func (ewf_file *EWF_file) ReadAt(length uint64, off uint64) *bytes.Reader {
//cast to struct respecting endianess
defer parseutil.TimeTrack(time.Now(), "reading")
buff := make([]byte, length)
var err error
var n int
//read 100KB chunks
STEP := uint64(1000 * 1024)
rem := length
if length < STEP {
_, err := ewf_file.File.ReadAt(buff, int64(off))
if err == io.EOF {
fmt.Println("Error reading file:", err)
}
} else {
for i := uint64(0); i <= length; i += STEP {
if rem < STEP { //final read
n, err = ewf_file.File.ReadAt(buff[i:length], int64(off))
} else {
n, err = ewf_file.File.ReadAt(buff[i:i+STEP], int64(off))
}
off += uint64(n)
rem -= uint64(n)
if err != nil {
fmt.Println("Error reading file:", err)
log.Fatal(err)
}
}
}
return bytes.NewReader(buff)
}
func (ewf_header *EWF_Header) Parse(buf *bytes.Reader) {
//parse struct attributes
//iterate through the fields of the struct
defer parseutil.TimeTrack(time.Now(), "Parsing")
s := reflect.ValueOf(ewf_header).Elem()
for i := 0; i < s.NumField(); i++ {
parseutil.Parse(buf, s.Field(i).Addr().Interface())
}
}
func (digest_section *EWF_Digest_Section) Parse(r *bytes.Reader) {
defer parseutil.TimeTrack(time.Now(), "Parsing")
s := reflect.ValueOf(digest_section).Elem()
for i := 0; i < s.NumField(); i++ {
//parse struct attributes
parseutil.Parse(r, s.Field(i).Addr().Interface())
}
}
func (section_header *Section_Header) Parse(buf *bytes.Reader) {
defer parseutil.TimeTrack(time.Now(), "Parsing") //header of each section
s := reflect.ValueOf(section_header).Elem()
for i := 0; i < s.NumField(); i++ {
//parse struct attributes
parseutil.Parse(buf, s.Field(i).Addr().Interface())
}
}
func (ewf_file *EWF_file) ParseHeader(cur_offset *uint64) {
defer parseutil.TimeTrack(time.Now(), "Parsing Segment Header")
buf := ewf_file.ReadAt(EWF_Header_s, *cur_offset) //producer
*cur_offset += EWF_Header_s
ewf_header := new(EWF_Header) //ewf_header acts as a pointer
ewf_header.Parse(buf) //consume
sig := parseutil.Stringify(ewf_header.Signature[:])
if !strings.Contains(sig, "EVF") {
os.Exit(0)
}
}
func (ewf_table_section *EWF_Table_Section) Parse(buf *bytes.Reader) {
defer parseutil.TimeTrack(time.Now(), "Parsing")
val := make([]byte, int64(buf.Len()))
buf.Read(val)
ewf_table_section.table_header.Parse(bytes.NewReader(val[0:24]))
ewf_table_section.table_footer.Parse(bytes.NewReader(val[len(val)-4 : len(val)]))
val = val[24 : len(val)-4]
k := 0
ewf_table_section.Table_entries = make([]EWF_Table_Section_Entry, ewf_table_section.table_header.nofEntries)
for i := uint32(0); i < ewf_table_section.table_header.nofEntries; i += 1 {
ewf_table_section.Table_entries[i].Parse(bytes.NewReader(val[0+k : 4+k]))
// fmt.Println("EFW in by",i,
// ewf_table_section.table_entries[i].IsCompressed,ewf_table_section.table_entries[i].ChunkDataOffset)
k += 4
}
}
func (ewf_h2_section *EWF_Header2_Section) Parse(buf *bytes.Reader) {
//0x09 tab 0x0a new line delimiter
//function to parse header2 section attributes
//to do take into account endianess
val := make([]byte, buf.Len())
buf.Read(val)
val = parseutil.Decompress(val)
defer parseutil.TimeTrack(time.Now(), "Parsing")
line_del, _ := hex.DecodeString("0a")
tab_del, err := hex.DecodeString("09")
if err != nil {
log.Fatal(err)
}
var b *bytes.Reader
for line_number, line := range bytes.Split(val, line_del) {
for id_num, attr := range bytes.Split(line, tab_del) {
b = bytes.NewReader(attr)
if line_number == 0 {
parseutil.Parse(b, &ewf_h2_section.BOM)
parseutil.Parse(b, &ewf_h2_section.NofCategories)
} else if line_number == 1 {
parseutil.Parse(b, &ewf_h2_section.CategoryName)
} else if line_number == 2 {
} else if line_number == 3 {
if id_num == EWF_HEADER_VALUES_INDEX_DESCRIPTION {
ewf_h2_section.a = string(attr)
fmt.Println("TIME", ewf_h2_section.a)
} else if id_num == EWF_HEADER_VALUES_INDEX_CASE_NUMBER {
ewf_h2_section.c = string(attr)
} else if id_num == EWF_HEADER_VALUES_INDEX_EXAMINER_NAME {
ewf_h2_section.n = string(attr)
} else if id_num == EWF_HEADER_VALUES_INDEX_EVIDENCE_NUMBER {
ewf_h2_section.e = string(attr)
} else if id_num == EWF_HEADER_VALUES_INDEX_NOTES {
ewf_h2_section.t = string(attr)
} else if id_num == EWF_HEADER_VALUES_INDEX_ACQUIRY_SOFTWARE_VERSION {
ewf_h2_section.av = string(attr)
} else if id_num == EWF_HEADER_VALUES_INDEX_ACQUIRY_OPERATING_SYSTEM {
ewf_h2_section.ov = string(attr)
} else if id_num == EWF_HEADER_VALUES_INDEX_ACQUIRY_DATE {
ewf_h2_section.m = parseutil.SetTime(attr)
} else if id_num == EWF_HEADER_VALUES_INDEX_SYSTEM_DATE {
ewf_h2_section.u = parseutil.SetTime(attr)
} else if id_num == EWF_HEADER_VALUES_INDEX_PASSWORD {
ewf_h2_section.p = string(attr)
} else if id_num == EWF_HEADER_VALUES_INDEX_PROCESS_IDENTIFIER {
ewf_h2_section.pid = string(attr)
}
}
}
}
}