} // Main public static void Main2(string[] args) { var frp = new ForensicRulePackage() { Desc = "测试", Name = "Test", Items = new List <ForensicRuleItemInfo>() { new FileCatchInfo() { Key = "c1", RelativePath = "ddd", RootPath = "aaaa" }, new FileProcessInfo() { Script = "ssss" }, new FileProcessInfo() { Script = "ssss" } }, }; JsonSerializerSettings jsonSerializerSettings = new JsonSerializerSettings(); jsonSerializerSettings.TypeNameHandling = TypeNameHandling.Auto; jsonSerializerSettings.Formatting = Formatting.Indented; var st = JsonConvert.SerializeObject(frp, jsonSerializerSettings); Console.WriteLine(st); } // Main
public void ExecuteCreateNewRule() { var t = new ForensicRulePackage() { Name = RuleName, Desc = RuleDesc, PackageFilePath = VMMain.Instance.VMConfig.RulePath + RuleName + ".txt", Items = new List <ForensicRuleItemInfo>() }; RuleManager.SavePackage(t, false); var tNode = new RuleFileNode() { Desc = RuleDesc, Package = t, }; if (dataSource == null) { DataSource = new List <RuleFileNode>() { tNode }; } else { var tSource = DataSource as List <RuleFileNode>; tSource.Add(tNode); } CurrentEditPackages.Add(tNode); }
public static ForensicRulePackage GetRulePackageZhiBo8() { var t = new ForensicRulePackage() { Name = "android.zhibo8", Desc = "直播吧", Items = new List <ForensicRuleItemInfo>() { new FileCatchInfo() { Key = "File_History", RelativePath = "databases/database.db", }, new DataCatchInfo() { Key = "File_History", Type = DataCatchInfo.DataType.Database, DataPath = "t_history_record", TableKey = "Table_History" }, new DataMarkInfo() { Key = "Table_History", TableDesc = "观看历史", } } }; t.Init(); return(t); }
public static ForensicRulePackage GetRulePackageYY() { var t = new ForensicRulePackage() { Name = "com.duowan.mobile", Desc = "YY语音", Items = new List <ForensicRuleItemInfo>() { new FileCatchInfo() { Key = "File_User", IsRegEx = true, RelativePath = @"databases/(\d+)\.db", }, new FileCatchInfo() { Key = "File_Core", RelativePath = @"databases/core.db", }, new DataCatchInfo() { Key = "File_Core", Type = DataCatchInfo.DataType.Database, DataPath = "User_UserInfo", TableKey = "Table_Users", }, new DataCatchInfo() { Key = "File_User", Type = DataCatchInfo.DataType.Database, DataPath = "im_friend_list", TableKey = "Table_Friends", }, new DataCatchInfo() { Key = "File_User", Type = DataCatchInfo.DataType.DatabaseWithRegEx, DataPath = @"im_1v1_new_msg_\d+", TableKey = "Table_Msgs", }, new DataProcessInfo() { Key = "File_User", Type = DataProcessInfo.ProcessType.RegEx, ColumnName = "FileName", Content = "(?<AccountID>\\d+)\\.db", OutputColumnName = "AccountID", }, new DataAssociateInfo() { ParentTableKey = "Table_Users", ParentTableColumn = "userID", ChildTableKey = "Table_Friends", ChildFileTableAssociateColumn = "AccountID" }, new DataAssociateInfo() { ParentTableKey = "Table_Friends", ParentTableColumn = "id", ChildTableKey = "Table_Msgs", ChildTableAssociateColumn = "reverse2" }, new DataMarkInfo() { Key = "Table_Users", TableDesc = "登录用户" }, new DataMarkInfo() { Key = "Table_Friends", TableDesc = "好友列表", NotShowAtRoot = true, }, new DataMarkInfo() { Key = "Table_Msgs", NotShowAtRoot = true, TableDesc = "消息记录" } } }; t.Init(); return(t); }