def recreateTree(self, caseDbFile): self.tree_ctrl_1.Freeze() self.tree_ctrl_1.DeleteAllItems() global caseName for x in caseDetails: caseName = str(x[2]) + "_" + x[3] root = self.tree_ctrl_1.AddRoot( caseName) #adds the name of case as root item in treectrl summary = self.tree_ctrl_1.AppendItem(root, "Summary") conn = connectdb.create_connection( caseDbFile) #connect to case database evidenceInfo = connectdb.select_evidence_details( conn ) #get evidenceName, EvidenceDbPath EvidenceDatetime and Md5 from case database #EvidenceDbPath = path to tsk database generated when onAddEvidence is called for x in evidenceInfo: evidenceDbConn = connectdb.create_connection( x[2]) #connect to tsk database evidenceDbInfo = connectdb.select_image_info( evidenceDbConn ) #get evidence name, size and md5 from tsk database evidencePart = connectdb.select_image_partitions( evidenceDbConn) #get partition info from tsk database count = 0 for i in evidenceDbInfo: fileName = os.path.basename(i[0]) temp = self.tree_ctrl_1.AppendItem( summary, fileName) #append evidence name to treectrl for i in evidencePart: i = list(i) count += 1 self.tree_ctrl_1.AppendItem( temp, "Vol{count} {desc}: {start}-{end})".format( count=count, desc=str(i[2]), start=str(i[0]), end=str(i[1])) ) #append evidence partition to evidence name self.tree_ctrl_1.AppendItem(summary, "Timeline") self.tree_ctrl_1.AppendItem(summary, "Bookmarks") self.tree_ctrl_1.AppendItem(summary, "Search") analyzedData = self.tree_ctrl_1.AppendItem(root, "Analyzed Data") for x in analyzedDataTree: self.tree_ctrl_1.AppendItem(analyzedData, x) docTree = self.tree_ctrl_1.AppendItem(analyzedData, "Documents") for x in documentsTree: self.tree_ctrl_1.AppendItem(docTree, x) exeTree = self.tree_ctrl_1.AppendItem(analyzedData, "Executables") for x in executablesTree: self.tree_ctrl_1.AppendItem(exeTree, x) self.tree_ctrl_1.ExpandAll() self.tree_ctrl_1.Thaw()
def addAuiTab(self, tabName, evidenceDetails): global caseDir for x in caseDetails: caseDir = x[4] if tabName == "Summary": self.auiNotebook.AddPage(SummaryTab.TabPanel(self.auiNotebook, caseDetails, evidenceDetails), tabName, False, wx.NullBitmap) if tabName == "Deleted files": mainFrame._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100) #create loading dialog LoadingDialog(mainFrame._dialog) #start loading self.auiNotebook.AddPage(DeletedFilesTab.TabPanel(self.auiNotebook, tabName, caseDir), tabName, False, wx.NullBitmap) #calls and open a aui tab from DeletedFilesTab.py LoadingDialog.endLoadingDialog(self) #stop loading if tabName == "Bookmarks": mainFrame._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100) LoadingDialog(mainFrame._dialog) self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap) #calls and open a aui tab from SummaryTab.py LoadingDialog.endLoadingDialog(self) for x in analyzedDataTree: if tabName == x and tabName != "Deleted files": mainFrame._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100) LoadingDialog(mainFrame._dialog) addingPage = self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap) LoadingDialog.endLoadingDialog(self) for x in documentsTree: if tabName == x: mainFrame._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100) LoadingDialog(mainFrame._dialog) self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap) LoadingDialog.endLoadingDialog(self) for x in executablesTree: if tabName == x: mainFrame._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100) LoadingDialog(mainFrame._dialog) self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap) LoadingDialog.endLoadingDialog(self) for x in evidenceDetails: evidenceDbConn = connectdb.create_connection(x[2]) #connects to tsk database evidenceDbInfo = connectdb.select_image_info(evidenceDbConn) #get name, size and md5 from tsk database evidencePart = connectdb.select_image_partitions(evidenceDbConn) #get partition info from tsk database count = 0 for i in evidencePart: count += 1 if tabName == "Vol{count} {desc}: {start}-{end})".format(count=count, desc=str(i[2]), start=str(i[0]), end=str(i[1])): mainFrame._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100) LoadingDialog(mainFrame._dialog) self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap) LoadingDialog.endLoadingDialog(self)
def __do_layout(self, caseDetails, evidenceDetails): # begin wxGlade: MyFrame.__do_layout sizer_1 = wx.BoxSizer(wx.VERTICAL) sizer_9 = wx.BoxSizer(wx.VERTICAL) sizer_12 = wx.BoxSizer(wx.HORIZONTAL) sizer_14 = wx.BoxSizer(wx.VERTICAL) caseInfoGridSizer = wx.FlexGridSizer(6, 2, 0, 0) sizer_13 = wx.BoxSizer(wx.VERTICAL) evidenceMainSizer = wx.BoxSizer(wx.HORIZONTAL) sizer_2 = wx.BoxSizer(wx.HORIZONTAL) sizer_10 = wx.BoxSizer(wx.HORIZONTAL) lblSummary = wx.StaticText(self.panel_1, wx.ID_ANY, "Summary") lblSummary.SetFont(wx.Font(20, wx.DEFAULT, wx.NORMAL, wx.LIGHT, 0, "")) sizer_10.Add(lblSummary, 1, wx.ALL, 5) sizer_9.Add(sizer_10, 0, wx.EXPAND, 0) static_line_1 = wx.StaticLine(self.panel_1, wx.ID_ANY) sizer_9.Add(static_line_1, 0, wx.BOTTOM | wx.EXPAND | wx.TOP, 5) lblExtraction = wx.StaticText(self.panel_1, wx.ID_ANY, "Extractions: ") lblExtraction.SetFont( wx.Font(15, wx.DEFAULT, wx.NORMAL, wx.NORMAL, 0, "")) sizer_2.Add(lblExtraction, 0, 0, 0) lblEvidenceCount = wx.StaticText(self.panel_1, wx.ID_ANY, "0") lblEvidenceCount.SetFont( wx.Font(15, wx.DEFAULT, wx.NORMAL, wx.NORMAL, 0, "")) sizer_2.Add(lblEvidenceCount, 0, 0, 0) sizer_9.Add(sizer_2, 0, wx.EXPAND, 0) # for x in imageInfo: # x = list(x) # self.addEvidence(evidenceMainSizer, x[0], x[1], x[2]) global evidenceAddDate for x in evidenceDetails: evidenceAddDate = x[3] evidenceCount = 0 for x in evidenceInfo: global imageInfo try: conn = connectdb.create_connection( x[2]) #connect to tsk database imageInfo = connectdb.select_image_info( conn) #get evidence name, size and md5 from tsk database except: pass for i in imageInfo: i = list(i) fileName = os.path.basename(i[0]) self.addEvidence( evidenceMainSizer, fileName, i[1], x[4] ) #sets the evidence along with the details on the top panel evidenceCount += 1 lblEvidenceCount.SetLabel(str(evidenceCount)) self.panel_2.SetSizer(evidenceMainSizer) sizer_9.Add(self.panel_2, 1, wx.EXPAND, 0) lblDeviceInfo = wx.StaticText(self.panel_1, wx.ID_ANY, "Case Info:") lblDeviceInfo.SetFont( wx.Font(15, wx.DEFAULT, wx.NORMAL, wx.NORMAL, 0, "")) sizer_13.Add(lblDeviceInfo, 0, wx.ALL | wx.EXPAND, 5) static_line_2 = wx.StaticLine(self.panel_1, wx.ID_ANY) sizer_13.Add(static_line_2, 0, wx.BOTTOM | wx.EXPAND | wx.TOP, 5) label_5 = wx.StaticText(self.panel_1, wx.ID_ANY, "Investigator Name:") caseInfoGridSizer.Add(label_5, 0, 0, 0) lblInvestigatorName = wx.StaticText(self.panel_1, wx.ID_ANY, "") caseInfoGridSizer.Add(lblInvestigatorName, 0, 0, 0) label_6 = wx.StaticText(self.panel_1, wx.ID_ANY, "Case Number:") caseInfoGridSizer.Add(label_6, 0, 0, 0) lblCaseNum = wx.StaticText(self.panel_1, wx.ID_ANY, "") caseInfoGridSizer.Add(lblCaseNum, 0, 0, 0) label_13 = wx.StaticText(self.panel_1, wx.ID_ANY, "Case Name:") caseInfoGridSizer.Add(label_13, 0, 0, 0) lblCaseName = wx.StaticText(self.panel_1, wx.ID_ANY, "") caseInfoGridSizer.Add(lblCaseName, 0, 0, 0) label_11 = wx.StaticText(self.panel_1, wx.ID_ANY, "Date added:") caseInfoGridSizer.Add(label_11, 0, 0, 0) lblDateTime = wx.StaticText(self.panel_1, wx.ID_ANY, "") caseInfoGridSizer.Add(lblDateTime, 0, 0, 0) label_9 = wx.StaticText(self.panel_1, wx.ID_ANY, "Case Database:") caseInfoGridSizer.Add(label_9, 0, 0, 0) caseInfoGridSizer.Add(self.txtCaseDb, 0, wx.ALL | wx.EXPAND, 5) label_10 = wx.StaticText(self.panel_1, wx.ID_ANY, "Case Description:") caseInfoGridSizer.Add(label_10, 0, 0, 0) caseInfoGridSizer.Add(self.txtCaseDesc, 1, wx.ALL | wx.EXPAND, 5) caseInfoGridSizer.AddGrowableCol(1) for x in caseDetails: #sets the case info lblInvestigatorName.SetLabel(x[1]) lblCaseNum.SetLabel(str(x[2])) lblCaseName.SetLabel(x[3]) lblDateTime.SetLabel(str(x[7])) self.txtCaseDb.SetValue(x[5]) self.txtCaseDesc.SetValue(x[6]) sizer_13.Add( caseInfoGridSizer, 1, wx.ALL | wx.EXPAND, ) sizer_12.Add(sizer_13, 1, wx.EXPAND, 0) sizer_9.Add(sizer_12, 1, wx.EXPAND, 0) self.panel_1.SetSizer(sizer_9) sizer_1.Add(self.panel_1, 1, wx.EXPAND, 0) self.SetSizer(sizer_1) self.Layout()
def addAuiTab(self, tabName, evidenceDetails): global caseDir for x in caseDetails: caseDir = x[4] if tabName == "Summary": self.auiNotebook.AddPage( SummaryTab.TabPanel(self.auiNotebook, caseDetails, evidenceDetails), tabName, False, wx.NullBitmap) if tabName == "File": self.auiNotebook.AddPage( FileTab.TabPanel(self.auiNotebook, caseDetails, evidenceDetails), tabName, False, wx.NullBitmap) if tabName == "Images": self.auiNotebook.AddPage( ImagesTab.TabPanel(self.auiNotebook, caseDetails, evidenceDetails), tabName, False, wx.NullBitmap) if tabName == "Sessions": self.auiNotebook.AddPage( SessionsTab.TabPanel(self.auiNotebook, caseDetails, evidenceDetails), tabName, False, wx.NullBitmap) if tabName == "DNS": self.auiNotebook.AddPage( DNSTab.TabPanel(self.auiNotebook, caseDetails, evidenceDetails), tabName, False, wx.NullBitmap) if tabName == "Credentials": self.auiNotebook.AddPage( CredentialsTab.TabPanel(self.auiNotebook, caseDetails, evidenceDetails), tabName, False, wx.NullBitmap) if tabName == "Bookmarks": self._dialog = wx.ProgressDialog( "Loading", "Loading {tabName}".format(tabName=tabName), 100) LoadingDialog(self._dialog) self.auiNotebook.AddPage( AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap) #calls and open a aui tab from SummaryTab.py LoadingDialog.endLoadingDialog(self) for x in evidenceDetails: evidenceDbConn = connectdb.create_connection( x[2]) #connects to tsk database evidenceDbInfo = connectdb.select_image_info( evidenceDbConn) #get name, size and md5 from tsk database evidencePart = connectdb.select_image_partitions( evidenceDbConn) #get partition info from tsk database count = 0 for i in evidencePart: count += 1 if tabName == "Vol{count} {desc}: {start}-{end})".format( count=count, desc=str(i[2]), start=str(i[0]), end=str(i[1])): self._dialog = wx.ProgressDialog( "Loading", "Loading {tabName}".format(tabName=tabName), 100) LoadingDialog(self._dialog) self.auiNotebook.AddPage( AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap) LoadingDialog.endLoadingDialog(self)
def addAuiTab(self, tabName, evidenceDetails): global caseDir for x in caseDetails: caseDir = x[4] if tabName == "Summary": self.auiNotebook.AddPage(SummaryTab.TabPanel(self.auiNotebook, caseDetails, evidenceDetails), tabName, False, wx.NullBitmap) if tabName == "File": self._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100) #create loading dialog LoadingDialog(self._dialog) #start loading self.auiNotebook.AddPage(pcapFilesTab.TabPanel(self.auiNotebook, tabName, caseDir), tabName, False, wx.NullBitmap) #calls and open a aui tab from DeletedFilesTab.py LoadingDialog.endLoadingDialog(self) #sequence = [frameNumber, evidencePath, src_host_str, src_port, dst_host_str, dst_port, protocol, fileName, ext, size, timestamp] window = self.auiNotebook.GetPage(self.auiNotebook.GetPageCount() - 1) # we've just added a page so the page we want to access is the last one sequence = [1, "2", "3", "4", "5", "6", "7", "8", "9", "10", "11"] pcapFilesTab.TabPanel.addPcapDetails(window, sequence) # Get the PCAP data from the database and display in the GUI (File tab) index = 1 while (True): row = connectdb.selectPcapEvidenceDetails(self.conn, index) if ( () == row or None == row ): break # from while-loop (no more data) pcapFilesTab.TabPanel.addPcapDetails(window, row) index = index + 1 if tabName == "Images": self._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100) LoadingDialog(self._dialog) self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap) LoadingDialog.endLoadingDialog(self) if tabName == "Sessions": self._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100) #create loading dialog LoadingDialog(self._dialog) #start loading self.auiNotebook.AddPage(pcapSessionsTab.TabPanel(self.auiNotebook, caseDir), tabName, False, wx.NullBitmap) LoadingDialog.endLoadingDialog(self) #sequence = [Packet, timestamp, src_ip, dst_ip, request] window = self.auiNotebook.GetPage(self.auiNotebook.GetPageCount() - 1) # we've just added a page so the page we want to access is the last one sequence = [1, "2", "3", "4", "5"] pcapSessionsTab.TabPanel.addSessionsDetails(window, sequence) # Get the PCAP data from the database and display in the GUI (Sessions tab) index = 1 while (True): row = connectdb.selectPcapSessionsDetails(self.conn, index) if ( () == row or None == row ): break # from while-loop (no more data) pcapSessionsTab.TabPanel.addSessionsDetails(window, row) index = index + 1 if tabName == "DNS": self._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100) #create loading dialog LoadingDialog(self._dialog) #start loading self.auiNotebook.AddPage(pcapDNSTab.TabPanel(self.auiNotebook, caseDir), tabName, False, wx.NullBitmap) LoadingDialog.endLoadingDialog(self) if tabName == "Bookmarks": self._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100) LoadingDialog(self._dialog) self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap) LoadingDialog.endLoadingDialog(self) for x in evidenceDetails: evidenceDbConn = connectdb.create_connection(x[2]) #connects to tsk database evidenceDbInfo = connectdb.select_image_info(evidenceDbConn) #get name, size and md5 from tsk database evidencePart = connectdb.select_image_partitions(evidenceDbConn) #get partition info from tsk database count = 0 for i in evidencePart: count += 1 if tabName == "Vol{count} {desc}: {start}-{end})".format(count=count, desc=str(i[2]), start=str(i[0]), end=str(i[1])): self._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100) LoadingDialog(self._dialog) self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap) LoadingDialog.endLoadingDialog(self)