def display(self, query, result):
new_q = result.make_link(query, '')
if not query.has_key('limit'): query['limit'] = 0
dbh = self.DBO(query['case'])
fsfd = FileSystem.DBFS(query["case"])
## If this is a directory, only show the stats
if query.has_key('inode_id'):
fd = fsfd.open(inode_id=query['inode_id'])
fd.inode_id = query['inode_id']
query['inode'] = fd.inode
else:
fd = fsfd.open(inode=query['inode'])
if not fd: return
image = Graph.Thumbnailer(fd, 300)
## Make a series of links to each level of this inode - this
## way we can view parents of this inode.
tmp = result.__class__(result)
tmp.text("Viewing file in inode ", make_inode_link(fd, query, result))
result.heading(tmp)
try:
result.text("Classified as %s by magic" % image.GetMagic())
except IOError, e:
result.text("Unable to classify file, no blocks: %s" % e)
image = None
def display(self, value, row, result):
dbh = DB.DBO(self.case)
fsfd = FileSystem.DBFS(self.case)
dbh.execute(
"select file.inode_id as inode_id, name from file, webmail_attachments where webmail_attachments.inode_id = %r and file.inode_id = webmail_attachments.attachment",
value)
for row in dbh:
tmp = result.__class__(result)
try:
fd = fsfd.open(inode_id=row['inode_id'])
image = Graph.Thumbnailer(fd, 100)
except IOError:
pass
if image.height > 0:
tmp.image(image, width=image.width, height=image.height)
else:
tmp.image(image, width=image.width)
link = result.__class__(result)
name = row['name']
if len(name) > 20: name = name[:20] + " ..."
tmp.para(name)
link.link(tmp,
tooltip=row['name'],
pane='new',
target=FlagFramework.query_type(
family="Disk Forensics",
report="ViewFile",
case=self.case,
mode='Summary',
inode_id=row['inode_id']))
result.row(link)
def render_html(self, inode_id, table_renderer):
ct=''
try:
fd = self.fsfd.open(inode_id = inode_id)
image = Graph.Thumbnailer(fd, 200)
inode_filename, ct, fd = table_renderer.make_archive_filename(inode_id)
filename, ct, fd = table_renderer.make_archive_filename(inode_id, directory = "thumbnails/")
table_renderer.add_file_from_string(filename,
image.display())
except IOError,e:
print e
return "<a href=%r ><img src='images/broken.png' /></a>" % inode_filename
def render_cell(self, inode_id):
""" Renders a single inode_id """
filename, ct, fd = self.make_archive_filename(inode_id, directory = "thumbnails/")
image = Graph.Thumbnailer(fd, 200)
inode_filename,ct, fd = self.make_archive_filename(inode_id)
self.add_file_from_string(filename, image.display())
path, inode, inode_id = FileSystem.DBFS(self.case).lookup(inode_id = inode_id)
## Make sure we export the inode
dbh = DB.DBO()
dbh.insert("jobs",
command = "Export",
arg1 = self.case,
arg2 = inode_id,
)
return "<abbr title='%s'><a href='%s'><img src='%s' /></a><br/>"\
"<a href='inodes/%s_explain.html' ><img src=images/question.png /></a>"\
"%s</abbr>" % (\
path, inode_filename, filename, inode_id, fd.inode)
for k, v in istat.iteritems():
left.row('%s:' % k, '', v, align='left')
except AttributeError:
pass
#What did libextractor have to say about this file?
dbh = DB.DBO(self.case)
dbh.execute("select property,value from xattr where inode_id=%r",
istat['inode_id'])
for row in dbh:
left.row(row['property'], ': ', row['value'])
left.end_table()
image = Graph.Thumbnailer(self, 300)
if image:
right = result.__class__(result)
right.image(image, width=200)
result.start_table(width="100%")
result.row(left, right, valign='top', align="left")
image.headers = [
("Content-Disposition", "attachment; filename=%s" % name),
]
else:
result.start_table(width="100%")
result.row(left, valign='top', align="left")
class StringIOFile(File):
""" This is a File object which is implemented as a StringIO.
def plot(self,
gen,
query,
result,
figure_args=None,
plot_args=None,
*args):
color_list = ['b', 'r', 'm', 'c', 'burlywood']
if not figure_args:
figure_args = {}
if not plot_args:
plot_args = {}
timestamp = figure_args.pop("timestamp", False)
fig = figure.Figure(**figure_args)
ax = fig.add_subplot(111)
x = []
y = []
for a, b in gen:
x.append(a)
y.append(b)
if 'color' not in plot_args:
plot_args['color'] = 'k'
if timestamp: # Special case to allow plotting the x axis as time
ax.get_xaxis().set_major_formatter(
dates.DateFormatter("%d-%m-%Y\n%H:%M:%S"))
ax.get_xaxis().set_major_locator(MaxNLocator(6))
#x = [dates.epoch2num(i) for i in x]
x = dates.epoch2num(x)
ax.plot(x, y, '.', **plot_args)
ax.grid()
for i, arg in enumerate(args):
i = []
j = []
plot_args['zorder'] = i
if 'color' in plot_args:
del plot_args['color']
if len(color_list) > 0:
plot_args['color'] = color_list.pop(0)
if 'markersize' in plot_args:
plot_args['markersize'] *= 1.3
else:
plot_args['markersize'] = matplotlib.defaultParams[
'lines.markersize'][0] * 1.3
for a, b in arg:
i.append(a)
j.append(b)
if timestamp:
i = dates.epoch2num(i)
ax.plot(i, j, '.', **plot_args)
## Make a temporary file name:
fd = tempfile.TemporaryFile()
canvas = FigureCanvas(fig)
canvas.print_figure(fd)
fd.seek(0)
if not query.has_key("download"):
image = Graph.Image(fd.read())
result.image(image)
else:
result.generator.content_type = "image/png"
result.generator.generator = [
fd.read(),
]
def display(self, query, result):
dbh = self.DBO(query['case'])
try:
bin_size = int(query['bin_size'])
except KeyError:
bin_size = 60
query['bin_size'] = str(bin_size)
result.heading("Bandwidth estimate from log %s" % query['logtable'])
result.start_table()
result.start_form(query)
result.textfield('Bin Size (Seconds):', 'bin_size')
result.end_form(None)
result.end_table()
if query.has_key('graph'):
new_query = query.clone()
del new_query['graph']
del new_query['limit']
result.link("Click here to view table", new_query)
params = {
'timestamp': query['timestamp'],
'bin_size': bin_size,
'size': query['size'],
'logtable': query['logtable']
}
try:
start = int(query['limit'])
if not start: raise KeyError
except KeyError:
dbh.execute(
'select unix_timestamp(min(%(timestamp)s)) as `min` from %(logtable)s'
% params)
start = dbh.fetch()['min']
params['start'] = start
result.para("")
dbh.execute(
'select unix_timestamp(%(timestamp)s) as `timestamp`,floor(unix_timestamp(%(timestamp)s)/%(bin_size)s)*%(bin_size)s as `Unix Timestamp`,from_unixtime(floor(unix_timestamp(%(timestamp)s)/%(bin_size)s)*%(bin_size)s) as `DateTime`,sum(%(size)s) as `Count` from %(logtable)s where `%(timestamp)s`>from_unixtime("%(start)s") and `%(timestamp)s`<from_unixtime("%(start)s"+100*%(bin_size)s) group by `Unix Timestamp` order by `Unix Timestamp` asc limit 0, 100'
% params)
x = []
y = []
z = []
for row in dbh:
x.append(row['DateTime'])
y.append(row['Count'])
z.append(row['timestamp'])
try:
result.next = z[-1]
result.previous = z[0] - 100 * bin_size
except IndexError:
del query['limit']
result.refresh(0, query)
import pyflag.Graph as Graph
graph = Graph.Graph()
graph.hist(x,
y,
xlabels='yes',
stubvert='yes',
xlbl="Timestamp Bin",
ylbl="Bytes per Bin",
ylbldet="adjust=-0.15,0",
xlbldet="adjust=0,-1.1")
result.image(graph)
return
result.link("Click here to view graph", query, graph=1)
result.table(
columns=('floor(unix_timestamp(%s)/%s)*%s' %
(query['timestamp'], bin_size, bin_size),
'from_unixtime(floor(unix_timestamp(%s)/%s)*%s)' %
(query['timestamp'], bin_size, bin_size),
'sum(%s)' % query['size']),
names=('Unix Timestamp', 'DateTime', 'Count'),
links=[],
table=query['logtable'],
case=query['case'],
groupby='`Unix Timestamp`')