Python create_connection примеры использования

Пример #1

    def onOpenCase(self, event):  
        #creates a filedialog that only allow user to select .db files
        openFileDialog = wx.FileDialog(self, "Open", "", "","*.db",         
                                       wx.FD_OPEN | wx.FD_FILE_MUST_EXIST) 
 
        openFileDialog.ShowModal()                      
        global caseDbPath
        #get path selected in filedialog
        caseDbPath  = openFileDialog.GetPath()                              
        
        global caseDetails, openTabs
        try:
            #try to connect to Case Database and get Case and Evidence Details
            conn = connectdb.create_connection(caseDbPath)                  
            self.conn = connectdb.create_connection(caseDbPath)
            caseDetails = connectdb.select_case_details(self.conn)
            #get EvidenceName, EvidenceDbPath, EvidenceDatatime and Md5 from Case Database
            self.evidenceDetails = connectdb.select_evidence_details(self.conn)    
            #opens summary page 
            self.addAuiTab("Summary", self.evidenceDetails)                      
            openTabs.append("Summary")                          
            self.recreateTree(caseDbPath)
        except:
            #ignore if try: fails
            pass         

        openFileDialog.Destroy()

Пример #2

    def recreateTree(self, caseDbFile):
        self.tree_ctrl_1.Freeze()
        self.tree_ctrl_1.DeleteAllItems()
        global caseName
        for x in caseDetails:
            caseName = str(x[2]) + "_" + x[3]

        root = self.tree_ctrl_1.AddRoot(
            caseName)  #adds the name of case as root item in treectrl
        summary = self.tree_ctrl_1.AppendItem(root, "Summary")

        conn = connectdb.create_connection(
            caseDbFile)  #connect to case database
        evidenceInfo = connectdb.select_evidence_details(
            conn
        )  #get evidenceName, EvidenceDbPath EvidenceDatetime and Md5 from case database
        #EvidenceDbPath = path to tsk database generated when onAddEvidence is called
        for x in evidenceInfo:
            evidenceDbConn = connectdb.create_connection(
                x[2])  #connect to tsk database
            evidenceDbInfo = connectdb.select_image_info(
                evidenceDbConn
            )  #get evidence name, size and md5 from tsk database
            evidencePart = connectdb.select_image_partitions(
                evidenceDbConn)  #get partition info from tsk database
            count = 0
            for i in evidenceDbInfo:
                fileName = os.path.basename(i[0])
                temp = self.tree_ctrl_1.AppendItem(
                    summary, fileName)  #append evidence name to treectrl
                for i in evidencePart:
                    i = list(i)
                    count += 1
                    self.tree_ctrl_1.AppendItem(
                        temp, "Vol{count} {desc}: {start}-{end})".format(
                            count=count,
                            desc=str(i[2]),
                            start=str(i[0]),
                            end=str(i[1]))
                    )  #append evidence partition to evidence name

        self.tree_ctrl_1.AppendItem(summary, "Timeline")
        self.tree_ctrl_1.AppendItem(summary, "Bookmarks")
        self.tree_ctrl_1.AppendItem(summary, "Search")

        analyzedData = self.tree_ctrl_1.AppendItem(root, "Analyzed Data")
        for x in analyzedDataTree:
            self.tree_ctrl_1.AppendItem(analyzedData, x)
        docTree = self.tree_ctrl_1.AppendItem(analyzedData, "Documents")
        for x in documentsTree:
            self.tree_ctrl_1.AppendItem(docTree, x)
        exeTree = self.tree_ctrl_1.AppendItem(analyzedData, "Executables")
        for x in executablesTree:
            self.tree_ctrl_1.AppendItem(exeTree, x)

        self.tree_ctrl_1.ExpandAll()
        self.tree_ctrl_1.Thaw()

Пример #3

Файл: networkanalysis.py Проект: OfMiceNMonsters/PI_Forensics

    def on_menu_Open_Case(self,
                          event):  # wxGlade: mainNetAnalysis.<event_handler>
        openFileDialog = wx.FileDialog(
            self,
            "Open",
            "",
            "",
            "*.db",  #creates a filedialog that only allow user to select .db files
            wx.FD_OPEN | wx.FD_FILE_MUST_EXIST)

        openFileDialog.ShowModal()
        global caseDbPath
        caseDbPath = openFileDialog.GetPath()  #get path selected in filedialog

        global caseDetails, evidenceDetails
        try:
            conn = connectdb.create_connection(
                caseDbPath
            )  #try to connect to case database and get case and evidence details
            caseDetails = connectdb.select_case_details(conn)
            evidenceDetails = connectdb.select_evidence_details(
                conn
            )  #get EvidenceName, EvidenceDbPath, EvidenceDatatime and Md5 from case database
            self.addAuiTab("Summary", evidenceDetails)  #opens summary page
            openTabs.append("Summary")
            self.recreateTree(caseDbPath)
        except:
            pass  #ignore if try: fails
        openFileDialog.Destroy()

Пример #4

Файл: ImagesTab.py Проект: syarifahshah16/PI_Forensics

    def OnBookmarkSelect(self, event):
        #item = self.popupmenu.FindItemById(event.GetId())       
        sel = self.list_ctrl.GetFocusedItem()                   #get selected item
        fileName = self.list_ctrl.GetItemText(sel, 0)       
        parentPath = self.list_ctrl.GetItemText(sel, 9)
        filePath = parentPath+fileName
        conn = connectdb.create_connection(caseDb)              #connect to case database
        isUnique = connectdb.chkUniqueBookmark(conn, fileName, parentPath)  #check if bookmarks table has selected item
        if isUnique == True:
            _rows = []
            for x in evidenceInfo:
                _image = ''
                if Path(caseDirectory+"/Extracted/"+x[1]+filePath).is_file():
                    _image = x[1]       

                selRow = []
                for x in range(0,11):
                    temp = self.list_ctrl.GetItemText(sel, x)   
                    selRow.append(temp)                         #adds each column of selected row into selRow
                selRow.append(_image)                           #adds the image directory name to selRow
                _rows.append(selRow)                            #add selRow to _rows

            with conn:
                for x in _rows:     
                    if x[11] != '':
                        _fileInfo = (x[0], x[1], x[2], x[3], x[4], x[5], x[6], x[7], x[8], x[9], x[10], x[11])  #insert _rows to bookmarks table in case database
                        connectdb.insertBookmarks(conn, _fileInfo)
        else:
            wx.MessageBox("Selected item already exist in Bookmarks")

Пример #5

    def __init__(self, parent, caseDetails, evidenceDetails):
        # begin wxGlade: MyFrame.__init__
        wx.Panel.__init__(self, parent=parent)
        self.SetSize((655, 673))
        self.panel_1 = wx.Panel(self, wx.ID_ANY)
        self.panel_2 = wx.ScrolledWindow(self.panel_1,
                                         wx.ID_ANY,
                                         style=wx.TAB_TRAVERSAL)
        self.txtCaseDb = wx.TextCtrl(self.panel_1,
                                     wx.ID_ANY,
                                     "",
                                     style=wx.TE_READONLY | wx.BORDER_NONE)
        self.txtCaseDesc = wx.TextCtrl(self.panel_1,
                                       wx.ID_ANY,
                                       "",
                                       style=wx.TE_MULTILINE | wx.TE_READONLY)

        global evidenceInfo
        for x in caseDetails:
            try:
                conn = connectdb.create_connection(
                    x[5])  #call to get evidence database from evidence table
                evidenceInfo = connectdb.select_evidence_details(conn)

            except Error as e:
                print(e)

        self.__set_properties()
        self.__do_layout(caseDetails, evidenceDetails)

Пример #6

    def onOpenCase(self, event):
        openFileDialog = wx.FileDialog(
            self,
            "Open",
            "",
            "",
            "*.db",  #creates a filedialog that only allow user to select .db files
            wx.FD_OPEN | wx.FD_FILE_MUST_EXIST)

        openFileDialog.ShowModal()
        global caseDbPath
        caseDbPath = openFileDialog.GetPath()  #get path selected in filedialog

        global caseDetails, evidenceDetails
        try:
            conn = connectdb.create_connection(
                caseDbPath
            )  #try to connect to case database and get case and evidence details
            caseDetails = connectdb.select_case_details(conn)
            evidenceDetails = connectdb.select_evidence_details(
                conn
            )  #get EvidenceName, EvidenceDbPath, EvidenceDatatime and Md5 from case database
            self.addAuiTab("Summary", evidenceDetails)  #opens summary page
            openTabs.append("Summary")
            self.recreateTree(caseDbPath)
            wx.MessageBox('Case Opened!', ' ', wx.OK | wx.ICON_INFORMATION)
        except:
            pass  #ignore if try: fails
        openFileDialog.Destroy()

Пример #7

Файл: mainPCAP.py Проект: syarifahshah16/PI_Forensics

    def recreateTree(self, caseDbFile):
        self.tree_ctrl_1.Freeze()
        self.tree_ctrl_1.DeleteAllItems()
        global caseName
        for x in caseDetails:
            caseName = str(x[2]) + "_" + x[3]

        #adds the name of case as root item in treectrl
        root = self.tree_ctrl_1.AddRoot(caseName)                                   
        self.tree_ctrl_1.AppendItem(root, "Summary")
       
        #connect to case database
        conn = connectdb.create_connection(caseDbFile)                              
        #get evidenceName, EvidenceDbPath EvidenceDatetime and Md5 from case database
        #EvidenceDbPath = path to tsk database generated when onAddEvidence is called
        evidenceInfo = connectdb.select_evidence_details(conn)                      
                                                                                    
        self.tree_ctrl_1.AppendItem(root, "Bookmarks")
        self.tree_ctrl_1.AppendItem(root, "File")
        self.tree_ctrl_1.AppendItem(root, "Images")
        self.tree_ctrl_1.AppendItem(root, "Sessions")
        self.tree_ctrl_1.AppendItem(root, "DNS")
        self.tree_ctrl_1.AppendItem(root, "Credentials")

        self.tree_ctrl_1.ExpandAll()
        self.tree_ctrl_1.Thaw()

Пример #8

Файл: NewCaseDialog.py Проект: syarifahshah16/PI_Forensics

    def onConfirm(self, event):
        #create case dir
        dirPath = self.txtCaseFolder.GetValue()         #get case folder path
        casePath = Path(dirPath)
        if casePath.is_dir():                           #check if it exist
            print("dir exist")
        else:
            os.mkdir(dirPath)                           #create if does not

            #create case database
            dbFilePath = self.txtCaseDb.GetValue()      #get case database path
            my_file = Path(dbFilePath)

            #print(dbFilePath)
            if my_file.is_file():   #check if file exist
                print("file exist")
            else:
                conn = connectdb.create_connection(dbFilePath) #creates db file and connection if it does not exist
                caseInfoTable = "CREATE TABLE 'CaseInfo' ( 'CaseID' INTEGER PRIMARY KEY AUTOINCREMENT, 'InvestigatorName' TEXT, 'CaseNum' INTEGER, 'CaseName' TEXT, 'CaseFolder' TEXT, 'CaseDb' TEXT, 'CaseDesc' TEXT, 'Datetime' TEXT);"
                evidenceInfoTable = "CREATE TABLE 'EvidenceInfo' ('CaseID' INTEGER, 'EvidenceName' TEXT, 'EvidenceDbPath' TEXT, 'EvidenceDatetime' TEXT, 'Md5' TEXT, 'EvidencePath' TEXT, 'EvidenceSize' TEXT);"
                bookmarksTable = "CREATE TABLE 'Bookmarks' ('fileName' TEXT, 'ctime' TEXT, 'crtime' TEXT, 'atime' TEXT, 'mtime' TEXT, 'uid' INTEGER, 'gid' INTEGER, 'md5' TEXT, 'size' INTEGER, 'parentPath' TEXT, 'extension' TEXT, 'image' TEXT);"
                connectdb.createTable(conn, caseInfoTable)      #creates CaseInfo table
                connectdb.createTable(conn, evidenceInfoTable)  #creates EvidenceInfo table
                connectdb.createTable(conn, bookmarksTable)     #creates Bookmarsk table
                connectdb.createFilesEvidenceTable(conn)
                connectdb.createSessionsEvidenceTable(conn)
                connectdb.createDNSEvidenceTable(conn)
                connectdb.createCredentialsEvidenceTable(conn)

                #insert case details
                with conn:
                    caseDetails = (self.txtInvestigatorName.GetValue(), self.txtCaseNum.GetValue(), self.txtCaseName.GetValue(), self.txtCaseFolder.GetValue(), self.txtCaseDb.GetValue(), self.txtCaseDescription.GetValue(), datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
                    connectdb.insertCaseDetails(conn, caseDetails)  #insert case details to CaseInfo
            
        self.Close()

Пример #9

Файл: testmain.py Проект: syarifahshah16/PI_Forensics

    def onSearchBtn(self, event):
        try:
            caseDetails
        except:
            print("Case not open")
        else:
            dlg = search.searchDialog(None)         #calls searchDialog() from search.py
            dlg.Center()
            dlg.ShowModal()
            searchItem = dlg.searchItems()          #calls searchItem() to get search and search option

            searchReturn = []
            if searchItem[1] == "Normal Search":
                for x in evidenceDetails:
                    conn = connectdb.create_connection(x[2])                            #connect to tsk database
                    searchResults = connectdb.search_file_name(conn, searchItem[0])     #search in tsk database
                    if searchResults != []:
                        for i in searchResults:
                            i = i + (x[1],)                                             #adds image location to end of result
                            searchReturn.append(i)                                      #append each result

                self._dialog = wx.ProgressDialog("Search", "Searching for {val}".format(val=searchItem[0]), 100)
                LoadingDialog(self._dialog)
                self.auiNotebook.AddPage(searchTab.searchTabPanel(self.auiNotebook, searchReturn, caseDir), "Search ("+searchItem[0]+")", False, wx.NullBitmap) #call and add searchTab aui page
                LoadingDialog.endLoadingDialog(self)
            else:
                print("Regular Expression")

            dlg.Destroy()

Пример #10

Файл: ImagesTab.py Проект: syarifahshah16/PI_Forensics

    def load_queried_files(self, list_ctrl, extension, dbFilePath):
        try:
            conn = connectdb.create_connection(dbFilePath)                                     #connect to tsk database
            queriedFileInfo = connectdb.select_queried_files(conn, extension)                  #returns with files of defined extensions

            for x in queriedFileInfo:
                if x[2] != "NULL":
                    ctime = datetime.datetime(1970, 1, 1) + timedelta(seconds=x[2])            #convert seconds to datetime
                else:
                    ctime = x[2]
                    
                if x[3] != "NULL":
                    crtime = datetime.datetime(1970, 1, 1) + timedelta(seconds=x[3])
                else:
                    crtime = x[3]

                if x[4] != "NULL":
                    atime = datetime.datetime(1970, 1, 1) + timedelta(seconds=x[4])
                else:
                    atime = x[4]

                if x[5] != "NULL":
                    mtime = datetime.datetime(1970, 1, 1) + timedelta(seconds=x[5])
                else:
                    mtime = x[5]

                self.list_ctrl.Append((x[0], ctime, crtime, atime, mtime, x[6], x[7], x[8], x[1], x[9], x[10])) #append to listctrl
    
        except:
            pass

Пример #11

Файл: hdAnalyzedDataTab.py Проект: syarifahshah16/PI_Forensics

 def loadBookmarks(self):
     conn = connectdb.create_connection(caseDb)  #connect to case database
     bookmarkQuery = connectdb.selectBookmarks(
         conn)  #lookup bookmarks table
     for x in bookmarkQuery:
         self.list_ctrl.Append(
             (x[0], x[1], x[2], x[3], x[4], x[5], x[6], x[7], x[8], x[9],
              x[10], x[11]))  #apped to listctrl

Пример #12

Файл: ImagesTab.py Проект: syarifahshah16/PI_Forensics

    def onRemoveBookmark(self, event):
        #item = self.popupmenu.FindItemById(event.GetId())
        sel = self.list_ctrl.GetFocusedItem()
        fileName = self.list_ctrl.GetItemText(sel, 0)
        parentPath = self.list_ctrl.GetItemText(sel, 9)

        conn = connectdb.create_connection(caseDb)
        with conn:
            connectdb.deleteBookmarkItem(conn, fileName, parentPath)
            self.list_ctrl.DeleteItem(sel)

Пример #13

    def addAuiTab(self, tabName, evidenceDetails):
        global caseDir
        for x in caseDetails:
            caseDir = x[4]

        if tabName == "Summary":
            self.auiNotebook.AddPage(SummaryTab.TabPanel(self.auiNotebook, caseDetails, evidenceDetails), tabName, False, wx.NullBitmap)
        
        if tabName == "Deleted files":
            mainFrame._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100)  #create loading dialog
            LoadingDialog(mainFrame._dialog)                                                                    #start loading 
            self.auiNotebook.AddPage(DeletedFilesTab.TabPanel(self.auiNotebook, tabName, caseDir), tabName, False, wx.NullBitmap) #calls and open a aui tab from DeletedFilesTab.py
            LoadingDialog.endLoadingDialog(self)                                                           #stop loading

        if tabName == "Bookmarks":
            mainFrame._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100)
            LoadingDialog(mainFrame._dialog)
            self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap)  #calls and open a aui tab from SummaryTab.py
            LoadingDialog.endLoadingDialog(self)

        for x in analyzedDataTree:
            if tabName == x and tabName != "Deleted files":
                mainFrame._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100)
                LoadingDialog(mainFrame._dialog)
                addingPage = self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap)
                LoadingDialog.endLoadingDialog(self)
                       
        for x in documentsTree:                                                                                                            
            if tabName == x:
                mainFrame._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100)
                LoadingDialog(mainFrame._dialog)                                                                        
                self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap)
                LoadingDialog.endLoadingDialog(self)

        for x in executablesTree:
            if tabName == x:
                mainFrame._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100)
                LoadingDialog(mainFrame._dialog)
                self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap)
                LoadingDialog.endLoadingDialog(self)

        for x in evidenceDetails:                     
            evidenceDbConn = connectdb.create_connection(x[2])                      #connects to tsk database
            evidenceDbInfo = connectdb.select_image_info(evidenceDbConn)            #get name, size and md5 from tsk database
            evidencePart  = connectdb.select_image_partitions(evidenceDbConn)       #get partition info from tsk database
            count = 0
            for i in evidencePart:
                count += 1
                if tabName == "Vol{count} {desc}: {start}-{end})".format(count=count, desc=str(i[2]), start=str(i[0]), end=str(i[1])):
                    mainFrame._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100)
                    LoadingDialog(mainFrame._dialog)
                    self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap)
                    LoadingDialog.endLoadingDialog(self)

Пример #14

Файл: hdDeletedFilesTab.py Проект: syarifahshah16/PI_Forensics

    def load_queried_files(self, list_ctrl):
        if Path(caseDirectory + "/Evidence_Database/Deleted_Files.db").is_file(
        ):  #check if Deleted_Files.db exist
            deletedFilesDb = caseDirectory + "/Evidence_Database/Deleted_Files.db"
            conn = connectdb.create_connection(
                deletedFilesDb)  #connect to Deleted_Files.db
            query = connectdb.select_deleted_files(
                conn)  #get all deleted files

            for x in query:
                self.list_ctrl.Append(
                    (x[0], x[1], x[2], x[3], x[4], x[5], x[6], x[7], x[8],
                     x[9], x[10], x[11]))  #add all to listctrl

Пример #15

Файл: testmain.py Проект: syarifahshah16/PI_Forensics

 def onNewCase(self, event):  
     dialog = NewCaseDialog.newCase(None)
     dialog.Center()
     dialog.ShowModal()
     dbPath = dialog.getCaseDb()
     
     global caseDetails
     try:
         conn = connectdb.create_connection(dbPath)                      #connects to new case database
         caseDetails = connectdb.select_case_details(conn)               #get InvestigatorName, CaseNum, CaseName, CaseFolder, CaseDb, CaseDesc, Datatime from case database
         self.recreateTree(dbPath)                                       #creates treectrl
     except:
         pass 
     
     dialog.Destroy()

Пример #16

    def addAuiTab(self, tabName, evidenceDetails):
        global caseDir
        for x in caseDetails:
            caseDir = x[4]

        if tabName == "Summary":
            self.auiNotebook.AddPage(SummaryTab.TabPanel(self.auiNotebook, caseDetails, evidenceDetails), tabName, False, wx.NullBitmap)

        if tabName == "File":
            self._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100)  #create loading dialog
            LoadingDialog(self._dialog)                                                                    #start loading 
            self.auiNotebook.AddPage(pcapFilesTab.TabPanel(self.auiNotebook, tabName, caseDir), tabName, False, wx.NullBitmap) #calls and open a aui tab from DeletedFilesTab.py
            LoadingDialog.endLoadingDialog(self)
            
            #sequence = [frameNumber, evidencePath, src_host_str, src_port, dst_host_str, dst_port, protocol, fileName, ext, size, timestamp]
            window = self.auiNotebook.GetPage(self.auiNotebook.GetPageCount() - 1) # we've just added a page so the page we want to access is the last one
            sequence = [1, "2", "3", "4", "5", "6", "7", "8", "9", "10", "11"]
            pcapFilesTab.TabPanel.addPcapDetails(window, sequence)
            
            # Get the PCAP data from the database and display in the GUI (File tab)
            index = 1
            while (True):
                row = connectdb.selectPcapEvidenceDetails(self.conn, index)
                if ( () == row or None == row ):
                    break # from while-loop (no more data)
                    
                pcapFilesTab.TabPanel.addPcapDetails(window, row)
                index = index + 1


        if tabName == "Images":
            self._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100)
            LoadingDialog(self._dialog)
            self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap)  
            LoadingDialog.endLoadingDialog(self)

        if tabName == "Sessions":
            self._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100)  #create loading dialog
            LoadingDialog(self._dialog)                                                                    #start loading 
            self.auiNotebook.AddPage(pcapSessionsTab.TabPanel(self.auiNotebook, caseDir), tabName, False, wx.NullBitmap) 
            LoadingDialog.endLoadingDialog(self)

            #sequence = [Packet, timestamp, src_ip, dst_ip, request]
            window = self.auiNotebook.GetPage(self.auiNotebook.GetPageCount() - 1) # we've just added a page so the page we want to access is the last one
            sequence = [1, "2", "3", "4", "5"]
            pcapSessionsTab.TabPanel.addSessionsDetails(window, sequence)
            
            # Get the PCAP data from the database and display in the GUI (Sessions tab)
            index = 1
            while (True):
                row = connectdb.selectPcapSessionsDetails(self.conn, index)
                if ( () == row or None == row ):
                    break # from while-loop (no more data)
                    
                pcapSessionsTab.TabPanel.addSessionsDetails(window, row)
                index = index + 1

        if tabName == "DNS":
            self._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100)  #create loading dialog
            LoadingDialog(self._dialog)                                                                    #start loading 
            self.auiNotebook.AddPage(pcapDNSTab.TabPanel(self.auiNotebook, caseDir), tabName, False, wx.NullBitmap) 
            LoadingDialog.endLoadingDialog(self) 

        if tabName == "Bookmarks":
            self._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100)
            LoadingDialog(self._dialog)
            self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap)  
            LoadingDialog.endLoadingDialog(self)

        for x in evidenceDetails:                  
            evidenceDbConn = connectdb.create_connection(x[2])                      #connects to tsk database
            evidenceDbInfo = connectdb.select_image_info(evidenceDbConn)            #get name, size and md5 from tsk database
            evidencePart  = connectdb.select_image_partitions(evidenceDbConn)       #get partition info from tsk database
            count = 0
            for i in evidencePart:
                count += 1
                if tabName == "Vol{count} {desc}: {start}-{end})".format(count=count, desc=str(i[2]), start=str(i[0]), end=str(i[1])):
                    self._dialog = wx.ProgressDialog("Loading", "Loading {tabName}".format(tabName=tabName), 100)
                    LoadingDialog(self._dialog)
                    self.auiNotebook.AddPage(AnalyzedDataTab.TabPanel(self.auiNotebook, tabName, evidenceDetails, caseDir, caseDbPath), tabName, False, wx.NullBitmap)
                    LoadingDialog.endLoadingDialog(self)

Пример #17

Файл: SummaryTab.py Проект: syarifahshah16/PI_Forensics

    def __do_layout(self, caseDetails, evidenceDetails):
        # begin wxGlade: MyFrame.__do_layout
        sizer_1 = wx.BoxSizer(wx.VERTICAL)
        sizer_9 = wx.BoxSizer(wx.VERTICAL)
        sizer_12 = wx.BoxSizer(wx.HORIZONTAL)
        sizer_14 = wx.BoxSizer(wx.VERTICAL)
        caseInfoGridSizer = wx.FlexGridSizer(6, 2, 0, 0)
        sizer_13 = wx.BoxSizer(wx.VERTICAL)
        evidenceMainSizer = wx.BoxSizer(wx.HORIZONTAL)
        sizer_2 = wx.BoxSizer(wx.HORIZONTAL)
        sizer_10 = wx.BoxSizer(wx.HORIZONTAL)
        lblSummary = wx.StaticText(self.panel_1, wx.ID_ANY, "Summary")
        lblSummary.SetFont(wx.Font(20, wx.DEFAULT, wx.NORMAL, wx.LIGHT, 0, ""))
        sizer_10.Add(lblSummary, 1, wx.ALL, 5)
        sizer_9.Add(sizer_10, 0, wx.EXPAND, 0)
        static_line_1 = wx.StaticLine(self.panel_1, wx.ID_ANY)
        sizer_9.Add(static_line_1, 0, wx.BOTTOM | wx.EXPAND | wx.TOP, 5)

        lblExtraction = wx.StaticText(self.panel_1, wx.ID_ANY, "Extractions: ")
        lblExtraction.SetFont(
            wx.Font(15, wx.DEFAULT, wx.NORMAL, wx.NORMAL, 0, ""))
        sizer_2.Add(lblExtraction, 0, 0, 0)
        lblEvidenceCount = wx.StaticText(self.panel_1, wx.ID_ANY, "0")
        lblEvidenceCount.SetFont(
            wx.Font(15, wx.DEFAULT, wx.NORMAL, wx.NORMAL, 0, ""))
        sizer_2.Add(lblEvidenceCount, 0, 0, 0)
        sizer_9.Add(sizer_2, 0, wx.EXPAND, 0)

        # for x in imageInfo:
        #     x = list(x)
        #     self.addEvidence(evidenceMainSizer, x[0], x[1], x[2])
        global evidenceAddDate
        for x in evidenceDetails:
            evidenceAddDate = x[3]

        evidenceCount = 0
        for x in evidenceInfo:
            global imageInfo
            try:
                conn = connectdb.create_connection(
                    x[2])  #connect to tsk database
                imageInfo = connectdb.select_image_info(
                    conn)  #get evidence name, size and md5 from tsk database
            except:
                pass

            for i in imageInfo:
                i = list(i)
                fileName = os.path.basename(i[0])
                self.addEvidence(
                    evidenceMainSizer, fileName, i[1], x[4]
                )  #sets the evidence along with the details on the top panel
                evidenceCount += 1

        lblEvidenceCount.SetLabel(str(evidenceCount))

        self.panel_2.SetSizer(evidenceMainSizer)
        sizer_9.Add(self.panel_2, 1, wx.EXPAND, 0)
        lblDeviceInfo = wx.StaticText(self.panel_1, wx.ID_ANY, "Case Info:")
        lblDeviceInfo.SetFont(
            wx.Font(15, wx.DEFAULT, wx.NORMAL, wx.NORMAL, 0, ""))
        sizer_13.Add(lblDeviceInfo, 0, wx.ALL | wx.EXPAND, 5)
        static_line_2 = wx.StaticLine(self.panel_1, wx.ID_ANY)
        sizer_13.Add(static_line_2, 0, wx.BOTTOM | wx.EXPAND | wx.TOP, 5)
        label_5 = wx.StaticText(self.panel_1, wx.ID_ANY, "Investigator Name:")
        caseInfoGridSizer.Add(label_5, 0, 0, 0)
        lblInvestigatorName = wx.StaticText(self.panel_1, wx.ID_ANY, "")
        caseInfoGridSizer.Add(lblInvestigatorName, 0, 0, 0)
        label_6 = wx.StaticText(self.panel_1, wx.ID_ANY, "Case Number:")
        caseInfoGridSizer.Add(label_6, 0, 0, 0)
        lblCaseNum = wx.StaticText(self.panel_1, wx.ID_ANY, "")
        caseInfoGridSizer.Add(lblCaseNum, 0, 0, 0)
        label_13 = wx.StaticText(self.panel_1, wx.ID_ANY, "Case Name:")
        caseInfoGridSizer.Add(label_13, 0, 0, 0)
        lblCaseName = wx.StaticText(self.panel_1, wx.ID_ANY, "")
        caseInfoGridSizer.Add(lblCaseName, 0, 0, 0)
        label_11 = wx.StaticText(self.panel_1, wx.ID_ANY, "Date added:")
        caseInfoGridSizer.Add(label_11, 0, 0, 0)
        lblDateTime = wx.StaticText(self.panel_1, wx.ID_ANY, "")
        caseInfoGridSizer.Add(lblDateTime, 0, 0, 0)
        label_9 = wx.StaticText(self.panel_1, wx.ID_ANY, "Case Database:")
        caseInfoGridSizer.Add(label_9, 0, 0, 0)
        caseInfoGridSizer.Add(self.txtCaseDb, 0, wx.ALL | wx.EXPAND, 5)
        label_10 = wx.StaticText(self.panel_1, wx.ID_ANY, "Case Description:")
        caseInfoGridSizer.Add(label_10, 0, 0, 0)
        caseInfoGridSizer.Add(self.txtCaseDesc, 1, wx.ALL | wx.EXPAND, 5)
        caseInfoGridSizer.AddGrowableCol(1)

        for x in caseDetails:  #sets the case info
            lblInvestigatorName.SetLabel(x[1])
            lblCaseNum.SetLabel(str(x[2]))
            lblCaseName.SetLabel(x[3])
            lblDateTime.SetLabel(str(x[7]))
            self.txtCaseDb.SetValue(x[5])
            self.txtCaseDesc.SetValue(x[6])

        sizer_13.Add(
            caseInfoGridSizer,
            1,
            wx.ALL | wx.EXPAND,
        )
        sizer_12.Add(sizer_13, 1, wx.EXPAND, 0)

        sizer_9.Add(sizer_12, 1, wx.EXPAND, 0)
        self.panel_1.SetSizer(sizer_9)
        sizer_1.Add(self.panel_1, 1, wx.EXPAND, 0)
        self.SetSizer(sizer_1)
        self.Layout()

Пример #18

    def onAddEvidence(self, event):
        try:
            caseDetails
        except NameError:
            wx.MessageBox('Case not opened!', ' ', wx.OK
                          | wx.ICON_INFORMATION)  #if caseDetails not defined
            print("Case not opened")
        else:  #if caseDetails is defined
            openFileDialog = wx.FileDialog(
                self,
                "Open",
                "",
                "",
                "*.dd",  #creates a filedialog that only allow user to select .dd files 
                wx.FD_OPEN | wx.FD_FILE_MUST_EXIST)

            openFileDialog.ShowModal()
            global caseDir, caseDbPath
            evidencePath = openFileDialog.GetPath(
            )  #get path of selected dd file
            fileName = os.path.basename(evidencePath)

            for x in caseDetails:
                caseDir = x[4]  #get case directory from caseDetails
                caseDbPath = x[5]  #get case database path from caseDetails

            evidenceDbDir = Path(caseDir + "/Evidence_Database")
            if evidenceDbDir.is_dir() == False:  #check if directory exist
                os.mkdir(
                    str(evidenceDbDir))  #create directory if it does not exist
            if fileName != "":
                self._dialog = wx.ProgressDialog(
                    "Adding evidence",
                    "Creating database for '{s}'".format(s=fileName), 100)
                LoadingDialog(self._dialog)  #starts the loading dialog
                load_db = subprocess.call([
                    "tsk_loaddb", "-d",
                    "{caseDir}/Evidence_Database/{fileName}.db".format(
                        caseDir=caseDir, fileName=fileName), evidencePath
                ])  #use tsk_loaddb to generate tsk database
                LoadingDialog.endLoadingDialog(self)  #ends the loading dialog

                if load_db == 0:  #if no error
                    conn = connectdb.create_connection(caseDbPath)
                    with conn:
                        evidenceDbPath = str(
                            evidenceDbDir) + "/" + fileName + ".db"
                        #hash = "md5sum {evidencePath} | awk '{col}".format(evidencePath=evidenceDbPath, col="{print $1}")
                        #evidenceMd5 = subprocess.Popen([hash], stdout=subprocess.PIPE).communicate()[0]
                        md5_hash = hashlib.md5()
                        f = open(evidencePath, 'rb')
                        # Read and update hash in chunks of 4K
                        for byte_block in iter(lambda: f.read(4096), b""):
                            md5_hash.update(byte_block)
                        print(md5_hash.hexdigest())
                        evidenceMd5 = md5_hash.hexdigest()
                        insertEvidence = (1, fileName, evidenceDbPath,
                                          datetime.datetime.now().strftime(
                                              "%Y-%m-%d %H:%M:%S"),
                                          evidenceMd5)
                        connectdb.insertEvidenceDetails(
                            conn, insertEvidence
                        )  #insert to EvidenceInfo in case database

                    evidenceConn = connectdb.create_connection(
                        caseDir + "/Evidence_Database/" + fileName +
                        ".db")  #connect to tsk database
                    evidencePart = connectdb.select_image_partitions(
                        evidenceConn)  #get image partitions from tsk database

                    if Path(caseDir +
                            "/Evidence_Database/Deleted_Files.db").is_file(
                            ) == False:  #check if Deleted_Files.db exist
                        createDeletedFilesDb = connectdb.create_connection(
                            caseDir + "/Evidence_Database/Deleted_Files.db")
                        deteledFilesTable = "CREATE TABLE 'DeletedFiles' ('fileType' TEXT, 'status' TEXT, 'inode' TEXT, 'filePath' TEXT, 'ctime' TEXT, 'crtime' TEXT, 'atime' TEXT, 'mtime' TEXT, 'size' INTEGER, 'uid' INTEGER, 'gid' INTEGER, 'image' TEXT);"
                        connectdb.createTable(
                            createDeletedFilesDb,
                            deteledFilesTable)  #creates if it does not exist

                    else:
                        createDeletedFilesDb = connectdb.create_connection(
                            caseDir + "/Evidence_Database/Deleted_Files.db"
                        )  #connects to Deleted_Files.db

                    for x in evidencePart:
                        if x[2] != "Unallocated":
                            subprocess.Popen(
                                [
                                    "tsk_recover", "-e", "-o",
                                    str(x[0]), evidencePath,
                                    caseDir + "/Extracted/" + fileName
                                ]
                            )  #recover files from all partitions that re not unallocated

                            listAllDeletedFiles = "fls -rFdl -o {offset} {image}".format(
                                offset=str(x[0]), image=evidencePath)
                            process = subprocess.Popen(
                                listAllDeletedFiles,
                                shell=True,
                                stdout=subprocess.PIPE,
                                stderr=subprocess.PIPE
                            )  #list all deleted files

                            stdout, stderr = process.communicate()
                            output = stdout.decode()
                            chk = re.sub(
                                r'[ ]\*[ ]', '\t*\t', output
                            )  #change all ' ' in the second and third column of fls output to to '\t'
                            chk = re.sub(r'\n', '\t',
                                         chk)  #change all '\n' to '\t'
                            chk = chk.split(
                                '\t'
                            )  #splits all values between \t into a list
                            itemList = []
                            k = 0
                            for i in range(k, len(chk) - 1, 11):
                                k = i
                                itemList.append(
                                    chk[k:k + 11]
                                )  #appends every 11 items into a list

                            with createDeletedFilesDb:
                                for list in itemList:
                                    insertDeletedFiles = (list[0], list[1],
                                                          list[2], list[3],
                                                          list[4], list[5],
                                                          list[6], list[7],
                                                          list[8], list[9],
                                                          list[10], fileName)
                                    connectdb.insertDeletedFiles(
                                        createDeletedFilesDb,
                                        insertDeletedFiles
                                    )  #inserts all deleted files info into Deleted_Files.db
                    wx.MessageBox(
                        "Extracting '{file}' in the background.".format(
                            file=fileName))

                    global evidenceDetails
                    evidenceDetails = connectdb.select_evidence_details(conn)

                    self.auiNotebook.DeletePage(0)
                    self.auiNotebook.RemovePage(0)
                    self.addAuiTab("Summary", evidenceDetails)
                    self.recreateTree(caseDbPath)

            openFileDialog.Destroy()

Пример #19

    def addAuiTab(self, tabName, evidenceDetails):
        global caseDir
        for x in caseDetails:
            caseDir = x[4]

        if tabName == "Summary":
            self.auiNotebook.AddPage(
                SummaryTab.TabPanel(self.auiNotebook, caseDetails,
                                    evidenceDetails), tabName, False,
                wx.NullBitmap)

        if tabName == "File":
            self.auiNotebook.AddPage(
                FileTab.TabPanel(self.auiNotebook, caseDetails,
                                 evidenceDetails), tabName, False,
                wx.NullBitmap)

        if tabName == "Images":
            self.auiNotebook.AddPage(
                ImagesTab.TabPanel(self.auiNotebook, caseDetails,
                                   evidenceDetails), tabName, False,
                wx.NullBitmap)

        if tabName == "Sessions":
            self.auiNotebook.AddPage(
                SessionsTab.TabPanel(self.auiNotebook, caseDetails,
                                     evidenceDetails), tabName, False,
                wx.NullBitmap)

        if tabName == "DNS":
            self.auiNotebook.AddPage(
                DNSTab.TabPanel(self.auiNotebook, caseDetails,
                                evidenceDetails), tabName, False,
                wx.NullBitmap)

        if tabName == "Credentials":
            self.auiNotebook.AddPage(
                CredentialsTab.TabPanel(self.auiNotebook, caseDetails,
                                        evidenceDetails), tabName, False,
                wx.NullBitmap)

        if tabName == "Bookmarks":
            self._dialog = wx.ProgressDialog(
                "Loading", "Loading {tabName}".format(tabName=tabName), 100)
            LoadingDialog(self._dialog)
            self.auiNotebook.AddPage(
                AnalyzedDataTab.TabPanel(self.auiNotebook, tabName,
                                         evidenceDetails, caseDir, caseDbPath),
                tabName, False,
                wx.NullBitmap)  #calls and open a aui tab from SummaryTab.py
            LoadingDialog.endLoadingDialog(self)

        for x in evidenceDetails:
            evidenceDbConn = connectdb.create_connection(
                x[2])  #connects to tsk database
            evidenceDbInfo = connectdb.select_image_info(
                evidenceDbConn)  #get name, size and md5 from tsk database
            evidencePart = connectdb.select_image_partitions(
                evidenceDbConn)  #get partition info from tsk database
            count = 0
            for i in evidencePart:
                count += 1
                if tabName == "Vol{count} {desc}: {start}-{end})".format(
                        count=count,
                        desc=str(i[2]),
                        start=str(i[0]),
                        end=str(i[1])):
                    self._dialog = wx.ProgressDialog(
                        "Loading", "Loading {tabName}".format(tabName=tabName),
                        100)
                    LoadingDialog(self._dialog)
                    self.auiNotebook.AddPage(
                        AnalyzedDataTab.TabPanel(self.auiNotebook, tabName,
                                                 evidenceDetails, caseDir,
                                                 caseDbPath), tabName, False,
                        wx.NullBitmap)
                    LoadingDialog.endLoadingDialog(self)

Пример #20

    def runddfile(lock):
        lock.acquire()
        global fileName, evidencePath
        for x in caseDetails:
                caseDir = x[4]                                              #get case directory from caseDetails
                caseDbPath = x[5]                                           #get case database path from caseDetails

        evidenceDbDir = Path(caseDir+"/Evidence_Database")
        if evidenceDbDir.is_dir() == False:                             #check if directory exist
            os.mkdir(str(evidenceDbDir))                                #create directory if it does not exist
        if fileName != "":
            mainFrame._dialog = wx.ProgressDialog("Adding evidence", "Creating database for '{s}'".format(s=fileName), 100) 
            LoadingDialog(mainFrame._dialog)                                 #starts the loading dialog
            load_db = subprocess.call(["tsk_loaddb", "-d",  "{caseDir}/Evidence_Database/{fileName}.db".format(caseDir=caseDir, fileName=fileName), evidencePath]) #use tsk_loaddb to generate tsk database
            LoadingDialog.endLoadingDialog(mainFrame)                        #ends the loading dialog

            if load_db == 0:                                            #if no error
                conn = connectdb.create_connection(caseDbPath)
                with conn:
                    evidenceDbPath = str(evidenceDbDir)+"/"+fileName+".db"
                    #hash = "md5sum {evidencePath} | awk '{col}".format(evidencePath=evidenceDbPath, col="{print $1}")
                    #evidenceMd5 = subprocess.Popen([hash], stdout=subprocess.PIPE).communicate()[0]
                    evidenceMd5 = "None"
                    insertEvidence = (1, fileName, evidenceDbPath, datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"), evidenceMd5)
                    connectdb.insertEvidenceDetails(conn, insertEvidence)   #insert to EvidenceInfo in case database
                    
                evidenceConn = connectdb.create_connection(caseDir+"/Evidence_Database/"+fileName+".db")    #connect to tsk database
                evidencePart = connectdb.select_image_partitions(evidenceConn)                              #get image partitions from tsk database
                    
                if Path(caseDir+"/Evidence_Database/Deleted_Files.db").is_file() == False:                  #check if Deleted_Files.db exist
                    createDeletedFilesDb = connectdb.create_connection(caseDir+"/Evidence_Database/Deleted_Files.db") 
                    deteledFilesTable = "CREATE TABLE 'DeletedFiles' ('fileType' TEXT, 'status' TEXT, 'inode' TEXT, 'filePath' TEXT, 'ctime' TEXT, 'crtime' TEXT, 'atime' TEXT, 'mtime' TEXT, 'size' INTEGER, 'uid' INTEGER, 'gid' INTEGER, 'image' TEXT);"
                    connectdb.createTable(createDeletedFilesDb, deteledFilesTable)                          #creates if it does not exist
                    
                else:
                    createDeletedFilesDb = connectdb.create_connection(caseDir+"/Evidence_Database/Deleted_Files.db")   #connects to Deleted_Files.db
                        
                for x in evidencePart:
                    if x[2] != "Unallocated":
                        subprocess.Popen(["tsk_recover", "-e", "-o", str(x[0]), evidencePath, caseDir+"/Extracted/"+fileName]) #recover files from all partitions that re not unallocated
                            
                        listAllDeletedFiles = "fls -rFdl -o {offset} {image}".format(offset=str(x[0]), image=evidencePath)
                        process = subprocess.Popen(listAllDeletedFiles, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) #list all deleted files

                        stdout,stderr = process.communicate()
                        output = stdout.decode()
                        chk = re.sub(r'[ ]\*[ ]', '\t*\t', output)          #change all ' ' in the second and third column of fls output to to '\t'
                        chk = re.sub(r'\n', '\t', chk)                      #change all '\n' to '\t'
                        chk = chk.split('\t')                               #splits all values between \t into a list 
                        itemList = []
                        k=0
                        for i in range(k,len(chk)-1,11):
                            k=i
                            itemList.append(chk[k:k+11])                    #appends every 11 items into a list

                        with createDeletedFilesDb:
                            for list in itemList:
                                insertDeletedFiles = (list[0], list[1], list[2], list[3], list[4], list[5], list[6], list[7], list[8], list[9], list[10], fileName)
                                connectdb.insertDeletedFiles(createDeletedFilesDb, insertDeletedFiles)  #inserts all deleted files info into Deleted_Files.db
                wx.MessageBox("Extracting '{file}' in the background.".format(file=fileName))

                global evidenceDetails
                evidenceDetails = connectdb.select_evidence_details(conn)

                self.auiNotebook.DeletePage(0)
                self.auiNotebook.RemovePage(0)
                self.addAuiTab("Summary", evidenceDetails)                  
                self.recreateTree(caseDbPath)
        lock.release()