def make_reference_to_inode(self, inode_id, hint=None): """ Returns a reference to the given Inode ID. This needs to provide a URL to the specified resource. """ result = query_type(case=self.case, family="Network Forensics", report="ViewFile", inode_id=inode_id) if hint: result['hint'] = hint return '"f?%s"' % result
def display(self, query, result): result.heading("Email sessions") result.table( elements = [ InodeType('Inode','inode', link = query_type(family='Disk Forensics', case=query['case'], __target__='inode', report='View File Contents', mode="Text"), case=query['case']), TimestampType('Date','date'), StringType('From','from'), StringType('To','to'), StringType('Subject','subject') ], table=('email'), case=query['case'], )
def display(self, query, result): result.heading("Email sessions") result.table( elements=[ InodeType('Inode', 'inode', link=query_type(family='Disk Forensics', case=query['case'], __target__='inode', report='View File Contents', mode="Text"), case=query['case']), TimestampType('Date', 'date'), StringType('From', 'from'), StringType('To', 'to'), StringType('Subject', 'subject') ], table=('email'), case=query['case'], )
def cache_io(self, name, case, query=None): if not self.io: dbh = DB.DBO(case) ## This basically checks that the query is sane. if query: ## Check that all our mandatory parameters have been provided: for p in self.mandatory_parameters: if not query.has_key(p): raise IOError("Mandatory parameter %s not provided" % p) ## Check that the name does not already exist: if name: dbh.execute("select * from iosources where name = %r" , name) if dbh.fetch(): raise IOError("An iosource of name %s already exists in this case" % name) ## Try to make it self.io = self.create(name, case, query) ## If we get here we made it successfully so store in db: dbh.insert('iosources', name = query['iosource'], type = self.__class__.__name__, timezone = query.get('TZ',"SYSTEM"), parameters = "%s" % query, _fast = True) else: self.io = self.create(name, case, query) ## No query provided, we need to fetch it from the db: else: dbh.check_index('iosources','name') dbh.execute("select parameters from iosources where name = %r" , name) row = dbh.fetch() self.io = self.create(name, case, query_type(string=row['parameters'])) self.parameters = row['parameters']
name=query['iosource'], type=self.__class__.__name__, timezone=query.get('TZ', "SYSTEM"), parameters="%s" % query, _fast=True) else: self.io = self.create(name, case, query) ## No query provided, we need to fetch it from the db: else: dbh.check_index('iosources', 'name') dbh.execute("select parameters from iosources where name = %r", name) row = dbh.fetch() self.io = self.create(name, case, query_type(string=row['parameters'])) self.parameters = row['parameters'] config.add_option( "FOLLOW_SYMLINKS", default=True, action="store_false", help= "Should we follow symlinks in the upload directory? This has security implications if untrusted users are able to create files/symlinks in the upload directory." ) class EWF(Standard): """ EWF is used by other forensic packages like Encase or FTK """ def form(self, query, result):