protected ForensicResultItem loadFileAttribute(string filePath) { DataTable dt = new DataTable(); dt.Columns.AddRange( new DataColumn[] { new DataColumn("FileName", System.Type.GetType("System.String")), new DataColumn("RelativePath", System.Type.GetType("System.String")), new DataColumn("PCPath", System.Type.GetType("System.String")), new DataColumn("LastWriteTime", System.Type.GetType("System.DateTime")), }); FileInfo info = new FileInfo(filePath); DataRow dr = dt.NewRow(); dr["FileName"] = info.Name; dr["RelativePath"] = info.FullName.Substring(Environment.PCPath.Length); dr["LastWriteTime"] = info.LastWriteTime; dr["PCPath"] = filePath; dt.Rows.Add(dr); dt.TableName = Info.Key; var res = new ForensicResultItem() { Key = Info.Key, Table = dt }; res.ParentFile = res; return(res); }
void loadTableColumnDesc(ForensicResultItem item, ref HashSet <ForensicResultItem> buffer) { if (buffer.Contains(item)) { return; } buffer.Add(item); if (item.Table != null) { if (item.MarkInfo != null && item.MarkInfo.ColumnDescs != null) { if (item.MarkInfo.OnlyShowDesc == true) { var tNames = item.MarkInfo.ColumnDescs.Select(c => c.Name).ToArray(); item.Table = item.Table.DefaultView.ToTable(false, tNames); } foreach (var it in item.MarkInfo.ColumnDescs) { if (it.Desc != null && item.Table.Columns[it.Name] != null) { item.Table.Columns[it.Name].ColumnName = it.Desc; } } } } if (item.Children != null) { foreach (var it in item.Children) { loadTableColumnDesc(it, ref buffer); } } }
bool copyTargetFiles() { try { if (!Environment.CatchDataTables.ContainsKey(Info.Key) || Environment.CatchDataTables[Info.Key].Count == 0) { return(false); } filePathItem = Environment.CatchDataTables[Info.Key][0]; filePaths = new List <string>(); for (int i = 0; i < filePathItem.Table.Rows.Count; ++i) { var path = Convert.ToString(filePathItem.Table.Rows[i]["PCPath"]); FileInfo file = new FileInfo(path); if (file.Exists) { path += ".proc"; filePathItem.Table.Rows[i]["PCPath"] = path; // true is overwrite file.CopyTo(path, true); filePaths.Add(path); } } return(true); } catch { return(false); } }
ForensicResultItem getDescItem(ForensicResultItem parent, string keyContent) { var t = parent.Children.FirstOrDefault(c => c.Desc == keyContent); if (t != null) { return(t); } var list = parent.Table.AsEnumerable().Where(c => Convert.ToString(c[Info.ParentTableColumn]) == keyContent); DataTable dtNew = parent.Table.Clone(); foreach (var dr in list) { dtNew.ImportRow(dr); } t = new ForensicResultItem() { Key = parent.Key, Desc = keyContent, Table = dtNew }; parent.Children.Add(t); parent.IsMutiTableParent = true; return(t); }
public IEnumerable <WordWeight> ExtractTagsWithWeight(ForensicResultItem item) { init(); string res = string.Join(" ", item.GetColumnDataByMark(UserTextMark)); return(Extractor.ExtractTagsWithWeight(res, KeywordCount).Select(c => new WordWeight() { Weight = c.Weight, Word = c.Word, })); }
bool loadTargetFiles() { if (!Environment.CatchDataTables.ContainsKey(Info.Key) || Environment.CatchDataTables[Info.Key].Count == 0) { return(false); } fileResultItem = Environment.CatchDataTables[Info.Key][0]; filePaths = new List <string>(); for (int i = 0; i < fileResultItem.Table.Rows.Count; ++i) { filePaths.Add(Convert.ToString(fileResultItem.Table.Rows[i]["PCPath"])); } return(true); }
void handleChildAssociateColumn() { var res = new List <ForensicResultItem>(); for (int i = 0; i < parentTables.Count; ++i) { var keyContents = parentTables[i].Table.AsEnumerable().Select(c => Convert.ToString(c[Info.ParentTableColumn])).Distinct(); foreach (var it in keyContents) { var tKey = getDescItem(parentTables[i], it); for (int j = 0; j < childTables.Count; ++j) { if (Info.Type == DataAssociateInfo.AssociateType.InSameFile && childTables[j].ParentFile != parentTables[i].ParentFile) { continue; } var list = childTables[j].Table.AsEnumerable().Where(c => Convert.ToString(c[Info.AssociateColumn]) == it); if (list.Count() == 0) { continue; } DataTable dtNew = childTables[j].Table.Clone(); foreach (var dr in list) { dtNew.ImportRow(dr); } var t = new ForensicResultItem() { IsMarkInfoFromParent = true, ParentData = childTables[i], ParentFile = childTables[i].ParentFile, Table = dtNew, }; res.Add(t); tKey.Children.Add(t); } } } if (Info.Key != null) { Environment.CatchDataTables.Add(Info.Key, res); } }
void Init() { if (PCPath.Last() != '\\') { PCPath += '\\'; } DataSource = new ForensicResultItem() { Desc = "数据集合", }; Result = new ForensicResultItem() { Desc = RulePackage.Desc, }; Result.Children.Add(DataSource); LuaEnvironment.forensicPackage = this; }
protected ForensicResultItem loadFileAttribute(List <string> filePaths, List <string> filePathMatches) { DataTable dt = new DataTable(); dt.Columns.AddRange( new DataColumn[] { new DataColumn("FileName", System.Type.GetType("System.String")), new DataColumn("RelativePath", System.Type.GetType("System.String")), new DataColumn("PCPath", System.Type.GetType("System.String")), new DataColumn("LastWriteTime", System.Type.GetType("System.DateTime")), new DataColumn("FileNameMatch", System.Type.GetType("System.String")), }); dt.TableName = Info.Key; var res = new ForensicResultItem() { Key = Info.Key, Table = dt, IsMutiTableParent = true }; for (int i = 0; i < filePaths.Count; ++i) { FileInfo info = new FileInfo(filePaths[i]); DataRow dr = dt.NewRow(); dr["FileName"] = info.Name; dr["RelativePath"] = info.FullName.Substring(Environment.PCPath.Length); dr["LastWriteTime"] = info.LastWriteTime; dr["FileNameMatch"] = filePathMatches[i]; dr["PCPath"] = filePaths[i]; dt.Rows.Add(dr); var tTable = dt.Clone(); tTable.TableName = filePathMatches[i]; tTable.ImportRow(dr); var t = new ForensicResultItem() { Key = Info.Key, ParentData = res, Table = tTable, }; t.ParentFile = t; res.Children.Add(t); } return(res); }
public void DoWork() { if (loadDataTables()) { for (int i = 0; i < Tables.Count; ++i) { Tables[i].MarkInfo = Info; if (Info.TableDescScriptChunk != null) { Environment.LuaEnvironment.dataTable = Tables[i]; Tables[i].Desc = Environment.LuaEnvironment.dochunk(Info.TableDescScriptChunk)[0]; } } if (Info.NotShowAtRoot == true) { return; } var t = Tables.FirstOrDefault(); if (t != null && t.ParentData == null) { if (Tables.Count == 1) { Environment.Result.Children.Add(Tables[0]); } else { var tItem = new ForensicResultItem() { Children = Tables, MarkInfo = Info }; Environment.Result.Children.AddRange(Tables); } } } }
public void DoWork() { if (!loadTargetFiles()) { return; } Func <string, DataTable> funcHandle = null; switch (Info.Type) { case DataCatchInfo.DataType.None: return; case DataCatchInfo.DataType.Binary: funcHandle = handleBinary; break; case DataCatchInfo.DataType.Text: funcHandle = handleText; break; case DataCatchInfo.DataType.Xml: funcHandle = handleXml; break; case DataCatchInfo.DataType.Database: funcHandle = handleDatabase; break; default: break; } var Results = new List <ForensicResultItem>(); if (funcHandle != null) { int i = 0; foreach (var it in filePaths) { var table = funcHandle(it); if (Info.Select != null) { var drArr = table.Select(Info.Select); DataTable dtNew = table.Clone(); for (int j = 0; j < drArr.Length; j++) { dtNew.ImportRow(drArr[j]); } table = dtNew; } if (table != null) { //table.TableName = Info.TableKey; var item = new ForensicResultItem() { Key = Info.TableKey, ParentFile = fileResultItem.IsMutiTableParent? fileResultItem.Children[i]:fileResultItem, Table = table }; if (Info.Desc != null) { item.Desc = Info.Desc; } Results.Add(item); if (Info.CatchToFileDataTree) { item.ParentFile.Children.Add(item); } } ++i; } } else { int i = 0; foreach (var it in filePaths) { var tables = handleDatabaseWithRegEx(it); if (tables.Count > 0) { var itemParemt = new ForensicResultItem() { Key = Info.TableKey, IsMutiTableParent = true, ParentFile = fileResultItem.IsMutiTableParent ? fileResultItem.Children[i] : fileResultItem, }; if (Info.Desc != null) { itemParemt.Desc = Info.Desc; } foreach (var t in tables) { var table = t; if (Info.Select != null) { var drArr = table.Select(Info.Select); DataTable dtNew = table.Clone(); for (int j = 0; j < drArr.Length; j++) { dtNew.ImportRow(drArr[j]); } table = dtNew; } var item = new ForensicResultItem() { Key = Info.TableKey, ParentFile = itemParemt.ParentFile, Table = table }; itemParemt.Children.Add(item); } Results.Add(itemParemt); if (Info.CatchToFileDataTree) { itemParemt.ParentFile.Children.Add(itemParemt); } } ++i; } } Environment.CatchDataTables.Add(Info.TableKey, Results); Environment.DataSource.Children.AddRange(Results); }
public static object GetFirstColumnDataFromParentFile(ForensicResultItem fileItem, string TableKey, string ColumnName) { return(fileItem.Children.First(c => c.Key == TableKey).Table.Rows[0][ColumnName]); }
public static object GetFirstColumnDataFromItem(ForensicResultItem item, string ColumnName) { return(item.Table.Rows[0][ColumnName]); }