* Modules regviewer

** Adds absolute "path" information and timestamp for each key

Author: fbaguelin

viewer/regedit/model/regtree.py

@@ -176,6 +176,7 @@ def selectKey(self, index):
           key = hive.root
       else:
           key = hive.subtree(path[1:]).current_key()
+      self.emit(SIGNAL("keyItemSelected"), item)
       self.emit(SIGNAL("keySelected"), rhive, key)
 
   def RegType(self, node):

viewer/regedit/regedit.py

@@ -16,7 +16,7 @@
 __dff_module_regedit_version__ = "1.0.0"
 
 from PyQt4 import QtCore, QtGui
-from PyQt4.QtCore import Qt
+from PyQt4.QtCore import Qt, SIGNAL
 from PyQt4.QtGui import QWidget, QVBoxLayout, QTreeView, QSplitter
 
 from dff.api.vfs.vfs import vfs
@@ -27,6 +27,8 @@
 from dff.modules.regedit.model.regtree import RegTreeModel
 from dff.modules.regedit.view.regtreeview import RegTreeView
 from dff.modules.regedit.view.valueview import TableValue
+from dff.modules.regedit.view.keyinfoview import KeyInfoView
+
 
 class REGEDIT(QWidget, Script):
   def __init__(self):
@@ -49,11 +51,13 @@ def g_display(self):
     splitter = QSplitter(Qt.Horizontal)
     treemodel = RegTreeModel(self)
     treeview = RegTreeView(self)
+    keyinfo = KeyInfoView(self, treemodel)
     tablevalue = TableValue(treemodel, self)
     treeview.setModel(treemodel)
     splitter.addWidget(treeview)
     splitter.addWidget(tablevalue)
     vlayout.addWidget(splitter)
+    vlayout.addWidget(keyinfo)
     self.setLayout(vlayout)
 #    self.regv = regviewer(self, self.mountpoints)
 

viewer/regedit/view/CMakeLists.txt

@@ -17,5 +17,6 @@ set(regedit_view_srcs
   __init__.py
   regtreeview.py
   valueview.py
+  keyinfoview.py
 )
 install_file(regedit_view ${regedit_view_srcs})

viewer/regedit/view/keyinfoview.py

@@ -0,0 +1,44 @@
+# DFF -- An Open Source Digital Forensics Framework
+# Copyright (C) 2009-2011 ArxSys
+# This program is free software, distributed under the terms of
+# the GNU General Public License Version 2. See the LICENSE file
+# at the top of the source tree.
+#  
+# See http://www.digital-forensic.org for more information about this
+# project. Please do not directly contact any of the maintainers of
+# DFF for assistance; the project provides a web site, mailing lists
+# and IRC channels for your use.
+# 
+# Author(s):
+#  Jeremy Mounier <jmo@digital-forensic.org>
+# 
+
+from PyQt4.QtCore import SIGNAL
+from PyQt4.QtGui import QLabel
+
+import datetime
+
+class KeyInfoView(QLabel):
+  def __init__(self, parent, model):
+    QLabel.__init__(self, parent)
+    self.setMaximumHeight(30)
+    self.__model = model
+    self.connect(self.__model, SIGNAL("keyItemSelected"), self.keyChanged)
+
+  def keyChanged(self, keyitem):
+    rhive = keyitem.getHive()
+    path = keyitem.path
+    hive = rhive.hive
+    if len(path) == 1:
+        key = hive.root
+    else:
+        key = hive.subtree(path[1:]).current_key()
+    abspath = key.name
+    pitem = keyitem.parent()
+    while pitem != None:
+        abspath = pitem.text() + "\\" + abspath
+        pitem = pitem.parent()
+    modified =  str(datetime.datetime.fromtimestamp(key.modified))
+    self.setText(abspath + "\n" + "Last modified: " + modified)
+    del hive
+    del rhive