mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 18:17:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Readdition of merged files.

Browse Source
This commit is contained in:
Alex Ebadirad 2012-05-02 15:01:29 -07:00
parent bce66978c4
commit 15136d3a61
12 changed files with 1324 additions and 1306 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
Report/src/org/sleuthkit/autopsy/report/ReportModuleException.java Normal file
View File

@ -0,0 +1,33 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
//exception thrown by a reporting module when report generation failed
class ReportModuleException extends Exception {
public ReportModuleException(String msg) {
super(msg);
}
public ReportModuleException(String msg, Exception ex) {
super(msg, ex);
}
}

277
Report/src/org/sleuthkit/autopsy/report/report.java
View File

@ -1,12 +1,29 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.sql.ResultSet;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.sleuthkit.autopsy.casemodule.Case;
@ -18,261 +35,207 @@ import org.sleuthkit.datamodel.SleuthkitCase;
*
* @author Alex
*/
public class report implements reportInterface {
public class report {
private void report(){
private void report() {
}
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getGenInfo() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getGenInfo() {
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(1);
for (BlackboardArtifact artifact : bbart)
{
try {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO);
for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
} catch (Exception e) {
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getWebHistory() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getWebHistory() {
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(4);
for (BlackboardArtifact artifact : bbart)
{
try {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY);
for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
} catch (Exception e) {
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getWebCookie() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
}
public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getWebCookie() {
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(3);
for (BlackboardArtifact artifact : bbart)
{
try {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE);
for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
} catch (Exception e) {
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getWebBookmark() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
}
public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getWebBookmark() {
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(2);
for (BlackboardArtifact artifact : bbart)
{
try {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK);
for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
} catch (Exception e) {
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getWebDownload() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getWebDownload() {
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(5);
for (BlackboardArtifact artifact : bbart)
{
try {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD);
for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
} catch (Exception e) {
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getRecentObject() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getRecentObject() {
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(6);
for (BlackboardArtifact artifact : bbart)
{
try {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT);
for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
} catch (Exception e) {
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getKeywordHit() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getKeywordHit() {
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(9);
for (BlackboardArtifact artifact : bbart)
{
try {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT);
for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
} catch (Exception e) {
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getHashHit() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
}
public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getHashHit() {
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(10);
for (BlackboardArtifact artifact : bbart)
{
try {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT);
for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
} catch (Exception e) {
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getInstalledProg() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
}
public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getInstalledProg() {
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(8);
for (BlackboardArtifact artifact : bbart)
{
try {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG);
for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
} catch (Exception e) {
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getDevices() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getDevices() {
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(11);
for (BlackboardArtifact artifact : bbart)
{
try {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED);
for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
} catch (Exception e) {
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
}
@Override
public String getGroupedKeywordHit() {
public String getGroupedKeywordHit() {
StringBuilder table = new StringBuilder();
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
try {
ResultSet uniqueresults = tempDb.runQuery("SELECT DISTINCT value_text from blackboard_attributes where attribute_type_id = '10' order by value_text ASC");
while(uniqueresults.next())
{
while (uniqueresults.next()) {
table.append("<strong>").append(uniqueresults.getString("value_text")).append("</strong>");
table.append("<table><thead><tr><th>").append("File Name").append("</th><th>Preview</th><th>Keyword List</th></tr><tbody>");
ArrayList<BlackboardArtifact> artlist = new ArrayList<BlackboardArtifact>();
ResultSet tempresults = tempDb.runQuery("select DISTINCT artifact_id from blackboard_attributes where attribute_type_id = '10' and value_text = '" + uniqueresults.getString("value_text") +"'");
while(tempresults.next())
{
ResultSet tempresults = tempDb.runQuery("select DISTINCT artifact_id from blackboard_attributes where attribute_type_id = '10' and value_text = '" + uniqueresults.getString("value_text") + "'");
while (tempresults.next()) {
artlist.add(tempDb.getBlackboardArtifact(tempresults.getLong("artifact_id")));
}
for(BlackboardArtifact art : artlist)
{
for (BlackboardArtifact art : artlist) {
String filename = tempDb.getFsContentById(art.getObjectID()).getName();
String preview = "";
String set = "";
table.append("<tr><td>").append(filename).append("</td>");
ArrayList<BlackboardAttribute> tempatts = art.getAttributes();
for(BlackboardAttribute att : tempatts)
{
if(att.getAttributeTypeID() == 12)
{
for (BlackboardAttribute att : tempatts) {
if (att.getAttributeTypeID() == 12) {
preview = "<td>" + att.getValueString() + "</td>";
}
if(att.getAttributeTypeID() == 13)
{
if (att.getAttributeTypeID() == 13) {
set = "<td>" + att.getValueString() + "</td>";
}
}
@ -282,14 +245,32 @@ public String getGroupedKeywordHit() {
table.append("</tbody></table><br /><br />");
}
}
catch (Exception e)
{
} catch (Exception e) {
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
String result = table.toString();
return result;
}
}
public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getAllTypes(ReportConfiguration config) {
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try {
for (Map.Entry<BlackboardArtifact.ARTIFACT_TYPE, Boolean> entry : config.config.entrySet()) {
if (entry.getValue()) {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(entry.getKey());
for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
}
} catch (Exception e) {
Logger.getLogger(report.class.getName()).log(Level.INFO, "Exception occurred", e);
}
return reportMap;
}
}

53
Report/src/org/sleuthkit/autopsy/report/reportAction.java
View File

@ -1,6 +1,22 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
@ -12,22 +28,22 @@ import java.awt.event.ActionListener;
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import java.io.File;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.swing.ImageIcon;
import javax.swing.JButton;
import javax.swing.JDialog;
import javax.swing.JFrame;
import org.openide.awt.ActionRegistration;
import org.openide.awt.ActionID;
import org.openide.awt.ActionReference;
import org.openide.awt.ActionReferences;
import org.openide.awt.ActionID;
import org.openide.awt.ActionRegistration;
import org.openide.util.HelpCtx;
import org.openide.util.NbBundle.Messages;
import org.openide.util.actions.CallableSystemAction;
import org.openide.util.actions.Presenter;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.coreutils.Log;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.swing.ImageIcon;
@ActionID(category = "Tools",
id = "org.sleuthkit.autopsy.report.reportAction")
@ -36,11 +52,11 @@ id = "org.sleuthkit.autopsy.report.reportAction")
@ActionReference(path = "Menu/Tools", position = 80)
})
@Messages("CTL_reportAction=Run Report")
public final class reportAction extends CallableSystemAction implements Presenter.Toolbar{
public final class reportAction extends CallableSystemAction implements Presenter.Toolbar {
private JButton toolbarButton = new JButton();
private static final String ACTION_NAME = "Generate Report";
Logger logger = Logger.getLogger(reportAction.class.getName());
static final Logger logger = Logger.getLogger(reportAction.class.getName());
public reportAction() {
setEnabled(false);
@ -48,14 +64,13 @@ public final class reportAction extends CallableSystemAction implements Presente
@Override
public void propertyChange(PropertyChangeEvent evt) {
if(evt.getPropertyName().equals(Case.CASE_CURRENT_CASE)){
if (evt.getPropertyName().equals(Case.CASE_CURRENT_CASE)) {
setEnabled(evt.getNewValue() != null);
}
}
});
//attempt to create a report folder if a case is active
Case.addPropertyChangeListener(new PropertyChangeListener () {
Case.addPropertyChangeListener(new PropertyChangeListener() {
@Override
public void propertyChange(PropertyChangeEvent evt) {
@ -63,25 +78,23 @@ public final class reportAction extends CallableSystemAction implements Presente
//case has been changed
if (changed.equals(Case.CASE_CURRENT_CASE)) {
Case newCase = (Case)evt.getNewValue();
Case newCase = (Case) evt.getNewValue();
if (newCase != null) {
boolean exists = (new File(newCase.getCaseDirectory() + "\\Reports")).exists();
if (exists) {
// report directory exists -- don't need to do anything
} else {
// report directory does not exist -- create it
boolean reportCreate = (new File(newCase.getCaseDirectory() + "\\Reports")).mkdirs();
if(!reportCreate){
if (!reportCreate) {
logger.log(Level.WARNING, "Could not create Reports directory for case. It does not exist.");
}
}
}
}
}
});
});
// set action of the toolbar button
toolbarButton.addActionListener(new ActionListener() {
@ -105,6 +118,7 @@ public final class reportAction extends CallableSystemAction implements Presente
// initialize panel with loaded settings
final reportFilter panel = new reportFilter();
panel.setjButton2ActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
popUpWindow.dispose();
@ -134,7 +148,6 @@ public final class reportAction extends CallableSystemAction implements Presente
@Override
public void performAction() {
}
@Override
@ -166,7 +179,7 @@ public final class reportAction extends CallableSystemAction implements Presente
* @param value whether to enable this action or not
*/
@Override
public void setEnabled(boolean value){
public void setEnabled(boolean value) {
super.setEnabled(value);
toolbarButton.setEnabled(value);
}

17
Report/src/org/sleuthkit/autopsy/report/reportFilter.form
View File

@ -1,4 +1,4 @@
<?xml version="1.1" encoding="UTF-8" ?>
<?xml version="1.0" encoding="UTF-8" ?>
<Form version="1.5" maxVersion="1.7" type="org.netbeans.modules.form.forminfo.JPanelFormInfo">
<NonVisualComponents>
@ -40,7 +40,11 @@
<EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0">
<Group type="103" groupAlignment="0" attributes="0">
<Component id="jButton1" min="-2" max="-2" attributes="0"/>
<EmptySpace max="32767" attributes="0"/>
<Component id="cancelButton" min="-2" max="-2" attributes="0"/>
<EmptySpace min="-2" pref="156" max="-2" attributes="0"/>
</Group>
<Component id="jCheckBox3" alignment="0" min="-2" max="-2" attributes="0"/>
<Group type="102" alignment="0" attributes="0">
<Group type="103" groupAlignment="0" attributes="0">
@ -53,15 +57,6 @@
<Component id="jCheckBox4" alignment="0" min="-2" max="-2" attributes="0"/>
</Group>
</Group>
</Group>
<EmptySpace min="-2" pref="69" max="-2" attributes="0"/>
</Group>
<Group type="102" alignment="0" attributes="0">
<Component id="jButton1" min="-2" max="-2" attributes="0"/>
<EmptySpace max="32767" attributes="0"/>
<Component id="cancelButton" min="-2" max="-2" attributes="0"/>
<EmptySpace min="-2" pref="156" max="-2" attributes="0"/>
</Group>
<Component id="progBar" alignment="0" min="-2" pref="231" max="-2" attributes="0"/>
</Group>
<EmptySpace max="-2" attributes="0"/>

3
Report/src/org/sleuthkit/autopsy/report/reportFilterAction.java
View File

@ -16,7 +16,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.awt.Container;
@ -31,6 +30,7 @@ import org.sleuthkit.autopsy.coreutils.Log;
/**
* The reportFilterAction opens the reportFilterPanel in a dialog, and saves the
* settings of the panel if the Apply button is clicked.
*
* @author pmartel
*/
class reportFilterAction {
@ -81,4 +81,3 @@ class reportFilterAction {
return HelpCtx.DEFAULT_HELP;
}
}

158
Report/src/org/sleuthkit/autopsy/report/reportHTML.java
View File

@ -1,6 +1,22 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
@ -36,7 +52,8 @@ public class reportHTML {
public static StringBuilder unformatted_header = new StringBuilder();
public static StringBuilder formatted_header = new StringBuilder();
public static String htmlPath = "";
public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> report, reportFilter rr){
public reportHTML(HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> report, reportFilter rr) {
//This is literally a terrible way to count up all the types of artifacts, and doesn't include any added ones.
//Unlike the XML report, which is dynamic, this is formatted and needs to be redone later instead of being hardcoded.
@ -56,45 +73,45 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
int countKeyword = 0;
int countHash = 0;
int countDevice = 0;
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(entry.getKey().getArtifactTypeID() == 1){
for (Entry<BlackboardArtifact, ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) {
countGen++;
}
if(entry.getKey().getArtifactTypeID() == 2){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) {
countWebBookmark++;
}
if(entry.getKey().getArtifactTypeID() == 3){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) {
countWebCookie++;
}
if(entry.getKey().getArtifactTypeID() == 4){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) {
countWebHistory++;
}
if(entry.getKey().getArtifactTypeID() == 5){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) {
countWebDownload++;
}
if(entry.getKey().getArtifactTypeID() == 6){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) {
countRecentObjects++;
}
if(entry.getKey().getArtifactTypeID() == 7){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) {
countTrackPoint++;
}
if(entry.getKey().getArtifactTypeID() == 8){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) {
countInstalled++;
}
if(entry.getKey().getArtifactTypeID() == 9){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
countKeyword++;
}
if(entry.getKey().getArtifactTypeID() == 10){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) {
countHash++;
}
if(entry.getKey().getArtifactTypeID() == 11){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) {
countDevice++;
}
}
try{
try {
String ingestwarning = "<h2 style=\"color: red;\">Warning, this report was run before ingest services completed!</h2>";
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
@ -147,8 +164,7 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
// Add summary information now
formatted_Report.append("<h1>Report for Case: ").append(caseName).append("</h1>");
if(IngestManager.getDefault().isIngestRunning())
{
if (IngestManager.getDefault().isIngestRunning()) {
formatted_Report.append(ingestwarning);
}
formatted_Report.append("<h2>Case Summary</h2><p>HTML Report Generated by <strong>Autopsy 3</strong> on ").append(datetime).append("<ul>");
@ -159,31 +175,31 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
formatted_Report.append("<li># of Artifacts: ").append(reportsize).append("</li></ul>");
formatted_Report.append("<br /><table><thead><tr><th>Section</th><th>Count</th></tr></thead><tbody>");
if(countWebBookmark > 0){
if (countWebBookmark > 0) {
formatted_Report.append("<tr><td><a href=\"#bookmark\">Web Bookmarks</a></td><td>").append(countWebBookmark).append("</td></tr>");
}
if(countWebCookie > 0){
if (countWebCookie > 0) {
formatted_Report.append("<tr><td><a href=\"#cookie\">Web Cookies</a></td><td>").append(countWebCookie).append("</td></tr>");
}
if(countWebHistory > 0){
if (countWebHistory > 0) {
formatted_Report.append("<tr><td><a href=\"#history\">Web History</a></td><td>").append(countWebHistory).append("</td></tr>");
}
if(countWebDownload > 0){
if (countWebDownload > 0) {
formatted_Report.append("<tr><td><a href=\"#download\">Web Downloads</a></td><td>").append(countWebDownload).append("</td></tr>");
}
if(countRecentObjects > 0){
if (countRecentObjects > 0) {
formatted_Report.append("<tr><td><a href=\"#recent\">Recent Documents</a></td><td>").append(countRecentObjects).append("</td></tr>");
}
if(countInstalled > 0){
if (countInstalled > 0) {
formatted_Report.append("<tr><td><a href=\"#installed\">Installed Programs</a></td><td>").append(countInstalled).append("</td></tr>");
}
if(countKeyword > 0){
if (countKeyword > 0) {
formatted_Report.append("<tr><td><a href=\"#keyword\">Keyword Hits</a></td><td>").append(countKeyword).append("</td></tr>");
}
if(countHash > 0){
if (countHash > 0) {
formatted_Report.append("<tr><td><a href=\"#hash\">Hash Hits</a></td><td>").append(countHash).append("</td></tr>");
}
if(countDevice > 0){
if (countDevice > 0) {
formatted_Report.append("<tr><td><a href=\"#device\">Attached Devices</a></td><td>").append(countDevice).append("</td></tr>");
}
formatted_Report.append("</tbody></table><br />");
@ -202,19 +218,17 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
int alt = 0;
String altRow = "";
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(reportFilter.cancel == true){
for (Entry<BlackboardArtifact, ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if (reportFilter.cancel == true) {
break;
}
int cc = 0;
if(alt > 0)
{
if (alt > 0) {
altRow = " class=\"alt\"";
alt = 0;
}
else{
altRow="";
} else {
altRow = "";
alt++;
}
StringBuilder artifact = new StringBuilder("");
@ -225,32 +239,26 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
Long filesize = file.getSize();
TreeMap<Integer, String> attributes = new TreeMap<Integer,String>();
TreeMap<Integer, String> attributes = new TreeMap<Integer, String>();
// Get all the attributes, line them up to be added. Place empty string placeholders for each attribute type
int n;
for(n=1;n<=35;n++)
{
for (n = 1; n <= 35; n++) {
attributes.put(n, "");
}
for (BlackboardAttribute tempatt : entry.getValue())
{
if(reportFilter.cancel == true){
for (BlackboardAttribute tempatt : entry.getValue()) {
if (reportFilter.cancel == true) {
break;
}
String value = "";
int type = tempatt.getAttributeTypeID();
if(tempatt.getValueString() == null || "null".equals(tempatt.getValueString())){
}
else if(type == 2 || type == 33 ){
value = new java.text.SimpleDateFormat("MM/dd/yyyy HH:mm:ss").format(new java.util.Date ((tempatt.getValueLong())));
if(value == null || "".equals(value)){
if (tempatt.getValueString() == null || "null".equals(tempatt.getValueString())) {
} else if (type == 2 || type == 33) {
value = new java.text.SimpleDateFormat("MM/dd/yyyy HH:mm:ss").format(new java.util.Date((tempatt.getValueLong())));
if (value == null || "".equals(value)) {
value = tempatt.getValueString();
}
}
else
{
} else {
value = tempatt.getValueString();
}
value = reportUtils.insertPeriodically(value, "<br>", 30);
@ -259,19 +267,19 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
}
if(entry.getKey().getArtifactTypeID() == 1){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) {
artifact.append("</tr>");
nodeGen.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 2){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(3)).append("</td>");
artifact.append("<td>").append(attributes.get(4)).append("</td>");
artifact.append("</tr>");
nodeWebBookmark.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 3){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(2)).append("</td>");
artifact.append("<td>").append(attributes.get(3)).append("</td>");
@ -280,7 +288,7 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
artifact.append("</tr>");
nodeWebCookie.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 4){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(33)).append("</td>");
artifact.append("<td>").append(attributes.get(32)).append("</td>");
@ -289,7 +297,7 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
artifact.append("</tr>");
nodeWebHistory.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 5){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(8)).append("</td>");
artifact.append("<td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(33)).append("</td>");
@ -297,7 +305,7 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
artifact.append("</tr>");
nodeWebDownload.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 6){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) {
//artifact.append("<tr><td>").append(objId.toString());
artifact.append("<tr").append(altRow).append("><td><strong>").append(attributes.get(3)).append("</strong></td>");
artifact.append("<td>").append(attributes.get(8)).append("</td>");
@ -305,27 +313,25 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
artifact.append("</tr>");
nodeRecentObjects.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 7){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td>").append(objId.toString());
artifact.append("</td><td><strong>").append(file.getName().toString()).append("</strong></td>");
artifact.append("<td>").append(filesize.toString()).append("</td>");
artifact.append("</tr>");
nodeTrackPoint.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 8){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td><strong>").append(attributes.get(4)).append("</strong></td>");
artifact.append("<td>").append(attributes.get(2)).append("</td>");
artifact.append("</tr>");
nodeInstalled.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 9){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
// artifact.append("<table><thead><tr><th>Artifact ID</th><th>Name</th><th>Size</th>");
// artifact.append("</tr></table>");
// nodeKeyword.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 10){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) {
// artifact.append("<tr><td>").append(objId.toString());
artifact.append("<tr").append(altRow).append("><td><strong>").append(file.getName().toString()).append("</strong></td>");
artifact.append("<td>").append(filesize.toString()).append("</td>");
@ -334,7 +340,7 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
artifact.append("</tr>");
nodeHash.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 11){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td><strong>").append(attributes.get(18)).append("</strong></td>");
artifact.append("<td>").append(attributes.get(20)).append("</td>");
artifact.append("<td>").append(attributes.get(2)).append("</td>");
@ -347,44 +353,44 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
//Add them back in order
//formatted_Report.append(nodeGen);
// formatted_Report.append("</tbody></table>");
if(countWebBookmark > 0){
if (countWebBookmark > 0) {
formatted_Report.append(nodeWebBookmark);
formatted_Report.append("</tbody></table>");
}
if(countWebCookie > 0){
if (countWebCookie > 0) {
formatted_Report.append(nodeWebCookie);
formatted_Report.append("</tbody></table>");
}
if(countWebHistory > 0){
if (countWebHistory > 0) {
formatted_Report.append(nodeWebHistory);
formatted_Report.append("</tbody></table>");
}
if(countWebDownload > 0){
if (countWebDownload > 0) {
formatted_Report.append(nodeWebDownload);
formatted_Report.append("</tbody></table>");
}
if(countRecentObjects > 0){
if (countRecentObjects > 0) {
formatted_Report.append(nodeRecentObjects);
formatted_Report.append("</tbody></table>");
}
// formatted_Report.append(nodeTrackPoint);
//formatted_Report.append("</tbody></table>");
if(countInstalled > 0){
if (countInstalled > 0) {
formatted_Report.append(nodeInstalled);
formatted_Report.append("</tbody></table>");
}
if(countKeyword > 0){
if (countKeyword > 0) {
formatted_Report.append(nodeKeyword);
report keywords = new report();
formatted_Report.append(keywords.getGroupedKeywordHit());
// "<table><thead><tr><th>Artifact ID</th><th>Name</th><th>Size</th>
// formatted_Report.append("</tbody></table>");
}
if(countHash > 0){
if (countHash > 0) {
formatted_Report.append(nodeHash);
formatted_Report.append("</tbody></table>");
}
if(countDevice > 0){
if (countDevice > 0) {
formatted_Report.append(nodeDevice);
formatted_Report.append("</tbody></table>");
}
@ -393,20 +399,16 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
formatted_Report.append("</div></div></body></html>");
formatted_header.append(formatted_Report);
// unformatted_header.append(formatted_Report);
htmlPath = currentCase.getCaseDirectory()+"/Reports/" + caseName + "-" + datenotime + ".html";
htmlPath = currentCase.getCaseDirectory() + "/Reports/" + caseName + "-" + datenotime + ".html";
Writer out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(htmlPath), "UTF-8"));
out.write(formatted_header.toString());
out.flush();
out.close();
}
catch(Exception e)
{
} catch (Exception e) {
Logger.getLogger(reportHTML.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
}
}

2
Report/src/org/sleuthkit/autopsy/report/reportPanel.form
View File

@ -1,4 +1,4 @@
<?xml version="1.1" encoding="UTF-8" ?>
<?xml version="1.0" encoding="UTF-8" ?>
<Form version="1.5" maxVersion="1.7" type="org.netbeans.modules.form.forminfo.JPanelFormInfo">
<NonVisualComponents>

86
Report/src/org/sleuthkit/autopsy/report/reportPanel.java
View File

@ -1,20 +1,27 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
/*
* reportPanel.java
/*
*
* Created on Feb 21, 2012, 12:13:14 PM
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.awt.event.ActionListener;
import java.io.BufferedWriter;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.io.*;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
@ -30,16 +37,17 @@ import org.jdom.output.XMLOutputter;
*/
public class reportPanel extends javax.swing.JPanel {
/** Creates new form reportPanel */
public reportPanel(String report) {
/**
* Creates new form reportPanel
*/
public reportPanel() {
initComponents();
setReportWindow(report);
}
/** This method is called from within the constructor to
* initialize the form.
* WARNING: Do NOT modify this code. The content of this method is
* always regenerated by the Form Editor.
/**
* This method is called from within the constructor to initialize the form.
* WARNING: Do NOT modify this code. The content of this method is always
* regenerated by the Form Editor.
*/
@SuppressWarnings("unchecked")
// <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents
@ -102,49 +110,29 @@ private void saveReportActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FI
*
* @param e The action listener
*/
public void setjButton1ActionListener(ActionListener e){
public void setjButton1ActionListener(ActionListener e) {
jButton1.addActionListener(e);
}
public void getLink(HyperlinkEvent evt){
try{
String str = evt.getDescription();
// jEditorPane1.scrollToReference(str.substring(1));
}
catch(Exception e){
String whater = "";
}
}
public void setjEditorPane1EventListener(HyperlinkListener evt){
// jEditorPane1.addHyperlinkListener(evt);
}
private void setReportWindow(String report)
{
// jEditorPane1.setText(report);
// jEditorPane1.setCaretPosition(0);
}
public void setFinishedReportText(){
public void setFinishedReportText() {
DateFormat dateFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
Date date = new Date();
String reportText = "Report was sucessfully generated at " + dateFormat.format(date) + ".";
jLabel1.setText(reportText);
}
private void saveReportAction(){
private void saveReportAction() {
int option = jFileChooser1.showSaveDialog(this);
if(option == JFileChooser.APPROVE_OPTION){
if(jFileChooser1.getSelectedFile()!=null){
if (option == JFileChooser.APPROVE_OPTION) {
if (jFileChooser1.getSelectedFile() != null) {
String path = jFileChooser1.getSelectedFile().toString();
exportReport(path);
}
}
}
private void exportReport(String path){
private void exportReport(String path) {
String htmlpath = reportUtils.changeExtension(path, ".html");
String xmlpath = reportUtils.changeExtension(path, ".xml");
@ -168,12 +156,10 @@ private void saveReportActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FI
xmlout.flush();
xmlout.close();
JOptionPane.showMessageDialog(this, "Report has been successfully saved!");
}
catch (IOException e) {
} catch (IOException e) {
System.err.println(e);
}
}
// Variables declaration - do not modify//GEN-BEGIN:variables
private javax.swing.JButton jButton1;
private javax.swing.JFileChooser jFileChooser1;
@ -181,6 +167,4 @@ private void saveReportActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FI
private javax.swing.JOptionPane jOptionPane1;
private javax.swing.JButton saveReport;
// End of variables declaration//GEN-END:variables
}

69
Report/src/org/sleuthkit/autopsy/report/reportPanelAction.java
View File

@ -1,6 +1,22 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
@ -8,18 +24,11 @@ import java.awt.Dimension;
import java.awt.Toolkit;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.net.URL;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.logging.Level;
import javax.swing.JDialog;
import javax.swing.JFrame;
import javax.swing.SwingUtilities;
import javax.swing.event.HyperlinkEvent;
import javax.swing.event.HyperlinkListener;
import org.sleuthkit.autopsy.coreutils.Log;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
/**
*
@ -32,15 +41,14 @@ public class reportPanelAction {
}
public void reportGenerate(ArrayList<Integer> reportlist, final reportFilter rr){
public void reportGenerate(ReportConfiguration reportconfig, final reportFilter rr){
try {
//Clear any old reports in the string
viewReport.setLength(0);
// Generate the reports and create the hashmap
final HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> Results = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
report bbreport = new report();
final ReportGen report = new ReportGen();
//see what reports we need to run and run them
//Set progress bar to move while doing this
SwingUtilities.invokeLater(new Runnable() {
@ -48,21 +56,11 @@ public class reportPanelAction {
public void run() {
rr.progBarStartText();
}});
if(reportlist.contains(1)){Results.putAll(bbreport.getGenInfo());}
if(reportlist.contains(2)){Results.putAll(bbreport.getWebBookmark());}
if(reportlist.contains(3)){Results.putAll(bbreport.getWebCookie());}
if(reportlist.contains(4)){Results.putAll(bbreport.getWebHistory());}
if(reportlist.contains(5)){Results.putAll(bbreport.getWebDownload());}
if(reportlist.contains(6)){Results.putAll(bbreport.getRecentObject());}
// if(reportlist.contains(7)){Results.putAll(bbreport.getGenInfo());}
if(reportlist.contains(8)){Results.putAll(bbreport.getInstalledProg());}
if(reportlist.contains(9)){Results.putAll(bbreport.getKeywordHit());}
if(reportlist.contains(10)){Results.putAll(bbreport.getHashHit());}
if(reportlist.contains(11)){Results.putAll(bbreport.getDevices());}
report.populateReport(reportconfig);
SwingUtilities.invokeLater(new Runnable() {
@Override
public void run() {
rr.progBarCount(2*Results.size());
rr.progBarCount(2*report.Results.size());
}});
//Turn our results into the appropriate xml/html reports
//TODO: add a way for users to select what they will run when
@ -71,7 +69,7 @@ public class reportPanelAction {
@Override
public void run()
{
reportXML xmlReport = new reportXML(Results, rr);
reportXML xmlReport = new reportXML(report.Results, rr);
}
});
Thread htmlthread = new Thread(new Runnable()
@ -79,7 +77,7 @@ public class reportPanelAction {
@Override
public void run()
{
reportHTML htmlReport = new reportHTML(Results,rr);
reportHTML htmlReport = new reportHTML(report.Results,rr);
BrowserControl.openUrl(reportHTML.htmlPath);
}
});
@ -88,7 +86,7 @@ public class reportPanelAction {
@Override
public void run()
{
reportXLS xlsReport = new reportXLS(Results,rr);
reportXLS xlsReport = new reportXLS(report.Results,rr);
//
}
});
@ -110,7 +108,7 @@ public class reportPanelAction {
htmlthread.join();
//Set the temporary label to let the user know its done and is waiting on the report
rr.progBarText();
final reportPanel panel = new reportPanel(viewReport.toString());
final reportPanel panel = new reportPanel();
panel.setjButton1ActionListener(new ActionListener() {
@ -120,19 +118,6 @@ public class reportPanelAction {
popUpWindow.dispose();
}
});
panel.setjEditorPane1EventListener(new HyperlinkListener(){
@Override
public void hyperlinkUpdate(HyperlinkEvent hev) {
try {
if (hev.getEventType() == HyperlinkEvent.EventType.ACTIVATED)
panel.getLink(hev);
}
catch (Exception e) {
// Exceptions thrown...............
}
}
});
// add the panel to the popup window
popUpWindow.add(panel);

38
Report/src/org/sleuthkit/autopsy/report/reportUtils.java
View File

@ -1,6 +1,22 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
@ -10,25 +26,23 @@ package org.sleuthkit.autopsy.report;
*/
public class reportUtils {
static String changeExtension(String originalName, String newExtension) {
static String changeExtension(String originalName, String newExtension) {
int lastDot = originalName.lastIndexOf(".");
if (lastDot != -1) {
return originalName.substring(0, lastDot) + newExtension;
} else {
return originalName + newExtension;
}
}
}
public static String insertPeriodically(
String text, String insert, int period)
{
public static String insertPeriodically(
String text, String insert, int period) {
StringBuilder builder = new StringBuilder(
text.length() + insert.length() * (text.length()/period)+1);
text.length() + insert.length() * (text.length() / period) + 1);
int index = 0;
String prefix = "";
while (index < text.length())
{
while (index < text.length()) {
// Don't put the insert in the very first iteration.
// This is easier than appending it *after* each substring
builder.append(prefix);
@ -38,5 +52,5 @@ public static String insertPeriodically(
index += period;
}
return builder.toString();
}
}
}

134
Report/src/org/sleuthkit/autopsy/report/reportXLS.java
View File

@ -1,11 +1,26 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.io.FileOutputStream;
import java.io.IOException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
@ -14,27 +29,20 @@ import java.util.Date;
import java.util.HashMap;
import java.util.Map.Entry;
import java.util.TreeMap;
import org.apache.poi.ss.usermodel.Cell;
import org.apache.poi.ss.usermodel.CellStyle;
import org.apache.poi.ss.usermodel.Font;
import org.apache.poi.ss.usermodel.Row;
import org.apache.poi.ss.usermodel.Sheet;
import org.apache.poi.ss.usermodel.Workbook;
import org.apache.poi.ss.usermodel.*;
import org.apache.poi.xssf.usermodel.XSSFWorkbook;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskData;
import org.sleuthkit.datamodel.*;
/**
*
* @author Alex
*/
public class reportXLS {
public static Workbook wb = new XSSFWorkbook();
public reportXLS(HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> report, reportFilter rr){
public reportXLS(HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> report, reportFilter rr) {
//Empty the workbook first
Workbook wbtemp = new XSSFWorkbook();
@ -49,45 +57,45 @@ public class reportXLS {
int countKeyword = 0;
int countHash = 0;
int countDevice = 0;
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(entry.getKey().getArtifactTypeID() == 1){
for (Entry<BlackboardArtifact, ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) {
countGen++;
}
if(entry.getKey().getArtifactTypeID() == 2){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) {
countBookmark++;
}
if(entry.getKey().getArtifactTypeID() == 3){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) {
countCookie++;
}
if(entry.getKey().getArtifactTypeID() == 4){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) {
countHistory++;
}
if(entry.getKey().getArtifactTypeID() == 5){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) {
countDownload++;
}
if(entry.getKey().getArtifactTypeID() == 6){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) {
countRecentObjects++;
}
if(entry.getKey().getArtifactTypeID() == 7){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) {
countTrackPoint++;
}
if(entry.getKey().getArtifactTypeID() == 8){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) {
countInstalled++;
}
if(entry.getKey().getArtifactTypeID() == 9){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
countKeyword++;
}
if(entry.getKey().getArtifactTypeID() == 10){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) {
countHash++;
}
if(entry.getKey().getArtifactTypeID() == 11){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) {
countDevice++;
}
}
try{
try {
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
String caseName = currentCase.getName();
@ -120,9 +128,9 @@ public class reportXLS {
CellStyle style = wbtemp.createCellStyle();
style.setBorderBottom((short) 2);
Font font = wbtemp.createFont();
font.setFontHeightInPoints((short)16);
font.setFontHeightInPoints((short) 16);
font.setFontName("Courier New");
font.setBoldweight((short)2);
font.setBoldweight((short) 2);
style.setFont(font);
//create the rows in the worksheet for our records
//Create first row and header
@ -203,11 +211,11 @@ public class reportXLS {
sheetHistory.getRow(0).createCell(3).setCellValue("Title");
sheetHistory.getRow(0).createCell(4).setCellValue("Program");
for(int i = 0;i < wbtemp.getNumberOfSheets();i++){
for (int i = 0; i < wbtemp.getNumberOfSheets(); i++) {
Sheet tempsheet = wbtemp.getSheetAt(i);
tempsheet.setAutobreaks(true);
for (Row temprow : tempsheet){
for (Row temprow : tempsheet) {
for (Cell cell : temprow) {
cell.setCellStyle(style);
tempsheet.autoSizeColumn(cell.getColumnIndex());
@ -228,37 +236,31 @@ public class reportXLS {
int countedDevice = 0;
//start populating the sheets in the workbook
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(reportFilter.cancel == true){
for (Entry<BlackboardArtifact, ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if (reportFilter.cancel == true) {
break;
}
int cc = 0;
Long objId = entry.getKey().getObjectID();
FsContent file = skCase.getFsContentById(objId);
Long filesize = file.getSize();
TreeMap<Integer, String> attributes = new TreeMap<Integer,String>();
TreeMap<Integer, String> attributes = new TreeMap<Integer, String>();
// Get all the attributes, line them up to be added. Place empty string placeholders for each attribute type
int n;
for(n=1;n<=36;n++)
{
for (n = 1; n <= 36; n++) {
attributes.put(n, "");
}
for (BlackboardAttribute tempatt : entry.getValue())
{
if(reportFilter.cancel == true){
for (BlackboardAttribute tempatt : entry.getValue()) {
if (reportFilter.cancel == true) {
break;
}
String value = "";
int type = tempatt.getAttributeTypeID();
if(tempatt.getValueString() == null || "null".equals(tempatt.getValueString())){
}
else if(type == 2){
value = new java.text.SimpleDateFormat("MM/dd/yyyy HH:mm:ss").format(new java.util.Date ((tempatt.getValueLong())*1000));
}
else
{
if (tempatt.getValueString() == null || "null".equals(tempatt.getValueString())) {
} else if (type == 2 || type == 33) {
value = new java.text.SimpleDateFormat("MM/dd/yyyy HH:mm:ss").format(new java.util.Date((tempatt.getValueLong()) * 1000));
} else {
value = tempatt.getValueString();
}
@ -267,19 +269,19 @@ public class reportXLS {
}
if(entry.getKey().getArtifactTypeID() == 1){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) {
countedGen++;
// Row temp = sheetGen.getRow(countedGen);
}
if(entry.getKey().getArtifactTypeID() == 2){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) {
countedBookmark++;
Row temp = sheetBookmark.createRow(countedBookmark);
temp.createCell(0).setCellValue(attributes.get(1));
temp.createCell(1).setCellValue(attributes.get(3));
temp.createCell(2).setCellValue(attributes.get(4));
}
if(entry.getKey().getArtifactTypeID() == 3){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) {
countedCookie++;
Row temp = sheetCookie.createRow(countedCookie);
temp.createCell(0).setCellValue(attributes.get(1));
@ -288,7 +290,7 @@ public class reportXLS {
temp.createCell(3).setCellValue(attributes.get(6));
temp.createCell(4).setCellValue(attributes.get(4));
}
if(entry.getKey().getArtifactTypeID() == 4){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) {
countedHistory++;
Row temp = sheetHistory.createRow(countedHistory);
temp.createCell(0).setCellValue(attributes.get(1));
@ -297,7 +299,7 @@ public class reportXLS {
temp.createCell(3).setCellValue(attributes.get(3));
temp.createCell(4).setCellValue(attributes.get(4));
}
if(entry.getKey().getArtifactTypeID() == 5){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) {
countedDownload++;
Row temp = sheetDownload.createRow(countedDownload);
temp.createCell(0).setCellValue(attributes.get(8));
@ -305,7 +307,7 @@ public class reportXLS {
temp.createCell(2).setCellValue(attributes.get(33));
temp.createCell(3).setCellValue(attributes.get(4));
}
if(entry.getKey().getArtifactTypeID() == 6){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) {
countedRecentObjects++;
Row temp = sheetRecent.createRow(countedRecentObjects);
temp.createCell(0).setCellValue(attributes.get(3));
@ -313,16 +315,16 @@ public class reportXLS {
temp.createCell(2).setCellValue(file.getName());
temp.createCell(3).setCellValue(attributes.get(4));
}
if(entry.getKey().getArtifactTypeID() == 7){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) {
// sheetTrackpoint.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 8){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) {
countedInstalled++;
Row temp = sheetInstalled.createRow(countedInstalled);
temp.createCell(0).setCellValue(attributes.get(4));
temp.createCell(1).setCellValue(attributes.get(2));
}
if(entry.getKey().getArtifactTypeID() == 9){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
countedKeyword++;
Row temp = sheetKeyword.createRow(countedKeyword);
temp.createCell(0).setCellValue(attributes.get(10));
@ -330,14 +332,14 @@ public class reportXLS {
temp.createCell(2).setCellValue(attributes.get(12));
temp.createCell(3).setCellValue(attributes.get(13));
}
if(entry.getKey().getArtifactTypeID() == 10){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) {
countedHash++;
Row temp = sheetHash.createRow(countedHash);
temp.createCell(0).setCellValue(file.getName().toString());
temp.createCell(1).setCellValue(filesize.toString());
temp.createCell(2).setCellValue(attributes.get(30));
}
if(entry.getKey().getArtifactTypeID() == 11){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) {
countedDevice++;
Row temp = sheetDevice.createRow(countedDevice);
temp.createCell(0).setCellValue(attributes.get(18));
@ -353,23 +355,17 @@ public class reportXLS {
//write out the report to the reports folder
try {
FileOutputStream fos = new FileOutputStream(currentCase.getCaseDirectory()+"/Reports/" + caseName + "-" + datenotime + ".xlsx");
FileOutputStream fos = new FileOutputStream(currentCase.getCaseDirectory() + "/Reports/" + caseName + "-" + datenotime + ".xlsx");
wbtemp.write(fos);
fos.close();
wb = wbtemp;
}
catch (IOException e) {
} catch (IOException e) {
System.err.println(e);
}
}
catch(Exception E)
{
} catch (Exception E) {
String test = E.toString();
}
}
}

74
Report/src/org/sleuthkit/autopsy/report/reportXML.java
View File

@ -1,8 +1,25 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.io.FileOutputStream;
import java.io.IOException;
import java.text.DateFormat;
@ -31,10 +48,13 @@ import org.sleuthkit.datamodel.File;
import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskData;
public class reportXML {
public static Document xmldoc = new Document();
public reportXML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> report, reportFilter rr){
try{
public reportXML(HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> report, reportFilter rr) {
try {
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
String caseName = currentCase.getName();
@ -53,8 +73,7 @@ public class reportXML {
root.addContent(comment);
//Create summary node involving how many of each type
Element summary = new Element("Summary");
if(IngestManager.getDefault().isIngestRunning())
{
if (IngestManager.getDefault().isIngestRunning()) {
summary.addContent(new Element("Warning").setText("Report was run before ingest services completed!"));
}
summary.addContent(new Element("Name").setText(caseName));
@ -77,8 +96,8 @@ public class reportXML {
Element nodeDevice = new Element("Attached-Devices");
//remove bytes
Pattern INVALID_XML_CHARS = Pattern.compile("[^\\u0009\\u000A\\u000D\\u0020-\\uD7FF\\uE000-\\uFFFD\uD800\uDC00-\uDBFF\uDFFF]");
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(reportFilter.cancel == true){
for (Entry<BlackboardArtifact, ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if (reportFilter.cancel == true) {
break;
}
int cc = 0;
@ -91,12 +110,11 @@ public class reportXML {
artifact.setAttribute("Size", filesize.toString());
// Get all the attributes for this guy
for (BlackboardAttribute tempatt : entry.getValue())
{
if(reportFilter.cancel == true){
for (BlackboardAttribute tempatt : entry.getValue()) {
if (reportFilter.cancel == true) {
break;
}
Element attribute = new Element("Attribute").setAttribute("Type",tempatt.getAttributeTypeDisplayName());
Element attribute = new Element("Attribute").setAttribute("Type", tempatt.getAttributeTypeDisplayName());
String tempvalue = tempatt.getValueString();
//INVALID_XML_CHARS.matcher(tempvalue).replaceAll("");
Element value = new Element("Value").setText(tempvalue);
@ -107,44 +125,44 @@ public class reportXML {
cc++;
}
if(entry.getKey().getArtifactTypeID() == 1){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) {
//while (entry.getValue().iterator().hasNext())
// {
// }
nodeGen.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 2){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) {
nodeWebBookmark.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 3){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) {
nodeWebCookie.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 4){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) {
nodeWebHistory.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 5){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) {
nodeWebDownload.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 6){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) {
nodeRecentObjects.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 7){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) {
nodeTrackPoint.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 8){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) {
nodeInstalled.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 9){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
nodeKeyword.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 10){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) {
nodeHash.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 11){
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) {
nodeDevice.addContent(artifact);
}
cc++;
@ -166,18 +184,16 @@ public class reportXML {
root.addContent(nodeDevice);
try {
FileOutputStream out = new FileOutputStream(currentCase.getCaseDirectory()+"/Reports/" + caseName + "-" + datenotime + ".xml");
FileOutputStream out = new FileOutputStream(currentCase.getCaseDirectory() + "/Reports/" + caseName + "-" + datenotime + ".xml");
XMLOutputter serializer = new XMLOutputter();
serializer.output(xmldoc, out);
out.flush();
out.close();
}
catch (IOException e) {
} catch (IOException e) {
System.err.println(e);
}
}
catch (Exception e){
} catch (Exception e) {
Logger.getLogger(reportXML.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
}