From a1d91a8b6bdbd9a9573b15d9a6c272c4100f4ae2 Mon Sep 17 00:00:00 2001 From: Kelly Kelly Date: Mon, 12 Aug 2019 12:02:23 -0400 Subject: [PATCH 01/25] Correct the cvt summary media attachments count and added total count --- .../relationships/Bundle.properties | 6 +- .../relationships/Bundle.properties-MERGED | 6 +- .../relationships/SelectionInfo.java | 120 ++++++++++-------- .../relationships/SummaryViewer.form | 38 ++++-- .../relationships/SummaryViewer.java | 45 ++++--- 5 files changed, 135 insertions(+), 80 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/communications/relationships/Bundle.properties b/Core/src/org/sleuthkit/autopsy/communications/relationships/Bundle.properties index 701a7b1261..9eb64c45be 100755 --- a/Core/src/org/sleuthkit/autopsy/communications/relationships/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/communications/relationships/Bundle.properties @@ -1,12 +1,10 @@ ContactDetailsPane.nameLabel.text=Placeholder SummaryViewer.countsPanel.border.title=Counts SummaryViewer.contactsLabel.text=Contacts: -SummaryViewer.attachmentsLabel.text=Media Attachments: OutlineViewPanel.messageLabel.text= SummaryViewer.messagesDataLabel.text=messages SummaryViewer.callLogsDataLabel.text=callLogs SummaryViewer.contactsDataLabel.text=contacts -SummaryViewer.attachmentsDataLabel.text=attachments SummaryViewer.messagesLabel.text=Messages: SummaryViewer.callLogsLabel.text=Call Logs: ThreadRootMessagePanel.showAllCheckBox.text=Show All Messages @@ -19,3 +17,7 @@ MessageViewer.showingMessagesLabel.text=Showing Messages for Thread: MessageViewer.backButton.AccessibleContext.accessibleDescription= MessageViewer.backButton.text=Threads MessageViewer.showAllButton.text=All Messages +SummaryViewer.thumbnailCntLabel.text=Media Attachments: +SummaryViewer.attachmentsLable.text=Attachments: +SummaryViewer.thumbnailsDataLabel.text=attachments +SummaryViewer.attachmentDataLabel.text=jLabel1 diff --git a/Core/src/org/sleuthkit/autopsy/communications/relationships/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/communications/relationships/Bundle.properties-MERGED index f2aa0df8e1..67971ffa88 100755 --- a/Core/src/org/sleuthkit/autopsy/communications/relationships/Bundle.properties-MERGED +++ b/Core/src/org/sleuthkit/autopsy/communications/relationships/Bundle.properties-MERGED @@ -37,12 +37,10 @@ MessageViewer_viewMessage_selected=Selected MessageViewer_viewMessage_unthreaded=Unthreaded SummaryViewer.countsPanel.border.title=Counts SummaryViewer.contactsLabel.text=Contacts: -SummaryViewer.attachmentsLabel.text=Media Attachments: OutlineViewPanel.messageLabel.text= SummaryViewer.messagesDataLabel.text=messages SummaryViewer.callLogsDataLabel.text=callLogs SummaryViewer.contactsDataLabel.text=contacts -SummaryViewer.attachmentsDataLabel.text=attachments SummaryViewer.messagesLabel.text=Messages: SummaryViewer.callLogsLabel.text=Call Logs: SummaryViewer_CaseRefNameColumn_Title=Case Name @@ -61,3 +59,7 @@ MessageViewer.showingMessagesLabel.text=Showing Messages for Thread: MessageViewer.backButton.AccessibleContext.accessibleDescription= MessageViewer.backButton.text=Threads MessageViewer.showAllButton.text=All Messages +SummaryViewer.thumbnailCntLabel.text=Media Attachments: +SummaryViewer.attachmentsLable.text=Attachments: +SummaryViewer.thumbnailsDataLabel.text=attachments +SummaryViewer.attachmentDataLabel.text=jLabel1 diff --git a/Core/src/org/sleuthkit/autopsy/communications/relationships/SelectionInfo.java b/Core/src/org/sleuthkit/autopsy/communications/relationships/SelectionInfo.java index 45ece0a5be..1e83de831e 100755 --- a/Core/src/org/sleuthkit/autopsy/communications/relationships/SelectionInfo.java +++ b/Core/src/org/sleuthkit/autopsy/communications/relationships/SelectionInfo.java @@ -24,6 +24,7 @@ import java.util.logging.Level; import java.util.logging.Logger; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; +import org.sleuthkit.autopsy.coreutils.ImageUtils; import org.sleuthkit.datamodel.Account; import org.sleuthkit.datamodel.AccountDeviceInstance; import org.sleuthkit.datamodel.BlackboardArtifact; @@ -37,30 +38,30 @@ import org.sleuthkit.datamodel.TskCoreException; * VisualizationPane */ public final class SelectionInfo { - + private static final Logger logger = Logger.getLogger(SelectionInfo.class.getName()); private final Set selectedNodes; private final Set selectedEdges; private final CommunicationsFilter communicationFilter; private final Set accounts; - + private Set accountArtifacts = null; private SelectionSummary summary = null; /** * Wraps the details of the currently selected accounts. * - * @param selectedNodes Selected AccountDeviceInstances - * @param selectedEdges Selected pairs of AccountDeviceInstances - * @param communicationFilter Currently selected communications filters + * @param selectedNodes Selected AccountDeviceInstances + * @param selectedEdges Selected pairs of AccountDeviceInstances + * @param communicationFilter Currently selected communications filters */ - public SelectionInfo(Set selectedNodes, Set selectedEdges, + public SelectionInfo(Set selectedNodes, Set selectedEdges, CommunicationsFilter communicationFilter) { this.selectedNodes = selectedNodes; this.selectedEdges = selectedEdges; this.communicationFilter = communicationFilter; - + accounts = new HashSet<>(); selectedNodes.forEach((instance) -> { accounts.add(instance.getAccount()); @@ -75,10 +76,10 @@ public final class SelectionInfo { public Set getSelectedNodes() { return selectedNodes; } - + /** * Returns the currently selected edges - * + * * @return Set of GraphEdge objects */ public Set getSelectedEdges() { @@ -93,16 +94,17 @@ public final class SelectionInfo { public CommunicationsFilter getCommunicationsFilter() { return communicationFilter; } - + public Set getAccounts() { return accounts; } - + /** * Get the set of relationship sources from the case database - * + * * @return the relationship sources (may be empty) - * @throws TskCoreException + * + * @throws TskCoreException */ Set getRelationshipSources() throws TskCoreException { @@ -112,28 +114,28 @@ public final class SelectionInfo { } catch (NoCurrentCaseException ex) { throw new TskCoreException("Failed to get current case", ex); } - + Set relationshipSources = new HashSet<>(); try { // Add all nodes relationshipSources.addAll(communicationManager.getRelationshipSources(getSelectedNodes(), getCommunicationsFilter())); - + // Add all edges. For edges, the relationship has to include both endpoints for (SelectionInfo.GraphEdge edge : getSelectedEdges()) { - relationshipSources.addAll(communicationManager.getRelationshipSources(edge.getStartNode(), + relationshipSources.addAll(communicationManager.getRelationshipSources(edge.getStartNode(), edge.getEndNode(), getCommunicationsFilter())); } } catch (TskCoreException ex) { logger.log(Level.SEVERE, "Failed to get relationships from case database.", ex); //NON-NLS - + } return relationshipSources; } - + public Set getArtifacts() { - if(accountArtifacts == null) { + if (accountArtifacts == null) { accountArtifacts = new HashSet<>(); - + try { final Set relationshipSources = getRelationshipSources(); relationshipSources.stream().filter((content) -> (content instanceof BlackboardArtifact)).forEachOrdered((content) -> { @@ -144,58 +146,67 @@ public final class SelectionInfo { return accountArtifacts; } } - + return accountArtifacts; } - + public SelectionSummary getSummary() { - if(summary == null) { + if (summary == null) { summary = new SelectionSummary(); } - + return summary; } - - final class SelectionSummary{ + + final class SelectionSummary { + int attachmentCnt; int messagesCnt; int emailCnt; int callLogCnt; int contactsCnt; - + int mediaCnt; + SelectionSummary() { getCounts(); } - - private void getCounts(){ - for(BlackboardArtifact artifact: getArtifacts()) { + + private void getCounts() { + for (BlackboardArtifact artifact : getArtifacts()) { BlackboardArtifact.ARTIFACT_TYPE fromID = BlackboardArtifact.ARTIFACT_TYPE.fromID(artifact.getArtifactTypeID()); - if(null != fromID) switch (fromID) { - case TSK_EMAIL_MSG: - emailCnt++; - break; - case TSK_CALLLOG: - callLogCnt++; - break; - case TSK_MESSAGE: - messagesCnt++; - break; - case TSK_CONTACT: - contactsCnt++; - break; - default: - break; + if (null != fromID) { + switch (fromID) { + case TSK_EMAIL_MSG: + emailCnt++; + break; + case TSK_CALLLOG: + callLogCnt++; + break; + case TSK_MESSAGE: + messagesCnt++; + break; + case TSK_CONTACT: + contactsCnt++; + break; + default: + break; + } } - try{ - attachmentCnt+= artifact.getChildrenCount(); + try { + attachmentCnt += artifact.getChildrenCount(); + for (Content childContent : artifact.getChildren()) { + if (ImageUtils.thumbnailSupported(childContent)) { + mediaCnt++; + } + } } catch (TskCoreException ex) { logger.log(Level.WARNING, String.format("Exception thrown " - + "from getChildrenCount artifactID: %d", + + "from getChildrenCount artifactID: %d", artifact.getArtifactID()), ex); //NON-NLS } } } - + public int getAttachmentCnt() { return attachmentCnt; } @@ -215,24 +226,29 @@ public final class SelectionInfo { public int getContactsCnt() { return contactsCnt; } + + public int getThumbnailCnt() { + return mediaCnt; + } } /** * Utility class to represent an edge from the graph visualization. */ public static class GraphEdge { + AccountDeviceInstance startNode; AccountDeviceInstance endNode; - + public GraphEdge(AccountDeviceInstance startNode, AccountDeviceInstance endNode) { this.startNode = startNode; this.endNode = endNode; } - + public AccountDeviceInstance getStartNode() { return startNode; } - + public AccountDeviceInstance getEndNode() { return endNode; } diff --git a/Core/src/org/sleuthkit/autopsy/communications/relationships/SummaryViewer.form b/Core/src/org/sleuthkit/autopsy/communications/relationships/SummaryViewer.form index 85ddc8a2c8..73ef1a68ba 100755 --- a/Core/src/org/sleuthkit/autopsy/communications/relationships/SummaryViewer.form +++ b/Core/src/org/sleuthkit/autopsy/communications/relationships/SummaryViewer.form @@ -41,16 +41,18 @@ - + + - + + - + @@ -74,10 +76,14 @@ - - + + + + + + @@ -104,17 +110,17 @@ - + - + - + - + @@ -139,6 +145,20 @@ + + + + + + + + + + + + + + diff --git a/Core/src/org/sleuthkit/autopsy/communications/relationships/SummaryViewer.java b/Core/src/org/sleuthkit/autopsy/communications/relationships/SummaryViewer.java index 5602152ba2..539c1eb2d3 100755 --- a/Core/src/org/sleuthkit/autopsy/communications/relationships/SummaryViewer.java +++ b/Core/src/org/sleuthkit/autopsy/communications/relationships/SummaryViewer.java @@ -104,10 +104,11 @@ public class SummaryViewer extends javax.swing.JPanel implements RelationshipsVi } else { SelectionSummary summaryDetails = info.getSummary(); - attachmentsDataLabel.setText(Integer.toString(summaryDetails.getAttachmentCnt())); + thumbnailsDataLabel.setText(Integer.toString(summaryDetails.getThumbnailCnt())); callLogsDataLabel.setText(Integer.toString(summaryDetails.getCallLogCnt())); contactsDataLabel.setText(Integer.toString(summaryDetails.getContactsCnt())); messagesDataLabel.setText(Integer.toString(summaryDetails.getMessagesCnt() + summaryDetails.getEmailCnt())); + attachmentDataLabel.setText(Integer.toString(summaryDetails.getAttachmentCnt())); fileReferencesPanel.showOutlineView(); @@ -131,7 +132,7 @@ public class SummaryViewer extends javax.swing.JPanel implements RelationshipsVi @Override public void setEnabled(boolean enabled) { super.setEnabled(enabled); - attachmentsLabel.setEnabled(enabled); + thumbnailCntLabel.setEnabled(enabled); callLogsLabel.setEnabled(enabled); contactsLabel.setEnabled(enabled); messagesLabel.setEnabled(enabled); @@ -144,10 +145,11 @@ public class SummaryViewer extends javax.swing.JPanel implements RelationshipsVi * Clears the text fields and OutlookViews. */ private void clearControls() { - attachmentsDataLabel.setText(""); + thumbnailsDataLabel.setText(""); callLogsDataLabel.setText(""); contactsDataLabel.setText(""); messagesDataLabel.setText(""); + attachmentDataLabel.setText(""); fileReferencesPanel.setNode(new AbstractNode(Children.LEAF)); caseReferencesPanel.setNode(new AbstractNode(Children.LEAF)); @@ -187,11 +189,13 @@ public class SummaryViewer extends javax.swing.JPanel implements RelationshipsVi contactsLabel = new javax.swing.JLabel(); messagesLabel = new javax.swing.JLabel(); callLogsLabel = new javax.swing.JLabel(); - attachmentsLabel = new javax.swing.JLabel(); - attachmentsDataLabel = new javax.swing.JLabel(); + thumbnailCntLabel = new javax.swing.JLabel(); + thumbnailsDataLabel = new javax.swing.JLabel(); messagesDataLabel = new javax.swing.JLabel(); callLogsDataLabel = new javax.swing.JLabel(); contactsDataLabel = new javax.swing.JLabel(); + attachmentsLable = new javax.swing.JLabel(); + attachmentDataLabel = new javax.swing.JLabel(); fileReferencesPanel = new org.sleuthkit.autopsy.communications.relationships.OutlineViewPanel(); caseReferencesPanel = new org.sleuthkit.autopsy.communications.relationships.OutlineViewPanel(); @@ -205,9 +209,9 @@ public class SummaryViewer extends javax.swing.JPanel implements RelationshipsVi org.openide.awt.Mnemonics.setLocalizedText(callLogsLabel, org.openide.util.NbBundle.getMessage(SummaryViewer.class, "SummaryViewer.callLogsLabel.text")); // NOI18N - org.openide.awt.Mnemonics.setLocalizedText(attachmentsLabel, org.openide.util.NbBundle.getMessage(SummaryViewer.class, "SummaryViewer.attachmentsLabel.text")); // NOI18N + org.openide.awt.Mnemonics.setLocalizedText(thumbnailCntLabel, org.openide.util.NbBundle.getMessage(SummaryViewer.class, "SummaryViewer.thumbnailCntLabel.text")); // NOI18N - org.openide.awt.Mnemonics.setLocalizedText(attachmentsDataLabel, org.openide.util.NbBundle.getMessage(SummaryViewer.class, "SummaryViewer.attachmentsDataLabel.text")); // NOI18N + org.openide.awt.Mnemonics.setLocalizedText(thumbnailsDataLabel, org.openide.util.NbBundle.getMessage(SummaryViewer.class, "SummaryViewer.thumbnailsDataLabel.text")); // NOI18N org.openide.awt.Mnemonics.setLocalizedText(messagesDataLabel, org.openide.util.NbBundle.getMessage(SummaryViewer.class, "SummaryViewer.messagesDataLabel.text")); // NOI18N @@ -215,6 +219,10 @@ public class SummaryViewer extends javax.swing.JPanel implements RelationshipsVi org.openide.awt.Mnemonics.setLocalizedText(contactsDataLabel, org.openide.util.NbBundle.getMessage(SummaryViewer.class, "SummaryViewer.contactsDataLabel.text")); // NOI18N + org.openide.awt.Mnemonics.setLocalizedText(attachmentsLable, org.openide.util.NbBundle.getMessage(SummaryViewer.class, "SummaryViewer.attachmentsLable.text")); // NOI18N + + org.openide.awt.Mnemonics.setLocalizedText(attachmentDataLabel, org.openide.util.NbBundle.getMessage(SummaryViewer.class, "SummaryViewer.attachmentDataLabel.text")); // NOI18N + javax.swing.GroupLayout countsPanelLayout = new javax.swing.GroupLayout(countsPanel); countsPanel.setLayout(countsPanelLayout); countsPanelLayout.setHorizontalGroup( @@ -225,14 +233,16 @@ public class SummaryViewer extends javax.swing.JPanel implements RelationshipsVi .addComponent(messagesLabel) .addComponent(callLogsLabel) .addComponent(contactsLabel) - .addComponent(attachmentsLabel)) + .addComponent(thumbnailCntLabel) + .addComponent(attachmentsLable)) .addGap(18, 18, 18) .addGroup(countsPanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addComponent(attachmentsDataLabel) + .addComponent(attachmentDataLabel) + .addComponent(thumbnailsDataLabel) .addComponent(contactsDataLabel) .addComponent(callLogsDataLabel) .addComponent(messagesDataLabel)) - .addContainerGap(959, Short.MAX_VALUE)) + .addContainerGap(845, Short.MAX_VALUE)) ); countsPanelLayout.setVerticalGroup( countsPanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) @@ -251,9 +261,12 @@ public class SummaryViewer extends javax.swing.JPanel implements RelationshipsVi .addComponent(contactsDataLabel)) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(countsPanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) - .addComponent(attachmentsLabel) - .addComponent(attachmentsDataLabel)) - .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)) + .addComponent(thumbnailCntLabel) + .addComponent(thumbnailsDataLabel)) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) + .addGroup(countsPanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) + .addComponent(attachmentsLable) + .addComponent(attachmentDataLabel))) ); gridBagConstraints = new java.awt.GridBagConstraints(); @@ -287,8 +300,8 @@ public class SummaryViewer extends javax.swing.JPanel implements RelationshipsVi // Variables declaration - do not modify//GEN-BEGIN:variables - private javax.swing.JLabel attachmentsDataLabel; - private javax.swing.JLabel attachmentsLabel; + private javax.swing.JLabel attachmentDataLabel; + private javax.swing.JLabel attachmentsLable; private javax.swing.JLabel callLogsDataLabel; private javax.swing.JLabel callLogsLabel; private org.sleuthkit.autopsy.communications.relationships.OutlineViewPanel caseReferencesPanel; @@ -298,6 +311,8 @@ public class SummaryViewer extends javax.swing.JPanel implements RelationshipsVi private org.sleuthkit.autopsy.communications.relationships.OutlineViewPanel fileReferencesPanel; private javax.swing.JLabel messagesDataLabel; private javax.swing.JLabel messagesLabel; + private javax.swing.JLabel thumbnailCntLabel; + private javax.swing.JLabel thumbnailsDataLabel; // End of variables declaration//GEN-END:variables } From fe0e1b4cf188fd08e1df7d0694a87c785d998df1 Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Tue, 13 Aug 2019 10:14:59 -0400 Subject: [PATCH 02/25] allow adding directories as Logical File Set --- .../autopsy/casemodule/AddLocalFilesTask.java | 10 +-- .../dsp/AddLogicalImageTask.java | 17 +---- .../dsp/Bundle.properties-MERGED | 2 + .../dsp/LogicalImagerDSProcessor.java | 66 +++++++++++++++---- .../logicalimager/dsp/LogicalImagerPanel.java | 16 ++++- 5 files changed, 74 insertions(+), 37 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/AddLocalFilesTask.java b/Core/src/org/sleuthkit/autopsy/casemodule/AddLocalFilesTask.java index feae1ddb6b..775fc51d8c 100644 --- a/Core/src/org/sleuthkit/autopsy/casemodule/AddLocalFilesTask.java +++ b/Core/src/org/sleuthkit/autopsy/casemodule/AddLocalFilesTask.java @@ -22,12 +22,12 @@ import java.util.ArrayList; import java.util.List; import java.util.logging.Level; import org.openide.util.NbBundle; +import org.sleuthkit.autopsy.casemodule.services.FileManager; import org.sleuthkit.autopsy.corecomponentinterfaces.DataSourceProcessorCallback; import org.sleuthkit.autopsy.corecomponentinterfaces.DataSourceProcessorProgressMonitor; +import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.Content; -import org.sleuthkit.autopsy.casemodule.services.FileManager; -import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.datamodel.LocalFilesDataSource; import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskDataException; @@ -37,7 +37,7 @@ import org.sleuthkit.datamodel.TskDataException; * case database, grouped under a virtual directory that serves as the data * source. */ -class AddLocalFilesTask implements Runnable { +public class AddLocalFilesTask implements Runnable { private static final Logger LOGGER = Logger.getLogger(AddLocalFilesTask.class.getName()); private final String deviceId; @@ -68,7 +68,7 @@ class AddLocalFilesTask implements Runnable { * during processing. * @param callback Callback to call when processing is done. */ - AddLocalFilesTask(String deviceId, String rootVirtualDirectoryName, List localFilePaths, DataSourceProcessorProgressMonitor progressMonitor, DataSourceProcessorCallback callback) { + public AddLocalFilesTask(String deviceId, String rootVirtualDirectoryName, List localFilePaths, DataSourceProcessorProgressMonitor progressMonitor, DataSourceProcessorCallback callback) { this.deviceId = deviceId; this.rootVirtualDirectoryName = rootVirtualDirectoryName; this.localFilePaths = localFilePaths; @@ -88,7 +88,7 @@ class AddLocalFilesTask implements Runnable { try { progress.setIndeterminate(true); FileManager fileManager = Case.getCurrentCaseThrows().getServices().getFileManager(); - LocalFilesDataSource newDataSource = fileManager.addLocalFilesDataSource(deviceId, rootVirtualDirectoryName, "", localFilePaths, new ProgressUpdater()); + LocalFilesDataSource newDataSource = fileManager.addLocalFilesDataSource(deviceId, "", "", localFilePaths, new ProgressUpdater()); newDataSources.add(newDataSource); } catch (TskDataException | TskCoreException | NoCurrentCaseException ex) { errors.add(ex.getMessage()); diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java index 9070dfc197..cac1ea4345 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java @@ -19,13 +19,11 @@ package org.sleuthkit.autopsy.logicalimager.dsp; import java.io.File; -import java.io.IOException; import java.nio.file.Path; import java.nio.file.Paths; import java.util.ArrayList; import java.util.List; import java.util.logging.Level; -import org.apache.commons.io.FileUtils; import org.openide.util.NbBundle.Messages; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; @@ -80,20 +78,7 @@ final class AddLogicalImageTask extends AddMultipleImageTask { List errorList = new ArrayList<>(); List emptyDataSources = new ArrayList<>(); - try { - progressMonitor.setProgressText(Bundle.AddLogicalImageTask_copyingImageFromTo(src.toString(), dest.toString())); - FileUtils.copyDirectory(src, dest); - progressMonitor.setProgressText(Bundle.AddLogicalImageTask_doneCopying()); - } catch (IOException ex) { - // Copy directory failed - String msg = Bundle.AddLogicalImageTask_failedToCopyDirectory(src.toString(), dest.toString()); - errorList.add(msg); - logger.log(Level.SEVERE, String.format("Failed to copy directory %s to %s", src.toString(), dest.toString()), ex); - callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources); - return; - } - - // Add the alert.txt and users.txt to the case report + // Add the alert.txt and users.txt to the case report progressMonitor.setProgressText(Bundle.AddLogicalImageTask_addingToReport(ALERT_TXT)); String status = addReport(Paths.get(dest.toString(), ALERT_TXT), ALERT_TXT + " " + src.getName()); if (status != null) { diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/Bundle.properties-MERGED index 32bd3c7868..2551162ab2 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/Bundle.properties-MERGED +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/Bundle.properties-MERGED @@ -39,6 +39,8 @@ AddMultipleImageTask.nonCriticalErrorAdding=Non-critical error adding {0} for de LogicalImagerDSProcessor.dataSourceType=Autopsy Logical Imager Results # {0} - directory LogicalImagerDSProcessor.directoryAlreadyExists=Directory {0} already exists +# {0} - sparseImageDirectory +LogicalImagerDSProcessor.directoryDoesNotContainSparseImage=Directory {0} does not contain any images # {0} - directory LogicalImagerDSProcessor.failToCreateDirectory=Failed to create directory {0} # {0} - file diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerDSProcessor.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerDSProcessor.java index da9d5f7aa6..ae0f3d533f 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerDSProcessor.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerDSProcessor.java @@ -19,6 +19,7 @@ package org.sleuthkit.autopsy.logicalimager.dsp; import java.io.File; +import java.io.FilenameFilter; import java.io.IOException; import java.nio.file.Path; import java.nio.file.Paths; @@ -27,9 +28,11 @@ import java.util.Calendar; import java.util.List; import java.util.UUID; import javax.swing.JPanel; +import org.apache.commons.io.FileUtils; import org.openide.util.NbBundle.Messages; import org.openide.util.lookup.ServiceProvider; import org.openide.util.lookup.ServiceProviders; +import org.sleuthkit.autopsy.casemodule.AddLocalFilesTask; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; import org.sleuthkit.autopsy.corecomponentinterfaces.DataSourceProcessor; @@ -131,7 +134,10 @@ public final class LogicalImagerDSProcessor implements DataSourceProcessor { "# {0} - directory", "LogicalImagerDSProcessor.failToCreateDirectory=Failed to create directory {0}", "# {0} - directory", "LogicalImagerDSProcessor.directoryAlreadyExists=Directory {0} already exists", "# {0} - file", "LogicalImagerDSProcessor.failToGetCanonicalPath=Fail to get canonical path for {0}", - "LogicalImagerDSProcessor.noCurrentCase=No current case",}) + "LogicalImagerDSProcessor.noCurrentCase=No current case", + "# {0} - sparseImageDirectory", "LogicalImagerDSProcessor.directoryDoesNotContainSparseImage=Directory {0} does not contain any images", + + }) @Override public void run(DataSourceProcessorProgressMonitor progressMonitor, DataSourceProcessorCallback callback) { configPanel.storeSettings(); @@ -170,9 +176,21 @@ public final class LogicalImagerDSProcessor implements DataSourceProcessor { } File src = imageDirPath.toFile(); + try { + progressMonitor.setProgressText(Bundle.AddLogicalImageTask_copyingImageFromTo(src.toString(), dest.toString())); + FileUtils.copyDirectory(src, dest); + progressMonitor.setProgressText(Bundle.AddLogicalImageTask_doneCopying()); + } catch (IOException ex) { + // Copy directory failed + String msg = Bundle.AddLogicalImageTask_failedToCopyDirectory(src.toString(), dest.toString()); + errorList.add(msg); + callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources); + return; + } + // Get all VHD files in the src directory List imagePaths = new ArrayList<>(); - for (File f : src.listFiles()) { + for (File f : dest.listFiles()) { if (f.getName().endsWith(".vhd")) { try { imagePaths.add(f.getCanonicalPath()); @@ -184,17 +202,39 @@ public final class LogicalImagerDSProcessor implements DataSourceProcessor { } } } - try { - String deviceId = UUID.randomUUID().toString(); - String timeZone = Calendar.getInstance().getTimeZone().getID(); - run(deviceId, imagePaths, - timeZone, src, dest, - progressMonitor, callback); - } catch (NoCurrentCaseException ex) { - String msg = Bundle.LogicalImagerDSProcessor_noCurrentCase(); - errorList.add(msg); - callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources); - return; + String deviceId = UUID.randomUUID().toString(); + if (imagePaths.isEmpty()) { + // No VHD in src directory, try ingest directories using Logical File Set + String[] directories = dest.list(new FilenameFilter() { + @Override + public boolean accept(File dir, String name) { + return Paths.get(dir.toString(), name).toFile().isDirectory(); + } + }); + for (String dir : directories) { + imagePaths.add(Paths.get(dest.toString(), dir).toFile().getAbsolutePath()); + } + if (imagePaths.isEmpty()) { + String msg = Bundle.LogicalImagerDSProcessor_directoryDoesNotContainSparseImage(dest); + errorList.add(msg); + callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources); + return; + } + + // ingest the directories + new Thread(new AddLocalFilesTask(deviceId, null, imagePaths, progressMonitor, callback)).start(); + + } else { + try { + String timeZone = Calendar.getInstance().getTimeZone().getID(); + run(deviceId, imagePaths, + timeZone, src, dest, + progressMonitor, callback); + } catch (NoCurrentCaseException ex) { + String msg = Bundle.LogicalImagerDSProcessor_noCurrentCase(); + errorList.add(msg); + callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources); + } } } diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java index 06722722d6..d491c77778 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java @@ -333,9 +333,19 @@ final class LogicalImagerPanel extends JPanel implements DocumentListener { } }); if (vhdFiles.length == 0) { - setErrorMessage(Bundle.LogicalImagerPanel_messageLabel_directoryDoesNotContainSparseImage(path)); - firePropertyChange(DataSourceProcessor.DSP_PANEL_EVENT.UPDATE_UI.toString(), true, false); - return; + // No VHD files, try directories for individual files + String[] directories = dir.list(new FilenameFilter() { + @Override + public boolean accept(File dir, String name) { + return Paths.get(dir.toString(), name).toFile().isDirectory(); + } + }); + if (directories.length == 0) { + // No directories, bail + setErrorMessage(Bundle.LogicalImagerPanel_messageLabel_directoryDoesNotContainSparseImage(path)); + firePropertyChange(DataSourceProcessor.DSP_PANEL_EVENT.UPDATE_UI.toString(), true, false); + return; + } } manualImageDirPath = Paths.get(path); setNormalMessage(path); From bca13c0808c089a405fb9d69ca11c5a040950943 Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Tue, 13 Aug 2019 14:04:54 -0400 Subject: [PATCH 03/25] Add Create VHD checkbox to configuration panel --- .../configuration/Bundle.properties | 1 + .../configuration/Bundle.properties-MERGED | 2 ++ .../configuration/ConfigVisualPanel2.form | 14 +++++++++++- .../configuration/ConfigVisualPanel2.java | 22 ++++++++++++++++--- .../configuration/LogicalImagerConfig.java | 17 ++++++++++++++ .../LogicalImagerConfigDeserializer.java | 8 ++++++- 6 files changed, 59 insertions(+), 5 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties index 65fa3dd72d..6a77371df1 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties @@ -122,3 +122,4 @@ EditNonFullPathsRulePanel.fileNamesInfoLabel.text=File names are case insensitiv EditNonFullPathsRulePanel.extensionsInfoLabel.text=Extensions are case insensitive. ConfigVisualPanel2.promptBeforeExit.text=Prompt before exiting imager ConfigVisualPanel2.promptBeforeExit.actionCommand= +ConfigVisualPanel2.createVHDCheckBox.text=Create VHD diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED index 3e6aad34de..d0c05b6ef4 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED @@ -191,6 +191,8 @@ EditNonFullPathsRulePanel.fileNamesInfoLabel.text=File names are case insensitiv EditNonFullPathsRulePanel.extensionsInfoLabel.text=Extensions are case insensitive. ConfigVisualPanel2.promptBeforeExit.text=Prompt before exiting imager ConfigVisualPanel2.promptBeforeExit.actionCommand= +ConfigVisualPanel2.createVHDCheckBox.toolTipText= +ConfigVisualPanel2.createVHDCheckBox.text=Create VHD NewRuleSetPanel.attributeRule.description=Search for files based on one or more attributes or metadata fields. NewRuleSetPanel.attributeRule.name=Attribute NewRuleSetPanel.fullPathRule.description=Search for files based on full exact match path. diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel2.form b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel2.form index b5725173df..5628bdb709 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel2.form +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel2.form @@ -103,6 +103,7 @@ + @@ -193,7 +194,8 @@ - + + @@ -582,5 +584,15 @@ + + + + + + + + + + diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel2.java b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel2.java index 65fe93fcd3..cadd5e7cca 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel2.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel2.java @@ -111,6 +111,7 @@ final class ConfigVisualPanel2 extends JPanel { maxSizeLabel = new javax.swing.JLabel(); maxSizeTextField = new javax.swing.JFormattedTextField(); promptBeforeExit = new javax.swing.JCheckBox(); + createVHDCheckBox = new javax.swing.JCheckBox(); org.openide.awt.Mnemonics.setLocalizedText(modifiedDateLabel, org.openide.util.NbBundle.getMessage(ConfigVisualPanel2.class, "ConfigVisualPanel2.modifiedDateLabel.text")); // NOI18N @@ -264,6 +265,13 @@ final class ConfigVisualPanel2 extends JPanel { } }); + org.openide.awt.Mnemonics.setLocalizedText(createVHDCheckBox, org.openide.util.NbBundle.getMessage(ConfigVisualPanel2.class, "ConfigVisualPanel2.createVHDCheckBox.text")); // NOI18N + createVHDCheckBox.addActionListener(new java.awt.event.ActionListener() { + public void actionPerformed(java.awt.event.ActionEvent evt) { + createVHDCheckBoxActionPerformed(evt); + } + }); + javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this); this.setLayout(layout); layout.setHorizontalGroup( @@ -338,7 +346,8 @@ final class ConfigVisualPanel2 extends JPanel { .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addComponent(flagEncryptionProgramsCheckBox) .addComponent(finalizeImageWriter) - .addComponent(promptBeforeExit)) + .addComponent(promptBeforeExit) + .addComponent(createVHDCheckBox)) .addGap(0, 0, Short.MAX_VALUE)) .addComponent(jSeparator1))))) ); @@ -412,7 +421,8 @@ final class ConfigVisualPanel2 extends JPanel { .addComponent(finalizeImageWriter) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) .addComponent(promptBeforeExit) - .addGap(21, 21, 21)))) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(createVHDCheckBox)))) ); }// //GEN-END:initComponents @@ -546,6 +556,10 @@ final class ConfigVisualPanel2 extends JPanel { config.setPromptBeforeExit(promptBeforeExit.isSelected()); }//GEN-LAST:event_promptBeforeExitActionPerformed + private void createVHDCheckBoxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_createVHDCheckBoxActionPerformed + config.setCreateVHD(createVHDCheckBox.isSelected()); + }//GEN-LAST:event_createVHDCheckBoxActionPerformed + /** * Set the whether the a rule for detecting encryption programs will be * added to the rules in this config @@ -588,6 +602,7 @@ final class ConfigVisualPanel2 extends JPanel { // Variables declaration - do not modify//GEN-BEGIN:variables private javax.swing.JTextField configFileTextField; + private javax.swing.JCheckBox createVHDCheckBox; private javax.swing.JLabel daysIncludedLabel; private javax.swing.JButton deleteRuleButton; private javax.swing.JTextField descriptionEditTextField; @@ -638,13 +653,14 @@ final class ConfigVisualPanel2 extends JPanel { * Update the panel to reflect the rules in the current config * * @param configFilePath path of the config file being modified - * @param config contents of the config file being modifed + * @param config contents of the config file being modified * @param rowSelectionkey the name of the rule to select by default */ private void updatePanel(String configFilePath, LogicalImagerConfig config, String rowSelectionkey) { configFileTextField.setText(configFilePath); finalizeImageWriter.setSelected(config.isFinalizeImageWriter()); promptBeforeExit.setSelected(config.isPromptBeforeExit()); + createVHDCheckBox.setSelected(config.isCreateVHD()); LogicalImagerRuleSet ruleSet = getRuleSetFromCurrentConfig(); flagEncryptionProgramsCheckBox.setSelected(ruleSet.find(EncryptionProgramsRule.getName()) != null); RulesTableModel rulesTableModel = new RulesTableModel(); diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/LogicalImagerConfig.java b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/LogicalImagerConfig.java index 9d1c175de3..0dd40a7d9a 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/LogicalImagerConfig.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/LogicalImagerConfig.java @@ -42,6 +42,10 @@ class LogicalImagerConfig { @Expose(serialize = true) private boolean promptBeforeExit; + @SerializedName("create-VHD") + @Expose(serialize = true) + private boolean createVHD; + @SerializedName("rule-sets") @Expose(serialize = true) private List ruleSets; @@ -50,6 +54,7 @@ class LogicalImagerConfig { this.version = CURRENT_VERSION; this.finalizeImageWriter = false; this.promptBeforeExit = true; + this.createVHD = false; this.ruleSets = new ArrayList<>(); } @@ -60,6 +65,7 @@ class LogicalImagerConfig { this.version = CURRENT_VERSION; this.finalizeImageWriter = finalizeImageWriter; this.promptBeforeExit = true; + this.createVHD = false; this.ruleSets = ruleSets; } @@ -71,6 +77,7 @@ class LogicalImagerConfig { this.version = version; this.finalizeImageWriter = finalizeImageWriter; this.promptBeforeExit = true; + this.createVHD = false; this.ruleSets = ruleSets; } @@ -78,11 +85,13 @@ class LogicalImagerConfig { String version, boolean finalizeImageWriter, boolean promptBeforeExit, + boolean creatVHD, List ruleSets ) { this.version = version; this.finalizeImageWriter = finalizeImageWriter; this.promptBeforeExit = promptBeforeExit; + this.createVHD = creatVHD; this.ruleSets = ruleSets; } @@ -114,6 +123,14 @@ class LogicalImagerConfig { this.promptBeforeExit = promptBeforeExit; } + boolean isCreateVHD() { + return createVHD; + } + + void setCreateVHD(boolean createVHD) { + this.createVHD = createVHD; + } + List getRuleSets() { return ruleSets; } diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/LogicalImagerConfigDeserializer.java b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/LogicalImagerConfigDeserializer.java index dd433b68cf..d14fa31ccf 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/LogicalImagerConfigDeserializer.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/LogicalImagerConfigDeserializer.java @@ -46,6 +46,7 @@ class LogicalImagerConfigDeserializer implements JsonDeserializer parseRules(JsonArray asJsonArray) { From 774ef43a22ea4d34928886c1fa99726fddbba447 Mon Sep 17 00:00:00 2001 From: Kelly Kelly Date: Wed, 14 Aug 2019 11:29:36 -0400 Subject: [PATCH 04/25] cvt-Modified label on Summary Panel --- .../autopsy/communications/relationships/Bundle.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/communications/relationships/Bundle.properties b/Core/src/org/sleuthkit/autopsy/communications/relationships/Bundle.properties index 9eb64c45be..4d0b858691 100755 --- a/Core/src/org/sleuthkit/autopsy/communications/relationships/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/communications/relationships/Bundle.properties @@ -18,6 +18,6 @@ MessageViewer.backButton.AccessibleContext.accessibleDescription= MessageViewer.backButton.text=Threads MessageViewer.showAllButton.text=All Messages SummaryViewer.thumbnailCntLabel.text=Media Attachments: -SummaryViewer.attachmentsLable.text=Attachments: +SummaryViewer.attachmentsLable.text=Total Attachments: SummaryViewer.thumbnailsDataLabel.text=attachments -SummaryViewer.attachmentDataLabel.text=jLabel1 +SummaryViewer.attachmentDataLabel.text=count From 0f15e20fd3771e263c661b4699ffc047cc2387e8 Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Wed, 14 Aug 2019 14:03:31 -0400 Subject: [PATCH 05/25] Copy the source directory in AddLogicalImageTask, so progress monitor works --- .../configuration/Bundle.properties-MERGED | 1 - .../dsp/AddLogicalImageTask.java | 96 +++++++++++++++++-- .../dsp/Bundle.properties-MERGED | 10 +- .../dsp/LogicalImagerDSProcessor.java | 74 ++------------ 4 files changed, 102 insertions(+), 79 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED index d0c05b6ef4..cec2da7dfb 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED @@ -191,7 +191,6 @@ EditNonFullPathsRulePanel.fileNamesInfoLabel.text=File names are case insensitiv EditNonFullPathsRulePanel.extensionsInfoLabel.text=Extensions are case insensitive. ConfigVisualPanel2.promptBeforeExit.text=Prompt before exiting imager ConfigVisualPanel2.promptBeforeExit.actionCommand= -ConfigVisualPanel2.createVHDCheckBox.toolTipText= ConfigVisualPanel2.createVHDCheckBox.text=Create VHD NewRuleSetPanel.attributeRule.description=Search for files based on one or more attributes or metadata fields. NewRuleSetPanel.attributeRule.name=Attribute diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java index cac1ea4345..01ae872c45 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java @@ -19,12 +19,16 @@ package org.sleuthkit.autopsy.logicalimager.dsp; import java.io.File; +import java.io.FilenameFilter; +import java.io.IOException; import java.nio.file.Path; import java.nio.file.Paths; import java.util.ArrayList; import java.util.List; import java.util.logging.Level; +import org.apache.commons.io.FileUtils; import org.openide.util.NbBundle.Messages; +import org.sleuthkit.autopsy.casemodule.AddLocalFilesTask; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; import org.sleuthkit.autopsy.corecomponentinterfaces.DataSourceProcessorCallback; @@ -38,24 +42,28 @@ import org.sleuthkit.datamodel.TskCoreException; * alert.txt and users.txt files to report - add an image data source to the * case database. */ -final class AddLogicalImageTask extends AddMultipleImageTask { +final class AddLogicalImageTask implements Runnable { - private final static Logger logger = Logger.getLogger(AddLogicalImageTask.class.getName()); + private final static Logger LOGGER = Logger.getLogger(AddLogicalImageTask.class.getName()); private final static String ALERT_TXT = "alert.txt"; //NON-NLS private final static String USERS_TXT = "users.txt"; //NON-NLS + private final String deviceId; + private final String timeZone; private final File src; private final File dest; private final DataSourceProcessorCallback callback; private final DataSourceProcessorProgressMonitor progressMonitor; + private volatile boolean cancelled; + AddLogicalImageTask(String deviceId, - List imagePaths, String timeZone, File src, File dest, DataSourceProcessorProgressMonitor progressMonitor, DataSourceProcessorCallback callback ) throws NoCurrentCaseException { - super(deviceId, imagePaths, timeZone, progressMonitor, callback); + this.deviceId = deviceId; + this.timeZone = timeZone; this.src = src; this.dest = dest; this.progressMonitor = progressMonitor; @@ -71,14 +79,34 @@ final class AddLogicalImageTask extends AddMultipleImageTask { "AddLogicalImageTask.doneCopying=Done copying", "# {0} - src", "# {1} - dest", "AddLogicalImageTask.failedToCopyDirectory=Failed to copy directory {0} to {1}", "# {0} - file", "AddLogicalImageTask.addingToReport=Adding {0} to report", - "# {0} - file", "AddLogicalImageTask.doneAddingToReport=Done adding {0} to report" + "# {0} - file", "AddLogicalImageTask.doneAddingToReport=Done adding {0} to report", + "AddLogicalImageTask.ingestionCancelled=Ingestion cancelled", + "# {0} - file", "AddLogicalImageTask.failToGetCanonicalPath=Fail to get canonical path for {0}", + "# {0} - sparseImageDirectory", "AddLogicalImageTask.directoryDoesNotContainSparseImage=Directory {0} does not contain any images", + "AddLogicalImageTask.noCurrentCase=No current case", }) @Override public void run() { List errorList = new ArrayList<>(); List emptyDataSources = new ArrayList<>(); - // Add the alert.txt and users.txt to the case report + try { + progressMonitor.setProgressText(Bundle.AddLogicalImageTask_copyingImageFromTo(src.toString(), dest.toString())); + FileUtils.copyDirectory(src, dest); + progressMonitor.setProgressText(Bundle.AddLogicalImageTask_doneCopying()); + } catch (IOException ex) { + // Copy directory failed + String msg = Bundle.AddLogicalImageTask_failedToCopyDirectory(src.toString(), dest.toString()); + errorList.add(msg); + callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources); + return; + } + + if (cancelled) { + return; + } + + // Add the alert.txt and users.txt to the case report progressMonitor.setProgressText(Bundle.AddLogicalImageTask_addingToReport(ALERT_TXT)); String status = addReport(Paths.get(dest.toString(), ALERT_TXT), ALERT_TXT + " " + src.getName()); if (status != null) { @@ -97,7 +125,50 @@ final class AddLogicalImageTask extends AddMultipleImageTask { } progressMonitor.setProgressText(Bundle.AddLogicalImageTask_doneAddingToReport(USERS_TXT)); - super.run(); + // Get all VHD files in the dest directory + List imagePaths = new ArrayList<>(); + for (File f : dest.listFiles()) { + if (f.getName().endsWith(".vhd")) { + try { + imagePaths.add(f.getCanonicalPath()); + } catch (IOException ex) { + String msg = Bundle.AddLogicalImageTask_failToGetCanonicalPath(f.getName()); + errorList.add(msg); + callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources); + return; + } + } + } + if (imagePaths.isEmpty()) { + // No VHD in src directory, try ingest directories using Logical File Set + String[] directories = dest.list(new FilenameFilter() { + @Override + public boolean accept(File dir, String name) { + return Paths.get(dir.toString(), name).toFile().isDirectory(); + } + }); + for (String dir : directories) { + imagePaths.add(Paths.get(dest.toString(), dir).toFile().getAbsolutePath()); + } + if (imagePaths.isEmpty()) { + String msg = Bundle.AddLogicalImageTask_directoryDoesNotContainSparseImage(dest); + errorList.add(msg); + callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources); + return; + } + + // ingest the directories + new Thread(new AddLocalFilesTask(deviceId, null, imagePaths, progressMonitor, callback)).start(); + } else { + // ingest the VHDs + try { + new Thread(new AddMultipleImageTask(deviceId, imagePaths, timeZone , progressMonitor, callback)).start(); + } catch (NoCurrentCaseException ex) { + String msg = Bundle.AddLogicalImageTask_noCurrentCase(); + errorList.add(msg); + callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources); + } + } } /** @@ -121,8 +192,17 @@ final class AddLogicalImageTask extends AddMultipleImageTask { return null; } catch (TskCoreException ex) { String msg = Bundle.AddLogicalImageTask_failedToAddReport(reportPath.toString(), ex.getMessage()); - logger.log(Level.SEVERE, String.format("Failed to add report %s. Reason= %s", reportPath.toString(), ex.getMessage()), ex); + LOGGER.log(Level.SEVERE, String.format("Failed to add report %s. Reason= %s", reportPath.toString(), ex.getMessage()), ex); return msg; } } + + /** + * Attempts to cancel the processing of the input image files. May result in + * partial processing of the input. + */ + void cancelTask() { + LOGGER.log(Level.WARNING, "AddLogicalImageTask cancelled, processing may be incomplete"); // NON-NLS + cancelled = true; + } } diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/Bundle.properties-MERGED index 2551162ab2..d9c56237be 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/Bundle.properties-MERGED +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/Bundle.properties-MERGED @@ -7,6 +7,8 @@ AddLogicalImageTask.addingToReport=Adding {0} to report # {0} - src # {1} - dest AddLogicalImageTask.copyingImageFromTo=Copying image from {0} to {1} +# {0} - sparseImageDirectory +AddLogicalImageTask.directoryDoesNotContainSparseImage=Directory {0} does not contain any images # {0} - file AddLogicalImageTask.doneAddingToReport=Done adding {0} to report AddLogicalImageTask.doneCopying=Done copying @@ -16,6 +18,10 @@ AddLogicalImageTask.failedToAddReport=Failed to add report {0}. Reason= {1} # {0} - src # {1} - dest AddLogicalImageTask.failedToCopyDirectory=Failed to copy directory {0} to {1} +# {0} - file +AddLogicalImageTask.failToGetCanonicalPath=Fail to get canonical path for {0} +AddLogicalImageTask.ingestionCancelled=Ingestion cancelled +AddLogicalImageTask.noCurrentCase=No current case # {0} - imageFilePath AddMultipleImageTask.adding=Adding: {0} # {0} - file @@ -39,12 +45,8 @@ AddMultipleImageTask.nonCriticalErrorAdding=Non-critical error adding {0} for de LogicalImagerDSProcessor.dataSourceType=Autopsy Logical Imager Results # {0} - directory LogicalImagerDSProcessor.directoryAlreadyExists=Directory {0} already exists -# {0} - sparseImageDirectory -LogicalImagerDSProcessor.directoryDoesNotContainSparseImage=Directory {0} does not contain any images # {0} - directory LogicalImagerDSProcessor.failToCreateDirectory=Failed to create directory {0} -# {0} - file -LogicalImagerDSProcessor.failToGetCanonicalPath=Fail to get canonical path for {0} # {0} - imageDirPath LogicalImagerDSProcessor.imageDirPathNotFound={0} not found.\nUSB drive has been ejected. LogicalImagerDSProcessor.noCurrentCase=No current case diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerDSProcessor.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerDSProcessor.java index ae0f3d533f..8a66270f55 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerDSProcessor.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerDSProcessor.java @@ -19,8 +19,6 @@ package org.sleuthkit.autopsy.logicalimager.dsp; import java.io.File; -import java.io.FilenameFilter; -import java.io.IOException; import java.nio.file.Path; import java.nio.file.Paths; import java.util.ArrayList; @@ -28,11 +26,9 @@ import java.util.Calendar; import java.util.List; import java.util.UUID; import javax.swing.JPanel; -import org.apache.commons.io.FileUtils; import org.openide.util.NbBundle.Messages; import org.openide.util.lookup.ServiceProvider; import org.openide.util.lookup.ServiceProviders; -import org.sleuthkit.autopsy.casemodule.AddLocalFilesTask; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; import org.sleuthkit.autopsy.corecomponentinterfaces.DataSourceProcessor; @@ -133,10 +129,7 @@ public final class LogicalImagerDSProcessor implements DataSourceProcessor { "# {0} - imageDirPath", "LogicalImagerDSProcessor.imageDirPathNotFound={0} not found.\nUSB drive has been ejected.", "# {0} - directory", "LogicalImagerDSProcessor.failToCreateDirectory=Failed to create directory {0}", "# {0} - directory", "LogicalImagerDSProcessor.directoryAlreadyExists=Directory {0} already exists", - "# {0} - file", "LogicalImagerDSProcessor.failToGetCanonicalPath=Fail to get canonical path for {0}", "LogicalImagerDSProcessor.noCurrentCase=No current case", - "# {0} - sparseImageDirectory", "LogicalImagerDSProcessor.directoryDoesNotContainSparseImage=Directory {0} does not contain any images", - }) @Override public void run(DataSourceProcessorProgressMonitor progressMonitor, DataSourceProcessorCallback callback) { @@ -177,64 +170,14 @@ public final class LogicalImagerDSProcessor implements DataSourceProcessor { File src = imageDirPath.toFile(); try { - progressMonitor.setProgressText(Bundle.AddLogicalImageTask_copyingImageFromTo(src.toString(), dest.toString())); - FileUtils.copyDirectory(src, dest); - progressMonitor.setProgressText(Bundle.AddLogicalImageTask_doneCopying()); - } catch (IOException ex) { - // Copy directory failed - String msg = Bundle.AddLogicalImageTask_failedToCopyDirectory(src.toString(), dest.toString()); + String deviceId = UUID.randomUUID().toString(); + String timeZone = Calendar.getInstance().getTimeZone().getID(); + run(deviceId, timeZone, src, dest, + progressMonitor, callback); + } catch (NoCurrentCaseException ex) { + String msg = Bundle.LogicalImagerDSProcessor_noCurrentCase(); errorList.add(msg); callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources); - return; - } - - // Get all VHD files in the src directory - List imagePaths = new ArrayList<>(); - for (File f : dest.listFiles()) { - if (f.getName().endsWith(".vhd")) { - try { - imagePaths.add(f.getCanonicalPath()); - } catch (IOException ex) { - String msg = Bundle.LogicalImagerDSProcessor_failToGetCanonicalPath(f.getName()); - errorList.add(msg); - callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources); - return; - } - } - } - String deviceId = UUID.randomUUID().toString(); - if (imagePaths.isEmpty()) { - // No VHD in src directory, try ingest directories using Logical File Set - String[] directories = dest.list(new FilenameFilter() { - @Override - public boolean accept(File dir, String name) { - return Paths.get(dir.toString(), name).toFile().isDirectory(); - } - }); - for (String dir : directories) { - imagePaths.add(Paths.get(dest.toString(), dir).toFile().getAbsolutePath()); - } - if (imagePaths.isEmpty()) { - String msg = Bundle.LogicalImagerDSProcessor_directoryDoesNotContainSparseImage(dest); - errorList.add(msg); - callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources); - return; - } - - // ingest the directories - new Thread(new AddLocalFilesTask(deviceId, null, imagePaths, progressMonitor, callback)).start(); - - } else { - try { - String timeZone = Calendar.getInstance().getTimeZone().getID(); - run(deviceId, imagePaths, - timeZone, src, dest, - progressMonitor, callback); - } catch (NoCurrentCaseException ex) { - String msg = Bundle.LogicalImagerDSProcessor_noCurrentCase(); - errorList.add(msg); - callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources); - } } } @@ -248,7 +191,6 @@ public final class LogicalImagerDSProcessor implements DataSourceProcessor { * @param deviceId An ASCII-printable identifier for the device * associated with the data source that is intended * to be unique across multiple cases (e.g., a UUID). - * @param imagePaths Paths to the image files. * @param timeZone The time zone to use when processing dates and * times for the image, obtained from * java.util.TimeZone.getID. @@ -258,11 +200,11 @@ public final class LogicalImagerDSProcessor implements DataSourceProcessor { * processing. * @param callback Callback to call when processing is done. */ - private void run(String deviceId, List imagePaths, String timeZone, + private void run(String deviceId, String timeZone, File src, File dest, DataSourceProcessorProgressMonitor progressMonitor, DataSourceProcessorCallback callback ) throws NoCurrentCaseException { - addLogicalImageTask = new AddLogicalImageTask(deviceId, imagePaths, timeZone, src, dest, + addLogicalImageTask = new AddLogicalImageTask(deviceId, timeZone, src, dest, progressMonitor, callback); new Thread(addLogicalImageTask).start(); } From 12870f0fd13afc78a2095f17fd3e5268fa0b86af Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Fri, 16 Aug 2019 00:09:50 -0400 Subject: [PATCH 06/25] Fix adding interesting files for non-VHD source --- .../dsp/AddLogicalImageTask.java | 133 +++++++++++++----- .../dsp/Bundle.properties-MERGED | 5 + 2 files changed, 103 insertions(+), 35 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java index 81c85ebf17..0ac6dfb4ce 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java @@ -20,8 +20,8 @@ package org.sleuthkit.autopsy.logicalimager.dsp; import java.io.BufferedReader; import java.io.File; -import java.io.FilenameFilter; import java.io.FileInputStream; +import java.io.FilenameFilter; import java.io.IOException; import java.io.InputStreamReader; import java.nio.file.Path; @@ -32,21 +32,22 @@ import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.logging.Level; +import org.apache.commons.io.FileUtils; import org.openide.util.NbBundle.Messages; -import org.sleuthkit.autopsy.casemodule.AddLocalFilesTask; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; -import org.sleuthkit.autopsy.casemodule.services.Blackboard; +import org.sleuthkit.autopsy.casemodule.services.FileManager; import org.sleuthkit.autopsy.corecomponentinterfaces.DataSourceProcessorCallback; import org.sleuthkit.autopsy.corecomponentinterfaces.DataSourceProcessorProgressMonitor; import org.sleuthkit.autopsy.coreutils.Logger; -import org.sleuthkit.autopsy.ingest.IngestServices; -import org.sleuthkit.autopsy.ingest.ModuleDataEvent; import org.sleuthkit.datamodel.AbstractFile; +import org.sleuthkit.datamodel.Blackboard; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.Content; +import org.sleuthkit.datamodel.LocalFilesDataSource; import org.sleuthkit.datamodel.TskCoreException; +import org.sleuthkit.datamodel.TskDataException; /** * A runnable that - copy the logical image folder to a destination folder - add @@ -67,7 +68,7 @@ final class AddLogicalImageTask implements Runnable { private final DataSourceProcessorProgressMonitor progressMonitor; private final Blackboard blackboard; private final Case currentCase; - + private volatile boolean cancelled; AddLogicalImageTask(String deviceId, @@ -83,7 +84,7 @@ final class AddLogicalImageTask implements Runnable { this.progressMonitor = progressMonitor; this.callback = callback; this.currentCase = Case.getCurrentCase(); - this.blackboard = this.currentCase.getServices().getBlackboard(); + this.blackboard = this.currentCase.getServices().getArtifactsBlackboard(); } /** @@ -118,6 +119,7 @@ final class AddLogicalImageTask implements Runnable { // Copy directory failed String msg = Bundle.AddLogicalImageTask_failedToCopyDirectory(src.toString(), dest.toString()); errorList.add(msg); + } // Add the SearchResults.txt and users.txt to the case report String resultsFilename; @@ -157,7 +159,7 @@ final class AddLogicalImageTask implements Runnable { if (f.getName().endsWith(".vhd")) { try { imagePaths.add(f.getCanonicalPath()); - } catch (IOException ex) { + } catch (IOException ioe) { String msg = Bundle.AddLogicalImageTask_failToGetCanonicalPath(f.getName()); errorList.add(msg); callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources); @@ -165,7 +167,13 @@ final class AddLogicalImageTask implements Runnable { } } } + + AddMultipleImageTask addMultipleImageTask = null; + List newDataSources = new ArrayList<>(); + boolean createVHD; + if (imagePaths.isEmpty()) { + createVHD = false; // No VHD in src directory, try ingest directories using Logical File Set String[] directories = dest.list(new FilenameFilter() { @Override @@ -173,9 +181,9 @@ final class AddLogicalImageTask implements Runnable { return Paths.get(dir.toString(), name).toFile().isDirectory(); } }); - for (String dir : directories) { - imagePaths.add(Paths.get(dest.toString(), dir).toFile().getAbsolutePath()); - } +// for (String dir : directories) { + imagePaths.add(Paths.get(dest.toString(), "root").toFile().getAbsolutePath()); +// } if (imagePaths.isEmpty()) { String msg = Bundle.AddLogicalImageTask_directoryDoesNotContainSparseImage(dest); errorList.add(msg); @@ -184,11 +192,29 @@ final class AddLogicalImageTask implements Runnable { } // ingest the directories - new Thread(new AddLocalFilesTask(deviceId, null, imagePaths, progressMonitor, callback)).start(); + FileManager fileManager = Case.getCurrentCase().getServices().getFileManager(); + try { + LocalFilesDataSource newDataSource = fileManager.addLocalFilesDataSource(deviceId, "", "", imagePaths, new ProgressUpdater()); + newDataSources.add(newDataSource); + } catch (TskCoreException | TskDataException ex) { + errorList.add(ex.getMessage()); + LOGGER.log(Level.SEVERE, String.format("Failed to add datasource: %s", ex.getMessage()), ex); // NON-NLS + callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources); + } + } else { + createVHD = true; + // ingest the VHDs try { - new Thread(new AddMultipleImageTask(deviceId, imagePaths, timeZone , progressMonitor, callback)).start(); + addMultipleImageTask = new AddMultipleImageTask(deviceId, imagePaths, timeZone , progressMonitor, callback); + addMultipleImageTask.run(); + + if (addMultipleImageTask.getResult() == DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS) { + callback.done(addMultipleImageTask.getResult(), addMultipleImageTask.getErrorMessages(), addMultipleImageTask.getNewDataSources()); + return; + } + } catch (NoCurrentCaseException ex) { String msg = Bundle.AddLogicalImageTask_noCurrentCase(); errorList.add(msg); @@ -196,16 +222,15 @@ final class AddLogicalImageTask implements Runnable { } } - if (super.getResult() == DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS) { - callback.done(super.getResult(), super.getErrorMessages(), super.getNewDataSources()); - return; - } - try { progressMonitor.setProgressText(Bundle.AddLogicalImageTask_addingInterestingFiles()); - addInterestingFiles(dest, Paths.get(dest.toString(), resultsFilename)); + addInterestingFiles(dest, Paths.get(dest.toString(), resultsFilename), createVHD); progressMonitor.setProgressText(Bundle.AddLogicalImageTask_doneAddingInterestingFiles()); - callback.done(super.getResult(), super.getErrorMessages(), super.getNewDataSources()); + if (addMultipleImageTask != null) { + callback.done(addMultipleImageTask.getResult(), addMultipleImageTask.getErrorMessages(), addMultipleImageTask.getNewDataSources()); + } else { + callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.NO_ERRORS, errorList, newDataSources); + } } catch (IOException | TskCoreException ex) { errorList.add(Bundle.AddLogicalImageTask_failedToAddInterestingFiles(ex.getMessage())); LOGGER.log(Level.SEVERE, "Failed to add interesting files", ex); // NON-NLS @@ -264,7 +289,7 @@ final class AddLogicalImageTask implements Runnable { "# {0} - line number", "# {1} - fields length", "# {2} - expected length", "AddLogicalImageTask.notEnoughFields=File does not contain enough fields at line {0}, got {1}, expecting {2}", "# {0} - target image path", "AddLogicalImageTask.cannotFindDataSourceObjId=Cannot find obj_id in tsk_image_names for {0}" }) - private void addInterestingFiles(File src, Path resultsPath) throws IOException, TskCoreException { + private void addInterestingFiles(File src, Path resultsPath, boolean createVHD) throws IOException, TskCoreException { Map> imagePaths = currentCase.getSleuthkitCase().getImagePaths(); Map imagePathToObjIdMap = imagePathsToDataSourceObjId(imagePaths); @@ -279,13 +304,6 @@ final class AddLogicalImageTask implements Runnable { throw new IOException(Bundle.AddLogicalImageTask_notEnoughFields(lineNumber, fields.length, 9)); } String vhdFilename = fields[0]; - - String targetImagePath = Paths.get(src.toString(), vhdFilename).toString(); - Long dataSourceObjId = imagePathToObjIdMap.get(targetImagePath); - if (dataSourceObjId == null) { - throw new TskCoreException(Bundle.AddLogicalImageTask_cannotFindDataSourceObjId(targetImagePath)); - } - // String fileSystemOffsetStr = fields[1]; String fileMetaAddressStr = fields[2]; // String extractStatusStr = fields[3]; @@ -293,10 +311,26 @@ final class AddLogicalImageTask implements Runnable { String ruleName = fields[5]; // String description = fields[6]; String filename = fields[7]; -// String parentPath = fields[8]; - String query = String.format("data_source_obj_id = '%s' AND meta_addr = '%s' AND name = '%s'", // NON-NLS - dataSourceObjId.toString(), fileMetaAddressStr, filename); + String query; + String targetImagePath; + if (createVHD) { + targetImagePath = Paths.get(src.toString(), vhdFilename).toString(); + Long dataSourceObjId = imagePathToObjIdMap.get(targetImagePath); + if (dataSourceObjId == null) { + throw new TskCoreException(Bundle.AddLogicalImageTask_cannotFindDataSourceObjId(targetImagePath)); + } + query = String.format("data_source_obj_id = '%s' AND meta_addr = '%s' AND name = '%s'", // NON-NLS + dataSourceObjId.toString(), fileMetaAddressStr, filename.replace("'", "''")); + } else { + String parentPath = fields[8]; + targetImagePath = Paths.get("root", vhdFilename).toString(); + String tmpRootPath = targetImagePath.replace(".vhd", "").replace("\\", "/"); + String searchParentPath = "/" + tmpRootPath + "/" + parentPath; + query = String.format("name = '%s' AND parent_path = '%s'", // NON-NLS + filename.replace("'", "''"), searchParentPath.replace("'", "''")); + } + List matchedFiles = Case.getCurrentCase().getSleuthkitCase().findAllFilesWhere(query); for (AbstractFile file : matchedFiles) { addInterestingFile(file, ruleSetName, ruleName); @@ -304,8 +338,8 @@ final class AddLogicalImageTask implements Runnable { lineNumber++; } } - IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, - BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT)); +// IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, +// BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT)); } private void addInterestingFile(AbstractFile file, String ruleSetName, String ruleName) throws TskCoreException { @@ -314,16 +348,45 @@ final class AddLogicalImageTask implements Runnable { attributes.add(setNameAttribute); BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, MODULE_NAME, ruleName); attributes.add(ruleNameAttribute); - org.sleuthkit.datamodel.Blackboard tskBlackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard(); + Blackboard tskBlackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard(); if (!tskBlackboard.artifactExists(file, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, attributes)) { BlackboardArtifact artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT); artifact.addAttributes(attributes); try { // index the artifact for keyword search - blackboard.indexArtifact(artifact); + blackboard.postArtifact(artifact, MODULE_NAME); } catch (Blackboard.BlackboardException ex) { LOGGER.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS } } } + + /** + * Updates task progress as the file manager adds the local/logical files + * and/or directories to the case database. + */ + @Messages({ + "# {0} - parent path", "# {1} - filename", "AddLogicalImageTask.localFileAddProgress=Adding: {0}/{1}", + }) + private class ProgressUpdater implements FileManager.FileAddProgressUpdater { + + private int count; + + /** + * Updates task progress (called by the file manager after it adds each + * local file/directory to the case database). + */ + @Override + public void fileAdded(final AbstractFile file) { + ++count; + if (count % 10 == 0) { + progressMonitor.setProgressText( + Bundle.AddLogicalImageTask_localFileAddProgress( + file.getParentPath(), + file.getName() + ) + ); + } + } + } } diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/Bundle.properties-MERGED index a25babfef6..3cecb6f2c7 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/Bundle.properties-MERGED +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/Bundle.properties-MERGED @@ -5,6 +5,8 @@ AddLogicalImageTask.addingInterestingFiles=Adding search results as interesting files # {0} - file AddLogicalImageTask.addingToReport=Adding {0} to report +# {0} - target image path +AddLogicalImageTask.cannotFindDataSourceObjId=Cannot find obj_id in tsk_image_names for {0} # {0} - SearchResults.txt # {1} - directory AddLogicalImageTask.cannotFindFiles=Cannot find {0} in {1} @@ -28,6 +30,9 @@ AddLogicalImageTask.failedToCopyDirectory=Failed to copy directory {0} to {1} # {0} - file AddLogicalImageTask.failToGetCanonicalPath=Fail to get canonical path for {0} AddLogicalImageTask.ingestionCancelled=Ingestion cancelled +# {0} - parent path +# {1} - filename +AddLogicalImageTask.localFileAddProgress=Adding: {0}/{1} AddLogicalImageTask.noCurrentCase=No current case # {0} - line number # {1} - fields length From 0e45fb99a8ebe66fdd4f805d248bd5824ab6abdc Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Fri, 16 Aug 2019 11:35:33 -0400 Subject: [PATCH 07/25] Fix blackboard code --- .../dsp/AddLogicalImageTask.java | 52 ++++++++----------- 1 file changed, 22 insertions(+), 30 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java index 0ac6dfb4ce..843315dbec 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java @@ -21,7 +21,6 @@ package org.sleuthkit.autopsy.logicalimager.dsp; import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; -import java.io.FilenameFilter; import java.io.IOException; import java.io.InputStreamReader; import java.nio.file.Path; @@ -60,6 +59,7 @@ final class AddLogicalImageTask implements Runnable { private final static String SEARCH_RESULTS_TXT = "SearchResults.txt"; //NON-NLS private final static String USERS_TXT = "users.txt"; //NON-NLS private final static String MODULE_NAME = "Logical Imager"; //NON-NLS + private final static String ROOT_STR = "root"; // NON-NLS private final String deviceId; private final String timeZone; private final File src; @@ -174,24 +174,18 @@ final class AddLogicalImageTask implements Runnable { if (imagePaths.isEmpty()) { createVHD = false; - // No VHD in src directory, try ingest directories using Logical File Set - String[] directories = dest.list(new FilenameFilter() { - @Override - public boolean accept(File dir, String name) { - return Paths.get(dir.toString(), name).toFile().isDirectory(); - } - }); -// for (String dir : directories) { - imagePaths.add(Paths.get(dest.toString(), "root").toFile().getAbsolutePath()); -// } - if (imagePaths.isEmpty()) { + // No VHD in src directory, try ingest the root directory using Logical File Set + File root = Paths.get(dest.toString(), ROOT_STR).toFile(); + if (root.exists() && root.isDirectory()) { + imagePaths.add(root.getAbsolutePath()); + } else { String msg = Bundle.AddLogicalImageTask_directoryDoesNotContainSparseImage(dest); errorList.add(msg); callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources); return; } - // ingest the directories + // ingest the root directory FileManager fileManager = Case.getCurrentCase().getServices().getFileManager(); try { LocalFilesDataSource newDataSource = fileManager.addLocalFilesDataSource(deviceId, "", "", imagePaths, new ProgressUpdater()); @@ -204,17 +198,14 @@ final class AddLogicalImageTask implements Runnable { } else { createVHD = true; - // ingest the VHDs try { addMultipleImageTask = new AddMultipleImageTask(deviceId, imagePaths, timeZone , progressMonitor, callback); addMultipleImageTask.run(); - if (addMultipleImageTask.getResult() == DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS) { callback.done(addMultipleImageTask.getResult(), addMultipleImageTask.getErrorMessages(), addMultipleImageTask.getNewDataSources()); return; } - } catch (NoCurrentCaseException ex) { String msg = Bundle.AddLogicalImageTask_noCurrentCase(); errorList.add(msg); @@ -295,6 +286,7 @@ final class AddLogicalImageTask implements Runnable { try (BufferedReader br = new BufferedReader(new InputStreamReader( new FileInputStream(resultsPath.toFile()), "UTF8"))) { // NON-NLS + List artifacts = new ArrayList<>(); String line; br.readLine(); // skip the header line int lineNumber = 2; @@ -324,40 +316,40 @@ final class AddLogicalImageTask implements Runnable { dataSourceObjId.toString(), fileMetaAddressStr, filename.replace("'", "''")); } else { String parentPath = fields[8]; - targetImagePath = Paths.get("root", vhdFilename).toString(); + targetImagePath = Paths.get(ROOT_STR, vhdFilename).toString(); String tmpRootPath = targetImagePath.replace(".vhd", "").replace("\\", "/"); String searchParentPath = "/" + tmpRootPath + "/" + parentPath; - query = String.format("name = '%s' AND parent_path = '%s'", // NON-NLS + query = String.format("name = '%s' AND parent_path = '%s'", // NON-NLS filename.replace("'", "''"), searchParentPath.replace("'", "''")); } + // TODO - findAllFilesWhere should SQL-escape the query List matchedFiles = Case.getCurrentCase().getSleuthkitCase().findAllFilesWhere(query); for (AbstractFile file : matchedFiles) { - addInterestingFile(file, ruleSetName, ruleName); + addInterestingFileToArtifacts(file, ruleSetName, ruleName, artifacts); } lineNumber++; + } // end reading file + + try { + // index the artifact for keyword search + blackboard.postArtifacts(artifacts, MODULE_NAME); + } catch (Blackboard.BlackboardException ex) { + LOGGER.log(Level.SEVERE, "Unable to post artifacts to blackboard", ex); //NON-NLS } } -// IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, -// BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT)); } - private void addInterestingFile(AbstractFile file, String ruleSetName, String ruleName) throws TskCoreException { + private void addInterestingFileToArtifacts(AbstractFile file, String ruleSetName, String ruleName, List artifacts) throws TskCoreException { Collection attributes = new ArrayList<>(); BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME, ruleSetName); attributes.add(setNameAttribute); BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, MODULE_NAME, ruleName); attributes.add(ruleNameAttribute); - Blackboard tskBlackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard(); - if (!tskBlackboard.artifactExists(file, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, attributes)) { + if (!blackboard.artifactExists(file, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, attributes)) { BlackboardArtifact artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT); artifact.addAttributes(attributes); - try { - // index the artifact for keyword search - blackboard.postArtifact(artifact, MODULE_NAME); - } catch (Blackboard.BlackboardException ex) { - LOGGER.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS - } + artifacts.add(artifact); } } From 0b09d8ad3b23601a61488a9de542ceac17d5e455 Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Fri, 16 Aug 2019 11:37:35 -0400 Subject: [PATCH 08/25] Fix VHD extension --- .../autopsy/logicalimager/dsp/AddLogicalImageTask.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java index 843315dbec..89887d7999 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java @@ -60,6 +60,7 @@ final class AddLogicalImageTask implements Runnable { private final static String USERS_TXT = "users.txt"; //NON-NLS private final static String MODULE_NAME = "Logical Imager"; //NON-NLS private final static String ROOT_STR = "root"; // NON-NLS + private final static String VHD_EXTENSION = ".vhd"; // NON-NLS private final String deviceId; private final String timeZone; private final File src; @@ -156,7 +157,7 @@ final class AddLogicalImageTask implements Runnable { // Get all VHD files in the dest directory List imagePaths = new ArrayList<>(); for (File f : dest.listFiles()) { - if (f.getName().endsWith(".vhd")) { + if (f.getName().endsWith(VHD_EXTENSION)) { try { imagePaths.add(f.getCanonicalPath()); } catch (IOException ioe) { @@ -317,7 +318,8 @@ final class AddLogicalImageTask implements Runnable { } else { String parentPath = fields[8]; targetImagePath = Paths.get(ROOT_STR, vhdFilename).toString(); - String tmpRootPath = targetImagePath.replace(".vhd", "").replace("\\", "/"); + // vhdFilename have .vhd extension, we don't + String tmpRootPath = targetImagePath.replace("\\", "/"); String searchParentPath = "/" + tmpRootPath + "/" + parentPath; query = String.format("name = '%s' AND parent_path = '%s'", // NON-NLS filename.replace("'", "''"), searchParentPath.replace("'", "''")); From 1bd04489db80a60e3206d7863251953b3b9dd245 Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Mon, 19 Aug 2019 09:48:31 -0400 Subject: [PATCH 09/25] check directory for either VHD or subdir --- .../autopsy/logicalimager/dsp/LogicalImagerPanel.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java index d491c77778..1cdf09286b 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java @@ -370,11 +370,11 @@ final class LogicalImagerPanel extends JPanel implements DocumentListener { } } - private boolean dirHasVhdFiles(File dir) { - File[] fList = dir.listFiles(new FilenameFilter() { + private boolean dirHasImagerResult(File dir) { + String[] fList = dir.list(new FilenameFilter() { @Override public boolean accept(File dir, String name) { - return name.endsWith(".vhd"); + return name.endsWith(".vhd") || Paths.get(dir.toString(), name).toFile().isDirectory(); } }); return (fList != null && fList.length != 0); @@ -392,9 +392,9 @@ final class LogicalImagerPanel extends JPanel implements DocumentListener { if (fList != null) { imageTableModel = new ImageTableModel(); // Find all directories with name like Logical_Imager_HOSTNAME_yyyymmdd_HH_MM_SS - // and has vhd files in it + // and has Logical Imager result in it for (File file : fList) { - if (file.isDirectory() && dirHasVhdFiles(file)) { + if (file.isDirectory() && dirHasImagerResult(file)) { String dir = file.getName(); Matcher m = regex.matcher(dir); if (m.find()) { From 1944eb672e1d8f60c8d2414ab97c93cebbe257f1 Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dsmyda" Date: Tue, 20 Aug 2019 17:00:00 -0400 Subject: [PATCH 10/25] Removed the location column filter for FS files and reordered the location property in the AAFN --- .../sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java | 2 +- .../sleuthkit/autopsy/directorytree/DataResultFilterNode.java | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java index eeacf491bf..145906f785 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java @@ -336,12 +336,12 @@ public abstract class AbstractAbstractFileNode extends A backgroundTasksPool.submit(new GetSCOTask( new WeakReference<>(this), weakPcl)); - properties.add(new NodeProperty<>(LOCATION.toString(), LOCATION.toString(), NO_DESCR, getContentPath(content))); properties.add(new NodeProperty<>(MOD_TIME.toString(), MOD_TIME.toString(), NO_DESCR, ContentUtils.getStringTime(content.getMtime(), content))); properties.add(new NodeProperty<>(CHANGED_TIME.toString(), CHANGED_TIME.toString(), NO_DESCR, ContentUtils.getStringTime(content.getCtime(), content))); properties.add(new NodeProperty<>(ACCESS_TIME.toString(), ACCESS_TIME.toString(), NO_DESCR, ContentUtils.getStringTime(content.getAtime(), content))); properties.add(new NodeProperty<>(CREATED_TIME.toString(), CREATED_TIME.toString(), NO_DESCR, ContentUtils.getStringTime(content.getCrtime(), content))); properties.add(new NodeProperty<>(SIZE.toString(), SIZE.toString(), NO_DESCR, content.getSize())); + properties.add(new NodeProperty<>(LOCATION.toString(), LOCATION.toString(), NO_DESCR, getContentPath(content))); properties.add(new NodeProperty<>(FLAGS_DIR.toString(), FLAGS_DIR.toString(), NO_DESCR, content.getDirFlagAsString())); properties.add(new NodeProperty<>(FLAGS_META.toString(), FLAGS_META.toString(), NO_DESCR, content.getMetaFlagsAsString())); properties.add(new NodeProperty<>(KNOWN.toString(), KNOWN.toString(), NO_DESCR, content.getKnown().getName())); diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/DataResultFilterNode.java b/Core/src/org/sleuthkit/autopsy/directorytree/DataResultFilterNode.java index 3c206049d6..14aceaf14f 100644 --- a/Core/src/org/sleuthkit/autopsy/directorytree/DataResultFilterNode.java +++ b/Core/src/org/sleuthkit/autopsy/directorytree/DataResultFilterNode.java @@ -179,9 +179,7 @@ public class DataResultFilterNode extends FilterNode { newPs.setShortDescription(ps.getShortDescription()); newPs.put(ps.getProperties()); - if (newPs.remove(AbstractFsContentNode.HIDE_PARENT) != null) { - newPs.remove(AbstractFilePropertyType.LOCATION.toString()); - } + newPs.remove(AbstractFsContentNode.HIDE_PARENT); propertySets[i] = newPs; } } From b79b5c5b7774c2dcd180f2c0f121d5540ab5ddd6 Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dsmyda" Date: Tue, 20 Aug 2019 17:02:26 -0400 Subject: [PATCH 11/25] Looks better before hash :) --- .../sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java index 145906f785..e02a4ff776 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java @@ -341,10 +341,10 @@ public abstract class AbstractAbstractFileNode extends A properties.add(new NodeProperty<>(ACCESS_TIME.toString(), ACCESS_TIME.toString(), NO_DESCR, ContentUtils.getStringTime(content.getAtime(), content))); properties.add(new NodeProperty<>(CREATED_TIME.toString(), CREATED_TIME.toString(), NO_DESCR, ContentUtils.getStringTime(content.getCrtime(), content))); properties.add(new NodeProperty<>(SIZE.toString(), SIZE.toString(), NO_DESCR, content.getSize())); - properties.add(new NodeProperty<>(LOCATION.toString(), LOCATION.toString(), NO_DESCR, getContentPath(content))); properties.add(new NodeProperty<>(FLAGS_DIR.toString(), FLAGS_DIR.toString(), NO_DESCR, content.getDirFlagAsString())); properties.add(new NodeProperty<>(FLAGS_META.toString(), FLAGS_META.toString(), NO_DESCR, content.getMetaFlagsAsString())); properties.add(new NodeProperty<>(KNOWN.toString(), KNOWN.toString(), NO_DESCR, content.getKnown().getName())); + properties.add(new NodeProperty<>(LOCATION.toString(), LOCATION.toString(), NO_DESCR, getContentPath(content))); properties.add(new NodeProperty<>(MD5HASH.toString(), MD5HASH.toString(), NO_DESCR, StringUtils.defaultString(content.getMd5Hash()))); properties.add(new NodeProperty<>(MIMETYPE.toString(), MIMETYPE.toString(), NO_DESCR, StringUtils.defaultString(content.getMIMEType()))); properties.add(new NodeProperty<>(EXTENSION.toString(), EXTENSION.toString(), NO_DESCR, content.getNameExtension())); From 54205589bbc27be31388e9df92aaae8dc3e6c2c2 Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Wed, 21 Aug 2019 15:51:23 -0400 Subject: [PATCH 12/25] Use LocalFileImporter class --- .../datamodel/utils/LocalFileImporter.java | 209 ++++++++++++++++++ .../dsp/AddLogicalImageTask.java | 89 ++++++-- 2 files changed, 283 insertions(+), 15 deletions(-) create mode 100644 Core/src/org/sleuthkit/autopsy/datamodel/utils/LocalFileImporter.java diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/utils/LocalFileImporter.java b/Core/src/org/sleuthkit/autopsy/datamodel/utils/LocalFileImporter.java new file mode 100644 index 0000000000..155f167953 --- /dev/null +++ b/Core/src/org/sleuthkit/autopsy/datamodel/utils/LocalFileImporter.java @@ -0,0 +1,209 @@ +/* + * + * Autopsy Forensic Browser + * + * Copyright 2019 Basis Technology Corp. + * Contact: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.sleuthkit.autopsy.datamodel.utils; + +import java.io.File; +import java.util.HashMap; +import java.util.Map; +import java.util.logging.Level; +import org.sleuthkit.autopsy.coreutils.Logger; +import org.sleuthkit.datamodel.AbstractFile; +import org.sleuthkit.datamodel.Content; +import org.sleuthkit.datamodel.DataSource; +import org.sleuthkit.datamodel.SleuthkitCase; +import org.sleuthkit.datamodel.SpecialDirectory; +import org.sleuthkit.datamodel.TskCoreException; +import org.sleuthkit.datamodel.TskData; + +/** + * Utility class for adding local files with specified paths in the data source. + * It is currently assumed that the data source is empty to start or that at + * least the paths to the files being added do not exist; no checks will be done + * to see if folders exist prior to creating them through addLocalFile(). + */ +public class LocalFileImporter { + private static final Logger logger = Logger.getLogger(LocalFileImporter.class.getName()); + + SleuthkitCase.CaseDbTransaction globalTrans = null; + boolean useSingleTransaction = true; + SleuthkitCase sleuthkitCase; + private final Map localFileDirMap = new HashMap<>(); + + /** + * Create a LocalFileImporter. + * + * @param sleuthkitCase The current SleuthkitCase + */ + public LocalFileImporter(SleuthkitCase sleuthkitCase) { + this.sleuthkitCase = sleuthkitCase; + this.useSingleTransaction = false; + } + + /** + * Create a LocalFileImporter. The caller is responsible for committing + * or rolling back the transaction. + * + * @param sleuthkitCase The current SleuthkitCase + * @param trans The open CaseDbTransaction + */ + public LocalFileImporter(SleuthkitCase sleuthkitCase, SleuthkitCase.CaseDbTransaction trans) { + this.sleuthkitCase = sleuthkitCase; + this.globalTrans = trans; + this.useSingleTransaction = true; + } + + /** + * Add a local file to the database with the specified parameters. Will create + * any necessary parent folders. + * + * Will not fail if the fileOnDisk does not exist. + * + * @param fileOnDisk The local file on disk + * @param nameInImage The name to use in the data source + * @param pathInImage The path to use in the data source + * @param ctime Change time + * @param crtime Created time + * @param atime Access time + * @param mtime Modified time + * @param dataSource The data source to add the file to + * + * @return The AbstractFile that was just created + * + * @throws TskCoreException + */ + public AbstractFile addLocalFile(File fileOnDisk, String nameInImage, String pathInImage, + Long ctime, Long crtime, Long atime, Long mtime, + DataSource dataSource) throws TskCoreException { + + // Get the parent folder, creating it and any of its parent folders if necessary + SpecialDirectory parentDir = getLocalFilesDir(new File(pathInImage), dataSource); + + SleuthkitCase.CaseDbTransaction trans = null; + try { + if (useSingleTransaction) { + trans = globalTrans; + } else { + trans = sleuthkitCase.beginTransaction(); + } + + // Try to get the file size + long size = 0; + if (fileOnDisk.exists()) { + size = fileOnDisk.length(); + } + + // Create the new file + AbstractFile file = sleuthkitCase.addLocalFile(nameInImage, fileOnDisk.getAbsolutePath(), size, + ctime, crtime, atime, mtime, + true, TskData.EncodingType.NONE, parentDir, trans); + + if (! useSingleTransaction) { + trans.commit(); + } + return file; + } catch (TskCoreException ex) { + if ((!useSingleTransaction) && (null != trans)) { + try { + trans.rollback(); + } catch (TskCoreException ex2) { + logger.log(Level.SEVERE, String.format("Failed to rollback transaction after exception: %s", ex.getMessage()), ex2); + } + } + throw ex; + } + } + + /** + * Returns the SpecialDirectory object corresponding to the given file, creating + * it and its parents as needed. + * + * @param file The file to get the SpecialDirectory for + * @param dataSource The data source + * + * @return The SpecialDirectory object corresponding to the given file + * + * @throws TskCoreException + */ + private SpecialDirectory getLocalFilesDir(File file, Content dataSource) throws TskCoreException { + if ((file == null) || file.getPath().isEmpty()) { + throw new TskCoreException("Can not create directory from null path"); + } + + // Check if we've already created it + if (localFileDirMap.containsKey(file.toString())) { + return localFileDirMap.get(file.toString()); + } + + File parent = file.getParentFile(); + if (parent == null) { + // This is the root of the path and it isn't in the map, so create it + SpecialDirectory dir = createLocalFilesDir(dataSource.getId(), file.getName()); + localFileDirMap.put(file.getName(), dir); + return dir; + + } else { + // Create everything above this in the tree, and then add the parent folder + SpecialDirectory parentDir = getLocalFilesDir(parent, dataSource); + SpecialDirectory dir = createLocalFilesDir(parentDir.getId(), file.getName()); + localFileDirMap.put(file.getPath(), dir); + return dir; + } + } + + /** + * Create a new LocalDirectory + * + * @param parentId The object ID for parent + * @param name The name of the new local directory + * + * @return The new LocalDirectory + * + * @throws TskCoreException + */ + private SpecialDirectory createLocalFilesDir(long parentId, String name) throws TskCoreException { + SleuthkitCase.CaseDbTransaction trans = null; + + try { + if (useSingleTransaction) { + trans = globalTrans; + } else { + trans = sleuthkitCase.beginTransaction(); + } + SpecialDirectory dir; + + dir = sleuthkitCase.addLocalDirectory(parentId, name, trans); + + if (! useSingleTransaction) { + trans.commit(); + } + return dir; + } catch (TskCoreException ex) { + if (( !useSingleTransaction) && (null != trans)) { + try { + trans.rollback(); + } catch (TskCoreException ex2) { + logger.log(Level.SEVERE, String.format("Failed to rollback transaction after exception: %s", ex.getMessage()), ex2); + } + } + throw ex; + } + } + +} \ No newline at end of file diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java index 89887d7999..fc2e93697b 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java @@ -23,6 +23,7 @@ import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStreamReader; +import java.io.UnsupportedEncodingException; import java.nio.file.Path; import java.nio.file.Paths; import java.util.ArrayList; @@ -39,14 +40,15 @@ import org.sleuthkit.autopsy.casemodule.services.FileManager; import org.sleuthkit.autopsy.corecomponentinterfaces.DataSourceProcessorCallback; import org.sleuthkit.autopsy.corecomponentinterfaces.DataSourceProcessorProgressMonitor; import org.sleuthkit.autopsy.coreutils.Logger; +import org.sleuthkit.autopsy.datamodel.utils.LocalFileImporter; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.Blackboard; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.LocalFilesDataSource; +import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.TskCoreException; -import org.sleuthkit.datamodel.TskDataException; /** * A runnable that - copy the logical image folder to a destination folder - add @@ -186,17 +188,13 @@ final class AddLogicalImageTask implements Runnable { return; } - // ingest the root directory - FileManager fileManager = Case.getCurrentCase().getServices().getFileManager(); try { - LocalFilesDataSource newDataSource = fileManager.addLocalFilesDataSource(deviceId, "", "", imagePaths, new ProgressUpdater()); - newDataSources.add(newDataSource); - } catch (TskCoreException | TskDataException ex) { + addExtractedFiles(dest, Paths.get(dest.toString(), resultsFilename), newDataSources); + } catch (TskCoreException | IOException ex) { errorList.add(ex.getMessage()); LOGGER.log(Level.SEVERE, String.format("Failed to add datasource: %s", ex.getMessage()), ex); // NON-NLS callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources); } - } else { createVHD = true; // ingest the VHDs @@ -293,9 +291,9 @@ final class AddLogicalImageTask implements Runnable { int lineNumber = 2; while ((line = br.readLine()) != null) { String[] fields = line.split("\t", -1); // NON-NLS - if (fields.length != 9) { - throw new IOException(Bundle.AddLogicalImageTask_notEnoughFields(lineNumber, fields.length, 9)); - } +// if (fields.length != 9) { +// throw new IOException(Bundle.AddLogicalImageTask_notEnoughFields(lineNumber, fields.length, 9)); +// } String vhdFilename = fields[0]; // String fileSystemOffsetStr = fields[1]; String fileMetaAddressStr = fields[2]; @@ -317,12 +315,9 @@ final class AddLogicalImageTask implements Runnable { dataSourceObjId.toString(), fileMetaAddressStr, filename.replace("'", "''")); } else { String parentPath = fields[8]; - targetImagePath = Paths.get(ROOT_STR, vhdFilename).toString(); - // vhdFilename have .vhd extension, we don't - String tmpRootPath = targetImagePath.replace("\\", "/"); - String searchParentPath = "/" + tmpRootPath + "/" + parentPath; + parentPath = "/" + ROOT_STR + "/" + vhdFilename + "/" + parentPath; query = String.format("name = '%s' AND parent_path = '%s'", // NON-NLS - filename.replace("'", "''"), searchParentPath.replace("'", "''")); + filename.replace("'", "''"), parentPath.replace("'", "''")); } // TODO - findAllFilesWhere should SQL-escape the query @@ -355,6 +350,70 @@ final class AddLogicalImageTask implements Runnable { } } + private void addExtractedFiles(File src, Path resultsPath, List newDataSources) throws TskCoreException, UnsupportedEncodingException, IOException { + + SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); + SleuthkitCase.CaseDbTransaction trans = null; + try { + trans = skCase.beginTransaction(); + LocalFilesDataSource localFilesDataSource = skCase.addLocalFilesDataSource(deviceId, this.src.getName(), timeZone, trans); + LocalFileImporter fileImporter = new LocalFileImporter(skCase, trans); + + try (BufferedReader br = new BufferedReader(new InputStreamReader( + new FileInputStream(resultsPath.toFile()), "UTF8"))) { // NON-NLS + String line; + br.readLine(); // skip the header line + int lineNumber = 2; + while ((line = br.readLine()) != null) { + String[] fields = line.split("\t", -1); // NON-NLS + if (fields.length != 14) { + throw new IOException(Bundle.AddLogicalImageTask_notEnoughFields(lineNumber, fields.length, 14)); + } + String vhdFilename = fields[0]; +// String fileSystemOffsetStr = fields[1]; + String fileMetaAddressStr = fields[2]; +// String extractStatusStr = fields[3]; + String ruleSetName = fields[4]; + String ruleName = fields[5]; +// String description = fields[6]; + String filename = fields[7]; + String parentPath = fields[8]; + String extractedFilePath = fields[9]; + String crtime = fields[10]; + String mtime = fields[11]; + String atime = fields[12]; + String ctime = fields[13]; + parentPath = ROOT_STR + "/" + vhdFilename + "/" + parentPath; + + //addLocalFile here + AbstractFile localFile = fileImporter.addLocalFile( + Paths.get(src.toString(), extractedFilePath).toFile(), + filename, + parentPath, + Long.parseLong(ctime), + Long.parseLong(crtime), + Long.parseLong(atime), + Long.parseLong(mtime), + localFilesDataSource); + + lineNumber++; + } // end reading file + + trans.commit(); + newDataSources.add(localFilesDataSource); + } + } catch (TskCoreException ex) { + LOGGER.log(Level.SEVERE, "Error adding local files", ex); // NON-NLS + if (null != trans) { + try { + trans.rollback(); + } catch (TskCoreException ex2) { + LOGGER.log(Level.SEVERE, String.format("Failed to rollback transaction after exception: %s", ex.getMessage()), ex2); // NON-NLS + } + } + } + } + /** * Updates task progress as the file manager adds the local/logical files * and/or directories to the case database. From ec82b0785cbb08fb3b3e1c92d5fb1e1fe07ab11d Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Wed, 21 Aug 2019 16:10:22 -0400 Subject: [PATCH 13/25] Fix codacy errors --- .../autopsy/logicalimager/dsp/AddLogicalImageTask.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java index fc2e93697b..95283b4d30 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java @@ -371,10 +371,10 @@ final class AddLogicalImageTask implements Runnable { } String vhdFilename = fields[0]; // String fileSystemOffsetStr = fields[1]; - String fileMetaAddressStr = fields[2]; +// String fileMetaAddressStr = fields[2]; // String extractStatusStr = fields[3]; - String ruleSetName = fields[4]; - String ruleName = fields[5]; +// String ruleSetName = fields[4]; +// String ruleName = fields[5]; // String description = fields[6]; String filename = fields[7]; String parentPath = fields[8]; @@ -386,7 +386,7 @@ final class AddLogicalImageTask implements Runnable { parentPath = ROOT_STR + "/" + vhdFilename + "/" + parentPath; //addLocalFile here - AbstractFile localFile = fileImporter.addLocalFile( + fileImporter.addLocalFile( Paths.get(src.toString(), extractedFilePath).toFile(), filename, parentPath, From 28aac6ca11e36ed94f738ca3478ecee078fd1616 Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Thu, 22 Aug 2019 14:26:31 -0400 Subject: [PATCH 14/25] Address PR comments --- .../autopsy/casemodule/AddLocalFilesTask.java | 6 +- .../configuration/LogicalImagerConfig.java | 4 +- .../dsp/AddLogicalImageTask.java | 87 ++++++++----------- .../dsp/Bundle.properties-MERGED | 5 +- 4 files changed, 45 insertions(+), 57 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/AddLocalFilesTask.java b/Core/src/org/sleuthkit/autopsy/casemodule/AddLocalFilesTask.java index 775fc51d8c..185f696a97 100644 --- a/Core/src/org/sleuthkit/autopsy/casemodule/AddLocalFilesTask.java +++ b/Core/src/org/sleuthkit/autopsy/casemodule/AddLocalFilesTask.java @@ -37,7 +37,7 @@ import org.sleuthkit.datamodel.TskDataException; * case database, grouped under a virtual directory that serves as the data * source. */ -public class AddLocalFilesTask implements Runnable { +class AddLocalFilesTask implements Runnable { private static final Logger LOGGER = Logger.getLogger(AddLocalFilesTask.class.getName()); private final String deviceId; @@ -68,7 +68,7 @@ public class AddLocalFilesTask implements Runnable { * during processing. * @param callback Callback to call when processing is done. */ - public AddLocalFilesTask(String deviceId, String rootVirtualDirectoryName, List localFilePaths, DataSourceProcessorProgressMonitor progressMonitor, DataSourceProcessorCallback callback) { + AddLocalFilesTask(String deviceId, String rootVirtualDirectoryName, List localFilePaths, DataSourceProcessorProgressMonitor progressMonitor, DataSourceProcessorCallback callback) { this.deviceId = deviceId; this.rootVirtualDirectoryName = rootVirtualDirectoryName; this.localFilePaths = localFilePaths; @@ -88,7 +88,7 @@ public class AddLocalFilesTask implements Runnable { try { progress.setIndeterminate(true); FileManager fileManager = Case.getCurrentCaseThrows().getServices().getFileManager(); - LocalFilesDataSource newDataSource = fileManager.addLocalFilesDataSource(deviceId, "", "", localFilePaths, new ProgressUpdater()); + LocalFilesDataSource newDataSource = fileManager.addLocalFilesDataSource(deviceId, rootVirtualDirectoryName, "", localFilePaths, new ProgressUpdater()); newDataSources.add(newDataSource); } catch (TskDataException | TskCoreException | NoCurrentCaseException ex) { errors.add(ex.getMessage()); diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/LogicalImagerConfig.java b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/LogicalImagerConfig.java index 0dd40a7d9a..d896c15001 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/LogicalImagerConfig.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/LogicalImagerConfig.java @@ -85,13 +85,13 @@ class LogicalImagerConfig { String version, boolean finalizeImageWriter, boolean promptBeforeExit, - boolean creatVHD, + boolean createVHD, List ruleSets ) { this.version = version; this.finalizeImageWriter = finalizeImageWriter; this.promptBeforeExit = promptBeforeExit; - this.createVHD = creatVHD; + this.createVHD = createVHD; this.ruleSets = ruleSets; } diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java index 95283b4d30..80098747ed 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java @@ -36,7 +36,6 @@ import org.apache.commons.io.FileUtils; import org.openide.util.NbBundle.Messages; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; -import org.sleuthkit.autopsy.casemodule.services.FileManager; import org.sleuthkit.autopsy.corecomponentinterfaces.DataSourceProcessorCallback; import org.sleuthkit.autopsy.corecomponentinterfaces.DataSourceProcessorProgressMonitor; import org.sleuthkit.autopsy.coreutils.Logger; @@ -107,7 +106,9 @@ final class AddLogicalImageTask implements Runnable { "AddLogicalImageTask.addingInterestingFiles=Adding search results as interesting files", "AddLogicalImageTask.doneAddingInterestingFiles=Done adding search results as interesting files", "# {0} - SearchResults.txt", "# {1} - directory", "AddLogicalImageTask.cannotFindFiles=Cannot find {0} in {1}", - "# {0} - reason", "AddLogicalImageTask.failedToAddInterestingFiles=Failed to add interesting files: {0}" + "# {0} - reason", "AddLogicalImageTask.failedToAddInterestingFiles=Failed to add interesting files: {0}", + "AddLogicalImageTask.addingExtractedFiles=Adding extracted files", + "AddLogicalImageTask.doneAddingExtractedFiles=Done adding extracted files", }) @Override public void run() { @@ -189,11 +190,14 @@ final class AddLogicalImageTask implements Runnable { } try { + progressMonitor.setProgressText(Bundle.AddLogicalImageTask_addingExtractedFiles()); addExtractedFiles(dest, Paths.get(dest.toString(), resultsFilename), newDataSources); + progressMonitor.setProgressText(Bundle.AddLogicalImageTask_doneAddingExtractedFiles()); } catch (TskCoreException | IOException ex) { errorList.add(ex.getMessage()); LOGGER.log(Level.SEVERE, String.format("Failed to add datasource: %s", ex.getMessage()), ex); // NON-NLS callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources); + return; } } else { createVHD = true; @@ -209,6 +213,7 @@ final class AddLogicalImageTask implements Runnable { String msg = Bundle.AddLogicalImageTask_noCurrentCase(); errorList.add(msg); callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources); + return; } } @@ -290,10 +295,13 @@ final class AddLogicalImageTask implements Runnable { br.readLine(); // skip the header line int lineNumber = 2; while ((line = br.readLine()) != null) { + if (cancelled) { + return; + } String[] fields = line.split("\t", -1); // NON-NLS -// if (fields.length != 9) { -// throw new IOException(Bundle.AddLogicalImageTask_notEnoughFields(lineNumber, fields.length, 9)); -// } + if (fields.length != 14) { + throw new IOException(Bundle.AddLogicalImageTask_notEnoughFields(lineNumber, fields.length, 9)); + } String vhdFilename = fields[0]; // String fileSystemOffsetStr = fields[1]; String fileMetaAddressStr = fields[2]; @@ -344,14 +352,13 @@ final class AddLogicalImageTask implements Runnable { BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, MODULE_NAME, ruleName); attributes.add(ruleNameAttribute); if (!blackboard.artifactExists(file, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, attributes)) { - BlackboardArtifact artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT); + BlackboardArtifact artifact = this.currentCase.getSleuthkitCase().newBlackboardArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, file.getId()); artifact.addAttributes(attributes); artifacts.add(artifact); } } private void addExtractedFiles(File src, Path resultsPath, List newDataSources) throws TskCoreException, UnsupportedEncodingException, IOException { - SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); SleuthkitCase.CaseDbTransaction trans = null; try { @@ -365,16 +372,20 @@ final class AddLogicalImageTask implements Runnable { br.readLine(); // skip the header line int lineNumber = 2; while ((line = br.readLine()) != null) { + if (cancelled) { + rollbackTransaction(trans); + return; + } String[] fields = line.split("\t", -1); // NON-NLS if (fields.length != 14) { throw new IOException(Bundle.AddLogicalImageTask_notEnoughFields(lineNumber, fields.length, 14)); } String vhdFilename = fields[0]; // String fileSystemOffsetStr = fields[1]; -// String fileMetaAddressStr = fields[2]; +// String fileMetaAddressStr = fields[2]; // String extractStatusStr = fields[3]; -// String ruleSetName = fields[4]; -// String ruleName = fields[5]; +// String ruleSetName = fields[4]; +// String ruleName = fields[5]; // String description = fields[6]; String filename = fields[7]; String parentPath = fields[8]; @@ -398,48 +409,26 @@ final class AddLogicalImageTask implements Runnable { lineNumber++; } // end reading file - - trans.commit(); - newDataSources.add(localFilesDataSource); } - } catch (TskCoreException ex) { - LOGGER.log(Level.SEVERE, "Error adding local files", ex); // NON-NLS - if (null != trans) { - try { - trans.rollback(); - } catch (TskCoreException ex2) { - LOGGER.log(Level.SEVERE, String.format("Failed to rollback transaction after exception: %s", ex.getMessage()), ex2); // NON-NLS - } + trans.commit(); + newDataSources.add(localFilesDataSource); + + } catch (IOException | NumberFormatException | TskCoreException ex) { + LOGGER.log(Level.SEVERE, "Error adding extracted files", ex); // NON-NLS + rollbackTransaction(trans); + throw new TskCoreException("Error adding extracted files", ex); + } + } + + private void rollbackTransaction(SleuthkitCase.CaseDbTransaction trans) throws TskCoreException { + if (null != trans) { + try { + trans.rollback(); + } catch (TskCoreException ex) { + LOGGER.log(Level.SEVERE, String.format("Failed to rollback transaction: %s", ex.getMessage()), ex); // NON-NLS + throw new TskCoreException("Error cancelling", ex); } } } - /** - * Updates task progress as the file manager adds the local/logical files - * and/or directories to the case database. - */ - @Messages({ - "# {0} - parent path", "# {1} - filename", "AddLogicalImageTask.localFileAddProgress=Adding: {0}/{1}", - }) - private class ProgressUpdater implements FileManager.FileAddProgressUpdater { - - private int count; - - /** - * Updates task progress (called by the file manager after it adds each - * local file/directory to the case database). - */ - @Override - public void fileAdded(final AbstractFile file) { - ++count; - if (count % 10 == 0) { - progressMonitor.setProgressText( - Bundle.AddLogicalImageTask_localFileAddProgress( - file.getParentPath(), - file.getName() - ) - ); - } - } - } } diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/Bundle.properties-MERGED index 3cecb6f2c7..fd08147b08 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/Bundle.properties-MERGED +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/Bundle.properties-MERGED @@ -2,6 +2,7 @@ # To change this template file, choose Tools | Templates # and open the template in the editor. +AddLogicalImageTask.addingExtractedFiles=Adding extracted files AddLogicalImageTask.addingInterestingFiles=Adding search results as interesting files # {0} - file AddLogicalImageTask.addingToReport=Adding {0} to report @@ -15,6 +16,7 @@ AddLogicalImageTask.cannotFindFiles=Cannot find {0} in {1} AddLogicalImageTask.copyingImageFromTo=Copying image from {0} to {1} # {0} - sparseImageDirectory AddLogicalImageTask.directoryDoesNotContainSparseImage=Directory {0} does not contain any images +AddLogicalImageTask.doneAddingExtractedFiles=Done adding extracted files AddLogicalImageTask.doneAddingInterestingFiles=Done adding search results as interesting files # {0} - file AddLogicalImageTask.doneAddingToReport=Done adding {0} to report @@ -30,9 +32,6 @@ AddLogicalImageTask.failedToCopyDirectory=Failed to copy directory {0} to {1} # {0} - file AddLogicalImageTask.failToGetCanonicalPath=Fail to get canonical path for {0} AddLogicalImageTask.ingestionCancelled=Ingestion cancelled -# {0} - parent path -# {1} - filename -AddLogicalImageTask.localFileAddProgress=Adding: {0}/{1} AddLogicalImageTask.noCurrentCase=No current case # {0} - line number # {1} - fields length From c58b602fa20ec893562c71f84d99227da638f129 Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Thu, 22 Aug 2019 14:47:08 -0400 Subject: [PATCH 15/25] Fix more PR comments. --- .../autopsy/logicalimager/dsp/AddLogicalImageTask.java | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java index 80098747ed..48488dd82a 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java @@ -23,7 +23,6 @@ import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStreamReader; -import java.io.UnsupportedEncodingException; import java.nio.file.Path; import java.nio.file.Paths; import java.util.ArrayList; @@ -193,7 +192,7 @@ final class AddLogicalImageTask implements Runnable { progressMonitor.setProgressText(Bundle.AddLogicalImageTask_addingExtractedFiles()); addExtractedFiles(dest, Paths.get(dest.toString(), resultsFilename), newDataSources); progressMonitor.setProgressText(Bundle.AddLogicalImageTask_doneAddingExtractedFiles()); - } catch (TskCoreException | IOException ex) { + } catch (TskCoreException ex) { errorList.add(ex.getMessage()); LOGGER.log(Level.SEVERE, String.format("Failed to add datasource: %s", ex.getMessage()), ex); // NON-NLS callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources); @@ -358,7 +357,7 @@ final class AddLogicalImageTask implements Runnable { } } - private void addExtractedFiles(File src, Path resultsPath, List newDataSources) throws TskCoreException, UnsupportedEncodingException, IOException { + private void addExtractedFiles(File src, Path resultsPath, List newDataSources) throws TskCoreException { SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); SleuthkitCase.CaseDbTransaction trans = null; try { @@ -426,7 +425,6 @@ final class AddLogicalImageTask implements Runnable { trans.rollback(); } catch (TskCoreException ex) { LOGGER.log(Level.SEVERE, String.format("Failed to rollback transaction: %s", ex.getMessage()), ex); // NON-NLS - throw new TskCoreException("Error cancelling", ex); } } } From 93539197776de6dd0d9d963d2278dbb4413bcd22 Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Fri, 30 Aug 2019 16:15:20 -0400 Subject: [PATCH 16/25] Initial changes --- .../configuration/Bundle.properties | 2 +- .../configuration/Bundle.properties-MERGED | 2 +- .../configuration/ConfigVisualPanel1.java | 61 ++++++++++++++++--- .../logicalimager/configuration/Kernel32.java | 56 +++++++++++++++++ 4 files changed, 111 insertions(+), 10 deletions(-) create mode 100644 Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Kernel32.java diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties index 65fa3dd72d..fde2c2b893 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties @@ -105,7 +105,7 @@ EditNonFullPathsRulePanel.minSizeCheckbox.text=Minimum size: NewRulePanel.chooseLabel.text=Choose the type of rule ConfigVisualPanel1.configureDriveRadioButton.text_1=Configure selected external drive: ConfigVisualPanel1.configureFolderRadioButton.text_1=Configure in a folder: -ConfigVisualPanel1.descriptionTextArea.text=Select a location for the Logical Imager. This location will contain the imaging program and a configuration file. If that location already contains a configuration file, it will be loaded to edit. Imaging results will be saved to this location, so ensure it has enough free space. +ConfigVisualPanel1.descriptionTextArea.text=Select a location for the Logical Imager. This location will contain the imaging program and a configuration file. If that location already contains a configuration file, it will be loaded to edit. Imaging results will be saved to this location, so ensure it has enough free space. Drives with FAT format are not supported. ConfigVisualPanel1.refreshButton.text=Refresh ConfigVisualPanel3.saveButton.text=Save ConfigVisualPanel3.configLabel.text=Logical Imager config file save status: diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED index 3e6aad34de..2216c2e69a 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED @@ -174,7 +174,7 @@ LogicalImagerConfigDeserializer.unsupportedKeyException=Unsupported key: {0} NewRulePanel.chooseLabel.text=Choose the type of rule ConfigVisualPanel1.configureDriveRadioButton.text_1=Configure selected external drive: ConfigVisualPanel1.configureFolderRadioButton.text_1=Configure in a folder: -ConfigVisualPanel1.descriptionTextArea.text=Select a location for the Logical Imager. This location will contain the imaging program and a configuration file. If that location already contains a configuration file, it will be loaded to edit. Imaging results will be saved to this location, so ensure it has enough free space. +ConfigVisualPanel1.descriptionTextArea.text=Select a location for the Logical Imager. This location will contain the imaging program and a configuration file. If that location already contains a configuration file, it will be loaded to edit. Imaging results will be saved to this location, so ensure it has enough free space. Drives with FAT format are not supported. ConfigVisualPanel1.refreshButton.text=Refresh ConfigVisualPanel3.saveButton.text=Save ConfigVisualPanel3.configLabel.text=Logical Imager config file save status: diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel1.java b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel1.java index 2765bb1856..042906c0b3 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel1.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel1.java @@ -22,6 +22,8 @@ import com.google.gson.Gson; import com.google.gson.GsonBuilder; import com.google.gson.JsonIOException; import com.google.gson.JsonSyntaxException; +import com.sun.jna.platform.win32.WinDef.DWORD; +import com.sun.jna.ptr.IntByReference; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; @@ -241,10 +243,51 @@ final class ConfigVisualPanel1 extends JPanel { firePropertyChange(UPDATE_UI_EVENT_NAME, false, true); // NON-NLS }//GEN-LAST:event_driveListMouseReleasedSelection + /* + * Return the Windows file system name of the drive + * @param drive File system drive, should be of the form "C:\" + * + */ + @Messages({"ConfigVisualPanel1.unknown=Unknown"}) + private String getFileSystemName(String drive){ + char[] lpVolumeNameBuffer = new char[256]; + DWORD nVolumeNameSize = new DWORD(256); + IntByReference lpVolumeSerialNumber = new IntByReference(); + IntByReference lpMaximumComponentLength = new IntByReference(); + IntByReference lpFileSystemFlags = new IntByReference(); + + char[] lpFileSystemNameBuffer = new char[256]; + DWORD nFileSystemNameSize = new DWORD(256); + + lpVolumeSerialNumber.setValue(0); + lpMaximumComponentLength.setValue(256); + lpFileSystemFlags.setValue(0); + + Kernel32.INSTANCE.GetVolumeInformation( + drive, + lpVolumeNameBuffer, + nVolumeNameSize, + lpVolumeSerialNumber, + lpMaximumComponentLength, + lpFileSystemFlags, + lpFileSystemNameBuffer, + nFileSystemNameSize); + if (Kernel32.INSTANCE.GetLastError() != 0) { + logger.log(Level.INFO, String.format("Last error: %d", Kernel32.INSTANCE.GetLastError())); // NON-NLS + return Bundle.ConfigVisualPanel1_unknown(); + } + + String fs = new String(lpFileSystemNameBuffer); + return fs.trim(); + } + /** * Refresh the list of local drives on the current machine */ - @Messages({"ConfigVisualPanel1.messageLabel.noExternalDriveFound=No drive found"}) + @NbBundle.Messages({ + "ConfigVisualPanel1.messageLabel.noExternalDriveFound=No drive found", + "ConfigVisualPanel1.fileSystem=File system" + }) private void refreshDriveList() { List listData = new ArrayList<>(); File[] roots = File.listRoots(); @@ -257,7 +300,8 @@ final class ConfigVisualPanel1 extends JPanel { String description = FileSystemView.getFileSystemView().getSystemTypeDescription(root); long spaceInBytes = root.getTotalSpace(); String sizeWithUnit = DriveListUtils.humanReadableByteCount(spaceInBytes, false); - listData.add(root + " (" + description + ") (" + sizeWithUnit + ")"); + String fileSystem = getFileSystemName(root.toString()); + listData.add(root + " (" + description + ") (" + sizeWithUnit + ") - " + Bundle.ConfigVisualPanel1_fileSystem() + ": " + fileSystem); if (firstRemovableDrive == -1) { try { FileStore fileStore = Files.getFileStore(root.toPath()); @@ -266,7 +310,7 @@ final class ConfigVisualPanel1 extends JPanel { } } catch (IOException ignored) { //unable to get this removable drive for default selection will try and select next removable drive by default - logger.log(Level.INFO, "Unable to select first removable drive found", ignored); + logger.log(Level.INFO, String.format("Unable to select first removable drive found %s", root.toString())); // NON-NLS } } i++; @@ -431,8 +475,7 @@ final class ConfigVisualPanel1 extends JPanel { return UPDATE_UI_EVENT_NAME; } - void setConfigFilename(String filename - ) { + void setConfigFilename(String filename) { configFileTextField.setText(filename); } @@ -442,9 +485,11 @@ final class ConfigVisualPanel1 extends JPanel { * @return true if panel has valid settings selected, false otherwise */ boolean isPanelValid() { - return !StringUtils.isBlank(getConfigPath()) && ((configureDriveRadioButton.isSelected() && !StringUtils.isBlank(driveList.getSelectedValue())) - || (configureFolderRadioButton.isSelected() && (!configFileTextField.getText().isEmpty()))); - + return !StringUtils.isBlank(getConfigPath()) + && (getFileSystemName(getConfigPath().substring(0, 3)).equals("NTFS") // NON-NLS + || getFileSystemName(getConfigPath().substring(0, 3)).equals("exFAT")) // NON-NLS + && ((configureDriveRadioButton.isSelected() && !StringUtils.isBlank(driveList.getSelectedValue())) + || (configureFolderRadioButton.isSelected() && (!configFileTextField.getText().isEmpty()))); } /** diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Kernel32.java b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Kernel32.java new file mode 100644 index 0000000000..a3abed46f2 --- /dev/null +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Kernel32.java @@ -0,0 +1,56 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ +package org.sleuthkit.autopsy.logicalimager.configuration; + +import com.sun.jna.Library; +import com.sun.jna.Native; +import com.sun.jna.platform.win32.WinDef.DWORD; +import com.sun.jna.ptr.IntByReference; +import com.sun.jna.win32.StdCallLibrary; +import com.sun.jna.win32.W32APIFunctionMapper; +import com.sun.jna.win32.W32APITypeMapper; +import java.util.HashMap; +import java.util.Map; + +public interface Kernel32 extends StdCallLibrary { + + final static Map WIN32API_OPTIONS = new HashMap() { + + private static final long serialVersionUID = 1L; + + { + put(Library.OPTION_FUNCTION_MAPPER, W32APIFunctionMapper.UNICODE); + put(Library.OPTION_TYPE_MAPPER, W32APITypeMapper.UNICODE); + } + }; + + public Kernel32 INSTANCE = (Kernel32) Native.loadLibrary("Kernel32", Kernel32.class, WIN32API_OPTIONS); + + /* + BOOL WINAPI GetVolumeInformation( + __in_opt LPCTSTR lpRootPathName, + __out LPTSTR lpVolumeNameBuffer, + __in DWORD nVolumeNameSize, + __out_opt LPDWORD lpVolumeSerialNumber, + __out_opt LPDWORD lpMaximumComponentLength, + __out_opt LPDWORD lpFileSystemFlags, + __out LPTSTR lpFileSystemNameBuffer, + __in DWORD nFileSystemNameSize + ); + */ + public boolean GetVolumeInformation( + String lpRootPathName, + char[] lpVolumeNameBuffer, + DWORD nVolumeNameSize, + IntByReference lpVolumeSerialNumber, + IntByReference lpMaximumComponentLength, + IntByReference lpFileSystemFlags, + char[] lpFileSystemNameBuffer, + DWORD nFileSystemNameSize + ); + + public int GetLastError(); +} From f680dddd345297d9b117336744a39a04e4f1fcf4 Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Tue, 3 Sep 2019 10:17:05 -0400 Subject: [PATCH 17/25] Fix codacy errors --- .../configuration/Bundle.properties-MERGED | 2 ++ .../logicalimager/configuration/Kernel32.java | 32 +++++++++++++------ 2 files changed, 25 insertions(+), 9 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED index 2216c2e69a..55d0634c72 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED @@ -27,9 +27,11 @@ ConfigVisualPanel1.chooseFileTitle=Select a Logical Imager configuration ConfigVisualPanel1.configFileIsEmpty=Configuration file {0} is empty ConfigVisualPanel1.configurationError=Configuration error ConfigVisualPanel1.fileNameExtensionFilter=Configuration JSON File +ConfigVisualPanel1.fileSystem=File system ConfigVisualPanel1.invalidConfigJson=Invalid config JSON: ConfigVisualPanel1.messageLabel.noExternalDriveFound=No drive found ConfigVisualPanel1.selectConfigurationFile=Select location +ConfigVisualPanel1.unknown=Unknown ConfigVisualPanel2.cancel=Cancel ConfigVisualPanel2.deleteRuleSet=Delete rule ConfigVisualPanel2.deleteRuleSetConfirmation=Delete rule confirmation diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Kernel32.java b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Kernel32.java index a3abed46f2..dcc7c44a19 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Kernel32.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Kernel32.java @@ -1,7 +1,20 @@ /* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. + * Autopsy + * + * Copyright 2019 Basis Technology Corp. + * Contact: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.logicalimager.configuration; @@ -15,19 +28,20 @@ import com.sun.jna.win32.W32APITypeMapper; import java.util.HashMap; import java.util.Map; +/* + * Windows Kernel32 interface + */ public interface Kernel32 extends StdCallLibrary { - final static Map WIN32API_OPTIONS = new HashMap() { - + Map WIN32API_OPTIONS = new HashMap() { private static final long serialVersionUID = 1L; - { put(Library.OPTION_FUNCTION_MAPPER, W32APIFunctionMapper.UNICODE); put(Library.OPTION_TYPE_MAPPER, W32APITypeMapper.UNICODE); } }; - public Kernel32 INSTANCE = (Kernel32) Native.loadLibrary("Kernel32", Kernel32.class, WIN32API_OPTIONS); + Kernel32 INSTANCE = (Kernel32) Native.loadLibrary("Kernel32", Kernel32.class, WIN32API_OPTIONS); /* BOOL WINAPI GetVolumeInformation( @@ -41,7 +55,7 @@ public interface Kernel32 extends StdCallLibrary { __in DWORD nFileSystemNameSize ); */ - public boolean GetVolumeInformation( + boolean GetVolumeInformation( String lpRootPathName, char[] lpVolumeNameBuffer, DWORD nVolumeNameSize, @@ -52,5 +66,5 @@ public interface Kernel32 extends StdCallLibrary { DWORD nFileSystemNameSize ); - public int GetLastError(); + int GetLastError(); } From 0480751945b7cbd8e6b2a4773f1ed33f5b1cd50c Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Tue, 3 Sep 2019 13:23:41 -0400 Subject: [PATCH 18/25] Fix codacy error --- .../autopsy/logicalimager/configuration/Kernel32.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Kernel32.java b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Kernel32.java index dcc7c44a19..59f62e9909 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Kernel32.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Kernel32.java @@ -28,12 +28,12 @@ import com.sun.jna.win32.W32APITypeMapper; import java.util.HashMap; import java.util.Map; -/* +/** * Windows Kernel32 interface */ public interface Kernel32 extends StdCallLibrary { - Map WIN32API_OPTIONS = new HashMap() { + static Map WIN32API_OPTIONS = new HashMap() { private static final long serialVersionUID = 1L; { put(Library.OPTION_FUNCTION_MAPPER, W32APIFunctionMapper.UNICODE); From e7ebc3ce4b54666efae7c02a44af393390eeadba Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Tue, 3 Sep 2019 14:38:09 -0400 Subject: [PATCH 19/25] Fix codacy error --- .../autopsy/logicalimager/dsp/AddLogicalImageTask.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java index 48488dd82a..8b8c2b3012 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java @@ -192,7 +192,7 @@ final class AddLogicalImageTask implements Runnable { progressMonitor.setProgressText(Bundle.AddLogicalImageTask_addingExtractedFiles()); addExtractedFiles(dest, Paths.get(dest.toString(), resultsFilename), newDataSources); progressMonitor.setProgressText(Bundle.AddLogicalImageTask_doneAddingExtractedFiles()); - } catch (TskCoreException ex) { + } catch (IOException | TskCoreException ex) { errorList.add(ex.getMessage()); LOGGER.log(Level.SEVERE, String.format("Failed to add datasource: %s", ex.getMessage()), ex); // NON-NLS callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources); @@ -357,7 +357,7 @@ final class AddLogicalImageTask implements Runnable { } } - private void addExtractedFiles(File src, Path resultsPath, List newDataSources) throws TskCoreException { + private void addExtractedFiles(File src, Path resultsPath, List newDataSources) throws TskCoreException, IOException { SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); SleuthkitCase.CaseDbTransaction trans = null; try { @@ -377,6 +377,7 @@ final class AddLogicalImageTask implements Runnable { } String[] fields = line.split("\t", -1); // NON-NLS if (fields.length != 14) { + rollbackTransaction(trans); throw new IOException(Bundle.AddLogicalImageTask_notEnoughFields(lineNumber, fields.length, 14)); } String vhdFilename = fields[0]; @@ -412,7 +413,7 @@ final class AddLogicalImageTask implements Runnable { trans.commit(); newDataSources.add(localFilesDataSource); - } catch (IOException | NumberFormatException | TskCoreException ex) { + } catch (NumberFormatException | TskCoreException ex) { LOGGER.log(Level.SEVERE, "Error adding extracted files", ex); // NON-NLS rollbackTransaction(trans); throw new TskCoreException("Error adding extracted files", ex); From 932bc3f6bf1181d0a329ae9213c27375c64cefc7 Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Tue, 3 Sep 2019 17:02:00 -0400 Subject: [PATCH 20/25] Use FileSystem class to get at the file system type --- .../configuration/ConfigVisualPanel1.java | 41 +++-------- .../logicalimager/configuration/Kernel32.java | 70 ------------------- 2 files changed, 11 insertions(+), 100 deletions(-) delete mode 100644 Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Kernel32.java diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel1.java b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel1.java index 042906c0b3..fc683be97a 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel1.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel1.java @@ -22,8 +22,6 @@ import com.google.gson.Gson; import com.google.gson.GsonBuilder; import com.google.gson.JsonIOException; import com.google.gson.JsonSyntaxException; -import com.sun.jna.platform.win32.WinDef.DWORD; -import com.sun.jna.ptr.IntByReference; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; @@ -31,7 +29,11 @@ import java.io.IOException; import java.io.InputStreamReader; import java.nio.charset.StandardCharsets; import java.nio.file.FileStore; +import java.nio.file.FileSystem; +import java.nio.file.FileSystems; import java.nio.file.Files; +import java.nio.file.Paths; +import java.nio.file.spi.FileSystemProvider; import java.util.ArrayList; import java.util.List; import java.util.logging.Level; @@ -249,36 +251,15 @@ final class ConfigVisualPanel1 extends JPanel { * */ @Messages({"ConfigVisualPanel1.unknown=Unknown"}) - private String getFileSystemName(String drive){ - char[] lpVolumeNameBuffer = new char[256]; - DWORD nVolumeNameSize = new DWORD(256); - IntByReference lpVolumeSerialNumber = new IntByReference(); - IntByReference lpMaximumComponentLength = new IntByReference(); - IntByReference lpFileSystemFlags = new IntByReference(); - - char[] lpFileSystemNameBuffer = new char[256]; - DWORD nFileSystemNameSize = new DWORD(256); - - lpVolumeSerialNumber.setValue(0); - lpMaximumComponentLength.setValue(256); - lpFileSystemFlags.setValue(0); - - Kernel32.INSTANCE.GetVolumeInformation( - drive, - lpVolumeNameBuffer, - nVolumeNameSize, - lpVolumeSerialNumber, - lpMaximumComponentLength, - lpFileSystemFlags, - lpFileSystemNameBuffer, - nFileSystemNameSize); - if (Kernel32.INSTANCE.GetLastError() != 0) { - logger.log(Level.INFO, String.format("Last error: %d", Kernel32.INSTANCE.GetLastError())); // NON-NLS + private String getFileSystemName(String drive) { + FileSystem fileSystem = FileSystems.getDefault(); + FileSystemProvider provider = fileSystem.provider(); + try { + FileStore fileStore = provider.getFileStore(Paths.get(drive)); + return fileStore.type(); + } catch (IOException ex) { return Bundle.ConfigVisualPanel1_unknown(); } - - String fs = new String(lpFileSystemNameBuffer); - return fs.trim(); } /** diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Kernel32.java b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Kernel32.java deleted file mode 100644 index 59f62e9909..0000000000 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Kernel32.java +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Autopsy - * - * Copyright 2019 Basis Technology Corp. - * Contact: carrier sleuthkit org - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.sleuthkit.autopsy.logicalimager.configuration; - -import com.sun.jna.Library; -import com.sun.jna.Native; -import com.sun.jna.platform.win32.WinDef.DWORD; -import com.sun.jna.ptr.IntByReference; -import com.sun.jna.win32.StdCallLibrary; -import com.sun.jna.win32.W32APIFunctionMapper; -import com.sun.jna.win32.W32APITypeMapper; -import java.util.HashMap; -import java.util.Map; - -/** - * Windows Kernel32 interface - */ -public interface Kernel32 extends StdCallLibrary { - - static Map WIN32API_OPTIONS = new HashMap() { - private static final long serialVersionUID = 1L; - { - put(Library.OPTION_FUNCTION_MAPPER, W32APIFunctionMapper.UNICODE); - put(Library.OPTION_TYPE_MAPPER, W32APITypeMapper.UNICODE); - } - }; - - Kernel32 INSTANCE = (Kernel32) Native.loadLibrary("Kernel32", Kernel32.class, WIN32API_OPTIONS); - - /* - BOOL WINAPI GetVolumeInformation( - __in_opt LPCTSTR lpRootPathName, - __out LPTSTR lpVolumeNameBuffer, - __in DWORD nVolumeNameSize, - __out_opt LPDWORD lpVolumeSerialNumber, - __out_opt LPDWORD lpMaximumComponentLength, - __out_opt LPDWORD lpFileSystemFlags, - __out LPTSTR lpFileSystemNameBuffer, - __in DWORD nFileSystemNameSize - ); - */ - boolean GetVolumeInformation( - String lpRootPathName, - char[] lpVolumeNameBuffer, - DWORD nVolumeNameSize, - IntByReference lpVolumeSerialNumber, - IntByReference lpMaximumComponentLength, - IntByReference lpFileSystemFlags, - char[] lpFileSystemNameBuffer, - DWORD nFileSystemNameSize - ); - - int GetLastError(); -} From 0c848f8fdd5bb35c77dbfc1d3f353c7e81de7d20 Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Tue, 3 Sep 2019 17:25:59 -0400 Subject: [PATCH 21/25] Fix codacy error --- .../dsp/AddLogicalImageTask.java | 40 ++++++++++--------- 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java index 8b8c2b3012..fc72965bf6 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java @@ -284,8 +284,6 @@ final class AddLogicalImageTask implements Runnable { "# {0} - target image path", "AddLogicalImageTask.cannotFindDataSourceObjId=Cannot find obj_id in tsk_image_names for {0}" }) private void addInterestingFiles(File src, Path resultsPath, boolean createVHD) throws IOException, TskCoreException { - Map> imagePaths = currentCase.getSleuthkitCase().getImagePaths(); - Map imagePathToObjIdMap = imagePathsToDataSourceObjId(imagePaths); try (BufferedReader br = new BufferedReader(new InputStreamReader( new FileInputStream(resultsPath.toFile()), "UTF8"))) { // NON-NLS @@ -309,23 +307,9 @@ final class AddLogicalImageTask implements Runnable { String ruleName = fields[5]; // String description = fields[6]; String filename = fields[7]; + String parentPath = fields[8]; - String query; - String targetImagePath; - if (createVHD) { - targetImagePath = Paths.get(src.toString(), vhdFilename).toString(); - Long dataSourceObjId = imagePathToObjIdMap.get(targetImagePath); - if (dataSourceObjId == null) { - throw new TskCoreException(Bundle.AddLogicalImageTask_cannotFindDataSourceObjId(targetImagePath)); - } - query = String.format("data_source_obj_id = '%s' AND meta_addr = '%s' AND name = '%s'", // NON-NLS - dataSourceObjId.toString(), fileMetaAddressStr, filename.replace("'", "''")); - } else { - String parentPath = fields[8]; - parentPath = "/" + ROOT_STR + "/" + vhdFilename + "/" + parentPath; - query = String.format("name = '%s' AND parent_path = '%s'", // NON-NLS - filename.replace("'", "''"), parentPath.replace("'", "''")); - } + String query = makeQuery(createVHD, vhdFilename, fileMetaAddressStr, parentPath, filename); // TODO - findAllFilesWhere should SQL-escape the query List matchedFiles = Case.getCurrentCase().getSleuthkitCase().findAllFilesWhere(query); @@ -430,4 +414,24 @@ final class AddLogicalImageTask implements Runnable { } } + String makeQuery(boolean createVHD, String vhdFilename, String fileMetaAddressStr, String parentPath, String filename) throws TskCoreException { + String query; + if (createVHD) { + Map> imagePaths = currentCase.getSleuthkitCase().getImagePaths(); + Map imagePathToObjIdMap = imagePathsToDataSourceObjId(imagePaths); + String targetImagePath = Paths.get(src.toString(), vhdFilename).toString(); + Long dataSourceObjId = imagePathToObjIdMap.get(targetImagePath); + if (dataSourceObjId == null) { + throw new TskCoreException(Bundle.AddLogicalImageTask_cannotFindDataSourceObjId(targetImagePath)); + } + query = String.format("data_source_obj_id = '%s' AND meta_addr = '%s' AND name = '%s'", // NON-NLS + dataSourceObjId.toString(), fileMetaAddressStr, filename.replace("'", "''")); + } else { + parentPath = "/" + ROOT_STR + "/" + vhdFilename + "/" + parentPath; + query = String.format("name = '%s' AND parent_path = '%s'", // NON-NLS + filename.replace("'", "''"), parentPath.replace("'", "''")); + } + return query; + } + } From 1115f5ca4710c52edba7334043004e59de0d62cc Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Wed, 4 Sep 2019 09:33:24 -0400 Subject: [PATCH 22/25] Fix codacy error --- .../autopsy/logicalimager/dsp/AddLogicalImageTask.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java index fc72965bf6..7bef200321 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java @@ -427,9 +427,9 @@ final class AddLogicalImageTask implements Runnable { query = String.format("data_source_obj_id = '%s' AND meta_addr = '%s' AND name = '%s'", // NON-NLS dataSourceObjId.toString(), fileMetaAddressStr, filename.replace("'", "''")); } else { - parentPath = "/" + ROOT_STR + "/" + vhdFilename + "/" + parentPath; + String newParentPath = "/" + ROOT_STR + "/" + vhdFilename + "/" + parentPath; query = String.format("name = '%s' AND parent_path = '%s'", // NON-NLS - filename.replace("'", "''"), parentPath.replace("'", "''")); + filename.replace("'", "''"), newParentPath.replace("'", "''")); } return query; } From 8b2e51ccc1a5d3b4c5454aa115b1811c842117c1 Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Wed, 4 Sep 2019 09:52:42 -0400 Subject: [PATCH 23/25] Fix PR comments --- .../datamodel/utils/LocalFileImporter.java | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/utils/LocalFileImporter.java b/Core/src/org/sleuthkit/autopsy/datamodel/utils/LocalFileImporter.java index 155f167953..95a47d5399 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/utils/LocalFileImporter.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/utils/LocalFileImporter.java @@ -76,8 +76,8 @@ public class LocalFileImporter { * Will not fail if the fileOnDisk does not exist. * * @param fileOnDisk The local file on disk - * @param nameInImage The name to use in the data source - * @param pathInImage The path to use in the data source + * @param name The name to use in the data source + * @param parentPath The path to use in the data source * @param ctime Change time * @param crtime Created time * @param atime Access time @@ -88,12 +88,12 @@ public class LocalFileImporter { * * @throws TskCoreException */ - public AbstractFile addLocalFile(File fileOnDisk, String nameInImage, String pathInImage, + public AbstractFile addLocalFile(File fileOnDisk, String name, String parentPath, Long ctime, Long crtime, Long atime, Long mtime, DataSource dataSource) throws TskCoreException { // Get the parent folder, creating it and any of its parent folders if necessary - SpecialDirectory parentDir = getLocalFilesDir(new File(pathInImage), dataSource); + SpecialDirectory parentDir = getOrMakeDirInDataSource(new File(parentPath), dataSource); SleuthkitCase.CaseDbTransaction trans = null; try { @@ -110,7 +110,7 @@ public class LocalFileImporter { } // Create the new file - AbstractFile file = sleuthkitCase.addLocalFile(nameInImage, fileOnDisk.getAbsolutePath(), size, + AbstractFile file = sleuthkitCase.addLocalFile(name, fileOnDisk.getAbsolutePath(), size, ctime, crtime, atime, mtime, true, TskData.EncodingType.NONE, parentDir, trans); @@ -131,38 +131,38 @@ public class LocalFileImporter { } /** - * Returns the SpecialDirectory object corresponding to the given file, creating + * Returns the SpecialDirectory object corresponding to the given directory, creating * it and its parents as needed. * - * @param file The file to get the SpecialDirectory for + * @param directory The file to get the SpecialDirectory for * @param dataSource The data source * * @return The SpecialDirectory object corresponding to the given file * * @throws TskCoreException */ - private SpecialDirectory getLocalFilesDir(File file, Content dataSource) throws TskCoreException { - if ((file == null) || file.getPath().isEmpty()) { + private SpecialDirectory getOrMakeDirInDataSource(File directory, Content dataSource) throws TskCoreException { + if ((directory == null) || directory.getPath().isEmpty()) { throw new TskCoreException("Can not create directory from null path"); } // Check if we've already created it - if (localFileDirMap.containsKey(file.toString())) { - return localFileDirMap.get(file.toString()); + if (localFileDirMap.containsKey(directory.toString())) { + return localFileDirMap.get(directory.toString()); } - File parent = file.getParentFile(); + File parent = directory.getParentFile(); if (parent == null) { // This is the root of the path and it isn't in the map, so create it - SpecialDirectory dir = createLocalFilesDir(dataSource.getId(), file.getName()); - localFileDirMap.put(file.getName(), dir); + SpecialDirectory dir = createLocalFilesDir(dataSource.getId(), directory.getName()); + localFileDirMap.put(directory.getName(), dir); return dir; } else { // Create everything above this in the tree, and then add the parent folder - SpecialDirectory parentDir = getLocalFilesDir(parent, dataSource); - SpecialDirectory dir = createLocalFilesDir(parentDir.getId(), file.getName()); - localFileDirMap.put(file.getPath(), dir); + SpecialDirectory parentDir = getOrMakeDirInDataSource(parent, dataSource); + SpecialDirectory dir = createLocalFilesDir(parentDir.getId(), directory.getName()); + localFileDirMap.put(directory.getPath(), dir); return dir; } } From 3c7510fa2c1cc23ea32f13571461f8de87e01314 Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Wed, 4 Sep 2019 11:06:42 -0400 Subject: [PATCH 24/25] Fix PR comments --- .../logicalimager/configuration/Bundle.properties-MERGED | 6 +++++- .../logicalimager/configuration/ConfigVisualPanel1.java | 9 +++++---- .../autopsy/logicalimager/dsp/Bundle.properties-MERGED | 2 ++ 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED index 55d0634c72..23009e88c1 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED @@ -26,8 +26,12 @@ ConfigVisualPanel1.chooseFileTitle=Select a Logical Imager configuration # {0} - filename ConfigVisualPanel1.configFileIsEmpty=Configuration file {0} is empty ConfigVisualPanel1.configurationError=Configuration error +# {0} - root +# {1} - description +# {2} - size with unit +# {3} - file system +ConfigVisualPanel1.driveListItem={0} ({1}) ({2}) - File system: {3} ConfigVisualPanel1.fileNameExtensionFilter=Configuration JSON File -ConfigVisualPanel1.fileSystem=File system ConfigVisualPanel1.invalidConfigJson=Invalid config JSON: ConfigVisualPanel1.messageLabel.noExternalDriveFound=No drive found ConfigVisualPanel1.selectConfigurationFile=Select location diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel1.java b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel1.java index fc683be97a..f6336771bd 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel1.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel1.java @@ -267,7 +267,8 @@ final class ConfigVisualPanel1 extends JPanel { */ @NbBundle.Messages({ "ConfigVisualPanel1.messageLabel.noExternalDriveFound=No drive found", - "ConfigVisualPanel1.fileSystem=File system" + "# {0} - root", "# {1} - description", "# {2} - size with unit", "# {3} - file system", + "ConfigVisualPanel1.driveListItem={0} ({1}) ({2}) - File system: {3}" }) private void refreshDriveList() { List listData = new ArrayList<>(); @@ -282,7 +283,7 @@ final class ConfigVisualPanel1 extends JPanel { long spaceInBytes = root.getTotalSpace(); String sizeWithUnit = DriveListUtils.humanReadableByteCount(spaceInBytes, false); String fileSystem = getFileSystemName(root.toString()); - listData.add(root + " (" + description + ") (" + sizeWithUnit + ") - " + Bundle.ConfigVisualPanel1_fileSystem() + ": " + fileSystem); + listData.add(Bundle.ConfigVisualPanel1_driveListItem(root, description, sizeWithUnit, fileSystem)); if (firstRemovableDrive == -1) { try { FileStore fileStore = Files.getFileStore(root.toPath()); @@ -467,8 +468,8 @@ final class ConfigVisualPanel1 extends JPanel { */ boolean isPanelValid() { return !StringUtils.isBlank(getConfigPath()) - && (getFileSystemName(getConfigPath().substring(0, 3)).equals("NTFS") // NON-NLS - || getFileSystemName(getConfigPath().substring(0, 3)).equals("exFAT")) // NON-NLS + && !(getFileSystemName(getConfigPath().substring(0, 3)).equals("FAT") // NON-NLS + || getFileSystemName(getConfigPath().substring(0, 3)).equals("FAT32")) // NON-NLS && ((configureDriveRadioButton.isSelected() && !StringUtils.isBlank(driveList.getSelectedValue())) || (configureFolderRadioButton.isSelected() && (!configFileTextField.getText().isEmpty()))); } diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/Bundle.properties-MERGED index 76b82c57ad..dfcde750b9 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/Bundle.properties-MERGED +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/Bundle.properties-MERGED @@ -5,6 +5,8 @@ AddLogicalImageTask.addingInterestingFiles=Adding search results as interesting files # {0} - file AddLogicalImageTask.addingToReport=Adding {0} to report +# {0} - target image path +AddLogicalImageTask.cannotFindDataSourceObjId=Cannot find obj_id in tsk_image_names for {0} # {0} - SearchResults.txt # {1} - directory AddLogicalImageTask.cannotFindFiles=Cannot find {0} in {1} From b19032bcc43b5175e2755d1f29ea928598d69f5d Mon Sep 17 00:00:00 2001 From: Kelly Kelly Date: Thu, 5 Sep 2019 10:34:44 -0400 Subject: [PATCH 25/25] Update cvt prop file with new labels --- .../communications/relationships/Bundle.properties-MERGED | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/communications/relationships/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/communications/relationships/Bundle.properties-MERGED index 67971ffa88..f79bdaa464 100755 --- a/Core/src/org/sleuthkit/autopsy/communications/relationships/Bundle.properties-MERGED +++ b/Core/src/org/sleuthkit/autopsy/communications/relationships/Bundle.properties-MERGED @@ -60,6 +60,6 @@ MessageViewer.backButton.AccessibleContext.accessibleDescription= MessageViewer.backButton.text=Threads MessageViewer.showAllButton.text=All Messages SummaryViewer.thumbnailCntLabel.text=Media Attachments: -SummaryViewer.attachmentsLable.text=Attachments: +SummaryViewer.attachmentsLable.text=Total Attachments: SummaryViewer.thumbnailsDataLabel.text=attachments -SummaryViewer.attachmentDataLabel.text=jLabel1 +SummaryViewer.attachmentDataLabel.text=count