package it.ht.rcs.console.evidence.rest
{
import flash.utils.describeType;
import it.ht.rcs.console.agent.rest.DBAgentDemo;
import it.ht.rcs.console.evidence.model.Evidence;
import it.ht.rcs.console.evidence.model.EvidenceData;
import it.ht.rcs.console.evidence.model.EvidenceDataAddress;
import it.ht.rcs.console.evidence.model.Filter;
import it.ht.rcs.console.evidence.model.Tag;
import it.ht.rcs.console.evidence.model.TypeCount;
import it.ht.rcs.console.target.rest.DBTargetDemo;
import mx.collections.ArrayCollection;
import mx.rpc.events.ResultEvent;
import mx.utils.ObjectUtil;
public class DBEvidenceDemo implements IDBEvidence
{
private var filter:Object;
private const SECONDS_PER_DAY:uint = (60 * 60 * 24)
private static const DAY:uint = (1000 * 60 * 60 * 24)
private static const HOUR:uint = (1000 * 60 * 60)
private static const MINUTE:uint = (1000 * 60)
private static var now:Date = new Date()
private static var yesterday:Date = new Date(now.time - DAY)
private static var tenDaysAgo:Date = new Date(now.time - (DAY * 10))
private static function convertToUnix(value:Date):String
{
return Math.round(value.getTime() / 1000).toString();
}
public static var evidence:ArrayCollection = new ArrayCollection([
// Jimmy Page (Nashville) a1 desktop
//chat ! ALERTED
new Evidence({_id: 'e24', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 50, 51)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 57, 00)), _mid: 0, note: '', rel: 4, type: 'chat', data: new EvidenceData({program: 'Twitter', from: 'jimmypage', from_display: 'Jimmy Page', content: 'JimmyPage: Going to Nashville this weekend', tr: 'JimmyPage: Going to Nashville this weekend'})}),
//device
new Evidence({_id: 'e12', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 53, 51)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 58, 39)), _mid: 0, note: '', rel: 0, type: 'device', data: new EvidenceData({content: '
Processor: 4 x Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Memory: 1920MB free / 3654MB total (47% used)
Disk: 70211MB free / 101828MB total
Battery: AC Connected - 55%
OS Version: Windows 7 Ultimate (64bit)
Registered to: Microsoft (Microsoft) {}
Locale settings: it_IT (UTC +01:00)
Time delta: +00:00:00
User: RCS Demo {ADMIN}
SID: S-1-5-21-1932372789-2859129667-2835794646-1000
Drive List:
C:\\ "OS" (disk)
Application List:
Intel(R) Rapid Start Technology (1.0.0.1022)
Adobe Flash Player 11 ActiveX (11.3.300.265)
Adobe Flash Player 11 Plugin (11.5.502.110)
Advanced Audio FX Engine (1.12.05)
BlackBerry Desktop Software 6.1 (6.1.0.36)
Kaspersky Internet Security 2013 (13.0.1.4190)
Mozilla Firefox 16.0.2 (x86 en-US) (16.0.2)
Mozilla Maintenance Service (16.0.2)
Microsoft Office Professional Plus 2010 (14.0.4763.1000)
TrueCrypt (7.1a)
Windows Live Essentials (15.4.3508.1109)
Dell DataSafe Local Backup (9.4.67)
Intel(R) USB 3.0 eXtensible Host Controller Driver (1.0.5.235)
Java 7 Update 9 (7.0.90)
Windows Live Mesh ActiveX Control for Remote Connections (15.4.5722.2)
Intel(R) Rapid Storage Technology (11.1.0.1006)
Absolute Reminder (2.0.0.19)
Intel(R) Management Engine Components (8.0.10.1464)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (9.0.30729)
Microsoft Silverlight (4.0.50401.0)
Intel(R) WiDi (3.0.12.0)
Microsoft Office (14.0.6120.5004)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (9.0.30729)
Dell Digital Delivery (2.1.1002.0)
Dell DataSafe Local Backup - Support Software (9.4.67)
Adobe Reader X MUI (10.0.0)
Skype™ 6.0 (6.0.126)
Microsoft SQL Server 2005 Compact Edition [ENU] (3.1.0000)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Intel(R) Processor Graphics (8.15.10.2761)
Realtek High Definition Audio Driver (6.0.1.6662)
Intel(R) Control Center (1.2.1.1007)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (9.0.21022)
Application List:
Dell Support Center (3.1.5907.16)
Microsoft .NET Framework 4 Client Profile (4.0.30319)
Microsoft .NET Framework 4 Extended (4.0.30319)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (10.0.40219)
Intel(R) Wireless Display
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (2.1.1.0153)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (15.1.0.0096)
Intel® PROSet/Wireless WiFi Software (15.01.1000.0927)
Cypress TrackPad (2.5.0.43)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (9.0.30729)
Quickset64 (11.1.27)
Dell Edoc Viewer (1.0.0)
Intel(R) Smart Connect Technology 3.0 x64 (3.0.30.1526)
'})}),
//password
new Evidence({_id: 'e02', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 53, 54)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 58, 42)), _mid: 0, note: '', rel: 0, type: 'password', data: new EvidenceData({user: 'jimmy.page', pass: 'alpha123', program: 'Firefox/Thunderbird', service: 'https://accounts.google.com'})}),
new Evidence({_id: 'e03', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 53, 54)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 58, 42)), _mid: 0, note: '', rel: 0, type: 'password', data: new EvidenceData({user: 'jimmy.page@gmail.com', pass: 'alpha123', program: 'Firefox/Thunderbird', service: 'http://www.facebook.com'})}),
new Evidence({_id: 'e04', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 53, 54)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 58, 42)), _mid: 0, note: '', rel: 0, type: 'password', data: new EvidenceData({user: 'jimmy.page', pass: 'beta456', program: 'Firefox/Thunderbird', service: 'https://twitter.com'})}),
new Evidence({_id: 'e05', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 53, 54)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 58, 42)), _mid: 0, note: '', rel: 0, type: 'password', data: new EvidenceData({user: 'root', pass: 'admin', program: 'Firefox/Thunderbird', service: 'http://172.16.42.100'})}),
//photo
new Evidence({_id: 'e32', aid: 'a1', blo: false, da: convertToUnix(new Date(now.fullYear, now.month, now.date, 16, 29, 07)), dr: convertToUnix(new Date(now.fullYear, now.month, now.date, 16, 30, 06)), _mid: 0, note: '', rel: 0, type: 'photo', data: new EvidenceData({tags: [new Tag({name: 'Jimmy Page', handle: 'jimmy.page@gmail.com', type: 'facebook'}), new Tag({name: 'Alejandro Reade', handle: 'alejandro.reade@gmail.com', type: 'facebook'})],program: 'photo.exe', window: 'Jimmy Page - Photos', _grid: 'pub.jpg', desc:'We had a good time', latitude: 34.031249, longitude: -118.151848, accuracy: 51.0, address: new EvidenceDataAddress({text: "Danny's Pub"})})}),
//money
new Evidence({_id: 'e96', aid: 'a1', blo: false, da: convertToUnix(new Date(now.fullYear, now.month, now.date, 14, 53, 59)), dr: convertToUnix(new Date(now.fullYear, now.month, now.date, 14, 58, 43)), _mid: 0, note: '', rel: 0, type: 'money', data: new EvidenceData({type: 'wallet', currency:'bitcoin',version:'80600', encrypted:false,size:'73728',balance:0})}),
new Evidence({_id: 'e97', aid: 'a1', blo: false, da: convertToUnix(new Date(now.fullYear, now.month, now.date, 14, 53, 59)), dr: convertToUnix(new Date(now.fullYear, now.month, now.date, 14, 59, 12)), _mid: 0, note: '', rel: 0, type: 'money', data: new EvidenceData({type: 'tx', currency:'bitcoin',from:'MINED BLOCK',rcpt:'LeTee2MvtE71F56rEzed77JEDCs9342', amount:0.05172392, incoming:true, balance:0,id:'0a2f66294be270a20f3ab0933040afd479ebe8rd63107eef4d00000943bee'})}),
new Evidence({_id: 'e97', aid: 'a1', blo: false, da: convertToUnix(new Date(now.fullYear, now.month, now.date, 14, 53, 59)), dr: convertToUnix(new Date(now.fullYear, now.month, now.date, 14, 59, 12)), _mid: 0, note: '', rel: 0, type: 'money', data: new EvidenceData({type: 'tx', currency:'bitcoin',from:'MINED BLOCK',rcpt:'LeTee2MvtE71F56rEzed77JEDCs9342', amount:0.09277216, incoming:false, balance:0,id:'0a2f66294be270a20f3ab0933040afd479ebe8rd63107eef4d00000943bee'})}),
//position
new Evidence({_id: 'e06', aid: 'a1', blo: false, da: convertToUnix(new Date(now.fullYear, now.month, now.date, 14, 53, 59)), dr: convertToUnix(new Date(now.fullYear, now.month, now.date, 14, 58, 43)), _mid: 0, note: '', rel: 0, type: 'position', data: new EvidenceData({type: 'WIFI', latitude: 34.031249, longitude: -118.151848, accuracy: 51.0, address: new EvidenceDataAddress({text: "5257 E Beverly Blvd - East Los Angeles, CA 90022"}), wifi: [{mac: "98:FC:11:7A:82:AF", sig: -69, bssid: "PC-DOMENICO2_Network"}, {mac: "00:25:53:90:A8:76", sig: -76, "bssid": "TISCALI"}, {mac: "E8:40:40:80:61:B8", sig: -58, bssid: "ht-guest-wifi"}, {mac: "58:6D:8F:A0:50:71", sig: -37, bssid: "CiscoE4200"}, {mac: "00:24:89:20:3F:C5", sig: -76, bssid: "Vodafone-11116924"}, {mac: "30:85:A9:AA:CD:50", sig: -84, bssid: "ht-guest-wifi"}, {mac: "00:23:F8:30:A3:BC", sig: -71, bssid: "RSSM"}, {mac: "D4:D1:84:EA:90:07", sig: -85, bssid: "Telecom-82481153"}]})}),
//camera
new Evidence({_id: 'e35', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 53, 59)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 58, 43)), _mid: 0, note: '', rel: 0, type: 'camera', data: new EvidenceData({_grid: '50bcc583572d6e0d0000019b.jpg'})}),
//mouse
new Evidence({_id: 'e38', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 57, 28)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 58, 51)), _mid: 0, note: '', rel: 0, type: 'mouse', data: new EvidenceData({program: 'explorer.exe', window: 'FolderView', x: '44', y: '345', resolution: '1366 x 768', _grid: '50bcb01c572d6e0d00000017.jpg'})}),
new Evidence({_id: 'e39', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 58, 27)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 59, 02)), _mid: 0, note: '', rel: 0, type: 'mouse', data: new EvidenceData({program: 'Skype.exe', window: 'UNKNOWN', x: '218', y: '268', resolution: '1366 x 768', _grid: '50bcb026572d6e0d0000004f.jpg'})}),
new Evidence({_id: 'e40', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 58, 27)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 58, 27)), _mid: 0, note: '', rel: 0, type: 'mouse', data: new EvidenceData({program: 'Skype.exe', window: 'UNKNOWN', x: '322', y: '451', resolution: '1366 x 768', _grid: '50bcb057572d6e0d0000005a.jpg'})}),
//chat
new Evidence({_id: 'e21', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 56, 11)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 16, 41)), _mid: 0, note: '', rel: 0, type: 'chat', data: new EvidenceData({program: 'Facebook', topic: '', incoming: true, rcpt: 'jimmy.page', from: 'joey.fargo', from_display: 'joey.fargo', content: 'Joey Fargo: لدي بعض المعلومات بالنسبة لك حول ناشفيل', tr: 'Joey Fargo: I have some information for you on Nashville '})}),
new Evidence({_id: 'e22', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 56, 51)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 16, 41)), _mid: 0, note: '', rel: 0, type: 'chat', data: new EvidenceData({program: 'Facebook', topic: '', rcpt: 'joey.fargo', from: 'jimmy.page', from_display: 'jimmy.page', content: 'Jimmy Page: OK, meet me on Skype', tr: 'Jimmy Page: OK, meet me on Skype'})}),
//mouse
new Evidence({_id: 'e41', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 12, 15)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 13, 48)), _mid: 0, note: '', rel: 0, type: 'mouse', data: new EvidenceData({program: 'explorer.exe', window: 'Shut down', x: '352', y: '702', resolution: '1366 x 768', _grid: '50bcb39c572d6e0d00000122.jpg'})}),
//position
new Evidence({_id: 'e07', aid: 'a1', blo: false, da: convertToUnix(new Date(now.fullYear, now.month, now.date, 16, 36, 26)), dr: convertToUnix(new Date(now.fullYear, now.month, now.date, 16, 37, 33)), _mid: 0, note: '', rel: 0, type: 'position', data: new EvidenceData({type: 'WIFI', latitude: 34.034733, longitude: -118.152413, accuracy: 49.0, address: new EvidenceDataAddress({text: "5220 Telford St - East Los Angeles, CA 90022"}), wifi: [{mac: "98:FC:11:7A:82:AF", sig: -69, bssid: "PC-DOMENICO2_Network"}, {mac: "00:25:53:90:A8:76", sig: -76, "bssid": "TISCALI"}, {mac: "E8:40:40:80:61:B8", sig: -58, bssid: "ht-guest-wifi"}, {mac: "58:6D:8F:A0:50:71", sig: -37, bssid: "CiscoE4200"}, {mac: "00:24:89:20:3F:C5", sig: -76, bssid: "Vodafone-11116924"}, {mac: "30:85:A9:AA:CD:50", sig: -84, bssid: "ht-guest-wifi"}, {mac: "00:23:F8:30:A3:BC", sig: -71, bssid: "RSSM"}, {mac: "D4:D1:84:EA:90:07", sig: -85, bssid: "Telecom-82481153"}]})}),
//camera
new Evidence({_id: 'e36', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 36, 52)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 37, 35)), _mid: 0, note: '', rel: 0, type: 'camera', data: new EvidenceData({_grid: '50bcb013572d6e0d00000008.jpg'})}),
//chat
new Evidence({_id: 'e23', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 57, 31)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 16, 41)), _mid: 0, note: '', rel: 0, type: 'chat', data: new EvidenceData({program: 'Facebook', topic: '', incoming: true, rcpt: 'jimmy.page', from: 'joey.fargo', from_display: 'joey.fargo', content: 'Joey Fargo: بلى', tr: 'Joey fargo: Yeah'})}),
//addressbook
new Evidence({_id: 'e14', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 57, 55)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 58, 54)), _mid: 0, note: '', rel: 0, type: 'addressbook', data: new EvidenceData({name: 'Jdoe', contact: '', info: 'Screen name: Jhone Doe', program: 'skype', type: 'peer'})}),
//new Evidence({_id: 'e15', aid: 'a1', blo: false, da: convertToUnix(new Date(2012,11,03,14,57,55)), dr: convertToUnix(new Date(2012,11,03,14,58,54)), _mid: 0, note: '', rel: 0, type: 'addressbook', data: new EvidenceData({name:'//ro_uic',contact:'', info:'Screen name: Quequero', program:'skype', type:'peer'})}),
new Evidence({_id: 'e16', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 57, 55)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 58, 54)), _mid: 0, note: '', rel: 0, type: 'addressbook', data: new EvidenceData({name: 'Jane Doe', contact: '', info: 'Screen name: Jane 67', program: 'skype', type: 'peer'})}),
new Evidence({_id: 'e141', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 57, 55)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 58, 54)), _mid: 0, note: '', rel: 0, type: 'addressbook', data: new EvidenceData({name: 'Public wallet', contact: '15wB7ipHhmPyh6vKbuTCMbX5oNp3', info: 'Screen name: Jhone Doe', program: 'bitcoin', type: 'target'})}),
//camera
new Evidence({_id: 'e37', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 57, 55)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 58, 54)), _mid: 0, note: '', rel: 0, type: 'camera', data: new EvidenceData({_grid: '50bcb01c572d6e0d0000001a.jpg'})}),
//addresbook
new Evidence({_id: 'e17', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 57, 57)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 58, 55)), _mid: 0, note: '', rel: 0, type: 'addressbook', data: new EvidenceData({name: 'pangoeye@mailcatch.com', contact: '', info: 'Screen name: Mark Klovenberg', program: 'gmail', type: 'peer'})}),
new Evidence({_id: 'e18', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 57, 57)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 58, 55)), _mid: 0, note: '', rel: 0, type: 'addressbook', data: new EvidenceData({name: 'scissor@mailcatch.com', contact: '', info: 'Screen name: Luis Anderson', program: 'gmail', type: 'peer'})}),
new Evidence({_id: 'e19', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 57, 57)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 58, 55)), _mid: 0, note: '', rel: 0, type: 'addressbook', data: new EvidenceData({name: 'Jimmy Page', contact: '', info: 'Facebook page: /pippo.pluto.73345048', program: 'facebook', type: 'target'})}),
//keylog
//new Evidence({_id: 'e08', aid: 'a1', blo: false, da: convertToUnix(new Date(2012,11,03,15,01,42)), dr: convertToUnix(new Date(2012,11,03,15,01,46)), _mid: 0, note: '', rel: 0, type: 'keylog', data: new EvidenceData({program: 'Skype.exe', window: 'Skype™ - Add a contact', content:'alberto.ornaghi'})}),
new Evidence({_id: 'e09', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 01, 44)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 02, 46)), _mid: 0, note: '', rel: 0, type: 'keylog', data: new EvidenceData({program: 'TrueCrypt.exe', window: 'Enter password for C:\\Users\\RCS Demo\Desktop\\secret_op.tc', content: 'secret123TP!'})}),
//call
//new Evidence({_id: 'e30', aid: 'a1', blo: false, da: convertToUnix(new Date(2012,11,03,15,05,08)), dr: convertToUnix(new Date(2012,11,03,15,05,51)), _mid: 0, note: '', rel: 0, type: 'call', data: new EvidenceData({peer:'bmuschitiello.cons.mi', program:'Skype', duration:'11.990408163265307', _grid:'50bcb1bf572d6e0d0000009d.mp3'})}),
//chat
//new Evidence({_id: 'e25', aid: 'a1', blo: false, da: convertToUnix(new Date(2012,11,03,15,08,18)), dr: convertToUnix(new Date(2012,11,03,15,08,47)), _mid: 0, note: '', rel: 0, type: 'chat', data: new EvidenceData({program: 'SKYPE', topic:'', peer:'alberto.ornaghi proc.test', content:'proc.test: Hi alberto.ornaghi! I’d like to add you on Skype. JimmyPage'})}),
new Evidence({_id: 'e26', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 09, 45)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 10, 48)), _mid: 0, note: '', rel: 0, type: 'chat', data: new EvidenceData({program: 'SKYPE', topic: '', peer: 'alejandro.reade jimmy.page', content: 'alejandro.reade: Here we are!', tr: 'alejandro.reade: Here we are!'})}),
//call
new Evidence({_id: 'e31', aid: 'a1', blo: false, da: convertToUnix(new Date(now.fullYear, now.month, now.date, 15, 09, 52)), dr: convertToUnix(new Date(now.fullYear, now.month, now.date, 15, 10, 51)), _mid: 0, note: '', rel: 2, type: 'call', data: new EvidenceData({peer: 'alejandro.reade', program: 'Skype', duration: '49.03451247165534', _grid: '50bcb1bf572d6e0d0000009d.mp3'})}),
//keylog
new Evidence({_id: 'e10', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 10, 54)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 11, 46)), _mid: 0, note: '', rel: 0, type: 'keylog', data: new EvidenceData({program: 'TrueCrypt.exe', window: 'TrueCrypt', content: '↵'})}),
new Evidence({_id: 'e11', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 10, 59)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 11, 46)), _mid: 0, note: '', rel: 0, type: 'keylog', data: new EvidenceData({program: 'explorer.exe', window: 'Program Manager', content: '␡'})}),
//file - check for download !!!
new Evidence({_id: 'e13', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 11, 08)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 11, 49)), _mid: 0, note: '', rel: 0, type: 'file', data: new EvidenceData({path: 'op_nash.doc', type: 'capture', size: '101376'})}),
//addressbook --------------
new Evidence({_id: 'e19', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 58, 01)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 58, 58)), _mid: 0, note: '', rel: 0, type: 'addressbook', data: new EvidenceData({name: 'Faber O\'Connell', contact: '', info: 'Home address street: Kulim Facebook page: /f.c', program: 'facebook', type: 'peer'})}),
new Evidence({_id: 'e20', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 58, 01)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 58, 58)), _mid: 0, note: '', rel: 0, type: 'addressbook', data: new EvidenceData({name: 'Deejay', contact: '', info: 'Screen name: deejay', program: 'twitter', type: 'friend'})}),
//chat
new Evidence({_id: 'e26', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 10, 09)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 10, 48)), _mid: 0, note: '', rel: 0, type: 'chat', data: new EvidenceData({program: 'SKYPE', topic: '', peer: 'alejandro.reade jimmy.page', content: 'alejandro.reade: posted file secret_op.tc to members of this conversation', tr: 'alejandro.reade: posted file secret_op.tc to members of this conversation'})}),
new Evidence({_id: 'e26', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 10, 09)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 10, 48)), _mid: 0, note: '', rel: 0, type: 'chat', data: new EvidenceData({program: 'SKYPE', topic: '', peer: 'alejandro.reade jimmy.page', content: 'alejandro.reade: posted file secret_op.tc to members of this conversation', tr: 'alejandro.reade: posted file secret_op.tc to members of this conversation', _grid:'50bcb444572d6e0d00000140.jpg'})}),
//url
new Evidence({_id: 'e27', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 14, 36)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 14, 46)), _mid: 0, note: '', rel: 0, type: 'url', data: new EvidenceData({url: 'www.howtomakeabomb.com', title: 'How to make a bomb!', program: 'Firefox', keywords: ''})}),
new Evidence({_id: 'e28', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 14, 37)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 14, 46)), _mid: 0, note: '', rel: 0, type: 'url', data: new EvidenceData({url: 'http://www.facebook.com/messages/jimmy.page', title: 'Jimmy Page - Messages - Mozilla Firefox', program: 'Firefox', keywords: ''})}),
new Evidence({_id: 'e29', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 14, 38)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 14, 46)), _mid: 0, note: '', rel: 0, type: 'url', data: new EvidenceData({url: 'http://www.yahoo.com/', title: 'Yahoo - Mozilla Firefox', program: 'Firefox', keywords: ''})}),
//screenshot
new Evidence({_id: 'e32', aid: 'a1', blo: false, da: convertToUnix(new Date(now.fullYear, now.month, now.date, 16, 29, 07)), dr: convertToUnix(new Date(now.fullYear, now.month, now.date, 16, 30, 06)), _mid: 0, note: '', rel: 0, type: 'screenshot', data: new EvidenceData({program: 'firefox.exe', window: 'Jimmy Page - Messaggi - Mozilla Firefox', _grid: '50bcb444572d6e0d00000140.jpg'})}),
new Evidence({_id: 'e32', aid: 'a1', blo: false, da: convertToUnix(new Date(now.fullYear, now.month, now.date, 15, 14, 36)), dr: convertToUnix(new Date(now.fullYear, now.month, now.date, 15, 14, 36)), _mid: 0, note: '', rel: 0, type: 'screenshot', data: new EvidenceData({program: 'rundll32.exe', window: 'Status Log', _grid: '50bcc57e572d6e0d0000016a.jpg'})}),
new Evidence({_id: 'e33', aid: 'a1', blo: false, da: convertToUnix(new Date(now.fullYear, now.month, now.date, 15, 14, 36)), dr: convertToUnix(new Date(now.fullYear, now.month, now.date, 15, 14, 36)), _mid: 0, note: '', rel: 0, type: 'screenshot', data: new EvidenceData({program: 'Rim.Desktop.exe', window: 'BlackBerry® Desktop Software', _grid: '50bcc581572d6e0d00000184.jpg'})}),
new Evidence({_id: 'e34', aid: 'a1', blo: false, da: convertToUnix(new Date(now.fullYear, now.month, now.date, 15, 14, 36)), dr: convertToUnix(new Date(now.fullYear, now.month, now.date, 15, 14, 36)), _mid: 0, note: '', rel: 0, type: 'screenshot', data: new EvidenceData({program: 'Skype.exe', window: 'Skype', _grid: '50bcc583572d6e0d00000194.jpg'})}),
//chat
new Evidence({_id: 'e70', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 56, 11)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 16, 41)), _mid: 0, note: '', rel: 0, type: 'chat', data: new EvidenceData({program: 'Skype', topic: '', incoming: true, rcpt: 'jimmy.page', from: 'alejandro.reade', from_display: 'alejandro.reade', content: 'Alejandro Reade: Hi Jimmy!?', tr: 'Hi Jimmy!'})}),
new Evidence({_id: 'e71', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 56, 51)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 16, 41)), _mid: 0, note: '', rel: 0, type: 'chat', data: new EvidenceData({program: 'Skype', topic: '', incoming: false, rcpt: 'alejandro.reade', from: 'jimmy.page', from_display: 'jimmy.page', content: 'Jimmy Page: Hi bro', tr: 'Jimmy Page: Hi bro'})}),
new Evidence({_id: 'e72', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 57, 31)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 16, 41)), _mid: 0, note: '', rel: 0, type: 'chat', data: new EvidenceData({program: 'Skype', topic: '', incoming: true, rcpt: 'jimmy.page', from: 'alejandro.reade', from_display: 'alejandro.reade', content: 'Alejandro Reade: How are you?', tr: 'Alejandro Reade: How are you?'})}),
//mouse
new Evidence({_id: 'e41', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 03, 10, 39)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 14, 04)), _mid: 0, note: '', rel: 0, type: 'mouse', data: new EvidenceData({program: 'explorer.exe', window: 'Running applications', x: '288', y: '752', resolution: '1366 x 768', _grid: '50bcb3d8572d6e0d00000134.jpg'})}),
//mobile (Joey Fargo)
new Evidence({_id: 'e50', aid: 'a6', blo: false, da: convertToUnix(new Date(now.fullYear, now.month, now.date, 03, 10, 39)), dr: convertToUnix(new Date(now.fullYear, now.month, now.date, 15, 14, 5)), _mid: 0, note: '', rel: 0, type: 'calendar', data: new EvidenceData({event: 'Christmas', begin: 1356393600, end: 1356480000})}),
new Evidence({_id: 'e51', aid: 'a6', blo: false, da: convertToUnix(new Date(now.fullYear, now.month, now.date, 03, 10, 39)), dr: convertToUnix(new Date(now.fullYear, now.month, now.date, 03, 10, 39)), _mid: 0, note: '', rel: 0, type: 'device', data: new EvidenceData({content: '-- SYSTEM --
Board: GT-P7500
Brand: samsung
Device: GT-P7500
Display: GT-P7500
Model:HMJ37.XXKG7
IMEI: 357750040484403
IMSI: 222018702502813
cpuUsage: 45.846767
cpuTotal: 74948
cpuIdle: 88527
-- PROPERTIES --
java.vm.version : 1.5.1
java.vendor.url : http://www.android.com/
java.vm.vendor.url : http://www.android.com/
user.dir : /
java.vm.name : Dalvik
java.home : /system
user.region : IT
javax.net.ssl.trustStore : /system/etc/security/cacerts.bks
java.runtime.name : Android Runtime
user.home :
java.io.tmpdir : /sdcard
http.agent : Dalvik/1.5.1 (Linux; U; Android 3.1; GT-P7500 Build/HMJ37)
java.net.preferIPv6Addresses : true
java.version : 0
java.boot.class.path : /system/framework/core.jar:/system/framework/apache-xml.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/android.policy.jar:/system/framework/services.jar:/system/framework/core-junit.jar
java.library.path : /vendor/lib:/system/lib
file.separator : /
java.specification.vendor : The Android Project
file.encoding : UTF-8
line.separator :
java.vm.specification.version : 0.9
java.vm.specification.vendor : The Android Project
os.name : Linux
java.vm.vendor : The Android Project
path.separator : :
android.vm.dexfile : true
java.ext.dirs :
java.class.path : .
os.version : 2.6.36.3
java.specification.name : Dalvik Core Library
java.compiler :
user.language : it
user.name :
os.arch : armv7l
java.runtime.version : 0.9
java.class.version : 46.0
java.vendor : The Android Project
java.vm.specification.name : Dalvik Virtual Machine Specification
java.specification.version : 0.9
Localizzazione rete com.google.android.location 1.0.0 100
eBook com.samsung.ebook.reader v3.14 20110706-1 1
PhoneUtil com.sec.android.app.phoneutil 1.0.0 1
Kies con Wi-Fi com.sec.android.app.kieswifi 1.2.0 1
Package Access Helper com.android.defcontainer 3.1-XXKG7 12
Tool di avvio com.android.launcher 3.1-XXKG7 12
SecPhone com.sec.phone 1.0 1
Galleria com.android.sec.gallery3d 1.1.30682 30682
Rubrica com.android.contacts 3.1-XXKG7 12
Fai squillare il mio telefono com.sec.android.app.ringmyphone 1.0 1
MmsProvision com.sec.android.app.MmsProvision 3.1-XXKG7 12
Dati cellulare com.android.phone 3.1-XXKG7 12
FotaClient com.sec.android.fotaclient 1.0 1
Helv Neue S com.monotype.android.font.helvneuelt 1.0 1
Proviamo la panoramica com.sec.android.motions.settings.panningtutorial 1.0 1
Calcolatrice com.android.calculator2 3.1-XXKG7 12
DataCompress com.android.networking 1.0 1
Visualizzatore HTML com.android.htmlviewer 3.1-XXKG7 12
Google Account com.google.android.gsf.login 3.1-136449 12
Condivisione Bluetooth com.android.bluetooth 3.1-XXKG7 12
Memorizz. in calendario com.android.providers.calendar 3.1-XXKG7 12
MTP Application com.android.MtpApplication 1.0 1
AngryGPS com.android.angryGps 1.0 1
Agenda com.android.calendar 3.1-XXKG7 12
Licenze com.samsung.android.app.divx 1.10 0
Browser com.android.browser 3.1-XXKG7 12
BadgeProvider com.sec.android.provider.badge 1.0 1
Ap Mobile com.sec.android.widgetapp.newswidget 11.07.05.01 1
Social Hub com.sec.android.socialhub 4.00.110617 4
Download com.android.providers.downloads.ui 3.1-XXKG7 12
Samsung TTS com.samsung.SMT 1.0 1
ShutdownApp com.sec.android.app.shutdown 1.0 1
SNSAccountTw com.sec.android.app.snsaccounttw 1.0 1
Messaggi com.android.mms 3.1-XXKG7 12
Archivio multimediale com.android.providers.media 3.1-XXKG7 12
com.sec.android.app.lcdtest com.sec.android.app.lcdtest 1.0 1
com.samsung.InputEventApp com.samsung.InputEventApp 1.0.0 1
TalkBack com.google.android.marvin.talkback 2.7.5 21
Installatore certificato com.android.certinstaller 3.1-XXKG7 12
SnsImageCache com.sec.android.app.snsimagecache 1.0 1
SNSAccountLi com.sec.android.app.snsaccountli 1.0 1
Polaris Office com.infraware.PolarisOfficeForTablet 3.0 - build 5r5869FV03 -756397043
RoseEUKor com.monotype.android.font.rosemary 1.0 1
Blue sea com.hu1.wallpaper.bluesea 1.0 1
Promemoria com.sec.android.app.memo 1.0 1
Fusi orari com.sec.android.app.worldclock 1.0 1
SNSAccountFb com.sec.android.app.snsaccountfb 1.0 1
Editor immagini com.sec.android.mimage.photoeditor 1.0 1
Impostazioni com.android.settings 3.1-XXKG7 12
com.sec.android.app.samsungapps.una com.sec.android.app.samsungapps.una 2.0.8 14
Street View com.google.android.street 1.7.0.4 17004
com.sec.android.app.screencapture com.sec.android.app.screencapture 1.0 1
Ricerca Google com.google.android.googlequicksearchbox 1.3.0.136449 130136449
Memorizzazione contenuto protetto di DRM com.android.providers.drm 3.1-XXKG7 12
Memoria protezione com.android.providers.security 3.1-XXKG7 12
Adobe Flash Player 11.1 com.adobe.flashplayer 11.1.111.10 111111010
Servizi Exchange com.android.exchange 3.1 310000
Seleziona sfondi animati com.android.wallpaper.livepicker 3.1-XXKG7 12
Mini pen memo com.diotek.mini_penmemo 0.9.118 119
Market com.google.android.finsky 1.1.0 110
Tastiera Android com.google.android.inputmethod.latin 3.1-136449 12
Installer pacchetto com.android.packageinstaller 3.1-XXKG7 12
Errore com.sec.app.RilErrorNotifier 1.0.0 1
Remote Controls com.sec.pcw.device 1.0 1
Configurazione rete mobile com.android.providers.telephony 3.1-XXKG7 12
Pico TTS com.svox.pico 1.0 1
Aggiornamento software com.wssyncmldm 2.0.0 2
WlanTest com.sec.android.app.wlantest 1.0.0 1
E-mail com.android.email 3.1 310000
screenshot com.geeksoft.screenshot 2.3 27
Maps com.google.android.apps.maps 5.2.0 5217
Pulse com.alphonso.pulse 2.0.4 40
AccuWeather.com com.sec.android.widgetapp.weatherclock 11.06.28.01 1
Controllo programmi com.sec.android.widgetapp.programmonitorwidget 1.12 2
Memorizzazione impostazioni com.android.providers.settings 3.1-XXKG7 12
Stampa mobile com.sec.android.app.mobileprint 1.5 5
Gestione download com.android.providers.downloads 3.1-XXKG7 12
SyncML-DS com.smlds 1.0 1
wssyncmlnps com.wssnps 1.0.0 1
Registratore di suoni com.android.soundrecorder 3.1-XXKG7 12
Mobile Tracker com.android.settings.mt 1.0 1
MobileID DualShield 5.3 com.deepnet.andmob5 5.3 3
Factory Test com.sec.android.app.factorytest 1.0 1
Aurora com.hu1.wallpaper.aurora2WXGATAB 1.1 1
Market Updater com.android.vending.updater 1.0 1000
SNS com.sec.android.app.sns 1.5 2
Google Partner Setup com.google.android.partnersetup 3.1-136449 12
PopupuiReceiver com.sec.android.app.popupuireceiver 1.4 1
Ricerca vocale com.google.android.voicesearch 2.2.1 20201001
Doppio orologio com.sec.android.widgetapp.dualclock 1.0 1
Mini musica com.sec.minimode.music 1.0 1
Fotocamera com.sec.android.app.camera 1.0 1
com.android.wallpaper.holospiral com.android.wallpaper.holospiral 3.1-XXKG7 12
Market Feedback Agent com.google.android.feedback 3.1-136449 12
LogsProvider com.sec.android.provider.logsprovider 1.0 12
Google Talk com.google.android.talk 3.1 310
Archivio com.sec.android.app.myfiles 1.0.0 1
Esonero responsabilità servizi social network com.sec.android.app.snsdisclaimer 1.0 1
Dizionario utente com.android.providers.userdictionary 3.1-XXKG7 12
Calcolatrice com.sec.android.app.popupcalculator 1.0 1
Configurazione guidata com.android.setupwizard 1.3 130
wipeoutreceiver com.wipereceiver 1.0 1
TTS Service android.tts 3.1-XXKG7 12
Orologio digitale com.sec.android.widgetapp.digitalclock 1.0 1
com.sec.android.app.smtsetup com.sec.android.app.smtsetup 3.1-XXKG7 12
Account Samsung com.osp.app.signin 1.0 1
Lettore suoni com.sec.android.app.soundplayer 1.0 1
Music Hub com.samsung.music 11.07.07.01 1
Samsung Apps com.sec.android.app.samsungapps 3.0.021 30021
Google Calendar - Sincronizzazione com.google.android.syncadapters.calendar 3.1-136449 12
Sistema Android android 3.1-XXKG7 12
Memoria contatti com.android.providers.contacts 3.1-XXKG7 12
Pen memo com.diotek.penmemo 0.9.117 119
Service mode com.sec.android.app.servicemodeapp 3.1-XXKG7 12
I miei caricamenti com.google.android.apps.uploader 1.5.13 1513
Search Applications Provider com.android.providers.applications 3.1-XXKG7 12
BluetoothTest com.android.bluetoothtest 1.0 1
Google Play Store com.android.vending 3.5.19 8011019
Perso com.sec.android.app.personalization 3.1-XXKG7 12
CSC com.samsung.sec.android.application.csc 1.0 1
com.sec.android.providers.downloads com.sec.android.providers.downloads 3.1-XXKG7 12
Interf. sis com.android.systemui 3.1-XXKG7 12
Video com.sec.android.app.videoplayer 1.0 1
QR Droid la.droid.qr 5.1 510
Gmail com.google.android.gm 3.1-136449 211
Preconfig com.android.Preconfig 3.1-XXKG7 12
Swype com.swype.android.inputmethod 3.9.86.27849 27849
MiniTaskcloserService com.sec.minimode.taskcloser 1.0 1
com.samsung.app.playreadyui com.samsung.app.playreadyui 3.1-XXKG7 12
Sincronizzazione Google Segnalibri com.google.android.syncadapters.bookmarks 3.1-136449 12
Superuser com.noshufou.android.su 2.3.6.1 - Added clear log to menu in log tab, More languages, Bugfixes 25
YouTube com.google.android.youtube 3.1.1 3101
Factory Mode com.sec.android.app.factory 1.0 1
OMACP com.wsomacp 3.0 3
Sveglia com.android.deskclock 3.1-XXKG7 12
Destinatari messaggi com.samsung.AlertRecipients 3.1-XXKG7 12
MAIN LABEL com.sec.android.app.MainLabel 1.0 1
Lettore musicale com.sec.android.app.music 1.0 1
Yahoo! Finance com.sec.android.widgetapp.stockclock 11.07.01.01 1
Google Services Framework com.google.android.gsf 3.1-136449 12
com.sec.android.app.minimode.res com.sec.android.app.minimode.res 3.1-XXKG7 12
Tastiera Samsung com.samsung.sec.android.inputmethod.axt9 1.0 1
Impostazioni USB com.sec.android.Kies 1.0 1
ChocoEUKor com.monotype.android.font.chococooky 1.0 1
MobileID Android com.deepnet.andmob 1.0 1
Stato contatti com.sec.android.widgetapp.buddiesnow 1.0 1
CrashNotifier com.samsung.crashnotifier 1.0.0 1
Contatti Google - Sincronizzazione com.google.android.syncadapters.contacts 3.1-136449 12
DataCreate com.android.samsungtest.DataCreate 1.0 1
Google Backup Transport com.google.android.backup 3.1-136449 12
'})}), new Evidence({_id: 'e52', aid: 'a6', blo: false, da: convertToUnix(new Date(now.fullYear, now.month, now.date, 03, 10, 39)), dr: convertToUnix(new Date(now.fullYear, now.month, now.date, 03, 10, 39)), _mid: 0, note: '', rel: 0, type: 'addressbook', data: new EvidenceData({name: 'Jane Doe', contact: '366 653 9757', info: 'Mobile phone number: 366 653 9757
Phone: 366 653 9757
Phone Type: 2', type: 'peer', program: ''})}), new Evidence({_id: 'e53', aid: 'a6', blo: false, da: convertToUnix(new Date(now.fullYear, now.month, now.date, 03, 10, 39)), dr: convertToUnix(new Date(now.fullYear, now.month, now.date, 03, 10, 39)), _mid: 0, note: '', rel: 0, type: 'message', data: new EvidenceData({time: 1355795701, incoming: 0, from: 'local', rcpt: '+393666539755', type: 'sms', content: 'Hello, world.'})}), new Evidence({_id: 'e54', aid: 'a6', blo: false, da: convertToUnix(new Date(now.fullYear, now.month, now.date, 03, 10, 39)), dr: convertToUnix(new Date(now.fullYear, now.month, now.date, 03, 10, 39)), _mid: 0, note: '', rel: 0, type: 'message', data: new EvidenceData({time: 1355795938, incoming: 1, from: '393666539755', rcpt: 'local', type: 'sms', content: 'Hello, Jack.'})}), new Evidence({_id: 'e07', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 03, 10, 39)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 03, 10, 39)), _mid: 0, note: '', rel: 0, type: 'position', data: new EvidenceData({type: 'WIFI', latitude: 34.031249, longitude: -118.151848, accuracy: 49.0, address: new EvidenceDataAddress({text: "5257 E Beverly Blvd - East Los Angeles, CA 90022"}), wifi: [{mac: "98:FC:11:7A:82:AF", sig: -69, bssid: "PC-DOMENICO2_Network"}, {mac: "00:25:53:90:A8:76", sig: -76, "bssid": "TISCALI"}, {mac: "E8:40:40:80:61:B8", sig: -58, bssid: "ht-guest-wifi"}, {mac: "58:6D:8F:A0:50:71", sig: -37, bssid: "CiscoE4200"}, {mac: "00:24:89:20:3F:C5", sig: -76, bssid: "Vodafone-11116924"}, {mac: "30:85:A9:AA:CD:50", sig: -84, bssid: "ht-guest-wifi"}, {mac: "00:23:F8:30:A3:BC", sig: -71, bssid: "RSSM"}, {mac: "D4:D1:84:EA:90:07", sig: -85, bssid: "Telecom-82481153"}]})}), new Evidence({_id: 'e56', aid: 'a6', blo: false, da: convertToUnix(new Date(now.fullYear, now.month, now.date, 03, 10, 39)), dr: convertToUnix(new Date(now.fullYear, now.month, now.date, 03, 10, 39)), _mid: 0, note: '', rel: 0, type: 'device', data: new EvidenceData({content: '-- SYSTEM --
Board: GT-P7500
Brand: samsung
Device: GT-P7500
Display: GT-P7500
Model:HMJ37.XXKG7
IMEI: 357750040484403
IMSI: 222018702502813
cpuUsage: 45.973854
cpuTotal: 75821
cpuIdle: 89101
-- PROPERTIES --
java.vm.version : 1.5.1
java.vendor.url : http://www.android.com/
java.vm.vendor.url : http://www.android.com/
user.dir : /
java.vm.name : Dalvik
java.home : /system
user.region : IT
javax.net.ssl.trustStore : /system/etc/security/cacerts.bks
java.runtime.name : Android Runtime
user.home :
java.io.tmpdir : /sdcard
http.agent : Dalvik/1.5.1 (Linux; U; Android 3.1; GT-P7500 Build/HMJ37)
java.net.preferIPv6Addresses : true
java.version : 0
java.boot.class.path : /system/framework/core.jar:/system/framework/apache-xml.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/android.policy.jar:/system/framework/services.jar:/system/framework/core-junit.jar
java.library.path : /vendor/lib:/system/lib
file.separator : /
java.specification.vendor : The Android Project
file.encoding : UTF-8
line.separator :
java.vm.specification.version : 0.9
java.vm.specification.vendor : The Android Project
os.name : Linux
java.vm.vendor : The Android Project
path.separator : :
android.vm.dexfile : true
java.ext.dirs :
java.class.path : .
os.version : 2.6.36.3
java.specification.name : Dalvik Core Library
java.compiler :
user.language : it
user.name :
os.arch : armv7l
java.runtime.version : 0.9
java.class.version : 46.0
java.vendor : The Android Project
java.vm.specification.name : Dalvik Virtual Machine Specification
java.specification.version : 0.9
Localizzazione rete com.google.android.location 1.0.0 100
eBook com.samsung.ebook.reader v3.14 20110706-1 1
PhoneUtil com.sec.android.app.phoneutil 1.0.0 1
Kies con Wi-Fi com.sec.android.app.kieswifi 1.2.0 1
Package Access Helper com.android.defcontainer 3.1-XXKG7 12
Tool di avvio com.android.launcher 3.1-XXKG7 12
SecPhone com.sec.phone 1.0 1
Galleria com.android.sec.gallery3d 1.1.30682 30682
Rubrica com.android.contacts 3.1-XXKG7 12
Fai squillare il mio telefono com.sec.android.app.ringmyphone 1.0 1
MmsProvision com.sec.android.app.MmsProvision 3.1-XXKG7 12
Dati cellulare com.android.phone 3.1-XXKG7 12
FotaClient com.sec.android.fotaclient 1.0 1
Helv Neue S com.monotype.android.font.helvneuelt 1.0 1
Proviamo la panoramica com.sec.android.motions.settings.panningtutorial 1.0 1
Calcolatrice com.android.calculator2 3.1-XXKG7 12
DataCompress com.android.networking 1.0 1
Visualizzatore HTML com.android.htmlviewer 3.1-XXKG7 12
Google Account com.google.android.gsf.login 3.1-136449 12
Condivisione Bluetooth com.android.bluetooth 3.1-XXKG7 12
Memorizz. in calendario com.android.providers.calendar 3.1-XXKG7 12
MTP Application com.android.MtpApplication 1.0 1
AngryGPS com.android.angryGps 1.0 1
Agenda com.android.calendar 3.1-XXKG7 12
Licenze com.samsung.android.app.divx 1.10 0
Browser com.android.browser 3.1-XXKG7 12
BadgeProvider com.sec.android.provider.badge 1.0 1
Ap Mobile com.sec.android.widgetapp.newswidget 11.07.05.01 1
Social Hub com.sec.android.socialhub 4.00.110617 4
Download com.android.providers.downloads.ui 3.1-XXKG7 12
Samsung TTS com.samsung.SMT 1.0 1
ShutdownApp com.sec.android.app.shutdown 1.0 1
SNSAccountTw com.sec.android.app.snsaccounttw 1.0 1
Messaggi com.android.mms 3.1-XXKG7 12
Archivio multimediale com.android.providers.media 3.1-XXKG7 12
com.sec.android.app.lcdtest com.sec.android.app.lcdtest 1.0 1
com.samsung.InputEventApp com.samsung.InputEventApp 1.0.0 1
TalkBack com.google.android.marvin.talkback 2.7.5 21
Installatore certificato com.android.certinstaller 3.1-XXKG7 12
SnsImageCache com.sec.android.app.snsimagecache 1.0 1
SNSAccountLi com.sec.android.app.snsaccountli 1.0 1
Polaris Office com.infraware.PolarisOfficeForTablet 3.0 - build 5r5869FV03 -756397043
RoseEUKor com.monotype.android.font.rosemary 1.0 1
Blue sea com.hu1.wallpaper.bluesea 1.0 1
Promemoria com.sec.android.app.memo 1.0 1
Fusi orari com.sec.android.app.worldclock 1.0 1
SNSAccountFb com.sec.android.app.snsaccountfb 1.0 1
Editor immagini com.sec.android.mimage.photoeditor 1.0 1
Impostazioni com.android.settings 3.1-XXKG7 12
com.sec.android.app.samsungapps.una com.sec.android.app.samsungapps.una 2.0.8 14
Street View com.google.android.street 1.7.0.4 17004
com.sec.android.app.screencapture com.sec.android.app.screencapture 1.0 1
Ricerca Google com.google.android.googlequicksearchbox 1.3.0.136449 130136449
Memorizzazione contenuto protetto di DRM com.android.providers.drm 3.1-XXKG7 12
Memoria protezione com.android.providers.security 3.1-XXKG7 12
Adobe Flash Player 11.1 com.adobe.flashplayer 11.1.111.10 111111010
Servizi Exchange com.android.exchange 3.1 310000
Seleziona sfondi animati com.android.wallpaper.livepicker 3.1-XXKG7 12
Mini pen memo com.diotek.mini_penmemo 0.9.118 119
Market com.google.android.finsky 1.1.0 110
Tastiera Android com.google.android.inputmethod.latin 3.1-136449 12
Installer pacchetto com.android.packageinstaller 3.1-XXKG7 12
Errore com.sec.app.RilErrorNotifier 1.0.0 1
Remote Controls com.sec.pcw.device 1.0 1
Configurazione rete mobile com.android.providers.telephony 3.1-XXKG7 12
Pico TTS com.svox.pico 1.0 1
Aggiornamento software com.wssyncmldm 2.0.0 2
WlanTest com.sec.android.app.wlantest 1.0.0 1
E-mail com.android.email 3.1 310000
screenshot com.geeksoft.screenshot 2.3 27
Maps com.google.android.apps.maps 5.2.0 5217
Pulse com.alphonso.pulse 2.0.4 40
AccuWeather.com com.sec.android.widgetapp.weatherclock 11.06.28.01 1
Controllo programmi com.sec.android.widgetapp.programmonitorwidget 1.12 2
Memorizzazione impostazioni com.android.providers.settings 3.1-XXKG7 12
Stampa mobile com.sec.android.app.mobileprint 1.5 5
Gestione download com.android.providers.downloads 3.1-XXKG7 12
SyncML-DS com.smlds 1.0 1
wssyncmlnps com.wssnps 1.0.0 1
Registratore di suoni com.android.soundrecorder 3.1-XXKG7 12
Mobile Tracker com.android.settings.mt 1.0 1
MobileID DualShield 5.3 com.deepnet.andmob5 5.3 3
Factory Test com.sec.android.app.factorytest 1.0 1
Aurora com.hu1.wallpaper.aurora2WXGATAB 1.1 1
Market Updater com.android.vending.updater 1.0 1000
SNS com.sec.android.app.sns 1.5 2
Google Partner Setup com.google.android.partnersetup 3.1-136449 12
PopupuiReceiver com.sec.android.app.popupuireceiver 1.4 1
Ricerca vocale com.google.android.voicesearch 2.2.1 20201001
Doppio orologio com.sec.android.widgetapp.dualclock 1.0 1
Mini musica com.sec.minimode.music 1.0 1
Fotocamera com.sec.android.app.camera 1.0 1
com.android.wallpaper.holospiral com.android.wallpaper.holospiral 3.1-XXKG7 12
Market Feedback Agent com.google.android.feedback 3.1-136449 12
LogsProvider com.sec.android.provider.logsprovider 1.0 12
Google Talk com.google.android.talk 3.1 310
Archivio com.sec.android.app.myfiles 1.0.0 1
Esonero responsabilità servizi social network com.sec.android.app.snsdisclaimer 1.0 1
Dizionario utente com.android.providers.userdictionary 3.1-XXKG7 12
Calcolatrice com.sec.android.app.popupcalculator 1.0 1
Configurazione guidata com.android.setupwizard 1.3 130
wipeoutreceiver com.wipereceiver 1.0 1
TTS Service android.tts 3.1-XXKG7 12
Orologio digitale com.sec.android.widgetapp.digitalclock 1.0 1
com.sec.android.app.smtsetup com.sec.android.app.smtsetup 3.1-XXKG7 12
Account Samsung com.osp.app.signin 1.0 1
Lettore suoni com.sec.android.app.soundplayer 1.0 1
Music Hub com.samsung.music 11.07.07.01 1
Samsung Apps com.sec.android.app.samsungapps 3.0.021 30021
Google Calendar - Sincronizzazione com.google.android.syncadapters.calendar 3.1-136449 12
Sistema Android android 3.1-XXKG7 12
Memoria contatti com.android.providers.contacts 3.1-XXKG7 12
Pen memo com.diotek.penmemo 0.9.117 119
Service mode com.sec.android.app.servicemodeapp 3.1-XXKG7 12
I miei caricamenti com.google.android.apps.uploader 1.5.13 1513
Search Applications Provider com.android.providers.applications 3.1-XXKG7 12
BluetoothTest com.android.bluetoothtest 1.0 1
Google Play Store com.android.vending 3.5.19 8011019
Perso com.sec.android.app.personalization 3.1-XXKG7 12
CSC com.samsung.sec.android.application.csc 1.0 1
com.sec.android.providers.downloads com.sec.android.providers.downloads 3.1-XXKG7 12
Interf. sis com.android.systemui 3.1-XXKG7 12
Video com.sec.android.app.videoplayer 1.0 1
QR Droid la.droid.qr 5.1 510
Gmail com.google.android.gm 3.1-136449 211
Preconfig com.android.Preconfig 3.1-XXKG7 12
Swype com.swype.android.inputmethod 3.9.86.27849 27849
MiniTaskcloserService com.sec.minimode.taskcloser 1.0 1
com.samsung.app.playreadyui com.samsung.app.playreadyui 3.1-XXKG7 12
Sincronizzazione Google Segnalibri com.google.android.syncadapters.bookmarks 3.1-136449 12
Superuser com.noshufou.android.su 2.3.6.1 - Added clear log to menu in log tab, More languages, Bugfixes 25
YouTube com.google.android.youtube 3.1.1 3101
Factory Mode com.sec.android.app.factory 1.0 1
OMACP com.wsomacp 3.0 3
Sveglia com.android.deskclock 3.1-XXKG7 12
Destinatari messaggi com.samsung.AlertRecipients 3.1-XXKG7 12
MAIN LABEL com.sec.android.app.MainLabel 1.0 1
Lettore musicale com.sec.android.app.music 1.0 1
Yahoo! Finance com.sec.android.widgetapp.stockclock 11.07.01.01 1
Google Services Framework com.google.android.gsf 3.1-136449 12
com.sec.android.app.minimode.res com.sec.android.app.minimode.res 3.1-XXKG7 12
Tastiera Samsung com.samsung.sec.android.inputmethod.axt9 1.0 1
Impostazioni USB com.sec.android.Kies 1.0 1
ChocoEUKor com.monotype.android.font.chococooky 1.0 1
MobileID Android com.deepnet.andmob 1.0 1
Stato contatti com.sec.android.widgetapp.buddiesnow 1.0 1
CrashNotifier com.samsung.crashnotifier 1.0.0 1
Contatti Google - Sincronizzazione com.google.android.syncadapters.contacts 3.1-136449 12
DataCreate com.android.samsungtest.DataCreate 1.0 1
Google Backup Transport com.google.android.backup 3.1-136449 12
'})}), new Evidence({_id: 'e07', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 03, 10, 39)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 03, 10, 39)), _mid: 0, note: '', rel: 0, type: 'position', data: new EvidenceData({type: 'WIFI', latitude: 34.034733, longitude: -118.152413, accuracy: 49.0, address: new EvidenceDataAddress({text: "5220 Telford St - East Los Angeles, CA 90022"}), cell: {mcc: '222', mnc: 1, lac: '61208', cid: '79168016', db: '0', adv: '0', age: '0'}})}), new Evidence({_id: 'e58', aid: 'a6', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 03, 10, 39)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 03, 10, 39)), _mid: 0, note: '', rel: 0, type: 'application', data: new EvidenceData({program: 'com.android.launcher', action: 'START', desc: 'com.android.launcher'})}), new Evidence({_id: 'e58', aid: 'a6', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 03, 10, 39)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 03, 10, 39)), _mid: 0, note: '', rel: 0, type: 'application', data: new EvidenceData({program: 'com.android.networking', action: 'STOP', desc: 'com.android.networking'})}), new Evidence({_id: 'e59', aid: 'a6', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 03, 10, 39)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 03, 10, 39)), _mid: 0, note: '', rel: 0, type: 'screenshot', data: new EvidenceData({program: 'Desktop', window: 'Desktop', _grid: 'SC20121218-030617.jpg'})}),
//url
new Evidence({_id: 'e37', aid: 'a6', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 14, 36)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 14, 46)), _mid: 0, note: '', rel: 0, type: 'url', data: new EvidenceData({url: 'www.howtomakeabomb.com', title: 'How to make a bomb!', program: 'Firefox', keywords: ''})}),
//chat
new Evidence({_id: 'e38', aid: 'a6', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 56, 11)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 16, 41)), _mid: 0, note: '', rel: 0, type: 'chat', data: new EvidenceData({program: 'Facebook', topic: '', incoming: false, rcpt: 'jimmy.page', from: 'joey.fargo', from_display: 'joey.fargo', content: 'Joey Fargo: لدي بعض المعلومات بالنسبة لك حول ناشفيل', tr: 'Joey Fargo: I have some information for you on Nashville '})}),
new Evidence({_id: 'e39', aid: 'a6', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 56, 51)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 16, 41)), _mid: 0, note: '', rel: 0, type: 'chat', data: new EvidenceData({program: 'Facebook', topic: '', incoming: true, rcpt: 'joey.fargo', from: 'jimmy.page', from_display: 'jimmy.page', content: 'Jimmy Page: OK, meet me on Skype', tr: 'Jimmy Page: OK, meet me on Skype'})}),
new Evidence({_id: 'e40', aid: 'a6', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 57, 31)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 16, 41)), _mid: 0, note: '', rel: 0, type: 'chat', data: new EvidenceData({program: 'Facebook', topic: '', incoming: false, rcpt: 'jimmy.page', from: 'joey.fargo', from_display: 'joey.fargo', content: 'Joey Fargo: بلى', tr: 'Joey fargo: Yeah'})}),
// Joey Fargo (SwordFish), a4 desktop,a5 desktop, a6 mobile
//new Evidence({_id: 'e06', aid: 'a4', blo: false, da: 1309354166, dr: 1309354166, _mid: 0, note: '', rel: 0, type: 'clipboard', data: new EvidenceData({program: 'Word', window: 'New Document', content: 'The quick brown fox'})}),
// Alejandro Reade (Swordfish), a3 desktop
new Evidence({_id: 'e04', aid: 'a3', blo: false, da: 1336135607, dr: 1336135607, _mid: 0, note: '', rel: 0, type: 'keylog', data: new EvidenceData({program: 'Calc', window: 'Calculator', content: '12000+15000'})}),
new Evidence({_id: 'e60', aid: 'a3', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 56, 11)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 16, 41)), _mid: 0, note: '', rel: 0, type: 'chat', data: new EvidenceData({program: 'Skype', topic: '', incoming: false, rcpt: 'jimmy.page', from: 'alejandro.reade', from_display: 'alejandro.reade', content: 'Alejandro Reade: Hi Jimmy!', tr: 'Hi Jimmy!'})}),
new Evidence({_id: 'e61', aid: 'a3', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 56, 51)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 16, 41)), _mid: 0, note: '', rel: 0, type: 'chat', data: new EvidenceData({program: 'Skype', topic: '', incoming: true, rcpt: 'alejandro.reade', from: 'jimmy.page', from_display: 'jimmy.page', content: 'Jimmy Page: Hi bro', tr: 'Jimmy Page: Hi bro'})}),
new Evidence({_id: 'e62', aid: 'a3', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 14, 57, 31)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 15, 16, 41)), _mid: 0, note: '', rel: 0, type: 'chat', data: new EvidenceData({program: 'Skype', topic: '', incoming: false, rcpt: 'jimmy.page', from: 'alejandro.reade', from_display: 'alejandro.reade', content: 'Alejandro Reade: How are you?', tr: 'Alejandro Reade: How are you?'})})
// Guido (Blackjack), a7 desktop ,a8 mobile
// new Evidence({_id: 'e09', aid: 'a7', blo: false, da: 1309354166, dr: 1309354166, _mid: 0, note: '', rel: 0, type: 'clipboard', data: new EvidenceData({program: 'Word', window: 'New Document', content: 'The quick brown fox'})}),
// Dmitry Vitaly (All In), a9 mobile
//new Evidence({_id: 'e12', aid: 'a9', blo: false, da: 1309354166, dr: 1309354166, _mid: 0, note: '', rel: 0, type: 'clipboard', data: new EvidenceData({program: 'Word', window: 'New Document', content: 'The quick brown fox'})}),
])
public static var command:ArrayCollection = new ArrayCollection([
// Jimmy Page (SwordFish) a1 desktop, a2 mobile
new Evidence({_id: 'c01', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '', data: new EvidenceData({command: 'cmd.exe /c dir c:\\', content: 'Il volume nell\'unita C non ha etichetta. \nNumero di serie del volume: 207B-b349\nDirectory di c:\\ \n17/06/2008 12.25 0 AUTOEXEC.BAT\n17/06/2008/ 12.25 0 CONFIG.SYS\n26/11/2010 16.56 Documents and Settings'})}),
new Evidence({_id: 'c02', aid: 'a2', blo: true, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '', data: new EvidenceData({command: 'cmd.exe /c dir c:\\', content: 'Il volume nell\'unita C non ha etichetta. \nNumero di serie del volume: 207B-b349\nDirectory di c:\\ \n17/06/2008 12.25 0 AUTOEXEC.BAT\n17/06/2008/ 12.25 0 CONFIG.SYS\n26/11/2010 16.56 Documents and Settings'})}),
new Evidence({_id: 'c03', aid: 'a2', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '', data: new EvidenceData({command: 'cmd.exe /c dir c:\\', content: 'Il volume nell\'unita C non ha etichetta. \nNumero di serie del volume: 207B-b349\nDirectory di c:\\ \n17/06/2008 12.25 0 AUTOEXEC.BAT\n17/06/2008/ 12.25 0 CONFIG.SYS\n26/11/2010 16.56 Documents and Settings'})}),
// Alejandro Reade (Swordfish), a3 desktop
new Evidence({_id: 'c04', aid: 'a3', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '', data: new EvidenceData({command: 'cmd.exe /c dir c:\\', content: 'Il volume nell\'unita C non ha etichetta. \nNumero di serie del volume: 207B-b349\nDirectory di c:\\ \n17/06/2008 12.25 0 AUTOEXEC.BAT\n17/06/2008/ 12.25 0 CONFIG.SYS\n26/11/2010 16.56 Documents and Settings'})}),
new Evidence({_id: 'c05', aid: 'a3', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '', data: new EvidenceData({command: 'cmd.exe /c dir c:\\', content: 'Il volume nell\'unita C non ha etichetta. \nNumero di serie del volume: 207B-b349\nDirectory di c:\\ \n17/06/2008 12.25 0 AUTOEXEC.BAT\n17/06/2008/ 12.25 0 CONFIG.SYS\n26/11/2010 16.56 Documents and Settings'})}),
// Joey Fargo (SwordFish), a4 desktop,a5 desktop, a6 mobile
new Evidence({_id: 'c06', aid: 'a4', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '', data: new EvidenceData({command: 'cmd.exe /c dir c:\\', content: 'Il volume nell\'unita C non ha etichetta. \nNumero di serie del volume: 207B-b349\nDirectory di c:\\ \n17/06/2008 12.25 0 AUTOEXEC.BAT\n17/06/2008/ 12.25 0 CONFIG.SYS\n26/11/2010 16.56 Documents and Settings'})}),
new Evidence({_id: 'c07', aid: 'a5', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '', data: new EvidenceData({command: 'cmd.exe /c dir c:\\', content: 'Il volume nell\'unita C non ha etichetta. \nNumero di serie del volume: 207B-b349\nDirectory di c:\\ \n17/06/2008 12.25 0 AUTOEXEC.BAT\n17/06/2008/ 12.25 0 CONFIG.SYS\n26/11/2010 16.56 Documents and Settings'})}),
new Evidence({_id: 'c08', aid: 'a6', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '', data: new EvidenceData({command: 'cmd.exe /c dir c:\\', content: 'Il volume nell\'unita C non ha etichetta. \nNumero di serie del volume: 207B-b349\nDirectory di c:\\ \n17/06/2008 12.25 0 AUTOEXEC.BAT\n17/06/2008/ 12.25 0 CONFIG.SYS\n26/11/2010 16.56 Documents and Settings'})}),
// Guido (Blackjack), a7 desktop ,a8 mobile
new Evidence({_id: 'c09', aid: 'a7', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '', data: new EvidenceData({command: 'cmd.exe /c dir c:\\', content: 'Il volume nell\'unita C non ha etichetta. \nNumero di serie del volume: 207B-b349\nDirectory di c:\\ \n17/06/2008 12.25 0 AUTOEXEC.BAT\n17/06/2008/ 12.25 0 CONFIG.SYS\n26/11/2010 16.56 Documents and Settings'})}),
new Evidence({_id: 'c10', aid: 'a8', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '', data: new EvidenceData({command: 'cmd.exe /c dir c:\\', content: 'Il volume nell\'unita C non ha etichetta. \nNumero di serie del volume: 207B-b349\nDirectory di c:\\ \n17/06/2008 12.25 0 AUTOEXEC.BAT\n17/06/2008/ 12.25 0 CONFIG.SYS\n26/11/2010 16.56 Documents and Settings'})}),
new Evidence({_id: 'c11', aid: 'a8', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '', data: new EvidenceData({command: 'cmd.exe /c dir c:\\', content: 'Il volume nell\'unita C non ha etichetta. \nNumero di serie del volume: 207B-b349\nDirectory di c:\\ \n17/06/2008 12.25 0 AUTOEXEC.BAT\n17/06/2008/ 12.25 0 CONFIG.SYS\n26/11/2010 16.56 Documents and Settings'})}),
// Dmitry Vitaly (All In), a9 mobile
new Evidence({_id: 'c12', aid: 'a9', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '', data: new EvidenceData({command: 'cmd.exe /c dir c:\\', content: 'Il volume nell\'unita C non ha etichetta. \nNumero di serie del volume: 207B-b349\nDirectory di c:\\ \n17/06/2008 12.25 0 AUTOEXEC.BAT\n17/06/2008/ 12.25 0 CONFIG.SYS\n26/11/2010 16.56 Documents and Settings'})}),
new Evidence({_id: 'c13', aid: 'a9', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '', data: new EvidenceData({command: 'cmd.exe /c dir c:\\', content: 'Il volume nell\'unita C non ha etichetta. \nNumero di serie del volume: 207B-b349\nDirectory di c:\\ \n17/06/2008 12.25 0 AUTOEXEC.BAT\n17/06/2008/ 12.25 0 CONFIG.SYS\n26/11/2010 16.56 Documents and Settings'})}),
new Evidence({_id: 'c14', aid: 'a9', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '', data: new EvidenceData({command: 'cmd.exe /c dir c:\\', content: 'Il volume nell\'unita C non ha etichetta. \nNumero di serie del volume: 207B-b349\nDirectory di c:\\ \n17/06/2008 12.25 0 AUTOEXEC.BAT\n17/06/2008/ 12.25 0 CONFIG.SYS\n26/11/2010 16.56 Documents and Settings'})})])
public static var ip:ArrayCollection = new ArrayCollection([
// Jimmy Page (SwordFish) a1 desktop, a2 mobile
new Evidence({_id: 'c01', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '',
data: new EvidenceData({ip: '172.16.42.2', end:convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 47)), speed:30750, size:1230000, timeout:false, count :5, total:5})}),
new Evidence({_id: 'c01', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 32, 02)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '',
data: new EvidenceData({ip: '172.16.42.2', end:convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 32, 51)), speed:21428, size:1050000, timeout:false, count :3, total:3})}),
new Evidence({_id: 'c01', aid: 'a1', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 33, 18)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '',
data: new EvidenceData({ip: '172.16.42.2', end:convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 34, 00)), speed:24452, size:1027000, timeout:true, count :0, total:1})}),
new Evidence({_id: 'c01', aid: 'a2', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '',
data: new EvidenceData({ip: '172.16.42.2', end:convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 47)), speed:30750, size:1230000, timeout:false, count :5, total:5})}),
new Evidence({_id: 'c01', aid: 'a2', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 32, 02)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '',
data: new EvidenceData({ip: '172.16.42.2', end:convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 32, 51)), speed:21428, size:1050000, timeout:false, count :3, total:3})}),
new Evidence({_id: 'c01', aid: 'a2', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 33, 18)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '',
data: new EvidenceData({ip: '172.16.42.2', end:convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 34, 00)), speed:24452, size:1027000, timeout:false, count :1, total:1})}),
// Alejandro Reade (Swordfish), a3 desktop
new Evidence({_id: 'c04', aid: 'a3', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '',
data: new EvidenceData({ip: '172.20.20.170', end:convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 47)), speed:0, size:0, timeout:false})}),
new Evidence({_id: 'c05', aid: 'a3', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '',
data: new EvidenceData({ip: '172.20.20.170', end:convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 47)), speed:0, size:0, timeout:false})}),
// Joey Fargo (SwordFish), a4 desktop,a5 desktop, a6 mobile
new Evidence({_id: 'c06', aid: 'a4', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '',
data: new EvidenceData({ip: '172.20.20.193', end:convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 47)), speed:0, size:0, timeout:false})}),
new Evidence({_id: 'c07', aid: 'a5', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '',
data: new EvidenceData({ip: '172.20.20.193', end:convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 47)), speed:0, size:0, timeout:false})}),
new Evidence({_id: 'c08', aid: 'a6', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '',
data: new EvidenceData({ip: '172.20.20.193', end:convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 47)), speed:0, size:0, timeout:false})}),
// Guido (Blackjack), a7 desktop ,a8 mobile
new Evidence({_id: 'c09', aid: 'a7', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '',
data: new EvidenceData({ip: '172.20.20.193',end:convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 47)), speed:0, size:0, timeout:false})}),
new Evidence({_id: 'c10', aid: 'a8', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '',
data: new EvidenceData({ip: '172.20.20.193',end:convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 47)), speed:0, size:0, timeout:false})}),
new Evidence({_id: 'c11', aid: 'a8', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '',
data: new EvidenceData({ip: '172.20.20.193',end:convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 47)), speed:0, size:0, timeout:false})}),
// Dmitry Vitaly (All In), a9 mobile
new Evidence({_id: 'c12', aid: 'a9', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '',
data: new EvidenceData({ip: '172.20.20.193', end:convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 47)), speed:0, size:0, timeout:false})}),
new Evidence({_id: 'c13', aid: 'a9', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '',
data: new EvidenceData({ip: '172.20.20.193', end:convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 47)), speed:0, size:0, timeout:false})}),
new Evidence({_id: 'c14', aid: 'a9', blo: false, da: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), dr: convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 07)), _mid: 0, note: '', rel: 0, type: '',
data: new EvidenceData({ip: '172.20.20.193',end:convertToUnix(new Date(tenDaysAgo.fullYear, tenDaysAgo.month, tenDaysAgo.date, 16, 29, 47)), speed:0, size:0, timeout:false})})]
)
public function all(filter:Object, onResult:Function = null, onFault:Function = null):void
{
//trace(ObjectUtil.toString(filter));
//agent, target, type, date
this.filter = filter;
evidence.filterFunction = filterEvidence;
evidence.refresh()
if (onResult != null)
onResult(new ResultEvent('evidence.all', false, true, evidence));
}
private function filterEvidence(item:Object):Boolean
{
var result:Boolean = true;
for (var criteria:* in filter) {
if (criteria == "_id" && !(item._id == filter._id)) {
result = false;
break;
}
if (criteria == "target" && !(DBAgentDemo.getTarget(item.aid) == filter.target)) {
result = false;
break;
}
if (criteria == "agent" && !(item.aid == filter.agent)) {
result = false;
break;
}
if (criteria == "type" && !isInArray(item.type, filter.type)) {
result = false;
break;
}
if (criteria == "blo" && !(item.blo == filter.blo[0])) {
result = false;
break;
}
if (criteria == "rel" && !isInArray(item.rel, filter.rel)) {
result = false;
break
}
;
if (criteria == "aid" && !isInArray(item.aid, filter.aid)) {
result = false;
break;
}
if (criteria == "date" && !isInDateRange(item, filter)) {
result = false;
break;
}
if (criteria == "info") {
if(item.type=="position")
return true;
result = searchForKeyword(item.data, filter.info);
break;
}
}
return result;
}
private function searchForKeyword(data:Object, keyword:String = ""):Boolean
{
var keywords:Array = keyword.split(" ")
var matches:Number = 0
//loop item.data
var result:Boolean = false;
//address - complex
//cell -complex
//wifi - complex
var props:Array = ["_grid", "_grid_size", "access", "accuracy", "action", "attach", "attr", "begin", "body", "command", "contact", "content", "tr", "desc", "duration", "end", "event", "from", "info", "ip", "keywords", "latitude", "longitude", "name", "pass", "path", "peer", "process", "program", "rcpt", "resolution", "service", "size", "spool", "status", "subject", "title", "topic", "type", "url", "user", "users", "window", "x", "y"]
for (var i:int = 0; i < props.length; i++) {
if (data.hasOwnProperty([props[i]])) {
var s:String = data[props[i]] as String || "";
for (var k:int = 0; k < keywords.length; k++) {
if (s.toLowerCase().indexOf(keywords[k].toLowerCase()) != -1)
matches++
}
}
}
if (matches == keywords.length)
result = true;
//return text.indexOf(keyword)!=-1;
return result;
}
private function filterCommands(item:Object):Boolean
{
var result:Boolean = true;
for (var criteria:* in filter) {
if (criteria == "_id" && !(item._id == filter._id)) {
result = false;
break;
}
if (criteria == "target" && !(DBAgentDemo.getTarget(item.aid) == filter.target)) {
result = false;
break;
}
if (criteria == "agent" && !(item.aid == filter.agent)) {
result = false;
break;
}
if (criteria == "type" && !isInArray(item.type, filter.type)) {
result = false;
break;
}
if (criteria == "blo" && !(item.blo == filter.blo[0])) {
result = false;
break;
}
if (criteria == "rel" && !isInArray(item.rel, filter.rel)) {
result = false;
break
}
;
if (criteria == "aid" && !isInArray(item.aid, filter.aid)) {
result = false;
break;
}
if (criteria == "date" && !isInDateRange(item, filter)) {
result = false;
break;
}
}
return result;
}
private function filterIps(item:Object):Boolean
{
var result:Boolean = true;
for (var criteria:* in filter) {
if (criteria == "_id" && !(item._id == filter._id)) {
result = false;
break;
}
if (criteria == "target" && !(DBAgentDemo.getTarget(item.aid) == filter.target)) {
result = false;
break;
}
if (criteria == "agent" && !(item.aid == filter.agent)) {
result = false;
break;
}
if (criteria == "type" && !isInArray(item.type, filter.type)) {
result = false;
break;
}
if (criteria == "blo" && !(item.blo == filter.blo[0])) {
result = false;
break;
}
if (criteria == "rel" && !isInArray(item.rel, filter.rel)) {
result = false;
break
}
;
if (criteria == "aid" && !isInArray(item.aid, filter.aid)) {
result = false;
break;
}
if (criteria == "date" && !isInDateRange(item, filter)) {
result = false;
break;
}
}
return result;
}
private function isInArray(value:*, arr:Array):Boolean
{
var result:Boolean;
for (var i:int = 0; i < arr.length; i++) {
if (value == arr[i]) {
result = true;
break;
}
}
return result;
}
private function isInDateRange(item:Object, filter:Object):Boolean
{
var result:Boolean = false;
if (filter.date) {
// TODO - How to get the correct actual time?
var now:uint = uint(new Date().time / 1000);
var from:uint;
var to:Number;
if (filter.from == 0 && filter.to == 0) {
result = true;
return result
}
;
//last 24 hours - default value
if (!filter.from && !filter.to) {
from = now - SECONDS_PER_DAY;
if (item[filter.date] >= from) {
result = true;
return result
}
;
}
//from only
if (filter.from && !filter.to) {
if (filter.from == "24h" )//&& item[filter.date] >= now - SECONDS_PER_DAY)
{
result = true;
return result
}
if (item[filter.date] >= filter.from) {
result = true;
return result
}
;
}
//to only
if (!filter.from && filter.to) {
if (item[filter.date] <= filter.to) {
result = true;
return result
}
;
}
//from and to
if (filter.from && filter.to) {
if (item[filter.date] <= filter.to && item[filter.date] >= filter.from) {
result = true;
return result
}
;
}
}
return result;
}
public function update(evidence:Evidence, property:Object, target:String, onResult:Function = null, onFault:Function = null):void
{
}
public function destroy(evidence:Evidence, target:String, onResult:Function = null, onFault:Function = null):void
{
}
public function destroy_all(params:Object, onResult:Function = null, onFault:Function = null):void
{
}
public function agent_status(params:Object, onResult:Function = null, onFault:Function = null):void
{
}
public function sync_start(params:Object, onResult:Function = null, onFault:Function = null):void
{
}
public function sync_stop(params:Object, onResult:Function = null, onFault:Function = null):void
{
}
public function info(filter:Object, onResult:Function = null, onFault:Function = null):void
{
}
public function commands(filter:Object, onResult:Function = null, onFault:Function = null):void
{
this.filter = filter;
command.filterFunction = filterCommands;
command.refresh()
if (onResult != null)
onResult(new ResultEvent('evidence.commands', false, true, command));
}
public function sync_history(filter:Object, onResult:Function = null, onFault:Function = null):void
{
this.filter = filter;
ip.filterFunction = filterIps;
ip.refresh()
if (onResult != null)
onResult(new ResultEvent('evidence.sync_history', false, true, ip));
}
public function total(filter:Object, onResult:Function = null, onFault:Function = null):void
{
trace("total called")
trace(ObjectUtil.toString(filter));
var result:ArrayCollection = new ArrayCollection()
var counts:Object = new Object()
var addressbook:TypeCount = new TypeCount();
addressbook.type = "addressbook";
counts["addressbook"] = addressbook;
var application:TypeCount = new TypeCount();
application.type = "application";
counts["application"] = application;
var calendar:TypeCount = new TypeCount();
calendar.type = "calendar";
counts["calendar"] = calendar;
var money:TypeCount = new TypeCount();
money.type = "money";
counts["money"] = money;
var call:TypeCount = new TypeCount();
call.type = "call";
counts["call"] = call;
var camera:TypeCount = new TypeCount();
camera.type = "camera";
counts["camera"] = camera;
var chat:TypeCount = new TypeCount();
chat.type = "chat";
counts["chat"] = chat;
var clipboard:TypeCount = new TypeCount();
clipboard.type = "clipboard";
counts["clipboard"] = clipboard;
var device:TypeCount = new TypeCount();
device.type = "device";
counts["device"] = device;
var file:TypeCount = new TypeCount();
file.type = "file";
counts["file"] = file;
var keylog:TypeCount = new TypeCount();
keylog.type = "keylog";
counts["keylog"] = keylog;
var message:TypeCount = new TypeCount();
message.type = "message";
counts["message"] = message;
var mic:TypeCount = new TypeCount();
mic.type = "mic";
counts["mic"] = mic;
var mouse:TypeCount = new TypeCount();
mouse.type = "mouse";
counts["mouse"] = mouse;
var password:TypeCount = new TypeCount();
password.type = "password";
counts["password"] = password;
var position:TypeCount = new TypeCount();
position.type = "position";
counts["position"] = position;
var print:TypeCount = new TypeCount();
print.type = "print";
counts["print"] = print;
var screenshot:TypeCount = new TypeCount();
screenshot.type = "screenshot";
counts["screenshot"] = screenshot;
var url:TypeCount = new TypeCount();
url.type = "url";
counts["url"] = url;
var photo:TypeCount = new TypeCount();
photo.type = "photo";
counts["photo"] = photo;
var total:TypeCount = new TypeCount();
total.type = "total";
counts["total"] = total;
result.source = [addressbook, application, calendar, call, camera, chat, clipboard, device, file, keylog, message, mic, money, mouse, password, photo, position, print, screenshot, url, total];
var i:uint;
var currentEvidence:Evidence;
var currentTypeCount:TypeCount;
//get current agent stuff
if (filter.agent) {
for (i = 0; i < evidence.source.length; i++) {
currentEvidence = evidence.source[i] as Evidence;
if (currentEvidence.aid == filter.agent) {
counts[currentEvidence.type].count++
total.count++
}
}
}
//get current target stuff
else {
for (i = 0; i < evidence.source.length; i++) {
currentEvidence = evidence.source[i] as Evidence;
if (DBAgentDemo.getTarget(currentEvidence.aid) == filter.target) {
counts[currentEvidence.type].count++
total.count++
}
}
}
if (onResult != null)
onResult(new ResultEvent('evidence.total', false, true, result));
}
/* public function filesystem(targetId:String, agentId:String, filter:String, onResult:Function = null, onFault:Function = null):void
{
}*/
public function filesystem(targetId:String, agentId:String, path:String, onResult:Function = null, onFault:Function = null):void
{
}
public function show(id:String, target:String, onResult:Function = null, onFault:Function = null):void
{
}
public function filter_all(onResult:Function = null, onFault:Function = null):void
{
}
public function filter_destroy(filter:Filter, onResult:Function = null, onFault:Function = null):void
{
}
public function filter_create(filter:Object, onResult:Function = null, onFault:Function = null):void
{
}
public function translate(id:String, target:String, onResult:Function = null, onFault:Function = null):void
{
}
public function update_multi(evidences:Array, property:Object, target:String, onResult:Function=null, onFault:Function=null):void
{
}
}
}
.