mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 18:17:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Readdition of merged files.

Browse Source
This commit is contained in:
Alex Ebadirad 2012-05-02 15:01:29 -07:00
parent bce66978c4
commit 15136d3a61
12 changed files with 1324 additions and 1306 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
Report/src/org/sleuthkit/autopsy/report/ReportModuleException.java Normal file
View File

@ -0,0 +1,33 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
//exception thrown by a reporting module when report generation failed
class ReportModuleException extends Exception {
public ReportModuleException(String msg) {
super(msg);
}
public ReportModuleException(String msg, Exception ex) {
super(msg, ex);
}
}

489
Report/src/org/sleuthkit/autopsy/report/report.java
View File

@ -1,12 +1,29 @@
/* /*
* To change this template, choose Tools | Templates *
* and open the template in the editor. * Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/ */
package org.sleuthkit.autopsy.report; package org.sleuthkit.autopsy.report;
import java.sql.ResultSet; import java.sql.ResultSet;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
@ -18,278 +35,242 @@ import org.sleuthkit.datamodel.SleuthkitCase;
* *
* @author Alex * @author Alex
*/ */
public class report implements reportInterface { public class report {
private void report(){
} private void report() {
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getGenInfo() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(1);
for (BlackboardArtifact artifact : bbart)
{
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
} }
catch (Exception e)
{
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getGenInfo() {
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getWebHistory() { HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>(); Case currentCase = Case.getCurrentCase(); // get the most updated case
Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase();
SleuthkitCase tempDb = currentCase.getSleuthkitCase(); try {
try ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO);
{ for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(4);
for (BlackboardArtifact artifact : bbart)
{
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes(); ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes); reportMap.put(artifact, attributes);
} }
} } catch (Exception e) {
catch (Exception e) Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
{ }
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getWebCookie() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(3);
for (BlackboardArtifact artifact : bbart)
{
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getWebBookmark() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(2);
for (BlackboardArtifact artifact : bbart)
{
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override return reportMap;
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getWebDownload() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(5);
for (BlackboardArtifact artifact : bbart)
{
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
} }
catch (Exception e)
{
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getWebHistory() {
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getRecentObject() { HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>(); Case currentCase = Case.getCurrentCase(); // get the most updated case
Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase();
SleuthkitCase tempDb = currentCase.getSleuthkitCase(); try {
try ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY);
{ for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(6);
for (BlackboardArtifact artifact : bbart)
{
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes(); ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes); reportMap.put(artifact, attributes);
} }
} } catch (Exception e) {
catch (Exception e) Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
{ }
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override return reportMap;
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getKeywordHit() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(9);
for (BlackboardArtifact artifact : bbart)
{
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
} }
catch (Exception e)
{
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getHashHit() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(10);
for (BlackboardArtifact artifact : bbart)
{
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getInstalledProg() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(8);
for (BlackboardArtifact artifact : bbart)
{
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getWebCookie() {
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getDevices() { HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>(); Case currentCase = Case.getCurrentCase(); // get the most updated case
Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase();
SleuthkitCase tempDb = currentCase.getSleuthkitCase(); try {
try ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE);
{ for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(11);
for (BlackboardArtifact artifact : bbart)
{
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes(); ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes); reportMap.put(artifact, attributes);
} }
} } catch (Exception e) {
catch (Exception e) Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
{ }
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override return reportMap;
public String getGroupedKeywordHit() { }
StringBuilder table = new StringBuilder();
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>(); public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getWebBookmark() {
Case currentCase = Case.getCurrentCase(); // get the most updated case HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
SleuthkitCase tempDb = currentCase.getSleuthkitCase(); Case currentCase = Case.getCurrentCase(); // get the most updated case
try SleuthkitCase tempDb = currentCase.getSleuthkitCase();
{ try {
ResultSet uniqueresults = tempDb.runQuery("SELECT DISTINCT value_text from blackboard_attributes where attribute_type_id = '10' order by value_text ASC"); ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK);
while(uniqueresults.next()) for (BlackboardArtifact artifact : bbart) {
{ ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
table.append("<strong>").append(uniqueresults.getString("value_text")).append("</strong>"); reportMap.put(artifact, attributes);
table.append("<table><thead><tr><th>").append("File Name").append("</th><th>Preview</th><th>Keyword List</th></tr><tbody>");
ArrayList<BlackboardArtifact> artlist = new ArrayList<BlackboardArtifact>();
ResultSet tempresults = tempDb.runQuery("select DISTINCT artifact_id from blackboard_attributes where attribute_type_id = '10' and value_text = '" + uniqueresults.getString("value_text") +"'");
while(tempresults.next())
{
artlist.add(tempDb.getBlackboardArtifact(tempresults.getLong("artifact_id")));
} }
for(BlackboardArtifact art : artlist) } catch (Exception e) {
{ Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
String filename = tempDb.getFsContentById(art.getObjectID()).getName(); }
String preview = "";
String set = ""; return reportMap;
table.append("<tr><td>").append(filename).append("</td>"); }
ArrayList<BlackboardAttribute> tempatts = art.getAttributes();
for(BlackboardAttribute att : tempatts) public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getWebDownload() {
{ HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
if(att.getAttributeTypeID() == 12) Case currentCase = Case.getCurrentCase(); // get the most updated case
{ SleuthkitCase tempDb = currentCase.getSleuthkitCase();
preview = "<td>" + att.getValueString() + "</td>"; try {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD);
for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
} catch (Exception e) {
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getRecentObject() {
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT);
for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
} catch (Exception e) {
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getKeywordHit() {
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT);
for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
} catch (Exception e) {
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getHashHit() {
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT);
for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
} catch (Exception e) {
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getInstalledProg() {
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG);
for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
} catch (Exception e) {
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getDevices() {
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED);
for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
} catch (Exception e) {
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
public String getGroupedKeywordHit() {
StringBuilder table = new StringBuilder();
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try {
ResultSet uniqueresults = tempDb.runQuery("SELECT DISTINCT value_text from blackboard_attributes where attribute_type_id = '10' order by value_text ASC");
while (uniqueresults.next()) {
table.append("<strong>").append(uniqueresults.getString("value_text")).append("</strong>");
table.append("<table><thead><tr><th>").append("File Name").append("</th><th>Preview</th><th>Keyword List</th></tr><tbody>");
ArrayList<BlackboardArtifact> artlist = new ArrayList<BlackboardArtifact>();
ResultSet tempresults = tempDb.runQuery("select DISTINCT artifact_id from blackboard_attributes where attribute_type_id = '10' and value_text = '" + uniqueresults.getString("value_text") + "'");
while (tempresults.next()) {
artlist.add(tempDb.getBlackboardArtifact(tempresults.getLong("artifact_id")));
}
for (BlackboardArtifact art : artlist) {
String filename = tempDb.getFsContentById(art.getObjectID()).getName();
String preview = "";
String set = "";
table.append("<tr><td>").append(filename).append("</td>");
ArrayList<BlackboardAttribute> tempatts = art.getAttributes();
for (BlackboardAttribute att : tempatts) {
if (att.getAttributeTypeID() == 12) {
preview = "<td>" + att.getValueString() + "</td>";
}
if (att.getAttributeTypeID() == 13) {
set = "<td>" + att.getValueString() + "</td>";
}
} }
if(att.getAttributeTypeID() == 13) table.append(preview).append(set).append("</tr>");
{ }
set = "<td>" + att.getValueString() + "</td>";
table.append("</tbody></table><br /><br />");
}
} catch (Exception e) {
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
String result = table.toString();
return result;
}
public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getAllTypes(ReportConfiguration config) {
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try {
for (Map.Entry<BlackboardArtifact.ARTIFACT_TYPE, Boolean> entry : config.config.entrySet()) {
if (entry.getValue()) {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(entry.getKey());
for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
} }
} }
table.append(preview).append(set).append("</tr>");
} }
} catch (Exception e) {
Logger.getLogger(report.class.getName()).log(Level.INFO, "Exception occurred", e);
table.append("</tbody></table><br /><br />");
} }
}
catch (Exception e)
{
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
String result = table.toString();
return result;
}
return reportMap;
}
} }

119
Report/src/org/sleuthkit/autopsy/report/reportAction.java
View File

@ -1,6 +1,22 @@
/* /*
* To change this template, choose Tools | Templates *
* and open the template in the editor. * Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/ */
package org.sleuthkit.autopsy.report; package org.sleuthkit.autopsy.report;
@ -12,22 +28,22 @@ import java.awt.event.ActionListener;
import java.beans.PropertyChangeEvent; import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener; import java.beans.PropertyChangeListener;
import java.io.File; import java.io.File;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.swing.ImageIcon;
import javax.swing.JButton; import javax.swing.JButton;
import javax.swing.JDialog; import javax.swing.JDialog;
import javax.swing.JFrame; import javax.swing.JFrame;
import org.openide.awt.ActionRegistration; import org.openide.awt.ActionID;
import org.openide.awt.ActionReference; import org.openide.awt.ActionReference;
import org.openide.awt.ActionReferences; import org.openide.awt.ActionReferences;
import org.openide.awt.ActionID; import org.openide.awt.ActionRegistration;
import org.openide.util.HelpCtx; import org.openide.util.HelpCtx;
import org.openide.util.NbBundle.Messages; import org.openide.util.NbBundle.Messages;
import org.openide.util.actions.CallableSystemAction; import org.openide.util.actions.CallableSystemAction;
import org.openide.util.actions.Presenter; import org.openide.util.actions.Presenter;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.coreutils.Log; import org.sleuthkit.autopsy.coreutils.Log;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.swing.ImageIcon;
@ActionID(category = "Tools", @ActionID(category = "Tools",
id = "org.sleuthkit.autopsy.report.reportAction") id = "org.sleuthkit.autopsy.report.reportAction")
@ -36,53 +52,50 @@ id = "org.sleuthkit.autopsy.report.reportAction")
@ActionReference(path = "Menu/Tools", position = 80) @ActionReference(path = "Menu/Tools", position = 80)
}) })
@Messages("CTL_reportAction=Run Report") @Messages("CTL_reportAction=Run Report")
public final class reportAction extends CallableSystemAction implements Presenter.Toolbar{ public final class reportAction extends CallableSystemAction implements Presenter.Toolbar {
private JButton toolbarButton = new JButton(); private JButton toolbarButton = new JButton();
private static final String ACTION_NAME = "Generate Report"; private static final String ACTION_NAME = "Generate Report";
Logger logger = Logger.getLogger(reportAction.class.getName()); static final Logger logger = Logger.getLogger(reportAction.class.getName());
public reportAction() { public reportAction() {
setEnabled(false); setEnabled(false);
Case.addPropertyChangeListener(new PropertyChangeListener() { Case.addPropertyChangeListener(new PropertyChangeListener() {
@Override @Override
public void propertyChange(PropertyChangeEvent evt) { public void propertyChange(PropertyChangeEvent evt) {
if(evt.getPropertyName().equals(Case.CASE_CURRENT_CASE)){ if (evt.getPropertyName().equals(Case.CASE_CURRENT_CASE)) {
setEnabled(evt.getNewValue() != null); setEnabled(evt.getNewValue() != null);
} }
} }
}); });
//attempt to create a report folder if a case is active //attempt to create a report folder if a case is active
Case.addPropertyChangeListener(new PropertyChangeListener () { Case.addPropertyChangeListener(new PropertyChangeListener() {
@Override @Override
public void propertyChange(PropertyChangeEvent evt) { public void propertyChange(PropertyChangeEvent evt) {
String changed = evt.getPropertyName(); String changed = evt.getPropertyName();
//case has been changed //case has been changed
if (changed.equals(Case.CASE_CURRENT_CASE)) { if (changed.equals(Case.CASE_CURRENT_CASE)) {
Case newCase = (Case)evt.getNewValue(); Case newCase = (Case) evt.getNewValue();
if (newCase != null) { if (newCase != null) {
boolean exists = (new File(newCase.getCaseDirectory() + "\\Reports")).exists(); boolean exists = (new File(newCase.getCaseDirectory() + "\\Reports")).exists();
if (exists) { if (exists) {
// report directory exists -- don't need to do anything // report directory exists -- don't need to do anything
} else {
} else { // report directory does not exist -- create it
// report directory does not exist -- create it boolean reportCreate = (new File(newCase.getCaseDirectory() + "\\Reports")).mkdirs();
boolean reportCreate = (new File(newCase.getCaseDirectory() + "\\Reports")).mkdirs(); if (!reportCreate) {
if(!reportCreate){ logger.log(Level.WARNING, "Could not create Reports directory for case. It does not exist.");
logger.log(Level.WARNING, "Could not create Reports directory for case. It does not exist."); }
} }
} }
} }
} }
} });
});
// set action of the toolbar button // set action of the toolbar button
toolbarButton.addActionListener(new ActionListener() { toolbarButton.addActionListener(new ActionListener() {
@ -93,24 +106,25 @@ public final class reportAction extends CallableSystemAction implements Presente
}); });
} }
@Override @Override
public void actionPerformed(ActionEvent e) { public void actionPerformed(ActionEvent e) {
try { try {
// create the popUp window for it // create the popUp window for it
final JFrame frame = new JFrame(ACTION_NAME); final JFrame frame = new JFrame(ACTION_NAME);
final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal
// initialize panel with loaded settings // initialize panel with loaded settings
final reportFilter panel = new reportFilter(); final reportFilter panel = new reportFilter();
panel.setjButton2ActionListener(new ActionListener() { panel.setjButton2ActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) { @Override
popUpWindow.dispose(); public void actionPerformed(ActionEvent e) {
} popUpWindow.dispose();
}); }
});
// add the panel to the popup window // add the panel to the popup window
popUpWindow.add(panel); popUpWindow.add(panel);
popUpWindow.pack(); popUpWindow.pack();
@ -125,16 +139,15 @@ public final class reportAction extends CallableSystemAction implements Presente
// display the window // display the window
popUpWindow.setVisible(true); popUpWindow.setVisible(true);
// add the command to close the window to the button on the Case Properties form / panel // add the command to close the window to the button on the Case Properties form / panel
} catch (Exception ex) { } catch (Exception ex) {
Log.get(reportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex); Log.get(reportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex);
} }
} }
@Override @Override
public void performAction() { public void performAction() {
} }
@Override @Override
@ -146,11 +159,11 @@ public final class reportAction extends CallableSystemAction implements Presente
public HelpCtx getHelpCtx() { public HelpCtx getHelpCtx() {
return HelpCtx.DEFAULT_HELP; return HelpCtx.DEFAULT_HELP;
} }
/** /**
* Returns the toolbar component of this action * Returns the toolbar component of this action
* *
* @return component the toolbar button * @return component the toolbar button
*/ */
@Override @Override
public Component getToolbarPresenter() { public Component getToolbarPresenter() {
@ -163,10 +176,10 @@ public final class reportAction extends CallableSystemAction implements Presente
/** /**
* Set this action to be enabled/disabled * Set this action to be enabled/disabled
* *
* @param value whether to enable this action or not * @param value whether to enable this action or not
*/ */
@Override @Override
public void setEnabled(boolean value){ public void setEnabled(boolean value) {
super.setEnabled(value); super.setEnabled(value);
toolbarButton.setEnabled(value); toolbarButton.setEnabled(value);
} }

31
Report/src/org/sleuthkit/autopsy/report/reportFilter.form
View File

@ -1,4 +1,4 @@
<?xml version="1.1" encoding="UTF-8" ?> <?xml version="1.0" encoding="UTF-8" ?>
<Form version="1.5" maxVersion="1.7" type="org.netbeans.modules.form.forminfo.JPanelFormInfo"> <Form version="1.5" maxVersion="1.7" type="org.netbeans.modules.form.forminfo.JPanelFormInfo">
<NonVisualComponents> <NonVisualComponents>
@ -39,29 +39,24 @@
<Group type="102" attributes="0"> <Group type="102" attributes="0">
<EmptySpace max="-2" attributes="0"/> <EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0"> <Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0">
<Group type="103" groupAlignment="0" attributes="0">
<Component id="jCheckBox3" alignment="0" min="-2" max="-2" attributes="0"/>
<Group type="102" alignment="0" attributes="0">
<Group type="103" groupAlignment="0" attributes="0">
<Component id="jCheckBox2" alignment="0" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox1" alignment="0" min="-2" max="-2" attributes="0"/>
</Group>
<EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Component id="jCheckBox5" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox4" alignment="0" min="-2" max="-2" attributes="0"/>
</Group>
</Group>
</Group>
<EmptySpace min="-2" pref="69" max="-2" attributes="0"/>
</Group>
<Group type="102" alignment="0" attributes="0"> <Group type="102" alignment="0" attributes="0">
<Component id="jButton1" min="-2" max="-2" attributes="0"/> <Component id="jButton1" min="-2" max="-2" attributes="0"/>
<EmptySpace max="32767" attributes="0"/> <EmptySpace max="32767" attributes="0"/>
<Component id="cancelButton" min="-2" max="-2" attributes="0"/> <Component id="cancelButton" min="-2" max="-2" attributes="0"/>
<EmptySpace min="-2" pref="156" max="-2" attributes="0"/> <EmptySpace min="-2" pref="156" max="-2" attributes="0"/>
</Group> </Group>
<Component id="jCheckBox3" alignment="0" min="-2" max="-2" attributes="0"/>
<Group type="102" alignment="0" attributes="0">
<Group type="103" groupAlignment="0" attributes="0">
<Component id="jCheckBox2" alignment="0" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox1" alignment="0" min="-2" max="-2" attributes="0"/>
</Group>
<EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Component id="jCheckBox5" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox4" alignment="0" min="-2" max="-2" attributes="0"/>
</Group>
</Group>
<Component id="progBar" alignment="0" min="-2" pref="231" max="-2" attributes="0"/> <Component id="progBar" alignment="0" min="-2" pref="231" max="-2" attributes="0"/>
</Group> </Group>
<EmptySpace max="-2" attributes="0"/> <EmptySpace max="-2" attributes="0"/>

13
Report/src/org/sleuthkit/autopsy/report/reportFilterAction.java
View File

@ -16,7 +16,6 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.sleuthkit.autopsy.report; package org.sleuthkit.autopsy.report;
import java.awt.Container; import java.awt.Container;
@ -31,6 +30,7 @@ import org.sleuthkit.autopsy.coreutils.Log;
/** /**
* The reportFilterAction opens the reportFilterPanel in a dialog, and saves the * The reportFilterAction opens the reportFilterPanel in a dialog, and saves the
* settings of the panel if the Apply button is clicked. * settings of the panel if the Apply button is clicked.
*
* @author pmartel * @author pmartel
*/ */
class reportFilterAction { class reportFilterAction {
@ -44,10 +44,10 @@ class reportFilterAction {
try { try {
// create the popUp window for it // create the popUp window for it
Container cpane; Container cpane;
final JFrame frame = new JFrame(ACTION_NAME); final JFrame frame = new JFrame(ACTION_NAME);
final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal
cpane = frame.getContentPane(); cpane = frame.getContentPane();
// initialize panel with loaded settings // initialize panel with loaded settings
final reportFilter panel = new reportFilter(); final reportFilter panel = new reportFilter();
@ -64,8 +64,8 @@ class reportFilterAction {
// display the window // display the window
popUpWindow.setVisible(true); popUpWindow.setVisible(true);
} catch (Exception ex) { } catch (Exception ex) {
Log.get(reportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex); Log.get(reportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex);
} }
@ -76,9 +76,8 @@ class reportFilterAction {
return ACTION_NAME; return ACTION_NAME;
} }
// @Override // @Override
public HelpCtx getHelpCtx() { public HelpCtx getHelpCtx() {
return HelpCtx.DEFAULT_HELP; return HelpCtx.DEFAULT_HELP;
} }
} }

656
Report/src/org/sleuthkit/autopsy/report/reportHTML.java
View File

@ -1,6 +1,22 @@
/* /*
* To change this template, choose Tools | Templates *
* and open the template in the editor. * Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/ */
package org.sleuthkit.autopsy.report; package org.sleuthkit.autopsy.report;
@ -30,383 +46,369 @@ import org.sleuthkit.datamodel.TskData;
* @author Alex * @author Alex
*/ */
public class reportHTML { public class reportHTML {
//Declare our publically accessible formatted report, this will change everytime they run a report //Declare our publically accessible formatted report, this will change everytime they run a report
public static StringBuilder formatted_Report = new StringBuilder(); public static StringBuilder formatted_Report = new StringBuilder();
public static StringBuilder unformatted_header = new StringBuilder(); public static StringBuilder unformatted_header = new StringBuilder();
public static StringBuilder formatted_header = new StringBuilder(); public static StringBuilder formatted_header = new StringBuilder();
public static String htmlPath = ""; public static String htmlPath = "";
public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> report, reportFilter rr){
//This is literally a terrible way to count up all the types of artifacts, and doesn't include any added ones.
//Unlike the XML report, which is dynamic, this is formatted and needs to be redone later instead of being hardcoded.
//Also, clearing variables to generate new report.
formatted_Report.setLength(0);
unformatted_header.setLength(0);
formatted_header.setLength(0);
int countGen = 0;
int countWebBookmark = 0;
int countWebCookie = 0;
int countWebHistory = 0;
int countWebDownload = 0;
int countRecentObjects = 0;
int countTrackPoint = 0;
int countInstalled = 0;
int countKeyword = 0;
int countHash = 0;
int countDevice = 0;
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(entry.getKey().getArtifactTypeID() == 1){
countGen++;
}
if(entry.getKey().getArtifactTypeID() == 2){
countWebBookmark++;
}
if(entry.getKey().getArtifactTypeID() == 3){
countWebCookie++; public reportHTML(HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> report, reportFilter rr) {
}
if(entry.getKey().getArtifactTypeID() == 4){
countWebHistory++; //This is literally a terrible way to count up all the types of artifacts, and doesn't include any added ones.
} //Unlike the XML report, which is dynamic, this is formatted and needs to be redone later instead of being hardcoded.
if(entry.getKey().getArtifactTypeID() == 5){ //Also, clearing variables to generate new report.
countWebDownload++; formatted_Report.setLength(0);
} unformatted_header.setLength(0);
if(entry.getKey().getArtifactTypeID() == 6){ formatted_header.setLength(0);
countRecentObjects++;
} int countGen = 0;
if(entry.getKey().getArtifactTypeID() == 7){ int countWebBookmark = 0;
countTrackPoint++; int countWebCookie = 0;
} int countWebHistory = 0;
if(entry.getKey().getArtifactTypeID() == 8){ int countWebDownload = 0;
countInstalled++; int countRecentObjects = 0;
} int countTrackPoint = 0;
if(entry.getKey().getArtifactTypeID() == 9){ int countInstalled = 0;
countKeyword++; int countKeyword = 0;
} int countHash = 0;
if(entry.getKey().getArtifactTypeID() == 10){ int countDevice = 0;
countHash++; for (Entry<BlackboardArtifact, ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
} if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) {
if(entry.getKey().getArtifactTypeID() == 11){ countGen++;
countDevice++; }
} if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) {
} countWebBookmark++;
}
try{ if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) {
String ingestwarning = "<h2 style=\"color: red;\">Warning, this report was run before ingest services completed!</h2>";
Case currentCase = Case.getCurrentCase(); // get the most updated case countWebCookie++;
SleuthkitCase skCase = currentCase.getSleuthkitCase(); }
String caseName = currentCase.getName(); if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) {
Integer imagecount = currentCase.getImageIDs().length;
Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG); countWebHistory++;
Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR); }
int reportsize = report.size(); if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) {
Integer filesystemcount = currentCase.getRootObjectsCount(); countWebDownload++;
DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); }
DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy"); if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) {
Date date = new Date(); countRecentObjects++;
String datetime = datetimeFormat.format(date); }
String datenotime = dateFormat.format(date); if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) {
String CSS = "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"><style>" countTrackPoint++;
+ "body {padding: 30px; margin: 0; background: #FFFFFF; font: 13px/20px Arial, Helvetica, sans-serif; color: #535353;} " }
+ "h1 {font-size: 26px; color: #005577; margin: 0 0 20px 0;} " if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) {
countInstalled++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
countKeyword++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) {
countHash++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) {
countDevice++;
}
}
try {
String ingestwarning = "<h2 style=\"color: red;\">Warning, this report was run before ingest services completed!</h2>";
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
String caseName = currentCase.getName();
Integer imagecount = currentCase.getImageIDs().length;
Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG);
Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR);
int reportsize = report.size();
Integer filesystemcount = currentCase.getRootObjectsCount();
DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy");
Date date = new Date();
String datetime = datetimeFormat.format(date);
String datenotime = dateFormat.format(date);
String CSS = "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"><style>"
+ "body {padding: 30px; margin: 0; background: #FFFFFF; font: 13px/20px Arial, Helvetica, sans-serif; color: #535353;} "
+ "h1 {font-size: 26px; color: #005577; margin: 0 0 20px 0;} "
+ "h2 {font-size: 20px; font-weight: normal; color: #0077aa; margin: 40px 0 10px 0; padding: 0 0 10px 0; border-bottom: 1px solid #dddddd;} " + "h2 {font-size: 20px; font-weight: normal; color: #0077aa; margin: 40px 0 10px 0; padding: 0 0 10px 0; border-bottom: 1px solid #dddddd;} "
+ "h3 {font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;} " + "h3 {font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;} "
+ "p {margin: 0 0 20px 0;} table {width: 100%; padding: 0; margin: 0; border-collapse: collapse; border-bottom: 1px solid #e5e5e5;} " + "p {margin: 0 0 20px 0;} table {width: 100%; padding: 0; margin: 0; border-collapse: collapse; border-bottom: 1px solid #e5e5e5;} "
+ "table thead th {display: table-cell; text-align: left; padding: 8px 16px; background: #e5e5e5; color: #777;font-size: 11px;text-shadow: #e9f9fd 0 1px 0; border-top: 1px solid #dedede; border-bottom: 2px solid #dedede;} " + "table thead th {display: table-cell; text-align: left; padding: 8px 16px; background: #e5e5e5; color: #777;font-size: 11px;text-shadow: #e9f9fd 0 1px 0; border-top: 1px solid #dedede; border-bottom: 2px solid #dedede;} "
+ "table tr th:nth-child(1) {text-align: center; width: 60px;} " + "table tr th:nth-child(1) {text-align: center; width: 60px;} "
+ "table td {display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif;} " + "table td {display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif;} "
+ "table tr:nth-child(even) td {background: #f3f3f3;} " + "table tr:nth-child(even) td {background: #f3f3f3;} "
+ "table tr td:nth-child(1) {text-align: left; width: 60px; background: #f3f3f3;} " + "table tr td:nth-child(1) {text-align: left; width: 60px; background: #f3f3f3;} "
+ "table tr:nth-child(even) td:nth-child(1) {background: #eaeaea;}" + "table tr:nth-child(even) td:nth-child(1) {background: #eaeaea;}"
+ "</style>"; + "</style>";
//Add additional header information //Add additional header information
String header = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\"><html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\"><head><title>Autopsy Report for Case: " + caseName + "</title>"; String header = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\"><html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\"><head><title>Autopsy Report for Case: " + caseName + "</title>";
formatted_header.append(header); formatted_header.append(header);
formatted_header.append(CSS); formatted_header.append(CSS);
//do for unformatted //do for unformatted
String simpleCSS = "<style>" String simpleCSS = "<style>"
+ "body {padding: 30px; margin: 0; background: #FFFFFF; color: #535353;} " + "body {padding: 30px; margin: 0; background: #FFFFFF; color: #535353;} "
+ "h1 {font-size: 26px; color: #005577; margin: 0 0 20px 0;} " + "h1 {font-size: 26px; color: #005577; margin: 0 0 20px 0;} "
+ "h2 {font-size: 20px; font-weight: normal; color: #0077aa; margin: 40px 0 10px 0; padding: 0 0 10px 0; border-bottom: 1px solid #dddddd;} " + "h2 {font-size: 20px; font-weight: normal; color: #0077aa; margin: 40px 0 10px 0; padding: 0 0 10px 0; border-bottom: 1px solid #dddddd;} "
+ "h3 {font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;} " + "h3 {font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;} "
+ "p {margin: 0 0 20px 0;} table {width: 100%; padding: 0; margin: 0; border-collapse: collapse; border-bottom: 1px solid #e5e5e5;} " + "p {margin: 0 0 20px 0;} table {width: 100%; padding: 0; margin: 0; border-collapse: collapse; border-bottom: 1px solid #e5e5e5;} "
+ "table thead th {display: table-cell; text-align: left; padding: 4px 8px; background: #e5e5e5; color: #777;font-size: 11px; width: 80px; border-top: 1px solid #dedede; border-bottom: 2px solid #dedede;} " + "table thead th {display: table-cell; text-align: left; padding: 4px 8px; background: #e5e5e5; color: #777;font-size: 11px; width: 80px; border-top: 1px solid #dedede; border-bottom: 2px solid #dedede;} "
+ "table tr th {text-align: left; width: 80px;} " + "table tr th {text-align: left; width: 80px;} "
+ "table td {width: 100px; font-size: 8px; display: table-cell; padding: 4px 8px;} " + "table td {width: 100px; font-size: 8px; display: table-cell; padding: 4px 8px;} "
+ "table tr {text-align: left; width: 60px; background: #f3f3f3;} " + "table tr {text-align: left; width: 60px; background: #f3f3f3;} "
+ "tr.alt td{ background-color: #FFFFFF;}" + "tr.alt td{ background-color: #FFFFFF;}"
+ "</style>"; + "</style>";
unformatted_header.append(header); unformatted_header.append(header);
unformatted_header.append(simpleCSS); unformatted_header.append(simpleCSS);
//formatted_Report.append("<link rel=\"stylesheet\" href=\"" + rrpath + "report.css\" type=\"text/css\" />"); //formatted_Report.append("<link rel=\"stylesheet\" href=\"" + rrpath + "report.css\" type=\"text/css\" />");
formatted_Report.append("</head><body><div id=\"main\"><div id=\"content\">"); formatted_Report.append("</head><body><div id=\"main\"><div id=\"content\">");
// Add summary information now // Add summary information now
formatted_Report.append("<h1>Report for Case: ").append(caseName).append("</h1>"); formatted_Report.append("<h1>Report for Case: ").append(caseName).append("</h1>");
if(IngestManager.getDefault().isIngestRunning()) if (IngestManager.getDefault().isIngestRunning()) {
{
formatted_Report.append(ingestwarning); formatted_Report.append(ingestwarning);
} }
formatted_Report.append("<h2>Case Summary</h2><p>HTML Report Generated by <strong>Autopsy 3</strong> on ").append(datetime).append("<ul>"); formatted_Report.append("<h2>Case Summary</h2><p>HTML Report Generated by <strong>Autopsy 3</strong> on ").append(datetime).append("<ul>");
formatted_Report.append("<li># of Images: ").append(imagecount).append("</li>"); formatted_Report.append("<li># of Images: ").append(imagecount).append("</li>");
formatted_Report.append("<li>FileSystems: ").append(filesystemcount).append("</li>"); formatted_Report.append("<li>FileSystems: ").append(filesystemcount).append("</li>");
formatted_Report.append("<li># of Files: ").append(totalfiles.toString()).append("</li>"); formatted_Report.append("<li># of Files: ").append(totalfiles.toString()).append("</li>");
formatted_Report.append("<li># of Dirs: ").append(totaldirs.toString()).append("</li>"); formatted_Report.append("<li># of Dirs: ").append(totaldirs.toString()).append("</li>");
formatted_Report.append("<li># of Artifacts: ").append(reportsize).append("</li></ul>"); formatted_Report.append("<li># of Artifacts: ").append(reportsize).append("</li></ul>");
formatted_Report.append("<br /><table><thead><tr><th>Section</th><th>Count</th></tr></thead><tbody>"); formatted_Report.append("<br /><table><thead><tr><th>Section</th><th>Count</th></tr></thead><tbody>");
if(countWebBookmark > 0){ if (countWebBookmark > 0) {
formatted_Report.append("<tr><td><a href=\"#bookmark\">Web Bookmarks</a></td><td>").append(countWebBookmark).append("</td></tr>"); formatted_Report.append("<tr><td><a href=\"#bookmark\">Web Bookmarks</a></td><td>").append(countWebBookmark).append("</td></tr>");
} }
if(countWebCookie > 0){ if (countWebCookie > 0) {
formatted_Report.append("<tr><td><a href=\"#cookie\">Web Cookies</a></td><td>").append(countWebCookie).append("</td></tr>"); formatted_Report.append("<tr><td><a href=\"#cookie\">Web Cookies</a></td><td>").append(countWebCookie).append("</td></tr>");
} }
if(countWebHistory > 0){ if (countWebHistory > 0) {
formatted_Report.append("<tr><td><a href=\"#history\">Web History</a></td><td>").append(countWebHistory).append("</td></tr>"); formatted_Report.append("<tr><td><a href=\"#history\">Web History</a></td><td>").append(countWebHistory).append("</td></tr>");
} }
if(countWebDownload > 0){ if (countWebDownload > 0) {
formatted_Report.append("<tr><td><a href=\"#download\">Web Downloads</a></td><td>").append(countWebDownload).append("</td></tr>"); formatted_Report.append("<tr><td><a href=\"#download\">Web Downloads</a></td><td>").append(countWebDownload).append("</td></tr>");
} }
if(countRecentObjects > 0){ if (countRecentObjects > 0) {
formatted_Report.append("<tr><td><a href=\"#recent\">Recent Documents</a></td><td>").append(countRecentObjects).append("</td></tr>"); formatted_Report.append("<tr><td><a href=\"#recent\">Recent Documents</a></td><td>").append(countRecentObjects).append("</td></tr>");
} }
if(countInstalled > 0){ if (countInstalled > 0) {
formatted_Report.append("<tr><td><a href=\"#installed\">Installed Programs</a></td><td>").append(countInstalled).append("</td></tr>"); formatted_Report.append("<tr><td><a href=\"#installed\">Installed Programs</a></td><td>").append(countInstalled).append("</td></tr>");
} }
if(countKeyword > 0){ if (countKeyword > 0) {
formatted_Report.append("<tr><td><a href=\"#keyword\">Keyword Hits</a></td><td>").append(countKeyword).append("</td></tr>"); formatted_Report.append("<tr><td><a href=\"#keyword\">Keyword Hits</a></td><td>").append(countKeyword).append("</td></tr>");
} }
if(countHash > 0){ if (countHash > 0) {
formatted_Report.append("<tr><td><a href=\"#hash\">Hash Hits</a></td><td>").append(countHash).append("</td></tr>"); formatted_Report.append("<tr><td><a href=\"#hash\">Hash Hits</a></td><td>").append(countHash).append("</td></tr>");
} }
if(countDevice > 0){ if (countDevice > 0) {
formatted_Report.append("<tr><td><a href=\"#device\">Attached Devices</a></td><td>").append(countDevice).append("</td></tr>"); formatted_Report.append("<tr><td><a href=\"#device\">Attached Devices</a></td><td>").append(countDevice).append("</td></tr>");
} }
formatted_Report.append("</tbody></table><br />"); formatted_Report.append("</tbody></table><br />");
String tableHeader = "<table><thead><tr>"; String tableHeader = "<table><thead><tr>";
StringBuilder nodeGen = new StringBuilder("<h3>General Information (").append(countGen).append(")</h3>").append(tableHeader).append("<th>Attribute</th><th>Value</th></tr></thead><tbody>"); StringBuilder nodeGen = new StringBuilder("<h3>General Information (").append(countGen).append(")</h3>").append(tableHeader).append("<th>Attribute</th><th>Value</th></tr></thead><tbody>");
StringBuilder nodeWebBookmark = new StringBuilder("<h3><a name=\"bookmark\">Web Bookmarks (").append(countWebBookmark).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Title</th><th>Program</th></tr></thead><tbody>"); StringBuilder nodeWebBookmark = new StringBuilder("<h3><a name=\"bookmark\">Web Bookmarks (").append(countWebBookmark).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Title</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeWebCookie = new StringBuilder("<h3><a name=\"cookie\">Web Cookies (").append(countWebCookie).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Name</th><th>Value</th><th>Program</th></tr></thead><tbody>"); StringBuilder nodeWebCookie = new StringBuilder("<h3><a name=\"cookie\">Web Cookies (").append(countWebCookie).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Name</th><th>Value</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeWebHistory = new StringBuilder("<h3><a name=\"history\">Web History (").append(countWebHistory).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Referrer</th><th>Title</th><th>Program</th></tr></thead><tbody>"); StringBuilder nodeWebHistory = new StringBuilder("<h3><a name=\"history\">Web History (").append(countWebHistory).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Referrer</th><th>Title</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeWebDownload = new StringBuilder("<h3><a name=\"download\">Web Downloads (").append(countWebDownload).append(")</h3>").append(tableHeader).append("<th>File</th><th>Source</th><th>Time</th><th>Program</th></tr></thead><tbody>"); StringBuilder nodeWebDownload = new StringBuilder("<h3><a name=\"download\">Web Downloads (").append(countWebDownload).append(")</h3>").append(tableHeader).append("<th>File</th><th>Source</th><th>Time</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeRecentObjects = new StringBuilder("<h3><a name=\"recent\">Recent Documents (").append(countRecentObjects).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Path</th><th>Related Shortcut</th></tr></thead><tbody>"); StringBuilder nodeRecentObjects = new StringBuilder("<h3><a name=\"recent\">Recent Documents (").append(countRecentObjects).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Path</th><th>Related Shortcut</th></tr></thead><tbody>");
StringBuilder nodeTrackPoint = new StringBuilder("<h3><a name=\"track\">Track Points (").append(countTrackPoint).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Attribute</th><th>Value</th></tr></thead><tbody>"); StringBuilder nodeTrackPoint = new StringBuilder("<h3><a name=\"track\">Track Points (").append(countTrackPoint).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Attribute</th><th>Value</th></tr></thead><tbody>");
StringBuilder nodeInstalled = new StringBuilder("<h3><a name=\"installed\">Installed Programs (").append(countInstalled).append(")</h3>").append(tableHeader).append("<th>Program Name</th><th>Install Date/Time</th></tr></thead><tbody>"); StringBuilder nodeInstalled = new StringBuilder("<h3><a name=\"installed\">Installed Programs (").append(countInstalled).append(")</h3>").append(tableHeader).append("<th>Program Name</th><th>Install Date/Time</th></tr></thead><tbody>");
StringBuilder nodeKeyword = new StringBuilder("<h3><a name=\"keyword\">Keyword Search Hits (").append(countKeyword).append(")</h3>"); StringBuilder nodeKeyword = new StringBuilder("<h3><a name=\"keyword\">Keyword Search Hits (").append(countKeyword).append(")</h3>");
StringBuilder nodeHash = new StringBuilder("<h3><a name=\"hash\">Hashset Hit (").append(countHash).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Size</th><th>Hashset Name</th></tr></thead><tbody>"); StringBuilder nodeHash = new StringBuilder("<h3><a name=\"hash\">Hashset Hit (").append(countHash).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Size</th><th>Hashset Name</th></tr></thead><tbody>");
StringBuilder nodeDevice = new StringBuilder("<h3><a name=\"device\">Attached Devices (").append(countHash).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Serial #</th><th>Time</th></tr></thead><tbody>"); StringBuilder nodeDevice = new StringBuilder("<h3><a name=\"device\">Attached Devices (").append(countHash).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Serial #</th><th>Time</th></tr></thead><tbody>");
int alt = 0; int alt = 0;
String altRow = ""; String altRow = "";
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) { for (Entry<BlackboardArtifact, ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(reportFilter.cancel == true){ if (reportFilter.cancel == true) {
break; break;
} }
int cc = 0; int cc = 0;
if(alt > 0) if (alt > 0) {
{ altRow = " class=\"alt\"";
altRow = " class=\"alt\""; alt = 0;
alt = 0; } else {
} altRow = "";
else{ alt++;
altRow=""; }
alt++; StringBuilder artifact = new StringBuilder("");
}
StringBuilder artifact = new StringBuilder("");
Long objId = entry.getKey().getObjectID(); Long objId = entry.getKey().getObjectID();
//Content file = skCase.getContentById(objId); //Content file = skCase.getContentById(objId);
FsContent file = skCase.getFsContentById(objId); FsContent file = skCase.getFsContentById(objId);
Long filesize = file.getSize(); Long filesize = file.getSize();
TreeMap<Integer, String> attributes = new TreeMap<Integer,String>(); TreeMap<Integer, String> attributes = new TreeMap<Integer, String>();
// Get all the attributes, line them up to be added. Place empty string placeholders for each attribute type // Get all the attributes, line them up to be added. Place empty string placeholders for each attribute type
int n; int n;
for(n=1;n<=35;n++) for (n = 1; n <= 35; n++) {
{ attributes.put(n, "");
attributes.put(n, "");
}
} for (BlackboardAttribute tempatt : entry.getValue()) {
for (BlackboardAttribute tempatt : entry.getValue()) if (reportFilter.cancel == true) {
{ break;
if(reportFilter.cancel == true){
break;
}
String value = "";
int type = tempatt.getAttributeTypeID();
if(tempatt.getValueString() == null || "null".equals(tempatt.getValueString())){
}
else if(type == 2 || type == 33 ){
value = new java.text.SimpleDateFormat("MM/dd/yyyy HH:mm:ss").format(new java.util.Date ((tempatt.getValueLong())));
if(value == null || "".equals(value)){
value = tempatt.getValueString();
}
}
else
{
value = tempatt.getValueString();
}
value = reportUtils.insertPeriodically(value, "<br>", 30);
attributes.put(type, value);
cc++;
}
if(entry.getKey().getArtifactTypeID() == 1){
artifact.append("</tr>");
nodeGen.append(artifact);
} }
if(entry.getKey().getArtifactTypeID() == 2){ String value = "";
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(1)).append("</td>"); int type = tempatt.getAttributeTypeID();
artifact.append("<td>").append(attributes.get(3)).append("</td>"); if (tempatt.getValueString() == null || "null".equals(tempatt.getValueString())) {
artifact.append("<td>").append(attributes.get(4)).append("</td>"); } else if (type == 2 || type == 33) {
artifact.append("</tr>"); value = new java.text.SimpleDateFormat("MM/dd/yyyy HH:mm:ss").format(new java.util.Date((tempatt.getValueLong())));
nodeWebBookmark.append(artifact); if (value == null || "".equals(value)) {
} value = tempatt.getValueString();
if(entry.getKey().getArtifactTypeID() == 3){ }
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(1)).append("</td>"); } else {
artifact.append("<td>").append(attributes.get(2)).append("</td>"); value = tempatt.getValueString();
artifact.append("<td>").append(attributes.get(3)).append("</td>");
artifact.append("<td>").append(attributes.get(6)).append("</td>");
artifact.append("<td>").append(attributes.get(4)).append("</td>");
artifact.append("</tr>");
nodeWebCookie.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 4){
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(33)).append("</td>");
artifact.append("<td>").append(attributes.get(32)).append("</td>");
artifact.append("<td>").append(attributes.get(3)).append("</td>");
artifact.append("<td>").append(attributes.get(4)).append("</td>");
artifact.append("</tr>");
nodeWebHistory.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 5){
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(8)).append("</td>");
artifact.append("<td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(33)).append("</td>");
artifact.append("<td>").append(attributes.get(4)).append("</td>");
artifact.append("</tr>");
nodeWebDownload.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 6){
//artifact.append("<tr><td>").append(objId.toString());
artifact.append("<tr").append(altRow).append("><td><strong>").append(attributes.get(3)).append("</strong></td>");
artifact.append("<td>").append(attributes.get(8)).append("</td>");
artifact.append("<td>").append(file.getName()).append("</td>");
artifact.append("</tr>");
nodeRecentObjects.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 7){
artifact.append("<tr").append(altRow).append("><td>").append(objId.toString());
artifact.append("</td><td><strong>").append(file.getName().toString()).append("</strong></td>");
artifact.append("<td>").append(filesize.toString()).append("</td>");
artifact.append("</tr>");
nodeTrackPoint.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 8){
artifact.append("<tr").append(altRow).append("><td><strong>").append(attributes.get(4)).append("</strong></td>");
artifact.append("<td>").append(attributes.get(2)).append("</td>");
artifact.append("</tr>");
nodeInstalled.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 9){
// artifact.append("<table><thead><tr><th>Artifact ID</th><th>Name</th><th>Size</th>");
// artifact.append("</tr></table>");
// nodeKeyword.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 10){
// artifact.append("<tr><td>").append(objId.toString());
artifact.append("<tr").append(altRow).append("><td><strong>").append(file.getName().toString()).append("</strong></td>");
artifact.append("<td>").append(filesize.toString()).append("</td>");
//artifact.append("<td>").append(attributes.get(31)).append("</td>");
artifact.append("<td>").append(attributes.get(30)).append("</td>");
artifact.append("</tr>");
nodeHash.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 11){
artifact.append("<tr").append(altRow).append("><td><strong>").append(attributes.get(18)).append("</strong></td>");
artifact.append("<td>").append(attributes.get(20)).append("</td>");
artifact.append("<td>").append(attributes.get(2)).append("</td>");
artifact.append("</tr>");
nodeDevice.append(artifact);
} }
value = reportUtils.insertPeriodically(value, "<br>", 30);
attributes.put(type, value);
cc++; cc++;
rr.progBarSet(cc); }
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) {
artifact.append("</tr>");
nodeGen.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(3)).append("</td>");
artifact.append("<td>").append(attributes.get(4)).append("</td>");
artifact.append("</tr>");
nodeWebBookmark.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(2)).append("</td>");
artifact.append("<td>").append(attributes.get(3)).append("</td>");
artifact.append("<td>").append(attributes.get(6)).append("</td>");
artifact.append("<td>").append(attributes.get(4)).append("</td>");
artifact.append("</tr>");
nodeWebCookie.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(33)).append("</td>");
artifact.append("<td>").append(attributes.get(32)).append("</td>");
artifact.append("<td>").append(attributes.get(3)).append("</td>");
artifact.append("<td>").append(attributes.get(4)).append("</td>");
artifact.append("</tr>");
nodeWebHistory.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(8)).append("</td>");
artifact.append("<td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(33)).append("</td>");
artifact.append("<td>").append(attributes.get(4)).append("</td>");
artifact.append("</tr>");
nodeWebDownload.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) {
//artifact.append("<tr><td>").append(objId.toString());
artifact.append("<tr").append(altRow).append("><td><strong>").append(attributes.get(3)).append("</strong></td>");
artifact.append("<td>").append(attributes.get(8)).append("</td>");
artifact.append("<td>").append(file.getName()).append("</td>");
artifact.append("</tr>");
nodeRecentObjects.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td>").append(objId.toString());
artifact.append("</td><td><strong>").append(file.getName().toString()).append("</strong></td>");
artifact.append("<td>").append(filesize.toString()).append("</td>");
artifact.append("</tr>");
nodeTrackPoint.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td><strong>").append(attributes.get(4)).append("</strong></td>");
artifact.append("<td>").append(attributes.get(2)).append("</td>");
artifact.append("</tr>");
nodeInstalled.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
// artifact.append("<table><thead><tr><th>Artifact ID</th><th>Name</th><th>Size</th>");
// artifact.append("</tr></table>");
// nodeKeyword.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) {
// artifact.append("<tr><td>").append(objId.toString());
artifact.append("<tr").append(altRow).append("><td><strong>").append(file.getName().toString()).append("</strong></td>");
artifact.append("<td>").append(filesize.toString()).append("</td>");
//artifact.append("<td>").append(attributes.get(31)).append("</td>");
artifact.append("<td>").append(attributes.get(30)).append("</td>");
artifact.append("</tr>");
nodeHash.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td><strong>").append(attributes.get(18)).append("</strong></td>");
artifact.append("<td>").append(attributes.get(20)).append("</td>");
artifact.append("<td>").append(attributes.get(2)).append("</td>");
artifact.append("</tr>");
nodeDevice.append(artifact);
}
cc++;
rr.progBarSet(cc);
}
//Add them back in order //Add them back in order
//formatted_Report.append(nodeGen); //formatted_Report.append(nodeGen);
// formatted_Report.append("</tbody></table>"); // formatted_Report.append("</tbody></table>");
if(countWebBookmark > 0){ if (countWebBookmark > 0) {
formatted_Report.append(nodeWebBookmark); formatted_Report.append(nodeWebBookmark);
formatted_Report.append("</tbody></table>"); formatted_Report.append("</tbody></table>");
} }
if(countWebCookie > 0){ if (countWebCookie > 0) {
formatted_Report.append(nodeWebCookie); formatted_Report.append(nodeWebCookie);
formatted_Report.append("</tbody></table>"); formatted_Report.append("</tbody></table>");
} }
if(countWebHistory > 0){ if (countWebHistory > 0) {
formatted_Report.append(nodeWebHistory); formatted_Report.append(nodeWebHistory);
formatted_Report.append("</tbody></table>"); formatted_Report.append("</tbody></table>");
} }
if(countWebDownload > 0){ if (countWebDownload > 0) {
formatted_Report.append(nodeWebDownload); formatted_Report.append(nodeWebDownload);
formatted_Report.append("</tbody></table>"); formatted_Report.append("</tbody></table>");
} }
if(countRecentObjects > 0){ if (countRecentObjects > 0) {
formatted_Report.append(nodeRecentObjects); formatted_Report.append(nodeRecentObjects);
formatted_Report.append("</tbody></table>"); formatted_Report.append("</tbody></table>");
} }
// formatted_Report.append(nodeTrackPoint); // formatted_Report.append(nodeTrackPoint);
//formatted_Report.append("</tbody></table>"); //formatted_Report.append("</tbody></table>");
if(countInstalled > 0){ if (countInstalled > 0) {
formatted_Report.append(nodeInstalled); formatted_Report.append(nodeInstalled);
formatted_Report.append("</tbody></table>"); formatted_Report.append("</tbody></table>");
} }
if(countKeyword > 0){ if (countKeyword > 0) {
formatted_Report.append(nodeKeyword); formatted_Report.append(nodeKeyword);
report keywords = new report(); report keywords = new report();
formatted_Report.append(keywords.getGroupedKeywordHit()); formatted_Report.append(keywords.getGroupedKeywordHit());
// "<table><thead><tr><th>Artifact ID</th><th>Name</th><th>Size</th> // "<table><thead><tr><th>Artifact ID</th><th>Name</th><th>Size</th>
// formatted_Report.append("</tbody></table>"); // formatted_Report.append("</tbody></table>");
} }
if(countHash > 0){ if (countHash > 0) {
formatted_Report.append(nodeHash); formatted_Report.append(nodeHash);
formatted_Report.append("</tbody></table>"); formatted_Report.append("</tbody></table>");
} }
if(countDevice > 0){ if (countDevice > 0) {
formatted_Report.append(nodeDevice); formatted_Report.append(nodeDevice);
formatted_Report.append("</tbody></table>"); formatted_Report.append("</tbody></table>");
} }
//end of master loop //end of master loop
formatted_Report.append("</div></div></body></html>");
formatted_header.append(formatted_Report);
// unformatted_header.append(formatted_Report);
htmlPath = currentCase.getCaseDirectory()+"/Reports/" + caseName + "-" + datenotime + ".html";
Writer out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(htmlPath), "UTF-8"));
out.write(formatted_header.toString());
out.flush();
out.close();
}
catch(Exception e)
{
Logger.getLogger(reportHTML.class.getName()).log(Level.WARNING, "Exception occurred", e); formatted_Report.append("</div></div></body></html>");
} formatted_header.append(formatted_Report);
} // unformatted_header.append(formatted_Report);
htmlPath = currentCase.getCaseDirectory() + "/Reports/" + caseName + "-" + datenotime + ".html";
Writer out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(htmlPath), "UTF-8"));
out.write(formatted_header.toString());
out.flush();
out.close();
} catch (Exception e) {
Logger.getLogger(reportHTML.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
}
} }

2
Report/src/org/sleuthkit/autopsy/report/reportPanel.form
View File

@ -1,4 +1,4 @@
<?xml version="1.1" encoding="UTF-8" ?> <?xml version="1.0" encoding="UTF-8" ?>
<Form version="1.5" maxVersion="1.7" type="org.netbeans.modules.form.forminfo.JPanelFormInfo"> <Form version="1.5" maxVersion="1.7" type="org.netbeans.modules.form.forminfo.JPanelFormInfo">
<NonVisualComponents> <NonVisualComponents>

158
Report/src/org/sleuthkit/autopsy/report/reportPanel.java
View File

@ -1,20 +1,27 @@
/* /*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
/*
* reportPanel.java
* *
* Created on Feb 21, 2012, 12:13:14 PM * Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/ */
package org.sleuthkit.autopsy.report; package org.sleuthkit.autopsy.report;
import java.awt.event.ActionListener; import java.awt.event.ActionListener;
import java.io.BufferedWriter; import java.io.*;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.text.DateFormat; import java.text.DateFormat;
import java.text.SimpleDateFormat; import java.text.SimpleDateFormat;
import java.util.Date; import java.util.Date;
@ -30,16 +37,17 @@ import org.jdom.output.XMLOutputter;
*/ */
public class reportPanel extends javax.swing.JPanel { public class reportPanel extends javax.swing.JPanel {
/** Creates new form reportPanel */ /**
public reportPanel(String report) { * Creates new form reportPanel
*/
public reportPanel() {
initComponents(); initComponents();
setReportWindow(report);
} }
/** This method is called from within the constructor to /**
* initialize the form. * This method is called from within the constructor to initialize the form.
* WARNING: Do NOT modify this code. The content of this method is * WARNING: Do NOT modify this code. The content of this method is always
* always regenerated by the Form Editor. * regenerated by the Form Editor.
*/ */
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
// <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents // <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents
@ -94,86 +102,64 @@ public class reportPanel extends javax.swing.JPanel {
}// </editor-fold>//GEN-END:initComponents }// </editor-fold>//GEN-END:initComponents
private void saveReportActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_saveReportActionPerformed private void saveReportActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_saveReportActionPerformed
saveReportAction(); saveReportAction();
}//GEN-LAST:event_saveReportActionPerformed }//GEN-LAST:event_saveReportActionPerformed
/** /**
* Sets the listener for the OK button * Sets the listener for the OK button
* *
* @param e The action listener * @param e The action listener
*/ */
public void setjButton1ActionListener(ActionListener e){ public void setjButton1ActionListener(ActionListener e) {
jButton1.addActionListener(e); jButton1.addActionListener(e);
} }
public void getLink(HyperlinkEvent evt){
try{ public void setFinishedReportText() {
String str = evt.getDescription();
// jEditorPane1.scrollToReference(str.substring(1));
}
catch(Exception e){
String whater = "";
}
}
public void setjEditorPane1EventListener(HyperlinkListener evt){
// jEditorPane1.addHyperlinkListener(evt);
}
private void setReportWindow(String report)
{
// jEditorPane1.setText(report);
// jEditorPane1.setCaretPosition(0);
}
public void setFinishedReportText(){
DateFormat dateFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); DateFormat dateFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
Date date = new Date(); Date date = new Date();
String reportText = "Report was sucessfully generated at " + dateFormat.format(date) + "."; String reportText = "Report was sucessfully generated at " + dateFormat.format(date) + ".";
jLabel1.setText(reportText); jLabel1.setText(reportText);
} }
private void saveReportAction() {
private void saveReportAction(){
int option = jFileChooser1.showSaveDialog(this); int option = jFileChooser1.showSaveDialog(this);
if(option == JFileChooser.APPROVE_OPTION){ if (option == JFileChooser.APPROVE_OPTION) {
if(jFileChooser1.getSelectedFile()!=null){ if (jFileChooser1.getSelectedFile() != null) {
String path = jFileChooser1.getSelectedFile().toString(); String path = jFileChooser1.getSelectedFile().toString();
exportReport(path); exportReport(path);
}
} }
}
}
private void exportReport(String path){
String htmlpath = reportUtils.changeExtension(path, ".html");
String xmlpath = reportUtils.changeExtension(path, ".xml");
String xlspath = reportUtils.changeExtension(path, ".xlsx");
try {
Writer out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(htmlpath), "UTF-8"));
// FileOutputStream out = new FileOutputStream(htmlpath);
out.write(reportHTML.formatted_header.toString());
out.flush();
out.close();
//xls report
FileOutputStream fos = new FileOutputStream(xlspath);
reportXLS.wb.write(fos);
fos.close();
FileOutputStream xmlout = new FileOutputStream(xmlpath);
XMLOutputter serializer = new XMLOutputter();
serializer.output(reportXML.xmldoc, xmlout);
xmlout.flush();
xmlout.close();
JOptionPane.showMessageDialog(this, "Report has been successfully saved!");
}
catch (IOException e) {
System.err.println(e);
}
} }
private void exportReport(String path) {
String htmlpath = reportUtils.changeExtension(path, ".html");
String xmlpath = reportUtils.changeExtension(path, ".xml");
String xlspath = reportUtils.changeExtension(path, ".xlsx");
try {
Writer out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(htmlpath), "UTF-8"));
// FileOutputStream out = new FileOutputStream(htmlpath);
out.write(reportHTML.formatted_header.toString());
out.flush();
out.close();
//xls report
FileOutputStream fos = new FileOutputStream(xlspath);
reportXLS.wb.write(fos);
fos.close();
FileOutputStream xmlout = new FileOutputStream(xmlpath);
XMLOutputter serializer = new XMLOutputter();
serializer.output(reportXML.xmldoc, xmlout);
xmlout.flush();
xmlout.close();
JOptionPane.showMessageDialog(this, "Report has been successfully saved!");
} catch (IOException e) {
System.err.println(e);
}
}
// Variables declaration - do not modify//GEN-BEGIN:variables // Variables declaration - do not modify//GEN-BEGIN:variables
private javax.swing.JButton jButton1; private javax.swing.JButton jButton1;
private javax.swing.JFileChooser jFileChooser1; private javax.swing.JFileChooser jFileChooser1;
@ -181,6 +167,4 @@ private void saveReportActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FI
private javax.swing.JOptionPane jOptionPane1; private javax.swing.JOptionPane jOptionPane1;
private javax.swing.JButton saveReport; private javax.swing.JButton saveReport;
// End of variables declaration//GEN-END:variables // End of variables declaration//GEN-END:variables
} }

69
Report/src/org/sleuthkit/autopsy/report/reportPanelAction.java
View File

@ -1,6 +1,22 @@
/* /*
* To change this template, choose Tools | Templates *
* and open the template in the editor. * Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/ */
package org.sleuthkit.autopsy.report; package org.sleuthkit.autopsy.report;
@ -8,18 +24,11 @@ import java.awt.Dimension;
import java.awt.Toolkit; import java.awt.Toolkit;
import java.awt.event.ActionEvent; import java.awt.event.ActionEvent;
import java.awt.event.ActionListener; import java.awt.event.ActionListener;
import java.net.URL;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.logging.Level; import java.util.logging.Level;
import javax.swing.JDialog; import javax.swing.JDialog;
import javax.swing.JFrame; import javax.swing.JFrame;
import javax.swing.SwingUtilities; import javax.swing.SwingUtilities;
import javax.swing.event.HyperlinkEvent;
import javax.swing.event.HyperlinkListener;
import org.sleuthkit.autopsy.coreutils.Log; import org.sleuthkit.autopsy.coreutils.Log;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
/** /**
* *
@ -32,15 +41,14 @@ public class reportPanelAction {
} }
public void reportGenerate(ArrayList<Integer> reportlist, final reportFilter rr){ public void reportGenerate(ReportConfiguration reportconfig, final reportFilter rr){
try { try {
//Clear any old reports in the string //Clear any old reports in the string
viewReport.setLength(0); viewReport.setLength(0);
// Generate the reports and create the hashmap // Generate the reports and create the hashmap
final HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> Results = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>(); final ReportGen report = new ReportGen();
report bbreport = new report();
//see what reports we need to run and run them //see what reports we need to run and run them
//Set progress bar to move while doing this //Set progress bar to move while doing this
SwingUtilities.invokeLater(new Runnable() { SwingUtilities.invokeLater(new Runnable() {
@ -48,21 +56,11 @@ public class reportPanelAction {
public void run() { public void run() {
rr.progBarStartText(); rr.progBarStartText();
}}); }});
if(reportlist.contains(1)){Results.putAll(bbreport.getGenInfo());} report.populateReport(reportconfig);
if(reportlist.contains(2)){Results.putAll(bbreport.getWebBookmark());}
if(reportlist.contains(3)){Results.putAll(bbreport.getWebCookie());}
if(reportlist.contains(4)){Results.putAll(bbreport.getWebHistory());}
if(reportlist.contains(5)){Results.putAll(bbreport.getWebDownload());}
if(reportlist.contains(6)){Results.putAll(bbreport.getRecentObject());}
// if(reportlist.contains(7)){Results.putAll(bbreport.getGenInfo());}
if(reportlist.contains(8)){Results.putAll(bbreport.getInstalledProg());}
if(reportlist.contains(9)){Results.putAll(bbreport.getKeywordHit());}
if(reportlist.contains(10)){Results.putAll(bbreport.getHashHit());}
if(reportlist.contains(11)){Results.putAll(bbreport.getDevices());}
SwingUtilities.invokeLater(new Runnable() { SwingUtilities.invokeLater(new Runnable() {
@Override @Override
public void run() { public void run() {
rr.progBarCount(2*Results.size()); rr.progBarCount(2*report.Results.size());
}}); }});
//Turn our results into the appropriate xml/html reports //Turn our results into the appropriate xml/html reports
//TODO: add a way for users to select what they will run when //TODO: add a way for users to select what they will run when
@ -71,7 +69,7 @@ public class reportPanelAction {
@Override @Override
public void run() public void run()
{ {
reportXML xmlReport = new reportXML(Results, rr); reportXML xmlReport = new reportXML(report.Results, rr);
} }
}); });
Thread htmlthread = new Thread(new Runnable() Thread htmlthread = new Thread(new Runnable()
@ -79,7 +77,7 @@ public class reportPanelAction {
@Override @Override
public void run() public void run()
{ {
reportHTML htmlReport = new reportHTML(Results,rr); reportHTML htmlReport = new reportHTML(report.Results,rr);
BrowserControl.openUrl(reportHTML.htmlPath); BrowserControl.openUrl(reportHTML.htmlPath);
} }
}); });
@ -88,7 +86,7 @@ public class reportPanelAction {
@Override @Override
public void run() public void run()
{ {
reportXLS xlsReport = new reportXLS(Results,rr); reportXLS xlsReport = new reportXLS(report.Results,rr);
// //
} }
}); });
@ -110,7 +108,7 @@ public class reportPanelAction {
htmlthread.join(); htmlthread.join();
//Set the temporary label to let the user know its done and is waiting on the report //Set the temporary label to let the user know its done and is waiting on the report
rr.progBarText(); rr.progBarText();
final reportPanel panel = new reportPanel(viewReport.toString()); final reportPanel panel = new reportPanel();
panel.setjButton1ActionListener(new ActionListener() { panel.setjButton1ActionListener(new ActionListener() {
@ -120,19 +118,6 @@ public class reportPanelAction {
popUpWindow.dispose(); popUpWindow.dispose();
} }
}); });
panel.setjEditorPane1EventListener(new HyperlinkListener(){
@Override
public void hyperlinkUpdate(HyperlinkEvent hev) {
try {
if (hev.getEventType() == HyperlinkEvent.EventType.ACTIVATED)
panel.getLink(hev);
}
catch (Exception e) {
// Exceptions thrown...............
}
}
});
// add the panel to the popup window // add the panel to the popup window
popUpWindow.add(panel); popUpWindow.add(panel);

76
Report/src/org/sleuthkit/autopsy/report/reportUtils.java
View File

@ -1,6 +1,22 @@
/* /*
* To change this template, choose Tools | Templates *
* and open the template in the editor. * Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/ */
package org.sleuthkit.autopsy.report; package org.sleuthkit.autopsy.report;
@ -9,34 +25,32 @@ package org.sleuthkit.autopsy.report;
* @author Alex * @author Alex
*/ */
public class reportUtils { public class reportUtils {
static String changeExtension(String originalName, String newExtension) {
int lastDot = originalName.lastIndexOf(".");
if (lastDot != -1) {
return originalName.substring(0, lastDot) + newExtension;
} else {
return originalName + newExtension;
}
}
public static String insertPeriodically( static String changeExtension(String originalName, String newExtension) {
String text, String insert, int period) int lastDot = originalName.lastIndexOf(".");
{ if (lastDot != -1) {
StringBuilder builder = new StringBuilder( return originalName.substring(0, lastDot) + newExtension;
text.length() + insert.length() * (text.length()/period)+1); } else {
return originalName + newExtension;
int index = 0; }
String prefix = ""; }
while (index < text.length())
{ public static String insertPeriodically(
// Don't put the insert in the very first iteration. String text, String insert, int period) {
// This is easier than appending it *after* each substring StringBuilder builder = new StringBuilder(
builder.append(prefix); text.length() + insert.length() * (text.length() / period) + 1);
prefix = insert;
builder.append(text.substring(index, int index = 0;
Math.min(index + period, text.length()))); String prefix = "";
index += period; while (index < text.length()) {
// Don't put the insert in the very first iteration.
// This is easier than appending it *after* each substring
builder.append(prefix);
prefix = insert;
builder.append(text.substring(index,
Math.min(index + period, text.length())));
index += period;
}
return builder.toString();
} }
return builder.toString();
}
} }

692
Report/src/org/sleuthkit/autopsy/report/reportXLS.java
View File

@ -1,11 +1,26 @@
/* /*
* To change this template, choose Tools | Templates *
* and open the template in the editor. * Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/ */
package org.sleuthkit.autopsy.report; package org.sleuthkit.autopsy.report;
import java.io.FileOutputStream; import java.io.FileOutputStream;
import java.io.IOException; import java.io.IOException;
import java.text.DateFormat; import java.text.DateFormat;
import java.text.SimpleDateFormat; import java.text.SimpleDateFormat;
@ -14,362 +29,343 @@ import java.util.Date;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map.Entry; import java.util.Map.Entry;
import java.util.TreeMap; import java.util.TreeMap;
import org.apache.poi.ss.usermodel.Cell; import org.apache.poi.ss.usermodel.*;
import org.apache.poi.ss.usermodel.CellStyle;
import org.apache.poi.ss.usermodel.Font;
import org.apache.poi.ss.usermodel.Row;
import org.apache.poi.ss.usermodel.Sheet;
import org.apache.poi.ss.usermodel.Workbook;
import org.apache.poi.xssf.usermodel.XSSFWorkbook; import org.apache.poi.xssf.usermodel.XSSFWorkbook;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.*;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskData;
/** /**
* *
* @author Alex * @author Alex
*/ */
public class reportXLS { public class reportXLS {
public static Workbook wb = new XSSFWorkbook();
public reportXLS(HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> report, reportFilter rr){
//Empty the workbook first
Workbook wbtemp = new XSSFWorkbook();
int countGen = 0;
int countBookmark = 0;
int countCookie = 0;
int countHistory = 0;
int countDownload = 0;
int countRecentObjects = 0;
int countTrackPoint = 0;
int countInstalled = 0;
int countKeyword = 0;
int countHash = 0;
int countDevice = 0;
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(entry.getKey().getArtifactTypeID() == 1){
countGen++;
}
if(entry.getKey().getArtifactTypeID() == 2){
countBookmark++;
}
if(entry.getKey().getArtifactTypeID() == 3){
countCookie++; public static Workbook wb = new XSSFWorkbook();
}
if(entry.getKey().getArtifactTypeID() == 4){
countHistory++; public reportXLS(HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> report, reportFilter rr) {
//Empty the workbook first
Workbook wbtemp = new XSSFWorkbook();
int countGen = 0;
int countBookmark = 0;
int countCookie = 0;
int countHistory = 0;
int countDownload = 0;
int countRecentObjects = 0;
int countTrackPoint = 0;
int countInstalled = 0;
int countKeyword = 0;
int countHash = 0;
int countDevice = 0;
for (Entry<BlackboardArtifact, ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) {
countGen++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) {
countBookmark++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) {
countCookie++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) {
countHistory++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) {
countDownload++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) {
countRecentObjects++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) {
countTrackPoint++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) {
countInstalled++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
countKeyword++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) {
countHash++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) {
countDevice++;
}
}
try {
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
String caseName = currentCase.getName();
Integer imagecount = currentCase.getImageIDs().length;
Integer filesystemcount = currentCase.getRootObjectsCount();
Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG);
Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR);
DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss");
Date date = new Date();
String datetime = datetimeFormat.format(date);
String datenotime = dateFormat.format(date);
//The first summary report page
Sheet sheetSummary = wbtemp.createSheet("Summary");
//Generate a sheet per artifact type
// Sheet sheetGen = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getDisplayName());
Sheet sheetHash = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getDisplayName());
Sheet sheetDevice = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getDisplayName());
Sheet sheetInstalled = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getDisplayName());
Sheet sheetKeyword = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getDisplayName());
// Sheet sheetTrackpoint = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getDisplayName());
Sheet sheetRecent = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getDisplayName());
Sheet sheetCookie = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getDisplayName());
Sheet sheetBookmark = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getDisplayName());
Sheet sheetDownload = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getDisplayName());
Sheet sheetHistory = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getDisplayName());
//Bold/underline cell style for the top header rows
CellStyle style = wbtemp.createCellStyle();
style.setBorderBottom((short) 2);
Font font = wbtemp.createFont();
font.setFontHeightInPoints((short) 16);
font.setFontName("Courier New");
font.setBoldweight((short) 2);
style.setFont(font);
//create the rows in the worksheet for our records
//Create first row and header
// sheetGen.createRow(0);
// sheetGen.getRow(0).createCell(0).setCellValue("Name");
// sheetGen.getRow(0).createCell(1).setCellValue("Value");
// sheetGen.getRow(0).createCell(2).setCellValue("Date/Time");
sheetSummary.createRow(0).setRowStyle(style);
sheetSummary.getRow(0).createCell(0).setCellValue("Summary Information");
sheetSummary.getRow(0).createCell(1).setCellValue(caseName);
//add some basic information
sheetSummary.createRow(1);
sheetSummary.getRow(1).createCell(0).setCellValue("# of Images");
sheetSummary.getRow(1).createCell(1).setCellValue(imagecount);
sheetSummary.createRow(2);
sheetSummary.getRow(2).createCell(0).setCellValue("Filesystems found");
sheetSummary.getRow(2).createCell(1).setCellValue(imagecount);
sheetSummary.createRow(3);
sheetSummary.getRow(3).createCell(0).setCellValue("# of Files");
sheetSummary.getRow(3).createCell(1).setCellValue(totalfiles);
sheetSummary.createRow(4);
sheetSummary.getRow(4).createCell(0).setCellValue("# of Directories");
sheetSummary.getRow(4).createCell(1).setCellValue(totaldirs);
sheetSummary.createRow(5);
sheetSummary.getRow(5).createCell(0).setCellValue("Date/Time");
sheetSummary.getRow(5).createCell(1).setCellValue(datetime);
sheetHash.createRow(0).setRowStyle(style);
sheetHash.getRow(0).createCell(0).setCellValue("Name");
sheetHash.getRow(0).createCell(1).setCellValue("Size");
sheetHash.getRow(0).createCell(2).setCellValue("Hashset Name");
sheetDevice.createRow(0).setRowStyle(style);
sheetDevice.getRow(0).createCell(0).setCellValue("Name");
sheetDevice.getRow(0).createCell(1).setCellValue("Serial #");
sheetDevice.getRow(0).createCell(2).setCellValue("Time");
sheetInstalled.createRow(0).setRowStyle(style);
sheetInstalled.getRow(0).createCell(0).setCellValue("Program Name");
sheetInstalled.getRow(0).createCell(1).setCellValue("Install Date/Time");
sheetKeyword.createRow(0).setRowStyle(style);
sheetKeyword.getRow(0).createCell(0).setCellValue("Keyword");
sheetKeyword.getRow(0).createCell(1).setCellValue("File Name");
sheetKeyword.getRow(0).createCell(2).setCellValue("Preview");
sheetKeyword.getRow(0).createCell(3).setCellValue("Keyword LIst");
sheetRecent.createRow(0).setRowStyle(style);
sheetRecent.getRow(0).createCell(0).setCellValue("Name");
sheetRecent.getRow(0).createCell(1).setCellValue("Path");
sheetRecent.getRow(0).createCell(2).setCellValue("Related Shortcut");
sheetCookie.createRow(0).setRowStyle(style);
sheetCookie.getRow(0).createCell(0).setCellValue("URL");
sheetCookie.getRow(0).createCell(1).setCellValue("Date");
sheetCookie.getRow(0).createCell(2).setCellValue("Name");
sheetCookie.getRow(0).createCell(3).setCellValue("Value");
sheetCookie.getRow(0).createCell(4).setCellValue("Program");
sheetBookmark.createRow(0).setRowStyle(style);
sheetBookmark.getRow(0).createCell(0).setCellValue("URL");
sheetBookmark.getRow(0).createCell(1).setCellValue("Title");
sheetBookmark.getRow(0).createCell(2).setCellValue("Program");
sheetDownload.createRow(0).setRowStyle(style);
sheetDownload.getRow(0).createCell(0).setCellValue("File");
sheetDownload.getRow(0).createCell(1).setCellValue("Source");
sheetDownload.getRow(0).createCell(2).setCellValue("Time");
sheetDownload.getRow(0).createCell(3).setCellValue("Program");
sheetHistory.createRow(0).setRowStyle(style);
sheetHistory.getRow(0).createCell(0).setCellValue("URL");
sheetHistory.getRow(0).createCell(1).setCellValue("Date");
sheetHistory.getRow(0).createCell(2).setCellValue("Referrer");
sheetHistory.getRow(0).createCell(3).setCellValue("Title");
sheetHistory.getRow(0).createCell(4).setCellValue("Program");
for (int i = 0; i < wbtemp.getNumberOfSheets(); i++) {
Sheet tempsheet = wbtemp.getSheetAt(i);
tempsheet.setAutobreaks(true);
for (Row temprow : tempsheet) {
for (Cell cell : temprow) {
cell.setCellStyle(style);
tempsheet.autoSizeColumn(cell.getColumnIndex());
} }
if(entry.getKey().getArtifactTypeID() == 5){ }
countDownload++; }
int countedGen = 0;
int countedBookmark = 0;
int countedCookie = 0;
int countedHistory = 0;
int countedDownload = 0;
int countedRecentObjects = 0;
int countedTrackPoint = 0;
int countedInstalled = 0;
int countedKeyword = 0;
int countedHash = 0;
int countedDevice = 0;
//start populating the sheets in the workbook
for (Entry<BlackboardArtifact, ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if (reportFilter.cancel == true) {
break;
}
int cc = 0;
Long objId = entry.getKey().getObjectID();
FsContent file = skCase.getFsContentById(objId);
Long filesize = file.getSize();
TreeMap<Integer, String> attributes = new TreeMap<Integer, String>();
// Get all the attributes, line them up to be added. Place empty string placeholders for each attribute type
int n;
for (n = 1; n <= 36; n++) {
attributes.put(n, "");
}
for (BlackboardAttribute tempatt : entry.getValue()) {
if (reportFilter.cancel == true) {
break;
} }
if(entry.getKey().getArtifactTypeID() == 6){ String value = "";
countRecentObjects++; int type = tempatt.getAttributeTypeID();
if (tempatt.getValueString() == null || "null".equals(tempatt.getValueString())) {
} else if (type == 2 || type == 33) {
value = new java.text.SimpleDateFormat("MM/dd/yyyy HH:mm:ss").format(new java.util.Date((tempatt.getValueLong()) * 1000));
} else {
value = tempatt.getValueString();
} }
if(entry.getKey().getArtifactTypeID() == 7){
countTrackPoint++; attributes.put(type, value);
} cc++;
if(entry.getKey().getArtifactTypeID() == 8){ }
countInstalled++;
}
if(entry.getKey().getArtifactTypeID() == 9){ if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) {
countKeyword++; countedGen++;
} // Row temp = sheetGen.getRow(countedGen);
if(entry.getKey().getArtifactTypeID() == 10){
countHash++; }
} if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) {
if(entry.getKey().getArtifactTypeID() == 11){ countedBookmark++;
countDevice++; Row temp = sheetBookmark.createRow(countedBookmark);
} temp.createCell(0).setCellValue(attributes.get(1));
temp.createCell(1).setCellValue(attributes.get(3));
temp.createCell(2).setCellValue(attributes.get(4));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) {
countedCookie++;
Row temp = sheetCookie.createRow(countedCookie);
temp.createCell(0).setCellValue(attributes.get(1));
temp.createCell(1).setCellValue(attributes.get(2));
temp.createCell(2).setCellValue(attributes.get(3));
temp.createCell(3).setCellValue(attributes.get(6));
temp.createCell(4).setCellValue(attributes.get(4));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) {
countedHistory++;
Row temp = sheetHistory.createRow(countedHistory);
temp.createCell(0).setCellValue(attributes.get(1));
temp.createCell(1).setCellValue(attributes.get(33));
temp.createCell(2).setCellValue(attributes.get(32));
temp.createCell(3).setCellValue(attributes.get(3));
temp.createCell(4).setCellValue(attributes.get(4));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) {
countedDownload++;
Row temp = sheetDownload.createRow(countedDownload);
temp.createCell(0).setCellValue(attributes.get(8));
temp.createCell(1).setCellValue(attributes.get(1));
temp.createCell(2).setCellValue(attributes.get(33));
temp.createCell(3).setCellValue(attributes.get(4));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) {
countedRecentObjects++;
Row temp = sheetRecent.createRow(countedRecentObjects);
temp.createCell(0).setCellValue(attributes.get(3));
temp.createCell(1).setCellValue(attributes.get(8));
temp.createCell(2).setCellValue(file.getName());
temp.createCell(3).setCellValue(attributes.get(4));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) {
// sheetTrackpoint.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) {
countedInstalled++;
Row temp = sheetInstalled.createRow(countedInstalled);
temp.createCell(0).setCellValue(attributes.get(4));
temp.createCell(1).setCellValue(attributes.get(2));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
countedKeyword++;
Row temp = sheetKeyword.createRow(countedKeyword);
temp.createCell(0).setCellValue(attributes.get(10));
temp.createCell(1).setCellValue(attributes.get(3));
temp.createCell(2).setCellValue(attributes.get(12));
temp.createCell(3).setCellValue(attributes.get(13));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) {
countedHash++;
Row temp = sheetHash.createRow(countedHash);
temp.createCell(0).setCellValue(file.getName().toString());
temp.createCell(1).setCellValue(filesize.toString());
temp.createCell(2).setCellValue(attributes.get(30));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) {
countedDevice++;
Row temp = sheetDevice.createRow(countedDevice);
temp.createCell(0).setCellValue(attributes.get(18));
temp.createCell(1).setCellValue(attributes.get(20));
temp.createCell(2).setCellValue(attributes.get(2));
}
cc++;
rr.progBarSet(cc);
}
//write out the report to the reports folder
try {
FileOutputStream fos = new FileOutputStream(currentCase.getCaseDirectory() + "/Reports/" + caseName + "-" + datenotime + ".xlsx");
wbtemp.write(fos);
fos.close();
wb = wbtemp;
} catch (IOException e) {
System.err.println(e);
}
} catch (Exception E) {
String test = E.toString();
}
} }
try{
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
String caseName = currentCase.getName();
Integer imagecount = currentCase.getImageIDs().length;
Integer filesystemcount = currentCase.getRootObjectsCount();
Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG);
Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR);
DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss");
Date date = new Date();
String datetime = datetimeFormat.format(date);
String datenotime = dateFormat.format(date);
//The first summary report page
Sheet sheetSummary = wbtemp.createSheet("Summary");
//Generate a sheet per artifact type
// Sheet sheetGen = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getDisplayName());
Sheet sheetHash = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getDisplayName());
Sheet sheetDevice = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getDisplayName());
Sheet sheetInstalled = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getDisplayName());
Sheet sheetKeyword = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getDisplayName());
// Sheet sheetTrackpoint = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getDisplayName());
Sheet sheetRecent = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getDisplayName());
Sheet sheetCookie = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getDisplayName());
Sheet sheetBookmark = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getDisplayName());
Sheet sheetDownload = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getDisplayName());
Sheet sheetHistory = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getDisplayName());
//Bold/underline cell style for the top header rows
CellStyle style = wbtemp.createCellStyle();
style.setBorderBottom((short) 2);
Font font = wbtemp.createFont();
font.setFontHeightInPoints((short)16);
font.setFontName("Courier New");
font.setBoldweight((short)2);
style.setFont(font);
//create the rows in the worksheet for our records
//Create first row and header
// sheetGen.createRow(0);
// sheetGen.getRow(0).createCell(0).setCellValue("Name");
// sheetGen.getRow(0).createCell(1).setCellValue("Value");
// sheetGen.getRow(0).createCell(2).setCellValue("Date/Time");
sheetSummary.createRow(0).setRowStyle(style);
sheetSummary.getRow(0).createCell(0).setCellValue("Summary Information");
sheetSummary.getRow(0).createCell(1).setCellValue(caseName);
//add some basic information
sheetSummary.createRow(1);
sheetSummary.getRow(1).createCell(0).setCellValue("# of Images");
sheetSummary.getRow(1).createCell(1).setCellValue(imagecount);
sheetSummary.createRow(2);
sheetSummary.getRow(2).createCell(0).setCellValue("Filesystems found");
sheetSummary.getRow(2).createCell(1).setCellValue(imagecount);
sheetSummary.createRow(3);
sheetSummary.getRow(3).createCell(0).setCellValue("# of Files");
sheetSummary.getRow(3).createCell(1).setCellValue(totalfiles);
sheetSummary.createRow(4);
sheetSummary.getRow(4).createCell(0).setCellValue("# of Directories");
sheetSummary.getRow(4).createCell(1).setCellValue(totaldirs);
sheetSummary.createRow(5);
sheetSummary.getRow(5).createCell(0).setCellValue("Date/Time");
sheetSummary.getRow(5).createCell(1).setCellValue(datetime);
sheetHash.createRow(0).setRowStyle(style);
sheetHash.getRow(0).createCell(0).setCellValue("Name");
sheetHash.getRow(0).createCell(1).setCellValue("Size");
sheetHash.getRow(0).createCell(2).setCellValue("Hashset Name");
sheetDevice.createRow(0).setRowStyle(style);
sheetDevice.getRow(0).createCell(0).setCellValue("Name");
sheetDevice.getRow(0).createCell(1).setCellValue("Serial #");
sheetDevice.getRow(0).createCell(2).setCellValue("Time");
sheetInstalled.createRow(0).setRowStyle(style);
sheetInstalled.getRow(0).createCell(0).setCellValue("Program Name");
sheetInstalled.getRow(0).createCell(1).setCellValue("Install Date/Time");
sheetKeyword.createRow(0).setRowStyle(style);
sheetKeyword.getRow(0).createCell(0).setCellValue("Keyword");
sheetKeyword.getRow(0).createCell(1).setCellValue("File Name");
sheetKeyword.getRow(0).createCell(2).setCellValue("Preview");
sheetKeyword.getRow(0).createCell(3).setCellValue("Keyword LIst");
sheetRecent.createRow(0).setRowStyle(style);
sheetRecent.getRow(0).createCell(0).setCellValue("Name");
sheetRecent.getRow(0).createCell(1).setCellValue("Path");
sheetRecent.getRow(0).createCell(2).setCellValue("Related Shortcut");
sheetCookie.createRow(0).setRowStyle(style);
sheetCookie.getRow(0).createCell(0).setCellValue("URL");
sheetCookie.getRow(0).createCell(1).setCellValue("Date");
sheetCookie.getRow(0).createCell(2).setCellValue("Name");
sheetCookie.getRow(0).createCell(3).setCellValue("Value");
sheetCookie.getRow(0).createCell(4).setCellValue("Program");
sheetBookmark.createRow(0).setRowStyle(style);
sheetBookmark.getRow(0).createCell(0).setCellValue("URL");
sheetBookmark.getRow(0).createCell(1).setCellValue("Title");
sheetBookmark.getRow(0).createCell(2).setCellValue("Program");
sheetDownload.createRow(0).setRowStyle(style);
sheetDownload.getRow(0).createCell(0).setCellValue("File");
sheetDownload.getRow(0).createCell(1).setCellValue("Source");
sheetDownload.getRow(0).createCell(2).setCellValue("Time");
sheetDownload.getRow(0).createCell(3).setCellValue("Program");
sheetHistory.createRow(0).setRowStyle(style);
sheetHistory.getRow(0).createCell(0).setCellValue("URL");
sheetHistory.getRow(0).createCell(1).setCellValue("Date");
sheetHistory.getRow(0).createCell(2).setCellValue("Referrer");
sheetHistory.getRow(0).createCell(3).setCellValue("Title");
sheetHistory.getRow(0).createCell(4).setCellValue("Program");
for(int i = 0;i < wbtemp.getNumberOfSheets();i++){
Sheet tempsheet = wbtemp.getSheetAt(i);
tempsheet.setAutobreaks(true);
for (Row temprow : tempsheet){
for (Cell cell : temprow) {
cell.setCellStyle(style);
tempsheet.autoSizeColumn(cell.getColumnIndex());
}
}
}
int countedGen = 0;
int countedBookmark = 0;
int countedCookie = 0;
int countedHistory = 0;
int countedDownload = 0;
int countedRecentObjects = 0;
int countedTrackPoint = 0;
int countedInstalled = 0;
int countedKeyword = 0;
int countedHash = 0;
int countedDevice = 0;
//start populating the sheets in the workbook
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(reportFilter.cancel == true){
break;
}
int cc = 0;
Long objId = entry.getKey().getObjectID();
FsContent file = skCase.getFsContentById(objId);
Long filesize = file.getSize();
TreeMap<Integer, String> attributes = new TreeMap<Integer,String>();
// Get all the attributes, line them up to be added. Place empty string placeholders for each attribute type
int n;
for(n=1;n<=36;n++)
{
attributes.put(n, "");
}
for (BlackboardAttribute tempatt : entry.getValue())
{
if(reportFilter.cancel == true){
break;
}
String value = "";
int type = tempatt.getAttributeTypeID();
if(tempatt.getValueString() == null || "null".equals(tempatt.getValueString())){
}
else if(type == 2){
value = new java.text.SimpleDateFormat("MM/dd/yyyy HH:mm:ss").format(new java.util.Date ((tempatt.getValueLong())*1000));
}
else
{
value = tempatt.getValueString();
}
attributes.put(type, value);
cc++;
}
if(entry.getKey().getArtifactTypeID() == 1){
countedGen++;
// Row temp = sheetGen.getRow(countedGen);
}
if(entry.getKey().getArtifactTypeID() == 2){
countedBookmark++;
Row temp = sheetBookmark.createRow(countedBookmark);
temp.createCell(0).setCellValue(attributes.get(1));
temp.createCell(1).setCellValue(attributes.get(3));
temp.createCell(2).setCellValue(attributes.get(4));
}
if(entry.getKey().getArtifactTypeID() == 3){
countedCookie++;
Row temp = sheetCookie.createRow(countedCookie);
temp.createCell(0).setCellValue(attributes.get(1));
temp.createCell(1).setCellValue(attributes.get(2));
temp.createCell(2).setCellValue(attributes.get(3));
temp.createCell(3).setCellValue(attributes.get(6));
temp.createCell(4).setCellValue(attributes.get(4));
}
if(entry.getKey().getArtifactTypeID() == 4){
countedHistory++;
Row temp = sheetHistory.createRow(countedHistory);
temp.createCell(0).setCellValue(attributes.get(1));
temp.createCell(1).setCellValue(attributes.get(33));
temp.createCell(2).setCellValue(attributes.get(32));
temp.createCell(3).setCellValue(attributes.get(3));
temp.createCell(4).setCellValue(attributes.get(4));
}
if(entry.getKey().getArtifactTypeID() == 5){
countedDownload++;
Row temp = sheetDownload.createRow(countedDownload);
temp.createCell(0).setCellValue(attributes.get(8));
temp.createCell(1).setCellValue(attributes.get(1));
temp.createCell(2).setCellValue(attributes.get(33));
temp.createCell(3).setCellValue(attributes.get(4));
}
if(entry.getKey().getArtifactTypeID() == 6){
countedRecentObjects++;
Row temp = sheetRecent.createRow(countedRecentObjects);
temp.createCell(0).setCellValue(attributes.get(3));
temp.createCell(1).setCellValue(attributes.get(8));
temp.createCell(2).setCellValue(file.getName());
temp.createCell(3).setCellValue(attributes.get(4));
}
if(entry.getKey().getArtifactTypeID() == 7){
// sheetTrackpoint.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 8){
countedInstalled++;
Row temp = sheetInstalled.createRow(countedInstalled);
temp.createCell(0).setCellValue(attributes.get(4));
temp.createCell(1).setCellValue(attributes.get(2));
}
if(entry.getKey().getArtifactTypeID() == 9){
countedKeyword++;
Row temp = sheetKeyword.createRow(countedKeyword);
temp.createCell(0).setCellValue(attributes.get(10));
temp.createCell(1).setCellValue(attributes.get(3));
temp.createCell(2).setCellValue(attributes.get(12));
temp.createCell(3).setCellValue(attributes.get(13));
}
if(entry.getKey().getArtifactTypeID() == 10){
countedHash++;
Row temp = sheetHash.createRow(countedHash);
temp.createCell(0).setCellValue(file.getName().toString());
temp.createCell(1).setCellValue(filesize.toString());
temp.createCell(2).setCellValue(attributes.get(30));
}
if(entry.getKey().getArtifactTypeID() == 11){
countedDevice++;
Row temp = sheetDevice.createRow(countedDevice);
temp.createCell(0).setCellValue(attributes.get(18));
temp.createCell(1).setCellValue(attributes.get(20));
temp.createCell(2).setCellValue(attributes.get(2));
}
cc++;
rr.progBarSet(cc);
}
//write out the report to the reports folder
try {
FileOutputStream fos = new FileOutputStream(currentCase.getCaseDirectory()+"/Reports/" + caseName + "-" + datenotime + ".xlsx");
wbtemp.write(fos);
fos.close();
wb = wbtemp;
}
catch (IOException e) {
System.err.println(e);
}
}
catch(Exception E)
{
String test = E.toString();
}
}
} }

292
Report/src/org/sleuthkit/autopsy/report/reportXML.java
View File

@ -1,8 +1,25 @@
/* /*
* To change this template, choose Tools | Templates *
* and open the template in the editor. * Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/ */
package org.sleuthkit.autopsy.report; package org.sleuthkit.autopsy.report;
import java.io.FileOutputStream; import java.io.FileOutputStream;
import java.io.IOException; import java.io.IOException;
import java.text.DateFormat; import java.text.DateFormat;
@ -31,128 +48,129 @@ import org.sleuthkit.datamodel.File;
import org.sleuthkit.datamodel.Image; import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskData; import org.sleuthkit.datamodel.TskData;
public class reportXML { public class reportXML {
public static Document xmldoc = new Document(); public static Document xmldoc = new Document();
public reportXML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> report, reportFilter rr){
try{ public reportXML(HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> report, reportFilter rr) {
Case currentCase = Case.getCurrentCase(); // get the most updated case try {
SleuthkitCase skCase = currentCase.getSleuthkitCase(); Case currentCase = Case.getCurrentCase(); // get the most updated case
String caseName = currentCase.getName(); SleuthkitCase skCase = currentCase.getSleuthkitCase();
Integer imagecount = currentCase.getImageIDs().length; String caseName = currentCase.getName();
Integer filesystemcount = currentCase.getRootObjectsCount(); Integer imagecount = currentCase.getImageIDs().length;
Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG); Integer filesystemcount = currentCase.getRootObjectsCount();
Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR); Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG);
Element root = new Element("Case"); Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR);
xmldoc = new Document(root); Element root = new Element("Case");
DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); xmldoc = new Document(root);
DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss"); DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
Date date = new Date(); DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss");
String datetime = datetimeFormat.format(date); Date date = new Date();
String datenotime = dateFormat.format(date); String datetime = datetimeFormat.format(date);
Comment comment = new Comment("XML Report Generated by Autopsy 3 on " + datetime); String datenotime = dateFormat.format(date);
root.addContent(comment); Comment comment = new Comment("XML Report Generated by Autopsy 3 on " + datetime);
//Create summary node involving how many of each type root.addContent(comment);
Element summary = new Element("Summary"); //Create summary node involving how many of each type
if(IngestManager.getDefault().isIngestRunning()) Element summary = new Element("Summary");
{ if (IngestManager.getDefault().isIngestRunning()) {
summary.addContent(new Element("Warning").setText("Report was run before ingest services completed!")); summary.addContent(new Element("Warning").setText("Report was run before ingest services completed!"));
} }
summary.addContent(new Element("Name").setText(caseName)); summary.addContent(new Element("Name").setText(caseName));
summary.addContent(new Element("Total-Images").setText(imagecount.toString())); summary.addContent(new Element("Total-Images").setText(imagecount.toString()));
summary.addContent(new Element("Total-FileSystems").setText(filesystemcount.toString())); summary.addContent(new Element("Total-FileSystems").setText(filesystemcount.toString()));
summary.addContent(new Element("Total-Files").setText(totalfiles.toString())); summary.addContent(new Element("Total-Files").setText(totalfiles.toString()));
summary.addContent(new Element("Total-Directories").setText(totaldirs.toString())); summary.addContent(new Element("Total-Directories").setText(totaldirs.toString()));
root.addContent(summary); root.addContent(summary);
//generate the nodes for each of the types so we can use them later //generate the nodes for each of the types so we can use them later
Element nodeGen = new Element("General-Information"); Element nodeGen = new Element("General-Information");
Element nodeWebBookmark = new Element("Web-Bookmarks"); Element nodeWebBookmark = new Element("Web-Bookmarks");
Element nodeWebCookie = new Element("Web-Cookies"); Element nodeWebCookie = new Element("Web-Cookies");
Element nodeWebHistory = new Element("Web-History"); Element nodeWebHistory = new Element("Web-History");
Element nodeWebDownload = new Element("Web-Downloads"); Element nodeWebDownload = new Element("Web-Downloads");
Element nodeRecentObjects = new Element("Recent-Documents"); Element nodeRecentObjects = new Element("Recent-Documents");
Element nodeTrackPoint = new Element("Track-Points"); Element nodeTrackPoint = new Element("Track-Points");
Element nodeInstalled = new Element("Installed-Programfiles"); Element nodeInstalled = new Element("Installed-Programfiles");
Element nodeKeyword = new Element("Keyword-Search-Hits"); Element nodeKeyword = new Element("Keyword-Search-Hits");
Element nodeHash = new Element("Hashset-Hits"); Element nodeHash = new Element("Hashset-Hits");
Element nodeDevice = new Element("Attached-Devices"); Element nodeDevice = new Element("Attached-Devices");
//remove bytes //remove bytes
Pattern INVALID_XML_CHARS = Pattern.compile("[^\\u0009\\u000A\\u000D\\u0020-\\uD7FF\\uE000-\\uFFFD\uD800\uDC00-\uDBFF\uDFFF]"); Pattern INVALID_XML_CHARS = Pattern.compile("[^\\u0009\\u000A\\u000D\\u0020-\\uD7FF\\uE000-\\uFFFD\uD800\uDC00-\uDBFF\uDFFF]");
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) { for (Entry<BlackboardArtifact, ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(reportFilter.cancel == true){ if (reportFilter.cancel == true) {
break; break;
} }
int cc = 0; int cc = 0;
Element artifact = new Element("Artifact"); Element artifact = new Element("Artifact");
Long objId = entry.getKey().getObjectID(); Long objId = entry.getKey().getObjectID();
Content cont = skCase.getContentById(objId); Content cont = skCase.getContentById(objId);
Long filesize = cont.getSize(); Long filesize = cont.getSize();
artifact.setAttribute("ID", objId.toString()); artifact.setAttribute("ID", objId.toString());
artifact.setAttribute("Name", cont.accept(new NameVisitor())); artifact.setAttribute("Name", cont.accept(new NameVisitor()));
artifact.setAttribute("Size", filesize.toString()); artifact.setAttribute("Size", filesize.toString());
// Get all the attributes for this guy // Get all the attributes for this guy
for (BlackboardAttribute tempatt : entry.getValue()) for (BlackboardAttribute tempatt : entry.getValue()) {
{ if (reportFilter.cancel == true) {
if(reportFilter.cancel == true){ break;
break; }
} Element attribute = new Element("Attribute").setAttribute("Type", tempatt.getAttributeTypeDisplayName());
Element attribute = new Element("Attribute").setAttribute("Type",tempatt.getAttributeTypeDisplayName()); String tempvalue = tempatt.getValueString();
String tempvalue = tempatt.getValueString(); //INVALID_XML_CHARS.matcher(tempvalue).replaceAll("");
//INVALID_XML_CHARS.matcher(tempvalue).replaceAll(""); Element value = new Element("Value").setText(tempvalue);
Element value = new Element("Value").setText(tempvalue); attribute.addContent(value);
attribute.addContent(value); Element context = new Element("Context").setText(StringEscapeUtils.escapeXml(tempatt.getContext()));
Element context = new Element("Context").setText(StringEscapeUtils.escapeXml(tempatt.getContext())); attribute.addContent(context);
attribute.addContent(context); artifact.addContent(attribute);
artifact.addContent(attribute); cc++;
cc++; }
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) {
if(entry.getKey().getArtifactTypeID() == 1){ //while (entry.getValue().iterator().hasNext())
//while (entry.getValue().iterator().hasNext()) // {
// { // }
// } nodeGen.addContent(artifact);
nodeGen.addContent(artifact); }
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) {
nodeWebBookmark.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) {
nodeWebCookie.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) {
nodeWebHistory.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) {
nodeWebDownload.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) {
nodeRecentObjects.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) {
nodeTrackPoint.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) {
nodeInstalled.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
nodeKeyword.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) {
nodeHash.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) {
nodeDevice.addContent(artifact);
}
cc++;
rr.progBarSet(cc);
//end of master loop
} }
if(entry.getKey().getArtifactTypeID() == 2){
//add them in the order we want them to the document
nodeWebBookmark.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 3){
nodeWebCookie.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 4){
nodeWebHistory.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 5){
nodeWebDownload.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 6){
nodeRecentObjects.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 7){
nodeTrackPoint.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 8){
nodeInstalled.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 9){
nodeKeyword.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 10){
nodeHash.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 11){
nodeDevice.addContent(artifact);
}
cc++;
rr.progBarSet(cc);
//end of master loop
}
//add them in the order we want them to the document
root.addContent(nodeGen); root.addContent(nodeGen);
root.addContent(nodeWebBookmark); root.addContent(nodeWebBookmark);
root.addContent(nodeWebCookie); root.addContent(nodeWebCookie);
@ -162,26 +180,24 @@ public class reportXML {
root.addContent(nodeTrackPoint); root.addContent(nodeTrackPoint);
root.addContent(nodeInstalled); root.addContent(nodeInstalled);
root.addContent(nodeKeyword); root.addContent(nodeKeyword);
root.addContent(nodeHash); root.addContent(nodeHash);
root.addContent(nodeDevice); root.addContent(nodeDevice);
try {
FileOutputStream out = new FileOutputStream(currentCase.getCaseDirectory()+"/Reports/" + caseName + "-" + datenotime + ".xml");
XMLOutputter serializer = new XMLOutputter();
serializer.output(xmldoc, out);
out.flush();
out.close();
}
catch (IOException e) {
System.err.println(e);
}
} try {
catch (Exception e){ FileOutputStream out = new FileOutputStream(currentCase.getCaseDirectory() + "/Reports/" + caseName + "-" + datenotime + ".xml");
Logger.getLogger(reportXML.class.getName()).log(Level.WARNING, "Exception occurred", e); XMLOutputter serializer = new XMLOutputter();
serializer.output(xmldoc, out);
out.flush();
out.close();
} catch (IOException e) {
System.err.println(e);
}
} catch (Exception e) {
Logger.getLogger(reportXML.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
} }
}
private class NameVisitor extends ContentVisitor.Default<String> { private class NameVisitor extends ContentVisitor.Default<String> {
@Override @Override