mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 16:06:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/sleuthkit/autopsy

Browse Source
This commit is contained in:
adam-m 2012-12-18 17:00:44 -05:00
commit 0b2b8b7849
14 changed files with 191 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerMedia.java
View File

@ -40,7 +40,7 @@ import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer; import org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer;
import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.datamodel.File; import org.sleuthkit.datamodel.File;
import org.sleuthkit.datamodel.TskData; import org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM;
/** /**
* *
@ -332,7 +332,7 @@ public class DataContentViewerMedia extends javax.swing.JPanel implements DataCo
return false; return false;
} }
if (File.dirFlagToValue(file.getDirFlags()).equals(TskData.TSK_FS_NAME_FLAG_ENUM.TSK_FS_NAME_FLAG_UNALLOC.toString())) { if (file.isDirNameFlagSet(TSK_FS_NAME_FLAG_ENUM.UNALLOC)) {
return false; return false;
} }

63
Core/src/org/sleuthkit/autopsy/datamodel/AbstractFsContentNode.java
View File

@ -18,11 +18,15 @@
*/ */
package org.sleuthkit.autopsy.datamodel; package org.sleuthkit.autopsy.datamodel;
import java.text.SimpleDateFormat; import java.util.HashSet;
import java.util.LinkedHashMap; import java.util.LinkedHashMap;
import java.util.Map; import java.util.Map;
import java.util.Set;
import org.openide.nodes.Sheet; import org.openide.nodes.Sheet;
import org.sleuthkit.datamodel.FsContent; import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM;
import org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM;
import org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM;
/** /**
* Abstract class that implements the commonality between File and Directory * Abstract class that implements the commonality between File and Directory
@ -31,58 +35,45 @@ import org.sleuthkit.datamodel.FsContent;
public abstract class AbstractFsContentNode<T extends FsContent> extends AbstractAbstractFileNode<T> { public abstract class AbstractFsContentNode<T extends FsContent> extends AbstractAbstractFileNode<T> {
// Note: this order matters for the search result, changed it if the order of property headers on the "KeywordSearchNode"changed // Note: this order matters for the search result, changed it if the order of property headers on the "KeywordSearchNode"changed
public static enum FsContentPropertyType { public static enum FsContentPropertyType {
NAME { NAME {
@Override @Override
public String toString() { public String toString() {
return "Name"; return "Name";
} }
}, },
LOCATION { LOCATION {
@Override @Override
public String toString() { public String toString() {
return "Location"; return "Location";
} }
}, },
MOD_TIME { MOD_TIME {
@Override @Override
public String toString() { public String toString() {
return "Mod. Time"; return "Mod. Time";
} }
}, },
CHANGED_TIME { CHANGED_TIME {
@Override @Override
public String toString() { public String toString() {
return "Change Time"; return "Change Time";
} }
}, },
ACCESS_TIME { ACCESS_TIME {
@Override @Override
public String toString() { public String toString() {
return "Access Time"; return "Access Time";
} }
}, },
CREATED_TIME { CREATED_TIME {
@Override @Override
public String toString() { public String toString() {
return "Created Time"; return "Created Time";
} }
}, },
SIZE { SIZE {
@Override @Override
public String toString() { public String toString() {
return "Size"; return "Size";
@ -95,21 +86,18 @@ public abstract class AbstractFsContentNode<T extends FsContent> extends Abstrac
} }
}, },
FLAGS_META { FLAGS_META {
@Override @Override
public String toString() { public String toString() {
return "Flags(Meta)"; return "Flags(Meta)";
} }
}, },
MODE { MODE {
@Override @Override
public String toString() { public String toString() {
return "Mode"; return "Mode";
} }
}, },
USER_ID { USER_ID {
@Override @Override
public String toString() { public String toString() {
return "UserID"; return "UserID";
@ -122,52 +110,41 @@ public abstract class AbstractFsContentNode<T extends FsContent> extends Abstrac
} }
}, },
META_ADDR { META_ADDR {
@Override @Override
public String toString() { public String toString() {
return "Meta Addr."; return "Meta Addr.";
} }
}, },
ATTR_ADDR { ATTR_ADDR {
@Override @Override
public String toString() { public String toString() {
return "Attr. Addr."; return "Attr. Addr.";
} }
}, },
TYPE_DIR { TYPE_DIR {
@Override @Override
public String toString() { public String toString() {
return "Type(Dir)"; return "Type(Dir)";
} }
}, },
TYPE_META { TYPE_META {
@Override @Override
public String toString() { public String toString() {
return "Type(Meta)"; return "Type(Meta)";
} }
}, },
KNOWN { KNOWN {
@Override @Override
public String toString() { public String toString() {
return "Known"; return "Known";
} }
}, },
MD5HASH { MD5HASH {
@Override @Override
public String toString() { public String toString() {
return "MD5 Hash"; return "MD5 Hash";
} }
}, }
} }
private boolean directoryBrowseMode; private boolean directoryBrowseMode;
@ -177,13 +154,13 @@ public abstract class AbstractFsContentNode<T extends FsContent> extends Abstrac
this(fsContent, true); this(fsContent, true);
} }
/** /**
* Constructor * Constructor
*
* @param fsContent the fsContent * @param fsContent the fsContent
* @param directoryBrowseMode how the user caused this node * @param directoryBrowseMode how the user caused this node to be created:
* to be created: if by browsing the image contents, it is true. If by * if by browsing the image contents, it is true. If by selecting a file
* selecting a file filter (e.g. 'type' or 'recent'), it is false * filter (e.g. 'type' or 'recent'), it is false
*/ */
AbstractFsContentNode(T fsContent, boolean directoryBrowseMode) { AbstractFsContentNode(T fsContent, boolean directoryBrowseMode) {
super(fsContent); super(fsContent);
@ -215,7 +192,7 @@ public abstract class AbstractFsContentNode<T extends FsContent> extends Abstrac
final String propString = propType.toString(); final String propString = propType.toString();
ss.put(new NodeProperty(propString, propString, NO_DESCR, map.get(propString))); ss.put(new NodeProperty(propString, propString, NO_DESCR, map.get(propString)));
} }
if(directoryBrowseMode) { if (directoryBrowseMode) {
ss.put(new NodeProperty(HIDE_PARENT, HIDE_PARENT, HIDE_PARENT, HIDE_PARENT)); ss.put(new NodeProperty(HIDE_PARENT, HIDE_PARENT, HIDE_PARENT, HIDE_PARENT));
} }
@ -225,10 +202,12 @@ public abstract class AbstractFsContentNode<T extends FsContent> extends Abstrac
/** /**
* Fill map with FsContent properties * Fill map with FsContent properties
* *
* @param map map with preserved ordering, where property names/values are put * @param map map with preserved ordering, where property names/values are
* put
* @param content to extract properties from * @param content to extract properties from
*/ */
public static void fillPropertyMap(Map<String, Object> map, FsContent content) { public static void fillPropertyMap(Map<String, Object> map, FsContent content) {
map.put(FsContentPropertyType.NAME.toString(), getFsContentName(content)); map.put(FsContentPropertyType.NAME.toString(), getFsContentName(content));
map.put(FsContentPropertyType.LOCATION.toString(), DataConversion.getformattedPath(ContentUtils.getDisplayPath(content), 0, 1)); map.put(FsContentPropertyType.LOCATION.toString(), DataConversion.getformattedPath(ContentUtils.getDisplayPath(content), 0, 1));
map.put(FsContentPropertyType.MOD_TIME.toString(), ContentUtils.getStringTime(content.getMtime(), content)); map.put(FsContentPropertyType.MOD_TIME.toString(), ContentUtils.getStringTime(content.getMtime(), content));
@ -236,24 +215,24 @@ public abstract class AbstractFsContentNode<T extends FsContent> extends Abstrac
map.put(FsContentPropertyType.ACCESS_TIME.toString(), ContentUtils.getStringTime(content.getAtime(), content)); map.put(FsContentPropertyType.ACCESS_TIME.toString(), ContentUtils.getStringTime(content.getAtime(), content));
map.put(FsContentPropertyType.CREATED_TIME.toString(), ContentUtils.getStringTime(content.getCrtime(), content)); map.put(FsContentPropertyType.CREATED_TIME.toString(), ContentUtils.getStringTime(content.getCrtime(), content));
map.put(FsContentPropertyType.SIZE.toString(), content.getSize()); map.put(FsContentPropertyType.SIZE.toString(), content.getSize());
map.put(FsContentPropertyType.FLAGS_DIR.toString(), content.getDirFlagsAsString()); map.put(FsContentPropertyType.FLAGS_DIR.toString(), content.getDirFlagAsString());
map.put(FsContentPropertyType.FLAGS_META.toString(), content.getMetaFlagsAsString()); map.put(FsContentPropertyType.FLAGS_META.toString(), content.getMetaFlagsAsString());
map.put(FsContentPropertyType.MODE.toString(), content.getModeAsString()); map.put(FsContentPropertyType.MODE.toString(), content.getModesAsString());
map.put(FsContentPropertyType.USER_ID.toString(), content.getUid()); map.put(FsContentPropertyType.USER_ID.toString(), content.getUid());
map.put(FsContentPropertyType.GROUP_ID.toString(), content.getGid()); map.put(FsContentPropertyType.GROUP_ID.toString(), content.getGid());
map.put(FsContentPropertyType.META_ADDR.toString(), content.getMetaAddr()); map.put(FsContentPropertyType.META_ADDR.toString(), content.getMetaAddr());
map.put(FsContentPropertyType.ATTR_ADDR.toString(), Long.toString(content.getAttrType()) + "-" + Long.toString(content.getAttrId())); map.put(FsContentPropertyType.ATTR_ADDR.toString(), Long.toString(content.getAttrType().getValue()) + "-" + Long.toString(content.getAttrId()));
map.put(FsContentPropertyType.TYPE_DIR.toString(), content.getDirTypeAsString()); map.put(FsContentPropertyType.TYPE_DIR.toString(), content.getDirType().getLabel());
map.put(FsContentPropertyType.TYPE_META.toString(), content.getMetaTypeAsString()); map.put(FsContentPropertyType.TYPE_META.toString(), content.getMetaType().toString());
map.put(FsContentPropertyType.KNOWN.toString(), content.getKnown().getName()); map.put(FsContentPropertyType.KNOWN.toString(), content.getKnown().getName());
map.put(FsContentPropertyType.MD5HASH.toString(), content.getMd5Hash() == null ? "" : content.getMd5Hash()); map.put(FsContentPropertyType.MD5HASH.toString(), content.getMd5Hash() == null ? "" : content.getMd5Hash());
} }
static String getFsContentName(FsContent fsContent) { static String getFsContentName(FsContent fsContent) {
String name = fsContent.getName(); String name = fsContent.getName();
if(name.equals("..")) { if (name.equals("..")) {
name = DirectoryNode.DOTDOTDIR; name = DirectoryNode.DOTDOTDIR;
} else if(name.equals(".")) { } else if (name.equals(".")) {
name = DirectoryNode.DOTDIR; name = DirectoryNode.DOTDIR;
} }
return name; return name;

4
Core/src/org/sleuthkit/autopsy/datamodel/DirectoryNode.java
View File

@ -20,7 +20,7 @@ package org.sleuthkit.autopsy.datamodel;
import javax.swing.Action; import javax.swing.Action;
import org.sleuthkit.datamodel.Directory; import org.sleuthkit.datamodel.Directory;
import org.sleuthkit.datamodel.TskData; import org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM;
/** /**
* This class is used to represent the "Node" for the directory. * This class is used to represent the "Node" for the directory.
@ -39,7 +39,7 @@ public class DirectoryNode extends AbstractFsContentNode<Directory> {
super(dir, directoryBrowseMode); super(dir, directoryBrowseMode);
// set name, display name, and icon // set name, display name, and icon
if (Directory.dirFlagToValue(dir.getDirFlags()).equals(TskData.TSK_FS_NAME_FLAG_ENUM.TSK_FS_NAME_FLAG_UNALLOC.toString())) { if (dir.isDirNameFlagSet(TSK_FS_NAME_FLAG_ENUM.UNALLOC)) {
this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/folder-icon-deleted.png"); this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/folder-icon-deleted.png");
} else { } else {
this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/Folder-icon.png"); this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/Folder-icon.png");

4
Core/src/org/sleuthkit/autopsy/datamodel/FileNode.java
View File

@ -20,7 +20,7 @@ package org.sleuthkit.autopsy.datamodel;
import javax.swing.Action; import javax.swing.Action;
import org.sleuthkit.datamodel.File; import org.sleuthkit.datamodel.File;
import org.sleuthkit.datamodel.TskData; import org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM;
/** /**
* This class is used to represent the "Node" for the file. It has no children. * This class is used to represent the "Node" for the file. It has no children.
@ -39,7 +39,7 @@ public class FileNode extends AbstractFsContentNode<File> {
super(file, directoryBrowseMode); super(file, directoryBrowseMode);
// set name, display name, and icon // set name, display name, and icon
if (file.getDirFlags() == (TskData.TSK_FS_NAME_FLAG_ENUM.TSK_FS_NAME_FLAG_UNALLOC.getDirFlag())) { if (file.isDirNameFlagSet(TSK_FS_NAME_FLAG_ENUM.UNALLOC)) {
this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/file-icon-deleted.png"); this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/file-icon-deleted.png");
} else { } else {
this.setIconBaseWithExtension(getIconForFileType(file)); this.setIconBaseWithExtension(getIconForFileType(file));

41
Core/src/org/sleuthkit/autopsy/datamodel/VirtualDirectoryNode.java
View File

@ -23,7 +23,7 @@ import java.util.Map;
import org.openide.nodes.Sheet; import org.openide.nodes.Sheet;
import org.sleuthkit.autopsy.datamodel.LayoutFileNode.LayoutContentPropertyType; import org.sleuthkit.autopsy.datamodel.LayoutFileNode.LayoutContentPropertyType;
import org.sleuthkit.datamodel.VirtualDirectory; import org.sleuthkit.datamodel.VirtualDirectory;
import org.sleuthkit.datamodel.LayoutFile; import org.sleuthkit.datamodel.TskData;
/** /**
* Node for layout dir * Node for layout dir
@ -84,8 +84,6 @@ public class VirtualDirectoryNode extends AbstractAbstractFileNode<VirtualDirect
return true; return true;
} }
//TODO consider extend AbstractFsContent node and use that //TODO consider extend AbstractFsContent node and use that
//first need methods such as getDirType() to be pushed to AbstractFile class //first need methods such as getDirType() to be pushed to AbstractFile class
private static void fillPropertyMap(Map<String, Object> map, VirtualDirectory content) { private static void fillPropertyMap(Map<String, Object> map, VirtualDirectory content) {
@ -97,9 +95,38 @@ public class VirtualDirectoryNode extends AbstractAbstractFileNode<VirtualDirect
map.put(AbstractFsContentNode.FsContentPropertyType.CHANGED_TIME.toString(), ContentUtils.getStringTime(0, content)); map.put(AbstractFsContentNode.FsContentPropertyType.CHANGED_TIME.toString(), ContentUtils.getStringTime(0, content));
map.put(AbstractFsContentNode.FsContentPropertyType.ACCESS_TIME.toString(), ContentUtils.getStringTime(0, content)); map.put(AbstractFsContentNode.FsContentPropertyType.ACCESS_TIME.toString(), ContentUtils.getStringTime(0, content));
map.put(AbstractFsContentNode.FsContentPropertyType.CREATED_TIME.toString(), ContentUtils.getStringTime(0, content)); map.put(AbstractFsContentNode.FsContentPropertyType.CREATED_TIME.toString(), ContentUtils.getStringTime(0, content));
map.put(AbstractFsContentNode.FsContentPropertyType.FLAGS_DIR.toString(), content.getDirFlagsAsString()); map.put(AbstractFsContentNode.FsContentPropertyType.FLAGS_DIR.toString(), content.getDirFlags().toString());
map.put(AbstractFsContentNode.FsContentPropertyType.FLAGS_META.toString(), content.getMetaFlagsAsString()); map.put(AbstractFsContentNode.FsContentPropertyType.FLAGS_META.toString(), metaFlagToString(content.getMetaFlags()));
map.put(AbstractFsContentNode.FsContentPropertyType.TYPE_DIR.toString(), content.getDirTypeAsString()); map.put(AbstractFsContentNode.FsContentPropertyType.TYPE_DIR.toString(), content.getDirType().toString());
map.put(AbstractFsContentNode.FsContentPropertyType.TYPE_META.toString(), content.getMetaTypeAsString()); map.put(AbstractFsContentNode.FsContentPropertyType.TYPE_META.toString(), content.getMetaType().toString());
}
/**
* Convert meta flag long to user-readable string / label
*
* @param metaFlag to convert
* @return string formatted meta flag representation
*/
public static String metaFlagToString(short metaFlag) {
String result = "";
short allocFlag = TskData.TSK_FS_META_FLAG_ENUM.ALLOC.getValue();
short unallocFlag = TskData.TSK_FS_META_FLAG_ENUM.UNALLOC.getValue();
// some variables that might be needed in the future
//long usedFlag = TskData.TSK_FS_META_FLAG_ENUM.USED.getMetaFlag();
//long unusedFlag = TskData.TSK_FS_META_FLAG_ENUM.UNUSED.getMetaFlag();
//long compFlag = TskData.TSK_FS_META_FLAG_ENUM.COMP.getMetaFlag();
//long orphanFlag = TskData.TSK_FS_META_FLAG_ENUM.ORPHAN.getMetaFlag();
if ((metaFlag & allocFlag) == allocFlag) {
result = TskData.TSK_FS_META_FLAG_ENUM.ALLOC.toString();
}
if ((metaFlag & unallocFlag) == unallocFlag) {
result = TskData.TSK_FS_META_FLAG_ENUM.UNALLOC.toString();
}
return result;
} }
} }

56
Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
View File

@ -24,6 +24,7 @@ import java.awt.event.ActionEvent;
import java.io.File; import java.io.File;
import java.io.FileOutputStream; import java.io.FileOutputStream;
import java.io.IOException; import java.io.IOException;
import java.io.OutputStream;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collections; import java.util.Collections;
import java.util.Comparator; import java.util.Comparator;
@ -44,9 +45,9 @@ import org.sleuthkit.datamodel.ContentVisitor;
import org.sleuthkit.datamodel.Directory; import org.sleuthkit.datamodel.Directory;
import org.sleuthkit.datamodel.FileSystem; import org.sleuthkit.datamodel.FileSystem;
import org.sleuthkit.datamodel.Image; import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.VirtualDirectory;
import org.sleuthkit.datamodel.LayoutFile; import org.sleuthkit.datamodel.LayoutFile;
import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.VirtualDirectory;
import org.sleuthkit.datamodel.Volume; import org.sleuthkit.datamodel.Volume;
import org.sleuthkit.datamodel.VolumeSystem; import org.sleuthkit.datamodel.VolumeSystem;
@ -168,22 +169,23 @@ public final class ExtractUnallocAction extends AbstractAction {
private List<UnallocStruct> lus = new ArrayList<UnallocStruct>(); private List<UnallocStruct> lus = new ArrayList<UnallocStruct>();
private File currentlyProcessing; private File currentlyProcessing;
private int totalSizeinMegs; private int totalSizeinMegs;
long totalBytes = 0;
ExtractUnallocWorker(UnallocStruct us) { ExtractUnallocWorker(UnallocStruct us) {
this.lus.add(us);
//Getting the total megs this worker is going to be doing //Getting the total megs this worker is going to be doing
if (!lockedVols.contains(us.getFileName())) { if (!lockedVols.contains(us.getFileName())) {
totalSizeinMegs = toMb(us.sizeInBytes()); this.lus.add(us);
totalBytes = us.getSizeInBytes();
totalSizeinMegs = toMb(totalBytes);
lockedVols.add(us.getFileName()); lockedVols.add(us.getFileName());
} }
} }
ExtractUnallocWorker(List<UnallocStruct> lst) { ExtractUnallocWorker(List<UnallocStruct> lst) {
//Getting the total megs this worker is going to be doing //Getting the total megs this worker is going to be doing
long totalBytes = 0;
for (UnallocStruct lu : lst) { for (UnallocStruct lu : lst) {
if (!lockedVols.contains(lu.getFileName())) { if (!lockedVols.contains(lu.getFileName())) {
totalBytes += lu.sizeInBytes(); totalBytes += lu.getSizeInBytes();
lockedVols.add(lu.getFileName()); lockedVols.add(lu.getFileName());
this.lus.add(lu); this.lus.add(lu);
} }
@ -196,7 +198,7 @@ public final class ExtractUnallocAction extends AbstractAction {
if (bytes > 1024 && (bytes / 1024.0) <= Double.MAX_VALUE) { if (bytes > 1024 && (bytes / 1024.0) <= Double.MAX_VALUE) {
double Mb = ((bytes / 1024.0) / 1024.0);//Bytes -> Megabytes double Mb = ((bytes / 1024.0) / 1024.0);//Bytes -> Megabytes
if (Mb <= Integer.MAX_VALUE) { if (Mb <= Integer.MAX_VALUE) {
return (int) Math.floor(Mb); return (int) Math.ceil(Mb);
} }
} }
return 0; return 0;
@ -222,27 +224,32 @@ public final class ExtractUnallocAction extends AbstractAction {
//Begin the actual File IO //Begin the actual File IO
progress.start(totalSizeinMegs); progress.start(totalSizeinMegs);
int kbs = 0; //Each completion of the while loop adds one to kbs. 8kb * 128 = 1mb. int kbs = 0; //Each completion of the while loop adds one to kbs. 16kb * 64 = 1mb.
int mbs = 0; //Increments every 128th tick of kbs int mbs = 0; //Increments every 128th tick of kbs
for (UnallocStruct u : this.lus) { for (UnallocStruct u : this.lus) {
currentlyProcessing = u.getFile(); currentlyProcessing = u.getFile();
logger.log(Level.INFO, "Writing Unalloc file to " + currentlyProcessing.getPath()); logger.log(Level.INFO, "Writing Unalloc file to " + currentlyProcessing.getPath());
FileOutputStream fos = new FileOutputStream(currentlyProcessing); OutputStream dos = new FileOutputStream(currentlyProcessing);
int count = 1; long bytes = 0;
for (LayoutFile f : u.getLayouts()) { int i = 0;
long offset = 0L; while(i < u.getLayouts().size() && bytes != u.getSizeInBytes()){
while (offset != f.getSize() && !canceled) { LayoutFile f = u.getLayouts().get(i);
offset += f.read(buf, offset, MAX_BYTES); //Offset + Bytes read long offsetPerFile = 0L;
fos.write(buf); int bytesRead;
while(offsetPerFile != f.getSize() && !canceled){
if (++kbs % 128 == 0) { if (++kbs % 128 == 0) {
mbs++; mbs++;
progress.progress("processing " + mbs + " of " + totalSizeinMegs + " MBs", mbs); progress.progress("processing " + mbs + " of " + totalSizeinMegs + " MBs", mbs-1);
} }
bytesRead = f.read(buf, offsetPerFile, MAX_BYTES);
offsetPerFile+= bytesRead;
dos.write(buf, 0, bytesRead);
} }
count++; bytes+=f.getSize();
i++;
} }
fos.flush(); dos.flush();
fos.close(); dos.close();
if (canceled) { if (canceled) {
u.getFile().delete(); u.getFile().delete();
@ -420,9 +427,9 @@ public final class ExtractUnallocAction extends AbstractAction {
return 0; return 0;
} }
if (o1.getId() > o2.getId()) { if (o1.getId() > o2.getId()) {
return -1;
} else {
return 1; return 1;
} else {
return -1;
} }
} }
} }
@ -434,6 +441,7 @@ public final class ExtractUnallocAction extends AbstractAction {
private class UnallocStruct { private class UnallocStruct {
private List<LayoutFile> llf; private List<LayoutFile> llf;
private long SizeInBytes;
private long VolumeId; private long VolumeId;
private long ImageId; private long ImageId;
private String ImageName; private String ImageName;
@ -453,6 +461,7 @@ public final class ExtractUnallocAction extends AbstractAction {
this.ImageName = img.getName(); this.ImageName = img.getName();
this.FileName = this.ImageName + "-Unalloc-" + this.ImageId + "-" + 0 + ".dat"; this.FileName = this.ImageName + "-Unalloc-" + this.ImageId + "-" + 0 + ".dat";
this.FileInstance = new File(Case.getCurrentCase().getCaseDirectory() + File.separator + "Export" + File.separator + this.FileName); this.FileInstance = new File(Case.getCurrentCase().getCaseDirectory() + File.separator + "Export" + File.separator + this.FileName);
this.SizeInBytes = calcSizeInBytes();
} }
/** /**
@ -474,6 +483,7 @@ public final class ExtractUnallocAction extends AbstractAction {
this.FileInstance = new File(Case.getCurrentCase().getCaseDirectory() + File.separator + "Export" + File.separator + this.FileName); this.FileInstance = new File(Case.getCurrentCase().getCaseDirectory() + File.separator + "Export" + File.separator + this.FileName);
this.llf = getUnallocFiles(volu); this.llf = getUnallocFiles(volu);
Collections.sort(llf, new SortObjId()); Collections.sort(llf, new SortObjId());
this.SizeInBytes = calcSizeInBytes();
} }
//Getters //Getters
@ -481,7 +491,7 @@ public final class ExtractUnallocAction extends AbstractAction {
return llf.size(); return llf.size();
} }
long sizeInBytes() { private long calcSizeInBytes() {
long size = 0L; long size = 0L;
for (LayoutFile f : llf) { for (LayoutFile f : llf) {
size += f.getSize(); size += f.getSize();
@ -489,6 +499,10 @@ public final class ExtractUnallocAction extends AbstractAction {
return size; return size;
} }
long getSizeInBytes(){
return this.SizeInBytes;
}
long getVolumeId() { long getVolumeId() {
return this.VolumeId; return this.VolumeId;
} }

5
Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java
View File

@ -814,8 +814,7 @@ public class IngestManager {
final AbstractFile fileToProcess = fileTask.file; final AbstractFile fileToProcess = fileTask.file;
//logger.log(Level.INFO, "NEXT FILE: " + fileToProcess.getName()); logger.log(Level.INFO, "IngestManager: Processing: {0}", fileToProcess.getName());
progress.progress(fileToProcess.getName(), processedFiles); progress.progress(fileToProcess.getName(), processedFiles);
for (IngestModuleAbstractFile module : fileTask.scheduledTask.modules) { for (IngestModuleAbstractFile module : fileTask.scheduledTask.modules) {
@ -857,7 +856,7 @@ public class IngestManager {
//--totalEnqueuedFiles; //--totalEnqueuedFiles;
} //end of this AbstractFile } //end of this AbstractFile
logger.log(Level.INFO, "Done background processing"); logger.log(Level.INFO, "IngestManager: Finished processing files");
return null; return null;
} }

36
Core/src/org/sleuthkit/autopsy/ingest/IngestScheduler.java
View File

@ -22,7 +22,6 @@ import java.sql.ResultSet;
import java.sql.SQLException; import java.sql.SQLException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;
import java.util.Collections;
import java.util.Comparator; import java.util.Comparator;
import java.util.HashSet; import java.util.HashSet;
import java.util.Iterator; import java.util.Iterator;
@ -42,15 +41,13 @@ import org.sleuthkit.datamodel.ContentVisitor;
import org.sleuthkit.datamodel.Directory; import org.sleuthkit.datamodel.Directory;
import org.sleuthkit.datamodel.File; import org.sleuthkit.datamodel.File;
import org.sleuthkit.datamodel.FileSystem; import org.sleuthkit.datamodel.FileSystem;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.Image; import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.VirtualDirectory; import org.sleuthkit.datamodel.VirtualDirectory;
import org.sleuthkit.datamodel.LayoutFile; import org.sleuthkit.datamodel.LayoutFile;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.TskData; import org.sleuthkit.datamodel.TskData;
import org.sleuthkit.datamodel.Volume; import org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM;
import org.sleuthkit.datamodel.VolumeSystem;
/** /**
* Schedules images and files with their associated modules for ingest, and * Schedules images and files with their associated modules for ingest, and
@ -666,21 +663,31 @@ class IngestScheduler {
enum Priority { enum Priority {
LOW, MEDIUM, HIGH LAST, LOW, MEDIUM, HIGH
}; };
static final List<Pattern> LAST_PRI_PATHS = new ArrayList<Pattern>();
static final List<Pattern> LOW_PRI_PATHS = new ArrayList<Pattern>(); static final List<Pattern> LOW_PRI_PATHS = new ArrayList<Pattern>();
static final List<Pattern> MEDIUM_PRI_PATHS = new ArrayList<Pattern>(); static final List<Pattern> MEDIUM_PRI_PATHS = new ArrayList<Pattern>();
static final List<Pattern> HIGH_PRI_PATHS = new ArrayList<Pattern>(); static final List<Pattern> HIGH_PRI_PATHS = new ArrayList<Pattern>();
/* prioritize root directory folders based on the assumption that we are
* looking for user content. Other types of investigations may want different
* priorities. */
static { static {
// these files have no structure, so they go last
LAST_PRI_PATHS.add(Pattern.compile("^\\$Unalloc", Pattern.CASE_INSENSITIVE));
LAST_PRI_PATHS.add(Pattern.compile("^pagefile", Pattern.CASE_INSENSITIVE));
LAST_PRI_PATHS.add(Pattern.compile("^hiberfil", Pattern.CASE_INSENSITIVE));
// orphan files are often corrupt and windows does not typically have
// user content, so put them towards the bottom
LOW_PRI_PATHS.add(Pattern.compile("^\\$OrphanFiles", Pattern.CASE_INSENSITIVE));
LOW_PRI_PATHS.add(Pattern.compile("^Windows", Pattern.CASE_INSENSITIVE)); LOW_PRI_PATHS.add(Pattern.compile("^Windows", Pattern.CASE_INSENSITIVE));
// all other files go into the medium category too
MEDIUM_PRI_PATHS.add(Pattern.compile("^Program Files", Pattern.CASE_INSENSITIVE)); MEDIUM_PRI_PATHS.add(Pattern.compile("^Program Files", Pattern.CASE_INSENSITIVE));
MEDIUM_PRI_PATHS.add(Pattern.compile("^\\$OrphanFiles", Pattern.CASE_INSENSITIVE));
MEDIUM_PRI_PATHS.add(Pattern.compile("^\\$Unalloc", Pattern.CASE_INSENSITIVE));
MEDIUM_PRI_PATHS.add(Pattern.compile("^pagefile", Pattern.CASE_INSENSITIVE));
MEDIUM_PRI_PATHS.add(Pattern.compile("^hiberfil", Pattern.CASE_INSENSITIVE));
// user content is top priority
HIGH_PRI_PATHS.add(Pattern.compile("^Users", Pattern.CASE_INSENSITIVE)); HIGH_PRI_PATHS.add(Pattern.compile("^Users", Pattern.CASE_INSENSITIVE));
HIGH_PRI_PATHS.add(Pattern.compile("^Documents and Settings", Pattern.CASE_INSENSITIVE)); HIGH_PRI_PATHS.add(Pattern.compile("^Documents and Settings", Pattern.CASE_INSENSITIVE));
HIGH_PRI_PATHS.add(Pattern.compile("^home", Pattern.CASE_INSENSITIVE)); HIGH_PRI_PATHS.add(Pattern.compile("^home", Pattern.CASE_INSENSITIVE));
@ -719,6 +726,13 @@ class IngestScheduler {
} }
} }
for (Pattern p : LAST_PRI_PATHS) {
Matcher m = p.matcher(path);
if (m.find()) {
return AbstractFilePriotity.Priority.LAST;
}
}
//default is medium //default is medium
return AbstractFilePriotity.Priority.MEDIUM; return AbstractFilePriotity.Priority.MEDIUM;
} }
@ -745,8 +759,8 @@ class IngestScheduler {
queryB.append("SELECT COUNT(*) FROM tsk_files WHERE ( (fs_obj_id = ").append(fs.getId()); queryB.append("SELECT COUNT(*) FROM tsk_files WHERE ( (fs_obj_id = ").append(fs.getId());
//queryB.append(") OR (fs_obj_id = NULL) )"); //queryB.append(") OR (fs_obj_id = NULL) )");
queryB.append(") )"); queryB.append(") )");
queryB.append(" AND ( (meta_type = ").append(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getMetaType()); queryB.append(" AND ( (meta_type = ").append(TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue());
queryB.append(") OR (meta_type = ").append(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR.getMetaType()); queryB.append(") OR (meta_type = ").append(TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR.getValue());
queryB.append(" AND (name != '.') AND (name != '..')"); queryB.append(" AND (name != '.') AND (name != '..')");
queryB.append(") )"); queryB.append(") )");

6
Core/src/org/sleuthkit/autopsy/report/ReportBodyFile.java
View File

@ -42,6 +42,7 @@ import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.ingest.IngestManager; import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.datamodel.*; import org.sleuthkit.datamodel.*;
import org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM;
/** /**
* ReportBodyFile generates a report in the body file format specified on * ReportBodyFile generates a report in the body file format specified on
@ -122,8 +123,9 @@ public class ReportBodyFile implements ReportModule {
out.write("|"); out.write("|");
out.write(Long.toString(file.getMetaAddr())); out.write(Long.toString(file.getMetaAddr()));
out.write("|"); out.write("|");
if(file.getModeAsString()!=null) { String modeString = file.getModesAsString();
out.write(file.getModeAsString()); if(modeString != null) {
out.write(modeString);
} }
out.write("|"); out.write("|");
out.write(Long.toString(file.getUid())); out.write(Long.toString(file.getUid()));

2
Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
View File

@ -755,7 +755,7 @@ public class ReportHTML implements ReportModule {
out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(folder + "downloads.html"), "UTF-8")); out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(folder + "downloads.html"), "UTF-8"));
out.write(generateHead("Web Download Artifacts (" + countDownloads + ")")); out.write(generateHead("Web Download Artifacts (" + countDownloads + ")"));
String title = "<div id=\"header\">Web Downloads (" + countDownloads + ")</div>\n<div id=\"content\">\n"; String title = "<div id=\"header\">Web Downloads (" + countDownloads + ")</div>\n<div id=\"content\">\n";
String tableHeader = getTableHead("URL", "Source URL", "Date Accessed", "Program", "Source File"); String tableHeader = getTableHead("Destination", "Source URL", "Date Accessed", "Program", "Source File");
out.write(title); out.write(title);
out.write(tableHeader); out.write(tableHeader);

6
HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/IndexStatus.java
View File

@ -28,7 +28,7 @@ enum IndexStatus {
/** /**
* The index and database both exist, and the index is older. * The index and database both exist, and the index is older.
*/ */
INDEX_OUTDATED("Index is older than database"), INDEX_OUTDATED("WARNING: Index is older than database"),
/** /**
* The index and database both exist, and the index is not older. * The index and database both exist, and the index is not older.
*/ */
@ -40,11 +40,11 @@ enum IndexStatus {
/** /**
* The database exists but the index does not. * The database exists but the index does not.
*/ */
NO_INDEX("Index does not exist"), NO_INDEX("ERROR: Index does not exist"),
/** /**
* Neither the index nor the database exists. * Neither the index nor the database exists.
*/ */
NONE("No index or database"), NONE("ERROR: No index or database"),
/** /**
* The index is currently being generated * The index is currently being generated
*/ */

2
KeywordSearch/nbproject/genfiles.properties
View File

@ -3,6 +3,6 @@ build.xml.script.CRC32=87b97b04
build.xml.stylesheet.CRC32=a56c6a5b@1.46.2 build.xml.stylesheet.CRC32=a56c6a5b@1.46.2
# This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml. # This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml.
# Do not edit this file. You may delete it but then the IDE will never regenerate such files for you. # Do not edit this file. You may delete it but then the IDE will never regenerate such files for you.
nbproject/build-impl.xml.data.CRC32=8f39548f nbproject/build-impl.xml.data.CRC32=8af8eb1a
nbproject/build-impl.xml.script.CRC32=fe1f48d2 nbproject/build-impl.xml.script.CRC32=fe1f48d2
nbproject/build-impl.xml.stylesheet.CRC32=238281d1@2.50.1 nbproject/build-impl.xml.stylesheet.CRC32=238281d1@2.50.1

67
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentPanel.java
View File

@ -25,17 +25,15 @@ import java.awt.event.ItemEvent;
import java.awt.event.ItemListener; import java.awt.event.ItemListener;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.logging.Level;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
import javax.swing.JMenuItem; import javax.swing.JMenuItem;
import javax.swing.SizeRequirements;
import javax.swing.SwingWorker; import javax.swing.SwingWorker;
import javax.swing.text.AbstractDocument;
import javax.swing.text.AttributeSet;
import javax.swing.text.Element; import javax.swing.text.Element;
import javax.swing.text.StyleConstants;
import javax.swing.text.View; import javax.swing.text.View;
import javax.swing.text.ViewFactory; import javax.swing.text.ViewFactory;
import javax.swing.text.html.HTML; import javax.swing.text.html.InlineView;
import javax.swing.text.html.ParagraphView;
import javax.swing.text.html.HTMLEditorKit; import javax.swing.text.html.HTMLEditorKit;
import javax.swing.text.html.HTMLEditorKit.HTMLFactory; import javax.swing.text.html.HTMLEditorKit.HTMLFactory;
import org.netbeans.api.progress.ProgressHandle; import org.netbeans.api.progress.ProgressHandle;
@ -62,25 +60,50 @@ class ExtractedContentPanel extends javax.swing.JPanel {
private void customizeComponents() { private void customizeComponents() {
extractedTextPane.setEditorKit(new HTMLEditorKit() { extractedTextPane.setEditorKit(new HTMLEditorKit() {
ViewFactory viewFactory = new HTMLFactory() {
@Override
public View create(Element elem) {
AttributeSet attrs = elem.getAttributes();
Object elementName = attrs.getAttribute(AbstractDocument.ElementNameAttribute);
Object o = (elementName != null) ? null : attrs.getAttribute(StyleConstants.NameAttribute);
if (o instanceof HTML.Tag) {
HTML.Tag kind = (HTML.Tag) o;
if (kind == HTML.Tag.IMPLIED) {
return new javax.swing.text.html.ParagraphView(elem);
}
}
return super.create(elem);
}
};
@Override @Override
public ViewFactory getViewFactory() { public ViewFactory getViewFactory() {
return this.viewFactory;
return new HTMLFactory() {
public View create(Element e) {
View v = super.create(e);
if (v instanceof InlineView) {
return new InlineView(e) {
public int getBreakWeight(int axis, float pos, float len) {
return GoodBreakWeight;
}
public View breakView(int axis, int p0, float pos, float len) {
if (axis == View.X_AXIS) {
checkPainter();
int p1 = getGlyphPainter().getBoundedPosition(this, p0, pos, len);
if (p0 == getStartOffset() && p1 == getEndOffset()) {
return this;
}
return createFragment(p0, p1);
}
return this;
}
};
} else if (v instanceof ParagraphView) {
return new ParagraphView(e) {
protected SizeRequirements calculateMinorAxisRequirements(int axis, SizeRequirements r) {
if (r == null) {
r = new SizeRequirements();
}
float pref = layoutPool.getPreferredSpan(axis);
float min = layoutPool.getMinimumSpan(axis);
// Don't include insets, Box.getXXXSpan will include them.
r.minimum = (int) min;
r.preferred = Math.max(r.minimum, (int) pref);
r.maximum = Integer.MAX_VALUE;
r.alignment = 0.5f;
return r;
}
};
}
return v;
}
};
} }
}); });

4
RecentActivity/nbproject/genfiles.properties
View File

@ -1,8 +1,8 @@
build.xml.data.CRC32=bcfe7e87 build.xml.data.CRC32=11199bf7
build.xml.script.CRC32=d323407a build.xml.script.CRC32=d323407a
build.xml.stylesheet.CRC32=a56c6a5b@2.50.1 build.xml.stylesheet.CRC32=a56c6a5b@2.50.1
# This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml. # This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml.
# Do not edit this file. You may delete it but then the IDE will never regenerate such files for you. # Do not edit this file. You may delete it but then the IDE will never regenerate such files for you.
nbproject/build-impl.xml.data.CRC32=bcfe7e87 nbproject/build-impl.xml.data.CRC32=11199bf7
nbproject/build-impl.xml.script.CRC32=aef16a21 nbproject/build-impl.xml.script.CRC32=aef16a21
nbproject/build-impl.xml.stylesheet.CRC32=238281d1@2.50.1 nbproject/build-impl.xml.stylesheet.CRC32=238281d1@2.50.1