def set_case_info(directory, obj): o = opencase.opencase(directory) if hasattr(obj, "gui"): gui = obj.gui else: gui = obj gui.case_obj = o gui.directory = directory gui.stackedWidget.setCurrentIndex(gcommon.CASE_WINDOW)
def plugin_cmdline(): try: case_dir = sys.argv[1] plugin_name = sys.argv[2] fileid = int(sys.argv[3]) except: usage() try: extra = sys.argv[4] extra = extra.split(";") except: extra = [] # open the case and get the tree o = opencase.opencase(case_dir) o.current_fileid = fileid tm = tmmod.TemplateManager() tm.load_templates(o, extra) templates = tm.get_loaded_templates() ran = 0 for t in templates: if t.pluginname == plugin_name: t.run_me() ran = 1 break if ran: print "------output for %s------" % plugin_name for val_list in tm.report_data: for val in val_list: print val, print "" else: print "invalid plugin given"
def perform_processing(self, gui_ref): self.evidence_db.update_label(gui_ref, "Starting Processing") if gui_ref.gui.add_evidence: case_obj = opencase.opencase(gui_ref.directory) self.reinit_htables(case_obj) else: case_obj = self.setup_case_obj(gui_ref.directory) ehash = {} numfiles = len(gui_ref.evidence_list) i = 0 skip_indexes = [] # grab each peice of evidence given and process it based on type for evidence_file in gui_ref.evidence_list: self.evidence_db.update_label(gui_ref, "Processing File %d of %d" % (i+1, numfiles)) # grab all the registry files from each file or the registry file itself etype = self.acquire_files.acquire_from_file(evidence_file, gui_ref) # user chose to skip the file if etype == -1: skip_indexes.append(i) # user chose not to skip file, need to force re-adding of evidence elif etype == -2: raise RegBadEvidenceError(evidence_file) else: etype = etype[0] ehash[evidence_file] = etype i = i + 1 if self.acquire_files.ac: ac = self.acquire_files.ac ac.cursor.close() ac.cursor = None ac.conn = None # remove files that could not be processed gui_ref.evidence_list = [item for idx,item in enumerate(gui_ref.evidence_list) if idx not in skip_indexes] # check if any valid files were added if len(gui_ref.evidence_list) == 0: gui_ref.gui.msgBox("No valid files were added as evidence. Cannot Proceed.") raise RegBadEvidenceError("No valid files") # write out evidence information to evidence_database.db self.evidence_db.write_evidence_database(gui_ref, ehash, case_obj) self.evidence_db.update_label(gui_ref, "Saving Information") self.insert_tree_nodes(case_obj) # delete lists and such that aren't needed anymore case_obj.tree.before_pickle() self.evidence_db.update_label(gui_ref, "Final Processing") pickle_name = os.path.join(case_obj.case_directory,"caseobj.pickle") writefd = open(pickle_name,"wb") cPickle.dump(case_obj, writefd, 2) writefd.close() return True
def start_analysis(self): self.case = opencase.opencase() filetab(self).draw()
def perform_processing(self, gui_ref): self.evidence_db.update_label(gui_ref, "Starting Processing") if gui_ref.gui.add_evidence: case_obj = opencase.opencase(gui_ref.directory) self.reinit_htables(case_obj) else: case_obj = self.setup_case_obj(gui_ref.directory) ehash = {} numfiles = len(gui_ref.evidence_list) i = 0 skip_indexes = [] # grab each peice of evidence given and process it based on type for evidence_file in gui_ref.evidence_list: self.evidence_db.update_label( gui_ref, "Processing File %d of %d" % (i + 1, numfiles)) # grab all the registry files from each file or the registry file itself etype = self.acquire_files.acquire_from_file( evidence_file, gui_ref) # user chose to skip the file if etype == -1: skip_indexes.append(i) # user chose not to skip file, need to force re-adding of evidence elif etype == -2: raise RegBadEvidenceError(evidence_file) else: etype = etype[0] ehash[evidence_file] = etype i = i + 1 if self.acquire_files.ac: ac = self.acquire_files.ac ac.cursor.close() ac.cursor = None ac.conn = None # remove files that could not be processed gui_ref.evidence_list = [ item for idx, item in enumerate(gui_ref.evidence_list) if idx not in skip_indexes ] # check if any valid files were added if len(gui_ref.evidence_list) == 0: gui_ref.gui.msgBox( "No valid files were added as evidence. Cannot Proceed.") raise RegBadEvidenceError("No valid files") # write out evidence information to evidence_database.db self.evidence_db.write_evidence_database(gui_ref, ehash, case_obj) self.evidence_db.update_label(gui_ref, "Saving Information") self.insert_tree_nodes(case_obj) # delete lists and such that aren't needed anymore case_obj.tree.before_pickle() self.evidence_db.update_label(gui_ref, "Final Processing") pickle_name = os.path.join(case_obj.case_directory, "caseobj.pickle") writefd = open(pickle_name, "wb") cPickle.dump(case_obj, writefd, 2) writefd.close() return True