moved volatility to experimental. Added Max to DSP progress monitor API.

Core/src/org/sleuthkit/autopsy/casemodule/AddImageWizardAddingProgressPanel.java

@@ -114,6 +114,17 @@ class AddImageWizardAddingProgressPanel extends ShortcutWizardDescriptorPanel {
                 }
             });
         }
+        
+        @Override
+        public void setProgressMax(final int max) {
+            // update the progress bar asynchronously
+            EventQueue.invokeLater(new Runnable() {
+                @Override
+                public void run() {
+                    getComponent().getProgressBar().setMaximum(max);
+                }
+            });
+        }
 
         @Override
         public void setProgressText(final String text) {

Core/src/org/sleuthkit/autopsy/casemodule/AddImageWizardSelectDspVisual.java

@@ -41,7 +41,6 @@ import org.openide.util.NbBundle;
 import org.sleuthkit.autopsy.corecomponentinterfaces.DataSourceProcessor;
 import org.sleuthkit.autopsy.datasourceprocessors.RawDSProcessor;
 import org.sleuthkit.autopsy.coreutils.Logger;
-import org.sleuthkit.autopsy.datasourceprocessors.MemoryDSProcessor;
 
 /**
  * Panel which displays the available DataSourceProcessors and allows selection
@@ -196,7 +195,6 @@ final class AddImageWizardSelectDspVisual extends JPanel {
         dspList.add(LocalDiskDSProcessor.getType());
         dspList.add(LocalFilesDSProcessor.getType());
         dspList.add(RawDSProcessor.getType());
-        dspList.add(MemoryDSProcessor.getType());
         // now add any addtional DSPs that haven't already been added
         for (String dspType : datasourceProcessorsMap.keySet()) {
             if (!dspList.contains(dspType)) {

Core/src/org/sleuthkit/autopsy/corecomponentinterfaces/DataSourceProcessorProgressMonitor.java

@@ -25,9 +25,28 @@ package org.sleuthkit.autopsy.corecomponentinterfaces;
  */
 public interface DataSourceProcessorProgressMonitor {
 
+    /**
+     * Identify if progress will be indeterminate or not
+     * 
+     * @param indeterminate true if progress bar should not show steps
+     */
     void setIndeterminate(boolean indeterminate);
 
+    /**
+     * Increment the progress bar if it is determinate
+     * @param progress How much progress has happened. Must be smaller than value passed to setProgressMax()
+     */
     void setProgress(int progress);
+    
+    /**
+     * Maximum value for a determinate progress bar. 
+     * @param max Max value that will be used 
+     */
+    default void setProgressMax(final int max) { }
 
+    /**
+     * Set the text to be displayed to the user.
+     * @param text Text to display
+     */
     void setProgressText(String text);
 }

Core/src/org/sleuthkit/autopsy/datasourceprocessors/Bundle.properties

@@ -10,11 +10,3 @@ RawDSInputPanel.jBreakFileUpLabel.text=Break image up into:
 RawDSInputPanel.jNoBreakupRadioButton.text=Do not break up
 RawDSInputPanel.j2GBBreakupRadioButton.text=2GB chunks
 RawDSInputPanel.timeZoneLabel.text=Please select the input timezone:
-MemoryDSInputPanel.pathLabel.text=Browse for a memory image file:
-MemoryDSInputPanel.pathLabel.AccessibleContext.accessibleName=Browse for a memory image file:
-MemoryDSInputPanel.errorLabel.text=Error Label
-MemoryDSInputPanel.browseButton.text=Browse
-MemoryDSImputPanel.pathTextField.text=
-MemoryDSInputPanel.timeZoneLabel.text=Please select the input timezone:
-MemoryDSInputPanel.volExecutableLabel.text=Version of Volatility to Run:
-MemoryDSInputPanel.PluginsToRunLabel.text=Available plugins to run:

Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/AddMemoryImageTask.java

@@ -16,7 +16,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.sleuthkit.autopsy.datasourceprocessors;
+package org.sleuthkit.autopsy.experimental.volatilityDSP;
 
 import java.io.File;
 import java.nio.file.Paths;

Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/Bundle.properties

@@ -0,0 +1,13 @@
+# To change this license header, choose License Headers in Project Properties.
+# To change this template file, choose Tools | Templates
+# and open the template in the editor.
+
+MemoryDSInputPanel.pathLabel.AccessibleContext.accessibleName=Browse for a memory image file:
+MemoryDSInputPanel.PluginsToRunLabel.text=Available plugins to run:
+MemoryDSInputPanel.volExecutableLabel.text=Version of Volatility to Run:
+MemoryDSInputPanel.pathLabel.text=Browse for a memory image file:
+MemoryDSInputPanel.pathTextField.text=
+MemoryDSInputPanel.errorLabel.text=Error Label
+MemoryDSInputPanel.browseButton.text=Browse
+MemoryDSImputPanel.pathTextField.text=
+MemoryDSInputPanel.timeZoneLabel.text=Please select the input timezone:

Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/MemoryDSInputPanel.form

@@ -90,7 +90,7 @@
       </Properties>
       <AccessibilityProperties>
         <Property name="AccessibleContext.accessibleName" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
-          <ResourceString bundle="org/sleuthkit/autopsy/datasourceprocessors/Bundle.properties" key="MemoryDSInputPanel.pathLabel.AccessibleContext.accessibleName" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
+          <ResourceString bundle="org/sleuthkit/autopsy/experimental/volatilityDSP/Bundle.properties" key="MemoryDSInputPanel.pathLabel.AccessibleContext.accessibleName" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
         </Property>
       </AccessibilityProperties>
     </Component>
@@ -142,7 +142,7 @@
     <Component class="javax.swing.JLabel" name="volExecutableLabel">
       <Properties>
         <Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
-          <ResourceString bundle="org/sleuthkit/autopsy/datasourceprocessors/Bundle.properties" key="MemoryDSInputPanel.volExecutableLabel.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
+          <ResourceString bundle="org/sleuthkit/autopsy/experimental/volatilityDSP/Bundle.properties" key="MemoryDSInputPanel.volExecutableLabel.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
         </Property>
       </Properties>
     </Component>
@@ -163,7 +163,7 @@
     <Component class="javax.swing.JLabel" name="PluginsToRunLabel">
       <Properties>
         <Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
-          <ResourceString bundle="org/sleuthkit/autopsy/datasourceprocessors/Bundle.properties" key="MemoryDSInputPanel.PluginsToRunLabel.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
+          <ResourceString bundle="org/sleuthkit/autopsy/experimental/volatilityDSP/Bundle.properties" key="MemoryDSInputPanel.PluginsToRunLabel.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
         </Property>
       </Properties>
     </Component>

Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/MemoryDSInputPanel.java

@@ -16,7 +16,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.sleuthkit.autopsy.datasourceprocessors;
+package org.sleuthkit.autopsy.experimental.volatilityDSP;
 
 import java.io.File;
 import java.util.ArrayList;
@@ -52,8 +52,9 @@ final class MemoryDSInputPanel extends JPanel implements DocumentListener {
     private final List<String> PluginListNames = new ArrayList<>();
     private final Map<String, Boolean> pluginListStates = new HashMap<>(); // is set by listeners when users select and deselect items
     private final Boolean isEnabled = true;
+    
     /**
-     * Creates new form RawDSInputPanel
+     * Creates new  MemoryDSInputPanel panel for user input
      */
     private MemoryDSInputPanel(String context) {
         this.pluginList = new String[]{"amcache","cmdline","cmdscan","consoles","malfind","netscan","notepad","pslist","psxview","shellbags","shimcache","shutdown","userassist", "apihooks","connscan","devicetree","dlllist","envars","filescan","gahti","getservicesids","getsids","handles","hashdump","hivelist","hivescan","impscan","ldrmodules","lsadump","modules","mutantscan","privs","psscan","pstree","sockets","svcscan","shimcache","timeliner","unloadedmodules","userhandles","vadinfo","verinfo"};
@@ -71,7 +72,7 @@ final class MemoryDSInputPanel extends JPanel implements DocumentListener {
     }
 
     /**
-     * Creates and returns an instance of a RawDSInputPanel.
+     * Creates and returns an instance the panel
      */
     static synchronized MemoryDSInputPanel createInstance(String context) {
         MemoryDSInputPanel instance = new MemoryDSInputPanel(context);
@@ -184,11 +185,11 @@ final class MemoryDSInputPanel extends JPanel implements DocumentListener {
         listsScrollPane = new javax.swing.JScrollPane();
         PluginList = new javax.swing.JTable();
 
-        org.openide.awt.Mnemonics.setLocalizedText(pathLabel, org.openide.util.NbBundle.getMessage(MemoryDSInputPanel.class, "RawDSInputPanel.pathLabel.text")); // NOI18N
+        org.openide.awt.Mnemonics.setLocalizedText(pathLabel, org.openide.util.NbBundle.getMessage(MemoryDSInputPanel.class, "MemoryDSInputPanel.pathLabel.text")); // NOI18N
 
-        pathTextField.setText(org.openide.util.NbBundle.getMessage(MemoryDSInputPanel.class, "RawDSInputPanel.pathTextField.text")); // NOI18N
+        pathTextField.setText(org.openide.util.NbBundle.getMessage(MemoryDSInputPanel.class, "MemoryDSInputPanel.pathTextField.text")); // NOI18N
 
-        org.openide.awt.Mnemonics.setLocalizedText(browseButton, org.openide.util.NbBundle.getMessage(MemoryDSInputPanel.class, "RawDSInputPanel.browseButton.text")); // NOI18N
+        org.openide.awt.Mnemonics.setLocalizedText(browseButton, org.openide.util.NbBundle.getMessage(MemoryDSInputPanel.class, "MemoryDSInputPanel.browseButton.text")); // NOI18N
         browseButton.addActionListener(new java.awt.event.ActionListener() {
             public void actionPerformed(java.awt.event.ActionEvent evt) {
                 browseButtonActionPerformed(evt);
@@ -196,9 +197,9 @@ final class MemoryDSInputPanel extends JPanel implements DocumentListener {
         });
 
         errorLabel.setForeground(new java.awt.Color(255, 0, 0));
-        org.openide.awt.Mnemonics.setLocalizedText(errorLabel, org.openide.util.NbBundle.getMessage(MemoryDSInputPanel.class, "RawDSInputPanel.errorLabel.text")); // NOI18N
+        org.openide.awt.Mnemonics.setLocalizedText(errorLabel, org.openide.util.NbBundle.getMessage(MemoryDSInputPanel.class, "MemoryDSInputPanel.errorLabel.text")); // NOI18N
 
-        org.openide.awt.Mnemonics.setLocalizedText(timeZoneLabel, org.openide.util.NbBundle.getMessage(MemoryDSInputPanel.class, "RawDSInputPanel.timeZoneLabel.text")); // NOI18N
+        org.openide.awt.Mnemonics.setLocalizedText(timeZoneLabel, org.openide.util.NbBundle.getMessage(MemoryDSInputPanel.class, "MemoryDSInputPanel.timeZoneLabel.text")); // NOI18N
 
         timeZoneComboBox.setMaximumRowCount(30);
 

Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/MemoryDSProcessor.java

@@ -16,7 +16,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.sleuthkit.autopsy.datasourceprocessors;
+package org.sleuthkit.autopsy.experimental.volatilityDSP;
 
 import java.util.UUID;
 import java.util.List;

Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java

@@ -16,7 +16,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.sleuthkit.autopsy.datasourceprocessors;
+package org.sleuthkit.autopsy.experimental.volatilityDSP;
 
 import java.io.BufferedReader;
 import java.io.FileReader;
@@ -53,7 +53,6 @@ import org.sleuthkit.datamodel.BlackboardArtifact;
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.datamodel.Image;
 import org.sleuthkit.datamodel.Report;
-import org.sleuthkit.datamodel.SleuthkitCase;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM;
 
@@ -103,6 +102,7 @@ class VolatilityProcessor {
         }
 
         progressMonitor.setIndeterminate(false);
+        progressMonitor.setProgressMax(pluginsToRun.size());
         for (int i = 0; i < pluginsToRun.size(); i++) {
             if (isCancelled)
                 break;
@@ -243,20 +243,8 @@ class VolatilityProcessor {
             if (fileName.length() < 1) {
                 continue;
             }
-           // if there is no extension, add a wildcard to the end
-            if (fileName.contains(".") == false) {
-                // if there is already the same entry with ".exe" in the set, just use that one
-                if (fileSet.contains(file + ".exe"))
-                    continue;
-                // if plugin is handles then skip if filename does not have an extension helps with 
-                // cases when there really is no just a directory or if it truly does not have an extension
-                if (pluginName.matches("handles"))
-                    continue;
-                fileName = fileName + ".%";
-            }
 
             String filePath = volfile.getParent();
-            
         
             try {
                 List<AbstractFile> resolvedFiles;
@@ -268,6 +256,22 @@ class VolatilityProcessor {
                     resolvedFiles = fileManager.findFiles(fileName, filePath); //NON-NLS
                 }
                 
+                // if we didn't get anything, then try adding a wildcard for extension
+                if ((resolvedFiles.isEmpty()) && (fileName.contains(".") == false)) {
+                    
+                    // if there is already the same entry with ".exe" in the set, just use that one
+                    if (fileSet.contains(file + ".exe"))
+                        continue;
+                    
+                    fileName = fileName + ".%";
+                    if (filePath == null) {
+                        resolvedFiles = fileManager.findFiles(fileName); //NON-NLS
+                    } else {
+                        resolvedFiles = fileManager.findFiles(fileName, filePath); //NON-NLS
+                    }
+
+                }
+                
                 if (resolvedFiles.isEmpty()) {
                     logger.log(Level.SEVERE, "File not found in lookup: " + filePath + "/" + fileName);
                     errorMsgs.add("File not found in lookup: " + filePath + "/" + fileName);
@@ -363,7 +367,12 @@ class VolatilityProcessor {
         filePath = filePath.replaceAll("%systemroot%", "/windows/");
         filePath = filePath.replaceAll("device/","");
         // helps with finding files in handles plugin
-        filePath = filePath.substring(filePath.indexOf("harddiskvolume[0-9]/") -1);
+        // example: \Device\clfs\Device\HarddiskVolume2\Users\joe\AppData\Local\Microsoft\Windows\UsrClass.dat{e15d4b01-1598-11e8-93e6-080027b5e733}.TM
+        if (filePath.contains("/harddiskvolume")) {
+            // 16 advances beyond harddiskvolume and the number
+            filePath = filePath.substring(filePath.indexOf("/harddiskvolume") + 16);
+        }
+        
         // no point returning these. We won't map to them
         if (filePath.startsWith("/namedpipe/"))
             return "";