mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

more comment updates

Browse Source
This commit is contained in:
Brian Carrier 2013-10-26 20:35:15 -04:00
parent f9485d3ba2
commit 08e324a635
2 changed files with 13 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
API-CHANGES.txt
View File

@ -5,3 +5,4 @@ Changes to make to API when we are ready to make backward incompatible changes:
- DataContentViewerHex and Strings can have the public setDataView methods removed in favor of the new private ones
- Content.getUniquePath() should not thrown TskException. We should deal with it in the method.
- Make the list of events that Case fires off to be part of an enum to group them together (like IngestManager does).
- Sub-modules in RecentActivity have a bunch of public/protected variables that do not need to be. (i.e. ExtractRegistry.rrFullFound).

38
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -32,7 +32,6 @@ import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.openide.modules.InstalledFileLocator;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.coreutils.ExecUtil;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.PlatformUtil;
@ -40,7 +39,6 @@ import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.autopsy.ingest.IngestDataSourceWorkerController;
import org.sleuthkit.autopsy.ingest.IngestModuleDataSource;
import org.sleuthkit.autopsy.ingest.IngestModuleInit;
import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.ingest.PipelineContext;
import org.sleuthkit.autopsy.recentactivity.ExtractUSB.USBInfo;
import org.sleuthkit.datamodel.*;
@ -54,17 +52,18 @@ import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
/**
* Extracting windows registry data using regripper
* Extract windows registry data using regripper.
* Runs two versions of regripper. One is the generally available set of plug-ins
* and the second is a set that were customized for Autopsy to produce a more structured
* output of XML so that we can parse and turn into blackboard artifacts.
*/
public class ExtractRegistry extends Extract {
public Logger logger = Logger.getLogger(this.getClass().getName());
private String RR_PATH;
private String RR_FULL_PATH;
boolean rrFound = false;
boolean rrFullFound = false;
private int sysid;
private IngestServices services;
boolean rrFound = false; // true if we found the Autopsy-specific version of regripper
boolean rrFullFound = false; // true if we found the full version of regripper
final public static String MODULE_VERSION = "1.0";
private ExecUtil execRR;
@ -130,7 +129,7 @@ public class ExtractRegistry extends Extract {
}
// find the system hives'
String[] regFileNames = new String[] {"system", "software", "security", "sam", "default"};
String[] regFileNames = new String[] {"system", "software", "security", "sam"};
for (String regFileName : regFileNames) {
try {
allRegistryFiles.addAll(fileManager.findFiles(dataSource, regFileName, "/system32/config"));
@ -261,17 +260,17 @@ public class ExtractRegistry extends Extract {
public String fullPlugins = "";
}
// TODO: Hardcoded command args/path needs to be removed. Maybe set some constants and set env variables for classpath
/**
* Execute regripper on the given registry.
* @param regFilePath Path to local copy of registry
* @param outFilePathBase Path to location to save output file to. Base name that will be extended on
*/
private RegOutputFiles executeRegRip(String regFilePath, String outFilePathBase) {
String autopsyType = ""; // Type argument for rr for autopsy-specific modules
String fullType = ""; // Type argument for rr for full set of modules
RegOutputFiles regOutputFiles = new RegOutputFiles();
if (regFilePath.toLowerCase().contains("system")) {
autopsyType = "autopsysystem";
fullType = "system";
@ -284,9 +283,6 @@ public class ExtractRegistry extends Extract {
autopsyType = "autopsy";
fullType = "ntuser";
}
else if (regFilePath.toLowerCase().contains("default")) {
//type = "1default";
}
else if (regFilePath.toLowerCase().contains("sam")) {
fullType = "sam";
}
@ -294,12 +290,9 @@ public class ExtractRegistry extends Extract {
fullType = "security";
}
else {
// @@@ Seems like we should error out or something...
autopsyType = "1default";
return regOutputFiles;
}
RegOutputFiles regOutputFiles = new RegOutputFiles();
// run the autopsy-specific set of modules
if (!autopsyType.isEmpty() && rrFound) {
// TODO - add error messages
@ -326,8 +319,6 @@ public class ExtractRegistry extends Extract {
}
}
}
} else {
logger.log(Level.INFO, "Not running Autopsy-only modules on hive");
}
// run the full set of rr modules
@ -355,9 +346,8 @@ public class ExtractRegistry extends Extract {
}
}
}
} else {
logger.log(Level.INFO, "Not running original RR modules on hive");
}
return regOutputFiles;
}
@ -519,13 +509,8 @@ public class ExtractRegistry extends Extract {
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error adding recent object artifact to blackboard.");
}
} else {
//BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(sysid);
//bbart.addAttributes(bbattributes);
}
}
}
}
return true;
@ -555,7 +540,6 @@ public class ExtractRegistry extends Extract {
@Override
public void init(IngestModuleInit initContext) {
services = IngestServices.getDefault();
}
@Override