-
Notifications
You must be signed in to change notification settings - Fork 0
/
SerialDataLogger.py
84 lines (73 loc) · 2.67 KB
/
SerialDataLogger.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
import sys
import argparse
import datetime
import subprocess
import os
import platform
import hashlib
import time
import logging
import numpy as np
from datetime import datetime
import matplotlib.pyplot as plt
# Set up the logger
logging.basicConfig(filename='memory_analysis.log', level=logging.INFO)
def run_cmd(command):
process = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
output, error = process.communicate()
if process.returncode != 0:
logging.error(f'Error running command: {command}\nError: {error.decode()}')
return None
return output.decode()
def run_volatility(file_path, command):
vol_command = f'vol.py -f {file_path} {command}'
return run_cmd(vol_command)
def file_analysis(file_path):
analysis_tool_command = f'cat {file_path}'
return run_cmd(analysis_tool_command)
def calculate_hash(file_path):
try:
with open(file_path, 'rb') as f:
data = f.read()
hash_value = hashlib.sha256(data).hexdigest()
return hash_value
except IOError as e:
logging.error(f'Error calculating hash: {e}')
return None
def anomaly_detection(data):
if isinstance(data, str):
data = [float(item) for item in data.split() if item.isdigit()]
mean = np.mean(data)
std_dev = np.std(data)
anomalies = [x for x in data if abs(x - mean) > 2 * std_dev]
return anomalies
def timeline_analysis(events):
if isinstance(events, str):
events = [dict(zip(['timestamp', 'data'], line.split(','))) for line in events.splitlines()]
timestamps = [datetime.strptime(event['timestamp'], '%Y-%m-%d %H:%M:%S') for event in events]
data = [float(event['data']) for event in events]
plt.plot(timestamps, data)
plt.show()
def study_page_file():
with open('/path/to/pagefile.sys', 'rb') as f:
contents = f.read()
print(contents)
def main():
print('Press "q" to quit at any time')
while True:
print('1. RAM Dump and Analysis')
print('2. Study Page File')
choice = input('Enter your choice: ')
if choice == '1':
print('Initiating RAM Dump and Analysis...')
file_path = 'memory_dump.bin'
print(f"Output: {run_volatility(file_path, 'evtlogs')}")
print(f"Output: {run_volatility(file_path, 'vaddump')}")
print(f"Output: {run_volatility(file_path, 'printkey -K \"Microsoft\\Security Center\\Svc\"')}")
print(f"Output: {run_volatility(file_path, 'dlldump -D dlls/')}")
elif choice == '2':
study_page_file()
elif choice.lower() == 'q':
break
if __name__ == '__main__':
main()