mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-06 21:00:22 +00:00
Merge branch 'develop' of github.com:sleuthkit/autopsy into AUT-2467_apiValidation
This commit is contained in:
Greg DiCristofaro
commit
18de6d9607
@ -134,8 +134,8 @@
|
||||
<property environment="env"/>
|
||||
<copy file="${env.TSK_HOME}/bindings/java/dist/sleuthkit-${TSK_VERSION}.jar"
|
||||
tofile="${ext.dir}/sleuthkit-${TSK_VERSION}.jar"/>
|
||||
<copy file="${env.TSK_HOME}/bindings/java/lib/sqlite-jdbc-3.42.0.0.jar"
|
||||
tofile="${ext.dir}/sqlite-jdbc-3.42.0.0.jar"/>
|
||||
<copy file="${env.TSK_HOME}/bindings/java/lib/sqlite-jdbc-3.42.0.1.jar"
|
||||
tofile="${ext.dir}/sqlite-jdbc-3.42.0.1.jar"/>
|
||||
<copy file="${env.TSK_HOME}/bindings/java/lib/postgresql-42.3.5.jar"
|
||||
tofile="${ext.dir}/postgresql-42.3.5.jar"/>
|
||||
<copy file="${env.TSK_HOME}/bindings/java/lib/c3p0-0.9.5.5.jar"
|
||||
|
||||
@ -91,7 +91,7 @@ file.reference.slf4j-api-1.7.36.jar=release/modules/ext/slf4j-api-1.7.36.jar
|
||||
file.reference.snakeyaml-2.0.jar=release/modules/ext/snakeyaml-2.0.jar
|
||||
file.reference.SparseBitSet-1.1.jar=release/modules/ext/SparseBitSet-1.1.jar
|
||||
file.reference.spotbugs-annotations-4.6.0.jar=release/modules/ext/spotbugs-annotations-4.6.0.jar
|
||||
file.reference.sqlite-jdbc-3.42.0.0.jar=release/modules/ext/sqlite-jdbc-3.42.0.0.jar
|
||||
file.reference.sqlite-jdbc-3.42.0.1.jar=release/modules/ext/sqlite-jdbc-3.42.0.1.jar
|
||||
file.reference.txw2-2.3.3.jar=release/modules/ext/txw2-2.3.3.jar
|
||||
file.reference.xalan-2.7.2.jar=release/modules/ext/xalan-2.7.2.jar
|
||||
file.reference.xml-apis-1.4.01.jar=release/modules/ext/xml-apis-1.4.01.jar
|
||||
|
||||
@ -742,8 +742,8 @@
|
||||
<binary-origin>release/modules/ext/spotbugs-annotations-4.6.0.jar</binary-origin>
|
||||
</class-path-extension>
|
||||
<class-path-extension>
|
||||
<runtime-relative-path>ext/sqlite-jdbc-3.42.0.0.jar</runtime-relative-path>
|
||||
<binary-origin>release/modules/ext/sqlite-jdbc-3.42.0.0.jar</binary-origin>
|
||||
<runtime-relative-path>ext/sqlite-jdbc-3.42.0.1.jar</runtime-relative-path>
|
||||
<binary-origin>release/modules/ext/sqlite-jdbc-3.42.0.1.jar</binary-origin>
|
||||
</class-path-extension>
|
||||
<class-path-extension>
|
||||
<runtime-relative-path>ext/txw2-2.3.3.jar</runtime-relative-path>
|
||||
|
||||
@ -6,7 +6,7 @@ CTLicenseDialog.title=Add a License...
|
||||
CTLicenseDialog.licenseNumberLabel.text=License Number:
|
||||
CTLicenseDialog.licenseNumberTextField.text=
|
||||
CTLicenseDialog.cancelButton.text=Cancel
|
||||
CTLicenseDialog.okButton.text=Ok
|
||||
CTLicenseDialog.okButton.text=OK
|
||||
CTLicenseDialog.warningLabel.text=
|
||||
CTMalwareScannerOptionsPanel.hashLookupsRemainingLabel.text=
|
||||
CTMalwareScannerOptionsPanel.countersResetLabel.text=
|
||||
|
||||
@ -6,7 +6,7 @@ CTLicenseDialog.title=Add a License...
|
||||
CTLicenseDialog.licenseNumberLabel.text=License Number:
|
||||
CTLicenseDialog.licenseNumberTextField.text=
|
||||
CTLicenseDialog.cancelButton.text=Cancel
|
||||
CTLicenseDialog.okButton.text=Ok
|
||||
CTLicenseDialog.okButton.text=OK
|
||||
CTLicenseDialog.warningLabel.text=
|
||||
CTLicenseDialog_verifyInput_licenseNumberError=<html>Please enter a license number</html>
|
||||
CTMalwareScannerOptionsPanel.hashLookupsRemainingLabel.text=
|
||||
|
||||
@ -23,7 +23,7 @@
|
||||
<AuxValue name="FormSettings_listenerGenerationStyle" type="java.lang.Integer" value="0"/>
|
||||
<AuxValue name="FormSettings_variablesLocal" type="java.lang.Boolean" value="false"/>
|
||||
<AuxValue name="FormSettings_variablesModifier" type="java.lang.Integer" value="2"/>
|
||||
<AuxValue name="designerSize" type="java.awt.Dimension" value="-84,-19,0,5,115,114,0,18,106,97,118,97,46,97,119,116,46,68,105,109,101,110,115,105,111,110,65,-114,-39,-41,-84,95,68,20,2,0,2,73,0,6,104,101,105,103,104,116,73,0,5,119,105,100,116,104,120,112,0,0,0,122,0,0,1,-19"/>
|
||||
<AuxValue name="designerSize" type="java.awt.Dimension" value="-84,-19,0,5,115,114,0,18,106,97,118,97,46,97,119,116,46,68,105,109,101,110,115,105,111,110,65,-114,-39,-41,-84,95,68,20,2,0,2,73,0,6,104,101,105,103,104,116,73,0,5,119,105,100,116,104,120,112,0,0,0,-106,0,0,2,81"/>
|
||||
</AuxValues>
|
||||
|
||||
<Layout class="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout"/>
|
||||
@ -44,6 +44,21 @@
|
||||
</Constraint>
|
||||
</Constraints>
|
||||
</Component>
|
||||
<Component class="javax.swing.JTextField" name="licenseNumberTextField">
|
||||
<Properties>
|
||||
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
|
||||
<ResourceString bundle="com/basistech/df/cybertriage/autopsy/ctoptions/ctcloud/Bundle.properties" key="CTLicenseDialog.licenseNumberTextField.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, "{key}")"/>
|
||||
</Property>
|
||||
<Property name="toolTipText" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
|
||||
<ResourceString bundle="com/basistech/df/cybertriage/autopsy/ctoptions/ctcloud/Bundle.properties" key="CTLicenseDialog.licenseNumberTextField.toolTipText" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, "{key}")"/>
|
||||
</Property>
|
||||
</Properties>
|
||||
<Constraints>
|
||||
<Constraint layoutClass="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout" value="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout$GridBagConstraintsDescription">
|
||||
<GridBagConstraints gridX="0" gridY="1" gridWidth="3" gridHeight="1" fill="2" ipadX="0" ipadY="0" insetsTop="0" insetsLeft="5" insetsBottom="5" insetsRight="5" anchor="10" weightX="0.0" weightY="0.0"/>
|
||||
</Constraint>
|
||||
</Constraints>
|
||||
</Component>
|
||||
<Component class="javax.swing.JLabel" name="warningLabel">
|
||||
<Properties>
|
||||
<Property name="foreground" type="java.awt.Color" editor="org.netbeans.modules.form.RADConnectionPropertyEditor">
|
||||
@ -92,6 +107,19 @@
|
||||
</DimensionLayout>
|
||||
</Layout>
|
||||
</Container>
|
||||
<Container class="javax.swing.JPanel" name="buttonPanel">
|
||||
<AuxValues>
|
||||
<AuxValue name="JavaCodeGenerator_VariableLocal" type="java.lang.Boolean" value="true"/>
|
||||
<AuxValue name="JavaCodeGenerator_VariableModifier" type="java.lang.Integer" value="0"/>
|
||||
</AuxValues>
|
||||
<Constraints>
|
||||
<Constraint layoutClass="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout" value="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout$GridBagConstraintsDescription">
|
||||
<GridBagConstraints gridX="1" gridY="3" gridWidth="2" gridHeight="1" fill="0" ipadX="0" ipadY="0" insetsTop="0" insetsLeft="0" insetsBottom="0" insetsRight="0" anchor="10" weightX="0.0" weightY="0.0"/>
|
||||
</Constraint>
|
||||
</Constraints>
|
||||
|
||||
<Layout class="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout"/>
|
||||
<SubComponents>
|
||||
<Component class="javax.swing.JButton" name="okButton">
|
||||
<Properties>
|
||||
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
|
||||
@ -103,7 +131,7 @@
|
||||
</Events>
|
||||
<Constraints>
|
||||
<Constraint layoutClass="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout" value="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout$GridBagConstraintsDescription">
|
||||
<GridBagConstraints gridX="2" gridY="3" gridWidth="1" gridHeight="1" fill="0" ipadX="0" ipadY="0" insetsTop="0" insetsLeft="5" insetsBottom="5" insetsRight="5" anchor="18" weightX="0.0" weightY="0.0"/>
|
||||
<GridBagConstraints gridX="0" gridY="0" gridWidth="1" gridHeight="1" fill="2" ipadX="0" ipadY="0" insetsTop="0" insetsLeft="5" insetsBottom="10" insetsRight="5" anchor="18" weightX="1.0" weightY="0.0"/>
|
||||
</Constraint>
|
||||
</Constraints>
|
||||
</Component>
|
||||
@ -118,24 +146,11 @@
|
||||
</Events>
|
||||
<Constraints>
|
||||
<Constraint layoutClass="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout" value="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout$GridBagConstraintsDescription">
|
||||
<GridBagConstraints gridX="1" gridY="3" gridWidth="1" gridHeight="1" fill="0" ipadX="0" ipadY="0" insetsTop="0" insetsLeft="5" insetsBottom="5" insetsRight="5" anchor="18" weightX="0.0" weightY="0.0"/>
|
||||
</Constraint>
|
||||
</Constraints>
|
||||
</Component>
|
||||
<Component class="javax.swing.JTextField" name="licenseNumberTextField">
|
||||
<Properties>
|
||||
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
|
||||
<ResourceString bundle="com/basistech/df/cybertriage/autopsy/ctoptions/ctcloud/Bundle.properties" key="CTLicenseDialog.licenseNumberTextField.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, "{key}")"/>
|
||||
</Property>
|
||||
<Property name="toolTipText" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
|
||||
<ResourceString bundle="com/basistech/df/cybertriage/autopsy/ctoptions/ctcloud/Bundle.properties" key="CTLicenseDialog.licenseNumberTextField.toolTipText" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, "{key}")"/>
|
||||
</Property>
|
||||
</Properties>
|
||||
<Constraints>
|
||||
<Constraint layoutClass="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout" value="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout$GridBagConstraintsDescription">
|
||||
<GridBagConstraints gridX="0" gridY="1" gridWidth="3" gridHeight="1" fill="2" ipadX="0" ipadY="0" insetsTop="0" insetsLeft="5" insetsBottom="5" insetsRight="5" anchor="10" weightX="0.0" weightY="0.0"/>
|
||||
<GridBagConstraints gridX="1" gridY="0" gridWidth="1" gridHeight="1" fill="2" ipadX="0" ipadY="0" insetsTop="0" insetsLeft="0" insetsBottom="10" insetsRight="10" anchor="18" weightX="1.0" weightY="0.0"/>
|
||||
</Constraint>
|
||||
</Constraints>
|
||||
</Component>
|
||||
</SubComponents>
|
||||
</Container>
|
||||
</SubComponents>
|
||||
</Form>
|
||||
|
||||
@ -58,6 +58,11 @@ class CTLicenseDialog extends javax.swing.JDialog {
|
||||
verifyInput();
|
||||
}
|
||||
});
|
||||
|
||||
// set ok button as primary button
|
||||
this.getRootPane().setDefaultButton(okButton);
|
||||
// request focus for entering license string
|
||||
this.licenseNumberTextField.requestFocusInWindow();
|
||||
}
|
||||
|
||||
private void configureHintText() {
|
||||
@ -99,11 +104,12 @@ class CTLicenseDialog extends javax.swing.JDialog {
|
||||
java.awt.GridBagConstraints gridBagConstraints;
|
||||
|
||||
javax.swing.JLabel licenseNumberLabel = new javax.swing.JLabel();
|
||||
licenseNumberTextField = new javax.swing.JTextField();
|
||||
warningLabel = new javax.swing.JLabel();
|
||||
javax.swing.JPanel buttonPadding = new javax.swing.JPanel();
|
||||
javax.swing.JPanel buttonPanel = new javax.swing.JPanel();
|
||||
okButton = new javax.swing.JButton();
|
||||
cancelButton = new javax.swing.JButton();
|
||||
licenseNumberTextField = new javax.swing.JTextField();
|
||||
|
||||
setDefaultCloseOperation(javax.swing.WindowConstants.DISPOSE_ON_CLOSE);
|
||||
setTitle(org.openide.util.NbBundle.getMessage(CTLicenseDialog.class, "CTLicenseDialog.title")); // NOI18N
|
||||
@ -121,6 +127,16 @@ class CTLicenseDialog extends javax.swing.JDialog {
|
||||
gridBagConstraints.insets = new java.awt.Insets(5, 5, 5, 5);
|
||||
getContentPane().add(licenseNumberLabel, gridBagConstraints);
|
||||
|
||||
licenseNumberTextField.setText(org.openide.util.NbBundle.getMessage(CTLicenseDialog.class, "CTLicenseDialog.licenseNumberTextField.text")); // NOI18N
|
||||
licenseNumberTextField.setToolTipText(org.openide.util.NbBundle.getMessage(CTLicenseDialog.class, "CTLicenseDialog.licenseNumberTextField.toolTipText")); // NOI18N
|
||||
gridBagConstraints = new java.awt.GridBagConstraints();
|
||||
gridBagConstraints.gridx = 0;
|
||||
gridBagConstraints.gridy = 1;
|
||||
gridBagConstraints.gridwidth = 3;
|
||||
gridBagConstraints.fill = java.awt.GridBagConstraints.HORIZONTAL;
|
||||
gridBagConstraints.insets = new java.awt.Insets(0, 5, 5, 5);
|
||||
getContentPane().add(licenseNumberTextField, gridBagConstraints);
|
||||
|
||||
warningLabel.setForeground(java.awt.Color.RED);
|
||||
org.openide.awt.Mnemonics.setLocalizedText(warningLabel, org.openide.util.NbBundle.getMessage(CTLicenseDialog.class, "CTLicenseDialog.warningLabel.text")); // NOI18N
|
||||
warningLabel.setMaximumSize(new java.awt.Dimension(419, 36));
|
||||
@ -151,6 +167,8 @@ class CTLicenseDialog extends javax.swing.JDialog {
|
||||
gridBagConstraints.weightx = 1.0;
|
||||
getContentPane().add(buttonPadding, gridBagConstraints);
|
||||
|
||||
buttonPanel.setLayout(new java.awt.GridBagLayout());
|
||||
|
||||
org.openide.awt.Mnemonics.setLocalizedText(okButton, org.openide.util.NbBundle.getMessage(CTLicenseDialog.class, "CTLicenseDialog.okButton.text")); // NOI18N
|
||||
okButton.addActionListener(new java.awt.event.ActionListener() {
|
||||
public void actionPerformed(java.awt.event.ActionEvent evt) {
|
||||
@ -158,11 +176,13 @@ class CTLicenseDialog extends javax.swing.JDialog {
|
||||
}
|
||||
});
|
||||
gridBagConstraints = new java.awt.GridBagConstraints();
|
||||
gridBagConstraints.gridx = 2;
|
||||
gridBagConstraints.gridy = 3;
|
||||
gridBagConstraints.gridx = 0;
|
||||
gridBagConstraints.gridy = 0;
|
||||
gridBagConstraints.fill = java.awt.GridBagConstraints.HORIZONTAL;
|
||||
gridBagConstraints.anchor = java.awt.GridBagConstraints.NORTHWEST;
|
||||
gridBagConstraints.insets = new java.awt.Insets(0, 5, 5, 5);
|
||||
getContentPane().add(okButton, gridBagConstraints);
|
||||
gridBagConstraints.weightx = 1.0;
|
||||
gridBagConstraints.insets = new java.awt.Insets(0, 5, 10, 5);
|
||||
buttonPanel.add(okButton, gridBagConstraints);
|
||||
|
||||
org.openide.awt.Mnemonics.setLocalizedText(cancelButton, org.openide.util.NbBundle.getMessage(CTLicenseDialog.class, "CTLicenseDialog.cancelButton.text")); // NOI18N
|
||||
cancelButton.addActionListener(new java.awt.event.ActionListener() {
|
||||
@ -172,20 +192,18 @@ class CTLicenseDialog extends javax.swing.JDialog {
|
||||
});
|
||||
gridBagConstraints = new java.awt.GridBagConstraints();
|
||||
gridBagConstraints.gridx = 1;
|
||||
gridBagConstraints.gridy = 3;
|
||||
gridBagConstraints.anchor = java.awt.GridBagConstraints.NORTHWEST;
|
||||
gridBagConstraints.insets = new java.awt.Insets(0, 5, 5, 5);
|
||||
getContentPane().add(cancelButton, gridBagConstraints);
|
||||
|
||||
licenseNumberTextField.setText(org.openide.util.NbBundle.getMessage(CTLicenseDialog.class, "CTLicenseDialog.licenseNumberTextField.text")); // NOI18N
|
||||
licenseNumberTextField.setToolTipText(org.openide.util.NbBundle.getMessage(CTLicenseDialog.class, "CTLicenseDialog.licenseNumberTextField.toolTipText")); // NOI18N
|
||||
gridBagConstraints = new java.awt.GridBagConstraints();
|
||||
gridBagConstraints.gridx = 0;
|
||||
gridBagConstraints.gridy = 1;
|
||||
gridBagConstraints.gridwidth = 3;
|
||||
gridBagConstraints.gridy = 0;
|
||||
gridBagConstraints.fill = java.awt.GridBagConstraints.HORIZONTAL;
|
||||
gridBagConstraints.insets = new java.awt.Insets(0, 5, 5, 5);
|
||||
getContentPane().add(licenseNumberTextField, gridBagConstraints);
|
||||
gridBagConstraints.anchor = java.awt.GridBagConstraints.NORTHWEST;
|
||||
gridBagConstraints.weightx = 1.0;
|
||||
gridBagConstraints.insets = new java.awt.Insets(0, 0, 10, 10);
|
||||
buttonPanel.add(cancelButton, gridBagConstraints);
|
||||
|
||||
gridBagConstraints = new java.awt.GridBagConstraints();
|
||||
gridBagConstraints.gridx = 1;
|
||||
gridBagConstraints.gridy = 3;
|
||||
gridBagConstraints.gridwidth = 2;
|
||||
getContentPane().add(buttonPanel, gridBagConstraints);
|
||||
|
||||
pack();
|
||||
}// </editor-fold>//GEN-END:initComponents
|
||||
|
||||
@ -134,8 +134,7 @@ class MalwareScanIngestModule implements FileIngestModule {
|
||||
"application/x-msdos-program"//NON-NLS
|
||||
).collect(Collectors.toSet());
|
||||
|
||||
private static final String MALWARE_TYPE_NAME = "TSK_MALWARE";
|
||||
private static final String MALWARE_CONFIG = "Cyber Triage Cloud";
|
||||
private static final String MALWARE_CONFIG = ""; // NOTE: Adding a configuration complicates NTL branch UI
|
||||
|
||||
private static final Logger logger = Logger.getLogger(MalwareScanIngestModule.class.getName());
|
||||
|
||||
@ -235,18 +234,13 @@ class MalwareScanIngestModule implements FileIngestModule {
|
||||
|
||||
// setup necessary variables for processing
|
||||
SleuthkitCase tskCase = Case.getCurrentCaseThrows().getSleuthkitCase();
|
||||
BlackboardArtifact.Type malwareType = tskCase.getBlackboard().getOrAddArtifactType(
|
||||
MALWARE_TYPE_NAME,
|
||||
Bundle.MalwareScanIngestModule_malwareTypeDisplayName(),
|
||||
BlackboardArtifact.Category.ANALYSIS_RESULT);
|
||||
|
||||
return new IngestJobState(
|
||||
context,
|
||||
tskCase,
|
||||
new PathNormalizer(tskCase),
|
||||
new FileTypeDetector(),
|
||||
licenseInfoOpt.get(),
|
||||
malwareType,
|
||||
BlackboardArtifact.Type.TSK_MALWARE,
|
||||
uploadFiles,
|
||||
true
|
||||
);
|
||||
|
||||
@ -64,6 +64,7 @@ import static org.sleuthkit.datamodel.BlackboardArtifact.Type.TSK_INTERESTING_IT
|
||||
import static org.sleuthkit.datamodel.BlackboardArtifact.Type.TSK_TL_EVENT;
|
||||
import static org.sleuthkit.datamodel.BlackboardArtifact.Type.TSK_ASSOCIATED_OBJECT;
|
||||
import static org.sleuthkit.datamodel.BlackboardArtifact.Type.TSK_KEYWORD_HIT;
|
||||
import static org.sleuthkit.datamodel.BlackboardArtifact.Type.TSK_MALWARE;
|
||||
|
||||
/**
|
||||
* Classes for creating nodes for BlackboardArtifacts.
|
||||
@ -73,10 +74,6 @@ public class Artifacts {
|
||||
private static final Set<IngestManager.IngestJobEvent> INGEST_JOB_EVENTS_OF_INTEREST
|
||||
= EnumSet.of(IngestManager.IngestJobEvent.COMPLETED, IngestManager.IngestJobEvent.CANCELLED);
|
||||
|
||||
// this is currently a custom TSK artifact type, created in MalwareScanIngestModule
|
||||
private static BlackboardArtifact.Type MALWARE_ARTIFACT_TYPE = null;
|
||||
private static final String MALWARE_HITS = "TSK_MALWARE";
|
||||
|
||||
/**
|
||||
* Base class for a parent node of artifacts.
|
||||
*/
|
||||
@ -247,15 +244,6 @@ public class Artifacts {
|
||||
@SuppressWarnings("deprecation")
|
||||
private static TypeNodeKey getTypeKey(BlackboardArtifact.Type type, SleuthkitCase skCase, long dsObjId) {
|
||||
|
||||
// Get the custom TSK_MALWARE artifact type from case database
|
||||
if (MALWARE_ARTIFACT_TYPE == null) {
|
||||
try {
|
||||
MALWARE_ARTIFACT_TYPE = skCase.getArtifactType(MALWARE_HITS);
|
||||
} catch (TskCoreException ex) {
|
||||
logger.log(Level.WARNING, "Unable to get TSK_MALWARE artifact type from database : ", ex); //NON-NLS
|
||||
}
|
||||
}
|
||||
|
||||
int typeId = type.getTypeID();
|
||||
if (TSK_EMAIL_MSG.getTypeID() == typeId) {
|
||||
EmailExtracted.RootNode emailNode = new EmailExtracted(skCase, dsObjId).new RootNode();
|
||||
@ -281,9 +269,9 @@ public class Artifacts {
|
||||
} else if (TSK_HASHSET_HIT.getTypeID() == typeId) {
|
||||
HashsetHits.RootNode hashsetHits = new HashsetHits(skCase, dsObjId).new RootNode();
|
||||
return new TypeNodeKey(hashsetHits, TSK_HASHSET_HIT);
|
||||
} else if (MALWARE_ARTIFACT_TYPE != null && MALWARE_ARTIFACT_TYPE.getTypeID() == typeId) {
|
||||
} else if (TSK_MALWARE.getTypeID() == typeId) {
|
||||
MalwareHits.RootNode malwareHits = new MalwareHits(skCase, dsObjId).new RootNode();
|
||||
return new TypeNodeKey(malwareHits, MALWARE_ARTIFACT_TYPE);
|
||||
return new TypeNodeKey(malwareHits, TSK_MALWARE);
|
||||
} else {
|
||||
return new TypeNodeKey(type, dsObjId);
|
||||
}
|
||||
|
||||
@ -44,12 +44,12 @@ import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
|
||||
import org.sleuthkit.autopsy.coreutils.Logger;
|
||||
import org.sleuthkit.autopsy.ingest.IngestManager;
|
||||
import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
|
||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||
import org.sleuthkit.datamodel.SleuthkitCase;
|
||||
import org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery;
|
||||
import org.sleuthkit.datamodel.TskCoreException;
|
||||
import org.sleuthkit.autopsy.datamodel.Artifacts.UpdatableCountTypeNode;
|
||||
import org.sleuthkit.datamodel.AnalysisResult;
|
||||
import static org.sleuthkit.datamodel.BlackboardArtifact.Type.TSK_MALWARE;
|
||||
import org.sleuthkit.datamodel.Score;
|
||||
|
||||
/**
|
||||
@ -57,9 +57,6 @@ import org.sleuthkit.datamodel.Score;
|
||||
*/
|
||||
public class MalwareHits implements AutopsyVisitableItem {
|
||||
|
||||
private static final String MALWARE_HITS = "TSK_MALWARE"; // this is currently a custom TSK artifact type, created in MalwareScanIngestModule
|
||||
private static BlackboardArtifact.Type MALWARE_ARTIFACT_TYPE = null;
|
||||
private static String DISPLAY_NAME;
|
||||
private static final Logger logger = Logger.getLogger(MalwareHits.class.getName());
|
||||
private static final Set<IngestManager.IngestJobEvent> INGEST_JOB_EVENTS_OF_INTEREST = EnumSet.of(IngestManager.IngestJobEvent.COMPLETED, IngestManager.IngestJobEvent.CANCELLED);
|
||||
private static final Set<IngestManager.IngestModuleEvent> INGEST_MODULE_EVENTS_OF_INTEREST = EnumSet.of(IngestManager.IngestModuleEvent.DATA_ADDED);
|
||||
@ -126,20 +123,9 @@ public class MalwareHits implements AutopsyVisitableItem {
|
||||
return;
|
||||
}
|
||||
|
||||
// Get the custom TSK_MALWARE artifact type from case database
|
||||
if (MALWARE_ARTIFACT_TYPE == null) {
|
||||
try {
|
||||
MALWARE_ARTIFACT_TYPE = skCase.getArtifactType(MALWARE_HITS);
|
||||
DISPLAY_NAME = MALWARE_ARTIFACT_TYPE.getDisplayName();
|
||||
} catch (TskCoreException ex) {
|
||||
logger.log(Level.WARNING, "Unable to get TSK_MALWARE artifact type from database : ", ex); //NON-NLS
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
String query = "SELECT blackboard_artifacts.artifact_obj_id " //NON-NLS
|
||||
+ "FROM blackboard_artifacts,tsk_analysis_results WHERE " //NON-NLS
|
||||
+ "blackboard_artifacts.artifact_type_id=" + MALWARE_ARTIFACT_TYPE.getTypeID() //NON-NLS
|
||||
+ "blackboard_artifacts.artifact_type_id=" + TSK_MALWARE.getTypeID() //NON-NLS
|
||||
+ " AND tsk_analysis_results.artifact_obj_id=blackboard_artifacts.artifact_obj_id" //NON-NLS
|
||||
+ " AND (tsk_analysis_results.significance=" + Score.Significance.NOTABLE.getId() //NON-NLS
|
||||
+ " OR tsk_analysis_results.significance=" + Score.Significance.LIKELY_NOTABLE.getId() + " )"; //NON-NLS
|
||||
@ -182,7 +168,7 @@ public class MalwareHits implements AutopsyVisitableItem {
|
||||
* oldValue if the event is a remote event.
|
||||
*/
|
||||
ModuleDataEvent eventData = (ModuleDataEvent) evt.getOldValue();
|
||||
if (null != eventData && eventData.getBlackboardArtifactType().getTypeID() == MALWARE_ARTIFACT_TYPE.getTypeID()) {
|
||||
if (null != eventData && eventData.getBlackboardArtifactType().getTypeID() == TSK_MALWARE.getTypeID()) {
|
||||
malwareResults.update();
|
||||
}
|
||||
} catch (NoCurrentCaseException notUsed) {
|
||||
@ -248,13 +234,13 @@ public class MalwareHits implements AutopsyVisitableItem {
|
||||
public class RootNode extends UpdatableCountTypeNode {
|
||||
|
||||
public RootNode() {
|
||||
super(Children.create(new HitFactory(DISPLAY_NAME), true),
|
||||
Lookups.singleton(DISPLAY_NAME),
|
||||
DISPLAY_NAME,
|
||||
super(Children.create(new HitFactory(TSK_MALWARE.getDisplayName()), true),
|
||||
Lookups.singleton(TSK_MALWARE.getDisplayName()),
|
||||
TSK_MALWARE.getDisplayName(),
|
||||
filteringDSObjId,
|
||||
MALWARE_ARTIFACT_TYPE);
|
||||
TSK_MALWARE);
|
||||
|
||||
super.setName(MALWARE_HITS);
|
||||
super.setName(TSK_MALWARE.getTypeName());
|
||||
// TODO make an icon
|
||||
this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/artifact-icon.png");
|
||||
}
|
||||
@ -297,7 +283,7 @@ public class MalwareHits implements AutopsyVisitableItem {
|
||||
*/
|
||||
@Override
|
||||
void updateDisplayName() {
|
||||
super.setDisplayName(DISPLAY_NAME + " (" + malwareResults.getArtifactIds().size() + ")");
|
||||
super.setDisplayName(TSK_MALWARE.getDisplayName() + " (" + malwareResults.getArtifactIds().size() + ")");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
file.reference.sqlite-jdbc-3.42.0.0.jar=release/modules/ext/sqlite-jdbc-3.42.0.0.jar
|
||||
file.reference.sqlite-jdbc-3.42.0.1.jar=release/modules/ext/sqlite-jdbc-3.42.0.1.jar
|
||||
javac.source=17
|
||||
javac.compilerargs=-Xlint -Xlint:-serial
|
||||
license.file=LICENSE-2.0.txt
|
||||
|
||||
@ -142,8 +142,8 @@
|
||||
</module-dependencies>
|
||||
<public-packages/>
|
||||
<class-path-extension>
|
||||
<runtime-relative-path>ext/sqlite-jdbc-3.42.0.0.jar</runtime-relative-path>
|
||||
<binary-origin>release/modules/ext/sqlite-jdbc-3.42.0.0.jar</binary-origin>
|
||||
<runtime-relative-path>ext/sqlite-jdbc-3.42.0.1.jar</runtime-relative-path>
|
||||
<binary-origin>release/modules/ext/sqlite-jdbc-3.42.0.1.jar</binary-origin>
|
||||
</class-path-extension>
|
||||
</data>
|
||||
</configuration>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
javac.source=17
|
||||
file.reference.Rejistry-1.1-SNAPSHOT.jar=release/modules/ext/Rejistry-1.1-SNAPSHOT.jar
|
||||
file.reference.sqlite-jdbc-3.42.0.0.jar=release/modules/ext/sqlite-jdbc-3.42.0.0.jar
|
||||
file.reference.sqlite-jdbc-3.42.0.1.jar=release/modules/ext/sqlite-jdbc-3.42.0.1.jar
|
||||
javac.compilerargs=-Xlint -Xlint:-serial
|
||||
license.file=../LICENSE-2.0.txt
|
||||
nbm.homepage=http://www.sleuthkit.org/autopsy/
|
||||
|
||||
@ -88,8 +88,8 @@
|
||||
<binary-origin>release/modules/ext/Rejistry-1.1-SNAPSHOT.jar</binary-origin>
|
||||
</class-path-extension>
|
||||
<class-path-extension>
|
||||
<runtime-relative-path>ext/sqlite-jdbc-3.42.0.0.jar</runtime-relative-path>
|
||||
<binary-origin>release/modules/ext/sqlite-jdbc-3.42.0.0.jar</binary-origin>
|
||||
<runtime-relative-path>ext/sqlite-jdbc-3.42.0.1.jar</runtime-relative-path>
|
||||
<binary-origin>release/modules/ext/sqlite-jdbc-3.42.0.1.jar</binary-origin>
|
||||
</class-path-extension>
|
||||
</data>
|
||||
</configuration>
|
||||
|
||||
@ -13,17 +13,19 @@ For more information on what the module does or obtaining a license, refer to [C
|
||||
|
||||
|
||||
Configuration
|
||||
=======
|
||||
==============
|
||||
|
||||
You will need to first get a paid or eval license from the above URL. The code will come in via email. Example license formats include:
|
||||
* AUT-8ed86eb5-17fc-4b3a-9b75-ce638c11b070
|
||||
* b826a555-951f-42ca-86ce-439a81106688
|
||||
|
||||
Once you have a license, you must add it on the Options panel. Choose the 'Cyber Triage' tab and choose 'Add License'.
|
||||
- AUT-8ed86eb5-17fc-4b3a-9b75-ce638c11b070
|
||||
- b826a555-951f-42ca-86ce-439a81106688
|
||||
|
||||
Once you have a license, you must add it on the Autopsy Options panel.
|
||||
Choose the 'Cyber Triage' tab and choose 'Add License'.
|
||||
|
||||
\image html malware-scanner-global-options-panel-no-license.png
|
||||
|
||||
After you enter the license number that you should have received from your email, you will then need to review and agree to the license terms.
|
||||
After you enter the license number from your email, you will then need to review and agree to the license terms.
|
||||
|
||||
|
||||
The options panel should now display information about the lookup limits. You can always refer back to here about what your limits are and when they reset.
|
||||
@ -38,7 +40,7 @@ Using the Module
|
||||
Ingest Settings
|
||||
------
|
||||
|
||||
For each data source, you select if you want files to be uploaded if they have not already been analyzed. By default, they are uploaded. You can choose to not upload them though.
|
||||
For each data source, you select if you want files to be uploaded if they have not already been analyzed. By default, they are uploaded. You can choose to not upload them though. Refer to the main [website](https://cybertriage.com/autopsy-malware-module) for details on what happens when files are uploaded.
|
||||
|
||||
\image html malware-scanner-ingest-panel.png
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
<hr/>
|
||||
<p><i>Copyright © 2012-2022 Basis Technology. Generated on $date<br/>
|
||||
<p><i>Copyright © 2012-2023 BasisTech. Generated on $date<br/>
|
||||
This work is licensed under a
|
||||
<a rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/us/">Creative Commons Attribution-Share Alike 3.0 United States License</a>.
|
||||
</i></p>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user