public Timestamp(string newType, long newTimestamp, string newTimestampOrigin, EvidenceObject newEvidenceObject)
{
eventType = newType;
timestamp = newTimestamp;
timestampOrigin = newTimestampOrigin;
evidenceObject = newEvidenceObject;
}
public EvidenceObject(string newTitle, string newType, string newEventId, EvidenceObject newParent)
{
type = newType;
title = newTitle;
eventId = newEventId;
if (newParent == null)
parentId = "";
else
parentId = newParent.eventId;
parent = newParent;
}
public EvidenceObject(string newTitle, string newType, string newEventId, EvidenceObject newParent)
{
type = newType;
title = newTitle;
eventId = newEventId;
if (newParent == null)
{
parentId = "";
}
else
{
parentId = newParent.eventId;
}
parent = newParent;
}
public int CompareTo(object obj)
{
EvidenceObject other = (EvidenceObject)obj;
int value = title.CompareTo(other.title);
if (value != 0)
{
return(value);
}
value = eventId.CompareTo(other.eventId);
if (value != 0)
{
return(value);
}
return(0);
}
private void listView1_SelectedIndexChanged(object sender, EventArgs e)
{
if (listView1.SelectedIndices.Count < 1)
{
return;
}
Timestamp ts = (Timestamp)timestampList[listView1.SelectedIndices[0]];
DateTime dateTime = new DateTime(ts.GetTimestamp());
EvidenceObject currentEvidence;
timeLineViewPort.SetSelectedEventTimestamp(dateTime);
string eventType = ts.GetEventType();
string sourceType = ts.EvidenceObject().GetSourceType();
treeViewEvidenceChain.Nodes.Clear();
currentEvidence = ts.EvidenceObject();
selectedEvidence = currentEvidence;
listViewProperties.Items.Clear();
int i = 0;
while (true)
{
if (currentEvidence.getName(i) == null)
{
break;
}
ListViewItem lvi = new ListViewItem(currentEvidence.getName(i));
lvi.SubItems.Add(currentEvidence.getValue(i));
listViewProperties.Items.Add(lvi);
i++;
}
TreeNode currentTreeNode = null;
do
{
TreeNode parentTreeNode = new TreeNode(currentEvidence.GetSourceType() + " " + currentEvidence.GetEventId() + " " + currentEvidence.GetTitle());
parentTreeNode.ToolTipText = "Type: " + currentEvidence.GetSourceType() + "\nId: " + currentEvidence.GetEventId() + "\nTitle: " + currentEvidence.GetTitle();
parentTreeNode.Expand();
if (currentTreeNode != null)
{
parentTreeNode.Nodes.Add(currentTreeNode);
}
currentTreeNode = parentTreeNode;
if (currentEvidence.GetParentId() == "")
{
break;
}
currentEvidence = db.GetEvidenceObject(Int32.Parse(currentEvidence.GetParentId()));
}while(true);
treeViewEvidenceChain.Nodes.Clear();
treeViewEvidenceChain.Nodes.Add(currentTreeNode);
showEvidenceData(0);
}
public XmlDatabase(string fileName)
{
XmlTextReader xml = new XmlTextReader(fileName);
int count = 0;
while (!xml.EOF)
{
while (!xml.EOF && (xml.NodeType != XmlNodeType.Element || xml.Name != "Evidence"))
{
xml.Read();
}
string title = xml.GetAttribute("title");
string type = xml.GetAttribute("type");
string id = xml.GetAttribute("id");
string parent = xml.GetAttribute("parent");
EvidenceObject parentObject;
if (parent == "" || parent == null)
parentObject = null;
else
parentObject = GetEvidenceObject(Int32.Parse(parent));
EvidenceObject evidenceObject = new EvidenceObject(title, type, id, parentObject);
evidences.Add(evidenceObject);
//Read evidence start tag here
xml.Read();
while (!xml.EOF && xml.NodeType != XmlNodeType.EndElement)
{
if (xml.NodeType == XmlNodeType.Element)
{
if (xml.Name == "Timestamp")
{
string timestampType = xml.GetAttribute("type");
string timestampValue = xml.GetAttribute("value");
string timestampOrigin = xml.GetAttribute("origin");
string timestampTitle = xml.GetAttribute("title");
evidenceObject.addProperty(timestampType, timestampValue);
DateTime datetime = DateTime.Parse(timestampValue);
if (datetime.Year > 1980 && datetime.Year < 2020 && timestampOrigin != null)
timestamps.Add(new Timestamp(timestampType, datetime.Ticks, timestampOrigin, evidenceObject));
count++;
}
else if (xml.Name == "Data")
{
string name = xml.GetAttribute("name");
string value = xml.GetAttribute("value");
evidenceObject.addProperty(name, value);
}
else if (xml.Name == "Chunk")
{
string from = xml.GetAttribute("from");
string to = xml.GetAttribute("to");
evidenceObject.addChunk(Int64.Parse(from), Int64.Parse(to));
}
}
xml.Read();
}
}
timestamps.Sort();
}
public Timestamp(string newType, long newTimestamp, string newTimestampOrigin, EvidenceObject newEvidenceObject)
{
eventType = newType;
timestamp = newTimestamp;
timestampOrigin = newTimestampOrigin;
evidenceObject = newEvidenceObject;
}
public XmlDatabase(string fileName)
{
XmlTextReader xml = new XmlTextReader(fileName);
int count = 0;
while (!xml.EOF)
{
while (!xml.EOF && (xml.NodeType != XmlNodeType.Element || xml.Name != "Evidence"))
{
xml.Read();
}
string title = xml.GetAttribute("title");
string type = xml.GetAttribute("type");
string id = xml.GetAttribute("id");
string parent = xml.GetAttribute("parent");
EvidenceObject parentObject;
if (parent == "" || parent == null)
{
parentObject = null;
}
else
{
parentObject = GetEvidenceObject(Int32.Parse(parent));
}
EvidenceObject evidenceObject = new EvidenceObject(title, type, id, parentObject);
evidences.Add(evidenceObject);
//Read evidence start tag here
xml.Read();
while (!xml.EOF && xml.NodeType != XmlNodeType.EndElement)
{
if (xml.NodeType == XmlNodeType.Element)
{
if (xml.Name == "Timestamp")
{
string timestampType = xml.GetAttribute("type");
string timestampValue = xml.GetAttribute("value");
string timestampOrigin = xml.GetAttribute("origin");
string timestampTitle = xml.GetAttribute("title");
evidenceObject.addProperty(timestampType, timestampValue);
DateTime datetime = DateTime.Parse(timestampValue);
if (datetime.Year > 1980 && datetime.Year < 2020 && timestampOrigin != null)
{
timestamps.Add(new Timestamp(timestampType, datetime.Ticks, timestampOrigin, evidenceObject));
}
count++;
}
else if (xml.Name == "Data")
{
string name = xml.GetAttribute("name");
string value = xml.GetAttribute("value");
evidenceObject.addProperty(name, value);
}
else if (xml.Name == "Chunk")
{
string from = xml.GetAttribute("from");
string to = xml.GetAttribute("to");
evidenceObject.addChunk(Int64.Parse(from), Int64.Parse(to));
}
}
xml.Read();
}
}
timestamps.Sort();
}