mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' of github.com:sleuthkit/autopsy into AUT-2467_apiValidation

Browse Source
This commit is contained in:
Greg DiCristofaro 2023-09-01 06:56:35 -04:00
commit 18de6d9607
16 changed files with 129 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Core/build.xml
View File

@ -134,8 +134,8 @@
<property environment="env"/>
<copy file="${env.TSK_HOME}/bindings/java/dist/sleuthkit-${TSK_VERSION}.jar"
tofile="${ext.dir}/sleuthkit-${TSK_VERSION}.jar"/>
<copy file="${env.TSK_HOME}/bindings/java/lib/sqlite-jdbc-3.42.0.0.jar"
tofile="${ext.dir}/sqlite-jdbc-3.42.0.0.jar"/>
<copy file="${env.TSK_HOME}/bindings/java/lib/sqlite-jdbc-3.42.0.1.jar"
tofile="${ext.dir}/sqlite-jdbc-3.42.0.1.jar"/>
<copy file="${env.TSK_HOME}/bindings/java/lib/postgresql-42.3.5.jar"
tofile="${ext.dir}/postgresql-42.3.5.jar"/>
<copy file="${env.TSK_HOME}/bindings/java/lib/c3p0-0.9.5.5.jar"

2
Core/nbproject/project.properties
View File

@ -91,7 +91,7 @@ file.reference.slf4j-api-1.7.36.jar=release/modules/ext/slf4j-api-1.7.36.jar
file.reference.snakeyaml-2.0.jar=release/modules/ext/snakeyaml-2.0.jar
file.reference.SparseBitSet-1.1.jar=release/modules/ext/SparseBitSet-1.1.jar
file.reference.spotbugs-annotations-4.6.0.jar=release/modules/ext/spotbugs-annotations-4.6.0.jar
file.reference.sqlite-jdbc-3.42.0.0.jar=release/modules/ext/sqlite-jdbc-3.42.0.0.jar
file.reference.sqlite-jdbc-3.42.0.1.jar=release/modules/ext/sqlite-jdbc-3.42.0.1.jar
file.reference.txw2-2.3.3.jar=release/modules/ext/txw2-2.3.3.jar
file.reference.xalan-2.7.2.jar=release/modules/ext/xalan-2.7.2.jar
file.reference.xml-apis-1.4.01.jar=release/modules/ext/xml-apis-1.4.01.jar

4
Core/nbproject/project.xml
View File

@ -742,8 +742,8 @@
<binary-origin>release/modules/ext/spotbugs-annotations-4.6.0.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/sqlite-jdbc-3.42.0.0.jar</runtime-relative-path>
<binary-origin>release/modules/ext/sqlite-jdbc-3.42.0.0.jar</binary-origin>
<runtime-relative-path>ext/sqlite-jdbc-3.42.0.1.jar</runtime-relative-path>
<binary-origin>release/modules/ext/sqlite-jdbc-3.42.0.1.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/txw2-2.3.3.jar</runtime-relative-path>

2
Core/src/com/basistech/df/cybertriage/autopsy/ctoptions/ctcloud/Bundle.properties
View File

@ -6,7 +6,7 @@ CTLicenseDialog.title=Add a License...
CTLicenseDialog.licenseNumberLabel.text=License Number:
CTLicenseDialog.licenseNumberTextField.text=
CTLicenseDialog.cancelButton.text=Cancel
CTLicenseDialog.okButton.text=Ok
CTLicenseDialog.okButton.text=OK
CTLicenseDialog.warningLabel.text=
CTMalwareScannerOptionsPanel.hashLookupsRemainingLabel.text=
CTMalwareScannerOptionsPanel.countersResetLabel.text=

2
Core/src/com/basistech/df/cybertriage/autopsy/ctoptions/ctcloud/Bundle.properties-MERGED
View File

@ -6,7 +6,7 @@ CTLicenseDialog.title=Add a License...
CTLicenseDialog.licenseNumberLabel.text=License Number:
CTLicenseDialog.licenseNumberTextField.text=
CTLicenseDialog.cancelButton.text=Cancel
CTLicenseDialog.okButton.text=Ok
CTLicenseDialog.okButton.text=OK
CTLicenseDialog.warningLabel.text=
CTLicenseDialog_verifyInput_licenseNumberError=<html>Please enter a license number</html>
CTMalwareScannerOptionsPanel.hashLookupsRemainingLabel.text=

99
Core/src/com/basistech/df/cybertriage/autopsy/ctoptions/ctcloud/CTLicenseDialog.form
View File

@ -23,7 +23,7 @@
<AuxValue name="FormSettings_listenerGenerationStyle" type="java.lang.Integer" value="0"/>
<AuxValue name="FormSettings_variablesLocal" type="java.lang.Boolean" value="false"/>
<AuxValue name="FormSettings_variablesModifier" type="java.lang.Integer" value="2"/>
<AuxValue name="designerSize" type="java.awt.Dimension" value="-84,-19,0,5,115,114,0,18,106,97,118,97,46,97,119,116,46,68,105,109,101,110,115,105,111,110,65,-114,-39,-41,-84,95,68,20,2,0,2,73,0,6,104,101,105,103,104,116,73,0,5,119,105,100,116,104,120,112,0,0,0,122,0,0,1,-19"/>
<AuxValue name="designerSize" type="java.awt.Dimension" value="-84,-19,0,5,115,114,0,18,106,97,118,97,46,97,119,116,46,68,105,109,101,110,115,105,111,110,65,-114,-39,-41,-84,95,68,20,2,0,2,73,0,6,104,101,105,103,104,116,73,0,5,119,105,100,116,104,120,112,0,0,0,-106,0,0,2,81"/>
</AuxValues>
<Layout class="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout"/>
@ -44,6 +44,21 @@
</Constraint>
</Constraints>
</Component>
<Component class="javax.swing.JTextField" name="licenseNumberTextField">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="com/basistech/df/cybertriage/autopsy/ctoptions/ctcloud/Bundle.properties" key="CTLicenseDialog.licenseNumberTextField.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="toolTipText" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="com/basistech/df/cybertriage/autopsy/ctoptions/ctcloud/Bundle.properties" key="CTLicenseDialog.licenseNumberTextField.toolTipText" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
<Constraints>
<Constraint layoutClass="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout" value="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout$GridBagConstraintsDescription">
<GridBagConstraints gridX="0" gridY="1" gridWidth="3" gridHeight="1" fill="2" ipadX="0" ipadY="0" insetsTop="0" insetsLeft="5" insetsBottom="5" insetsRight="5" anchor="10" weightX="0.0" weightY="0.0"/>
</Constraint>
</Constraints>
</Component>
<Component class="javax.swing.JLabel" name="warningLabel">
<Properties>
<Property name="foreground" type="java.awt.Color" editor="org.netbeans.modules.form.RADConnectionPropertyEditor">
@ -92,50 +107,50 @@
</DimensionLayout>
</Layout>
</Container>
<Component class="javax.swing.JButton" name="okButton">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="com/basistech/df/cybertriage/autopsy/ctoptions/ctcloud/Bundle.properties" key="CTLicenseDialog.okButton.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
<Events>
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="okButtonActionPerformed"/>
</Events>
<Container class="javax.swing.JPanel" name="buttonPanel">
<AuxValues>
<AuxValue name="JavaCodeGenerator_VariableLocal" type="java.lang.Boolean" value="true"/>
<AuxValue name="JavaCodeGenerator_VariableModifier" type="java.lang.Integer" value="0"/>
</AuxValues>
<Constraints>
<Constraint layoutClass="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout" value="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout$GridBagConstraintsDescription">
<GridBagConstraints gridX="2" gridY="3" gridWidth="1" gridHeight="1" fill="0" ipadX="0" ipadY="0" insetsTop="0" insetsLeft="5" insetsBottom="5" insetsRight="5" anchor="18" weightX="0.0" weightY="0.0"/>
<GridBagConstraints gridX="1" gridY="3" gridWidth="2" gridHeight="1" fill="0" ipadX="0" ipadY="0" insetsTop="0" insetsLeft="0" insetsBottom="0" insetsRight="0" anchor="10" weightX="0.0" weightY="0.0"/>
</Constraint>
</Constraints>
</Component>
<Component class="javax.swing.JButton" name="cancelButton">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="com/basistech/df/cybertriage/autopsy/ctoptions/ctcloud/Bundle.properties" key="CTLicenseDialog.cancelButton.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
<Events>
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="cancelButtonActionPerformed"/>
</Events>
<Constraints>
<Constraint layoutClass="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout" value="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout$GridBagConstraintsDescription">
<GridBagConstraints gridX="1" gridY="3" gridWidth="1" gridHeight="1" fill="0" ipadX="0" ipadY="0" insetsTop="0" insetsLeft="5" insetsBottom="5" insetsRight="5" anchor="18" weightX="0.0" weightY="0.0"/>
</Constraint>
</Constraints>
</Component>
<Component class="javax.swing.JTextField" name="licenseNumberTextField">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="com/basistech/df/cybertriage/autopsy/ctoptions/ctcloud/Bundle.properties" key="CTLicenseDialog.licenseNumberTextField.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="toolTipText" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="com/basistech/df/cybertriage/autopsy/ctoptions/ctcloud/Bundle.properties" key="CTLicenseDialog.licenseNumberTextField.toolTipText" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
<Constraints>
<Constraint layoutClass="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout" value="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout$GridBagConstraintsDescription">
<GridBagConstraints gridX="0" gridY="1" gridWidth="3" gridHeight="1" fill="2" ipadX="0" ipadY="0" insetsTop="0" insetsLeft="5" insetsBottom="5" insetsRight="5" anchor="10" weightX="0.0" weightY="0.0"/>
</Constraint>
</Constraints>
</Component>
<Layout class="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout"/>
<SubComponents>
<Component class="javax.swing.JButton" name="okButton">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="com/basistech/df/cybertriage/autopsy/ctoptions/ctcloud/Bundle.properties" key="CTLicenseDialog.okButton.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
<Events>
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="okButtonActionPerformed"/>
</Events>
<Constraints>
<Constraint layoutClass="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout" value="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout$GridBagConstraintsDescription">
<GridBagConstraints gridX="0" gridY="0" gridWidth="1" gridHeight="1" fill="2" ipadX="0" ipadY="0" insetsTop="0" insetsLeft="5" insetsBottom="10" insetsRight="5" anchor="18" weightX="1.0" weightY="0.0"/>
</Constraint>
</Constraints>
</Component>
<Component class="javax.swing.JButton" name="cancelButton">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="com/basistech/df/cybertriage/autopsy/ctoptions/ctcloud/Bundle.properties" key="CTLicenseDialog.cancelButton.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
<Events>
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="cancelButtonActionPerformed"/>
</Events>
<Constraints>
<Constraint layoutClass="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout" value="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout$GridBagConstraintsDescription">
<GridBagConstraints gridX="1" gridY="0" gridWidth="1" gridHeight="1" fill="2" ipadX="0" ipadY="0" insetsTop="0" insetsLeft="0" insetsBottom="10" insetsRight="10" anchor="18" weightX="1.0" weightY="0.0"/>
</Constraint>
</Constraints>
</Component>
</SubComponents>
</Container>
</SubComponents>
</Form>

54
Core/src/com/basistech/df/cybertriage/autopsy/ctoptions/ctcloud/CTLicenseDialog.java
View File

@ -58,6 +58,11 @@ class CTLicenseDialog extends javax.swing.JDialog {
verifyInput();
}
});
// set ok button as primary button
this.getRootPane().setDefaultButton(okButton);
// request focus for entering license string
this.licenseNumberTextField.requestFocusInWindow();
}
private void configureHintText() {
@ -99,11 +104,12 @@ class CTLicenseDialog extends javax.swing.JDialog {
java.awt.GridBagConstraints gridBagConstraints;
javax.swing.JLabel licenseNumberLabel = new javax.swing.JLabel();
licenseNumberTextField = new javax.swing.JTextField();
warningLabel = new javax.swing.JLabel();
javax.swing.JPanel buttonPadding = new javax.swing.JPanel();
javax.swing.JPanel buttonPanel = new javax.swing.JPanel();
okButton = new javax.swing.JButton();
cancelButton = new javax.swing.JButton();
licenseNumberTextField = new javax.swing.JTextField();
setDefaultCloseOperation(javax.swing.WindowConstants.DISPOSE_ON_CLOSE);
setTitle(org.openide.util.NbBundle.getMessage(CTLicenseDialog.class, "CTLicenseDialog.title")); // NOI18N
@ -121,6 +127,16 @@ class CTLicenseDialog extends javax.swing.JDialog {
gridBagConstraints.insets = new java.awt.Insets(5, 5, 5, 5);
getContentPane().add(licenseNumberLabel, gridBagConstraints);
licenseNumberTextField.setText(org.openide.util.NbBundle.getMessage(CTLicenseDialog.class, "CTLicenseDialog.licenseNumberTextField.text")); // NOI18N
licenseNumberTextField.setToolTipText(org.openide.util.NbBundle.getMessage(CTLicenseDialog.class, "CTLicenseDialog.licenseNumberTextField.toolTipText")); // NOI18N
gridBagConstraints = new java.awt.GridBagConstraints();
gridBagConstraints.gridx = 0;
gridBagConstraints.gridy = 1;
gridBagConstraints.gridwidth = 3;
gridBagConstraints.fill = java.awt.GridBagConstraints.HORIZONTAL;
gridBagConstraints.insets = new java.awt.Insets(0, 5, 5, 5);
getContentPane().add(licenseNumberTextField, gridBagConstraints);
warningLabel.setForeground(java.awt.Color.RED);
org.openide.awt.Mnemonics.setLocalizedText(warningLabel, org.openide.util.NbBundle.getMessage(CTLicenseDialog.class, "CTLicenseDialog.warningLabel.text")); // NOI18N
warningLabel.setMaximumSize(new java.awt.Dimension(419, 36));
@ -151,6 +167,8 @@ class CTLicenseDialog extends javax.swing.JDialog {
gridBagConstraints.weightx = 1.0;
getContentPane().add(buttonPadding, gridBagConstraints);
buttonPanel.setLayout(new java.awt.GridBagLayout());
org.openide.awt.Mnemonics.setLocalizedText(okButton, org.openide.util.NbBundle.getMessage(CTLicenseDialog.class, "CTLicenseDialog.okButton.text")); // NOI18N
okButton.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
@ -158,11 +176,13 @@ class CTLicenseDialog extends javax.swing.JDialog {
}
});
gridBagConstraints = new java.awt.GridBagConstraints();
gridBagConstraints.gridx = 2;
gridBagConstraints.gridy = 3;
gridBagConstraints.gridx = 0;
gridBagConstraints.gridy = 0;
gridBagConstraints.fill = java.awt.GridBagConstraints.HORIZONTAL;
gridBagConstraints.anchor = java.awt.GridBagConstraints.NORTHWEST;
gridBagConstraints.insets = new java.awt.Insets(0, 5, 5, 5);
getContentPane().add(okButton, gridBagConstraints);
gridBagConstraints.weightx = 1.0;
gridBagConstraints.insets = new java.awt.Insets(0, 5, 10, 5);
buttonPanel.add(okButton, gridBagConstraints);
org.openide.awt.Mnemonics.setLocalizedText(cancelButton, org.openide.util.NbBundle.getMessage(CTLicenseDialog.class, "CTLicenseDialog.cancelButton.text")); // NOI18N
cancelButton.addActionListener(new java.awt.event.ActionListener() {
@ -172,20 +192,18 @@ class CTLicenseDialog extends javax.swing.JDialog {
});
gridBagConstraints = new java.awt.GridBagConstraints();
gridBagConstraints.gridx = 1;
gridBagConstraints.gridy = 3;
gridBagConstraints.anchor = java.awt.GridBagConstraints.NORTHWEST;
gridBagConstraints.insets = new java.awt.Insets(0, 5, 5, 5);
getContentPane().add(cancelButton, gridBagConstraints);
licenseNumberTextField.setText(org.openide.util.NbBundle.getMessage(CTLicenseDialog.class, "CTLicenseDialog.licenseNumberTextField.text")); // NOI18N
licenseNumberTextField.setToolTipText(org.openide.util.NbBundle.getMessage(CTLicenseDialog.class, "CTLicenseDialog.licenseNumberTextField.toolTipText")); // NOI18N
gridBagConstraints = new java.awt.GridBagConstraints();
gridBagConstraints.gridx = 0;
gridBagConstraints.gridy = 1;
gridBagConstraints.gridwidth = 3;
gridBagConstraints.gridy = 0;
gridBagConstraints.fill = java.awt.GridBagConstraints.HORIZONTAL;
gridBagConstraints.insets = new java.awt.Insets(0, 5, 5, 5);
getContentPane().add(licenseNumberTextField, gridBagConstraints);
gridBagConstraints.anchor = java.awt.GridBagConstraints.NORTHWEST;
gridBagConstraints.weightx = 1.0;
gridBagConstraints.insets = new java.awt.Insets(0, 0, 10, 10);
buttonPanel.add(cancelButton, gridBagConstraints);
gridBagConstraints = new java.awt.GridBagConstraints();
gridBagConstraints.gridx = 1;
gridBagConstraints.gridy = 3;
gridBagConstraints.gridwidth = 2;
getContentPane().add(buttonPanel, gridBagConstraints);
pack();
}// </editor-fold>//GEN-END:initComponents

10
Core/src/com/basistech/df/cybertriage/autopsy/malwarescan/MalwareScanIngestModule.java
View File

@ -134,8 +134,7 @@ class MalwareScanIngestModule implements FileIngestModule {
"application/x-msdos-program"//NON-NLS
).collect(Collectors.toSet());
private static final String MALWARE_TYPE_NAME = "TSK_MALWARE";
private static final String MALWARE_CONFIG = "Cyber Triage Cloud";
private static final String MALWARE_CONFIG = ""; // NOTE: Adding a configuration complicates NTL branch UI
private static final Logger logger = Logger.getLogger(MalwareScanIngestModule.class.getName());
@ -235,18 +234,13 @@ class MalwareScanIngestModule implements FileIngestModule {
// setup necessary variables for processing
SleuthkitCase tskCase = Case.getCurrentCaseThrows().getSleuthkitCase();
BlackboardArtifact.Type malwareType = tskCase.getBlackboard().getOrAddArtifactType(
MALWARE_TYPE_NAME,
Bundle.MalwareScanIngestModule_malwareTypeDisplayName(),
BlackboardArtifact.Category.ANALYSIS_RESULT);
return new IngestJobState(
context,
tskCase,
new PathNormalizer(tskCase),
new FileTypeDetector(),
licenseInfoOpt.get(),
malwareType,
BlackboardArtifact.Type.TSK_MALWARE,
uploadFiles,
true
);

18
Core/src/org/sleuthkit/autopsy/datamodel/Artifacts.java
View File

@ -64,6 +64,7 @@ import static org.sleuthkit.datamodel.BlackboardArtifact.Type.TSK_INTERESTING_IT
import static org.sleuthkit.datamodel.BlackboardArtifact.Type.TSK_TL_EVENT;
import static org.sleuthkit.datamodel.BlackboardArtifact.Type.TSK_ASSOCIATED_OBJECT;
import static org.sleuthkit.datamodel.BlackboardArtifact.Type.TSK_KEYWORD_HIT;
import static org.sleuthkit.datamodel.BlackboardArtifact.Type.TSK_MALWARE;
/**
* Classes for creating nodes for BlackboardArtifacts.
@ -73,10 +74,6 @@ public class Artifacts {
private static final Set<IngestManager.IngestJobEvent> INGEST_JOB_EVENTS_OF_INTEREST
= EnumSet.of(IngestManager.IngestJobEvent.COMPLETED, IngestManager.IngestJobEvent.CANCELLED);
// this is currently a custom TSK artifact type, created in MalwareScanIngestModule
private static BlackboardArtifact.Type MALWARE_ARTIFACT_TYPE = null;
private static final String MALWARE_HITS = "TSK_MALWARE";
/**
* Base class for a parent node of artifacts.
*/
@ -247,15 +244,6 @@ public class Artifacts {
@SuppressWarnings("deprecation")
private static TypeNodeKey getTypeKey(BlackboardArtifact.Type type, SleuthkitCase skCase, long dsObjId) {
// Get the custom TSK_MALWARE artifact type from case database
if (MALWARE_ARTIFACT_TYPE == null) {
try {
MALWARE_ARTIFACT_TYPE = skCase.getArtifactType(MALWARE_HITS);
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Unable to get TSK_MALWARE artifact type from database : ", ex); //NON-NLS
}
}
int typeId = type.getTypeID();
if (TSK_EMAIL_MSG.getTypeID() == typeId) {
EmailExtracted.RootNode emailNode = new EmailExtracted(skCase, dsObjId).new RootNode();
@ -281,9 +269,9 @@ public class Artifacts {
} else if (TSK_HASHSET_HIT.getTypeID() == typeId) {
HashsetHits.RootNode hashsetHits = new HashsetHits(skCase, dsObjId).new RootNode();
return new TypeNodeKey(hashsetHits, TSK_HASHSET_HIT);
} else if (MALWARE_ARTIFACT_TYPE != null && MALWARE_ARTIFACT_TYPE.getTypeID() == typeId) {
} else if (TSK_MALWARE.getTypeID() == typeId) {
MalwareHits.RootNode malwareHits = new MalwareHits(skCase, dsObjId).new RootNode();
return new TypeNodeKey(malwareHits, MALWARE_ARTIFACT_TYPE);
return new TypeNodeKey(malwareHits, TSK_MALWARE);
} else {
return new TypeNodeKey(type, dsObjId);
}

32
Core/src/org/sleuthkit/autopsy/datamodel/MalwareHits.java
View File

@ -44,12 +44,12 @@ import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery;
import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.autopsy.datamodel.Artifacts.UpdatableCountTypeNode;
import org.sleuthkit.datamodel.AnalysisResult;
import static org.sleuthkit.datamodel.BlackboardArtifact.Type.TSK_MALWARE;
import org.sleuthkit.datamodel.Score;
/**
@ -57,9 +57,6 @@ import org.sleuthkit.datamodel.Score;
*/
public class MalwareHits implements AutopsyVisitableItem {
private static final String MALWARE_HITS = "TSK_MALWARE"; // this is currently a custom TSK artifact type, created in MalwareScanIngestModule
private static BlackboardArtifact.Type MALWARE_ARTIFACT_TYPE = null;
private static String DISPLAY_NAME;
private static final Logger logger = Logger.getLogger(MalwareHits.class.getName());
private static final Set<IngestManager.IngestJobEvent> INGEST_JOB_EVENTS_OF_INTEREST = EnumSet.of(IngestManager.IngestJobEvent.COMPLETED, IngestManager.IngestJobEvent.CANCELLED);
private static final Set<IngestManager.IngestModuleEvent> INGEST_MODULE_EVENTS_OF_INTEREST = EnumSet.of(IngestManager.IngestModuleEvent.DATA_ADDED);
@ -126,20 +123,9 @@ public class MalwareHits implements AutopsyVisitableItem {
return;
}
// Get the custom TSK_MALWARE artifact type from case database
if (MALWARE_ARTIFACT_TYPE == null) {
try {
MALWARE_ARTIFACT_TYPE = skCase.getArtifactType(MALWARE_HITS);
DISPLAY_NAME = MALWARE_ARTIFACT_TYPE.getDisplayName();
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Unable to get TSK_MALWARE artifact type from database : ", ex); //NON-NLS
return;
}
}
String query = "SELECT blackboard_artifacts.artifact_obj_id " //NON-NLS
+ "FROM blackboard_artifacts,tsk_analysis_results WHERE " //NON-NLS
+ "blackboard_artifacts.artifact_type_id=" + MALWARE_ARTIFACT_TYPE.getTypeID() //NON-NLS
+ "blackboard_artifacts.artifact_type_id=" + TSK_MALWARE.getTypeID() //NON-NLS
+ " AND tsk_analysis_results.artifact_obj_id=blackboard_artifacts.artifact_obj_id" //NON-NLS
+ " AND (tsk_analysis_results.significance=" + Score.Significance.NOTABLE.getId() //NON-NLS
+ " OR tsk_analysis_results.significance=" + Score.Significance.LIKELY_NOTABLE.getId() + " )"; //NON-NLS
@ -182,7 +168,7 @@ public class MalwareHits implements AutopsyVisitableItem {
* oldValue if the event is a remote event.
*/
ModuleDataEvent eventData = (ModuleDataEvent) evt.getOldValue();
if (null != eventData && eventData.getBlackboardArtifactType().getTypeID() == MALWARE_ARTIFACT_TYPE.getTypeID()) {
if (null != eventData && eventData.getBlackboardArtifactType().getTypeID() == TSK_MALWARE.getTypeID()) {
malwareResults.update();
}
} catch (NoCurrentCaseException notUsed) {
@ -248,13 +234,13 @@ public class MalwareHits implements AutopsyVisitableItem {
public class RootNode extends UpdatableCountTypeNode {
public RootNode() {
super(Children.create(new HitFactory(DISPLAY_NAME), true),
Lookups.singleton(DISPLAY_NAME),
DISPLAY_NAME,
super(Children.create(new HitFactory(TSK_MALWARE.getDisplayName()), true),
Lookups.singleton(TSK_MALWARE.getDisplayName()),
TSK_MALWARE.getDisplayName(),
filteringDSObjId,
MALWARE_ARTIFACT_TYPE);
TSK_MALWARE);
super.setName(MALWARE_HITS);
super.setName(TSK_MALWARE.getTypeName());
// TODO make an icon
this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/artifact-icon.png");
}
@ -297,7 +283,7 @@ public class MalwareHits implements AutopsyVisitableItem {
*/
@Override
void updateDisplayName() {
super.setDisplayName(DISPLAY_NAME + " (" + malwareResults.getArtifactIds().size() + ")");
super.setDisplayName(TSK_MALWARE.getDisplayName() + " (" + malwareResults.getArtifactIds().size() + ")");
}
}

2
ImageGallery/nbproject/project.properties
View File

@ -1,4 +1,4 @@
file.reference.sqlite-jdbc-3.42.0.0.jar=release/modules/ext/sqlite-jdbc-3.42.0.0.jar
file.reference.sqlite-jdbc-3.42.0.1.jar=release/modules/ext/sqlite-jdbc-3.42.0.1.jar
javac.source=17
javac.compilerargs=-Xlint -Xlint:-serial
license.file=LICENSE-2.0.txt

4
ImageGallery/nbproject/project.xml
View File

@ -142,8 +142,8 @@
</module-dependencies>
<public-packages/>
<class-path-extension>
<runtime-relative-path>ext/sqlite-jdbc-3.42.0.0.jar</runtime-relative-path>
<binary-origin>release/modules/ext/sqlite-jdbc-3.42.0.0.jar</binary-origin>
<runtime-relative-path>ext/sqlite-jdbc-3.42.0.1.jar</runtime-relative-path>
<binary-origin>release/modules/ext/sqlite-jdbc-3.42.0.1.jar</binary-origin>
</class-path-extension>
</data>
</configuration>

2
RecentActivity/nbproject/project.properties
View File

@ -1,6 +1,6 @@
javac.source=17
file.reference.Rejistry-1.1-SNAPSHOT.jar=release/modules/ext/Rejistry-1.1-SNAPSHOT.jar
file.reference.sqlite-jdbc-3.42.0.0.jar=release/modules/ext/sqlite-jdbc-3.42.0.0.jar
file.reference.sqlite-jdbc-3.42.0.1.jar=release/modules/ext/sqlite-jdbc-3.42.0.1.jar
javac.compilerargs=-Xlint -Xlint:-serial
license.file=../LICENSE-2.0.txt
nbm.homepage=http://www.sleuthkit.org/autopsy/

4
RecentActivity/nbproject/project.xml
View File

@ -88,8 +88,8 @@
<binary-origin>release/modules/ext/Rejistry-1.1-SNAPSHOT.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/sqlite-jdbc-3.42.0.0.jar</runtime-relative-path>
<binary-origin>release/modules/ext/sqlite-jdbc-3.42.0.0.jar</binary-origin>
<runtime-relative-path>ext/sqlite-jdbc-3.42.0.1.jar</runtime-relative-path>
<binary-origin>release/modules/ext/sqlite-jdbc-3.42.0.1.jar</binary-origin>
</class-path-extension>
</data>
</configuration>

14
docs/doxygen-user/ct_malware_scanner.dox
View File

@ -13,17 +13,19 @@ For more information on what the module does or obtaining a license, refer to [C
Configuration
=======
==============
You will need to first get a paid or eval license from the above URL. The code will come in via email. Example license formats include:
* AUT-8ed86eb5-17fc-4b3a-9b75-ce638c11b070
* b826a555-951f-42ca-86ce-439a81106688
Once you have a license, you must add it on the Options panel. Choose the 'Cyber Triage' tab and choose 'Add License'.
- AUT-8ed86eb5-17fc-4b3a-9b75-ce638c11b070
- b826a555-951f-42ca-86ce-439a81106688
Once you have a license, you must add it on the Autopsy Options panel.
Choose the 'Cyber Triage' tab and choose 'Add License'.
\image html malware-scanner-global-options-panel-no-license.png
After you enter the license number that you should have received from your email, you will then need to review and agree to the license terms.
After you enter the license number from your email, you will then need to review and agree to the license terms.
The options panel should now display information about the lookup limits. You can always refer back to here about what your limits are and when they reset.
@ -38,7 +40,7 @@ Using the Module
Ingest Settings
------
For each data source, you select if you want files to be uploaded if they have not already been analyzed. By default, they are uploaded. You can choose to not upload them though.
For each data source, you select if you want files to be uploaded if they have not already been analyzed. By default, they are uploaded. You can choose to not upload them though. Refer to the main [website](https://cybertriage.com/autopsy-malware-module) for details on what happens when files are uploaded.
\image html malware-scanner-ingest-panel.png

2
docs/doxygen-user/footer.html
View File

@ -1,5 +1,5 @@
<hr/>
<p><i>Copyright &#169; 2012-2022 Basis Technology. Generated on $date<br/>
<p><i>Copyright &#169; 2012-2023 BasisTech. Generated on $date<br/>
This work is licensed under a
<a rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/us/">Creative Commons Attribution-Share Alike 3.0 United States License</a>.
</i></p>