '';
	}else{
		$offset = "-o $offset";
	}
	if($inode == 'null') $inode = '';
	$result = shell_exec("$icat_bin -r $offset $path $inode | $hexdump_bin -C");
	$result = htmlspecialchars($result);
	return $result;
}
/****************************************************************
Returns HEX content of a file (DCAT)
****************************************************************/
function get_live_file_content_hex($path, $offset, $inode){
    $path = sanitize($path,PARANOID);
    $offset = sanitize($offset,INT);
    $inode = sanitize($inode,PARANOID);
    include("../config/conf.php");
    if($offset == 'null' || $offset == '0'){
		$offset = '';
    }else{
		$offset = "-o $offset";
    }
    if($inode == 'null') $inode = '';
    $result = shell_exec("$dcat_bin -h $offset $path $inode");
    $result = htmlspecialchars($result);
    return $result;
}
/****************************************************************
Returns ASCIISTRINGS content of a file (ICAT + SRCH_STRINGS)
****************************************************************/
function get_file_content_asciistrings($path, $offset, $inode){
	$path = sanitize($path,PARANOID);
	$offset = sanitize($offset,INT);
	$inode = sanitize($inode,PARANOID);
	include("../config/conf.php");
	if($offset == 'null' || $offset == '0'){
		$offset = '';
	}else{
		$offset = "-o $offset";
	}
	if($inode == 'null') $inode = '';
	$result = shell_exec("$icat_bin -r $offset $path $inode | $srch_strings_bin -a");
	$result = htmlspecialchars($result);
	return $result;
}
/****************************************************************
Returns ASCIISTRINGS content of a file (DCAT + SRCH_STRINGS)
****************************************************************/
function get_live_file_content_asciistrings($path, $offset, $inode){
    $path = sanitize($path,PARANOID);
    $offset = sanitize($offset,INT);
    $inode = sanitize($inode,PARANOID);
    include("../config/conf.php");
    if($offset == 'null' || $offset == '0'){
		$offset = '';
    }else{
		$offset = "-o $offset";
    }
    if($inode == 'null') $inode = '';
    $result = shell_exec("$dcat_bin $offset $path $inode | $srch_strings_bin -a");
    $result = htmlspecialchars($result);
    return $result;
}
/****************************************************************
Returns content of graphic files
****************************************************************/
function get_file_content_image($offset, $inode, $name){
	$name = sanitize($name,PARANOID);
	$offset = sanitize($offset,INT);
	$inode = sanitize($inode,PARANOID);	
	include("../config/conf.php");
	$name = charset_decode_utf_8($name);
	$name = preg_replace("/\s/", "_", $name);
	$name = ereg_replace("\.[\.]+", "", $name);
	$name = ereg_replace("^[\/]+", "", $name);
	$path = $_SESSION['image_path'];
	$path = sanitize($path,PARANOID);
	if($offset == 'null' || $offset == '0'){
		$offset = '';
	}else{
		$offset = "-o $offset";
	}
	if($inode == 'null') $inode = '';
	shell_exec("$icat_bin -r $offset $path $inode > $INSTALLDIR/temp/$name");	
	
	$rh = fopen ("$INSTALLDIR/temp/$name", "r");
	while(!feof($rh)){
		$pb .= fread($rh, 8192);
	}
	fclose($rh);
	$pc = bin2hex($pb);
	unlink("$INSTALLDIR/temp/$name");
	return ($pc);
}
/****************************************************************
Returns content of graphic files from bookmarks
****************************************************************/
function get_file_content_image_bookmark($offset, $inode, $name, $path){
	$path = sanitize($path,PARANOID);
	$offset = sanitize($offset,INT);
	$inode = sanitize($inode,PARANOID);
	$name = charset_decode_utf_8($name);
	$name = sanitize($name,PARANOID);
	$name = ereg_replace("\.[\.]+", "", $name);
	$name = ereg_replace("^[\/]+", "", $name);
	include("../config/conf.php");
	$name = preg_replace("/\s/", "_", $name);
	if($offset == 'null' || $offset == '0'){
		$offset = '';
	}else{
		$offset = "-o $offset";
	}
	if($inode == 'null') $inode = '';
	shell_exec("$icat_bin -r $offset $path $inode > $INSTALLDIR/temp/$name");		
	$rh = fopen ("$INSTALLDIR/temp/$name", "r");
	while(!feof($rh)){
		$pb .= fread($rh, 8192);
	}
	fclose($rh);
	$pc = bin2hex($pb);
	unlink("$INSTALLDIR/temp/$name");
	return ($pc);
}
/****************************************************************
Exports a file (ICAT)
****************************************************************/
function export_file($path, $offset, $inode, $name){
	$path = sanitize($path,PARANOID);
	$offset = sanitize($offset,INT);
	$inode = sanitize($inode,PARANOID);
	$name = sanitize($name,PARANOID);
	include("loggerClass.php");
	include("../config/conf.php");
	if($offset == 'null' || $offset == '0'){
		$offset = '';
	}else{
		$offset = "-o $offset";
	}
	if($inode == 'null') $inode = '';
	new Log($_SESSION['ip'], $_SESSION['user'], "File $name of image $path exported");
	shell_exec("$icat_bin -r $offset $path $inode > '$INSTALLDIR/temp/$name'");
}
/****************************************************************
Returns result sector size
****************************************************************/
function get_sector_size($path,$offset){
	$path = sanitize($path,PARANOID);
	$offset = sanitize($offset,INT);
	include ("../config/conf.php");
	if ($offset == 'null' || $offset == '0'){
		$offset = '';
	}else{
		$offset ="-o $offset";
	}
	$result = shell_exec("$dcat_bin -s $offset $path");
	preg_match_all ("/(\d+): Size of Addressable Unit/",$result,$matches);
	return $matches[1][0];
}
/****************************************************************
Returns result sector info
****************************************************************/
function get_sector_info($path,$offset,$sector){
    $path = sanitize($path,PARANOID);
    $offset = sanitize($offset,INT);
    include ("../config/conf.php");
    if ($offset == 'null' || $offset == '0'){
		$offset = '';
    }else{
		$offset ="-o $offset";
    }
	$inode = shell_exec("$ifind_bin -d $sector $offset $path");
    $inode = preg_replace("/\n/", "", $inode);
    $inode = sanitize($inode,PARANOID);
    if ($inode != "Inode not found"){
	$result = shell_exec("$istat_bin $offset $path $inode");
	$result = preg_replace("/\n/", "<br>", $result);
    }else{
	$result = "File not allocated";
    }        
    return $result;
}
/****************************************************************
Returns result of live search
****************************************************************/
function get_live_search($path, $offset, $string,$regexp,$case_s,$src_unicode,$src_ascii,$part_id){
	$path = sanitize($path,PARANOID);
	$case_s = sanitize($case_s,PARANOID);
	$src_unicode = sanitize($src_unicode,PARANOID);
	$src_ascii = sanitize($src_ascii,PARANOID);
	$offset  = preg_replace("/[^0-9\|]/", "", $offset);
        $part_id = preg_replace("/[^0-9\|]/", "", $part_id);
	include("../config/conf.php");
	$output = array();
	$string = stripslashes($string);
	if ($case_s == 'false'){
		$grep_case ='-i';
	}else{
		$grep_case ='';
	}
	if ($regexp == 'false'){
	        $string = str_replace(".","\\.",$string);
	        $string = str_replace("[","\\[",$string);
	        $string = str_replace("^","\\^",$string);
	        $string = str_replace("$","\\$",$string);
	        $string = str_replace("*","\\*",$string);
		$string = str_replace("'","\\'",$string);
	        $string = '\''.$string.'\'';	        
	}
	
	if($offset == 'null' || $offset == '' || $offset == '0'){
		$sector_size = get_sector_size($path,$offset);		
		if ($regexp == 'false') {
			$result = '';
			if ($src_ascii == 'true'){
				$result = $result . shell_exec("$dls_bin -e $path | $srch_strings_bin -a -t d | $grep_bin $grep_case $string");
			}
			if ($src_unicode == 'true'){
				$result = $result . shell_exec("$dls_bin -e $path | $srch_strings_bin -a -t d -e l | $grep_bin $grep_case $string");
			}
		}else{
			$string = stripslashes($string);
			$result = shell_exec($dls_bin." -e ".$path." | ".$srch_strings_bin." -a -t d | ".$grep_bin." -E '".$string."'");
		}
		$arr = preg_split("/\n/", $result);
		for($j=0;$j<sizeof($arr);$j++){
			$arr[$j] = preg_replace("/^\s*/", "", $arr[$j]);
			if(preg_match("/^(\d+)\s*(.+)/", $arr[$j], $out)){
				$sector = floor($out[1]/$sector_size);
				$offset_l = $out[1] % $sector_size;
				$output[$j][0] = $sector; 
				$output[$j][1] = $offset_l;
				$inode = shell_exec("$ifind_bin -d $sector $path");
				$inode = preg_replace("/\n/", "", $inode);
				if ($inode != "Inode not found"){
					$filename = shell_exec("$istat_bin $path $inode | grep -m 1 \"Name:\"");
					$not_allocated = shell_exec("$istat_bin $path $inode | grep -m 1 \"Not Allocated\"");
				 	$filename = preg_replace("/\n/", "", $filename);
					$not_allocated = preg_replace("/\n/", "", $not_allocated);
					$filename = substr($filename,6);
					if ($filename == ''){
						$output[$j][2] = "inode/meta: $inode";
						$output[$j][3] = '';
						$output[$j][5]= false;
					}else{
						$filename = strtolower($filename);
						$output[$j][2] = $filename;
						$output[$j][3] = $inode;
						$output[$j][5] = false;
						if ($not_allocated == 'Not Allocated'){
							$output[$j][5] = true;
						}
					}
				}else{
					$output[$j][2] = 'Not allocated';
					$output[$j][3] = '';
					$output[$j][5]= false;
				}
				$output[$j][4] = 'null';
				$output[$j][6] = $part_id;
			}
		}
	}else{
		$offset = explode("|", $offset);
		$part_id = explode("|", $part_id);
		$indx_output = 0;
		for($i=0; $i<sizeof($offset); $i++){
			$arr = array();
			if($offset[$i]!=''){
				$sector_size = get_sector_size($path,$offset[$i]);				
				if ($regexp == 'false') {
		                        $result = '';
                		        if ($src_ascii == 'true'){
                                		$result = $result . shell_exec("$dls_bin -e -o ".$offset[$i]." $path | $srch_strings_bin -a -t d | $grep_bin $grep_case $string");
		                        }
                		        if ($src_unicode == 'true'){
                                		$result = $result . shell_exec("$dls_bin -e -o ".$offset[$i]." $path | $srch_strings_bin -a -t d -e l | $grep_bin $grep_case $string");
		                        }
                		}else{
					$string = stripslashes($string);
		                        $result = shell_exec($dls_bin." -e -o ".$offset[$i]." ".$path." | ".$srch_strings_bin." -a -t d | ".$grep_bin." -E '".$string."'");
                		}
				$arr = preg_split("/\n/", $result);
				for($j=0;$j<sizeof($arr);$j++){
					$arr[$j] = preg_replace("/^\s*/", "", $arr[$j]);
					if(preg_match("/^(\d+)\s*(.+)/", $arr[$j], $out)){
						$sector = floor($out[1]/$sector_size);
						$offset_l = $out[1] % $sector_size;
						$output[$indx_output][4] = $offset[$i];
						$output[$indx_output][0] = $sector;
						$output[$indx_output][1] = $offset_l;
						$inode = shell_exec("$ifind_bin -d $sector -o ".$offset[$i]." $path");
		                                $inode = preg_replace("/\n/", "", $inode);
						if ($inode != "Inode not found"){
		                                        $filename =  shell_exec("$istat_bin -o ".$offset[$i]." $path $inode | grep -m 1 \"Name:\"");
							$not_allocated = shell_exec("$istat_bin -o ".$offset[$i]." $path $inode | grep -m 1 \"Not Allocated\"");
		                                        $filename = preg_replace("/\n/", "", $filename);
                		                        $not_allocated = preg_replace("/\n/", "", $not_allocated);
                                			$filename = substr($filename,6);
		                                        if ($filename == ''){
                		                                $output[$indx_output][2] = "inode/meta: $inode";
                                		                $output[$indx_output][3] = '';
                                                		$output[$indx_output][5]= false;
		                                        }else{
                		                                $filename = strtolower($filename);
                                		                $output[$indx_output][2] = $filename;
                                                		$output[$indx_output][3] = $inode;
		                                                $output[$indx_output][5] = false;
                		                                if ($not_allocated == 'Not Allocated'){
                                		                        $output[$indx_output][5] = true;
                        	                        	}
	                        	                }
        		                	}else{
		                                        $output[$indx_output][2] = 'Not allocated';
                		                        $output[$indx_output][3] = '';
                                		        $output[$indx_output][5]= false;
		                                }
						$output[$indx_output][6] = $part_id[$i];
						$indx_output = $indx_output +1;
					}
				}				
			}
		}
	}
	return $output;
}
/****************************************************************
Returns allocation list (DLS)
****************************************************************/
function get_allocation_list($path, $offset, $range){
	$path = sanitize($path,PARANOID);
	$offset = sanitize($offset,INT);
	$range = sanitize($range,PARANOID);
	include("../config/conf.php");
	if($offset == 'null' || $offset == '0'){
		$offset = '';
	}else{
		$offset = "-o $offset";
	}
	$result = shell_exec("$dls_bin -el $offset $path $range");	
	return $result;
}
/****************************************************************
Get content from sector in ASCII (DCAT)
****************************************************************/
function get_sector_content_ascii($path, $offset, $sector, $total){
	$path = sanitize($path,PARANOID);
	$offset = sanitize($offset,INT);
	$sector = sanitize($sector,PARANOID);
	$total = sanitize($sector,PARANOID);
	include("../config/conf.php");
	if($offset == 'null' || $offset == '0'){
		$offset = '';
	}
	elseif($offset == 'raw'){
		$offset = "-f raw";
	}
	else{
		$offset = "-o $offset";
	}
	$result = shell_exec("$dcat_bin -a $offset $path $sector $total");	
	$result = htmlspecialchars($result);
	return $result;	
}
/****************************************************************
Get content from sector in HEX(DCAT)
****************************************************************/
function get_sector_content_hex($path, $offset, $sector, $total){
	$path = sanitize($path,PARANOID);
	$offset = sanitize($offset,INT);
	$sector = sanitize($sector,PARANOID);
	$total = sanitize($total,PARANOID);
	include("../config/conf.php");
	if($offset == 'null' || $offset == '0'){
		$offset = '';
	}
	elseif($offset == 'raw'){
		$offset = "-f raw";
	}
	else{
		$offset = "-o $offset";
	}
	$result = shell_exec("$dcat_bin -h $offset $path $sector $total");	
	$result = htmlspecialchars($result);
	return $result;	
}
/****************************************************************
Get content from sector in ASCII STRINGS(DCAT)
****************************************************************/
function get_sector_content_asciistrings($path, $offset, $sector, $total){
	$path = sanitize($path,PARANOID);
	$offset = sanitize($offset,INT);
	$sector = sanitize($sector,PARANOID);
	$total = sanitize($total,PARANOID);
	include("../config/conf.php");
	if($offset == 'null' || $offset == '0'){
		$offset = '';
	}
	elseif($offset == 'raw'){
		$offset = "-f raw";
	}
	else{
		$offset = "-o $offset";
	}
	$result = shell_exec("$dcat_bin $offset $path $sector $total | $srch_strings_bin -a");	
	$result = htmlspecialchars($result);
	return $result;	
}
/****************************************************************
Exports sectors content (DCAT)
****************************************************************/
function export_sector($path, $offset, $sector, $total, $name){
	$path = sanitize($path,PARANOID);
	$offset = sanitize($offset,INT);
	$sector = sanitize($sector,INT);
	$total = sanitize($total,PARANOID);
	$name = sanitize($name,PARANOID);
	include ("loggerClass.php");
	include("../config/conf.php");
	if($offset == 'null' || $offset == '0'){
		$offset = '';
	}
	elseif($offset == 'raw'){
		$offset = "-f raw";
	}
	else{
		$offset = "-o $offset";
	}
	if($inode == 'null') $inode = '';
	new Log($_SESSION['ip'], $_SESSION['user'], "Sector $name of image $path exported");
	shell_exec("$dcat_bin $offset $path $sector $total > $INSTALLDIR/temp/$name");
}
/****************************************************************
Analyze volatile images (RAM dump)
****************************************************************/
function get_ram_info($path){
	$path = sanitize($path,PARANOID);
	include("../config/conf.php");
	$result = shell_exec("python $INSTALLDIR/Volatility-1.3_Beta/volatility ident -f $path");
	if(preg_match("/(VM\sType:\s)(\S+)\n/", $result, $out)){
		$_SESSION['ram_type'] = $out[2];
	}
	if(preg_match("/(DTB:\s)(\S+)\n/", $result, $out)){
		$_SESSION['ram_offset'] = $out[2];
	}	
	$result = preg_replace("/\n/", "<br>", $result);
	return $result;
}
function get_ram_analysis($path, $command, $start, $end, $slow, $format, $offset, $file){
	$path = sanitize($path,PARANOID);
	$command = sanitize($command,PARANOID);
	$start = sanitize($start,PARANOID);
	$end = sanitize($end,PARANOID);
	$slow = sanitize($slow,PARANOID);
	$format = sanitize($format,PARANOID);
	$offset = sanitize($offset,PARANOID);
	$file = sanitize($file,PARANOID);	
	include("../config/conf.php");
	if($command=='ident'){
		$result = shell_exec("python $INSTALLDIR/Volatility-1.3_Beta/volatility ident -f $path");	
	}
	elseif(($command=='connscan')or($command=='psscan')or($command=='sockscan')or($command=='thrdscan')){
		if($start!='') $start = "-s $start";
		if($end!='') $end = "-e $end";
		if($slow!='') $slow = "-l";
		$result = shell_exec("python $INSTALLDIR/Volatility-1.3_Beta/volatility $command -f $path -b ".$_SESSION['ram_offset']." -t ".$_SESSION['ram_type']." $start $end $slow");
	}
	elseif(($command=='vadinfo')or($command=='vaddump')){
		if($offset!='') $offset = "-o $offset";
		$result = shell_exec("python $INSTALLDIR/Volatility-1.3_Beta/volatility $command -f $path -b ".$_SESSION['ram_offset']." -t ".$_SESSION['ram_type']." $offset");
	}
	elseif($command=='vadwalk'){
		switch($format){
			case 'table': $format = "-l"; break;
			case 'tree': $format = "-e"; break;
			case 'DOT': $format = "-d"; break;
		}
		if($offset!='') $offset = "-o $offset";
		$result = shell_exec("python $INSTALLDIR/Volatility-1.3_Beta/volatility $command -f $path -b ".$_SESSION['ram_offset']." -t ".$_SESSION['ram_type']." $format $offset");
	}
	elseif($command=='strings'){
		$file = "-s $file";
		$result = shell_exec("python $INSTALLDIR/Volatility-1.3_Beta/volatility $command -f $path -b ".$_SESSION['ram_offset']." -t ".$_SESSION['ram_type']." $file");
	}
	else{
		$result = shell_exec("python $INSTALLDIR/Volatility-1.3_Beta/volatility $command -f $path -b ".$_SESSION['ram_offset']." -t ".$_SESSION['ram_type']);	
	}
	$result = preg_replace("/\n/", "<br>", $result);
	if($result=='') $result='No output for this command';
	return $result;	
}
/****************************************************************
Live keyword search on RAM dump
****************************************************************/
function ram_live_search($path, $string, $regexp, $ascii, $unicode){
	$path = sanitize($path,PARANOID);
	$string = sanitize($string,PARANOID);
	$ascii = sanitize($ascii,PARANOID);
	$unicode = sanitize($unicode,PARANOID);
	include("../config/conf.php");
	if($regexp=='true'){
		if($ascii=='true')
			$result = shell_exec("$srch_strings_bin -a -t x $path | $grep_bin -E \"$string\""); //ascii strings
		if($unicode=='true')
			$result .= shell_exec("$srch_strings_bin -e l -a -t x $path | $grep_bin -E \"$string\"");  //unicode strings
	}else{
		if($ascii=='true')
			$result = shell_exec("$srch_strings_bin -a -t x $path | $grep_bin $string");   //ascii strings
		if($unicode=='true')	
			$result .= shell_exec("$srch_strings_bin -e l -a -t x $path | $grep_bin $string");  //unicode strings
	}
	$result = htmlspecialchars($result);
	$result = preg_replace("/\n/", "<br>", $result);
	if($result=='') $result='No output for this command';
	return $result;		
}

/****************************************************************
Timeline indexing (FLS+MACTIME)
****************************************************************/
function indx_timeline($path, $offset, $part_id, $tz){
	$path = sanitize($path,PARANOID);
	$offset  = preg_replace("/[^a-z0-9\|]/", "", $offset);
	$part_id = preg_replace("/[^0-9\|]/", "", $part_id);
	$tz = preg_replace("/[^a-zA-Z0-9\/\_\-\+\|]/", "", $tz);
	include("loggerClass.php");
	include("../config/conf.php");
	include("../config/config.inc.php");
	if($offset == 'null'){
		$result = shell_exec("$fls_bin -z $tz -m / -r $path | $mactime_bin -b - -y -m -z $tz | $INSTALLDIR/scripts/indx_timeline $part_id $db_host $db_name $db_user '$db_password'");
	}else{
		$offset = explode("|", $offset);
		$part_id = explode("|", $part_id);
		$time_zone = explode("|", $tz);
		for($i=0; $i<sizeof($offset); $i++){
			if($offset [$i]!='')
				$result = shell_exec("$fls_bin -z $time_zone[$i] -m / -r -o ".$offset[$i]." $path | $mactime_bin -b - -y -m -z $time_zone[$i] | $INSTALLDIR/scripts/indx_timeline ".$part_id[$i]." $db_host $db_name $db_user '$db_password'");	
		}
	}		
	if(preg_match("/(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})/", $result, $o)){
		$date = $o[1]."-".$o[2]."-".$o[3]." ".$o[4].":".$o[5].":".$o[6];
	}
	new Log($_SESSION['ip'], $_SESSION['user'], "Timeline indexing launched on image $path");
	return $date;
}
/****************************************************************
Filetype indexing (FLS)
****************************************************************/
function indx_filetype($path, $offset, $part_id){
	$path = sanitize($path,PARANOID);
	$offset  = preg_replace("/[^a-z0-9\|]/", "", $offset);
        $part_id = preg_replace("/[^0-9\|]/", "", $part_id);	include("loggerClass.php");
	include("../config/conf.php");
	include("../config/config.inc.php");
	if($offset == 'null'){
		$result = shell_exec("$fls_bin -m / -r $path | $INSTALLDIR/scripts/indx_filetype 0 '$path' $part_id $db_host $db_name $db_user '$db_password'");
	}else{
		$offset = explode("|", $offset);
		$part_id = explode("|", $part_id);
		for($i=0; $i<sizeof($offset); $i++){
			if($offset [$i]!='')
				$result = shell_exec("$fls_bin -m / -r -o ".$offset[$i]." $path | $INSTALLDIR/scripts/indx_filetype ".$offset[$i]." '$path' ".$part_id[$i]." $db_host $db_name $db_user '$db_password'");	
		}
	}
	if(preg_match("/(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})/", $result, $o)){
                $date = $o[1]."-".$o[2]."-".$o[3]." ".$o[4].":".$o[5].":".$o[6];
        }		
	new Log($_SESSION['ip'], $_SESSION['user'], "File type indexing launched on image $path");
	return $date;
}
/****************************************************************
Indexing (FLS) for MD5, SHA1 and Keywords
****************************************************************/
function indx_multi($path, $offset, $part_id, $options){
	$path = sanitize($path,PARANOID);
	$offset  = preg_replace("/[^a-z0-9\|]/", "", $offset);
	$part_id = preg_replace("/[^0-9\|]/", "", $part_id);
	$options = sanitize($options,PARANOID);
	include("loggerClass.php");
	include("../config/conf.php");
	include("../config/config.inc.php");
	$path = preg_replace("/\s+$/", "", $path);
	if($offset == 'null'){
		$result = shell_exec("$fls_bin -m / -r $path | ../scripts/ptk_script 0 \"$path\" $part_id $options $db_host $db_name $db_user '$db_password'");
	}else{
		$offset = explode("|", $offset);
		$part_id = explode("|", $part_id);
		for($i=0; $i<sizeof($offset); $i++){
			if($offset [$i]!='')
				$result = shell_exec("$fls_bin -m / -r -o ".$offset[$i]." $path | ../scripts/ptk_script ".$offset[$i]." \"$path\" ".$part_id[$i]." ".$options." $db_host $db_name $db_user '$db_password'");
		}
	}		
	if(preg_match("/(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})/", $result, $o)){
                $date = $o[1]."-".$o[2]."-".$o[3]." ".$o[4].":".$o[5].":".$o[6];
        }
	new Log($_SESSION['ip'], $_SESSION['user'], "Multiple indexing launched on image $path");
	return $date;
}
/****************************************************************
Returns content of graphic files from bookmarks
****************************************************************/
function get_file_content_image_report($offset, $inode, $name, $path){
    	$path = sanitize($path,PARANOID);
        $offset = sanitize($offset,INT);
        $inode = sanitize($inode,PARANOID);
        $name = sanitize($name,PARANOID);
        $name = sha1($name.$inode);

        include("../config/conf.php");
        if($offset == 'null' || $offset == '0'){
                $offset = '';
        }else{
                $offset = "-o $offset";
        }
        if($inode == 'null') $inode = '';
        shell_exec("$icat_bin -r $offset $path $inode > $INSTALLDIR/temp/$name");
	return ("$INSTALLDIR/temp/$name");
}
?>
Return current item: Ptk-forensics