mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-12 07:56:16 +00:00
Merge pull request #116 from tmciver-basis/master
Updates in support of AUT-669
This commit is contained in:
Brian Carrier
commit
063a1df356
@ -40,7 +40,7 @@ import org.sleuthkit.autopsy.casemodule.Case;
|
|||||||
import org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer;
|
import org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer;
|
||||||
import org.sleuthkit.autopsy.datamodel.ContentUtils;
|
import org.sleuthkit.autopsy.datamodel.ContentUtils;
|
||||||
import org.sleuthkit.datamodel.File;
|
import org.sleuthkit.datamodel.File;
|
||||||
import org.sleuthkit.datamodel.TskData;
|
import org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
@ -332,7 +332,7 @@ public class DataContentViewerMedia extends javax.swing.JPanel implements DataCo
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (File.dirFlagToValue(file.getDirFlags()).equals(TskData.TSK_FS_NAME_FLAG_ENUM.TSK_FS_NAME_FLAG_UNALLOC.toString())) {
|
if (file.getDirFlag() == TSK_FS_NAME_FLAG_ENUM.UNALLOC) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -18,11 +18,11 @@
|
|||||||
*/
|
*/
|
||||||
package org.sleuthkit.autopsy.datamodel;
|
package org.sleuthkit.autopsy.datamodel;
|
||||||
|
|
||||||
import java.text.SimpleDateFormat;
|
|
||||||
import java.util.LinkedHashMap;
|
import java.util.LinkedHashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import org.openide.nodes.Sheet;
|
import org.openide.nodes.Sheet;
|
||||||
import org.sleuthkit.datamodel.FsContent;
|
import org.sleuthkit.datamodel.FsContent;
|
||||||
|
import org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Abstract class that implements the commonality between File and Directory
|
* Abstract class that implements the commonality between File and Directory
|
||||||
@ -236,15 +236,15 @@ public abstract class AbstractFsContentNode<T extends FsContent> extends Abstrac
|
|||||||
map.put(FsContentPropertyType.ACCESS_TIME.toString(), ContentUtils.getStringTime(content.getAtime(), content));
|
map.put(FsContentPropertyType.ACCESS_TIME.toString(), ContentUtils.getStringTime(content.getAtime(), content));
|
||||||
map.put(FsContentPropertyType.CREATED_TIME.toString(), ContentUtils.getStringTime(content.getCrtime(), content));
|
map.put(FsContentPropertyType.CREATED_TIME.toString(), ContentUtils.getStringTime(content.getCrtime(), content));
|
||||||
map.put(FsContentPropertyType.SIZE.toString(), content.getSize());
|
map.put(FsContentPropertyType.SIZE.toString(), content.getSize());
|
||||||
map.put(FsContentPropertyType.FLAGS_DIR.toString(), content.getDirFlagsAsString());
|
map.put(FsContentPropertyType.FLAGS_DIR.toString(), content.getDirFlag().toString());
|
||||||
map.put(FsContentPropertyType.FLAGS_META.toString(), content.getMetaFlagsAsString());
|
map.put(FsContentPropertyType.FLAGS_META.toString(), Integer.toString(content.getMetaFlagsInt()));
|
||||||
map.put(FsContentPropertyType.MODE.toString(), content.getModeAsString());
|
map.put(FsContentPropertyType.MODE.toString(), TSK_FS_META_MODE_ENUM.toString(content.getModes(), content.getMetaType()));
|
||||||
map.put(FsContentPropertyType.USER_ID.toString(), content.getUid());
|
map.put(FsContentPropertyType.USER_ID.toString(), content.getUid());
|
||||||
map.put(FsContentPropertyType.GROUP_ID.toString(), content.getGid());
|
map.put(FsContentPropertyType.GROUP_ID.toString(), content.getGid());
|
||||||
map.put(FsContentPropertyType.META_ADDR.toString(), content.getMetaAddr());
|
map.put(FsContentPropertyType.META_ADDR.toString(), content.getMetaAddr());
|
||||||
map.put(FsContentPropertyType.ATTR_ADDR.toString(), Long.toString(content.getAttrType()) + "-" + Long.toString(content.getAttrId()));
|
map.put(FsContentPropertyType.ATTR_ADDR.toString(), Long.toString(content.getAttrType().getValue()) + "-" + Long.toString(content.getAttrId()));
|
||||||
map.put(FsContentPropertyType.TYPE_DIR.toString(), content.getDirTypeAsString());
|
map.put(FsContentPropertyType.TYPE_DIR.toString(), content.getDirType().getLabel());
|
||||||
map.put(FsContentPropertyType.TYPE_META.toString(), content.getMetaTypeAsString());
|
map.put(FsContentPropertyType.TYPE_META.toString(), content.getMetaType().toString());
|
||||||
map.put(FsContentPropertyType.KNOWN.toString(), content.getKnown().getName());
|
map.put(FsContentPropertyType.KNOWN.toString(), content.getKnown().getName());
|
||||||
map.put(FsContentPropertyType.MD5HASH.toString(), content.getMd5Hash() == null ? "" : content.getMd5Hash());
|
map.put(FsContentPropertyType.MD5HASH.toString(), content.getMd5Hash() == null ? "" : content.getMd5Hash());
|
||||||
}
|
}
|
||||||
|
|||||||
@ -20,7 +20,7 @@ package org.sleuthkit.autopsy.datamodel;
|
|||||||
|
|
||||||
import javax.swing.Action;
|
import javax.swing.Action;
|
||||||
import org.sleuthkit.datamodel.Directory;
|
import org.sleuthkit.datamodel.Directory;
|
||||||
import org.sleuthkit.datamodel.TskData;
|
import org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class is used to represent the "Node" for the directory.
|
* This class is used to represent the "Node" for the directory.
|
||||||
@ -39,7 +39,7 @@ public class DirectoryNode extends AbstractFsContentNode<Directory> {
|
|||||||
super(dir, directoryBrowseMode);
|
super(dir, directoryBrowseMode);
|
||||||
|
|
||||||
// set name, display name, and icon
|
// set name, display name, and icon
|
||||||
if (Directory.dirFlagToValue(dir.getDirFlags()).equals(TskData.TSK_FS_NAME_FLAG_ENUM.TSK_FS_NAME_FLAG_UNALLOC.toString())) {
|
if (dir.getDirFlag() == TSK_FS_NAME_FLAG_ENUM.UNALLOC) {
|
||||||
this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/folder-icon-deleted.png");
|
this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/folder-icon-deleted.png");
|
||||||
} else {
|
} else {
|
||||||
this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/Folder-icon.png");
|
this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/Folder-icon.png");
|
||||||
|
|||||||
@ -20,7 +20,7 @@ package org.sleuthkit.autopsy.datamodel;
|
|||||||
|
|
||||||
import javax.swing.Action;
|
import javax.swing.Action;
|
||||||
import org.sleuthkit.datamodel.File;
|
import org.sleuthkit.datamodel.File;
|
||||||
import org.sleuthkit.datamodel.TskData;
|
import org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class is used to represent the "Node" for the file. It has no children.
|
* This class is used to represent the "Node" for the file. It has no children.
|
||||||
@ -39,7 +39,7 @@ public class FileNode extends AbstractFsContentNode<File> {
|
|||||||
super(file, directoryBrowseMode);
|
super(file, directoryBrowseMode);
|
||||||
|
|
||||||
// set name, display name, and icon
|
// set name, display name, and icon
|
||||||
if (file.getDirFlags() == (TskData.TSK_FS_NAME_FLAG_ENUM.TSK_FS_NAME_FLAG_UNALLOC.getDirFlag())) {
|
if (file.getDirFlag() == TSK_FS_NAME_FLAG_ENUM.UNALLOC) {
|
||||||
this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/file-icon-deleted.png");
|
this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/file-icon-deleted.png");
|
||||||
} else {
|
} else {
|
||||||
this.setIconBaseWithExtension(getIconForFileType(file));
|
this.setIconBaseWithExtension(getIconForFileType(file));
|
||||||
|
|||||||
@ -23,7 +23,7 @@ import java.util.Map;
|
|||||||
import org.openide.nodes.Sheet;
|
import org.openide.nodes.Sheet;
|
||||||
import org.sleuthkit.autopsy.datamodel.LayoutFileNode.LayoutContentPropertyType;
|
import org.sleuthkit.autopsy.datamodel.LayoutFileNode.LayoutContentPropertyType;
|
||||||
import org.sleuthkit.datamodel.VirtualDirectory;
|
import org.sleuthkit.datamodel.VirtualDirectory;
|
||||||
import org.sleuthkit.datamodel.LayoutFile;
|
import org.sleuthkit.datamodel.TskData;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Node for layout dir
|
* Node for layout dir
|
||||||
@ -83,8 +83,6 @@ public class VirtualDirectoryNode extends AbstractAbstractFileNode<VirtualDirect
|
|||||||
public boolean isLeafTypeNode() {
|
public boolean isLeafTypeNode() {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
//TODO consider extend AbstractFsContent node and use that
|
//TODO consider extend AbstractFsContent node and use that
|
||||||
//first need methods such as getDirType() to be pushed to AbstractFile class
|
//first need methods such as getDirType() to be pushed to AbstractFile class
|
||||||
@ -97,9 +95,38 @@ public class VirtualDirectoryNode extends AbstractAbstractFileNode<VirtualDirect
|
|||||||
map.put(AbstractFsContentNode.FsContentPropertyType.CHANGED_TIME.toString(), ContentUtils.getStringTime(0, content));
|
map.put(AbstractFsContentNode.FsContentPropertyType.CHANGED_TIME.toString(), ContentUtils.getStringTime(0, content));
|
||||||
map.put(AbstractFsContentNode.FsContentPropertyType.ACCESS_TIME.toString(), ContentUtils.getStringTime(0, content));
|
map.put(AbstractFsContentNode.FsContentPropertyType.ACCESS_TIME.toString(), ContentUtils.getStringTime(0, content));
|
||||||
map.put(AbstractFsContentNode.FsContentPropertyType.CREATED_TIME.toString(), ContentUtils.getStringTime(0, content));
|
map.put(AbstractFsContentNode.FsContentPropertyType.CREATED_TIME.toString(), ContentUtils.getStringTime(0, content));
|
||||||
map.put(AbstractFsContentNode.FsContentPropertyType.FLAGS_DIR.toString(), content.getDirFlagsAsString());
|
map.put(AbstractFsContentNode.FsContentPropertyType.FLAGS_DIR.toString(), content.getDirFlags().toString());
|
||||||
map.put(AbstractFsContentNode.FsContentPropertyType.FLAGS_META.toString(), content.getMetaFlagsAsString());
|
map.put(AbstractFsContentNode.FsContentPropertyType.FLAGS_META.toString(), metaFlagToString(content.getMetaFlags()));
|
||||||
map.put(AbstractFsContentNode.FsContentPropertyType.TYPE_DIR.toString(), content.getDirTypeAsString());
|
map.put(AbstractFsContentNode.FsContentPropertyType.TYPE_DIR.toString(), content.getDirType().toString());
|
||||||
map.put(AbstractFsContentNode.FsContentPropertyType.TYPE_META.toString(), content.getMetaTypeAsString());
|
map.put(AbstractFsContentNode.FsContentPropertyType.TYPE_META.toString(), content.getMetaType().toString());
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Convert meta flag long to user-readable string / label
|
||||||
|
*
|
||||||
|
* @param metaFlag to convert
|
||||||
|
* @return string formatted meta flag representation
|
||||||
|
*/
|
||||||
|
public static String metaFlagToString(short metaFlag) {
|
||||||
|
|
||||||
|
String result = "";
|
||||||
|
|
||||||
|
short allocFlag = TskData.TSK_FS_META_FLAG_ENUM.ALLOC.getValue();
|
||||||
|
short unallocFlag = TskData.TSK_FS_META_FLAG_ENUM.UNALLOC.getValue();
|
||||||
|
|
||||||
|
// some variables that might be needed in the future
|
||||||
|
//long usedFlag = TskData.TSK_FS_META_FLAG_ENUM.USED.getMetaFlag();
|
||||||
|
//long unusedFlag = TskData.TSK_FS_META_FLAG_ENUM.UNUSED.getMetaFlag();
|
||||||
|
//long compFlag = TskData.TSK_FS_META_FLAG_ENUM.COMP.getMetaFlag();
|
||||||
|
//long orphanFlag = TskData.TSK_FS_META_FLAG_ENUM.ORPHAN.getMetaFlag();
|
||||||
|
|
||||||
|
if ((metaFlag & allocFlag) == allocFlag) {
|
||||||
|
result = TskData.TSK_FS_META_FLAG_ENUM.ALLOC.toString();
|
||||||
|
}
|
||||||
|
if ((metaFlag & unallocFlag) == unallocFlag) {
|
||||||
|
result = TskData.TSK_FS_META_FLAG_ENUM.UNALLOC.toString();
|
||||||
|
}
|
||||||
|
|
||||||
|
return result;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -22,7 +22,6 @@ import java.sql.ResultSet;
|
|||||||
import java.sql.SQLException;
|
import java.sql.SQLException;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.Comparator;
|
import java.util.Comparator;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.Iterator;
|
import java.util.Iterator;
|
||||||
@ -42,15 +41,13 @@ import org.sleuthkit.datamodel.ContentVisitor;
|
|||||||
import org.sleuthkit.datamodel.Directory;
|
import org.sleuthkit.datamodel.Directory;
|
||||||
import org.sleuthkit.datamodel.File;
|
import org.sleuthkit.datamodel.File;
|
||||||
import org.sleuthkit.datamodel.FileSystem;
|
import org.sleuthkit.datamodel.FileSystem;
|
||||||
import org.sleuthkit.datamodel.FsContent;
|
|
||||||
import org.sleuthkit.datamodel.Image;
|
import org.sleuthkit.datamodel.Image;
|
||||||
import org.sleuthkit.datamodel.VirtualDirectory;
|
import org.sleuthkit.datamodel.VirtualDirectory;
|
||||||
import org.sleuthkit.datamodel.LayoutFile;
|
import org.sleuthkit.datamodel.LayoutFile;
|
||||||
import org.sleuthkit.datamodel.SleuthkitCase;
|
import org.sleuthkit.datamodel.SleuthkitCase;
|
||||||
import org.sleuthkit.datamodel.TskCoreException;
|
import org.sleuthkit.datamodel.TskCoreException;
|
||||||
import org.sleuthkit.datamodel.TskData;
|
import org.sleuthkit.datamodel.TskData;
|
||||||
import org.sleuthkit.datamodel.Volume;
|
import org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM;
|
||||||
import org.sleuthkit.datamodel.VolumeSystem;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Schedules images and files with their associated modules for ingest, and
|
* Schedules images and files with their associated modules for ingest, and
|
||||||
@ -745,8 +742,8 @@ class IngestScheduler {
|
|||||||
queryB.append("SELECT COUNT(*) FROM tsk_files WHERE ( (fs_obj_id = ").append(fs.getId());
|
queryB.append("SELECT COUNT(*) FROM tsk_files WHERE ( (fs_obj_id = ").append(fs.getId());
|
||||||
//queryB.append(") OR (fs_obj_id = NULL) )");
|
//queryB.append(") OR (fs_obj_id = NULL) )");
|
||||||
queryB.append(") )");
|
queryB.append(") )");
|
||||||
queryB.append(" AND ( (meta_type = ").append(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getMetaType());
|
queryB.append(" AND ( (meta_type = ").append(TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue());
|
||||||
queryB.append(") OR (meta_type = ").append(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR.getMetaType());
|
queryB.append(") OR (meta_type = ").append(TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR.getValue());
|
||||||
queryB.append(" AND (name != '.') AND (name != '..')");
|
queryB.append(" AND (name != '.') AND (name != '..')");
|
||||||
queryB.append(") )");
|
queryB.append(") )");
|
||||||
|
|
||||||
|
|||||||
@ -42,6 +42,7 @@ import org.sleuthkit.autopsy.coreutils.Logger;
|
|||||||
import org.sleuthkit.autopsy.casemodule.Case;
|
import org.sleuthkit.autopsy.casemodule.Case;
|
||||||
import org.sleuthkit.autopsy.ingest.IngestManager;
|
import org.sleuthkit.autopsy.ingest.IngestManager;
|
||||||
import org.sleuthkit.datamodel.*;
|
import org.sleuthkit.datamodel.*;
|
||||||
|
import org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* ReportBodyFile generates a report in the body file format specified on
|
* ReportBodyFile generates a report in the body file format specified on
|
||||||
@ -122,8 +123,9 @@ public class ReportBodyFile implements ReportModule {
|
|||||||
out.write("|");
|
out.write("|");
|
||||||
out.write(Long.toString(file.getMetaAddr()));
|
out.write(Long.toString(file.getMetaAddr()));
|
||||||
out.write("|");
|
out.write("|");
|
||||||
if(file.getModeAsString()!=null) {
|
String modeString = TSK_FS_META_MODE_ENUM.toString(file.getModes(), file.getMetaType());
|
||||||
out.write(file.getModeAsString());
|
if(modeString != null) {
|
||||||
|
out.write(modeString);
|
||||||
}
|
}
|
||||||
out.write("|");
|
out.write("|");
|
||||||
out.write(Long.toString(file.getUid()));
|
out.write(Long.toString(file.getUid()));
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user