Update Release - Version 0.9.9

.gitignore

@@ -6,4 +6,6 @@
 *~
 __pycache__/
 *.DS_Store
-
+vinetto.egg-info
+.vscode
+build

CHANGELOG.md

@@ -1,6 +1,19 @@
 # Changelog
 
-All notable changes to this project will be documented in this file.
+All notable changes to this project are documented in this file.
+
+## [0.9.9] - 2022-01-31 (RELEASED)
+
+### Changed
+
+- Updated all copyright notices and file versions
+- Stanardized on Python 3--removed all Python 2 compatability code
+- Minor function and class callout fixups
+- ESEDB library
+  - Looks for a system ESEDB Python library before importing the Vinetto supplied version
+  - Stanardized the supplied ESEDB Python library on Python 3
+  - Latest Python ESEDB library based on [libesedb](https://github.com/libyal/libesedb) commit 3326953
+- Added invert option (-i, --invert) to invert colors (negatives) for Type 1 images
 
 ## [0.9.8] - 2020-06-25 (DEVELOPEMENT)
 

ReadMe.md

@@ -5,15 +5,17 @@ these files.  Based on the original Vinetto by Michel Roukine.
 
 This is a much needed update to the last original Vinetto (version 0.7).
 
-This version should be compatible with Python 2 and 3.  It should work on
+This version should be compatible with Python 3.  It should work on
 Linux, Mac, and Windows.  Testing has currently been limited to Linux.
 
+NOTE: Python 2 compatible code has been removed since version 0.9.9.
+
 ## Project Overview
 
 1. **Context** : Older Windows systems (98, ME, 2000, XP, and Server 2003) can
 store a thumb cache containing thumbnails and metadata of image files found in
 the directories of its FAT32 or NTFS filesystems.  Newer Windows systems
-(Vista, 7, 8, 10, other related Editions, and Server versions) use a unified
+(Vista, 7, 8, 10, 11, other related Editions, and Server versions) use a unified
 thumb cache system for each user.
    1. For older OS systems, thumbnails and associated metadata are stored in
    Thumbs.db files in each directory.  Thumbs.db files are undocumented OLE
@@ -83,11 +85,13 @@ liveCD like FCCU GNU/Linux Forensic Boot CD.
 
 ## Requirements
 
-1. Python-2.3 or later including standard libraries.
+1. Python 3.7 or later including standard libraries.
+
+2. Pillow 9.0.0 or later.  Based on PIL (Python Imaging Library).  Used to attempt
+correct reconstitution of Type 1 thumbnails (see Limitations below).
 
-2. PIL or Pillow.  PIL (Python Imaging Library) 1.1.5 or later.  Pillow is used
-by the maintainer.  PIL is used to attempt correct reconstitution of Type 1
-thumbnails (see Limitations below).
+3. PyESEDB.  The author suppiles a late model version, but the program checks for a
+system installed version first.  If not found, it uses the supplied version.
 
 ## Limitations
 
@@ -116,14 +120,17 @@ times to fix the file.
 Vinetto has been tested on a modern Linux distribution.  The code has been
 modified to use common Python packages and methods not specific to the Linux
 OS.  Therefore, it should operate on BSD deriviatives, such as Darwin(R)(TM),
-and Windows(R)(TM) OSes as well. YMMV.
+and Windows(R)(TM) OSes as well. However, the supplied ESEDB Python library is
+compiled on a Linux system.  Compile and/or install the ESEDB Python lib for
+your OS.  YMMV.
 
 ## Usage Overview:
 
 ```
-    usage: vinetto [-h] [-e EDBFILE] [-H] [-m [{f,d,r,a}]] [--md5] [--nomd5]
-                   [-o DIR] [-q] [-s] [-U] [-v] [--version]
-                   [infile]
+    Vinetto: Version 0.9.9
+    usage: vinetto [-h] [-e EDBFILE] [-H] [-i] [-m [{f,d,r,a}]] [--md5] [--nomd5]
+                  [-o DIR] [-q] [-s] [-U] [-v] [--version]
+                  [infile]
 
     Vinetto.py - The Thumbnail File Parser
 
@@ -139,6 +146,9 @@ and Windows(R)(TM) OSes as well. YMMV.
                             NOTE: -e without an INFILE explores EDBFILE extracted data
                             NOTE: Automatic mode will attempt to use ESEDB without -e
       -H, --htmlrep         write html report to DIR (requires option -o)
+      -i, --invert          Color invert Type 1 images.  Some test Thumbs.db files showed
+                            color negative images.  If your Type 1 files need color inverting,
+                            use this option.
       -m [{f,d,r,a}], --mode [{f,d,r,a}]
                             operating mode: "f", "d", "r", or "a"
                               where "f" indicates single file processing (default)
@@ -206,7 +216,7 @@ and Windows(R)(TM) OSes as well. YMMV.
               Warnings are warning messages indicating processing issues
               Info are information messages indicating processing states
 
-    --- Vinetto.py 0.9.8 ---
+    --- Vinetto.py 0.9.9 ---
     Based on the original Vinetto by Michel Roukine
     Author: Keven L. Ates
     Vinetto.py is open source software

src/vinetto/config.py

@@ -5,7 +5,7 @@
 
  Vinetto : a forensics tool to examine Thumb Database files
  Copyright (C) 2005, 2006 by Michel Roukine
- Copyright (C) 2019-2020 by Keven L. Ates
+ Copyright (C) 2019-2022 by Keven L. Ates
 
 This file is part of Vinetto.
 
@@ -29,7 +29,7 @@
 
 file_major = "0"
 file_minor = "1"
-file_micro = "8"
+file_micro = "9"
 
 
 OS_WIN_ESEDB_VISTA  = "ProgramData/"

src/vinetto/data/HtmlReportTemplate.html

@@ -6,7 +6,7 @@
 
  Vinetto : a forensics tool to examine Thumb Database files
  Copyright (C) 2005, 2006 by Michel Roukine
- Copyright (C) 2019-2020 by Keven L. Ates
+ Copyright (C) 2019-2022 by Keven L. Ates
 
 This file is part of Vinetto.
 

src/vinetto/error.py

@@ -6,7 +6,7 @@
 
  Vinetto : a forensics tool to examine Thumb Database files
  Copyright (C) 2005, 2006 by Michel Roukine
- Copyright (C) 2019-2020 by Keven L. Ates
+ Copyright (C) 2019-2022 by Keven L. Ates
 
 This file is part of Vinetto.
 
@@ -30,7 +30,8 @@
 
 file_major = "0"
 file_minor = "1"
-file_micro = "0"
+file_micro = "1"
+
 
 """
 Vinetto Errors are categorized by the return exit codes.

src/vinetto/esedb.py

@@ -5,7 +5,7 @@
 
  Vinetto : a forensics tool to examine Thumb Database files
  Copyright (C) 2005, 2006 by Michel Roukine
- Copyright (C) 2019-2020 by Keven L. Ates
+ Copyright (C) 2019-2022 by Keven L. Ates
 
 This file is part of Vinetto.
 
@@ -25,28 +25,20 @@
 
 -----------------------------------------------------------------------------
 """
-from __future__ import print_function
 
 
 file_major = "0"
 file_minor = "1"
-file_micro = "7"
+file_micro = "8"
 
 
 import sys
 from struct import unpack
 from binascii import hexlify, unhexlify
 
-try:
-    import vinetto.config as config
-    import vinetto.utils as utils
-    import vinetto.error as verror
-    bLib3 = True
-except ImportError:
-    import config
-    import utils
-    import error as verror
-    bLib3 = False
+import vinetto.config as config
+import vinetto.utils as utils
+import vinetto.error as verror
 
 
 ###############################################################################
@@ -140,16 +132,23 @@ def __init__(self):
             self.iCol[key] = None
 
     def prepare(self):
+        bEDBFileGood = False
         try:
-            if (bLib3):
-                from vinetto.lib import pyesedb
-            else:
-                from lib import pyesedb
+            import pyesedb
+            sys.stdout.write(" Info: Imported system pyesedb library.")
             bEDBFileGood = True
         except:
-            # Hard Error!  The "pyesedb" library is installed locally with Vinetto,
-            #   so missing "pyesedb" library is bad!
-            raise verror.InstallError(" Error (Install): Cannot import local library pyesedb")
+            sys.stdout.write(" Warning: Cannot import system pyesedb library!")
+            # Error!  The "pyesedb" library is supposed to be installed locally with Vinetto,
+            try:
+                from vinetto.lib import pyesedb
+                sys.stdout.write(" Info: Imported Vinetto's pyesedb library.")
+                bEDBFileGood = True
+            except:
+                # Error!  The "pyesedb" library is not found anywhere.
+                sys.stdout.write(" Warning: Cannot import Vinetto's pyesedb library!")
+                # A missing "pyesedb" library is bad!
+                raise verror.InstallError(" Error (Install): Cannot import a pyesedb library!")
 
         pyesedb_ver = pyesedb.get_version()
         if (config.ARGS.verbose > 0):
@@ -269,17 +268,17 @@ def processRecord(self, recordESEDB, strKey):
     def load(self):
         if (self.iCol["TCID"] == None):
             if (config.ARGS.verbose >= 0):
-                sys.stderr.write(" Warning: No ESEDB Image column %s available\n" % ESEDB_ICOL_NAMES["TCID"][0])
+                sys.stderr.write(" Warning: No ESEDB Image column %s available\n" % utils.ESEDB_ICOL_NAMES["TCID"][0])
             self.table = None
             self.edbFile.close()
             self.edbFile = False
             return self.edbFile
         if (self.iCol["MIME"] == None and self.iCol["CTYPE"] == None and self.iCol["ITT"] == None):
             if (config.ARGS.verbose >= 0):
                 sys.stderr.write(" Warning: No ESEDB Image columns %s available\n" %
-                                (ESEDB_ICOL_NAMES["MIME"][0] + ", " +
-                                ESEDB_ICOL_NAMES["CTYPE"][0] + ", or " +
-                                ESEDB_ICOL_NAMES["ITT"][0]))
+                                (utils.ESEDB_ICOL_NAMES["MIME"][0] + ", " +
+                                utils.ESEDB_ICOL_NAMES["CTYPE"][0] + ", or " +
+                                utils.ESEDB_ICOL_NAMES["ITT"][0]))
             self.table = None
             self.edbFile.close()
             self.edbFile = False
@@ -476,10 +475,7 @@ def examine(self):
         import re
         import readline
 
-        try:
-            funcInput = raw_input
-        except NameError:
-            funcInput = input
+        funcInput = input
 
         def prompt(strMessage, strErrorMessage, isValid):
             # Prompt for input given a message and return that value after verifying the input.

src/vinetto/processor.py

@@ -5,7 +5,7 @@
 
  Vinetto : a forensics tool to examine Thumb Database files
  Copyright (C) 2005, 2006 by Michel Roukine
- Copyright (C) 2019-2020 by Keven L. Ates
+ Copyright (C) 2019-2022 by Keven L. Ates
 
 This file is part of Vinetto.
 
@@ -25,34 +25,24 @@
 
 -----------------------------------------------------------------------------
 """
-from __future__ import print_function
 
 
 file_major = "0"
 file_minor = "1"
-file_micro = "9"
+file_micro = "10"
 
 
 import sys
 import os
 import fnmatch
 
-try:
-    import vinetto.config as config
-    import vinetto.report as report
-    import vinetto.thumbOLE as thumbOLE
-    import vinetto.thumbCMMM as thumbCMMM
-    import vinetto.thumbIMMM as thumbIMMM
-    import vinetto.utils as utils
-    import vinetto.error as verror
-except ImportError:
-    import config
-    import report
-    import thumbOLE
-    import thumbCMMM
-    import thumbIMMM
-    import utils
-    import error as verror
+import vinetto.config as config
+import vinetto.report as report
+import vinetto.thumbOLE as thumbOLE
+import vinetto.thumbCMMM as thumbCMMM
+import vinetto.thumbIMMM as thumbIMMM
+import vinetto.utils as utils
+import vinetto.error as verror
 
 
 ###############################################################################
@@ -95,14 +85,8 @@ def processThumbFile(self, infile, filenames = None):
 
         # Get MD5 of file...
         if (config.ARGS.md5force) or ((not config.ARGS.md5never) and (dictHead["FileSize"] < (1024 ** 2) * 512)):
-            try:
-                # Python >= 2.5
-                from hashlib import md5
-                dictHead["MD5"] = md5(fileThumbsDB.read()).hexdigest()
-            except:
-                # Python < 2.5
-                import md5
-                dictHead["MD5"] = md5.new(fileThumbsDB.read()).hexdigest()
+            from hashlib import md5
+            dictHead["MD5"] = md5( fileThumbsDB.read() ).hexdigest()
             del md5
 
         # -----------------------------------------------------------------------------
@@ -189,15 +173,15 @@ def processDirectory(self, thumbDir, filenames = None):
         # TODO: to check existing image file names against stored thumbnail IDs
 
         for thumbFile in tc_files:
-            processThumbFile(thumbFile, filenames)
+            self.processThumbFile(thumbFile, filenames)
 
         return
 
 
     def processRecursiveDirectory(self):
         # Walk the directories from given directory recursively down...
         for dirpath, dirnames, filenames in os.walk(config.ARGS.infile):
-            processDirectory(dirpath, filenames)
+            self.processDirectory(dirpath, filenames)
 
         return
 
@@ -225,7 +209,7 @@ def processFileSystem(self):
                         if (config.ARGS.verbose >= 0):
                             sys.stderr.write(" Warning: Skipping %s - does not contain %s\n" % (entryUserDir.path, config.OS_WIN_THUMBCACHE_DIR))
                     else:
-                        processDirectory(userThumbsDir)
+                        self.processDirectory(userThumbsDir)
 
         # XP
         # ============================================================
@@ -237,13 +221,13 @@ def processFileSystem(self):
                 for entryUserDir in iterDirs:
                     if not entryUserDir.is_dir():
                         continue
-                    processDirectory(entryUserDir)
+                    self.processDirectory(entryUserDir)
 
         # Other / Unidentified
         # ============================================================
         else:
             if (config.ARGS.verbose > 0):
                 sys.stderr.write(" Info: FS - Generic partition, processing all subdirectories (recursive operating mode)\n")
-            processDirectory(config.ARGS.infile)
+            self.processDirectory(config.ARGS.infile)
 
         return