mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 16:06:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/sleuthkit/autopsy

Browse Source
This commit is contained in:
adam-m 2012-12-18 17:00:44 -05:00
commit 0b2b8b7849
14 changed files with 191 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerMedia.java
View File

@ -40,7 +40,7 @@ import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer;
import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.datamodel.File;
import org.sleuthkit.datamodel.TskData;
import org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM;
/**
*
@ -332,7 +332,7 @@ public class DataContentViewerMedia extends javax.swing.JPanel implements DataCo
return false;
}
if (File.dirFlagToValue(file.getDirFlags()).equals(TskData.TSK_FS_NAME_FLAG_ENUM.TSK_FS_NAME_FLAG_UNALLOC.toString())) {
if (file.isDirNameFlagSet(TSK_FS_NAME_FLAG_ENUM.UNALLOC)) {
return false;
}

69
Core/src/org/sleuthkit/autopsy/datamodel/AbstractFsContentNode.java
View File

@ -18,11 +18,15 @@
*/
package org.sleuthkit.autopsy.datamodel;
import java.text.SimpleDateFormat;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import org.openide.nodes.Sheet;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM;
import org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM;
import org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM;
/**
* Abstract class that implements the commonality between File and Directory
@ -31,58 +35,45 @@ import org.sleuthkit.datamodel.FsContent;
public abstract class AbstractFsContentNode<T extends FsContent> extends AbstractAbstractFileNode<T> {
// Note: this order matters for the search result, changed it if the order of property headers on the "KeywordSearchNode"changed
public static enum FsContentPropertyType {
NAME {
@Override
public String toString() {
return "Name";
}
},
LOCATION {
@Override
public String toString() {
return "Location";
}
},
MOD_TIME {
@Override
public String toString() {
return "Mod. Time";
}
},
CHANGED_TIME {
@Override
public String toString() {
return "Change Time";
}
},
ACCESS_TIME {
@Override
public String toString() {
return "Access Time";
}
},
CREATED_TIME {
@Override
public String toString() {
return "Created Time";
}
},
SIZE {
@Override
public String toString() {
return "Size";
@ -95,80 +86,66 @@ public abstract class AbstractFsContentNode<T extends FsContent> extends Abstrac
}
},
FLAGS_META {
@Override
public String toString() {
return "Flags(Meta)";
}
},
MODE {
@Override
public String toString() {
return "Mode";
}
},
USER_ID {
@Override
public String toString() {
return "UserID";
}
},
GROUP_ID {
@Override
@Override
public String toString() {
return "GroupID";
}
},
META_ADDR {
@Override
public String toString() {
return "Meta Addr.";
}
},
ATTR_ADDR {
@Override
public String toString() {
return "Attr. Addr.";
}
},
TYPE_DIR {
@Override
public String toString() {
return "Type(Dir)";
}
},
TYPE_META {
@Override
public String toString() {
return "Type(Meta)";
}
},
KNOWN {
@Override
public String toString() {
return "Known";
}
},
MD5HASH {
@Override
public String toString() {
return "MD5 Hash";
}
},
}
}
}
private boolean directoryBrowseMode;
public static final String HIDE_PARENT = "hide_parent";
@ -177,13 +154,13 @@ public abstract class AbstractFsContentNode<T extends FsContent> extends Abstrac
this(fsContent, true);
}
/**
* Constructor
*
* @param fsContent the fsContent
* @param directoryBrowseMode how the user caused this node
* to be created: if by browsing the image contents, it is true. If by
* selecting a file filter (e.g. 'type' or 'recent'), it is false
* @param directoryBrowseMode how the user caused this node to be created:
* if by browsing the image contents, it is true. If by selecting a file
* filter (e.g. 'type' or 'recent'), it is false
*/
AbstractFsContentNode(T fsContent, boolean directoryBrowseMode) {
super(fsContent);
@ -215,7 +192,7 @@ public abstract class AbstractFsContentNode<T extends FsContent> extends Abstrac
final String propString = propType.toString();
ss.put(new NodeProperty(propString, propString, NO_DESCR, map.get(propString)));
}
if(directoryBrowseMode) {
if (directoryBrowseMode) {
ss.put(new NodeProperty(HIDE_PARENT, HIDE_PARENT, HIDE_PARENT, HIDE_PARENT));
}
@ -225,35 +202,37 @@ public abstract class AbstractFsContentNode<T extends FsContent> extends Abstrac
/**
* Fill map with FsContent properties
*
* @param map map with preserved ordering, where property names/values are put
* @param map map with preserved ordering, where property names/values are
* put
* @param content to extract properties from
*/
public static void fillPropertyMap(Map<String, Object> map, FsContent content) {
map.put(FsContentPropertyType.NAME.toString(), getFsContentName(content));
map.put(FsContentPropertyType.LOCATION.toString(), DataConversion.getformattedPath(ContentUtils.getDisplayPath(content), 0, 1));
map.put(FsContentPropertyType.MOD_TIME.toString(), ContentUtils.getStringTime(content.getMtime(), content));
map.put(FsContentPropertyType.MOD_TIME.toString(), ContentUtils.getStringTime(content.getMtime(), content));
map.put(FsContentPropertyType.CHANGED_TIME.toString(), ContentUtils.getStringTime(content.getCtime(), content));
map.put(FsContentPropertyType.ACCESS_TIME.toString(), ContentUtils.getStringTime(content.getAtime(), content));
map.put(FsContentPropertyType.CREATED_TIME.toString(), ContentUtils.getStringTime(content.getCrtime(), content));
map.put(FsContentPropertyType.SIZE.toString(), content.getSize());
map.put(FsContentPropertyType.FLAGS_DIR.toString(), content.getDirFlagsAsString());
map.put(FsContentPropertyType.FLAGS_DIR.toString(), content.getDirFlagAsString());
map.put(FsContentPropertyType.FLAGS_META.toString(), content.getMetaFlagsAsString());
map.put(FsContentPropertyType.MODE.toString(), content.getModeAsString());
map.put(FsContentPropertyType.MODE.toString(), content.getModesAsString());
map.put(FsContentPropertyType.USER_ID.toString(), content.getUid());
map.put(FsContentPropertyType.GROUP_ID.toString(), content.getGid());
map.put(FsContentPropertyType.META_ADDR.toString(), content.getMetaAddr());
map.put(FsContentPropertyType.ATTR_ADDR.toString(), Long.toString(content.getAttrType()) + "-" + Long.toString(content.getAttrId()));
map.put(FsContentPropertyType.TYPE_DIR.toString(), content.getDirTypeAsString());
map.put(FsContentPropertyType.TYPE_META.toString(), content.getMetaTypeAsString());
map.put(FsContentPropertyType.ATTR_ADDR.toString(), Long.toString(content.getAttrType().getValue()) + "-" + Long.toString(content.getAttrId()));
map.put(FsContentPropertyType.TYPE_DIR.toString(), content.getDirType().getLabel());
map.put(FsContentPropertyType.TYPE_META.toString(), content.getMetaType().toString());
map.put(FsContentPropertyType.KNOWN.toString(), content.getKnown().getName());
map.put(FsContentPropertyType.MD5HASH.toString(), content.getMd5Hash() == null ? "" : content.getMd5Hash());
}
static String getFsContentName(FsContent fsContent) {
String name = fsContent.getName();
if(name.equals("..")) {
if (name.equals("..")) {
name = DirectoryNode.DOTDOTDIR;
} else if(name.equals(".")) {
} else if (name.equals(".")) {
name = DirectoryNode.DOTDIR;
}
return name;

4
Core/src/org/sleuthkit/autopsy/datamodel/DirectoryNode.java
View File

@ -20,7 +20,7 @@ package org.sleuthkit.autopsy.datamodel;
import javax.swing.Action;
import org.sleuthkit.datamodel.Directory;
import org.sleuthkit.datamodel.TskData;
import org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM;
/**
* This class is used to represent the "Node" for the directory.
@ -39,7 +39,7 @@ public class DirectoryNode extends AbstractFsContentNode<Directory> {
super(dir, directoryBrowseMode);
// set name, display name, and icon
if (Directory.dirFlagToValue(dir.getDirFlags()).equals(TskData.TSK_FS_NAME_FLAG_ENUM.TSK_FS_NAME_FLAG_UNALLOC.toString())) {
if (dir.isDirNameFlagSet(TSK_FS_NAME_FLAG_ENUM.UNALLOC)) {
this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/folder-icon-deleted.png");
} else {
this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/Folder-icon.png");

4
Core/src/org/sleuthkit/autopsy/datamodel/FileNode.java
View File

@ -20,7 +20,7 @@ package org.sleuthkit.autopsy.datamodel;
import javax.swing.Action;
import org.sleuthkit.datamodel.File;
import org.sleuthkit.datamodel.TskData;
import org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM;
/**
* This class is used to represent the "Node" for the file. It has no children.
@ -39,7 +39,7 @@ public class FileNode extends AbstractFsContentNode<File> {
super(file, directoryBrowseMode);
// set name, display name, and icon
if (file.getDirFlags() == (TskData.TSK_FS_NAME_FLAG_ENUM.TSK_FS_NAME_FLAG_UNALLOC.getDirFlag())) {
if (file.isDirNameFlagSet(TSK_FS_NAME_FLAG_ENUM.UNALLOC)) {
this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/file-icon-deleted.png");
} else {
this.setIconBaseWithExtension(getIconForFileType(file));

41
Core/src/org/sleuthkit/autopsy/datamodel/VirtualDirectoryNode.java
View File

@ -23,7 +23,7 @@ import java.util.Map;
import org.openide.nodes.Sheet;
import org.sleuthkit.autopsy.datamodel.LayoutFileNode.LayoutContentPropertyType;
import org.sleuthkit.datamodel.VirtualDirectory;
import org.sleuthkit.datamodel.LayoutFile;
import org.sleuthkit.datamodel.TskData;
/**
* Node for layout dir
@ -84,8 +84,6 @@ public class VirtualDirectoryNode extends AbstractAbstractFileNode<VirtualDirect
return true;
}
//TODO consider extend AbstractFsContent node and use that
//first need methods such as getDirType() to be pushed to AbstractFile class
private static void fillPropertyMap(Map<String, Object> map, VirtualDirectory content) {
@ -97,9 +95,38 @@ public class VirtualDirectoryNode extends AbstractAbstractFileNode<VirtualDirect
map.put(AbstractFsContentNode.FsContentPropertyType.CHANGED_TIME.toString(), ContentUtils.getStringTime(0, content));
map.put(AbstractFsContentNode.FsContentPropertyType.ACCESS_TIME.toString(), ContentUtils.getStringTime(0, content));
map.put(AbstractFsContentNode.FsContentPropertyType.CREATED_TIME.toString(), ContentUtils.getStringTime(0, content));
map.put(AbstractFsContentNode.FsContentPropertyType.FLAGS_DIR.toString(), content.getDirFlagsAsString());
map.put(AbstractFsContentNode.FsContentPropertyType.FLAGS_META.toString(), content.getMetaFlagsAsString());
map.put(AbstractFsContentNode.FsContentPropertyType.TYPE_DIR.toString(), content.getDirTypeAsString());
map.put(AbstractFsContentNode.FsContentPropertyType.TYPE_META.toString(), content.getMetaTypeAsString());
map.put(AbstractFsContentNode.FsContentPropertyType.FLAGS_DIR.toString(), content.getDirFlags().toString());
map.put(AbstractFsContentNode.FsContentPropertyType.FLAGS_META.toString(), metaFlagToString(content.getMetaFlags()));
map.put(AbstractFsContentNode.FsContentPropertyType.TYPE_DIR.toString(), content.getDirType().toString());
map.put(AbstractFsContentNode.FsContentPropertyType.TYPE_META.toString(), content.getMetaType().toString());
}
/**
* Convert meta flag long to user-readable string / label
*
* @param metaFlag to convert
* @return string formatted meta flag representation
*/
public static String metaFlagToString(short metaFlag) {
String result = "";
short allocFlag = TskData.TSK_FS_META_FLAG_ENUM.ALLOC.getValue();
short unallocFlag = TskData.TSK_FS_META_FLAG_ENUM.UNALLOC.getValue();
// some variables that might be needed in the future
//long usedFlag = TskData.TSK_FS_META_FLAG_ENUM.USED.getMetaFlag();
//long unusedFlag = TskData.TSK_FS_META_FLAG_ENUM.UNUSED.getMetaFlag();
//long compFlag = TskData.TSK_FS_META_FLAG_ENUM.COMP.getMetaFlag();
//long orphanFlag = TskData.TSK_FS_META_FLAG_ENUM.ORPHAN.getMetaFlag();
if ((metaFlag & allocFlag) == allocFlag) {
result = TskData.TSK_FS_META_FLAG_ENUM.ALLOC.toString();
}
if ((metaFlag & unallocFlag) == unallocFlag) {
result = TskData.TSK_FS_META_FLAG_ENUM.UNALLOC.toString();
}
return result;
}
}

56
Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
View File

@ -24,6 +24,7 @@ import java.awt.event.ActionEvent;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
@ -44,9 +45,9 @@ import org.sleuthkit.datamodel.ContentVisitor;
import org.sleuthkit.datamodel.Directory;
import org.sleuthkit.datamodel.FileSystem;
import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.VirtualDirectory;
import org.sleuthkit.datamodel.LayoutFile;
import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.VirtualDirectory;
import org.sleuthkit.datamodel.Volume;
import org.sleuthkit.datamodel.VolumeSystem;
@ -168,22 +169,23 @@ public final class ExtractUnallocAction extends AbstractAction {
private List<UnallocStruct> lus = new ArrayList<UnallocStruct>();
private File currentlyProcessing;
private int totalSizeinMegs;
long totalBytes = 0;
ExtractUnallocWorker(UnallocStruct us) {
this.lus.add(us);
//Getting the total megs this worker is going to be doing
if (!lockedVols.contains(us.getFileName())) {
totalSizeinMegs = toMb(us.sizeInBytes());
this.lus.add(us);
totalBytes = us.getSizeInBytes();
totalSizeinMegs = toMb(totalBytes);
lockedVols.add(us.getFileName());
}
}
ExtractUnallocWorker(List<UnallocStruct> lst) {
//Getting the total megs this worker is going to be doing
long totalBytes = 0;
for (UnallocStruct lu : lst) {
if (!lockedVols.contains(lu.getFileName())) {
totalBytes += lu.sizeInBytes();
totalBytes += lu.getSizeInBytes();
lockedVols.add(lu.getFileName());
this.lus.add(lu);
}
@ -196,7 +198,7 @@ public final class ExtractUnallocAction extends AbstractAction {
if (bytes > 1024 && (bytes / 1024.0) <= Double.MAX_VALUE) {
double Mb = ((bytes / 1024.0) / 1024.0);//Bytes -> Megabytes
if (Mb <= Integer.MAX_VALUE) {
return (int) Math.floor(Mb);
return (int) Math.ceil(Mb);
}
}
return 0;
@ -222,27 +224,32 @@ public final class ExtractUnallocAction extends AbstractAction {
//Begin the actual File IO
progress.start(totalSizeinMegs);
int kbs = 0; //Each completion of the while loop adds one to kbs. 8kb * 128 = 1mb.
int kbs = 0; //Each completion of the while loop adds one to kbs. 16kb * 64 = 1mb.
int mbs = 0; //Increments every 128th tick of kbs
for (UnallocStruct u : this.lus) {
currentlyProcessing = u.getFile();
logger.log(Level.INFO, "Writing Unalloc file to " + currentlyProcessing.getPath());
FileOutputStream fos = new FileOutputStream(currentlyProcessing);
int count = 1;
for (LayoutFile f : u.getLayouts()) {
long offset = 0L;
while (offset != f.getSize() && !canceled) {
offset += f.read(buf, offset, MAX_BYTES); //Offset + Bytes read
fos.write(buf);
OutputStream dos = new FileOutputStream(currentlyProcessing);
long bytes = 0;
int i = 0;
while(i < u.getLayouts().size() && bytes != u.getSizeInBytes()){
LayoutFile f = u.getLayouts().get(i);
long offsetPerFile = 0L;
int bytesRead;
while(offsetPerFile != f.getSize() && !canceled){
if (++kbs % 128 == 0) {
mbs++;
progress.progress("processing " + mbs + " of " + totalSizeinMegs + " MBs", mbs);
progress.progress("processing " + mbs + " of " + totalSizeinMegs + " MBs", mbs-1);
}
bytesRead = f.read(buf, offsetPerFile, MAX_BYTES);
offsetPerFile+= bytesRead;
dos.write(buf, 0, bytesRead);
}
count++;
bytes+=f.getSize();
i++;
}
fos.flush();
fos.close();
dos.flush();
dos.close();
if (canceled) {
u.getFile().delete();
@ -420,9 +427,9 @@ public final class ExtractUnallocAction extends AbstractAction {
return 0;
}
if (o1.getId() > o2.getId()) {
return -1;
} else {
return 1;
} else {
return -1;
}
}
}
@ -434,6 +441,7 @@ public final class ExtractUnallocAction extends AbstractAction {
private class UnallocStruct {
private List<LayoutFile> llf;
private long SizeInBytes;
private long VolumeId;
private long ImageId;
private String ImageName;
@ -453,6 +461,7 @@ public final class ExtractUnallocAction extends AbstractAction {
this.ImageName = img.getName();
this.FileName = this.ImageName + "-Unalloc-" + this.ImageId + "-" + 0 + ".dat";
this.FileInstance = new File(Case.getCurrentCase().getCaseDirectory() + File.separator + "Export" + File.separator + this.FileName);
this.SizeInBytes = calcSizeInBytes();
}
/**
@ -474,6 +483,7 @@ public final class ExtractUnallocAction extends AbstractAction {
this.FileInstance = new File(Case.getCurrentCase().getCaseDirectory() + File.separator + "Export" + File.separator + this.FileName);
this.llf = getUnallocFiles(volu);
Collections.sort(llf, new SortObjId());
this.SizeInBytes = calcSizeInBytes();
}
//Getters
@ -481,7 +491,7 @@ public final class ExtractUnallocAction extends AbstractAction {
return llf.size();
}
long sizeInBytes() {
private long calcSizeInBytes() {
long size = 0L;
for (LayoutFile f : llf) {
size += f.getSize();
@ -489,6 +499,10 @@ public final class ExtractUnallocAction extends AbstractAction {
return size;
}
long getSizeInBytes(){
return this.SizeInBytes;
}
long getVolumeId() {
return this.VolumeId;
}

5
Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java
View File

@ -814,8 +814,7 @@ public class IngestManager {
final AbstractFile fileToProcess = fileTask.file;
//logger.log(Level.INFO, "NEXT FILE: " + fileToProcess.getName());
logger.log(Level.INFO, "IngestManager: Processing: {0}", fileToProcess.getName());
progress.progress(fileToProcess.getName(), processedFiles);
for (IngestModuleAbstractFile module : fileTask.scheduledTask.modules) {
@ -857,7 +856,7 @@ public class IngestManager {
//--totalEnqueuedFiles;
} //end of this AbstractFile
logger.log(Level.INFO, "Done background processing");
logger.log(Level.INFO, "IngestManager: Finished processing files");
return null;
}

36
Core/src/org/sleuthkit/autopsy/ingest/IngestScheduler.java
View File

@ -22,7 +22,6 @@ import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashSet;
import java.util.Iterator;
@ -42,15 +41,13 @@ import org.sleuthkit.datamodel.ContentVisitor;
import org.sleuthkit.datamodel.Directory;
import org.sleuthkit.datamodel.File;
import org.sleuthkit.datamodel.FileSystem;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.VirtualDirectory;
import org.sleuthkit.datamodel.LayoutFile;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.TskData;
import org.sleuthkit.datamodel.Volume;
import org.sleuthkit.datamodel.VolumeSystem;
import org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM;
/**
* Schedules images and files with their associated modules for ingest, and
@ -666,21 +663,31 @@ class IngestScheduler {
enum Priority {
LOW, MEDIUM, HIGH
LAST, LOW, MEDIUM, HIGH
};
static final List<Pattern> LAST_PRI_PATHS = new ArrayList<Pattern>();
static final List<Pattern> LOW_PRI_PATHS = new ArrayList<Pattern>();
static final List<Pattern> MEDIUM_PRI_PATHS = new ArrayList<Pattern>();
static final List<Pattern> HIGH_PRI_PATHS = new ArrayList<Pattern>();
/* prioritize root directory folders based on the assumption that we are
* looking for user content. Other types of investigations may want different
* priorities. */
static {
// these files have no structure, so they go last
LAST_PRI_PATHS.add(Pattern.compile("^\\$Unalloc", Pattern.CASE_INSENSITIVE));
LAST_PRI_PATHS.add(Pattern.compile("^pagefile", Pattern.CASE_INSENSITIVE));
LAST_PRI_PATHS.add(Pattern.compile("^hiberfil", Pattern.CASE_INSENSITIVE));
// orphan files are often corrupt and windows does not typically have
// user content, so put them towards the bottom
LOW_PRI_PATHS.add(Pattern.compile("^\\$OrphanFiles", Pattern.CASE_INSENSITIVE));
LOW_PRI_PATHS.add(Pattern.compile("^Windows", Pattern.CASE_INSENSITIVE));
// all other files go into the medium category too
MEDIUM_PRI_PATHS.add(Pattern.compile("^Program Files", Pattern.CASE_INSENSITIVE));
MEDIUM_PRI_PATHS.add(Pattern.compile("^\\$OrphanFiles", Pattern.CASE_INSENSITIVE));
MEDIUM_PRI_PATHS.add(Pattern.compile("^\\$Unalloc", Pattern.CASE_INSENSITIVE));
MEDIUM_PRI_PATHS.add(Pattern.compile("^pagefile", Pattern.CASE_INSENSITIVE));
MEDIUM_PRI_PATHS.add(Pattern.compile("^hiberfil", Pattern.CASE_INSENSITIVE));
// user content is top priority
HIGH_PRI_PATHS.add(Pattern.compile("^Users", Pattern.CASE_INSENSITIVE));
HIGH_PRI_PATHS.add(Pattern.compile("^Documents and Settings", Pattern.CASE_INSENSITIVE));
HIGH_PRI_PATHS.add(Pattern.compile("^home", Pattern.CASE_INSENSITIVE));
@ -719,6 +726,13 @@ class IngestScheduler {
}
}
for (Pattern p : LAST_PRI_PATHS) {
Matcher m = p.matcher(path);
if (m.find()) {
return AbstractFilePriotity.Priority.LAST;
}
}
//default is medium
return AbstractFilePriotity.Priority.MEDIUM;
}
@ -745,8 +759,8 @@ class IngestScheduler {
queryB.append("SELECT COUNT(*) FROM tsk_files WHERE ( (fs_obj_id = ").append(fs.getId());
//queryB.append(") OR (fs_obj_id = NULL) )");
queryB.append(") )");
queryB.append(" AND ( (meta_type = ").append(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getMetaType());
queryB.append(") OR (meta_type = ").append(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR.getMetaType());
queryB.append(" AND ( (meta_type = ").append(TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue());
queryB.append(") OR (meta_type = ").append(TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR.getValue());
queryB.append(" AND (name != '.') AND (name != '..')");
queryB.append(") )");

6
Core/src/org/sleuthkit/autopsy/report/ReportBodyFile.java
View File

@ -42,6 +42,7 @@ import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.datamodel.*;
import org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM;
/**
* ReportBodyFile generates a report in the body file format specified on
@ -122,8 +123,9 @@ public class ReportBodyFile implements ReportModule {
out.write("|");
out.write(Long.toString(file.getMetaAddr()));
out.write("|");
if(file.getModeAsString()!=null) {
out.write(file.getModeAsString());
String modeString = file.getModesAsString();
if(modeString != null) {
out.write(modeString);
}
out.write("|");
out.write(Long.toString(file.getUid()));

2
Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
View File

@ -755,7 +755,7 @@ public class ReportHTML implements ReportModule {
out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(folder + "downloads.html"), "UTF-8"));
out.write(generateHead("Web Download Artifacts (" + countDownloads + ")"));
String title = "<div id=\"header\">Web Downloads (" + countDownloads + ")</div>\n<div id=\"content\">\n";
String tableHeader = getTableHead("URL", "Source URL", "Date Accessed", "Program", "Source File");
String tableHeader = getTableHead("Destination", "Source URL", "Date Accessed", "Program", "Source File");
out.write(title);
out.write(tableHeader);

6
HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/IndexStatus.java
View File

@ -28,7 +28,7 @@ enum IndexStatus {
/**
* The index and database both exist, and the index is older.
*/
INDEX_OUTDATED("Index is older than database"),
INDEX_OUTDATED("WARNING: Index is older than database"),
/**
* The index and database both exist, and the index is not older.
*/
@ -40,11 +40,11 @@ enum IndexStatus {
/**
* The database exists but the index does not.
*/
NO_INDEX("Index does not exist"),
NO_INDEX("ERROR: Index does not exist"),
/**
* Neither the index nor the database exists.
*/
NONE("No index or database"),
NONE("ERROR: No index or database"),
/**
* The index is currently being generated
*/

2
KeywordSearch/nbproject/genfiles.properties
View File

@ -3,6 +3,6 @@ build.xml.script.CRC32=87b97b04
build.xml.stylesheet.CRC32=a56c6a5b@1.46.2
# This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml.
# Do not edit this file. You may delete it but then the IDE will never regenerate such files for you.
nbproject/build-impl.xml.data.CRC32=8f39548f
nbproject/build-impl.xml.data.CRC32=8af8eb1a
nbproject/build-impl.xml.script.CRC32=fe1f48d2
nbproject/build-impl.xml.stylesheet.CRC32=238281d1@2.50.1

67
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentPanel.java
View File

@ -25,17 +25,15 @@ import java.awt.event.ItemEvent;
import java.awt.event.ItemListener;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level;
import org.sleuthkit.autopsy.coreutils.Logger;
import javax.swing.JMenuItem;
import javax.swing.SizeRequirements;
import javax.swing.SwingWorker;
import javax.swing.text.AbstractDocument;
import javax.swing.text.AttributeSet;
import javax.swing.text.Element;
import javax.swing.text.StyleConstants;
import javax.swing.text.View;
import javax.swing.text.ViewFactory;
import javax.swing.text.html.HTML;
import javax.swing.text.html.InlineView;
import javax.swing.text.html.ParagraphView;
import javax.swing.text.html.HTMLEditorKit;
import javax.swing.text.html.HTMLEditorKit.HTMLFactory;
import org.netbeans.api.progress.ProgressHandle;
@ -62,25 +60,50 @@ class ExtractedContentPanel extends javax.swing.JPanel {
private void customizeComponents() {
extractedTextPane.setEditorKit(new HTMLEditorKit() {
ViewFactory viewFactory = new HTMLFactory() {
@Override
public View create(Element elem) {
AttributeSet attrs = elem.getAttributes();
Object elementName = attrs.getAttribute(AbstractDocument.ElementNameAttribute);
Object o = (elementName != null) ? null : attrs.getAttribute(StyleConstants.NameAttribute);
if (o instanceof HTML.Tag) {
HTML.Tag kind = (HTML.Tag) o;
if (kind == HTML.Tag.IMPLIED) {
return new javax.swing.text.html.ParagraphView(elem);
}
}
return super.create(elem);
}
};
@Override
public ViewFactory getViewFactory() {
return this.viewFactory;
return new HTMLFactory() {
public View create(Element e) {
View v = super.create(e);
if (v instanceof InlineView) {
return new InlineView(e) {
public int getBreakWeight(int axis, float pos, float len) {
return GoodBreakWeight;
}
public View breakView(int axis, int p0, float pos, float len) {
if (axis == View.X_AXIS) {
checkPainter();
int p1 = getGlyphPainter().getBoundedPosition(this, p0, pos, len);
if (p0 == getStartOffset() && p1 == getEndOffset()) {
return this;
}
return createFragment(p0, p1);
}
return this;
}
};
} else if (v instanceof ParagraphView) {
return new ParagraphView(e) {
protected SizeRequirements calculateMinorAxisRequirements(int axis, SizeRequirements r) {
if (r == null) {
r = new SizeRequirements();
}
float pref = layoutPool.getPreferredSpan(axis);
float min = layoutPool.getMinimumSpan(axis);
// Don't include insets, Box.getXXXSpan will include them.
r.minimum = (int) min;
r.preferred = Math.max(r.minimum, (int) pref);
r.maximum = Integer.MAX_VALUE;
r.alignment = 0.5f;
return r;
}
};
}
return v;
}
};
}
});

4
RecentActivity/nbproject/genfiles.properties
View File

@ -1,8 +1,8 @@
build.xml.data.CRC32=bcfe7e87
build.xml.data.CRC32=11199bf7
build.xml.script.CRC32=d323407a
build.xml.stylesheet.CRC32=a56c6a5b@2.50.1
# This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml.
# Do not edit this file. You may delete it but then the IDE will never regenerate such files for you.
nbproject/build-impl.xml.data.CRC32=bcfe7e87
nbproject/build-impl.xml.data.CRC32=11199bf7
nbproject/build-impl.xml.script.CRC32=aef16a21
nbproject/build-impl.xml.stylesheet.CRC32=238281d1@2.50.1