def external_process(self, fd):
attach_metadata = {}
metadata = {}
self.count = 0
dbh = DB.DBO(self.case)
dbh.mass_insert_start('xattr')
f = OLE2.OLEFile(Buffer(fd=fd))
for p in f.properties:
for i in self.dispatch.keys():
property_name = p['pps_rawname'].__str__()
if re.search(i,property_name):
for prop, value in self.dispatch[i](self, p,f):
## We store related metadata for
if prop.startswith("Attach"):
## If we have a repreated attachement
## property - we flush the old set and
## start again - this is for the case
## when we have multiple attachments.
if attach_metadata.has_key(prop):
self.store_file(attach_metadata)
attach_metadata = {}
else:
attach_metadata[prop] = value
else:
## Not Attachment: Store the metadata
## in the xattr table:
value = value.__str__().strip()
if len(value)>1:
dbh.mass_insert(inode_id = self.fd.inode_id,
property = prop,
value = value)
metadata[prop] = value
## Finalise the attachments
self.store_file(attach_metadata)
def tree_cb(path):
fd = IO.open_URL(query['file'])
b = Buffer(fd = fd)
header = RegFile.RegF(b)
key = header.get_key(path)
for k in key.keys():
try:
name = k['key_name'].get_value()
except:
name = None
yield (name,name,'branch')
def details(query,result):
fd = IO.open_URL(query['file'])
b = Buffer(fd = fd)
header = RegFile.RegF(b)
key = header.get_key(path)
result.heading("Key %s" % path)
result.text("%s" % key, font='typewriter', wrap='full')
for v in key.values():
try:
name = "%s"% v['keyname']
result.heading("%s" % name)
result.text("%s" % v, font='typewriter', wrap='full')
except: pass
def pane_cb(path, result):
fd = IO.open_URL(query['file'])
b = Buffer(fd=fd)
header = RegFile.RegF(b)
key = header.get_key(path)
result.text("Timestamp: %s" % key['WriteTS'], style='red')
result.start_table(**{'class': 'GeneralTable'})
## We dont want to reference the keys because we
## will leak memeory while the callback remains stored.
def details(query, result):
fd = IO.open_URL(query['file'])
b = Buffer(fd=fd)
header = RegFile.RegF(b)
key = header.get_key(path)
result.heading("Key %s" % path)
result.text("%s" % key, font='typewriter', wrap='full')
for v in key.values():
try:
name = "%s" % v['keyname']
result.heading("%s" % name)
result.text("%s" % v, font='typewriter', wrap='full')
except:
pass
result.toolbar(cb=details,
text="Examine Details",
icon="examine.png")
result.row('Type', 'Length', 'Name', 'Value',
**{'class': 'hilight'})
for v in key.values():
try:
t = "%s" % v['data']['val_type']
length = "%s" % v['data']['len_data']
name = "%s" % v['keyname']
data = "%s" % v['data']
data = RAW(data[:100])
result.row(t, length, name, data)
except Exception, e:
print e
pass
def __init__(self, stream):
self.stream = stream
self.buffer = Buffer(fd=stream)
self.case = stream.case