diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/AddImageWizardAddingProgressPanel.java b/Core/src/org/sleuthkit/autopsy/casemodule/AddImageWizardAddingProgressPanel.java
index e4034d65b3..23a963bf6a 100644
--- a/Core/src/org/sleuthkit/autopsy/casemodule/AddImageWizardAddingProgressPanel.java
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/AddImageWizardAddingProgressPanel.java
@@ -114,6 +114,17 @@ class AddImageWizardAddingProgressPanel extends ShortcutWizardDescriptorPanel {
}
});
}
+
+ @Override
+ public void setProgressMax(final int max) {
+ // update the progress bar asynchronously
+ EventQueue.invokeLater(new Runnable() {
+ @Override
+ public void run() {
+ getComponent().getProgressBar().setMaximum(max);
+ }
+ });
+ }
@Override
public void setProgressText(final String text) {
diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/AddImageWizardSelectDspVisual.java b/Core/src/org/sleuthkit/autopsy/casemodule/AddImageWizardSelectDspVisual.java
index 37cb068951..e01773a79c 100644
--- a/Core/src/org/sleuthkit/autopsy/casemodule/AddImageWizardSelectDspVisual.java
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/AddImageWizardSelectDspVisual.java
@@ -41,7 +41,6 @@ import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.corecomponentinterfaces.DataSourceProcessor;
import org.sleuthkit.autopsy.datasourceprocessors.RawDSProcessor;
import org.sleuthkit.autopsy.coreutils.Logger;
-import org.sleuthkit.autopsy.datasourceprocessors.MemoryDSProcessor;
/**
* Panel which displays the available DataSourceProcessors and allows selection
@@ -196,7 +195,6 @@ final class AddImageWizardSelectDspVisual extends JPanel {
dspList.add(LocalDiskDSProcessor.getType());
dspList.add(LocalFilesDSProcessor.getType());
dspList.add(RawDSProcessor.getType());
- dspList.add(MemoryDSProcessor.getType());
// now add any addtional DSPs that haven't already been added
for (String dspType : datasourceProcessorsMap.keySet()) {
if (!dspList.contains(dspType)) {
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponentinterfaces/DataSourceProcessorProgressMonitor.java b/Core/src/org/sleuthkit/autopsy/corecomponentinterfaces/DataSourceProcessorProgressMonitor.java
index 31797c6664..639f4240a1 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponentinterfaces/DataSourceProcessorProgressMonitor.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponentinterfaces/DataSourceProcessorProgressMonitor.java
@@ -25,9 +25,28 @@ package org.sleuthkit.autopsy.corecomponentinterfaces;
*/
public interface DataSourceProcessorProgressMonitor {
+ /**
+ * Identify if progress will be indeterminate or not
+ *
+ * @param indeterminate true if progress bar should not show steps
+ */
void setIndeterminate(boolean indeterminate);
+ /**
+ * Increment the progress bar if it is determinate
+ * @param progress How much progress has happened. Must be smaller than value passed to setProgressMax()
+ */
void setProgress(int progress);
+
+ /**
+ * Maximum value for a determinate progress bar.
+ * @param max Max value that will be used
+ */
+ default void setProgressMax(final int max) { }
+ /**
+ * Set the text to be displayed to the user.
+ * @param text Text to display
+ */
void setProgressText(String text);
}
diff --git a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/Bundle.properties b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/Bundle.properties
index 1a02e13fa2..4a8de9a48b 100644
--- a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/Bundle.properties
+++ b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/Bundle.properties
@@ -10,11 +10,3 @@ RawDSInputPanel.jBreakFileUpLabel.text=Break image up into:
RawDSInputPanel.jNoBreakupRadioButton.text=Do not break up
RawDSInputPanel.j2GBBreakupRadioButton.text=2GB chunks
RawDSInputPanel.timeZoneLabel.text=Please select the input timezone:
-MemoryDSInputPanel.pathLabel.text=Browse for a memory image file:
-MemoryDSInputPanel.pathLabel.AccessibleContext.accessibleName=Browse for a memory image file:
-MemoryDSInputPanel.errorLabel.text=Error Label
-MemoryDSInputPanel.browseButton.text=Browse
-MemoryDSImputPanel.pathTextField.text=
-MemoryDSInputPanel.timeZoneLabel.text=Please select the input timezone:
-MemoryDSInputPanel.volExecutableLabel.text=Version of Volatility to Run:
-MemoryDSInputPanel.PluginsToRunLabel.text=Available plugins to run:
diff --git a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/AddMemoryImageTask.java b/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/AddMemoryImageTask.java
similarity index 99%
rename from Core/src/org/sleuthkit/autopsy/datasourceprocessors/AddMemoryImageTask.java
rename to Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/AddMemoryImageTask.java
index 4d8a761d95..cecf4b0138 100644
--- a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/AddMemoryImageTask.java
+++ b/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/AddMemoryImageTask.java
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.sleuthkit.autopsy.datasourceprocessors;
+package org.sleuthkit.autopsy.experimental.volatilityDSP;
import java.io.File;
import java.nio.file.Paths;
diff --git a/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/Bundle.properties b/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/Bundle.properties
new file mode 100755
index 0000000000..007b78dc5a
--- /dev/null
+++ b/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/Bundle.properties
@@ -0,0 +1,13 @@
+# To change this license header, choose License Headers in Project Properties.
+# To change this template file, choose Tools | Templates
+# and open the template in the editor.
+
+MemoryDSInputPanel.pathLabel.AccessibleContext.accessibleName=Browse for a memory image file:
+MemoryDSInputPanel.PluginsToRunLabel.text=Available plugins to run:
+MemoryDSInputPanel.volExecutableLabel.text=Version of Volatility to Run:
+MemoryDSInputPanel.pathLabel.text=Browse for a memory image file:
+MemoryDSInputPanel.pathTextField.text=
+MemoryDSInputPanel.errorLabel.text=Error Label
+MemoryDSInputPanel.browseButton.text=Browse
+MemoryDSImputPanel.pathTextField.text=
+MemoryDSInputPanel.timeZoneLabel.text=Please select the input timezone:
\ No newline at end of file
diff --git a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/MemoryDSInputPanel.form b/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/MemoryDSInputPanel.form
similarity index 93%
rename from Core/src/org/sleuthkit/autopsy/datasourceprocessors/MemoryDSInputPanel.form
rename to Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/MemoryDSInputPanel.form
index f70b0a4315..123f9b308b 100644
--- a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/MemoryDSInputPanel.form
+++ b/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/MemoryDSInputPanel.form
@@ -90,7 +90,7 @@
-
+
@@ -142,7 +142,7 @@
-
+
@@ -163,7 +163,7 @@
-
+
diff --git a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/MemoryDSInputPanel.java b/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/MemoryDSInputPanel.java
similarity index 97%
rename from Core/src/org/sleuthkit/autopsy/datasourceprocessors/MemoryDSInputPanel.java
rename to Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/MemoryDSInputPanel.java
index 3f2eff61ed..29374ac072 100644
--- a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/MemoryDSInputPanel.java
+++ b/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/MemoryDSInputPanel.java
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.sleuthkit.autopsy.datasourceprocessors;
+package org.sleuthkit.autopsy.experimental.volatilityDSP;
import java.io.File;
import java.util.ArrayList;
@@ -52,8 +52,9 @@ final class MemoryDSInputPanel extends JPanel implements DocumentListener {
private final List PluginListNames = new ArrayList<>();
private final Map pluginListStates = new HashMap<>(); // is set by listeners when users select and deselect items
private final Boolean isEnabled = true;
+
/**
- * Creates new form RawDSInputPanel
+ * Creates new MemoryDSInputPanel panel for user input
*/
private MemoryDSInputPanel(String context) {
this.pluginList = new String[]{"amcache","cmdline","cmdscan","consoles","malfind","netscan","notepad","pslist","psxview","shellbags","shimcache","shutdown","userassist", "apihooks","connscan","devicetree","dlllist","envars","filescan","gahti","getservicesids","getsids","handles","hashdump","hivelist","hivescan","impscan","ldrmodules","lsadump","modules","mutantscan","privs","psscan","pstree","sockets","svcscan","shimcache","timeliner","unloadedmodules","userhandles","vadinfo","verinfo"};
@@ -71,7 +72,7 @@ final class MemoryDSInputPanel extends JPanel implements DocumentListener {
}
/**
- * Creates and returns an instance of a RawDSInputPanel.
+ * Creates and returns an instance the panel
*/
static synchronized MemoryDSInputPanel createInstance(String context) {
MemoryDSInputPanel instance = new MemoryDSInputPanel(context);
@@ -184,11 +185,11 @@ final class MemoryDSInputPanel extends JPanel implements DocumentListener {
listsScrollPane = new javax.swing.JScrollPane();
PluginList = new javax.swing.JTable();
- org.openide.awt.Mnemonics.setLocalizedText(pathLabel, org.openide.util.NbBundle.getMessage(MemoryDSInputPanel.class, "RawDSInputPanel.pathLabel.text")); // NOI18N
+ org.openide.awt.Mnemonics.setLocalizedText(pathLabel, org.openide.util.NbBundle.getMessage(MemoryDSInputPanel.class, "MemoryDSInputPanel.pathLabel.text")); // NOI18N
- pathTextField.setText(org.openide.util.NbBundle.getMessage(MemoryDSInputPanel.class, "RawDSInputPanel.pathTextField.text")); // NOI18N
+ pathTextField.setText(org.openide.util.NbBundle.getMessage(MemoryDSInputPanel.class, "MemoryDSInputPanel.pathTextField.text")); // NOI18N
- org.openide.awt.Mnemonics.setLocalizedText(browseButton, org.openide.util.NbBundle.getMessage(MemoryDSInputPanel.class, "RawDSInputPanel.browseButton.text")); // NOI18N
+ org.openide.awt.Mnemonics.setLocalizedText(browseButton, org.openide.util.NbBundle.getMessage(MemoryDSInputPanel.class, "MemoryDSInputPanel.browseButton.text")); // NOI18N
browseButton.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
browseButtonActionPerformed(evt);
@@ -196,9 +197,9 @@ final class MemoryDSInputPanel extends JPanel implements DocumentListener {
});
errorLabel.setForeground(new java.awt.Color(255, 0, 0));
- org.openide.awt.Mnemonics.setLocalizedText(errorLabel, org.openide.util.NbBundle.getMessage(MemoryDSInputPanel.class, "RawDSInputPanel.errorLabel.text")); // NOI18N
+ org.openide.awt.Mnemonics.setLocalizedText(errorLabel, org.openide.util.NbBundle.getMessage(MemoryDSInputPanel.class, "MemoryDSInputPanel.errorLabel.text")); // NOI18N
- org.openide.awt.Mnemonics.setLocalizedText(timeZoneLabel, org.openide.util.NbBundle.getMessage(MemoryDSInputPanel.class, "RawDSInputPanel.timeZoneLabel.text")); // NOI18N
+ org.openide.awt.Mnemonics.setLocalizedText(timeZoneLabel, org.openide.util.NbBundle.getMessage(MemoryDSInputPanel.class, "MemoryDSInputPanel.timeZoneLabel.text")); // NOI18N
timeZoneComboBox.setMaximumRowCount(30);
diff --git a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/MemoryDSProcessor.java b/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/MemoryDSProcessor.java
similarity index 99%
rename from Core/src/org/sleuthkit/autopsy/datasourceprocessors/MemoryDSProcessor.java
rename to Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/MemoryDSProcessor.java
index de1baea13b..cfe2978fe0 100644
--- a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/MemoryDSProcessor.java
+++ b/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/MemoryDSProcessor.java
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.sleuthkit.autopsy.datasourceprocessors;
+package org.sleuthkit.autopsy.experimental.volatilityDSP;
import java.util.UUID;
import java.util.List;
diff --git a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/VolatilityProcessor.java b/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java
similarity index 95%
rename from Core/src/org/sleuthkit/autopsy/datasourceprocessors/VolatilityProcessor.java
rename to Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java
index 12e7ddff6b..de4f63af65 100644
--- a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/VolatilityProcessor.java
+++ b/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.sleuthkit.autopsy.datasourceprocessors;
+package org.sleuthkit.autopsy.experimental.volatilityDSP;
import java.io.BufferedReader;
import java.io.FileReader;
@@ -53,7 +53,6 @@ import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.Report;
-import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM;
@@ -103,6 +102,7 @@ class VolatilityProcessor {
}
progressMonitor.setIndeterminate(false);
+ progressMonitor.setProgressMax(pluginsToRun.size());
for (int i = 0; i < pluginsToRun.size(); i++) {
if (isCancelled)
break;
@@ -243,20 +243,8 @@ class VolatilityProcessor {
if (fileName.length() < 1) {
continue;
}
- // if there is no extension, add a wildcard to the end
- if (fileName.contains(".") == false) {
- // if there is already the same entry with ".exe" in the set, just use that one
- if (fileSet.contains(file + ".exe"))
- continue;
- // if plugin is handles then skip if filename does not have an extension helps with
- // cases when there really is no just a directory or if it truly does not have an extension
- if (pluginName.matches("handles"))
- continue;
- fileName = fileName + ".%";
- }
String filePath = volfile.getParent();
-
try {
List resolvedFiles;
@@ -268,6 +256,22 @@ class VolatilityProcessor {
resolvedFiles = fileManager.findFiles(fileName, filePath); //NON-NLS
}
+ // if we didn't get anything, then try adding a wildcard for extension
+ if ((resolvedFiles.isEmpty()) && (fileName.contains(".") == false)) {
+
+ // if there is already the same entry with ".exe" in the set, just use that one
+ if (fileSet.contains(file + ".exe"))
+ continue;
+
+ fileName = fileName + ".%";
+ if (filePath == null) {
+ resolvedFiles = fileManager.findFiles(fileName); //NON-NLS
+ } else {
+ resolvedFiles = fileManager.findFiles(fileName, filePath); //NON-NLS
+ }
+
+ }
+
if (resolvedFiles.isEmpty()) {
logger.log(Level.SEVERE, "File not found in lookup: " + filePath + "/" + fileName);
errorMsgs.add("File not found in lookup: " + filePath + "/" + fileName);
@@ -363,7 +367,12 @@ class VolatilityProcessor {
filePath = filePath.replaceAll("%systemroot%", "/windows/");
filePath = filePath.replaceAll("device/","");
// helps with finding files in handles plugin
- filePath = filePath.substring(filePath.indexOf("harddiskvolume[0-9]/") -1);
+ // example: \Device\clfs\Device\HarddiskVolume2\Users\joe\AppData\Local\Microsoft\Windows\UsrClass.dat{e15d4b01-1598-11e8-93e6-080027b5e733}.TM
+ if (filePath.contains("/harddiskvolume")) {
+ // 16 advances beyond harddiskvolume and the number
+ filePath = filePath.substring(filePath.indexOf("/harddiskvolume") + 16);
+ }
+
// no point returning these. We won't map to them
if (filePath.startsWith("/namedpipe/"))
return "";