def recreateTree(self, caseDbFile):
self.tree_ctrl_1.Freeze()
self.tree_ctrl_1.DeleteAllItems()
global caseName
for x in caseDetails:
caseName = str(x[2]) + "_" + x[3]
root = self.tree_ctrl_1.AddRoot(
caseName) #adds the name of case as root item in treectrl
summary = self.tree_ctrl_1.AppendItem(root, "Summary")
conn = connectdb.create_connection(
caseDbFile) #connect to case database
evidenceInfo = connectdb.select_evidence_details(
conn
) #get evidenceName, EvidenceDbPath EvidenceDatetime and Md5 from case database
#EvidenceDbPath = path to tsk database generated when onAddEvidence is called
for x in evidenceInfo:
evidenceDbConn = connectdb.create_connection(
x[2]) #connect to tsk database
evidenceDbInfo = connectdb.select_image_info(
evidenceDbConn
) #get evidence name, size and md5 from tsk database
evidencePart = connectdb.select_image_partitions(
evidenceDbConn) #get partition info from tsk database
count = 0
for i in evidenceDbInfo:
fileName = os.path.basename(i[0])
temp = self.tree_ctrl_1.AppendItem(
summary, fileName) #append evidence name to treectrl
for i in evidencePart:
i = list(i)
count += 1
self.tree_ctrl_1.AppendItem(
temp, "Vol{count} {desc}: {start}-{end})".format(
count=count,
desc=str(i[2]),
start=str(i[0]),
end=str(i[1]))
) #append evidence partition to evidence name
self.tree_ctrl_1.AppendItem(summary, "Timeline")
self.tree_ctrl_1.AppendItem(summary, "Bookmarks")
self.tree_ctrl_1.AppendItem(summary, "Search")
analyzedData = self.tree_ctrl_1.AppendItem(root, "Analyzed Data")
for x in analyzedDataTree:
self.tree_ctrl_1.AppendItem(analyzedData, x)
docTree = self.tree_ctrl_1.AppendItem(analyzedData, "Documents")
for x in documentsTree:
self.tree_ctrl_1.AppendItem(docTree, x)
exeTree = self.tree_ctrl_1.AppendItem(analyzedData, "Executables")
for x in executablesTree:
self.tree_ctrl_1.AppendItem(exeTree, x)
self.tree_ctrl_1.ExpandAll()
self.tree_ctrl_1.Thaw()
def addAuiTab(self, tabName, evidenceDetails):
global caseDir
for x in caseDetails:
caseDir = x[4]
if tabName == "Summary":
self.auiNotebook.AddPage(SummaryTab.TabPanel(self.auiNotebook, caseDetails, evidenceDetails), tabName, False, wx.NullBitmap)
if tabName == "Deleted files":
mainFrame._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100) #create loading dialog
LoadingDialog(mainFrame._dialog) #start loading
self.auiNotebook.AddPage(DeletedFilesTab.TabPanel(self.auiNotebook, tabName, caseDir), tabName, False, wx.NullBitmap) #calls and open a aui tab from DeletedFilesTab.py
LoadingDialog.endLoadingDialog(self) #stop loading
if tabName == "Bookmarks":
mainFrame._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100)
LoadingDialog(mainFrame._dialog)
self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap) #calls and open a aui tab from SummaryTab.py
LoadingDialog.endLoadingDialog(self)
for x in analyzedDataTree:
if tabName == x and tabName != "Deleted files":
mainFrame._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100)
LoadingDialog(mainFrame._dialog)
addingPage = self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap)
LoadingDialog.endLoadingDialog(self)
for x in documentsTree:
if tabName == x:
mainFrame._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100)
LoadingDialog(mainFrame._dialog)
self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap)
LoadingDialog.endLoadingDialog(self)
for x in executablesTree:
if tabName == x:
mainFrame._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100)
LoadingDialog(mainFrame._dialog)
self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap)
LoadingDialog.endLoadingDialog(self)
for x in evidenceDetails:
evidenceDbConn = connectdb.create_connection(x[2]) #connects to tsk database
evidenceDbInfo = connectdb.select_image_info(evidenceDbConn) #get name, size and md5 from tsk database
evidencePart = connectdb.select_image_partitions(evidenceDbConn) #get partition info from tsk database
count = 0
for i in evidencePart:
count += 1
if tabName == "Vol{count} {desc}: {start}-{end})".format(count=count, desc=str(i[2]), start=str(i[0]), end=str(i[1])):
mainFrame._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100)
LoadingDialog(mainFrame._dialog)
self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap)
LoadingDialog.endLoadingDialog(self)
def __do_layout(self, caseDetails, evidenceDetails):
# begin wxGlade: MyFrame.__do_layout
sizer_1 = wx.BoxSizer(wx.VERTICAL)
sizer_9 = wx.BoxSizer(wx.VERTICAL)
sizer_12 = wx.BoxSizer(wx.HORIZONTAL)
sizer_14 = wx.BoxSizer(wx.VERTICAL)
caseInfoGridSizer = wx.FlexGridSizer(6, 2, 0, 0)
sizer_13 = wx.BoxSizer(wx.VERTICAL)
evidenceMainSizer = wx.BoxSizer(wx.HORIZONTAL)
sizer_2 = wx.BoxSizer(wx.HORIZONTAL)
sizer_10 = wx.BoxSizer(wx.HORIZONTAL)
lblSummary = wx.StaticText(self.panel_1, wx.ID_ANY, "Summary")
lblSummary.SetFont(wx.Font(20, wx.DEFAULT, wx.NORMAL, wx.LIGHT, 0, ""))
sizer_10.Add(lblSummary, 1, wx.ALL, 5)
sizer_9.Add(sizer_10, 0, wx.EXPAND, 0)
static_line_1 = wx.StaticLine(self.panel_1, wx.ID_ANY)
sizer_9.Add(static_line_1, 0, wx.BOTTOM | wx.EXPAND | wx.TOP, 5)
lblExtraction = wx.StaticText(self.panel_1, wx.ID_ANY, "Extractions: ")
lblExtraction.SetFont(
wx.Font(15, wx.DEFAULT, wx.NORMAL, wx.NORMAL, 0, ""))
sizer_2.Add(lblExtraction, 0, 0, 0)
lblEvidenceCount = wx.StaticText(self.panel_1, wx.ID_ANY, "0")
lblEvidenceCount.SetFont(
wx.Font(15, wx.DEFAULT, wx.NORMAL, wx.NORMAL, 0, ""))
sizer_2.Add(lblEvidenceCount, 0, 0, 0)
sizer_9.Add(sizer_2, 0, wx.EXPAND, 0)
# for x in imageInfo:
# x = list(x)
# self.addEvidence(evidenceMainSizer, x[0], x[1], x[2])
global evidenceAddDate
for x in evidenceDetails:
evidenceAddDate = x[3]
evidenceCount = 0
for x in evidenceInfo:
global imageInfo
try:
conn = connectdb.create_connection(
x[2]) #connect to tsk database
imageInfo = connectdb.select_image_info(
conn) #get evidence name, size and md5 from tsk database
except:
pass
for i in imageInfo:
i = list(i)
fileName = os.path.basename(i[0])
self.addEvidence(
evidenceMainSizer, fileName, i[1], x[4]
) #sets the evidence along with the details on the top panel
evidenceCount += 1
lblEvidenceCount.SetLabel(str(evidenceCount))
self.panel_2.SetSizer(evidenceMainSizer)
sizer_9.Add(self.panel_2, 1, wx.EXPAND, 0)
lblDeviceInfo = wx.StaticText(self.panel_1, wx.ID_ANY, "Case Info:")
lblDeviceInfo.SetFont(
wx.Font(15, wx.DEFAULT, wx.NORMAL, wx.NORMAL, 0, ""))
sizer_13.Add(lblDeviceInfo, 0, wx.ALL | wx.EXPAND, 5)
static_line_2 = wx.StaticLine(self.panel_1, wx.ID_ANY)
sizer_13.Add(static_line_2, 0, wx.BOTTOM | wx.EXPAND | wx.TOP, 5)
label_5 = wx.StaticText(self.panel_1, wx.ID_ANY, "Investigator Name:")
caseInfoGridSizer.Add(label_5, 0, 0, 0)
lblInvestigatorName = wx.StaticText(self.panel_1, wx.ID_ANY, "")
caseInfoGridSizer.Add(lblInvestigatorName, 0, 0, 0)
label_6 = wx.StaticText(self.panel_1, wx.ID_ANY, "Case Number:")
caseInfoGridSizer.Add(label_6, 0, 0, 0)
lblCaseNum = wx.StaticText(self.panel_1, wx.ID_ANY, "")
caseInfoGridSizer.Add(lblCaseNum, 0, 0, 0)
label_13 = wx.StaticText(self.panel_1, wx.ID_ANY, "Case Name:")
caseInfoGridSizer.Add(label_13, 0, 0, 0)
lblCaseName = wx.StaticText(self.panel_1, wx.ID_ANY, "")
caseInfoGridSizer.Add(lblCaseName, 0, 0, 0)
label_11 = wx.StaticText(self.panel_1, wx.ID_ANY, "Date added:")
caseInfoGridSizer.Add(label_11, 0, 0, 0)
lblDateTime = wx.StaticText(self.panel_1, wx.ID_ANY, "")
caseInfoGridSizer.Add(lblDateTime, 0, 0, 0)
label_9 = wx.StaticText(self.panel_1, wx.ID_ANY, "Case Database:")
caseInfoGridSizer.Add(label_9, 0, 0, 0)
caseInfoGridSizer.Add(self.txtCaseDb, 0, wx.ALL | wx.EXPAND, 5)
label_10 = wx.StaticText(self.panel_1, wx.ID_ANY, "Case Description:")
caseInfoGridSizer.Add(label_10, 0, 0, 0)
caseInfoGridSizer.Add(self.txtCaseDesc, 1, wx.ALL | wx.EXPAND, 5)
caseInfoGridSizer.AddGrowableCol(1)
for x in caseDetails: #sets the case info
lblInvestigatorName.SetLabel(x[1])
lblCaseNum.SetLabel(str(x[2]))
lblCaseName.SetLabel(x[3])
lblDateTime.SetLabel(str(x[7]))
self.txtCaseDb.SetValue(x[5])
self.txtCaseDesc.SetValue(x[6])
sizer_13.Add(
caseInfoGridSizer,
1,
wx.ALL | wx.EXPAND,
)
sizer_12.Add(sizer_13, 1, wx.EXPAND, 0)
sizer_9.Add(sizer_12, 1, wx.EXPAND, 0)
self.panel_1.SetSizer(sizer_9)
sizer_1.Add(self.panel_1, 1, wx.EXPAND, 0)
self.SetSizer(sizer_1)
self.Layout()
def addAuiTab(self, tabName, evidenceDetails):
global caseDir
for x in caseDetails:
caseDir = x[4]
if tabName == "Summary":
self.auiNotebook.AddPage(
SummaryTab.TabPanel(self.auiNotebook, caseDetails,
evidenceDetails), tabName, False,
wx.NullBitmap)
if tabName == "File":
self.auiNotebook.AddPage(
FileTab.TabPanel(self.auiNotebook, caseDetails,
evidenceDetails), tabName, False,
wx.NullBitmap)
if tabName == "Images":
self.auiNotebook.AddPage(
ImagesTab.TabPanel(self.auiNotebook, caseDetails,
evidenceDetails), tabName, False,
wx.NullBitmap)
if tabName == "Sessions":
self.auiNotebook.AddPage(
SessionsTab.TabPanel(self.auiNotebook, caseDetails,
evidenceDetails), tabName, False,
wx.NullBitmap)
if tabName == "DNS":
self.auiNotebook.AddPage(
DNSTab.TabPanel(self.auiNotebook, caseDetails,
evidenceDetails), tabName, False,
wx.NullBitmap)
if tabName == "Credentials":
self.auiNotebook.AddPage(
CredentialsTab.TabPanel(self.auiNotebook, caseDetails,
evidenceDetails), tabName, False,
wx.NullBitmap)
if tabName == "Bookmarks":
self._dialog = wx.ProgressDialog(
"Loading", "Loading {tabName}".format(tabName=tabName), 100)
LoadingDialog(self._dialog)
self.auiNotebook.AddPage(
AnalyzedDataTab.TabPanel(self.auiNotebook, tabName,
evidenceDetails, caseDir, caseDbPath),
tabName, False,
wx.NullBitmap) #calls and open a aui tab from SummaryTab.py
LoadingDialog.endLoadingDialog(self)
for x in evidenceDetails:
evidenceDbConn = connectdb.create_connection(
x[2]) #connects to tsk database
evidenceDbInfo = connectdb.select_image_info(
evidenceDbConn) #get name, size and md5 from tsk database
evidencePart = connectdb.select_image_partitions(
evidenceDbConn) #get partition info from tsk database
count = 0
for i in evidencePart:
count += 1
if tabName == "Vol{count} {desc}: {start}-{end})".format(
count=count,
desc=str(i[2]),
start=str(i[0]),
end=str(i[1])):
self._dialog = wx.ProgressDialog(
"Loading", "Loading {tabName}".format(tabName=tabName),
100)
LoadingDialog(self._dialog)
self.auiNotebook.AddPage(
AnalyzedDataTab.TabPanel(self.auiNotebook, tabName,
evidenceDetails, caseDir,
caseDbPath), tabName, False,
wx.NullBitmap)
LoadingDialog.endLoadingDialog(self)
def addAuiTab(self, tabName, evidenceDetails):
global caseDir
for x in caseDetails:
caseDir = x[4]
if tabName == "Summary":
self.auiNotebook.AddPage(SummaryTab.TabPanel(self.auiNotebook, caseDetails, evidenceDetails), tabName, False, wx.NullBitmap)
if tabName == "File":
self._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100) #create loading dialog
LoadingDialog(self._dialog) #start loading
self.auiNotebook.AddPage(pcapFilesTab.TabPanel(self.auiNotebook, tabName, caseDir), tabName, False, wx.NullBitmap) #calls and open a aui tab from DeletedFilesTab.py
LoadingDialog.endLoadingDialog(self)
#sequence = [frameNumber, evidencePath, src_host_str, src_port, dst_host_str, dst_port, protocol, fileName, ext, size, timestamp]
window = self.auiNotebook.GetPage(self.auiNotebook.GetPageCount() - 1) # we've just added a page so the page we want to access is the last one
sequence = [1, "2", "3", "4", "5", "6", "7", "8", "9", "10", "11"]
pcapFilesTab.TabPanel.addPcapDetails(window, sequence)
# Get the PCAP data from the database and display in the GUI (File tab)
index = 1
while (True):
row = connectdb.selectPcapEvidenceDetails(self.conn, index)
if ( () == row or None == row ):
break # from while-loop (no more data)
pcapFilesTab.TabPanel.addPcapDetails(window, row)
index = index + 1
if tabName == "Images":
self._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100)
LoadingDialog(self._dialog)
self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap)
LoadingDialog.endLoadingDialog(self)
if tabName == "Sessions":
self._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100) #create loading dialog
LoadingDialog(self._dialog) #start loading
self.auiNotebook.AddPage(pcapSessionsTab.TabPanel(self.auiNotebook, caseDir), tabName, False, wx.NullBitmap)
LoadingDialog.endLoadingDialog(self)
#sequence = [Packet, timestamp, src_ip, dst_ip, request]
window = self.auiNotebook.GetPage(self.auiNotebook.GetPageCount() - 1) # we've just added a page so the page we want to access is the last one
sequence = [1, "2", "3", "4", "5"]
pcapSessionsTab.TabPanel.addSessionsDetails(window, sequence)
# Get the PCAP data from the database and display in the GUI (Sessions tab)
index = 1
while (True):
row = connectdb.selectPcapSessionsDetails(self.conn, index)
if ( () == row or None == row ):
break # from while-loop (no more data)
pcapSessionsTab.TabPanel.addSessionsDetails(window, row)
index = index + 1
if tabName == "DNS":
self._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100) #create loading dialog
LoadingDialog(self._dialog) #start loading
self.auiNotebook.AddPage(pcapDNSTab.TabPanel(self.auiNotebook, caseDir), tabName, False, wx.NullBitmap)
LoadingDialog.endLoadingDialog(self)
if tabName == "Bookmarks":
self._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100)
LoadingDialog(self._dialog)
self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap)
LoadingDialog.endLoadingDialog(self)
for x in evidenceDetails:
evidenceDbConn = connectdb.create_connection(x[2]) #connects to tsk database
evidenceDbInfo = connectdb.select_image_info(evidenceDbConn) #get name, size and md5 from tsk database
evidencePart = connectdb.select_image_partitions(evidenceDbConn) #get partition info from tsk database
count = 0
for i in evidencePart:
count += 1
if tabName == "Vol{count} {desc}: {start}-{end})".format(count=count, desc=str(i[2]), start=str(i[0]), end=str(i[1])):
self._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100)
LoadingDialog(self._dialog)
self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap)
LoadingDialog.endLoadingDialog(self)