mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-19 19:14:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' of github.com:sleuthkit/autopsy into 7365-domainCategorization

Browse Source
This commit is contained in:
Greg DiCristofaro 2021-03-15 09:57:58 -04:00
commit 224b55de06
2 changed files with 31 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
Core/src/org/sleuthkit/autopsy/datamodel/OsAccounts.java
View File

@ -24,6 +24,7 @@ import java.text.SimpleDateFormat;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
import java.util.EnumSet;
import java.util.List; import java.util.List;
import java.util.Optional; import java.util.Optional;
import java.util.logging.Level; import java.util.logging.Level;
@ -52,7 +53,7 @@ public final class OsAccounts implements AutopsyVisitableItem {
private static final String ICON_PATH = "org/sleuthkit/autopsy/images/os-account.png"; private static final String ICON_PATH = "org/sleuthkit/autopsy/images/os-account.png";
private static final SimpleDateFormat DATE_FORMATTER = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss z"); private static final SimpleDateFormat DATE_FORMATTER = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss z");
private final SleuthkitCase skCase; private SleuthkitCase skCase;
private final long filteringDSObjId; private final long filteringDSObjId;
public OsAccounts(SleuthkitCase skCase) { public OsAccounts(SleuthkitCase skCase) {
@ -112,34 +113,46 @@ public final class OsAccounts implements AutopsyVisitableItem {
private final PropertyChangeListener listener = new PropertyChangeListener() { private final PropertyChangeListener listener = new PropertyChangeListener() {
@Override @Override
public void propertyChange(PropertyChangeEvent evt) { public void propertyChange(PropertyChangeEvent evt) {
refresh(true); String eventType = evt.getPropertyName();
if(eventType.equals(Case.Events.OS_ACCOUNT_ADDED.toString())) {
refresh(true);
} else if (eventType.equals(Case.Events.CURRENT_CASE.toString())) {
// case was closed. Remove listeners so that we don't get called with a stale case handle
if (evt.getNewValue() == null) {
removeNotify();
skCase = null;
}
}
} }
}; };
@Override @Override
protected void addNotify() { protected void addNotify() {
Case.addEventTypeSubscriber(Collections.singleton(Case.Events.OS_ACCOUNT_ADDED), listener); Case.addEventTypeSubscriber(Collections.singleton(Case.Events.OS_ACCOUNT_ADDED), listener);
Case.addEventTypeSubscriber(EnumSet.of(Case.Events.CURRENT_CASE), listener);
} }
@Override @Override
protected void removeNotify() { protected void removeNotify() {
Case.removeEventTypeSubscriber(Collections.singleton(Case.Events.OS_ACCOUNT_ADDED), listener); Case.removeEventTypeSubscriber(Collections.singleton(Case.Events.OS_ACCOUNT_ADDED), listener);
Case.removeEventTypeSubscriber(EnumSet.of(Case.Events.CURRENT_CASE), listener);
} }
@Override @Override
protected boolean createKeys(List<OsAccount> list) { protected boolean createKeys(List<OsAccount> list) {
try { if(skCase != null) {
if (filteringDSObjId == 0) { try {
list.addAll(skCase.getOsAccountManager().getAccounts()); if (filteringDSObjId == 0) {
} else { list.addAll(skCase.getOsAccountManager().getAccounts());
Host host = skCase.getHostManager().getHost(skCase.getDataSource(filteringDSObjId)); } else {
list.addAll(skCase.getOsAccountManager().getAccounts(host)); Host host = skCase.getHostManager().getHost(skCase.getDataSource(filteringDSObjId));
list.addAll(skCase.getOsAccountManager().getAccounts(host));
}
} catch (TskCoreException | TskDataException ex) {
logger.log(Level.SEVERE, "Unable to retrieve list of OsAccounts for case", ex);
return false;
} }
} catch (TskCoreException | TskDataException ex) {
logger.log(Level.SEVERE, "Unable to retrieve list of OsAccounts for case", ex);
return false;
} }
return true; return true;
} }

6
test/script/tskdbdiff.py
View File

@ -444,6 +444,7 @@ def normalize_db_entry(line, files_table, vs_parts_table, vs_info_table, fs_info
ig_groups_seen_index = line.find('INSERT INTO "image_gallery_groups_seen"') > -1 or line.find('INSERT INTO image_gallery_groups_seen ') > -1 ig_groups_seen_index = line.find('INSERT INTO "image_gallery_groups_seen"') > -1 or line.find('INSERT INTO image_gallery_groups_seen ') > -1
os_account_index = line.find('INSERT INTO "tsk_os_accounts"') > -1 or line.find('INSERT INTO tsk_os_accounts') > -1 os_account_index = line.find('INSERT INTO "tsk_os_accounts"') > -1 or line.find('INSERT INTO tsk_os_accounts') > -1
os_account_attr_index = line.find('INSERT INTO "tsk_os_account_attributes"') > -1 or line.find('INSERT INTO tsk_os_account_attributes') > -1 os_account_attr_index = line.find('INSERT INTO "tsk_os_account_attributes"') > -1 or line.find('INSERT INTO tsk_os_account_attributes') > -1
os_account_instances_index = line.find('INSERT INTO "tsk_os_account_instances"') > -1 or line.find('INSERT INTO tsk_os_account_instances') > -1
parens = line[line.find('(') + 1 : line.rfind(')')] parens = line[line.find('(') + 1 : line.rfind(')')]
no_space_parens = parens.replace(" ", "") no_space_parens = parens.replace(" ", "")
@ -664,6 +665,11 @@ def normalize_db_entry(line, files_table, vs_parts_table, vs_info_table, fs_info
fields_list[3] = "NULL" fields_list[3] = "NULL"
newLine = ('INSERT INTO "tsk_os_account_attributes" VALUES(' + ','.join(fields_list[1:]) + ');') # remove id newLine = ('INSERT INTO "tsk_os_account_attributes" VALUES(' + ','.join(fields_list[1:]) + ');') # remove id
return newLine return newLine
elif os_account_instances_index:
os_account_id = int(fields_list[1])
fields_list[1] = accounts_table[os_account_id]
newLine = ('INSERT INTO "tsk_os_account_instances" VALUES(' + ','.join(fields_list[1:]) + ');') # remove id
return newLine
else: else:
return line return line