mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-08 22:29:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Made changes based on review comments, including the addition of NON-NLS and changing hashtable to hashmap

Browse Source
This commit is contained in:
Kelly Kelly 2019-02-25 10:05:17 -05:00
parent e3f68e42fc
commit 1e1e010980
2 changed files with 90 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Extract.java
View File

@ -201,11 +201,19 @@ abstract class Extract {
return moduleName; return moduleName;
} }
/**
* Returns the state of foundData
* @return
*/
public boolean foundData() { public boolean foundData() {
return dataFound; return dataFound;
} }
protected void setFoundData(boolean b){ /**
dataFound = b; * Sets the value of foundData
* @param foundData
*/
protected void setFoundData(boolean foundData){
dataFound = foundData;
} }
} }

156
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractEdge.java
View File

@ -29,7 +29,7 @@ import java.text.SimpleDateFormat;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
import java.util.Hashtable; import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Scanner; import java.util.Scanner;
import java.util.logging.Level; import java.util.logging.Level;
@ -62,42 +62,42 @@ final class ExtractEdge extends Extract {
private final Path moduleTempResultPath; private final Path moduleTempResultPath;
private Content dataSource; private Content dataSource;
private IngestJobContext context; private IngestJobContext context;
private Hashtable<String, ArrayList<String>> containersTable; private HashMap<String, ArrayList<String>> containersTable;
private static final String EDGE = "Edge"; private static final String EDGE = "Edge"; //NON-NLS
private static final String EDGE_KEYWORD_VISIT = "Visited:"; private static final String EDGE_KEYWORD_VISIT = "Visited:"; //NON-NLS
private static final String IGNORE_COMMA_IN_QUOTES_REGEX = ",(?=(?:[^\"]*\"[^\"]*\")*[^\"]*$)"; private static final String IGNORE_COMMA_IN_QUOTES_REGEX = ",(?=(?:[^\"]*\"[^\"]*\")*[^\"]*$)"; //NON-NLS
private static final String EDGE_TABLE_TYPE_DOWNLOAD = "iedownload"; private static final String EDGE_TABLE_TYPE_DOWNLOAD = "iedownload"; //NON-NLS
private static final String EDGE_TABLE_TYPE_HISTORY = "History"; private static final String EDGE_TABLE_TYPE_HISTORY = "History"; //NON-NLS
private static final String EDGE_TABLE_TYPE_COOKIE = "cookie"; private static final String EDGE_TABLE_TYPE_COOKIE = "cookie"; //NON-NLS
private static final String EDGE_HEAD_URL = "url"; private static final String EDGE_HEAD_URL = "url"; //NON-NLS
private static final String EDGE_HEAD_ACCESSTIME = "accessedtime"; private static final String EDGE_HEAD_ACCESSTIME = "accessedtime"; //NON-NLS
private static final String EDGE_HEAD_NAME = "name"; private static final String EDGE_HEAD_NAME = "name"; //NON-NLS
private static final String EDGE_HEAD_CONTAINER_ID = "containerid"; private static final String EDGE_HEAD_CONTAINER_ID = "containerid"; //NON-NLS
private static final String EDGE_HEAD_RESPONSEHEAD = "responseheaders"; private static final String EDGE_HEAD_RESPONSEHEAD = "responseheaders"; //NON-NLS
private static final String EDGE_HEAD_TITLE = "title"; private static final String EDGE_HEAD_TITLE = "title"; //NON-NLS
private static final String EDGE_HEAD_RDOMAIN = "rdomain"; private static final String EDGE_HEAD_RDOMAIN = "rdomain"; //NON-NLS
private static final String EDGE_HEAD_VALUE = "value"; private static final String EDGE_HEAD_VALUE = "value"; //NON-NLS
private static final String EDGE_HEAD_LASTMOD = "lastmodified"; private static final String EDGE_HEAD_LASTMOD = "lastmodified"; //NON-NLS
private static final String EDGE_WEBCACHE_PREFIX = "WebCacheV01"; private static final String EDGE_WEBCACHE_PREFIX = "WebCacheV01"; //NON-NLS
private static final String EDGE_CONTAINER_FILE_PREFIX = "Container_"; private static final String EDGE_CONTAINER_FILE_PREFIX = "Container_"; //NON-NLS
private static final String EDGE_CONTAINER_FILE_EXT = ".csv"; private static final String EDGE_CONTAINER_FILE_EXT = ".csv"; //NON-NLS
private static final String EDGE_WEBCACHE_EXT = ".dat"; private static final String EDGE_WEBCACHE_EXT = ".dat"; //NON-NLS
private static final String ESE_TOOL_NAME = "ESEDatabaseView.exe"; private static final String ESE_TOOL_NAME = "ESEDatabaseView.exe"; //NON-NLS
private static final String EDGE_WEBCACHE_NAME = "WebCacheV01.dat"; private static final String EDGE_WEBCACHE_NAME = "WebCacheV01.dat"; //NON-NLS
private static final String EDGE_SPARTAN_NAME = "Spartan.edb"; private static final String EDGE_SPARTAN_NAME = "Spartan.edb"; //NON-NLS
private static final String EDGE_CONTAINTERS_FILE_NAME = "Containers.csv"; private static final String EDGE_CONTAINTERS_FILE_NAME = "Containers.csv"; //NON-NLS
private static final String EDGE_FAVORITE_FILE_NAME = "Favorites.csv"; private static final String EDGE_FAVORITE_FILE_NAME = "Favorites.csv"; //NON-NLS
private static final String EDGE_OUTPUT_FILE_NAME = "Output.txt"; private static final String EDGE_OUTPUT_FILE_NAME = "Output.txt"; //NON-NLS
private static final String EDGE_ERROR_FILE_NAME = "File.txt"; private static final String EDGE_ERROR_FILE_NAME = "File.txt"; //NON-NLS
private static final String ESE_TOOL_FOLDER = "ESEDatabaseView"; private static final String ESE_TOOL_FOLDER = "ESEDatabaseView"; //NON-NLS
private static final String EDGE_RESULT_FOLDER_NAME = "results"; private static final String EDGE_RESULT_FOLDER_NAME = "results"; //NON-NLS
private static final SimpleDateFormat DATE_FORMATTER = new SimpleDateFormat("MM/dd/yyyy hh:mm:ss a"); private static final SimpleDateFormat DATE_FORMATTER = new SimpleDateFormat("MM/dd/yyyy hh:mm:ss a");
@ -107,8 +107,12 @@ final class ExtractEdge extends Extract {
"ExtractEdge_process_errMsg_webcacheFail=Failure processing Microsoft Edge WebCacheV01.dat file", "ExtractEdge_process_errMsg_webcacheFail=Failure processing Microsoft Edge WebCacheV01.dat file",
"ExtractEdge_process_errMsg_spartanFail=Failure processing Microsoft Edge spartan.edb file", "ExtractEdge_process_errMsg_spartanFail=Failure processing Microsoft Edge spartan.edb file",
"ExtractEdge_Module_Name=Microsoft Edge", "ExtractEdge_Module_Name=Microsoft Edge",
"ExtractEdge_getHistory_containerFileNotFound=Error while trying to analyze Edge history",}) "ExtractEdge_getHistory_containerFileNotFound=Error while trying to analyze Edge history",
})
/**
* Extract the bookmarks, cookies, downloads and history from Microsoft Edge
*/
ExtractEdge() throws NoCurrentCaseException { ExtractEdge() throws NoCurrentCaseException {
moduleTempResultPath = Paths.get(RAImageIngestModule.getRATempPath(Case.getCurrentCaseThrows(), EDGE), EDGE_RESULT_FOLDER_NAME); moduleTempResultPath = Paths.get(RAImageIngestModule.getRATempPath(Case.getCurrentCaseThrows(), EDGE), EDGE_RESULT_FOLDER_NAME);
} }
@ -222,7 +226,7 @@ final class ExtractEdge extends Extract {
return; return;
} }
this.getCookie(webCacheFile, resultsDir); this.getCookies(webCacheFile, resultsDir);
// if (context.dataSourceIngestIsCancelled()) { // if (context.dataSourceIngestIsCancelled()) {
// return; // return;
@ -255,7 +259,7 @@ final class ExtractEdge extends Extract {
//Run the dumper //Run the dumper
String tempSpartanFileName = EDGE_WEBCACHE_PREFIX String tempSpartanFileName = EDGE_WEBCACHE_PREFIX
+ Integer.toString((int) spartanFile.getId()) + EDGE_WEBCACHE_EXT; //NON-NLS + Integer.toString((int) spartanFile.getId()) + EDGE_WEBCACHE_EXT;
File tempSpartanFile = new File(RAImageIngestModule.getRATempPath(currentCase, EDGE), tempSpartanFileName); File tempSpartanFile = new File(RAImageIngestModule.getRATempPath(currentCase, EDGE), tempSpartanFileName);
try { try {
@ -275,7 +279,7 @@ final class ExtractEdge extends Extract {
return; return;
} }
this.getBookmark(spartanFile, resultsDir); this.getBookmarks(spartanFile, resultsDir);
} finally { } finally {
tempSpartanFile.delete(); tempSpartanFile.delete();
@ -321,10 +325,10 @@ final class ExtractEdge extends Extract {
} }
if (line.contains(EDGE_KEYWORD_VISIT)) { if (line.contains(EDGE_KEYWORD_VISIT)) {
BlackboardArtifact b = getHistoryArtifact(origFile, headers, line); BlackboardArtifact ba = getHistoryArtifact(origFile, headers, line);
if (b != null) { if (ba != null) {
bbartifacts.add(b); bbartifacts.add(ba);
this.indexArtifact(b); this.indexArtifact(ba);
} }
} }
} }
@ -348,14 +352,14 @@ final class ExtractEdge extends Extract {
* @throws TskCoreException * @throws TskCoreException
* @throws FileNotFoundException * @throws FileNotFoundException
*/ */
private void getBookmark(AbstractFile origFile, File resultDir) throws TskCoreException { private void getBookmarks(AbstractFile origFile, File resultDir) throws TskCoreException {
Scanner fileScanner; Scanner fileScanner;
File favoriteFile = new File(resultDir, EDGE_FAVORITE_FILE_NAME); File favoriteFile = new File(resultDir, EDGE_FAVORITE_FILE_NAME);
try { try {
fileScanner = new Scanner(new FileInputStream(favoriteFile)); fileScanner = new Scanner(new FileInputStream(favoriteFile));
} catch (FileNotFoundException ex) { } catch (FileNotFoundException ex) {
// This is a non-fatial error, if the favorites file is not found // This is a non-fatal error, if the favorites file is not found
// there might have not been any favorites\bookmarks // there might have not been any favorites\bookmarks
return; return;
} }
@ -371,10 +375,10 @@ final class ExtractEdge extends Extract {
continue; continue;
} }
BlackboardArtifact b = getBookmarkArtifact(origFile, headers, line); BlackboardArtifact ba = getBookmarkArtifact(origFile, headers, line);
if (b != null) { if (ba != null) {
bbartifacts.add(b); bbartifacts.add(ba);
this.indexArtifact(b); this.indexArtifact(ba);
} }
} }
} finally { } finally {
@ -395,7 +399,7 @@ final class ExtractEdge extends Extract {
* @param resultDir Output directory of ESEDatabaseViewer * @param resultDir Output directory of ESEDatabaseViewer
* @throws TskCoreException * @throws TskCoreException
*/ */
private void getCookie(AbstractFile origFile, File resultDir) throws TskCoreException { private void getCookies(AbstractFile origFile, File resultDir) throws TskCoreException {
File containerFiles[] = resultDir.listFiles((dir, name) -> name.toLowerCase().contains(EDGE_TABLE_TYPE_COOKIE)); File containerFiles[] = resultDir.listFiles((dir, name) -> name.toLowerCase().contains(EDGE_TABLE_TYPE_COOKIE));
if (containerFiles == null) { if (containerFiles == null) {
@ -422,10 +426,10 @@ final class ExtractEdge extends Extract {
continue; continue;
} }
BlackboardArtifact b = getCookieArtifact(origFile, headers, line); BlackboardArtifact ba = getCookieArtifact(origFile, headers, line);
if (b != null) { if (ba != null) {
bbartifacts.add(b); bbartifacts.add(ba);
this.indexArtifact(b); this.indexArtifact(ba);
} }
} }
} finally { } finally {
@ -448,7 +452,7 @@ final class ExtractEdge extends Extract {
* @throws TskCoreException * @throws TskCoreException
* @throws FileNotFoundException * @throws FileNotFoundException
*/ */
private void getDownload(AbstractFile origFile, File resultDir) throws TskCoreException, FileNotFoundException { private void getDownloads(AbstractFile origFile, File resultDir) throws TskCoreException, FileNotFoundException {
ArrayList<File> downloadFiles = getDownloadFiles(resultDir); ArrayList<File> downloadFiles = getDownloadFiles(resultDir);
if (downloadFiles == null) { if (downloadFiles == null) {
@ -476,10 +480,10 @@ final class ExtractEdge extends Extract {
if (line.contains(EDGE_TABLE_TYPE_DOWNLOAD)) { if (line.contains(EDGE_TABLE_TYPE_DOWNLOAD)) {
BlackboardArtifact b = getDownloadArtifact(origFile, headers, line); BlackboardArtifact ba = getDownloadArtifact(origFile, headers, line);
if (b != null) { if (ba != null) {
bbartifacts.add(b); bbartifacts.add(ba);
this.indexArtifact(b); this.indexArtifact(ba);
} }
} }
} }
@ -498,7 +502,7 @@ final class ExtractEdge extends Extract {
/** /**
* Find the location of ESEDatabaseViewer.exe * Find the location of ESEDatabaseViewer.exe
* *
* @return Absolute path to ESEDatabaseViewer.exe * @return Absolute path to ESEDatabaseViewer.exe or null if the file is not found
*/ */
private String getPathForESEDumper() { private String getPathForESEDumper() {
Path path = Paths.get(ESE_TOOL_FOLDER, ESE_TOOL_NAME); Path path = Paths.get(ESE_TOOL_FOLDER, ESE_TOOL_NAME);
@ -514,25 +518,25 @@ final class ExtractEdge extends Extract {
/** /**
* Finds all of the WebCacheV01.dat files in the case * Finds all of the WebCacheV01.dat files in the case
* *
* @return A list of WebCacheV01.dat files * @return A list of WebCacheV01.dat files, possibly empty if none are found
* @throws TskCoreException * @throws TskCoreException
*/ */
private List<AbstractFile> fetchWebCacheDBFiles() throws TskCoreException { private List<AbstractFile> fetchWebCacheDBFiles() throws TskCoreException {
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager org.sleuthkit.autopsy.casemodule.services.FileManager fileManager
= currentCase.getServices().getFileManager(); = currentCase.getServices().getFileManager();
return fileManager.findFiles(dataSource, EDGE_WEBCACHE_NAME, "WebCache"); return fileManager.findFiles(dataSource, EDGE_WEBCACHE_NAME, "WebCache"); //NON-NLS
} }
/** /**
* Finds all of the spartan.edb files in the case * Finds all of the spartan.edb files in the case
* *
* @return A list of spartan files * @return A list of spartan files, possibly empty if none are found
* @throws TskCoreException * @throws TskCoreException
*/ */
private List<AbstractFile> fetchSpartanDBFiles() throws TskCoreException { private List<AbstractFile> fetchSpartanDBFiles() throws TskCoreException {
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager org.sleuthkit.autopsy.casemodule.services.FileManager fileManager
= currentCase.getServices().getFileManager(); = currentCase.getServices().getFileManager();
return fileManager.findFiles(dataSource, EDGE_SPARTAN_NAME, "MicrosoftEdge"); return fileManager.findFiles(dataSource, EDGE_SPARTAN_NAME, "MicrosoftEdge"); //NON-NLS
} }
/** /**
@ -555,11 +559,11 @@ final class ExtractEdge extends Extract {
List<String> commandLine = new ArrayList<>(); List<String> commandLine = new ArrayList<>();
commandLine.add(dumperPath); commandLine.add(dumperPath);
commandLine.add("/table"); commandLine.add("/table"); //NON-NLS
commandLine.add(inputFilePath); commandLine.add(inputFilePath);
commandLine.add("*"); commandLine.add("*"); //NON-NLS
commandLine.add("/scomma"); commandLine.add("/scomma"); //NON-NLS
commandLine.add(outputDir + "\\" + "*.csv"); commandLine.add(outputDir + "\\" + "*.csv"); //NON-NLS
ProcessBuilder processBuilder = new ProcessBuilder(commandLine); ProcessBuilder processBuilder = new ProcessBuilder(commandLine);
processBuilder.redirectOutput(outputFilePath.toFile()); processBuilder.redirectOutput(outputFilePath.toFile());
@ -675,7 +679,7 @@ final class ExtractEdge extends Extract {
* @param origFile File the table came from ie spartan.edb * @param origFile File the table came from ie spartan.edb
* @param headers List of table column headers * @param headers List of table column headers
* @param line The line or row of the table to parse * @param line The line or row of the table to parse
* @return BlackboardArtifact representation of the passed in line\table row * @return BlackboardArtifact representation of the passed in line\table row or null if no Bookmark is found
* @throws TskCoreException * @throws TskCoreException
*/ */
private BlackboardArtifact getBookmarkArtifact(AbstractFile origFile, List<String> headers, String line) throws TskCoreException { private BlackboardArtifact getBookmarkArtifact(AbstractFile origFile, List<String> headers, String line) throws TskCoreException {
@ -872,17 +876,17 @@ final class ExtractEdge extends Extract {
* Converts a space separated string of hex values to ascii characters. * Converts a space separated string of hex values to ascii characters.
* *
* @param hexString * @param hexString
* @return "decoded" string * @return "decoded" string or null if a non-hex value was found
*/ */
private String hexToChar(String hexString) { private String hexToChar(String hexString) {
String[] hexValues = hexString.split(" "); String[] hexValues = hexString.split(" ");
StringBuilder output = new StringBuilder(); StringBuilder output = new StringBuilder();
for (String s : hexValues) { for (String str : hexValues) {
try { try {
int i = Integer.parseInt(s, 16); int value = Integer.parseInt(str, 16);
if (i > 31) { // Ignore non-print characters if (value > 31) { // Ignore non-print characters
output.append((char) i); output.append((char) value);
} }
} catch (NumberFormatException ex) { } catch (NumberFormatException ex) {
return null; return null;
@ -953,11 +957,11 @@ final class ExtractEdge extends Extract {
* *
* @param resultDir Path to ESEDatabaseViewer output * @param resultDir Path to ESEDatabaseViewer output
* @param type Type of table files * @param type Type of table files
* @return List of table files * @return List of table files returns null if no files of that type are found
* @throws FileNotFoundException * @throws FileNotFoundException
*/ */
private ArrayList<File> getContainerFiles(File resultDir, String type) throws FileNotFoundException { private ArrayList<File> getContainerFiles(File resultDir, String type) throws FileNotFoundException {
Hashtable<String, ArrayList<String>> idTable = getContainerIDTable(resultDir); HashMap<String, ArrayList<String>> idTable = getContainerIDTable(resultDir);
ArrayList<String> idList = idTable.get(type); ArrayList<String> idList = idTable.get(type);
if (idList == null) { if (idList == null) {
@ -965,8 +969,8 @@ final class ExtractEdge extends Extract {
} }
ArrayList<File> fileList = new ArrayList<>(); ArrayList<File> fileList = new ArrayList<>();
for (String s : idList) { for (String str : idList) {
String fileName = EDGE_CONTAINER_FILE_PREFIX + s + EDGE_CONTAINER_FILE_EXT; String fileName = EDGE_CONTAINER_FILE_PREFIX + str + EDGE_CONTAINER_FILE_EXT;
fileList.add(new File(resultDir, fileName)); fileList.add(new File(resultDir, fileName));
} }
@ -981,16 +985,16 @@ final class ExtractEdge extends Extract {
* files. * files.
* *
* @param resultDir Path to ESEDatabaseViewer output * @param resultDir Path to ESEDatabaseViewer output
* @return Hashtable with Key representing the table type, the value is a list of table ids for that type * @return Hashmap with Key representing the table type, the value is a list of table ids for that type
*/ */
private Hashtable<String, ArrayList<String>> getContainerIDTable(File resultDir) throws FileNotFoundException { private HashMap<String, ArrayList<String>> getContainerIDTable(File resultDir) throws FileNotFoundException {
if (containersTable == null) { if (containersTable == null) {
File containerFile = new File(resultDir, EDGE_CONTAINTERS_FILE_NAME); File containerFile = new File(resultDir, EDGE_CONTAINTERS_FILE_NAME);
try (Scanner fileScanner = new Scanner(new FileInputStream(containerFile))) { try (Scanner fileScanner = new Scanner(new FileInputStream(containerFile))) {
List<String> headers = null; List<String> headers = null;
containersTable = new Hashtable<>(); containersTable = new HashMap<>();
int nameIdx = 0; int nameIdx = 0;
int idIdx = 0; int idIdx = 0;
while (fileScanner.hasNext()) { while (fileScanner.hasNext()) {