def set_case_info(directory, obj):
o = opencase.opencase(directory)
if hasattr(obj, "gui"):
gui = obj.gui
else:
gui = obj
gui.case_obj = o
gui.directory = directory
gui.stackedWidget.setCurrentIndex(gcommon.CASE_WINDOW)
def set_case_info(directory, obj):
o = opencase.opencase(directory)
if hasattr(obj, "gui"):
gui = obj.gui
else:
gui = obj
gui.case_obj = o
gui.directory = directory
gui.stackedWidget.setCurrentIndex(gcommon.CASE_WINDOW)
def plugin_cmdline():
try:
case_dir = sys.argv[1]
plugin_name = sys.argv[2]
fileid = int(sys.argv[3])
except:
usage()
try:
extra = sys.argv[4]
extra = extra.split(";")
except:
extra = []
# open the case and get the tree
o = opencase.opencase(case_dir)
o.current_fileid = fileid
tm = tmmod.TemplateManager()
tm.load_templates(o, extra)
templates = tm.get_loaded_templates()
ran = 0
for t in templates:
if t.pluginname == plugin_name:
t.run_me()
ran = 1
break
if ran:
print "------output for %s------" % plugin_name
for val_list in tm.report_data:
for val in val_list:
print val,
print ""
else:
print "invalid plugin given"
def perform_processing(self, gui_ref):
self.evidence_db.update_label(gui_ref, "Starting Processing")
if gui_ref.gui.add_evidence:
case_obj = opencase.opencase(gui_ref.directory)
self.reinit_htables(case_obj)
else:
case_obj = self.setup_case_obj(gui_ref.directory)
ehash = {}
numfiles = len(gui_ref.evidence_list)
i = 0
skip_indexes = []
# grab each peice of evidence given and process it based on type
for evidence_file in gui_ref.evidence_list:
self.evidence_db.update_label(gui_ref, "Processing File %d of %d" % (i+1, numfiles))
# grab all the registry files from each file or the registry file itself
etype = self.acquire_files.acquire_from_file(evidence_file, gui_ref)
# user chose to skip the file
if etype == -1:
skip_indexes.append(i)
# user chose not to skip file, need to force re-adding of evidence
elif etype == -2:
raise RegBadEvidenceError(evidence_file)
else:
etype = etype[0]
ehash[evidence_file] = etype
i = i + 1
if self.acquire_files.ac:
ac = self.acquire_files.ac
ac.cursor.close()
ac.cursor = None
ac.conn = None
# remove files that could not be processed
gui_ref.evidence_list = [item for idx,item in enumerate(gui_ref.evidence_list) if idx not in skip_indexes]
# check if any valid files were added
if len(gui_ref.evidence_list) == 0:
gui_ref.gui.msgBox("No valid files were added as evidence. Cannot Proceed.")
raise RegBadEvidenceError("No valid files")
# write out evidence information to evidence_database.db
self.evidence_db.write_evidence_database(gui_ref, ehash, case_obj)
self.evidence_db.update_label(gui_ref, "Saving Information")
self.insert_tree_nodes(case_obj)
# delete lists and such that aren't needed anymore
case_obj.tree.before_pickle()
self.evidence_db.update_label(gui_ref, "Final Processing")
pickle_name = os.path.join(case_obj.case_directory,"caseobj.pickle")
writefd = open(pickle_name,"wb")
cPickle.dump(case_obj, writefd, 2)
writefd.close()
return True
def start_analysis(self):
self.case = opencase.opencase()
filetab(self).draw()
def perform_processing(self, gui_ref):
self.evidence_db.update_label(gui_ref, "Starting Processing")
if gui_ref.gui.add_evidence:
case_obj = opencase.opencase(gui_ref.directory)
self.reinit_htables(case_obj)
else:
case_obj = self.setup_case_obj(gui_ref.directory)
ehash = {}
numfiles = len(gui_ref.evidence_list)
i = 0
skip_indexes = []
# grab each peice of evidence given and process it based on type
for evidence_file in gui_ref.evidence_list:
self.evidence_db.update_label(
gui_ref, "Processing File %d of %d" % (i + 1, numfiles))
# grab all the registry files from each file or the registry file itself
etype = self.acquire_files.acquire_from_file(
evidence_file, gui_ref)
# user chose to skip the file
if etype == -1:
skip_indexes.append(i)
# user chose not to skip file, need to force re-adding of evidence
elif etype == -2:
raise RegBadEvidenceError(evidence_file)
else:
etype = etype[0]
ehash[evidence_file] = etype
i = i + 1
if self.acquire_files.ac:
ac = self.acquire_files.ac
ac.cursor.close()
ac.cursor = None
ac.conn = None
# remove files that could not be processed
gui_ref.evidence_list = [
item for idx, item in enumerate(gui_ref.evidence_list)
if idx not in skip_indexes
]
# check if any valid files were added
if len(gui_ref.evidence_list) == 0:
gui_ref.gui.msgBox(
"No valid files were added as evidence. Cannot Proceed.")
raise RegBadEvidenceError("No valid files")
# write out evidence information to evidence_database.db
self.evidence_db.write_evidence_database(gui_ref, ehash, case_obj)
self.evidence_db.update_label(gui_ref, "Saving Information")
self.insert_tree_nodes(case_obj)
# delete lists and such that aren't needed anymore
case_obj.tree.before_pickle()
self.evidence_db.update_label(gui_ref, "Final Processing")
pickle_name = os.path.join(case_obj.case_directory, "caseobj.pickle")
writefd = open(pickle_name, "wb")
cPickle.dump(case_obj, writefd, 2)
writefd.close()
return True
def start_analysis(self): self.case = opencase.opencase() filetab(self).draw()
