def make_reference_to_inode(self, inode_id, hint=None):
""" Returns a reference to the given Inode ID.
This needs to provide a URL to the specified resource.
"""
result = query_type(case=self.case,
family="Network Forensics",
report="ViewFile",
inode_id=inode_id)
if hint:
result['hint'] = hint
return '"f?%s"' % result
def display(self, query, result):
result.heading("Email sessions")
result.table(
elements = [ InodeType('Inode','inode',
link = query_type(family='Disk Forensics',
case=query['case'],
__target__='inode',
report='View File Contents',
mode="Text"),
case=query['case']),
TimestampType('Date','date'),
StringType('From','from'),
StringType('To','to'),
StringType('Subject','subject') ],
table=('email'),
case=query['case'],
)
def display(self, query, result):
result.heading("Email sessions")
result.table(
elements=[
InodeType('Inode',
'inode',
link=query_type(family='Disk Forensics',
case=query['case'],
__target__='inode',
report='View File Contents',
mode="Text"),
case=query['case']),
TimestampType('Date', 'date'),
StringType('From', 'from'),
StringType('To', 'to'),
StringType('Subject', 'subject')
],
table=('email'),
case=query['case'],
)
def cache_io(self, name, case, query=None):
if not self.io:
dbh = DB.DBO(case)
## This basically checks that the query is sane.
if query:
## Check that all our mandatory parameters have been provided:
for p in self.mandatory_parameters:
if not query.has_key(p):
raise IOError("Mandatory parameter %s not provided" % p)
## Check that the name does not already exist:
if name:
dbh.execute("select * from iosources where name = %r" , name)
if dbh.fetch():
raise IOError("An iosource of name %s already exists in this case" % name)
## Try to make it
self.io = self.create(name, case, query)
## If we get here we made it successfully so store in db:
dbh.insert('iosources',
name = query['iosource'],
type = self.__class__.__name__,
timezone = query.get('TZ',"SYSTEM"),
parameters = "%s" % query,
_fast = True)
else:
self.io = self.create(name, case, query)
## No query provided, we need to fetch it from the db:
else:
dbh.check_index('iosources','name')
dbh.execute("select parameters from iosources where name = %r" , name)
row = dbh.fetch()
self.io = self.create(name, case, query_type(string=row['parameters']))
self.parameters = row['parameters']
name=query['iosource'],
type=self.__class__.__name__,
timezone=query.get('TZ', "SYSTEM"),
parameters="%s" % query,
_fast=True)
else:
self.io = self.create(name, case, query)
## No query provided, we need to fetch it from the db:
else:
dbh.check_index('iosources', 'name')
dbh.execute("select parameters from iosources where name = %r",
name)
row = dbh.fetch()
self.io = self.create(name, case,
query_type(string=row['parameters']))
self.parameters = row['parameters']
config.add_option(
"FOLLOW_SYMLINKS",
default=True,
action="store_false",
help=
"Should we follow symlinks in the upload directory? This has security implications if untrusted users are able to create files/symlinks in the upload directory."
)
class EWF(Standard):
""" EWF is used by other forensic packages like Encase or FTK """
def form(self, query, result):
