private void bkgndSign_RunWorkerCompleted(object sender, RunWorkerCompletedEventArgs e) { try { if (e.Error != null) { throw e.Error; } evidence Evidence = (evidence)e.Result; frmState = frm.FrmState.Normal; FrmEvidence frmEvidence = new FrmEvidence(Evidence); frmEvidence.ShowDialog(this); } catch (Exception ex) { string msg = "Ocurrió un error al generar la firma" + Environment.NewLine; msg += ex.InnerException != null ? ex.InnerException.Message : ex.Message; MetroMessageBox.Show(this, msg, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } frmState = frm.FrmState.Normal; this.Refresh(); //Refrescado de pantalla para que se sigan visualizando las lineas, BUG }
public antiEvidence inverse(evidence ev) { if (ev == evidence.DOTS) { return(antiEvidence.AntiDOTS); } if (ev == evidence.EMF) { return(antiEvidence.AntiEMF); } if (ev == evidence.Fingerprints) { return(antiEvidence.AntiFingerprints); } if (ev == evidence.Orbs) { return(antiEvidence.AntiOrbs); } if (ev == evidence.SpiritBox) { return(antiEvidence.AntiSpiritBox); } if (ev == evidence.Temps) { return(antiEvidence.AntiTemps); } if (ev == evidence.Writing) { return(antiEvidence.AntiWriting); } return(0); }
private string argGetListProcess(evidence evidence) { string response; response = @" -f " + evidence.Route + " --profile=" + evidence.Profile + " pslist"; return(response); }
private string argGetNetScan(evidence evidence) { string response; response = @" -f " + evidence.Route + " --profile=" + evidence.Profile + " netscan"; return(response); }
private string argGetCommands(evidence evidence) { string response; response = @"-f " + evidence.Route + " --profile=" + evidence.Profile + " cmdscan"; return(response); }
private string argGetImageInfo(evidence evidence) { string response; response = @" -f " + evidence.Route + " imageinfo"; return(response); }
private string argVerInfo(evidence evidence) { string response; response = @"-f " + evidence.Route + " --profile=" + evidence.Profile + " verinfo"; return(response); }
private string argListDlls(evidence evidence, process process) { string response; response = @"-f " + evidence.Route + " --profile=" + evidence.Profile + " dlllist -p " + process.Pid; return(response); }
public string Argument(string hability, evidence evidence, process process) { switch (hability) { case "getImageInfo": return(argGetImageInfo(evidence)); case "getListProcess": return(argGetListProcess(evidence)); case "getNetScan": return(argGetNetScan(evidence)); case "getCommands": return(argGetCommands(evidence)); case "verInfo": return(argVerInfo(evidence)); case "processDlls": return(argListDlls(evidence, process)); default: // Default stuff return("noInfo"); } }
public string executeCommand(string command, evidence evidence, process process) { constructArguments construct = new constructArguments(); Service.Service getResponse = new Service.Service(); string argument = construct.Argument(command, evidence, process); string result = getResponse.getVolatilityResponse(argument); return(result); }
public GhostTypes(string name, evidence evidence1, evidence evidence2, evidence evidence3, string desc) { Name = name; Description = desc; this.evidence1 = evidence1; this.evidence2 = evidence2; this.evidence3 = evidence3; var allEvidence = GetEvidence(); List <antiEvidence> anti = new List <antiEvidence>(); anti.Add(antiEvidence.AntiDOTS); anti.Add(antiEvidence.AntiEMF); anti.Add(antiEvidence.AntiFingerprints); anti.Add(antiEvidence.AntiOrbs); anti.Add(antiEvidence.AntiSpiritBox); anti.Add(antiEvidence.AntiTemps); anti.Add(antiEvidence.AntiWriting); foreach (evidence e in allEvidence) { if (e == evidence.DOTS) { anti.Remove(antiEvidence.AntiDOTS); } else if (e == evidence.EMF) { anti.Remove(antiEvidence.AntiEMF); } else if (e == evidence.Fingerprints) { anti.Remove(antiEvidence.AntiFingerprints); } else if (e == evidence.SpiritBox) { anti.Remove(antiEvidence.AntiSpiritBox); } else if (e == evidence.Temps) { anti.Remove(antiEvidence.AntiTemps); } else if (e == evidence.Writing) { anti.Remove(antiEvidence.AntiWriting); } else if (e == evidence.Orbs) { anti.Remove(antiEvidence.AntiOrbs); } } anti1 = anti[0]; anti2 = anti[1]; anti3 = anti[2]; anti4 = anti[3]; }
public bool checkEvidence(evidence ev) { var allEvidence = GetEvidence(); foreach (evidence e in allEvidence) { if (e == ev) { return(true); } } return(false); }
private void bkgndSign_DoWork(object sender, DoWorkEventArgs e) { originalStringToSignModel modelToSign = (originalStringToSignModel)e.Argument; byte[] cer = File.ReadAllBytes(this.txtCer.Text), key = File.ReadAllBytes(this.txtKey.Text); //evidence Evidence = signAction.Sign(txtCer.Text, txtKey.Text, txtPwd.Text, modelToSign); evidence Evidence = signAction.Sign(cer, key, txtPwd.Text, modelToSign); e.Result = Evidence; }
private void contextMenuEvidence_ItemClicked(object sender, ToolStripItemClickedEventArgs e) { var fileContent = string.Empty; var filePath = string.Empty; using (OpenFileDialog openFileDialog = new OpenFileDialog()) { openFileDialog.InitialDirectory = "c:"; openFileDialog.Filter = "dmp files (*.dmp)|*.dmp|All files (*.*)|*.*"; openFileDialog.FilterIndex = 2; openFileDialog.RestoreDirectory = true; if (openFileDialog.ShowDialog() == DialogResult.OK) { filePath = openFileDialog.FileName; evidence.Nodes[0].Nodes.Add(filePath); memoryDump = new evidence(filePath, openFileDialog.FileName); } } }
public FrmEvidence(evidence Evidence) { InitializeComponent(); this.Evidence = Evidence; this.init(); }