} // Main
public static void Main2(string[] args)
{
var frp = new ForensicRulePackage()
{
Desc = "测试",
Name = "Test",
Items = new List <ForensicRuleItemInfo>()
{
new FileCatchInfo()
{
Key = "c1", RelativePath = "ddd", RootPath = "aaaa"
},
new FileProcessInfo()
{
Script = "ssss"
},
new FileProcessInfo()
{
Script = "ssss"
}
},
};
JsonSerializerSettings jsonSerializerSettings = new JsonSerializerSettings();
jsonSerializerSettings.TypeNameHandling = TypeNameHandling.Auto;
jsonSerializerSettings.Formatting = Formatting.Indented;
var st = JsonConvert.SerializeObject(frp, jsonSerializerSettings);
Console.WriteLine(st);
} // Main
public void ExecuteCreateNewRule()
{
var t = new ForensicRulePackage()
{
Name = RuleName,
Desc = RuleDesc,
PackageFilePath = VMMain.Instance.VMConfig.RulePath + RuleName + ".txt",
Items = new List <ForensicRuleItemInfo>()
};
RuleManager.SavePackage(t, false);
var tNode = new RuleFileNode()
{
Desc = RuleDesc,
Package = t,
};
if (dataSource == null)
{
DataSource = new List <RuleFileNode>()
{
tNode
};
}
else
{
var tSource = DataSource as List <RuleFileNode>;
tSource.Add(tNode);
}
CurrentEditPackages.Add(tNode);
}
public static ForensicRulePackage GetRulePackageZhiBo8()
{
var t = new ForensicRulePackage()
{
Name = "android.zhibo8",
Desc = "直播吧",
Items = new List <ForensicRuleItemInfo>()
{
new FileCatchInfo()
{
Key = "File_History",
RelativePath = "databases/database.db",
},
new DataCatchInfo()
{
Key = "File_History",
Type = DataCatchInfo.DataType.Database,
DataPath = "t_history_record",
TableKey = "Table_History"
},
new DataMarkInfo()
{
Key = "Table_History",
TableDesc = "观看历史",
}
}
};
t.Init();
return(t);
}
public static ForensicRulePackage GetRulePackageYY()
{
var t = new ForensicRulePackage()
{
Name = "com.duowan.mobile",
Desc = "YY语音",
Items = new List <ForensicRuleItemInfo>()
{
new FileCatchInfo()
{
Key = "File_User",
IsRegEx = true,
RelativePath = @"databases/(\d+)\.db",
},
new FileCatchInfo()
{
Key = "File_Core",
RelativePath = @"databases/core.db",
},
new DataCatchInfo()
{
Key = "File_Core",
Type = DataCatchInfo.DataType.Database,
DataPath = "User_UserInfo",
TableKey = "Table_Users",
},
new DataCatchInfo()
{
Key = "File_User",
Type = DataCatchInfo.DataType.Database,
DataPath = "im_friend_list",
TableKey = "Table_Friends",
},
new DataCatchInfo()
{
Key = "File_User",
Type = DataCatchInfo.DataType.DatabaseWithRegEx,
DataPath = @"im_1v1_new_msg_\d+",
TableKey = "Table_Msgs",
},
new DataProcessInfo()
{
Key = "File_User",
Type = DataProcessInfo.ProcessType.RegEx,
ColumnName = "FileName",
Content = "(?<AccountID>\\d+)\\.db",
OutputColumnName = "AccountID",
},
new DataAssociateInfo()
{
ParentTableKey = "Table_Users",
ParentTableColumn = "userID",
ChildTableKey = "Table_Friends",
ChildFileTableAssociateColumn = "AccountID"
},
new DataAssociateInfo()
{
ParentTableKey = "Table_Friends",
ParentTableColumn = "id",
ChildTableKey = "Table_Msgs",
ChildTableAssociateColumn = "reverse2"
},
new DataMarkInfo()
{
Key = "Table_Users",
TableDesc = "登录用户"
},
new DataMarkInfo()
{
Key = "Table_Friends",
TableDesc = "好友列表",
NotShowAtRoot = true,
},
new DataMarkInfo()
{
Key = "Table_Msgs",
NotShowAtRoot = true,
TableDesc = "消息记录"
}
}
};
t.Init();
return(t);
}
