mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 16:06:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' of github.com:sleuthkit/autopsy into 7592-analysisResultsScore

Browse Source
This commit is contained in:
Greg DiCristofaro 2021-05-20 12:43:29 -04:00
commit 21c5f02fe8
10 changed files with 913 additions and 587 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/OtherOccurrencesPanel.java
View File

@ -130,7 +130,7 @@ public final class OtherOccurrencesPanel extends javax.swing.JPanel {
exportToCSVMenuItem.addActionListener(actList);
showCaseDetailsMenuItem.addActionListener(actList);
showCommonalityMenuItem.addActionListener(actList);
filesTable.setComponentPopupMenu(rightClickPopupMenu);
// Configure column sorting.
TableRowSorter<TableModel> sorter = new TableRowSorter<>(filesTable.getModel());
filesTable.setRowSorter(sorter);
@ -380,7 +380,6 @@ public final class OtherOccurrencesPanel extends javax.swing.JPanel {
int totalCount = 0;
Set<String> dataSources = new HashSet<>();
if (CentralRepository.isEnabled()) {
try {
List<CorrelationAttributeInstance> instances;
instances = CentralRepository.getInstance().getArtifactInstancesByTypeValue(aType, value);
@ -395,12 +394,12 @@ public final class OtherOccurrencesPanel extends javax.swing.JPanel {
// - the data source device ID is different
// - the file path is different
if (artifactInstance.getCorrelationCase().getCaseUUID().equals(caseUUID)
|| (!StringUtils.isBlank(dataSourceName) && artifactInstance.getCorrelationDataSource().getName().equals(dataSourceName))
|| (!StringUtils.isBlank(deviceId) && artifactInstance.getCorrelationDataSource().getDeviceID().equals(deviceId))
|| (file != null && artifactInstance.getFilePath().equalsIgnoreCase(file.getParentPath() + file.getName()))) {
correlationAttributes.add(artifactInstance);
&& (!StringUtils.isBlank(dataSourceName) && artifactInstance.getCorrelationDataSource().getName().equals(dataSourceName))
&& (!StringUtils.isBlank(deviceId) && artifactInstance.getCorrelationDataSource().getDeviceID().equals(deviceId))
&& (file != null && artifactInstance.getFilePath().equalsIgnoreCase(file.getParentPath() + file.getName()))) {
continue;
}
correlationAttributes.add(artifactInstance);
OtherOccurrenceNodeInstanceData newNode = new OtherOccurrenceNodeInstanceData(artifactInstance, aType, value);
UniquePathKey uniquePathKey = new UniquePathKey(newNode);
nodeDataMap.put(uniquePathKey, newNode);
@ -510,7 +509,7 @@ public final class OtherOccurrencesPanel extends javax.swing.JPanel {
* artifact. If the central repo is not enabled, this will only return files
* from the current case with matching MD5 hashes.
*
* @param corAttr CorrelationAttribute to query for
* @param corAttr CorrelationAttribute to query for
*
* @return A collection of correlated artifact instances
*/
@ -533,9 +532,9 @@ public final class OtherOccurrencesPanel extends javax.swing.JPanel {
// - the data source device ID is different
// - the file path is different
if (artifactInstance.getCorrelationCase().getCaseUUID().equals(caseUUID)
|| (!StringUtils.isBlank(dataSourceName) && artifactInstance.getCorrelationDataSource().getName().equals(dataSourceName))
|| (!StringUtils.isBlank(deviceId) && artifactInstance.getCorrelationDataSource().getDeviceID().equals(deviceId))
|| (file != null && artifactInstance.getFilePath().equalsIgnoreCase(file.getParentPath() + file.getName()))) {
&& (!StringUtils.isBlank(dataSourceName) && artifactInstance.getCorrelationDataSource().getName().equals(dataSourceName))
&& (!StringUtils.isBlank(deviceId) && artifactInstance.getCorrelationDataSource().getDeviceID().equals(deviceId))
&& (file != null && artifactInstance.getFilePath().equalsIgnoreCase(file.getParentPath() + file.getName()))) {
continue;
}
OtherOccurrenceNodeInstanceData newNode = new OtherOccurrenceNodeInstanceData(artifactInstance, corAttr.getCorrelationType(), corAttr.getCorrelationValue());

212
Core/src/org/sleuthkit/autopsy/corecomponents/DataContentPanel.java
View File

@ -1,15 +1,15 @@
/*
* Autopsy Forensic Browser
*
*
* Copyright 2011-2018 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*
* http://www.apache.org/licenses/LICENSE-2.0
*
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@ -23,8 +23,10 @@ import java.beans.PropertyChangeEvent;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.concurrent.ExecutionException;
import java.util.logging.Level;
import javax.swing.JTabbedPane;
import javax.swing.SwingWorker;
import javax.swing.event.ChangeEvent;
import javax.swing.event.ChangeListener;
import org.openide.nodes.Node;
@ -49,6 +51,8 @@ public class DataContentPanel extends javax.swing.JPanel implements DataContent,
private final boolean isMain;
private boolean listeningToTabbedPane = false;
private DataContentPanelWorker workerThread;
/**
* Creates new DataContentPanel panel The main data content panel can only
* be created by the data content top component, thus this constructor is
@ -132,43 +136,54 @@ public class DataContentPanel extends javax.swing.JPanel implements DataContent,
public void setNode(Node selectedNode) {
// change the cursor to "waiting cursor" for this operation
this.setCursor(Cursor.getPredefinedCursor(Cursor.WAIT_CURSOR));
try {
String defaultName = NbBundle.getMessage(DataContentTopComponent.class, "CTL_DataContentTopComponent");
// set the file path
if (selectedNode == null) {
setName(defaultName);
} else {
Content content = selectedNode.getLookup().lookup(Content.class);
if (content != null) {
//String path = DataConversion.getformattedPath(ContentUtils.getDisplayPath(selectedNode.getLookup().lookup(Content.class)), 0);
String path = defaultName;
try {
path = content.getUniquePath();
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Exception while calling Content.getUniquePath() for {0}", content); //NON-NLS
}
setName(path);
} else {
setName(defaultName);
// Reset everything
for (int index = 0; index < jTabbedPane1.getTabCount(); index++) {
jTabbedPane1.setEnabledAt(index, false);
viewers.get(index).resetComponent();
}
String defaultName = NbBundle.getMessage(DataContentTopComponent.class, "CTL_DataContentTopComponent");
// set the file path
if (selectedNode == null) {
setName(defaultName);
} else {
Content content = selectedNode.getLookup().lookup(Content.class);
if (content != null) {
//String path = DataConversion.getformattedPath(ContentUtils.getDisplayPath(selectedNode.getLookup().lookup(Content.class)), 0);
String path = defaultName;
try {
path = content.getUniquePath();
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Exception while calling Content.getUniquePath() for {0}", content); //NON-NLS
}
setName(path);
} else {
setName(defaultName);
}
}
currentNode = selectedNode;
currentNode = selectedNode;
setupTabs(selectedNode);
} finally {
this.setCursor(null);
if (workerThread != null) {
workerThread.cancel(true);
}
if (selectedNode != null) {
workerThread = new DataContentPanelWorker(currentNode);
workerThread.execute();
}
}
/**
* Resets the tabs based on the selected Node. If the selected node is null
* or not supported, disable that tab as well.
* Update the state of the tabs based on the given data.
*
* @param selectedNode the selected content Node
* @param selectedNode The currently selected node.
* @param supportedIndices The indices of the tabs that are supported by
* this node type.
* @param preferredIndex The index of the tab which is preferred.
*/
public void setupTabs(Node selectedNode) {
private void updateTabs(Node selectedNode, List<Integer> supportedIndices, int preferredIndex) {
// Deferring becoming a listener to the tabbed pane until this point
// eliminates handling a superfluous stateChanged event during construction.
if (listeningToTabbedPane == false) {
@ -176,31 +191,12 @@ public class DataContentPanel extends javax.swing.JPanel implements DataContent,
listeningToTabbedPane = true;
}
int currTabIndex = jTabbedPane1.getSelectedIndex();
int totalTabs = jTabbedPane1.getTabCount();
int maxPreferred = 0;
int preferredViewerIndex = 0;
for (int i = 0; i < totalTabs; ++i) {
UpdateWrapper dcv = viewers.get(i);
dcv.resetComponent();
// disable an unsupported tab (ex: picture viewer)
if ((selectedNode == null) || (dcv.isSupported(selectedNode) == false)) {
jTabbedPane1.setEnabledAt(i, false);
} else {
jTabbedPane1.setEnabledAt(i, true);
// remember the viewer with the highest preference value
int currentPreferred = dcv.isPreferred(selectedNode);
if (currentPreferred > maxPreferred) {
preferredViewerIndex = i;
maxPreferred = currentPreferred;
}
}
for (Integer index : supportedIndices) {
jTabbedPane1.setEnabledAt(index, true);
}
// let the user decide if we should stay with the current viewer
int tabIndex = UserPreferences.keepPreferredContentViewer() ? currTabIndex : preferredViewerIndex;
int tabIndex = UserPreferences.keepPreferredContentViewer() ? jTabbedPane1.getSelectedIndex() : preferredIndex;
UpdateWrapper dcv = viewers.get(tabIndex);
// this is really only needed if no tabs were enabled
@ -272,4 +268,116 @@ public class DataContentPanel extends javax.swing.JPanel implements DataContent,
}
}
/**
* SwingWorker class to determine which tabs should be enabled for the given
* node.
*/
private class DataContentPanelWorker extends SwingWorker<WorkerResults, Void> {
private final Node node;
/**
* Worker constructor.
*
* @param node
*/
DataContentPanelWorker(Node node) {
this.node = node;
}
@Override
protected WorkerResults doInBackground() throws Exception {
if (node == null) {
return null;
}
List<Integer> supportedViewers = new ArrayList<>();
int preferredViewerIndex = 0;
int maxPreferred = 0;
for (int index = 0; index < viewers.size(); index++) {
UpdateWrapper dcv = viewers.get(index);
if (dcv.isSupported(node)) {
supportedViewers.add(index);
int currentPreferred = dcv.isPreferred(node);
if (currentPreferred > maxPreferred) {
preferredViewerIndex = index;
maxPreferred = currentPreferred;
}
}
if (this.isCancelled()) {
return null;
}
}
return new WorkerResults(node, supportedViewers, preferredViewerIndex);
}
@Override
protected void done() {
// Do nothing if the thread was cancelled.
if (isCancelled()) {
return;
}
try {
WorkerResults results = get();
if (results != null) {
updateTabs(results.getNode(), results.getSupportedIndices(), results.getPreferredViewerIndex());
}
} catch (InterruptedException | ExecutionException ex) {
logger.log(Level.SEVERE, "Failed to updated data content panel for node " + node.getName(), ex);
} finally {
setCursor(Cursor.getPredefinedCursor(Cursor.DEFAULT_CURSOR));
}
}
}
/**
* Utility class to store all of the data the SwingWorker collected.
*/
private class WorkerResults {
private final Node node;
private final List<Integer> supportedViewerIndices;
private final int preferredViewerIndex;
WorkerResults(Node node, List<Integer> supportedViewerIndices, int preferredViewerIndex) {
this.node = node;
this.supportedViewerIndices = supportedViewerIndices;
this.preferredViewerIndex = preferredViewerIndex;
}
/**
* Returns the selected node.
*
* @return
*/
Node getNode() {
return node;
}
/**
* A list of tab indices that are supported by this node type.
*
* @return A list of indices.
*/
List<Integer> getSupportedIndices() {
return supportedViewerIndices;
}
/**
* Returns the preferred tab index for the given node type.
*
* @return A valid tab index.
*/
int getPreferredViewerIndex() {
return preferredViewerIndex;
}
}
}

1
Core/src/org/sleuthkit/autopsy/datamodel/HashsetHits.java
View File

@ -179,7 +179,6 @@ public class HashsetHits implements AutopsyVisitableItem {
TSK_HASHSET_HIT);
super.setName(HASHSET_HITS);
super.setDisplayName(DISPLAY_NAME);
this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/hashset_hits.png"); //NON-NLS
}

18
Core/src/org/sleuthkit/autopsy/report/infrastructure/ArtifactSelectionDialog.java
View File

@ -72,20 +72,10 @@ class ArtifactSelectionDialog extends javax.swing.JDialog {
private void populateList() {
try {
ArrayList<BlackboardArtifact.Type> doNotReport = new ArrayList<>();
doNotReport.add(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getLabel(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getDisplayName()));
doNotReport.add(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_TOOL_OUTPUT.getTypeID(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_TOOL_OUTPUT.getLabel(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_TOOL_OUTPUT.getDisplayName())); // output is too unstructured for table review
doNotReport.add(new BlackboardArtifact.Type(
BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT.getTypeID(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT.getLabel(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT.getDisplayName()));
doNotReport.add(new BlackboardArtifact.Type(
BlackboardArtifact.ARTIFACT_TYPE.TSK_TL_EVENT.getTypeID(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_TL_EVENT.getLabel(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_TL_EVENT.getDisplayName()));
doNotReport.add(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO));
doNotReport.add(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_TOOL_OUTPUT)); // output is too unstructured for table review
doNotReport.add(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT));
doNotReport.add(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_TL_EVENT));
artifactTypes = Case.getCurrentCaseThrows().getSleuthkitCase().getArtifactTypesInUse();
artifactTypes.removeAll(doNotReport);

18
Core/src/org/sleuthkit/autopsy/report/infrastructure/ReportVisualPanel2.java
View File

@ -200,20 +200,10 @@ final class ReportVisualPanel2 extends JPanel {
try {
Case openCase = Case.getCurrentCaseThrows();
ArrayList<BlackboardArtifact.Type> doNotReport = new ArrayList<>();
doNotReport.add(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getLabel(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getDisplayName()));
doNotReport.add(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_TOOL_OUTPUT.getTypeID(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_TOOL_OUTPUT.getLabel(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_TOOL_OUTPUT.getDisplayName())); // output is too unstructured for table review
doNotReport.add(new BlackboardArtifact.Type(
BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT.getTypeID(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT.getLabel(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT.getDisplayName()));
doNotReport.add(new BlackboardArtifact.Type(
BlackboardArtifact.ARTIFACT_TYPE.TSK_TL_EVENT.getTypeID(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_TL_EVENT.getLabel(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_TL_EVENT.getDisplayName()));
doNotReport.add(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO));
doNotReport.add(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_TOOL_OUTPUT)); // output is too unstructured for table review
doNotReport.add(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT));
doNotReport.add(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_TL_EVENT));
// get artifact types that exist in the current case
artifacts = openCase.getSleuthkitCase().getArtifactTypesInUse();

18
Core/src/org/sleuthkit/autopsy/report/infrastructure/TableReportGenerator.java
View File

@ -102,20 +102,10 @@ class TableReportGenerator {
private void getAllExistingArtiactTypes() throws NoCurrentCaseException, TskCoreException {
// get all possible artifact types
ArrayList<BlackboardArtifact.Type> doNotReport = new ArrayList<>();
doNotReport.add(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getLabel(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getDisplayName()));
doNotReport.add(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_TOOL_OUTPUT.getTypeID(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_TOOL_OUTPUT.getLabel(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_TOOL_OUTPUT.getDisplayName())); // output is too unstructured for table review
doNotReport.add(new BlackboardArtifact.Type(
BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT.getTypeID(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT.getLabel(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT.getDisplayName()));
doNotReport.add(new BlackboardArtifact.Type(
BlackboardArtifact.ARTIFACT_TYPE.TSK_TL_EVENT.getTypeID(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_TL_EVENT.getLabel(),
BlackboardArtifact.ARTIFACT_TYPE.TSK_TL_EVENT.getDisplayName()));
doNotReport.add(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO));
doNotReport.add(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_TOOL_OUTPUT)); // output is too unstructured for table review
doNotReport.add(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT));
doNotReport.add(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_TL_EVENT));
Case.getCurrentCaseThrows().getSleuthkitCase().getArtifactTypes().forEach(artifactTypes::add);
artifactTypes.removeAll(doNotReport);

2
Core/test/unit/src/org/sleuthkit/autopsy/datasourcesummary/datamodel/DataSourceInfoUtilitiesTest.java
View File

@ -287,7 +287,7 @@ public class DataSourceInfoUtilitiesTest {
@Test
public void getArtifacts_failOnBytes() throws TskCoreException {
testFailOnBadAttrType(
new BlackboardArtifact.Type(999, "BYTE_ARRAY_TYPE", "Byte Array Type"),
BlackboardArtifact.Type.TSK_YARA_HIT,
new BlackboardAttribute.Type(999, "BYTE_ARR_ATTR_TYPE", "Byte Array Attribute Type", TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.BYTE),
new byte[]{0x0, 0x1, 0x2},
BlackboardAttribute::new);

2
Core/test/unit/src/org/sleuthkit/autopsy/datasourcesummary/datamodel/UserActivitySummaryTest.java
View File

@ -353,7 +353,7 @@ public class UserActivitySummaryTest {
List<TopDeviceAttachedResult> results = summary.getRecentDevices(dataSource, 10);
Assert.assertEquals(1, results.size());
Assert.assertEquals((long) (DAY_SECONDS + 2), results.get(0).getLastAccessed().getTime() / 1000);
Assert.assertEquals((DAY_SECONDS + 2), results.get(0).getLastAccessed().getTime() / 1000);
Assert.assertTrue("ID1".equalsIgnoreCase(results.get(0).getDeviceId()));
Assert.assertTrue("MAKE1".equalsIgnoreCase(results.get(0).getDeviceMake()));
Assert.assertTrue("MODEL1".equalsIgnoreCase(results.get(0).getDeviceModel()));

2
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -631,7 +631,7 @@ class ExtractRegistry extends Extract {
case "InstallDate": //NON-NLS
if (value != null && !value.isEmpty()) {
try {
installtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy", US).parse(value).getTime();
installtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyyZ", US).parse(value+"+0000").getTime();
String Tempdate = installtime.toString();
installtime = Long.valueOf(Tempdate) / MS_IN_SEC;
} catch (ParseException e) {

1208
test/script/tskdbdiff.py
View File

File diff suppressed because it is too large Load Diff