1) Opens X-Ways Forensics
2) Creates a new case
3) Adds a forensic image to the case
4) Runs the task "Refine Volume Snapshot"
The task Refine Volume Snapshot takes random amount of time, depending of the size and complexity of the forensic image.
How can I check if this task is done or not?
After it is done I want to do other things.
This is the message that appears when its finished; My script:
Code: Select all
; 1 Read Case Number, evidenceNumber and evidenceFile into variables
FileRead, caseNumber, C:\Users\user\EDBAutomation\_data\current_case_number.txt
FileRead, evidenceNumberClean, C:\Users\user\EDBAutomation\_data\evidence_number_clean.txt
FileRead, evidenceFile, C:\Users\user\EDBAutomation\_data\evidence_file.txt
;MsgBox Case Number is: %caseNumber% and Evidence number is %evidenceNumberClean%
; Start X-Ways
RunAs, user, datakrim
Run "C:\Program Files\X-Ways Forensics\xwforensics64.exe"
WinWait, X-Ways Forensics
WinMaximize ; use the window found above
Send {ESC} ; Ignore any errors
; Create new Case
Send !l
Send {Down}
Send {Enter}
Send %evidenceNumberClean%
Send {Tab}
FileCreateDir, G:\Cases\%caseNumber%\X-Ways\%evidenceNumberClean%
Sleep, 1000 ; 1 seconds
Send G:\Cases\%caseNumber%\X-Ways\%evidenceNumberClean%
Send {Enter}
Send !O
Sleep, 4000 ; 4 seconds
; Add image to case
Send !l
Send {Up}
Send {Enter}
Sleep, 4000 ; 4 second
Send G:\MirrorFiles\%caseNumber%\%evidenceFile%
Send {Enter}
Sleep, 4000 ; 4 seconds
; Refine Volume Snapshot
Send {ESC} ; Ignore any errors
Send {F10}
Sleep, 1000 ; 1 seconds
Send {Enter}
Send {Enter}
Sleep, 5000 ; 5 seconds
; Check if Refine Volume Snapshot is finished every 60 seconds