diff --git a/CoreUtils/src/org/sleuthkit/autopsy/coreutils/Bundle.properties b/CoreUtils/src/org/sleuthkit/autopsy/coreutils/Bundle.properties index fbb4be8eb9..5c940ab92f 100644 --- a/CoreUtils/src/org/sleuthkit/autopsy/coreutils/Bundle.properties +++ b/CoreUtils/src/org/sleuthkit/autopsy/coreutils/Bundle.properties @@ -1 +1,7 @@ +#Updated by build script +#Thu, 10 May 2012 15:47:15 -0700 OpenIDE-Module-Name=CoreUtils + +app.name=Autopsy +app.version=20120510 +build.type=DEVELOPMENT diff --git a/RecentActivity/nbproject/genfiles.properties b/RecentActivity/nbproject/genfiles.properties index 9e5bb239dc..ac6636ed07 100644 --- a/RecentActivity/nbproject/genfiles.properties +++ b/RecentActivity/nbproject/genfiles.properties @@ -1,8 +1,8 @@ -build.xml.data.CRC32=dacaa05a +build.xml.data.CRC32=f4b57a2d build.xml.script.CRC32=d323407a -build.xml.stylesheet.CRC32=a56c6a5b@1.46.1 +build.xml.stylesheet.CRC32=a56c6a5b@1.46.2 # This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml. # Do not edit this file. You may delete it but then the IDE will never regenerate such files for you. -nbproject/build-impl.xml.data.CRC32=dacaa05a +nbproject/build-impl.xml.data.CRC32=f4b57a2d nbproject/build-impl.xml.script.CRC32=aef16a21 -nbproject/build-impl.xml.stylesheet.CRC32=238281d1@1.46.1 +nbproject/build-impl.xml.stylesheet.CRC32=238281d1@1.46.2 diff --git a/RecentActivity/nbproject/project.properties b/RecentActivity/nbproject/project.properties index c2587f0f66..87fc09e95f 100644 --- a/RecentActivity/nbproject/project.properties +++ b/RecentActivity/nbproject/project.properties @@ -1,5 +1,6 @@ file.reference.gson-2.1.jar=release/modules/ext/gson-2.1.jar file.reference.jdom-1.1.2.jar=release/modules/ext/jdom-1.1.2.jar file.reference.sqlite-jdbc-3.7.6.3-20110609.081603-3.jar=release/modules/ext/sqlite-jdbc-3.7.6.3-20110609.081603-3.jar +is.autoload=true javac.source=1.6 javac.compilerargs=-Xlint -Xlint:-serial diff --git a/RecentActivity/nbproject/project.xml b/RecentActivity/nbproject/project.xml index c6387afb84..8b4a1e91da 100644 --- a/RecentActivity/nbproject/project.xml +++ b/RecentActivity/nbproject/project.xml @@ -178,14 +178,10 @@ 0.0 - - org.sleuthkit.autopsy.report - - 1.0 - - - + + org.sleuthkit.autopsy.recentactivity + ext/sqlite-jdbc-3.7.6.3-20110609.081603-3.jar release/modules/ext/sqlite-jdbc-3.7.6.3-20110609.081603-3.jar diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties index fc21672edd..3e1a5cd2cb 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties @@ -1,3 +1,4 @@ +OpenIDE-Module-Display-Category=Java OpenIDE-Module-Name=RecentActivity RecentActivityTopComponent.makeNodesButton.text=Get Recent Activity RecentActivityTopComponent.jLabel1.text=Filter Options diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java index 8c08e45054..09e122d799 100755 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java @@ -1,8 +1,25 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.recentactivity; + import com.google.gson.JsonArray; import com.google.gson.JsonElement; import com.google.gson.JsonObject; @@ -25,398 +42,414 @@ import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; + /** * * @author Alex */ - - public class Chrome { - - public static final String chquery = "SELECT urls.url, urls.title, urls.visit_count, urls.typed_count, " - + "last_visit_time, urls.hidden, visits.visit_time, (SELECT urls.url FROM urls WHERE urls.id=visits.url) as from_visit, visits.transition FROM urls, visits WHERE urls.id = visits.url"; - public static final String chcookiequery = "select name, value, host_key, expires_utc,last_access_utc, creation_utc from cookies"; - public static final String chbookmarkquery = "SELECT starred.title, urls.url, starred.date_added, starred.date_modified, urls.typed_count,urls._last_visit_time FROM starred INNER JOIN urls ON urls.id = starred.url_id"; - public static final String chdownloadquery = "select full_path, url, start_time, received_bytes from downloads"; - public static final String chloginquery = "select origin_url, username_value, signon_realm from logins"; - private final Logger logger = Logger.getLogger(this.getClass().getName()); - public int ChromeCount = 0; - - public Chrome(){ - - } - - public void getchdb(List image, IngestImageWorkerController controller){ - - try - { + public static final String chquery = "SELECT urls.url, urls.title, urls.visit_count, urls.typed_count, " + + "last_visit_time, urls.hidden, visits.visit_time, (SELECT urls.url FROM urls WHERE urls.id=visits.url) as from_visit, visits.transition FROM urls, visits WHERE urls.id = visits.url"; + public static final String chcookiequery = "select name, value, host_key, expires_utc,last_access_utc, creation_utc from cookies"; + public static final String chbookmarkquery = "SELECT starred.title, urls.url, starred.date_added, starred.date_modified, urls.typed_count,urls._last_visit_time FROM starred INNER JOIN urls ON urls.id = starred.url_id"; + public static final String chdownloadquery = "select full_path, url, start_time, received_bytes from downloads"; + public static final String chloginquery = "select origin_url, username_value, signon_realm from logins"; + private final Logger logger = Logger.getLogger(this.getClass().getName()); + public int ChromeCount = 0; + + public Chrome() { + } + + public void getchdb(List image, IngestImageWorkerController controller) { + + try { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - List FFSqlitedb; - Map kvs = new LinkedHashMap(); + List FFSqlitedb = null; + Map kvs = new LinkedHashMap(); String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; + } + } + + try { + ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'History' and name NOT LIKE '%journal%' AND parent_path LIKE '%Chrome%'" + allFS); + FFSqlitedb = tempDb.resultSetToFsContents(rs); + ChromeCount = FFSqlitedb.size(); + rs.close(); + rs.getStatement().close(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); } - - ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'History' and name NOT LIKE '%journal%' AND parent_path LIKE '%Chrome%'" + allFS); - FFSqlitedb = tempDb.resultSetToFsContents(rs); - ChromeCount = FFSqlitedb.size(); - - rs.close(); - rs.getStatement().close(); int j = 0; - while (j < FFSqlitedb.size()) + if(FFSqlitedb != null && !FFSqlitedb.isEmpty()) { + while (j < FFSqlitedb.size()) { String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"; String connectionString = "jdbc:sqlite:" + temps; - ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); + try { + ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to write to disk.{0}", ex); + } File dbFile = new File(temps); - if (controller.isCancelled() ) { - dbFile.delete(); - break; - } - try - { - dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString); - ResultSet temprs = tempdbconnect.executeQry(chquery); - - while(temprs.next()) - { - String domain = Util.extractDomain(temprs.getString("url")); - BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); - Collection bbattributes = new ArrayList(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","",temprs.getString("url"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Accessed",(temprs.getLong("last_visit_time")/10000))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),"RecentActivity","",temprs.getString("from_visit"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),"RecentActivity","",((temprs.getString("title") != null) ? temprs.getString("title") : ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",domain)); - bbart.addAttributes(bbattributes); - - } - tempdbconnect.closeConnection(); - temprs.close(); - - } - catch (Exception ex) - { - logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); - } - - j++; - dbFile.delete(); - } - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); - } - catch (SQLException ex) - { - logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); - } - catch(IOException ioex) - { - logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex); - } - - //COOKIES section - // This gets the cookie info - try - { - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) - allFS += " AND (0"; - allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) - allFS += ")"; - } - List FFSqlitedb; - ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE '%Cookies%' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS); - FFSqlitedb = tempDb.resultSetToFsContents(rs); - - rs.close(); - rs.getStatement().close(); - int j = 0; - - while (j < FFSqlitedb.size()) - { - String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"; - String connectionString = "jdbc:sqlite:" + temps; - ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); - File dbFile = new File(temps); - if (controller.isCancelled() ) { - dbFile.delete(); - break; - } - try - { - dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString); - ResultSet temprs = tempdbconnect.executeQry(chcookiequery); - while(temprs.next()) - { - BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE); - Collection bbattributes = new ArrayList(); - String domain = temprs.getString("host_key"); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host_key"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(),"RecentActivity", "Last Visited",(temprs.getLong("last_access_utc")/10000))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),"RecentActivity", "",temprs.getString("value"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","Title",((temprs.getString("name") != null) ? temprs.getString("name") : ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",domain)); - bbart.addAttributes(bbattributes); - } - tempdbconnect.closeConnection(); - temprs.close(); - - } - catch (Exception ex) - { - logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); - } + if (controller.isCancelled()) { + dbFile.delete(); + break; + } + try { + dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString); + ResultSet temprs = tempdbconnect.executeQry(chquery); + + while (temprs.next()) { + try { + String domain = Util.extractDomain(temprs.getString("url")); + BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); + Collection bbattributes = new ArrayList(); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("url"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Accessed", (temprs.getLong("last_visit_time") / 10000))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), "RecentActivity", "", temprs.getString("from_visit"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "", ((temprs.getString("title") != null) ? temprs.getString("title") : ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Chrome")); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain)); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to insert BB artifact.{0}", ex); + } + + } + tempdbconnect.closeConnection(); + temprs.close(); + + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); + } + j++; dbFile.delete(); } - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE)); + } + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); } - catch (SQLException ex) - { - logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); - } - catch(IOException ioex) - { - logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex); - } - - //BOokmarks section - // This gets the bm info - try - { + + + //COOKIES section + // This gets the cookie info + try { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + String allFS = new String(); + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; + } + } + List FFSqlitedb = null; + try { + ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE '%Cookies%' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS); + FFSqlitedb = tempDb.resultSetToFsContents(rs); + rs.close(); + rs.getStatement().close(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); } - List FFSqlitedb; - ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'Bookmarks' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS); - FFSqlitedb = tempDb.resultSetToFsContents(rs); - rs.close(); - rs.getStatement().close(); - int j = 0; - - while (j < FFSqlitedb.size()) + if(FFSqlitedb != null && !FFSqlitedb.isEmpty()) { + while (j < FFSqlitedb.size()) { String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"; - - ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); + String connectionString = "jdbc:sqlite:" + temps; + try { + ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to write IO.{0}", ex); + } File dbFile = new File(temps); - if (controller.isCancelled() ) { - dbFile.delete(); - break; - } - try - { - + if (controller.isCancelled()) { + dbFile.delete(); + break; + } + try { + dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString); + ResultSet temprs = tempdbconnect.executeQry(chcookiequery); + while (temprs.next()) { + try { + BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE); + Collection bbattributes = new ArrayList(); + String domain = temprs.getString("host_key"); + domain = domain.replaceFirst("^\\.+(?!$)", ""); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host_key"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Last Visited", (temprs.getLong("last_access_utc") / 10000))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", "", temprs.getString("value"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "Title", ((temprs.getString("name") != null) ? temprs.getString("name") : ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Chrome")); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain)); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + } + tempdbconnect.closeConnection(); + temprs.close(); + + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); + } + j++; + dbFile.delete(); + } + } + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE)); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); + } + + + //BOokmarks section + // This gets the bm info + try { + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase tempDb = currentCase.getSleuthkitCase(); + String allFS = new String(); + for (int i = 0; i < image.size(); i++) { + if (i == 0) { + allFS += " AND (0"; + } + allFS += " OR fs_obj_id = '" + image.get(i) + "'"; + if (i == image.size() - 1) { + allFS += ")"; + } + } + List FFSqlitedb = null; + try { + ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'Bookmarks' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS); + FFSqlitedb = tempDb.resultSetToFsContents(rs); + rs.close(); + rs.getStatement().close(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + int j = 0; + if(FFSqlitedb != null && !FFSqlitedb.isEmpty()) + { + while (j < FFSqlitedb.size()) { + String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"; + try { + ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to write IO {0}", ex); + } + File dbFile = new File(temps); + if (controller.isCancelled()) { + dbFile.delete(); + break; + } + try { + final JsonParser parser = new JsonParser(); - JsonElement jsonElement = parser.parse(new FileReader(temps)); + JsonElement jsonElement = parser.parse(new FileReader(temps)); JsonObject test = jsonElement.getAsJsonObject(); JsonObject whatever = test.get("roots").getAsJsonObject(); JsonObject whatever2 = whatever.get("bookmark_bar").getAsJsonObject(); JsonArray whatever3 = whatever2.getAsJsonArray("children"); - - // JsonArray results = parser.parse(new FileReader(temps)).getAsJsonObject().getAsJsonArray("roots").getAsJsonObject().getAsJsonArray("bookmark_bar").get(0).getAsJsonObject().getAsJsonArray("children"); - for (JsonElement result : whatever3) { - - JsonObject address = result.getAsJsonObject(); - String url = address.get("url").getAsString(); - String name = address.get("name").getAsString(); - Long date = address.get("date_added").getAsLong(); - String domain = Util.extractDomain(url); - BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK); - Collection bbattributes = new ArrayList(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",(date/10000))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",url)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","",name)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",domain)); - bbart.addAttributes(bbattributes); - } + for (JsonElement result : whatever3) { + try { + JsonObject address = result.getAsJsonObject(); + String url = address.get("url").getAsString(); + String name = address.get("name").getAsString(); + Long date = address.get("date_added").getAsLong(); + String domain = Util.extractDomain(url); + BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK); + Collection bbattributes = new ArrayList(); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", (date / 10000))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", url)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "", name)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Chrome")); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain)); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to insert BB artifact{0}", ex); + } + } - - } - catch (Exception ex) - { - logger.log(Level.WARNING, "Error while trying to read into the Bookmarks for Chrome." + ex); - } + + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into the Bookmarks for Chrome." + ex); + } j++; dbFile.delete(); } - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); + } + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); } - catch (SQLException ex) - { - logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); - } - catch(IOException ioex) - { - logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex); - } - - //Downloads section - // This gets the downloads info - try - { + + + //Downloads section + // This gets the downloads info + try { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - List FFSqlitedb; - String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + List FFSqlitedb = null; + String allFS = new String(); + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; + } + } + try { + ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'History' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS); + FFSqlitedb = tempDb.resultSetToFsContents(rs); + rs.close(); + rs.getStatement().close(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); } - ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'History' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS); - FFSqlitedb = tempDb.resultSetToFsContents(rs); - rs.close(); - rs.getStatement().close(); - int j = 0; - - while (j < FFSqlitedb.size()) + if(FFSqlitedb != null && !FFSqlitedb.isEmpty()) { + while (j < FFSqlitedb.size()) { String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"; String connectionString = "jdbc:sqlite:" + temps; - ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); + try { + ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } File dbFile = new File(temps); - if (controller.isCancelled() ) { - dbFile.delete(); - break; - } - try - { - dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString); - ResultSet temprs = tempdbconnect.executeQry(chdownloadquery); - while(temprs.next()) - { - BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD); - Collection bbattributes = new ArrayList(); - String domain = Util.extractDomain(temprs.getString("url")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",(temprs.getLong("start_time")/10000))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",((temprs.getString("url") != null) ? temprs.getString("url") : ""))); - //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "Recent Activity", "", temprs.getString("full_path"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(),"RecentActivity","",Util.findID(temprs.getString("full_path")))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",domain)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome")); - bbart.addAttributes(bbattributes); - - } - tempdbconnect.closeConnection(); - temprs.close(); - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD)); - - } - catch (Exception ex) - { - logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); - } + if (controller.isCancelled()) { + dbFile.delete(); + break; + } + try { + dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString); + ResultSet temprs = tempdbconnect.executeQry(chdownloadquery); + while (temprs.next()) { + try { + BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD); + Collection bbattributes = new ArrayList(); + String domain = Util.extractDomain(temprs.getString("url")); + Long time = temprs.getLong("start_time"); + String Tempdate = time.toString() + "000"; + time = Long.valueOf(Tempdate); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", time)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", ((temprs.getString("url") != null) ? temprs.getString("url") : ""))); + //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "Recent Activity", "", temprs.getString("full_path"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(), "RecentActivity", "", Util.findID(temprs.getString("full_path")))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Chrome")); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + + } + tempdbconnect.closeConnection(); + temprs.close(); + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD)); + + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); + } j++; dbFile.delete(); } + } + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); } - catch (SQLException ex) - { - logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); - } - catch(IOException ioex) - { - logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex); - } - - //Login/Password section - // This gets the user info - try - { + + + //Login/Password section + // This gets the user info + try { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + String allFS = new String(); + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; + } + } + List FFSqlitedb = null; + try { + ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'signons.sqlite' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS); + FFSqlitedb = tempDb.resultSetToFsContents(rs); + rs.close(); + rs.getStatement().close(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); } - List FFSqlitedb; - ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'signons.sqlite' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS); - FFSqlitedb = tempDb.resultSetToFsContents(rs); - rs.close(); - rs.getStatement().close(); - int j = 0; - - while (j < FFSqlitedb.size()) + if(FFSqlitedb != null && !FFSqlitedb.isEmpty()) { + while (j < FFSqlitedb.size()) { String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"; String connectionString = "jdbc:sqlite:" + temps; - ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); + try { + ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } File dbFile = new File(temps); - if (controller.isCancelled() ) { - dbFile.delete(); - break; - } - try - { - dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString); - ResultSet temprs = tempdbconnect.executeQry(chloginquery); - while(temprs.next()) - { - BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); - Collection bbattributes = new ArrayList(); - //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getString("start_time"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",((temprs.getString("origin_url") != null) ? temprs.getString("origin_url") : ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USERNAME.getTypeID(), "RecentActivity","", ((temprs.getString("username_value") != null) ? temprs.getString("username_value").replaceAll("'", "''") : ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "Recent Activity", "", temprs.getString("signon_realm"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",Util.extractDomain(((temprs.getString("origin_url") != null) ? temprs.getString("origin_url") : "")))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome")); - bbart.addAttributes(bbattributes); - - } - tempdbconnect.closeConnection(); - temprs.close(); - - } - catch (Exception ex) - { - logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); - } + if (controller.isCancelled()) { + dbFile.delete(); + break; + } + try { + dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString); + ResultSet temprs = tempdbconnect.executeQry(chloginquery); + while (temprs.next()) { + try { + BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); + Collection bbattributes = new ArrayList(); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", ((temprs.getString("origin_url") != null) ? temprs.getString("origin_url") : ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USERNAME.getTypeID(), "RecentActivity", "", ((temprs.getString("username_value") != null) ? temprs.getString("username_value").replaceAll("'", "''") : ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "Recent Activity", "", temprs.getString("signon_realm"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", Util.extractDomain(((temprs.getString("origin_url") != null) ? temprs.getString("origin_url") : "")))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Chrome")); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + } + tempdbconnect.closeConnection(); + temprs.close(); + + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); + } j++; dbFile.delete(); } - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); + } + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); } - catch (SQLException ex) - { - logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); - } - catch(IOException ioex) - { - logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex); - } - + } } diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java index 630799456a..3fe84d144e 100755 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java @@ -1,15 +1,17 @@ -/* + /* + * * Autopsy Forensic Browser - * - * Copyright 2011 Basis Technology Corp. - * Contact: carrier sleuthkit org - * + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -27,7 +29,6 @@ import java.io.IOException; import java.sql.ResultSet; //Util Imports -import java.sql.SQLException; import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.ArrayList; @@ -43,9 +44,7 @@ import java.util.regex.Pattern; // TSK Imports import org.openide.modules.InstalledFileLocator; -import org.openide.util.Exceptions; import org.sleuthkit.autopsy.casemodule.Case; -import org.sleuthkit.autopsy.coreutils.PlatformUtil; import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.datamodel.DataConversion; import org.sleuthkit.autopsy.datamodel.KeyValue; @@ -59,7 +58,7 @@ import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.FsContent; import org.sleuthkit.datamodel.SleuthkitCase; -import org.sleuthkit.datamodel.TskException; +import org.sleuthkit.autopsy.coreutils.PlatformUtil; public class ExtractIE { // implements BrowserActivity { @@ -68,223 +67,231 @@ public class ExtractIE { // implements BrowserActivity { private String favoriteQuery = "select * from `tsk_files` where parent_path LIKE '%/Favorites%' and name LIKE '%.url'"; private String cookiesQuery = "select * from `tsk_files` where parent_path LIKE '%/Cookies%' and name LIKE '%.txt'"; private String recentQuery = "select * from `tsk_files` where parent_path LIKE '%/Recent%' and name LIKE '%.lnk'"; - private String JAVA_PATH = "java"; //sleauthkit db handle SleuthkitCase tempDb; - //paths set in init() private String PASCO_RESULTS_PATH; private String PASCO_LIB_PATH; - + private String JAVA_PATH; //Results List to be referenced/used outside the class public ArrayList> PASCO_RESULTS_LIST = new ArrayList>(); //Look Up Table that holds Pasco2 results private HashMap PASCO_RESULTS_LUT; private KeyValue IE_PASCO_LUT = new KeyValue(BrowserType.IE.name(), BrowserType.IE.getType()); public LinkedHashMap IE_OBJ; - - boolean pascoFound = false; public ExtractIE(List image, IngestImageWorkerController controller) { init(image, controller); - + //Favorites section - // This gets the favorite info - try - { + // This gets the favorite info + try { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; + } + } + List FavoriteList = new ArrayList(); + try { + ResultSet rs = tempDb.runQuery(favoriteQuery + allFS); + FavoriteList = tempDb.resultSetToFsContents(rs); + rs.close(); + rs.getStatement().close(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); } - List FavoriteList; - ResultSet rs = tempDb.runQuery(favoriteQuery + allFS); - FavoriteList = tempDb.resultSetToFsContents(rs); - rs.close(); - rs.getStatement().close(); - - for(FsContent Favorite : FavoriteList) - { - if (controller.isCancelled() ) { - break; - } + for (FsContent Favorite : FavoriteList) { + if (controller.isCancelled()) { + break; + } Content fav = Favorite; byte[] t = new byte[(int) fav.getSize()]; final int bytesRead = fav.read(t, 0, fav.getSize()); String bookmarkString = new String(t); - String re1=".*?"; // Non-greedy match on filler - String re2="((?:http|https)(?::\\/{2}[\\w]+)(?:[\\/|\\.]?)(?:[^\\s\"]*))"; // HTTP URL 1 + String re1 = ".*?"; // Non-greedy match on filler + String re2 = "((?:http|https)(?::\\/{2}[\\w]+)(?:[\\/|\\.]?)(?:[^\\s\"]*))"; // HTTP URL 1 String url = ""; - Pattern p = Pattern.compile(re1+re2,Pattern.CASE_INSENSITIVE | Pattern.DOTALL); + Pattern p = Pattern.compile(re1 + re2, Pattern.CASE_INSENSITIVE | Pattern.DOTALL); Matcher m = p.matcher(bookmarkString); - if (m.find()) - { - url = m.group(1); + if (m.find()) { + url = m.group(1); } String name = Favorite.getName(); - String datetime = Favorite.getCrtimeAsDate(); - String domain = Util.extractDomain(url); - BlackboardArtifact bbart = Favorite.newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK); - Collection bbattributes = new ArrayList(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",datetime)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",url)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","",name)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Internet Explorer")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",domain)); - bbart.addAttributes(bbattributes); - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); - + Long datetime = Favorite.getCrtime(); + String Tempdate = datetime.toString() + "000"; + datetime = Long.valueOf(Tempdate); + String domain = Util.getBaseDomain(url); + try { + BlackboardArtifact bbart = Favorite.newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK); + Collection bbattributes = new ArrayList(); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", datetime)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", url)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "", name)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Internet Explorer")); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain)); + bbart.addAttributes(bbattributes); + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + } - } - catch(TskException ex) - { + } catch (Exception ex) { logger.log(Level.WARNING, "Error while trying to retrieve content from the TSK .", ex); } - catch(SQLException ioex) - { - logger.log(Level.WARNING, "Error while trying to retrieve files from the TSK .", ioex); - } - - //Cookies section - // This gets the cookies info - try - { + + + //Cookies section + // This gets the cookies info + try { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; + } + } + List CookiesList = new ArrayList(); + try { + ResultSet rs = tempDb.runQuery(cookiesQuery + allFS); + CookiesList = tempDb.resultSetToFsContents(rs); + rs.close(); + rs.getStatement().close(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); } - List CookiesList; - ResultSet rs = tempDb.runQuery(cookiesQuery + allFS); - CookiesList = tempDb.resultSetToFsContents(rs); - rs.close(); - rs.getStatement().close(); - - for(FsContent Cookie : CookiesList) - { - if (controller.isCancelled() ) { - break; - } + for (FsContent Cookie : CookiesList) { + if (controller.isCancelled()) { + break; + } Content fav = Cookie; byte[] t = new byte[(int) fav.getSize()]; final int bytesRead = fav.read(t, 0, fav.getSize()); String cookieString = new String(t); - - String[] values = cookieString.split("\n"); + + String[] values = cookieString.split("\n"); String url = values.length > 2 ? values[2] : ""; String value = values.length > 1 ? values[1] : ""; String name = values.length > 0 ? values[0] : ""; - String datetime = Cookie.getCrtimeAsDate(); - String domain = Util.extractDomain(url); - BlackboardArtifact bbart = Cookie.newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE); - Collection bbattributes = new ArrayList(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", url)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(),"RecentActivity", "Last Visited",datetime)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),"RecentActivity", "",value)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","Title",(name != null) ? name : "")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Internet Explorer")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",domain)); - bbart.addAttributes(bbattributes); - + Long datetime = Cookie.getCrtime(); + String Tempdate = datetime.toString() + "000"; + datetime = Long.valueOf(Tempdate); + String domain = url; + domain = domain.replaceFirst("^\\.+(?!$)", ""); + domain = domain.replaceFirst("/", ""); + try { + BlackboardArtifact bbart = Cookie.newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE); + Collection bbattributes = new ArrayList(); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", url)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Last Visited", datetime)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", "", value)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "Title", (name != null) ? name : "")); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Internet Explorer")); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain)); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + } - - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE)); - } - catch(TskException ex) - { + + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE)); + } catch (Exception ex) { logger.log(Level.WARNING, "Error while trying to retrieve content from the TSK .", ex); } - catch(SQLException ioex) - { - logger.log(Level.WARNING, "Error while trying to retrieve files from the TSK .", ioex); - } - - - //Recent Documents section - // This gets the recent object info - try - { + + + + //Recent Documents section + // This gets the recent object info + try { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; + } } - List RecentList; + List RecentList = new ArrayList(); - ResultSet rs = tempDb.runQuery(recentQuery + allFS); - RecentList = tempDb.resultSetToFsContents(rs); - rs.close(); - rs.getStatement().close(); - - for(FsContent Recent : RecentList) - { - if (controller.isCancelled() ) { - break; - } + try { + ResultSet rs = tempDb.runQuery(recentQuery + allFS); + RecentList = tempDb.resultSetToFsContents(rs); + rs.close(); + rs.getStatement().close(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + + for (FsContent Recent : RecentList) { + if (controller.isCancelled()) { + break; + } Content fav = Recent; - - byte[] t = new byte[(int) fav.getSize()]; + + byte[] t = new byte[(int) fav.getSize()]; int bytesRead = 0; if (fav.getSize() > 0) { bytesRead = fav.read(t, 0, fav.getSize()); // read the data - } - - - // set the data on the bottom and show it - - String recentString = new String(); - - - if (bytesRead > 0) { - recentString = DataConversion.getString(t, bytesRead, 4); } - + // set the data on the bottom and show it + String recentString = new String(); + + + if (bytesRead > 0) { + recentString = DataConversion.getString(t, bytesRead, 4); + } + + String path = Util.getPath(recentString); String name = Util.getFileName(path); - String datetime = Recent.getCrtimeAsDate(); - BlackboardArtifact bbart = Recent.newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT); - Collection bbattributes = new ArrayList(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(),"RecentActivity","Last Visited",path)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","",name)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(),"RecentActivity","",Util.findID(path))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(),"RecentActivity","Date Created",datetime)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Windows Explorer")); - bbart.addAttributes(bbattributes); - + Long datetime = Recent.getCrtime(); + String Tempdate = datetime.toString() + "000"; + datetime = Long.valueOf(Tempdate); + try { + BlackboardArtifact bbart = Recent.newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT); + Collection bbattributes = new ArrayList(); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "RecentActivity", "Last Visited", path)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "", name)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(), "RecentActivity", "", Util.findID(path))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Date Created", datetime)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Windows Explorer")); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + } - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT)); - - } - catch(TskException ex) - { + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT)); + + } catch (Exception ex) { logger.log(Level.WARNING, "Error while trying to retrieve content from the TSK .", ex); } - catch(SQLException ioex) - { - logger.log(Level.WARNING, "Error while trying to retrieve files from the TSK .", ioex); - } - - + + + } //@Override @@ -297,46 +304,50 @@ public class ExtractIE { // implements BrowserActivity { final String caseDir = Case.getCurrentCase().getCaseDirectory(); PASCO_RESULTS_PATH = Case.getCurrentCase().getTempDirectory() + File.separator + "results"; JAVA_PATH = PlatformUtil.getJavaPath(); - if(JAVA_PATH == null || JAVA_PATH.isEmpty()) - { + if (JAVA_PATH.isEmpty() || JAVA_PATH == null) { JAVA_PATH = "java"; } logger.log(Level.INFO, "Pasco results path: " + PASCO_RESULTS_PATH); - - final File pascoRoot = InstalledFileLocator.getDefault().locate("pasco2", ExtractIE.class.getPackage().getName(), false); - if (pascoRoot == null) { - logger.log(Level.SEVERE, "Pasco2 not found"); - pascoFound = false; - return; - } - else { - pascoFound = true; - } - + + final File pascoRoot = InstalledFileLocator.getDefault().locate("pasco2", ExtractIE.class.getPackage().getName(), false); + if (pascoRoot == null) { + logger.log(Level.SEVERE, "Pasco2 not found"); + pascoFound = false; + return; + } else { + pascoFound = true; + } + final String pascoHome = pascoRoot.getAbsolutePath(); logger.log(Level.INFO, "Pasco2 home: " + pascoHome); - - PASCO_LIB_PATH = pascoHome + File.separator + "pasco2.jar" + File.pathSeparator - + pascoHome + File.separator + "*"; + + PASCO_LIB_PATH = pascoHome + File.separator + "pasco2.jar" + File.pathSeparator + + pascoHome + File.separator + "*"; try { File resultsDir = new File(PASCO_RESULTS_PATH); resultsDir.mkdirs(); - Collection FsContentCollection; + Collection FsContentCollection = null; tempDb = currentCase.getSleuthkitCase(); String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; + } + } + try { + ResultSet rs = tempDb.runQuery(indexDatQueryStr + allFS); + FsContentCollection = tempDb.resultSetToFsContents(rs); + rs.close(); + rs.getStatement().close(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); } - ResultSet rs = tempDb.runQuery(indexDatQueryStr + allFS); - FsContentCollection = tempDb.resultSetToFsContents(rs); - rs.close(); - rs.getStatement().close(); String temps; String indexFileName; @@ -346,22 +357,21 @@ public class ExtractIE { // implements BrowserActivity { // index.dat (i.e. index0.dat, index1.dat,..., indexN.dat) // Write each index.dat file to a temp directory. //BlackboardArtifact bbart = fsc.newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); - indexFileName = "index" + Integer.toString((int)fsc.getId()) + ".dat"; + indexFileName = "index" + Integer.toString((int) fsc.getId()) + ".dat"; //indexFileName = "index" + Long.toString(bbart.getArtifactID()) + ".dat"; temps = currentCase.getTempDirectory() + File.separator + indexFileName; File datFile = new File(temps); - if (controller.isCancelled() ) { - datFile.delete(); - break; - } + if (controller.isCancelled()) { + datFile.delete(); + break; + } try { ContentUtils.writeToFile(fsc, datFile); - } - catch (IOException e) { + } catch (IOException e) { logger.log(Level.WARNING, "Error while trying to write index.dat file " + datFile.getAbsolutePath(), e); } - boolean bPascProcSuccess = executePasco(temps, (int)fsc.getId()); + boolean bPascProcSuccess = executePasco(temps, (int) fsc.getId()); //At this point pasco2 proccessed the index files. //Now fetch the results, parse them and the delete the files. @@ -374,9 +384,9 @@ public class ExtractIE { // implements BrowserActivity { } catch (Exception ioex) { logger.log(Level.SEVERE, "Error while trying to write index.dat files.", ioex); } - + //bookmarks - + //cookies } @@ -384,8 +394,9 @@ public class ExtractIE { // implements BrowserActivity { // TODO: Hardcoded command args/path needs to be removed. Maybe set some constants and set env variables for classpath // I'm not happy with this code. Can't stand making a system call, is not an acceptable solution but is a hack for now. private boolean executePasco(String indexFilePath, int fileIndex) { - if (pascoFound == false) + if (pascoFound == false) { return false; + } boolean success = true; try { @@ -397,9 +408,9 @@ public class ExtractIE { // implements BrowserActivity { command.append(" -T history"); command.append(" \"").append(indexFilePath).append("\""); command.append(" > \"").append(PASCO_RESULTS_PATH).append("\\pasco2Result.").append(Integer.toString(fileIndex)).append(".txt\""); - // command.add(" > " + "\"" + PASCO_RESULTS_PATH + File.separator + Long.toString(bbId) + "\""); + // command.add(" > " + "\"" + PASCO_RESULTS_PATH + File.separator + Long.toString(bbId) + "\""); String cmd = command.toString(); - JavaSystemCaller.Exec.execute("\"\"" + JAVA_PATH + "\" "+cmd+ "\""); + JavaSystemCaller.Exec.execute("\"" + JAVA_PATH + " " + cmd + "\""); } catch (Exception e) { success = false; @@ -410,8 +421,9 @@ public class ExtractIE { // implements BrowserActivity { } public void parsePascoResults() { - if (pascoFound == false) + if (pascoFound == false) { return; + } // First thing we want to do is check to make sure the results directory // is not empty. File rFile = new File(PASCO_RESULTS_PATH); @@ -427,8 +439,8 @@ public class ExtractIE { // implements BrowserActivity { if (pascoFiles.length > 0) { try { for (File file : pascoFiles) { - String fileName = file.getName(); - long artObjId = Long.parseLong(fileName.substring(fileName.indexOf(".")+1, fileName.lastIndexOf("."))); + String fileName = file.getName(); + long artObjId = Long.parseLong(fileName.substring(fileName.indexOf(".") + 1, fileName.lastIndexOf("."))); //bbartname = bbartname.substring(0, 4); // Make sure the file the is not empty or the Scanner will @@ -439,7 +451,7 @@ public class ExtractIE { // implements BrowserActivity { fileScanner.nextLine(); fileScanner.nextLine(); fileScanner.nextLine(); - // long inIndexId = 0; + // long inIndexId = 0; while (fileScanner.hasNext()) { //long bbartId = Long.parseLong(bbartname + inIndexId++); @@ -455,56 +467,58 @@ public class ExtractIE { // implements BrowserActivity { try { String[] lineBuff = line.split("\\t"); PASCO_RESULTS_LUT = new HashMap(); - String url[] = lineBuff[1].split("@",2); + String url[] = lineBuff[1].split("@", 2); String ddtime = lineBuff[2]; String actime = lineBuff[3]; - Long ftime = (long)0; + Long ftime = (long) 0; String user = ""; String realurl = ""; String domain = ""; - if(url.length > 1) - { - user = url[0]; - user = user.replace("Visited:", ""); - user = user.replace(":Host:", ""); - user = user.replaceAll("(:)(.*?)(:)", ""); - user = user.trim(); - realurl = url[1]; - realurl = realurl.replace("Visited:", ""); - realurl = realurl.replaceAll(":(.*?):", ""); - realurl = realurl.replace(":Host:", ""); - realurl = realurl.trim(); - domain = Util.extractDomain(realurl); - } - if(!ddtime.isEmpty()){ - ddtime = ddtime.replace("T"," "); - ddtime = ddtime.substring(ddtime.length()-5); - } - if(!actime.isEmpty()){ - try{ - Long epochtime = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'").parse(actime).getTime(); - ftime = epochtime.longValue(); + if (url.length > 1) { + user = url[0]; + user = user.replace("Visited:", ""); + user = user.replace(":Host:", ""); + user = user.replaceAll("(:)(.*?)(:)", ""); + user = user.trim(); + realurl = url[1]; + realurl = realurl.replace("Visited:", ""); + realurl = realurl.replaceAll(":(.*?):", ""); + realurl = realurl.replace(":Host:", ""); + realurl = realurl.trim(); + domain = Util.getBaseDomain(realurl); } - catch(ParseException e){ - logger.log(Level.SEVERE, "ExtractIE::parsePascosResults() -> ", e.getMessage()); + if (!ddtime.isEmpty()) { + ddtime = ddtime.replace("T", " "); + ddtime = ddtime.substring(ddtime.length() - 5); } - } - + if (!actime.isEmpty()) { + try { + Long epochtime = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'").parse(actime).getTime(); + ftime = epochtime.longValue(); + } catch (ParseException e) { + logger.log(Level.SEVERE, "ExtractIE::parsePascosResults() -> ", e.getMessage()); + } + } + // TODO: Need to fix this so we have the right obj_id - BlackboardArtifact bbart = tempDb.getContentById(artObjId).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); - Collection bbattributes = new ArrayList(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", realurl)); - - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "", ftime)); - - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), "RecentActivity", "", "")); - - // bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "", ddtime)); - - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Internet Explorer")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",domain)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USERNAME.getTypeID(),"RecentActivity","",user)); - bbart.addAttributes(bbattributes); + try { + BlackboardArtifact bbart = tempDb.getContentById(artObjId).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); + Collection bbattributes = new ArrayList(); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", realurl)); + + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "", ftime)); + + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), "RecentActivity", "", "")); + + // bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "", ddtime)); + + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Internet Explorer")); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USERNAME.getTypeID(), "RecentActivity", "", user)); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } //KeyValueThing //This will be redundant in terms IE.name() because of @@ -514,9 +528,9 @@ public class ExtractIE { // implements BrowserActivity { IE_PASCO_LUT.addMap(IE_OBJ); PASCO_RESULTS_LIST.add(PASCO_RESULTS_LUT); - } catch (TskException ex) { - Exceptions.printStackTrace(ex); - } + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } } } @@ -530,7 +544,7 @@ public class ExtractIE { // implements BrowserActivity { } } - - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); + + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); } } diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java index e6a6df1ab1..94b27c0041 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java @@ -4,22 +4,14 @@ */ package org.sleuthkit.autopsy.recentactivity; -import java.io.BufferedReader; import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStreamReader; -import java.io.StringReader; +import java.io.*; import java.sql.ResultSet; -import java.sql.SQLException; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Iterator; -import java.util.List; -import java.util.Scanner; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.*; import java.util.logging.Level; import java.util.logging.Logger; -import org.apache.commons.lang3.StringEscapeUtils; import org.jdom.Document; import org.jdom.Element; import org.jdom.input.SAXBuilder; @@ -27,15 +19,9 @@ import org.openide.modules.InstalledFileLocator; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; -import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; -import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; -import org.sleuthkit.datamodel.Content; -import org.sleuthkit.datamodel.FsContent; -import org.sleuthkit.datamodel.SleuthkitCase; - - +import org.sleuthkit.datamodel.*; /** * @@ -43,271 +29,262 @@ import org.sleuthkit.datamodel.SleuthkitCase; */ public class ExtractRegistry { - public Logger logger = Logger.getLogger(this.getClass().getName()); - private String RR_PATH; - boolean rrFound = false; - private int sysid; - ExtractRegistry(){ + public Logger logger = Logger.getLogger(this.getClass().getName()); + private String RR_PATH; + boolean rrFound = false; + private int sysid; + + ExtractRegistry() { final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false); - if (rrRoot == null) { - logger.log(Level.SEVERE, "RegRipper not found"); - rrFound = false; - return; - } - else { - rrFound = true; - } - try{ - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - ResultSet artset = tempDb.runQuery("SELECT * from blackboard_artifact_types WHERE type_name = 'TSK_SYS_INFO'"); - - while (artset.next()){ - sysid = artset.getInt("artifact_type_id"); - } - } - catch(Exception e){ - - } + if (rrRoot == null) { + logger.log(Level.SEVERE, "RegRipper not found"); + rrFound = false; + return; + } else { + rrFound = true; + } +// try { +// Case currentCase = Case.getCurrentCase(); // get the most updated case +// SleuthkitCase tempDb = currentCase.getSleuthkitCase(); +// ResultSet artset = tempDb.runQuery("SELECT * from blackboard_artifact_types WHERE type_name = 'TSK_SYS_INFO'"); +// +// while (artset.next()) { +// sysid = artset.getInt("artifact_type_id"); +// } +// } catch (Exception e) { +// } final String rrHome = rrRoot.getAbsolutePath(); logger.log(Level.INFO, "RegRipper home: " + rrHome); - - RR_PATH = rrHome + File.separator + "rip.exe"; + + RR_PATH = rrHome + File.separator + "rip.exe"; } - - - -public void getregistryfiles(List image, IngestImageWorkerController controller){ - try - { + + public void getregistryfiles(List image, IngestImageWorkerController controller) { + try { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + String allFS = new String(); + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; + } } - List Regfiles; - ResultSet rs = tempDb.runQuery("select * from tsk_files where lower(name) = 'ntuser.dat' OR lower(parent_path) LIKE '%/system32/config%' and (name LIKE 'system' OR name LIKE 'software' OR name = 'SECURITY' OR name = 'SAM' OR name = 'default')" + allFS); - Regfiles = tempDb.resultSetToFsContents(rs); - + List Regfiles = new ArrayList(); + try { + ResultSet rs = tempDb.runQuery("select * from tsk_files where lower(name) = 'ntuser.dat' OR lower(parent_path) LIKE '%/system32/config%' and (name LIKE 'system' OR name LIKE 'software' OR name = 'SECURITY' OR name = 'SAM' OR name = 'default')" + allFS); + Regfiles = tempDb.resultSetToFsContents(rs); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + int j = 0; - - while (j < Regfiles.size()) - { + + while (j < Regfiles.size()) { boolean Success; Content orgFS = Regfiles.get(j); long orgId = orgFS.getId(); String temps = currentCase.getTempDirectory() + "\\" + Regfiles.get(j).getName().toString(); - ContentUtils.writeToFile(Regfiles.get(j), new File(currentCase.getTempDirectory() + "\\" + Regfiles.get(j).getName())); + try { + ContentUtils.writeToFile(Regfiles.get(j), new File(currentCase.getTempDirectory() + "\\" + Regfiles.get(j).getName())); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } File regFile = new File(temps); - - String txtPath = executeRegRip(temps, j); - if(txtPath.length() > 0) - { - Success = parseReg(txtPath,orgId); - } - else - { - Success = false; - } - //At this point pasco2 proccessed the index files. - //Now fetch the results, parse them and the delete the files. - if(Success) - { - //Delete dat file since it was succcessful - regFile.delete(); - } - j++; - - - - } - } - catch (SQLException ex) - { - logger.log(Level.WARNING, "Error while trying to get Registry files", ex); - } - catch(IOException ioex) - { - logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex); - } -} + String txtPath = executeRegRip(temps, j); + if (txtPath.length() > 0) { + Success = parseReg(txtPath, orgId); + } else { + Success = false; + } + //At this point pasco2 proccessed the index files. + //Now fetch the results, parse them and the delete the files. + if (Success) { + //Delete dat file since it was succcessful + regFile.delete(); + } + j++; + + } + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to get Registry files", ex); + } + + } // TODO: Hardcoded command args/path needs to be removed. Maybe set some constants and set env variables for classpath // I'm not happy with this code. Can't stand making a system call, is not an acceptable solution but is a hack for now. - private String executeRegRip(String regFilePath, int fileIndex) - { - String txtPath = regFilePath + Integer.toString(fileIndex) + ".txt"; - String type = ""; - + private String executeRegRip(String regFilePath, int fileIndex) { + String txtPath = regFilePath + Integer.toString(fileIndex) + ".txt"; + String type = ""; - try - { - - if(regFilePath.toLowerCase().contains("system")) - { - type = "autopsysystem"; - } - if(regFilePath.toLowerCase().contains("software")) - { - type = "autopsysoftware"; - } - if(regFilePath.toLowerCase().contains("ntuser")) - { - type = "autopsy"; - } - if(regFilePath.toLowerCase().contains("default")) - { - type = "1default"; - } - if(regFilePath.toLowerCase().contains("sam")) - { - type = "1sam"; - } - if(regFilePath.toLowerCase().contains("security")) - { - type = "1security"; - } - String command = "\"" + RR_PATH + "\" -r \"" + regFilePath +"\" -f " + type + " > \"" + txtPath + "\" 2> NUL"; - JavaSystemCaller.Exec.execute("\""+command + "\""); - + try { - } - catch(Exception e) - { - - logger.log(Level.SEVERE, "ExtractRegistry::executeRegRip() -> " ,e.getMessage() ); - } + if (regFilePath.toLowerCase().contains("system")) { + type = "autopsysystem"; + } + if (regFilePath.toLowerCase().contains("software")) { + type = "autopsysoftware"; + } + if (regFilePath.toLowerCase().contains("ntuser")) { + type = "autopsy"; + } + if (regFilePath.toLowerCase().contains("default")) { + type = "1default"; + } + if (regFilePath.toLowerCase().contains("sam")) { + type = "1sam"; + } + if (regFilePath.toLowerCase().contains("security")) { + type = "1security"; + } - return txtPath; + String command = "\"" + RR_PATH + "\" -r \"" + regFilePath + "\" -f " + type + " > \"" + txtPath + "\" 2> NUL"; + JavaSystemCaller.Exec.execute("\"" + command + "\""); + + + } catch (Exception e) { + + logger.log(Level.SEVERE, "ExtractRegistry::executeRegRip() -> ", e.getMessage()); + } + + return txtPath; } - - - private boolean parseReg(String regRecord, long orgId) - { + + private boolean parseReg(String regRecord, long orgId) { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - - try { - File regfile = new File(regRecord); - - FileInputStream fstream = new FileInputStream(regfile); - InputStreamReader fstreamReader = new InputStreamReader(fstream, "UTF-8"); - BufferedReader input = new BufferedReader(fstreamReader); - //logger.log(Level.INFO, "using encoding " + fstreamReader.getEncoding()); - String regString = new Scanner(input).useDelimiter("\\Z").next(); - regfile.delete(); - String startdoc = ""; - String result = regString.replaceAll("----------------------------------------",""); - result = result.replaceAll("\\n", ""); - result = result.replaceAll("\\r",""); - result = result.replaceAll("'","'"); - result = result.replaceAll("&", "&"); - String enddoc = ""; - String stringdoc = startdoc + result + enddoc; - SAXBuilder sb = new SAXBuilder(); - Document document = sb.build(new StringReader(stringdoc)); - Element root = document.getRootElement(); - List types = root.getChildren(); - Iterator iterator = types.iterator(); - //for(int i = 0; i < types.size(); i++) - //for(Element tempnode : types) + + try { + File regfile = new File(regRecord); + FileInputStream fstream = new FileInputStream(regfile); + InputStreamReader fstreamReader = new InputStreamReader(fstream, "UTF-8"); + BufferedReader input = new BufferedReader(fstreamReader); + //logger.log(Level.INFO, "using encoding " + fstreamReader.getEncoding()); + String regString = new Scanner(input).useDelimiter("\\Z").next(); + regfile.delete(); + String startdoc = ""; + String result = regString.replaceAll("----------------------------------------", ""); + result = result.replaceAll("\\n", ""); + result = result.replaceAll("\\r", ""); + result = result.replaceAll("'", "'"); + result = result.replaceAll("&", "&"); + String enddoc = ""; + String stringdoc = startdoc + result + enddoc; + SAXBuilder sb = new SAXBuilder(); + Document document = sb.build(new StringReader(stringdoc)); + Element root = document.getRootElement(); + List types = root.getChildren(); + Iterator iterator = types.iterator(); while (iterator.hasNext()) { - String time = ""; - String context = ""; - Element tempnode = iterator.next(); - // Element tempnode = types.get(i); - context = tempnode.getName(); - Element timenode = tempnode.getChild("time"); - time = timenode.getTextTrim(); - - Element artroot = tempnode.getChild("artifacts"); - List artlist = artroot.getChildren(); - String winver = ""; - String installdate = ""; - if(artlist.isEmpty()){ - } - else{ - - Iterator aiterator = artlist.iterator(); - while (aiterator.hasNext()) { - Element artnode = aiterator.next(); - String name = artnode.getAttributeValue("name"); - String value = artnode.getTextTrim(); - Collection bbattributes = new ArrayList(); - - if("recentdocs".equals(context)){ -// BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT); -// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time)); -// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", context, name)); -// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", context, value)); -// bbart.addAttributes(bbattributes); - } - else if("usb".equals(context)){ - BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_DEVICE_ATTACHED); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, name)); - String dev = artnode.getAttributeValue("dev"); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID(), "RecentActivity", context, dev)); - - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_ID.getTypeID(), "RecentActivity", context, value)); - bbart.addAttributes(bbattributes); - } - else if("uninstall".equals(context)){ - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", context, value)); - - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, name)); - BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG); - bbart.addAttributes(bbattributes); + String etime = ""; + String context = ""; + Element tempnode = iterator.next(); + // Element tempnode = types.get(i); + context = tempnode.getName(); + Element timenode = tempnode.getChild("time"); + etime = timenode.getTextTrim(); + Long time = null; + try { + Long epochtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(etime).getTime(); + time = epochtime.longValue(); + String Tempdate = time.toString(); + time = Long.valueOf(Tempdate); + } catch (ParseException e) { + logger.log(Level.SEVERE, "RegRipper::Conversion on DateTime -> ", e.getMessage()); } - else if("WinVersion".equals(context)){ - - if(name.contains("ProductName")) - { - winver = value; - } - if(name.contains("CSDVersion")){ - winver = winver + " " + value; - } - if(name.contains("InstallDate")) - { - installdate = value; - - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", context, winver)); - - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, installdate)); - BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG); - bbart.addAttributes(bbattributes); + Element artroot = tempnode.getChild("artifacts"); + List artlist = artroot.getChildren(); + String winver = ""; + String installdate = ""; + if (artlist.isEmpty()) { + } else { + Iterator aiterator = artlist.iterator(); + while (aiterator.hasNext()) { + Element artnode = aiterator.next(); + String name = artnode.getAttributeValue("name"); + String value = artnode.getTextTrim(); + Collection bbattributes = new ArrayList(); + + if ("recentdocs".equals(context)) { + // BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT); + // bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time)); + // bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", context, name)); + // bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", context, value)); + // bbart.addAttributes(bbattributes); + } else if ("usb".equals(context)) { + + Long utime = null; + try { + + utime = Long.parseLong(name); + String Tempdate = utime.toString() + "000"; + utime = Long.valueOf(Tempdate); + } catch (Exception e) { + logger.log(Level.SEVERE, "RegRipper::Conversion on DateTime -> ", e.getMessage()); + } + + BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_DEVICE_ATTACHED); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, utime)); + String dev = artnode.getAttributeValue("dev"); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID(), "RecentActivity", context, dev)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_ID.getTypeID(), "RecentActivity", context, value)); + bbart.addAttributes(bbattributes); + } else if ("uninstall".equals(context)) { + Long ftime = null; + try { + Long epochtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(name).getTime(); + ftime = epochtime.longValue(); + + } catch (ParseException e) { + logger.log(Level.SEVERE, "RegRipper::Conversion on DateTime -> ", e.getMessage()); + } + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", context, value)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, ftime)); + BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG); + bbart.addAttributes(bbattributes); + } else if ("WinVersion".equals(context)) { + + if (name.contains("ProductName")) { + winver = value; + } + if (name.contains("CSDVersion")) { + winver = winver + " " + value; + } + if (name.contains("InstallDate")) { + installdate = value; + Long installtime = null; + try { + Long epochtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(value).getTime(); + installtime = epochtime.longValue(); + String Tempdate = installtime.toString(); + installtime = Long.valueOf(Tempdate); + } catch (ParseException e) { + logger.log(Level.SEVERE, "RegRipper::Conversion on DateTime -> ", e.getMessage()); + } + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", context, winver)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, installtime)); + BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG); + bbart.addAttributes(bbattributes); + } + } else { + +// BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(sysid); +// bbart.addAttributes(bbattributes); + } } - } - else - { - - BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(sysid); - bbart.addAttributes(bbattributes); - } - } - - + } } - } - } - catch (Exception ex) - { - - logger.log(Level.WARNING, "Error while trying to read into a registry file." + ex); - String sadafd = ""; - } - + } catch (Exception ex) { - - return true; + logger.log(Level.WARNING, "Error while trying to read into a registry file." + ex); + } + return true; } - } diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java index f6e9ab0184..dca64be7f7 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java @@ -1,30 +1,47 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.recentactivity; -import org.sleuthkit.autopsy.casemodule.Case; -import org.sleuthkit.datamodel.FsContent; -import org.sleuthkit.datamodel.SleuthkitCase; -import org.sleuthkit.autopsy.datamodel.ContentUtils; -import java.sql.*; + +import java.io.File; +import java.net.URLDecoder; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Statement; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; import java.util.logging.Level; import java.util.logging.Logger; -// -import java.lang.*; -// -import java.util.*; -import java.io.File; -import java.io.IOException; -import java.net.URLDecoder; +import org.sleuthkit.autopsy.casemodule.Case; +import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; import org.sleuthkit.autopsy.ingest.IngestManager; import org.sleuthkit.autopsy.ingest.ServiceDataEvent; import org.sleuthkit.datamodel.BlackboardArtifact; -import org.sleuthkit.datamodel.BlackboardArtifact.*; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; +import org.sleuthkit.datamodel.FsContent; +import org.sleuthkit.datamodel.SleuthkitCase; + /** * * @author Alex @@ -33,282 +50,278 @@ public class Firefox { private static final String ffquery = "SELECT moz_historyvisits.id,url,title,visit_count,(visit_date/1000) as visit_date,from_visit,(SELECT url FROM moz_places WHERE id=moz_historyvisits.from_visit) as ref FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND hidden = 0"; private static final String ffcookiequery = "SELECT name,value,host,expiry,(lastAccessed/1000) as lastAccessed,(creationTime/1000) as creationTime FROM moz_cookies"; + private static final String ff3cookiequery = "SELECT name,value,host,expiry,(lastAccessed/1000) as lastAccessed FROM moz_cookies"; private static final String ffbookmarkquery = "SELECT fk, moz_bookmarks.title, url FROM moz_bookmarks INNER JOIN moz_places ON moz_bookmarks.fk=moz_places.id"; private static final String ffdownloadquery = "select target, source,(startTime/1000) as startTime, maxBytes from moz_downloads"; - public Logger logger = Logger.getLogger(this.getClass().getName()); - public int FireFoxCount = 0; - - public Firefox(){ - - } - public void getffdb(List image, IngestImageWorkerController controller){ - //Make these seperate, this is for history - try - { + public Firefox() { + } + + public void getffdb(List image, IngestImageWorkerController controller) { + //Make these seperate, this is for history + try { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; - } - List FFSqlitedb; - - ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE '%places.sqlite%' and name NOT LIKE '%journal%' and parent_path LIKE '%Firefox%'" + allFS); - FFSqlitedb = tempDb.resultSetToFsContents(rs); - Statement s = rs.getStatement(); - rs.close(); - if (s != null) - s.close(); + } + } + List FFSqlitedb = null; + try { + ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE '%places.sqlite%' and name NOT LIKE '%journal%' and parent_path LIKE '%Firefox%'" + allFS); + FFSqlitedb = tempDb.resultSetToFsContents(rs); + Statement s = rs.getStatement(); + rs.close(); + if (s != null) { + s.close(); FireFoxCount = FFSqlitedb.size(); - - rs.close(); - rs.getStatement().close(); - int j = 0; - - while (j < FFSqlitedb.size()) + } + rs.close(); + rs.getStatement().close(); + } catch (SQLException ex) { + logger.log(Level.WARNING, "Error while trying to get Firefox SQLite db.", ex); + } - { + int j = 0; + if(FFSqlitedb != null && !FFSqlitedb.isEmpty()) + { + while (j < FFSqlitedb.size()) { String temps = currentCase.getTempDirectory() + File.separator + FFSqlitedb.get(j).getName().toString() + j + ".db"; String connectionString = "jdbc:sqlite:" + temps; - ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + File.separator + FFSqlitedb.get(j).getName().toString() + j + ".db")); + try { + ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + File.separator + FFSqlitedb.get(j).getName().toString() + j + ".db")); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } File dbFile = new File(temps); - if (controller.isCancelled() ) { - dbFile.delete(); - break; - } - - try - { - - dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString); - ResultSet temprs = tempdbconnect.executeQry(ffquery); - while(temprs.next()) - { - BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); - Collection bbattributes = new ArrayList(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","",((temprs.getString("url") != null) ? temprs.getString("url") : ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getLong("visit_date"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),"RecentActivity","",((temprs.getString("ref") != null) ? temprs.getString("ref") : ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),"RecentActivity","",((temprs.getString("title") != null) ? temprs.getString("title") : ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",(Util.extractDomain((temprs.getString("url") != null) ? temprs.getString("url") : "")))); - bbart.addAttributes(bbattributes); - - } - temprs.close(); - tempdbconnect.closeConnection(); - - } - catch (Exception ex) - { - logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); - } - - try - { - - - dbconnect tempdbconnect2 = new dbconnect("org.sqlite.JDBC",connectionString); - ResultSet tempbm = tempdbconnect2.executeQry(ffbookmarkquery); - while(tempbm.next()) - { - BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK); - Collection bbattributes = new ArrayList(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","",((tempbm.getString("url") != null) ? tempbm.getString("url") : ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","", ((tempbm.getString("title") != null) ? tempbm.getString("title").replaceAll("'", "''") : ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",Util.extractDomain(tempbm.getString("url")))); - bbart.addAttributes(bbattributes); - } - tempbm.close(); - tempdbconnect2.closeConnection(); - } - catch (Exception ex) - { - logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); - } - - + if (controller.isCancelled()) { + dbFile.delete(); + break; + } + dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString); + ResultSet temprs = tempdbconnect.executeQry(ffquery); + while (temprs.next()) { + try { + BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); + Collection bbattributes = new ArrayList(); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", ((temprs.getString("url") != null) ? temprs.getString("url") : ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", temprs.getLong("visit_date"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), "RecentActivity", "", ((temprs.getString("ref") != null) ? temprs.getString("ref") : ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "", ((temprs.getString("title") != null) ? temprs.getString("title") : ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "FireFox")); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", (Util.extractDomain((temprs.getString("url") != null) ? temprs.getString("url") : "")))); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); + } + } + temprs.close(); + tempdbconnect.closeConnection(); + + + + try { + dbconnect tempdbconnect2 = new dbconnect("org.sqlite.JDBC", connectionString); + ResultSet tempbm = tempdbconnect2.executeQry(ffbookmarkquery); + while (tempbm.next()) { + try { + BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK); + Collection bbattributes = new ArrayList(); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", ((tempbm.getString("url") != null) ? tempbm.getString("url") : ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "", ((tempbm.getString("title") != null) ? tempbm.getString("title").replaceAll("'", "''") : ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "FireFox")); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", Util.extractDomain(tempbm.getString("url")))); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + } + tempbm.close(); + tempdbconnect2.closeConnection(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); + } + + j++; dbFile.delete(); } - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); + } } - catch (SQLException ex) - { - logger.log(Level.WARNING, "Error while trying to get Firefox SQLite db.", ex); + catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); } - catch(IOException ioex) - { - logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex); - } - - + //COOKIES section - // This gets the cookie info - try - { + // This gets the cookie info + try { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; + } + } + List FFSqlitedb = null; + try { + ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE '%cookies.sqlite%' and name NOT LIKE '%journal%' and parent_path LIKE '%Firefox%'" + allFS); + FFSqlitedb = tempDb.resultSetToFsContents(rs); + rs.close(); + rs.getStatement().close(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); } - List FFSqlitedb; - - ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE '%cookies.sqlite%' and name NOT LIKE '%journal%' and parent_path LIKE '%Firefox%'" + allFS); - FFSqlitedb = tempDb.resultSetToFsContents(rs); - rs.close(); - rs.getStatement().close(); int j = 0; - - while (j < FFSqlitedb.size()) + if(FFSqlitedb != null && !FFSqlitedb.isEmpty()) { + while (j < FFSqlitedb.size()) { String temps = currentCase.getTempDirectory() + File.separator + FFSqlitedb.get(j).getName().toString() + j + ".db"; String connectionString = "jdbc:sqlite:" + temps; - ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + File.separator + FFSqlitedb.get(j).getName().toString() + j + ".db")); + try { + ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + File.separator + FFSqlitedb.get(j).getName().toString() + j + ".db")); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } File dbFile = new File(temps); - if (controller.isCancelled() ) { - dbFile.delete(); - break; - } - try - { - dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString); - ResultSet temprs = tempdbconnect.executeQry(ffcookiequery); - while(temprs.next()) - { - BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE); - Collection bbattributes = new ArrayList(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Last Visited", temprs.getLong("lastAccessed"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", "", temprs.getString("value"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","Title",((temprs.getString("name") != null) ? temprs.getString("name") : ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",temprs.getString("host"))); - bbart.addAttributes(bbattributes); - - } - tempdbconnect.closeConnection(); - temprs.close(); - - } - catch (Exception ex) - { - logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); - } + if (controller.isCancelled()) { + dbFile.delete(); + break; + } + boolean checkColumn = Util.checkColumn("creationTime", "moz_cookies", connectionString); + String query; + if (checkColumn) { + query = ffcookiequery; + } else { + query = ff3cookiequery; + } + try { + dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString); + ResultSet temprs = tempdbconnect.executeQry(query); + while (temprs.next()) { + try { + BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE); + Collection bbattributes = new ArrayList(); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Last Visited", temprs.getLong("lastAccessed"))); + if (checkColumn == true) { + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Created", temprs.getLong("creationTime"))); + } + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", "", temprs.getString("value"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "Title", ((temprs.getString("name") != null) ? temprs.getString("name") : ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "FireFox")); + String domain = Util.getBaseDomain(temprs.getString("host")); + domain = domain.replaceFirst("^\\.+(?!$)", ""); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain)); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + } + tempdbconnect.closeConnection(); + temprs.close(); + + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); + } j++; dbFile.delete(); } - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE)); + } + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE)); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to get Firefox SQLite db.", ex); } - catch (SQLException ex) - { - logger.log(Level.WARNING, "Error while trying to get Firefox SQLite db.", ex); - } - catch(IOException ioex) - { - logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex); - } - - - //Downloads section - // This gets the downloads info - try - { + + + + //Downloads section + // This gets the downloads info + try { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + String allFS = new String(); + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; + } } - List FFSqlitedb; - ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'downloads.sqlite' and name NOT LIKE '%journal%' and parent_path LIKE '%Firefox%'" + allFS); - FFSqlitedb = tempDb.resultSetToFsContents(rs); - rs.close(); - rs.getStatement().close(); - + List FFSqlitedb = null; + try { + ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'downloads.sqlite' and name NOT LIKE '%journal%' and parent_path LIKE '%Firefox%'" + allFS); + FFSqlitedb = tempDb.resultSetToFsContents(rs); + rs.close(); + rs.getStatement().close(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + int j = 0; - - while (j < FFSqlitedb.size()) + if(FFSqlitedb != null && !FFSqlitedb.isEmpty()) { + while (j < FFSqlitedb.size()) { String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"; String connectionString = "jdbc:sqlite:" + temps; - ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); + try { + ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } File dbFile = new File(temps); - if (controller.isCancelled() ) { - dbFile.delete(); - break; - } - try - { - dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString); - ResultSet temprs = tempdbconnect.executeQry(ffdownloadquery); - while(temprs.next()) - { - - BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD); - Collection bbattributes = new ArrayList(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getLong("startTime"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",((temprs.getString("source") != null) ? temprs.getString("source") : ""))); - //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : ""))); - String urldecodedtarget = URLDecoder.decode(temprs.getString("target").replaceAll("file:///", ""), "UTF-8"); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(),"RecentActivity","",Util.findID(urldecodedtarget))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "Recent Activity", "", urldecodedtarget)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",Util.extractDomain(temprs.getString("source")))); + if (controller.isCancelled()) { + dbFile.delete(); + break; + } + try { + dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString); + ResultSet temprs = tempdbconnect.executeQry(ffdownloadquery); + while (temprs.next()) { + try { + BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD); + Collection bbattributes = new ArrayList(); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", temprs.getLong("startTime"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", ((temprs.getString("source") != null) ? temprs.getString("source") : ""))); + String urldecodedtarget = URLDecoder.decode(temprs.getString("target").replaceAll("file:///", ""), "UTF-8"); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(), "RecentActivity", "", Util.findID(urldecodedtarget))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "Recent Activity", "", urldecodedtarget)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", Util.extractDomain(temprs.getString("source")))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "FireFox")); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + } + tempdbconnect.closeConnection(); + temprs.close(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox")); - bbart.addAttributes(bbattributes); - - } - tempdbconnect.closeConnection(); - temprs.close(); - - } - catch (Exception ex) - { - logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); - } + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); + } j++; dbFile.delete(); } - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD)); + } + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD)); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to get FireFox SQLite db.", ex); } - catch (SQLException ex) - { - logger.log(Level.WARNING, "Error while trying to get FireFox SQLite db.", ex); - } - catch(IOException ioex) - { - logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex); - } - } + } } - //@Override -// public HashMap ExtractActivity() { -// return ExtractActivity; -// -// } - - - - - - - diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestService.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestService.java index c4840f9fcc..354fc82514 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestService.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestService.java @@ -1,15 +1,17 @@ -/* + /* + * * Autopsy Forensic Browser - * - * Copyright 2011 Basis Technology Corp. - * Contact: carrier sleuthkit org - * + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -35,8 +37,8 @@ import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.FileSystem; /** - * Recent activity image ingest service - * + * Recent activity image ingest service + * */ public final class RAImageIngestService implements IngestServiceImage { @@ -77,28 +79,21 @@ public final class RAImageIngestService implements IngestServiceImage { try { //do the work for(FileSystem img : imageFS ) - try{ - ResultSet artset = sCurrentCase.runQuery("SELECT * from blackboard_artifact_types WHERE type_name = 'TSK_SYS_INFO'"); - int artcount = 0; - while (artset.next()){ - artcount++; - } - - // artset.beforeFirst(); - if(artcount > 0) - { - - } - else - { - int artint = sCurrentCase.addArtifactType("TSK_SYS_INFO", "System Information"); - } - - } - catch(Exception e) - { - - } +// try { +// ResultSet artset = sCurrentCase.runQuery("SELECT * from blackboard_artifact_types WHERE type_name = 'TSK_SYS_INFO'"); +// int artcount = 0; +// while (artset.next()) { +// artcount++; +// } +// +// // artset.beforeFirst(); +// if (artcount > 0) { +// } else { +// int artint = sCurrentCase.addArtifactType("TSK_SYS_INFO", "System Information"); +// } +// +// } catch (Exception e) { +// } ext.extractToBlackboard(controller, fsIds); @@ -123,7 +118,7 @@ public final class RAImageIngestService implements IngestServiceImage { public String getName() { return "Recent Activity"; } - + @Override public String getDescription() { return "Extracts recent user activity, such as Internet browsing, recently used documents and installed programs."; @@ -149,12 +144,12 @@ public final class RAImageIngestService implements IngestServiceImage { public ServiceType getType() { return ServiceType.Image; } - - @Override + + @Override public boolean hasSimpleConfiguration() { return false; } - + @Override public boolean hasAdvancedConfiguration() { return false; @@ -164,23 +159,22 @@ public final class RAImageIngestService implements IngestServiceImage { public javax.swing.JPanel getSimpleConfiguration() { return null; } - + @Override public javax.swing.JPanel getAdvancedConfiguration() { return null; } - + @Override public void saveAdvancedConfiguration() { } - + @Override public void saveSimpleConfiguration() { } - + @Override public boolean hasBackgroundJobsRunning() { return false; } - } diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Util.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Util.java index e1cf6666d7..e52a1a2b9e 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Util.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Util.java @@ -1,8 +1,25 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.recentactivity; + import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -24,138 +41,153 @@ import java.util.regex.Pattern; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.datamodel.FsContent; import org.sleuthkit.datamodel.SleuthkitCase; + /** * * @author Alex */ public class Util { -private static Logger logger = Logger.getLogger(Util.class.getName()); - - private Util(){ - - } -public static boolean pathexists(String path){ - File file=new File(path); - boolean exists = file.exists(); - return exists; -} + private static Logger logger = Logger.getLogger(Util.class.getName()); -public static String utcConvert(String utc){ - SimpleDateFormat formatter = new SimpleDateFormat("MM-dd-yyyy HH:mm"); - String tempconvert = formatter.format(new Date(Long.parseLong(utc))); - return tempconvert; -} - -public static String readFile(String path) throws IOException { - FileInputStream stream = new FileInputStream(new File(path)); - try { - FileChannel fc = stream.getChannel(); - MappedByteBuffer bb = fc.map(FileChannel.MapMode.READ_ONLY, 0, fc.size()); - /* Instead of using default, pass in a decoder. */ - return Charset.defaultCharset().decode(bb).toString(); - } - finally { - stream.close(); - } -} - -public static boolean imgpathexists(String path){ - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - Boolean rt = false; - int count = 0; - try { - List FFSqlitedb; - ResultSet rs = tempDb.runQuery("select * from tsk_files where parent_path LIKE '%"+ path + "%'"); - FFSqlitedb = tempDb.resultSetToFsContents(rs); - count = FFSqlitedb.size(); - final Statement s = rs.getStatement(); - rs.close(); - if (s != null){ - s.close(); - } - if(count > 0) - { - rt = true; - } - else - { - rt = false; - } + private Util() { } - catch (SQLException ex) - { - //logger.log(Level.WARNING, "Error while trying to contact SQLite db.", ex); + + public static boolean pathexists(String path) { + File file = new File(path); + boolean exists = file.exists(); + return exists; + } + + public static String utcConvert(String utc) { + SimpleDateFormat formatter = new SimpleDateFormat("MM-dd-yyyy HH:mm"); + String tempconvert = formatter.format(new Date(Long.parseLong(utc))); + return tempconvert; + } + + public static String readFile(String path) throws IOException { + FileInputStream stream = new FileInputStream(new File(path)); + try { + FileChannel fc = stream.getChannel(); + MappedByteBuffer bb = fc.map(FileChannel.MapMode.READ_ONLY, 0, fc.size()); + /* + * Instead of using default, pass in a decoder. + */ + return Charset.defaultCharset().decode(bb).toString(); + } finally { + stream.close(); } - return rt; } -public static String extractDomain(String value){ - if (value == null) throw new java.lang.NullPointerException("domains to extract"); + public static boolean imgpathexists(String path) { + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase tempDb = currentCase.getSleuthkitCase(); + Boolean rt = false; + int count = 0; + try { + List FFSqlitedb; + ResultSet rs = tempDb.runQuery("select * from tsk_files where parent_path LIKE '%" + path + "%'"); + FFSqlitedb = tempDb.resultSetToFsContents(rs); + count = FFSqlitedb.size(); + final Statement s = rs.getStatement(); + rs.close(); + if (s != null) { + s.close(); + } + if (count > 0) { + rt = true; + } else { + rt = false; + } + } catch (SQLException ex) { + //logger.log(Level.WARNING, "Error while trying to contact SQLite db.", ex); + } + return rt; + } + + public static String getBaseDomain(String url) { + String host = url; + + int startIndex = 0; + int nextIndex = host.indexOf('.'); + int lastIndex = host.lastIndexOf('.'); + while (nextIndex < lastIndex) { + startIndex = nextIndex + 1; + nextIndex = host.indexOf('.', startIndex); + } + if (startIndex > 0) { + return host.substring(startIndex); + } else { + return host; + } +} + + + public static String extractDomain(String value) { + if (value == null) { + throw new java.lang.NullPointerException("domains to extract"); + } String result = ""; - // String domainPattern = "(\\w+)\\.(AC|AD|AE|AERO|AF|AG|AI|AL|AM|AN|AO|AQ|AR|ARPA|AS|ASIA|AT|AU|AW|AX|AZ|BA|BB|BD|BE|BF|BG|BH|BI|BIZ|BJ|BM|BN|BO|BR|BS|BT|BV|BW|BY|BZ|CA|CAT|CC|CD|CF|CG|CH|CI|CK|CL|CM|CN|CO|COM|COOP|CR|CU|CV|CW|CX|CY|CZ|DE|DJ|DK|DM|DO|DZ|EC|EDU|EE|EG|ER|ES|ET|EU|FI|FJ|FK|FM|FO|FR|GA|GB|GD|GE|GF|GG|GH|GI|GL|GM|GN|GOV|GP|GQ|GR|GS|GT|GU|GW|GY|HK|HM|HN|HR|HT|HU|ID|IE|IL|IM|IN|INFO|INT|IO|IQ|IR|IS|IT|JE|JM|JO|JOBS|JP|KE|KG|KH|KI|KM|KN|KP|KR|KW|KY|KZ|LA|LB|LC|LI|LK|LR|LS|LT|LU|LV|LY|MA|MC|MD|ME|MG|MH|MIL|MK|ML|MM|MN|MO|MOBI|MP|MQ|MR|MS|MT|MU|MUSEUM|MV|MW|MX|MY|MZ|NA|NAME|NC|NE|NET|NF|NG|NI|NL|NO|NP|NR|NU|NZ|OM|ORG|PA|PE|PF|PG|PH|PK|PL|PM|PN|PR|PRO|PS|PT|PW|PY|QA|RE|RO|RS|RU|RW|SA|SB|SC|SD|SE|SG|SH|SI|SJ|SK|SL|SM|SN|SO|SR|ST|SU|SV|SX|SY|SZ|TC|TD|TEL|TF|TG|TH|TJ|TK|TL|TM|TN|TO|TP|TR|TRAVEL|TT|TV|TW|TZ|UA|UG|UK|US|UY|UZ|VA|VC|VE|VG|VI|VN|VU|WF|WS|XXX|YE|YT|ZA|ZM|ZW(co\\.[a-z].))"; - // Pattern p = Pattern.compile(domainPattern,Pattern.CASE_INSENSITIVE); - // Matcher m = p.matcher(value); - // while (m.find()) { - // result = value.substring(m.start(0),m.end(0)); - // } - try{ - URL url = new URL(value); - result = url.getHost(); - } - catch(Exception e){ - - } - - return result; - } - -public static String getFileName(String value){ - String filename = ""; - String filematch = "^([a-zA-Z]\\:)(\\\\[^\\\\/:*?<>\"|]*(?|]+)+)"; // Windows network - - Pattern p2 = Pattern.compile(network,Pattern.CASE_INSENSITIVE | Pattern.DOTALL); - Matcher m2 = p2.matcher(txt); - if (m2.find()) + // String domainPattern = "(\\w+)\\.(AC|AD|AE|AERO|AF|AG|AI|AL|AM|AN|AO|AQ|AR|ARPA|AS|ASIA|AT|AU|AW|AX|AZ|BA|BB|BD|BE|BF|BG|BH|BI|BIZ|BJ|BM|BN|BO|BR|BS|BT|BV|BW|BY|BZ|CA|CAT|CC|CD|CF|CG|CH|CI|CK|CL|CM|CN|CO|COM|COOP|CR|CU|CV|CW|CX|CY|CZ|DE|DJ|DK|DM|DO|DZ|EC|EDU|EE|EG|ER|ES|ET|EU|FI|FJ|FK|FM|FO|FR|GA|GB|GD|GE|GF|GG|GH|GI|GL|GM|GN|GOV|GP|GQ|GR|GS|GT|GU|GW|GY|HK|HM|HN|HR|HT|HU|ID|IE|IL|IM|IN|INFO|INT|IO|IQ|IR|IS|IT|JE|JM|JO|JOBS|JP|KE|KG|KH|KI|KM|KN|KP|KR|KW|KY|KZ|LA|LB|LC|LI|LK|LR|LS|LT|LU|LV|LY|MA|MC|MD|ME|MG|MH|MIL|MK|ML|MM|MN|MO|MOBI|MP|MQ|MR|MS|MT|MU|MUSEUM|MV|MW|MX|MY|MZ|NA|NAME|NC|NE|NET|NF|NG|NI|NL|NO|NP|NR|NU|NZ|OM|ORG|PA|PE|PF|PG|PH|PK|PL|PM|PN|PR|PRO|PS|PT|PW|PY|QA|RE|RO|RS|RU|RW|SA|SB|SC|SD|SE|SG|SH|SI|SJ|SK|SL|SM|SN|SO|SR|ST|SU|SV|SX|SY|SZ|TC|TD|TEL|TF|TG|TH|TJ|TK|TL|TM|TN|TO|TP|TR|TRAVEL|TT|TV|TW|TZ|UA|UG|UK|US|UY|UZ|VA|VC|VE|VG|VI|VN|VU|WF|WS|XXX|YE|YT|ZA|ZM|ZW(co\\.[a-z].))"; + // Pattern p = Pattern.compile(domainPattern,Pattern.CASE_INSENSITIVE); + // Matcher m = p.matcher(value); + // while (m.find()) { + // result = value.substring(m.start(0),m.end(0)); + // } + try { + URL url = new URL(value); + result = url.getHost(); + } catch (Exception e) { - path = m2.group(1); + logger.log(Level.WARNING, "Error while trying to convert url to domain." + value, e); } - } - return path; + + return result; } -public static long findID(String path) { + public static String getFileName(String value) { + String filename = ""; + String filematch = "^([a-zA-Z]\\:)(\\\\[^\\\\/:*?<>\"|]*(?|]+)+)"; // Windows network + + Pattern p2 = Pattern.compile(network, Pattern.CASE_INSENSITIVE | Pattern.DOTALL); + Matcher m2 = p2.matcher(txt); + if (m2.find()) { + path = m2.group(1); + } + } + return path; + } + + public static long findID(String path) { String parent_path = path.replace('\\', '/'); // fix Chrome paths - if(parent_path.length() > 2 && parent_path.charAt(1) == ':') + if (parent_path.length() > 2 && parent_path.charAt(1) == ':') { parent_path = parent_path.substring(2); // remove drive letter (e.g., 'C:') + } int index = parent_path.lastIndexOf('/'); String name = parent_path.substring(++index); parent_path = parent_path.substring(0, index); @@ -167,14 +199,45 @@ public static long findID(String path) { List results = tempDb.resultSetToFsContents(rs); Statement s = rs.getStatement(); rs.close(); - if (s != null) + if (s != null) { s.close(); - if(results.size() > 0) { + } + if (results.size() > 0) { return results.get(0).getId(); } } catch (Exception ex) { - // logger.log(Level.WARNING, "Error retrieving content from DB", ex); + // logger.log(Level.WARNING, "Error retrieving content from DB", ex); } return -1; } + + public static boolean checkColumn(String column, String tablename, String connection) { + String query = "PRAGMA table_info(" + tablename + ")"; + boolean found = false; + ResultSet temprs; + try { + dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connection); + temprs = tempdbconnect.executeQry(query); + while (temprs.next()) { + if (temprs.getString("name") == null ? column == null : temprs.getString("name").equals(column)) { + found = true; + } + } + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to get columns from sqlite db." + connection, ex); + } + return found; + } + + public static ResultSet runQuery(String query, String connection) { + ResultSet results = null; + try { + dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connection); + results = tempdbconnect.executeQry(query); + tempdbconnect.closeConnection(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to get columns from sqlite db." + connection, ex); + } + return results; + } } \ No newline at end of file diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/dbconnect.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/dbconnect.java index 67272f5900..19064301f8 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/dbconnect.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/dbconnect.java @@ -15,9 +15,6 @@ import java.sql.*; public dbconnect(String sDriverForClass, String sUrlKey) throws Exception { init(sDriverForClass, sUrlKey); - //Statement stmt = conn.createStatement(); - //String selecthistory = "SELECT moz_historyvisits.id,url,title,visit_count,visit_date,from_visit,rev_host FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND hidden = 0"; - // ResultSet rs = stmt.executeQuery(selecthistory); } diff --git a/Report/nbproject/genfiles.properties b/Report/nbproject/genfiles.properties index 03f0e6b880..2e8895c1f4 100644 --- a/Report/nbproject/genfiles.properties +++ b/Report/nbproject/genfiles.properties @@ -1,8 +1,8 @@ -build.xml.data.CRC32=38c0b1aa +build.xml.data.CRC32=d88c1ca9 build.xml.script.CRC32=bbb1c310 -build.xml.stylesheet.CRC32=a56c6a5b@1.46.1 +build.xml.stylesheet.CRC32=a56c6a5b@1.46.2 # This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml. # Do not edit this file. You may delete it but then the IDE will never regenerate such files for you. -nbproject/build-impl.xml.data.CRC32=38c0b1aa +nbproject/build-impl.xml.data.CRC32=d88c1ca9 nbproject/build-impl.xml.script.CRC32=1562aec2 -nbproject/build-impl.xml.stylesheet.CRC32=238281d1@1.46.1 +nbproject/build-impl.xml.stylesheet.CRC32=238281d1@1.46.2 diff --git a/Report/nbproject/project.xml b/Report/nbproject/project.xml index b7a7ee39b9..6deb5c1af8 100644 --- a/Report/nbproject/project.xml +++ b/Report/nbproject/project.xml @@ -135,6 +135,14 @@ 0.0 + + org.sleuthkit.autopsy.recentactivity + + + + 1.0 + + diff --git a/Report/src/org/sleuthkit/autopsy/report/Bundle.properties b/Report/src/org/sleuthkit/autopsy/report/Bundle.properties index 3cfbe706b7..af5d6ace1a 100644 --- a/Report/src/org/sleuthkit/autopsy/report/Bundle.properties +++ b/Report/src/org/sleuthkit/autopsy/report/Bundle.properties @@ -1,18 +1,13 @@ OpenIDE-Module-Name=Report -reportFilter.jCheckBox1.text=Internet History -reportFilter.jCheckBox2.text=General Info -reportFilter.jCheckBox3.text=Keyword Hits -reportFilter.jCheckBox4.text=Hashlist Hits -reportFilter.jCheckBox5.text=System Information -reportFilter.jButton1.text=Generate Report -Toolbars/Reports/org-sleuthkit-autopsy-report-reportAction.shadow=Reports -reportPanel.jButton1.text=Close -reportFilter.cancelButton.text=Cancel -reportFilter.cancelButton.actionCommand= -reportFilter.jButton2.actionCommand= -reportFilter.jButton2.label= -reportFilter.jButton2.text= -reportPanel.saveReport.actionCommand= -reportPanel.saveReport.text=Export Report... -reportFilter.progBar.string= -reportPanel.jLabel1.text=jLabel1 +Toolbars/Reports/org-sleuthkit-autopsy-report-ReportAction.shadow=Reports +ReportFilter.progBar.string= +ReportFilter.cancelButton.actionCommand= +ReportFilter.cancelButton.text=Cancel +ReportFilter.jButton1.text=Generate Report +ReportFilter.jButton2.label= +ReportFilter.jButton2.actionCommand= +ReportFilter.jButton2.text= +ReportPanel.jLabel1.text=jLabel1 +ReportPanel.saveReport.actionCommand= +ReportPanel.saveReport.text=Export Report... +ReportPanel.jButton1.text=Close diff --git a/Report/src/org/sleuthkit/autopsy/report/Report.java b/Report/src/org/sleuthkit/autopsy/report/Report.java new file mode 100644 index 0000000000..73542a0467 --- /dev/null +++ b/Report/src/org/sleuthkit/autopsy/report/Report.java @@ -0,0 +1,125 @@ + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.sleuthkit.autopsy.report; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Map; +import java.util.logging.Level; +import java.util.logging.Logger; +import org.sleuthkit.autopsy.casemodule.Case; +import org.sleuthkit.datamodel.BlackboardArtifact; +import org.sleuthkit.datamodel.BlackboardAttribute; +import org.sleuthkit.datamodel.SleuthkitCase; +import java.sql.*; +import org.sleuthkit.autopsy.recentactivity.dbconnect; + +/** + * + * @author Alex + */ +public class Report { + + private void Report() { + } + + public String getGroupedKeywordHit() { + StringBuilder table = new StringBuilder(); + HashMap> reportMap = new HashMap>(); + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase tempDb = currentCase.getSleuthkitCase(); + try { + ReportUtils util = new ReportUtils(); + util.copy(new FileInputStream(currentCase.getCaseDirectory()+File.separator+"autopsy.db"), new FileOutputStream(currentCase.getCaseDirectory()+File.separator+"autopsy-copy.db")); + dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", "jdbc:sqlite:"+currentCase.getCaseDirectory()+File.separator+"autopsy-copy.db"); + tempdbconnect.executeStmt("DROP TABLE IF EXISTS report_keyword;"); + tempdbconnect.executeStmt("DROP TABLE IF EXISTS report_preview;"); + tempdbconnect.executeStmt("DROP TABLE IF EXISTS report_exp;"); + tempdbconnect.executeStmt("DROP TABLE IF EXISTS report_name;"); + tempdbconnect.executeStmt("DROP TABLE IF EXISTS report;"); + String temp1 = "CREATE TABLE report_keyword AS SELECT value_text as keyword,blackboard_attributes.attribute_type_id, blackboard_attributes.artifact_id FROM blackboard_attributes WHERE attribute_type_id = 10;"; + String temp2 = "CREATE TABLE report_preview AS SELECT value_text as preview, blackboard_attributes.attribute_type_id, blackboard_attributes.artifact_id FROM blackboard_attributes WHERE attribute_type_id = 11;"; + String temp3 = "CREATE TABLE report_exp AS SELECT value_text as exp, blackboard_attributes.attribute_type_id, blackboard_attributes.artifact_id FROM blackboard_attributes WHERE attribute_type_id = 12;"; + String temp4 = "CREATE TABLE report_name AS SELECT name, report_keyword.artifact_id from tsk_files,blackboard_artifacts, report_keyword WHERE blackboard_artifacts.artifact_id = report_keyword.artifact_id AND blackboard_artifacts.obj_id = tsk_files.obj_id;"; + String temp5 = "CREATE TABLE report AS SELECT keyword,preview,exp, name from report_keyword INNER JOIN report_preview ON report_keyword.artifact_id=report_preview.artifact_id INNER JOIN report_exp ON report_preview.artifact_id=report_exp.artifact_id INNER JOIN report_name ON report_exp.artifact_id=report_name.artifact_id;"; + tempdbconnect.executeStmt(temp1); + tempdbconnect.executeStmt(temp2); + tempdbconnect.executeStmt(temp3); + tempdbconnect.executeStmt(temp4); + tempdbconnect.executeStmt(temp5); + ResultSet uniqueresults = tempdbconnect.executeQry("SELECT keyword, preview, exp, name FROM report ORDER BY keyword ASC"); + String keyword = ""; + while (uniqueresults.next()) { + if(uniqueresults.getString("keyword") == null ? keyword == null : uniqueresults.getString("keyword").equals(keyword)) + { + + } + else{ + table.append("

"); + keyword = uniqueresults.getString("keyword"); + table.append("").append(keyword).append(""); + table.append(""); + } + table.append(""); + table.append("").append("").append(""); + + } + tempdbconnect.executeStmt("DROP TABLE IF EXISTS report_keyword;"); + tempdbconnect.executeStmt("DROP TABLE IF EXISTS report_preview;"); + tempdbconnect.executeStmt("DROP TABLE IF EXISTS report_exp;"); + tempdbconnect.executeStmt("DROP TABLE IF EXISTS report_name;"); + tempdbconnect.executeStmt("DROP TABLE IF EXISTS report;"); + tempdbconnect.closeConnection(); + + File f1 = new File(currentCase.getCaseDirectory()+File.separator+"autopsy-copy.db"); + boolean success = f1.delete(); + + } catch (Exception e) { + Logger.getLogger(Report.class.getName()).log(Level.WARNING, "Exception occurred", e); + } + + return table.toString(); + } + + public HashMap> getAllTypes(ReportConfiguration config) { + HashMap> reportMap = new HashMap>(); + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase tempDb = currentCase.getSleuthkitCase(); + try { + for (Map.Entry entry : config.config.entrySet()) { + if (entry.getValue()) { + ArrayList bbart = tempDb.getBlackboardArtifacts(entry.getKey()); + for (BlackboardArtifact artifact : bbart) { + ArrayList attributes = artifact.getAttributes(); + reportMap.put(artifact, attributes); + } + } + } + } catch (Exception e) { + Logger.getLogger(Report.class.getName()).log(Level.INFO, "Exception occurred", e); + } + + return reportMap; + } +} \ No newline at end of file diff --git a/Report/src/org/sleuthkit/autopsy/report/ReportAction.java b/Report/src/org/sleuthkit/autopsy/report/ReportAction.java new file mode 100644 index 0000000000..6e148c83eb --- /dev/null +++ b/Report/src/org/sleuthkit/autopsy/report/ReportAction.java @@ -0,0 +1,316 @@ + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.sleuthkit.autopsy.report; + +import java.awt.*; +import java.awt.event.ActionEvent; +import java.awt.event.ActionListener; +import java.awt.event.ItemEvent; +import java.awt.event.ItemListener; +import java.beans.PropertyChangeEvent; +import java.beans.PropertyChangeListener; +import java.io.File; +import java.util.ArrayList; +import java.util.logging.Level; +import java.util.logging.Logger; +import javax.swing.*; +import javax.swing.border.Border; +import org.openide.awt.ActionID; +import org.openide.awt.ActionReference; +import org.openide.awt.ActionReferences; +import org.openide.awt.ActionRegistration; +import org.openide.util.HelpCtx; +import org.openide.util.Lookup; +import org.openide.util.NbBundle.Messages; +import org.openide.util.actions.CallableSystemAction; +import org.openide.util.actions.Presenter; +import org.sleuthkit.autopsy.casemodule.Case; +import org.sleuthkit.autopsy.coreutils.Log; +import org.sleuthkit.datamodel.BlackboardArtifact; + +@ActionID(category = "Tools", id = "org.sleuthkit.autopsy.report.ReportAction") +@ActionRegistration(displayName = "#CTL_ReportAction") +@ActionReferences(value = { + @ActionReference(path = "Menu/Tools", position = 80)}) +@Messages(value = "CTL_ReportAction=Run Report") +public final class ReportAction extends CallableSystemAction implements Presenter.Toolbar { + + private JButton toolbarButton = new JButton(); + private static final String ACTION_NAME = "Generate Report"; + static final Logger logger = Logger.getLogger(ReportAction.class.getName()); + private JPanel panel; + public static ArrayList reportList = new ArrayList(); + public static String preview; + public static ReportConfiguration config; + + public ReportAction() { + setEnabled(false); + Case.addPropertyChangeListener(new PropertyChangeListener() { + + @Override + public void propertyChange(PropertyChangeEvent evt) { + if (evt.getPropertyName().equals(Case.CASE_CURRENT_CASE)) { + setEnabled(evt.getNewValue() != null); + } + } + }); + //attempt to create a report folder if a case is active + Case.addPropertyChangeListener(new PropertyChangeListener() { + + @Override + public void propertyChange(PropertyChangeEvent evt) { + String changed = evt.getPropertyName(); + + //case has been changed + if (changed.equals(Case.CASE_CURRENT_CASE)) { + Case newCase = (Case) evt.getNewValue(); + + if (newCase != null) { + boolean exists = (new File(newCase.getCaseDirectory() + File.separator + "Reports")).exists(); + if (exists) { + // report directory exists -- don't need to do anything + } else { + // report directory does not exist -- create it + boolean reportCreate = (new File(newCase.getCaseDirectory() + File.separator + "Reports")).mkdirs(); + if (!reportCreate) { + logger.log(Level.WARNING, "Could not create Reports directory for case. It does not exist."); + } + } + } + } + } + }); + + // set action of the toolbar button + toolbarButton.addActionListener(new ActionListener() { + + @Override + public void actionPerformed(ActionEvent e) { + ReportAction.this.actionPerformed(e); + } + }); + + } + + private class reportListener implements ItemListener { + + @Override + public void itemStateChanged(ItemEvent e) { + Object source = e.getItem(); + JCheckBox comp = (JCheckBox) source; + String name = comp.getName(); + JRadioButton buttan = null; + Component[] comps = comp.getParent().getComponents(); + for (Component c : comps) { + if (c.getName().equals(name + "p")) { + buttan = (JRadioButton) c; + } + } + if (e.getStateChange() == ItemEvent.DESELECTED) { + buttan.setEnabled(false); + } + if (e.getStateChange() == ItemEvent.SELECTED) { + buttan.setEnabled(true); + } + } + }; + + private class configListener implements ItemListener { + + @Override + public void itemStateChanged(ItemEvent e) { + Object source = e.getItem(); + JCheckBox comp = (JCheckBox) source; + String name = comp.getName(); + BlackboardArtifact.ARTIFACT_TYPE type = BlackboardArtifact.ARTIFACT_TYPE.valueOf(name); + if (e.getStateChange() == ItemEvent.DESELECTED) { + try { + config.setGenArtifactType(type, Boolean.FALSE); + } catch (ReportModuleException ex) { + } + } + if (e.getStateChange() == ItemEvent.SELECTED) { + try { + config.setGenArtifactType(type, Boolean.TRUE); + } catch (ReportModuleException ex) { + } + } + } + }; + + private class previewListener implements ItemListener { + + @Override + public void itemStateChanged(ItemEvent e) { + Object source = e.getItem(); + JRadioButton comp = (JRadioButton) source; + String name = comp.getName(); + JRadioButton buttan = new JRadioButton(); + Component[] comps = comp.getParent().getComponents(); + for (Component c : comps) { + if (c.getName().equals(name)) { + buttan = (JRadioButton) c; + } + } + if (e.getStateChange() == ItemEvent.SELECTED) { + String temp = buttan.getName(); + temp = temp.substring(0, temp.length()-1); + preview = temp; + } + } + }; + + @Override + public void actionPerformed(ActionEvent e) { + try { + + // create the popUp window for it + final JFrame frame = new JFrame(ACTION_NAME); + final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal + popUpWindow.setLayout(new GridLayout(0, 1)); + // initialize panel with loaded settings + final ReportFilter panel = new ReportFilter(); + panel.setjButton2ActionListener(new ActionListener() { + + @Override + public void actionPerformed(ActionEvent e) { + popUpWindow.dispose(); + } + }); + final reportListener listener = new reportListener(); + final configListener clistener = new configListener(); + final previewListener plistener = new previewListener(); + preview = ""; + reportList.clear(); + config = new ReportConfiguration(); + final JPanel filterpanel = new JPanel(new GridLayout(0, 2, 5, 5)); + final JPanel artpanel = new JPanel(new GridLayout(0, 3, 5, 5)); + SwingUtilities.invokeLater(new Runnable() { + + @Override + public void run() { + + Border border = BorderFactory.createTitledBorder("Reporting Modules"); + filterpanel.setBorder(border); + filterpanel.setComponentOrientation(ComponentOrientation.LEFT_TO_RIGHT); + filterpanel.setAlignmentY(Component.TOP_ALIGNMENT); + filterpanel.setAlignmentX(Component.LEFT_ALIGNMENT); + filterpanel.setSize(300, 100); + ButtonGroup previewGroup = new ButtonGroup(); + for (ReportModule m : Lookup.getDefault().lookupAll(ReportModule.class)) { + String name = m.getName(); + String desc = m.getReportTypeDescription(); + JCheckBox ch = new JCheckBox(); + ch.setAlignmentY(Component.TOP_ALIGNMENT); + ch.setText(name); + ch.setName(m.getClass().getName()); + ch.setToolTipText(desc); + ch.setSelected(true); + + JRadioButton cb = new JRadioButton("Preview"); + previewGroup.add(cb); + cb.setName(m.getClass().getName() + "p"); + cb.addItemListener(plistener); + filterpanel.add(cb, 0); + ch.addItemListener(listener); + reportList.add(ch); + filterpanel.add(ch, 0); + } + Border artborder = BorderFactory.createTitledBorder("Report Data"); + artpanel.setBorder(artborder); + artpanel.setComponentOrientation(ComponentOrientation.LEFT_TO_RIGHT); + artpanel.setAlignmentY(Component.TOP_ALIGNMENT); + artpanel.setAlignmentX(Component.LEFT_ALIGNMENT); + artpanel.setSize(300, 100); + for (BlackboardArtifact.ARTIFACT_TYPE a : panel.config.config.keySet()) { + JCheckBox ce = new JCheckBox(); + ce.setText(a.getDisplayName()); + ce.setToolTipText(a.getDisplayName()); + ce.setName(a.getLabel()); + ce.setSelected(true); + ce.addItemListener(clistener); + artpanel.add(ce); + } + + } + }); + popUpWindow.add(filterpanel, 0); + popUpWindow.add(artpanel, 1); + // add the panel to the popup window + popUpWindow.add(panel, 2); + + popUpWindow.pack(); + popUpWindow.setResizable(false); + + // set the location of the popUp Window on the center of the screen + Dimension screenDimension = Toolkit.getDefaultToolkit().getScreenSize(); + double w = popUpWindow.getSize().getWidth(); + double h = popUpWindow.getSize().getHeight(); + popUpWindow.setLocation((int) ((screenDimension.getWidth() - w) / 2), (int) ((screenDimension.getHeight() - h) / 2)); + + // display the window + popUpWindow.setVisible(true); + // add the command to close the window to the button on the Case Properties form / panel + + + } catch (Exception ex) { + Log.get(ReportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex); + } + } + + @Override + public void performAction() { + } + + @Override + public String getName() { + return ACTION_NAME; + } + + @Override + public HelpCtx getHelpCtx() { + return HelpCtx.DEFAULT_HELP; + } + + /** + * Returns the toolbar component of this action + * + * @return component the toolbar button + */ + @Override + public Component getToolbarPresenter() { + ImageIcon icon = new ImageIcon(getClass().getResource("btn_icon_generate_report.png")); + toolbarButton.setIcon(icon); + toolbarButton.setText("Generate Report"); + return toolbarButton; + } + + /** + * Set this action to be enabled/disabled + * + * @param value whether to enable this action or not + */ + @Override + public void setEnabled(boolean value) { + super.setEnabled(value); + toolbarButton.setEnabled(value); + } +} \ No newline at end of file diff --git a/Report/src/org/sleuthkit/autopsy/report/ReportConfiguration.java b/Report/src/org/sleuthkit/autopsy/report/ReportConfiguration.java new file mode 100644 index 0000000000..405a328645 --- /dev/null +++ b/Report/src/org/sleuthkit/autopsy/report/ReportConfiguration.java @@ -0,0 +1,138 @@ + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.sleuthkit.autopsy.report; + +import java.util.ArrayList; +import java.util.EnumMap; +import java.util.Map; +import java.util.logging.Level; +import java.util.logging.Logger; +import org.sleuthkit.autopsy.casemodule.Case; +import org.sleuthkit.datamodel.BlackboardArtifact; +import org.sleuthkit.datamodel.SleuthkitCase; + +/** + * Configures which parts of report were requested e.g. based on user input Some + * specialized reporting modules may choose not to generate all requested + * sections and some modules may generate additional, specialized sections + * +*/ +class ReportConfiguration { + + //base data structure + Map config = new EnumMap(BlackboardArtifact.ARTIFACT_TYPE.class); + private final Logger logger = Logger.getLogger(this.getClass().getName()); + + ReportConfiguration() { + //clear the config just incase before we get the list from the db again + config.clear(); + //now lets get the list from the tsk and current case + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase skCase = currentCase.getSleuthkitCase(); + try { + ArrayList arttypes = skCase.getBlackboardArtifactTypes(); + for (BlackboardArtifact.ARTIFACT_TYPE type : arttypes) { + config.put(type, Boolean.TRUE); + } + + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to retrieve list of artifact types from the TSK case .", ex); + } + + } + + ; + + /**regets everything that occurs in the constructor normally + * + * @throws ReportModuleException + */ + public void getAllTypes() throws ReportModuleException { + config.clear(); + //now lets get the list from the tsk and current case + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase skCase = currentCase.getSleuthkitCase(); + try { + ArrayList arttypes = skCase.getBlackboardArtifactTypes(); + for (BlackboardArtifact.ARTIFACT_TYPE type : arttypes) { + config.put(type, Boolean.TRUE); + } + + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to retrieve list of artifact types from the TSK case .", ex); + } + + } + + ; + + /**setters for generally supported report parts + * + */ +public void setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE type, Boolean value) throws ReportModuleException { + if (config.containsKey(type)) { + config.put(type, value); + } else { + throw new ReportModuleException("The following artifact type is not present:" + type); + } + } + + ; + + /**This allows all that setting to happen in groups + * + */ + public void setGenArtifactType(ArrayList typeList, boolean value) throws ReportModuleException { + + for (BlackboardArtifact.ARTIFACT_TYPE type : typeList) { + if (config.containsKey(type)) { + config.put(type, value); + } else { + throw new ReportModuleException("The following artifact type is not present:" + type); + } + } + } + + ; + + + /** getters for generally supported report parts + * + */ + public boolean getGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE type) throws ReportModuleException { + boolean value = false; + if (config.containsKey(type)) { + value = config.get(type); + } else { + throw new ReportModuleException("The following artifact type is not present:" + type); + } + + return value; + + } + + public void resetGenArtifactTypes() { + for (Map.Entry entry : config.entrySet()) { + config.put(entry.getKey(), Boolean.FALSE); + } + + } +} diff --git a/Report/src/org/sleuthkit/autopsy/report/ReportFilter.form b/Report/src/org/sleuthkit/autopsy/report/ReportFilter.form new file mode 100644 index 0000000000..83cfc136ca --- /dev/null +++ b/Report/src/org/sleuthkit/autopsy/report/ReportFilter.form @@ -0,0 +1,115 @@ + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/Report/src/org/sleuthkit/autopsy/report/ReportFilter.java b/Report/src/org/sleuthkit/autopsy/report/ReportFilter.java new file mode 100644 index 0000000000..86ef0f121d --- /dev/null +++ b/Report/src/org/sleuthkit/autopsy/report/ReportFilter.java @@ -0,0 +1,269 @@ + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.sleuthkit.autopsy.report; + +import java.awt.GridLayout; +import java.awt.event.ActionListener; +import java.util.ArrayList; +import java.util.logging.Level; +import java.util.logging.Logger; +import javax.swing.*; +import javax.swing.border.Border; +import org.openide.util.Lookup; +import org.sleuthkit.autopsy.casemodule.Case; +import org.sleuthkit.datamodel.BlackboardArtifact; +import org.sleuthkit.datamodel.SleuthkitCase; + +/** + * + * @author Alex + */ +public class ReportFilter extends javax.swing.JPanel { + + public static ArrayList filters = new ArrayList(); + public static ReportConfiguration config = new ReportConfiguration(); + private final Logger logger = Logger.getLogger(this.getClass().getName()); + public final ReportFilter panel = this; + ReportPanelAction rpa = new ReportPanelAction(); + public static boolean cancel = false; + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase skCase = currentCase.getSleuthkitCase(); + + /** + * Creates new form ReportFilter + */ + public ReportFilter() { + this.setLayout(new GridLayout(0,1)); + initComponents(); + cancel = false; + try{ + config.getAllTypes(); + + } + catch(ReportModuleException ex) + { + Logger.getLogger(Report.class.getName()).log(Level.SEVERE, "Exception occurred", ex); + } + } + + /** + * This method is called from within the constructor to initialize the form. + * WARNING: Do NOT modify this code. The content of this method is always + * regenerated by the Form Editor. + */ + @SuppressWarnings("unchecked") + // //GEN-BEGIN:initComponents + private void initComponents() { + + jButton2 = new javax.swing.JButton(); + progBar = new javax.swing.JProgressBar(); + jButton1 = new javax.swing.JButton(); + cancelButton = new javax.swing.JButton(); + + jButton2.setText(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.jButton2.text")); // NOI18N + jButton2.setActionCommand(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.jButton2.actionCommand")); // NOI18N + jButton2.setLabel(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.jButton2.label")); // NOI18N + + setPreferredSize(new java.awt.Dimension(325, 75)); + + progBar.setDoubleBuffered(true); + progBar.setEnabled(false); + progBar.setName(""); // NOI18N + progBar.setPreferredSize(new java.awt.Dimension(146, 15)); + progBar.setString(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.progBar.string")); // NOI18N + progBar.setStringPainted(true); + + jButton1.setText(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.jButton1.text")); // NOI18N + jButton1.addMouseListener(new java.awt.event.MouseAdapter() { + public void mouseReleased(java.awt.event.MouseEvent evt) { + jButton1MouseReleased(evt); + } + }); + jButton1.addActionListener(new java.awt.event.ActionListener() { + public void actionPerformed(java.awt.event.ActionEvent evt) { + jButton1ActionPerformed(evt); + } + }); + + cancelButton.setText(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.cancelButton.text")); // NOI18N + cancelButton.setActionCommand(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.cancelButton.actionCommand")); // NOI18N + cancelButton.setEnabled(false); + cancelButton.addActionListener(new java.awt.event.ActionListener() { + public void actionPerformed(java.awt.event.ActionEvent evt) { + cancelButtonActionPerformed(evt); + } + }); + + javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this); + this.setLayout(layout); + layout.setHorizontalGroup( + layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(layout.createSequentialGroup() + .addContainerGap() + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(layout.createSequentialGroup() + .addComponent(jButton1) + .addContainerGap()) + .addGroup(layout.createSequentialGroup() + .addComponent(progBar, javax.swing.GroupLayout.DEFAULT_SIZE, 221, Short.MAX_VALUE) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(cancelButton) + .addGap(24, 24, 24)))) + ); + layout.setVerticalGroup( + layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(layout.createSequentialGroup() + .addGap(19, 19, 19) + .addComponent(jButton1) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false) + .addComponent(cancelButton, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) + .addComponent(progBar, javax.swing.GroupLayout.PREFERRED_SIZE, 23, javax.swing.GroupLayout.PREFERRED_SIZE)) + .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)) + ); + }// //GEN-END:initComponents + + public void getfilters(java.awt.event.ActionEvent evt) { + jButton1ActionPerformed(evt); + } + +private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButton1ActionPerformed + + jButton1.setEnabled(false); + progBar.setEnabled(true); + cancelButton.setEnabled(true); + progBar.setStringPainted(true); + progBar.setValue(0); + ReportConfiguration newConfig = ReportAction.config; + String preview = ReportAction.preview; + ArrayList reportList = ReportAction.reportList; + ArrayList classList = new ArrayList(); + for(JCheckBox box : reportList) + { + if(box.isSelected()){ + classList.add(box.getName()); + + } + } + config.resetGenArtifactTypes(); + getReports(newConfig, classList, preview); +}//GEN-LAST:event_jButton1ActionPerformed + + public void getReports(final ReportConfiguration reportConfig, final ArrayList classList, final String preview) { + new SwingWorker() { + + @Override + protected Void doInBackground() throws Exception { + rpa.reportGenerate(reportConfig, classList, preview, panel); + return null; + } + + ; + + // this is called when the SwingWorker's doInBackground finishes + @Override + protected void done() { + progBar.setVisible(false); // hide my progress bar JFrame + } + ; + }.execute(); + progBar.setVisible(true); + } + +private void cancelButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_cancelButtonActionPerformed + cancelButton.setText("Cancelled!"); + cancel = true; +}//GEN-LAST:event_cancelButtonActionPerformed + +private void jButton1MouseReleased(java.awt.event.MouseEvent evt) {//GEN-FIRST:event_jButton1MouseReleased +}//GEN-LAST:event_jButton1MouseReleased + + public void progBarSet(int cc) { + final int count = cc; + SwingUtilities.invokeLater(new Runnable() { + + @Override + public void run() { + int start = progBar.getValue(); + int end = start + count; + progBar.setValue(end); + progBar.setString(null); + progBar.setString(progBar.getString()); + progBar.setStringPainted(true); + if (progBar.getPercentComplete() == 1.0) { + progBar.setString("Populating Report - Please wait..."); + progBar.setStringPainted(true); + progBar.setIndeterminate(true); + } + } + }); + } + + + public void progBarDone() { + int max = progBar.getMaximum(); + progBar.setValue(max); + jButton2.doClick(); + } + + public void progBarStartText() { + progBar.setIndeterminate(true); + progBar.setString("Querying Database for Report Results..."); + } + + public void progBarText() { + + progBar.setString("Populating Report - Please wait..."); + progBar.setStringPainted(true); + progBar.repaint(); + progBar.setIndeterminate(true); + + } + + public void progBarCount(int count) { + progBar.setIndeterminate(false); + progBar.setString(null); + progBar.setMinimum(0); + progBar.setMaximum(count); + progBar.setValue(0); + //Double bper = progBar.getPercentComplete(); + progBar.setString(progBar.getString()); + + } + + public void setjButton1ActionListener(ActionListener e) { + jButton1.addActionListener(e); + + } + + public void setjButton2ActionListener(ActionListener e) { + jButton2.addActionListener(e); + cancelButton.addActionListener(e); + } + + + // Variables declaration - do not modify//GEN-BEGIN:variables + private javax.swing.JButton cancelButton; + private javax.swing.JButton jButton1; + private javax.swing.JButton jButton2; + private javax.swing.JProgressBar progBar; + // End of variables declaration//GEN-END:variables +} diff --git a/Report/src/org/sleuthkit/autopsy/report/reportFilterAction.java b/Report/src/org/sleuthkit/autopsy/report/ReportFilterAction.java similarity index 87% rename from Report/src/org/sleuthkit/autopsy/report/reportFilterAction.java rename to Report/src/org/sleuthkit/autopsy/report/ReportFilterAction.java index 304b204f91..3dbee14e68 100644 --- a/Report/src/org/sleuthkit/autopsy/report/reportFilterAction.java +++ b/Report/src/org/sleuthkit/autopsy/report/ReportFilterAction.java @@ -16,7 +16,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package org.sleuthkit.autopsy.report; import java.awt.Container; @@ -29,11 +28,12 @@ import org.openide.util.HelpCtx; import org.sleuthkit.autopsy.coreutils.Log; /** - * The reportFilterAction opens the reportFilterPanel in a dialog, and saves the + * The ReportFilterAction opens the reportFilterPanel in a dialog, and saves the * settings of the panel if the Apply button is clicked. + * * @author pmartel */ -class reportFilterAction { +class ReportFilterAction { private static final String ACTION_NAME = "Report Window"; @@ -44,13 +44,13 @@ class reportFilterAction { try { // create the popUp window for it - Container cpane; + Container cpane; final JFrame frame = new JFrame(ACTION_NAME); final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal - cpane = frame.getContentPane(); + cpane = frame.getContentPane(); // initialize panel with loaded settings - final reportFilter panel = new reportFilter(); - + final ReportFilter panel = new ReportFilter(); + // add the panel to the popup window popUpWindow.add(panel); popUpWindow.pack(); @@ -61,13 +61,12 @@ class reportFilterAction { double w = popUpWindow.getSize().getWidth(); double h = popUpWindow.getSize().getHeight(); popUpWindow.setLocation((int) ((screenDimension.getWidth() - w) / 2), (int) ((screenDimension.getHeight() - h) / 2)); - // display the window popUpWindow.setVisible(true); - - + + } catch (Exception ex) { - Log.get(reportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex); + Log.get(ReportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex); } } @@ -76,9 +75,8 @@ class reportFilterAction { return ACTION_NAME; } - // @Override + // @Override public HelpCtx getHelpCtx() { return HelpCtx.DEFAULT_HELP; } } - diff --git a/Report/src/org/sleuthkit/autopsy/report/ReportGen.java b/Report/src/org/sleuthkit/autopsy/report/ReportGen.java new file mode 100644 index 0000000000..2567d285b8 --- /dev/null +++ b/Report/src/org/sleuthkit/autopsy/report/ReportGen.java @@ -0,0 +1,49 @@ + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.sleuthkit.autopsy.report; + +import java.util.ArrayList; +import java.util.HashMap; +import org.sleuthkit.datamodel.BlackboardArtifact; +import org.sleuthkit.datamodel.BlackboardAttribute; + +/** + * + * This class is the 'default' way to get artifacts/attributes from the + * blackboard using a reportconfiguration object. + */ +public class ReportGen { + + HashMap> Results = new HashMap>(); + + ReportGen() { + } + + public void clearReport() { + Results.clear(); + } + + public void populateReport(ReportConfiguration config) { + clearReport(); + Report bbreport = new Report(); + Results = bbreport.getAllTypes(config); + } +} diff --git a/Report/src/org/sleuthkit/autopsy/report/ReportHTML.java b/Report/src/org/sleuthkit/autopsy/report/ReportHTML.java new file mode 100644 index 0000000000..8d7b606ca1 --- /dev/null +++ b/Report/src/org/sleuthkit/autopsy/report/ReportHTML.java @@ -0,0 +1,481 @@ + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.sleuthkit.autopsy.report; + +import java.io.BufferedWriter; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.OutputStreamWriter; +import java.io.Writer; +import java.text.DateFormat; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.Date; +import java.util.HashMap; +import java.util.Map.Entry; +import java.util.TreeMap; +import java.util.logging.Level; +import java.util.logging.Logger; +import org.sleuthkit.autopsy.casemodule.Case; +import org.sleuthkit.autopsy.ingest.IngestManager; +import org.sleuthkit.datamodel.BlackboardArtifact; +import org.sleuthkit.datamodel.BlackboardAttribute; +import org.sleuthkit.datamodel.FsContent; +import org.sleuthkit.datamodel.SleuthkitCase; +import org.sleuthkit.datamodel.TskData; + +/** + * + * @author Alex + */ +public class ReportHTML implements ReportModule{ + //Declare our publically accessible formatted Report, this will change everytime they run a Report + public static StringBuilder formatted_Report = new StringBuilder(); + private static StringBuilder unformatted_header = new StringBuilder(); + private static StringBuilder formatted_header = new StringBuilder(); + private static String htmlPath = ""; + private ReportConfiguration config; + private static ReportHTML instance = null; + + ReportHTML(){ + + } + + public static synchronized ReportHTML getDefault() { + if (instance == null) { + instance = new ReportHTML(); + } + return instance; + } + + @Override + public String generateReport(ReportConfiguration reportconfig) throws ReportModuleException { + config = reportconfig; + ReportGen reportobj = new ReportGen(); + reportobj.populateReport(reportconfig); + HashMap> report = reportobj.Results; + //This is literally a terrible way to count up all the types of artifacts, and doesn't include any added ones. + //Unlike the XML Report, which is dynamic, this is formatted and needs to be redone later instead of being hardcoded. + //Also, clearing variables to generate new Report. + formatted_Report.setLength(0); + unformatted_header.setLength(0); + formatted_header.setLength(0); + + int countGen = 0; + int countWebBookmark = 0; + int countWebCookie = 0; + int countWebHistory = 0; + int countWebDownload = 0; + int countRecentObjects = 0; + int countTrackPoint = 0; + int countInstalled = 0; + int countKeyword = 0; + int countHash = 0; + int countDevice = 0; + for (Entry> entry : report.entrySet()) { + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) { + countGen++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) { + countWebBookmark++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) { + + countWebCookie++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) { + + countWebHistory++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) { + countWebDownload++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) { + countRecentObjects++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) { + countTrackPoint++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) { + countInstalled++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) { + countKeyword++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) { + countHash++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) { + countDevice++; + } + } + + try { + String ingestwarning = "

Warning, this report was run before ingest services completed!

"; + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase skCase = currentCase.getSleuthkitCase(); + String caseName = currentCase.getName(); + Integer imagecount = currentCase.getImageIDs().length; + Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG); + Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR); + int reportsize = report.size(); + Integer filesystemcount = currentCase.getRootObjectsCount(); + DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); + DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy"); + Date date = new Date(); + String datetime = datetimeFormat.format(date); + String datenotime = dateFormat.format(date); + String CSS = ""; + //Add additional header information + String header = "Autopsy Report for Case: " + caseName + ""; + formatted_header.append(header); + formatted_header.append(CSS); + + //do for unformatted + String simpleCSS = ""; + unformatted_header.append(header); + unformatted_header.append(simpleCSS); + //formatted_Report.append(""); + formatted_Report.append("
"); + // Add summary information now + + formatted_Report.append("

Report for Case: ").append(caseName).append("

"); + if (IngestManager.getDefault().isIngestRunning()) { + formatted_Report.append(ingestwarning); + } + formatted_Report.append("

Case Summary

HTML Report Generated by Autopsy 3 on ").append(datetime).append("

    "); + formatted_Report.append("
  • # of Images: ").append(imagecount).append("
    • "); + formatted_Report.append("
  • FileSystems: ").append(filesystemcount).append("
    • "); + formatted_Report.append("
  • # of Files: ").append(totalfiles.toString()).append("
    • "); + formatted_Report.append("
  • # of Dirs: ").append(totaldirs.toString()).append("
    • "); + formatted_Report.append("
  • # of Artifacts: ").append(reportsize).append("
"); + + formatted_Report.append("
").append("File Name").append("PreviewKeyword List
").append(uniqueresults.getString("name")).append("").append(uniqueresults.getString("preview")).append("").append(uniqueresults.getString("exp")).append("
"); + if (countWebBookmark > 0) { + formatted_Report.append(""); + } + if (countWebCookie > 0) { + formatted_Report.append(""); + } + if (countWebHistory > 0) { + formatted_Report.append(""); + } + if (countWebDownload > 0) { + formatted_Report.append(""); + } + if (countRecentObjects > 0) { + formatted_Report.append(""); + } + if (countInstalled > 0) { + formatted_Report.append(""); + } + if (countKeyword > 0) { + formatted_Report.append(""); + } + if (countHash > 0) { + formatted_Report.append(""); + } + if (countDevice > 0) { + formatted_Report.append(""); + } + formatted_Report.append("
SectionCount
Web Bookmarks").append(countWebBookmark).append("
Web Cookies").append(countWebCookie).append("
Web History").append(countWebHistory).append("
Web Downloads").append(countWebDownload).append("
Recent Documents").append(countRecentObjects).append("
Installed Programs").append(countInstalled).append("
Keyword Hits").append(countKeyword).append("
Hash Hits").append(countHash).append("
Attached Devices").append(countDevice).append("

"); + String tableHeader = ""; + StringBuilder nodeGen = new StringBuilder("

General Information (").append(countGen).append(")

").append(tableHeader).append(""); + StringBuilder nodeWebBookmark = new StringBuilder("

Web Bookmarks (").append(countWebBookmark).append(")

").append(tableHeader).append(""); + StringBuilder nodeWebCookie = new StringBuilder("

Web Cookies (").append(countWebCookie).append(")

").append(tableHeader).append(""); + StringBuilder nodeWebHistory = new StringBuilder("

Web History (").append(countWebHistory).append(")

").append(tableHeader).append(""); + StringBuilder nodeWebDownload = new StringBuilder("

Web Downloads (").append(countWebDownload).append(")

").append(tableHeader).append(""); + StringBuilder nodeRecentObjects = new StringBuilder("

Recent Documents (").append(countRecentObjects).append(")

").append(tableHeader).append(""); + StringBuilder nodeTrackPoint = new StringBuilder("

Track Points (").append(countTrackPoint).append(")

").append(tableHeader).append(""); + StringBuilder nodeInstalled = new StringBuilder("

Installed Programs (").append(countInstalled).append(")

").append(tableHeader).append(""); + StringBuilder nodeKeyword = new StringBuilder("

Keyword Search Hits (").append(countKeyword).append(")

"); + StringBuilder nodeHash = new StringBuilder("

Hashset Hit (").append(countHash).append(")

").append(tableHeader).append(""); + StringBuilder nodeDevice = new StringBuilder("

Attached Devices (").append(countHash).append(")

").append(tableHeader).append(""); + + int alt = 0; + String altRow = ""; + for (Entry> entry : report.entrySet()) { + if (ReportFilter.cancel == true) { + break; + } + + if (alt > 0) { + altRow = " class=\"alt\""; + alt = 0; + } else { + altRow = ""; + alt++; + } + StringBuilder artifact = new StringBuilder(""); + Long objId = entry.getKey().getObjectID(); + //Content file = skCase.getContentById(objId); + FsContent file = skCase.getFsContentById(objId); + + Long filesize = file.getSize(); + + + TreeMap attributes = new TreeMap(); + // Get all the attributes, line them up to be added. Place empty string placeholders for each attribute type + int n; + for (n = 1; n <= 35; n++) { + attributes.put(n, ""); + + } + for (BlackboardAttribute tempatt : entry.getValue()) { + if (ReportFilter.cancel == true) { + break; + } + String value = ""; + Integer type = tempatt.getAttributeTypeID(); + if (type.equals(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID()) || type.equals(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID())) { + try{ + SimpleDateFormat sdf = new java.text.SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); + value = sdf.format(new java.util.Date((tempatt.getValueLong()))); + } + catch(Exception ex){ + + } + } else { + value = tempatt.getValueString(); + } + if(value == null || value.isEmpty()) + { + value = ""; + } + value = ReportUtils.insertPeriodically(value, "
", 30); + attributes.put(type, value); + + } + + + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) { + + artifact.append(""); + nodeGen.append(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) { + artifact.append(""); + artifact.append(""); + artifact.append(""); + artifact.append(""); + nodeWebBookmark.append(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) { + artifact.append(""); + artifact.append(""); + artifact.append(""); + artifact.append(""); + artifact.append(""); + artifact.append(""); + nodeWebCookie.append(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) { + artifact.append(""); + artifact.append(""); + artifact.append(""); + artifact.append(""); + artifact.append(""); + artifact.append(""); + nodeWebHistory.append(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) { + artifact.append(""); + artifact.append(""); + artifact.append(""); + artifact.append(""); + artifact.append(""); + nodeWebDownload.append(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) { + //artifact.append(""); + artifact.append(""); + artifact.append(""); + artifact.append(""); + nodeRecentObjects.append(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) { + artifact.append(""); + artifact.append(""); + artifact.append(""); + nodeTrackPoint.append(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) { + artifact.append(""); + artifact.append(""); + artifact.append(""); + nodeInstalled.append(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) { + // artifact.append("
AttributeValue
URLTitleProgram
URLDateNameValueProgram
URLDateReferrerTitleProgram
FileSourceTimeProgram
NamePathRelated Shortcut
Artifact IDNameSizeAttributeValue
Program NameInstall Date/Time
NameSizeHashset Name
NameSerial #Time
").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID())).append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID())).append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())).append("
").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID())).append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID())).append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID())).append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID())).append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())).append("
").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID())).append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID())).append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID())).append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID())).append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())).append("
").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH.getTypeID())).append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID())).append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID())).append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())).append("
").append(objId.toString()); + artifact.append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID())).append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH.getTypeID())).append("").append(file.getName()).append("
").append(objId.toString()); + artifact.append("").append(file.getName().toString()).append("").append(filesize.toString()).append("
").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())).append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID())).append("
"); + // artifact.append("
Artifact IDNameSize
"); + // nodeKeyword.append(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) { + // artifact.append("").append(objId.toString()); + artifact.append("").append(file.getName().toString()).append(""); + artifact.append("").append(filesize.toString()).append(""); + //artifact.append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_INTERESTING_FILE.getTypeID())).append(""); + artifact.append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_HASHSET_NAME.getTypeID())).append(""); + artifact.append(""); + nodeHash.append(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) { + artifact.append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID())).append(""); + artifact.append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_ID.getTypeID())).append(""); + artifact.append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID())).append(""); + artifact.append(""); + nodeDevice.append(artifact); + } + } + //Add them back in order + //formatted_Report.append(nodeGen); + // formatted_Report.append(""); + + if (countWebBookmark > 0) { + formatted_Report.append(nodeWebBookmark); + formatted_Report.append(""); + } + if (countWebCookie > 0) { + formatted_Report.append(nodeWebCookie); + formatted_Report.append(""); + } + if (countWebHistory > 0) { + formatted_Report.append(nodeWebHistory); + formatted_Report.append(""); + } + if (countWebDownload > 0) { + formatted_Report.append(nodeWebDownload); + formatted_Report.append(""); + } + if (countRecentObjects > 0) { + formatted_Report.append(nodeRecentObjects); + formatted_Report.append(""); + } + // formatted_Report.append(nodeTrackPoint); + //formatted_Report.append(""); + if (countInstalled > 0) { + formatted_Report.append(nodeInstalled); + formatted_Report.append(""); + } + if (countKeyword > 0) { + formatted_Report.append(nodeKeyword); + Report keywords = new Report(); + formatted_Report.append(keywords.getGroupedKeywordHit()); + // " + // formatted_Report.append("
Artifact IDNameSize
"); + } + if (countHash > 0) { + formatted_Report.append(nodeHash); + formatted_Report.append(""); + } + if (countDevice > 0) { + formatted_Report.append(nodeDevice); + formatted_Report.append(""); + } + //end of master loop + + formatted_Report.append(""); + formatted_header.append(formatted_Report); + // unformatted_header.append(formatted_Report); + htmlPath = currentCase.getCaseDirectory() + "/Reports/" + caseName + "-" + datenotime + ".html"; + this.save(htmlPath); + + } catch (Exception e) { + + Logger.getLogger(ReportHTML.class.getName()).log(Level.WARNING, "Exception occurred", e); + } + return htmlPath; + } + + @Override + public String getName(){ + String name = "HTML"; + return name; + } + + + @Override + public void save(String path) + { + try{ + Writer out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(path), "UTF-8")); + out.write(formatted_header.toString()); + out.flush(); + out.close(); + } + catch(IOException e){ + Logger.getLogger(ReportHTML.class.getName()).log(Level.SEVERE, "Could not write out HTML report!", e); + } + + } + + @Override + public String getReportType(){ + String type = "HTML"; + return type; + } + + + @Override + public ReportConfiguration GetReportConfiguration(){ + return config; + } + + + @Override + public String getReportTypeDescription(){ + String desc = "This is an html formatted report that is meant to be viewed in a modern browser."; + return desc; + } + + @Override + public void getPreview(String path) { + BrowserControl.openUrl(path); + } + + + +} \ No newline at end of file diff --git a/Report/src/org/sleuthkit/autopsy/report/ReportModule.java b/Report/src/org/sleuthkit/autopsy/report/ReportModule.java new file mode 100644 index 0000000000..7178888ee0 --- /dev/null +++ b/Report/src/org/sleuthkit/autopsy/report/ReportModule.java @@ -0,0 +1,79 @@ + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.sleuthkit.autopsy.report; + +//interface every reporting module should implement +public interface ReportModule { + + /** + * Generates a report on the current case Reporting module should traverse + * the blackboard, extract needed information as specified in the config and + * generate a report file + * + * @param config specifiying parts that should be generated + * @return absolute file path to the report generated + * @throws ReportModuleException if report generation failed + */ + public String generateReport(ReportConfiguration config) throws ReportModuleException; + + /** + * This saves a copy of the report (current one) to another place specified + * by the user. Takes the input of where the path needs to be saved, include + * filename and extention. + */ + public void save(String Path) throws ReportModuleException; + + /** + * Returns a short description of report type/file format this module + * generates for instance, "XML", "Excel" + * + * @return + */ + public String getReportType(); + + /** + * Returns a basic string name for the report. What is 'officially' titled. + * + * @return + */ + public String getName(); + + /** + * Returns the reportconfiguration object that was created + * + * @return + */ + public ReportConfiguration GetReportConfiguration(); + + /** + * Returns a one line human readable description of the type of report this + * module generates + */ + public String getReportTypeDescription(); + + + /** + * Calls to the report module to execute a method to display the report that was generated. + *@param String the path to the file + * + */ + public void getPreview(String path); +} \ No newline at end of file diff --git a/Report/src/org/sleuthkit/autopsy/report/ReportModuleException.java b/Report/src/org/sleuthkit/autopsy/report/ReportModuleException.java new file mode 100644 index 0000000000..93d61f990b --- /dev/null +++ b/Report/src/org/sleuthkit/autopsy/report/ReportModuleException.java @@ -0,0 +1,33 @@ + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.sleuthkit.autopsy.report; + +//exception thrown by a reporting module when report generation failed +class ReportModuleException extends Exception { + + public ReportModuleException(String msg) { + super(msg); + } + + public ReportModuleException(String msg, Exception ex) { + super(msg, ex); + } +} diff --git a/Report/src/org/sleuthkit/autopsy/report/reportPanel.form b/Report/src/org/sleuthkit/autopsy/report/ReportPanel.form similarity index 94% rename from Report/src/org/sleuthkit/autopsy/report/reportPanel.form rename to Report/src/org/sleuthkit/autopsy/report/ReportPanel.form index 25b5456d3b..2985491963 100644 --- a/Report/src/org/sleuthkit/autopsy/report/reportPanel.form +++ b/Report/src/org/sleuthkit/autopsy/report/ReportPanel.form @@ -1,4 +1,4 @@ - +
@@ -61,17 +61,17 @@ - + - + - + @@ -81,7 +81,7 @@ - + diff --git a/Report/src/org/sleuthkit/autopsy/report/reportPanel.java b/Report/src/org/sleuthkit/autopsy/report/ReportPanel.java similarity index 53% rename from Report/src/org/sleuthkit/autopsy/report/reportPanel.java rename to Report/src/org/sleuthkit/autopsy/report/ReportPanel.java index ff67e76400..1f0be0aeaa 100644 --- a/Report/src/org/sleuthkit/autopsy/report/reportPanel.java +++ b/Report/src/org/sleuthkit/autopsy/report/ReportPanel.java @@ -1,45 +1,51 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ - -/* - * reportPanel.java + /* * - * Created on Feb 21, 2012, 12:13:14 PM + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.report; + import java.awt.event.ActionListener; -import java.io.BufferedWriter; -import java.io.FileOutputStream; -import java.io.IOException; -import java.io.OutputStreamWriter; -import java.io.Writer; +import java.io.*; import java.text.DateFormat; import java.text.SimpleDateFormat; import java.util.Date; import javax.swing.JFileChooser; import javax.swing.JOptionPane; -import javax.swing.event.HyperlinkEvent; -import javax.swing.event.HyperlinkListener; import org.jdom.output.XMLOutputter; /** * * @author Alex */ -public class reportPanel extends javax.swing.JPanel { +public class ReportPanel extends javax.swing.JPanel { - /** Creates new form reportPanel */ - public reportPanel(String report) { + /** + * Creates new form ReportPanel + */ + public ReportPanel() { initComponents(); - setReportWindow(report); } - /** This method is called from within the constructor to - * initialize the form. - * WARNING: Do NOT modify this code. The content of this method is - * always regenerated by the Form Editor. + /** + * This method is called from within the constructor to initialize the form. + * WARNING: Do NOT modify this code. The content of this method is always + * regenerated by the Form Editor. */ @SuppressWarnings("unchecked") // //GEN-BEGIN:initComponents @@ -51,17 +57,17 @@ public class reportPanel extends javax.swing.JPanel { saveReport = new javax.swing.JButton(); jLabel1 = new javax.swing.JLabel(); - jButton1.setText(org.openide.util.NbBundle.getMessage(reportPanel.class, "reportPanel.jButton1.text")); // NOI18N + jButton1.setText(org.openide.util.NbBundle.getMessage(ReportPanel.class, "ReportPanel.jButton1.text")); // NOI18N - saveReport.setText(org.openide.util.NbBundle.getMessage(reportPanel.class, "reportPanel.saveReport.text")); // NOI18N - saveReport.setActionCommand(org.openide.util.NbBundle.getMessage(reportPanel.class, "reportPanel.saveReport.actionCommand")); // NOI18N + saveReport.setText(org.openide.util.NbBundle.getMessage(ReportPanel.class, "ReportPanel.saveReport.text")); // NOI18N + saveReport.setActionCommand(org.openide.util.NbBundle.getMessage(ReportPanel.class, "ReportPanel.saveReport.actionCommand")); // NOI18N saveReport.addActionListener(new java.awt.event.ActionListener() { public void actionPerformed(java.awt.event.ActionEvent evt) { saveReportActionPerformed(evt); } }); - jLabel1.setText(org.openide.util.NbBundle.getMessage(reportPanel.class, "reportPanel.jLabel1.text")); // NOI18N + jLabel1.setText(org.openide.util.NbBundle.getMessage(ReportPanel.class, "ReportPanel.jLabel1.text")); // NOI18N javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this); this.setLayout(layout); @@ -94,86 +100,64 @@ public class reportPanel extends javax.swing.JPanel { }// //GEN-END:initComponents private void saveReportActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_saveReportActionPerformed - + saveReportAction(); }//GEN-LAST:event_saveReportActionPerformed - /** + /** * Sets the listener for the OK button * - * @param e The action listener + * @param e The action listener */ - public void setjButton1ActionListener(ActionListener e){ - jButton1.addActionListener(e); + public void setjButton1ActionListener(ActionListener e) { + jButton1.addActionListener(e); } - public void getLink(HyperlinkEvent evt){ - try{ - - String str = evt.getDescription(); - // jEditorPane1.scrollToReference(str.substring(1)); - } - catch(Exception e){ - String whater = ""; - } - } - public void setjEditorPane1EventListener(HyperlinkListener evt){ - // jEditorPane1.addHyperlinkListener(evt); - } - - private void setReportWindow(String report) - { - // jEditorPane1.setText(report); - // jEditorPane1.setCaretPosition(0); - } - - public void setFinishedReportText(){ + + public void setFinishedReportText() { DateFormat dateFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); Date date = new Date(); String reportText = "Report was sucessfully generated at " + dateFormat.format(date) + "."; jLabel1.setText(reportText); } - - - private void saveReportAction(){ - + + private void saveReportAction() { + int option = jFileChooser1.showSaveDialog(this); - if(option == JFileChooser.APPROVE_OPTION){ - if(jFileChooser1.getSelectedFile()!=null){ - String path = jFileChooser1.getSelectedFile().toString(); - exportReport(path); + if (option == JFileChooser.APPROVE_OPTION) { + if (jFileChooser1.getSelectedFile() != null) { + String path = jFileChooser1.getSelectedFile().toString(); + exportReport(path); + } } - } - } - - private void exportReport(String path){ - - String htmlpath = reportUtils.changeExtension(path, ".html"); - String xmlpath = reportUtils.changeExtension(path, ".xml"); - String xlspath = reportUtils.changeExtension(path, ".xlsx"); - try { - Writer out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(htmlpath), "UTF-8")); - - // FileOutputStream out = new FileOutputStream(htmlpath); - out.write(reportHTML.formatted_header.toString()); - out.flush(); - out.close(); - - //xls report - FileOutputStream fos = new FileOutputStream(xlspath); - reportXLS.wb.write(fos); - fos.close(); - - FileOutputStream xmlout = new FileOutputStream(xmlpath); - XMLOutputter serializer = new XMLOutputter(); - serializer.output(reportXML.xmldoc, xmlout); - xmlout.flush(); - xmlout.close(); - JOptionPane.showMessageDialog(this, "Report has been successfully saved!"); - } - catch (IOException e) { - System.err.println(e); - } } + private void exportReport(String path) { + + String htmlpath = ReportUtils.changeExtension(path, ".html"); + String xmlpath = ReportUtils.changeExtension(path, ".xml"); + String xlspath = ReportUtils.changeExtension(path, ".xlsx"); + try { + Writer out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(htmlpath), "UTF-8")); + + // FileOutputStream out = new FileOutputStream(htmlpath); + out.write(ReportHTML.formatted_Report.toString()); + out.flush(); + out.close(); + + //xls report + FileOutputStream fos = new FileOutputStream(xlspath); + ReportXLS.wb.write(fos); + fos.close(); + + FileOutputStream xmlout = new FileOutputStream(xmlpath); + XMLOutputter serializer = new XMLOutputter(); + serializer.output(ReportXML.xmldoc, xmlout); + xmlout.flush(); + xmlout.close(); + JOptionPane.showMessageDialog(this, "Report has been successfully saved!"); + } catch (IOException e) { + System.err.println(e); + } + } // Variables declaration - do not modify//GEN-BEGIN:variables private javax.swing.JButton jButton1; private javax.swing.JFileChooser jFileChooser1; @@ -181,6 +165,4 @@ private void saveReportActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FI private javax.swing.JOptionPane jOptionPane1; private javax.swing.JButton saveReport; // End of variables declaration//GEN-END:variables - - } diff --git a/Report/src/org/sleuthkit/autopsy/report/ReportPanelAction.java b/Report/src/org/sleuthkit/autopsy/report/ReportPanelAction.java new file mode 100644 index 0000000000..2ac1aa5844 --- /dev/null +++ b/Report/src/org/sleuthkit/autopsy/report/ReportPanelAction.java @@ -0,0 +1,190 @@ + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.sleuthkit.autopsy.report; + +import java.awt.Dimension; +import java.awt.Toolkit; +import java.awt.event.ActionEvent; +import java.awt.event.ActionListener; +import java.lang.reflect.Method; +import java.util.ArrayList; +import java.util.logging.Level; +import java.util.logging.Logger; +import javax.swing.JDialog; +import javax.swing.JFrame; +import javax.swing.SwingUtilities; +import org.sleuthkit.autopsy.coreutils.Log; + +/** + * + * @author Alex + */ +public class ReportPanelAction { + + private static final String ACTION_NAME = "Report Preview"; + private StringBuilder viewReport = new StringBuilder(); + private int cc = 0; + public ReportPanelAction() { + } + + public void reportGenerate(final ReportConfiguration reportconfig, final ArrayList classList, final String preview, final ReportFilter rr) { + try { + //Clear any old reports in the string + viewReport.setLength(0); + + + // Generate the reports and create the hashmap + final ReportGen report = new ReportGen(); + //see what reports we need to run and run them + //Set progress bar to move while doing this + SwingUtilities.invokeLater(new Runnable() { + + @Override + public void run() { + rr.progBarStartText(); + } + }); + SwingUtilities.invokeLater(new Runnable() { + + @Override + public void run() { + rr.progBarCount(classList.size()); + } + }); + //Turn our results into the appropriate xml/html reports + //TODO: add a way for users to select what they will run when + Thread reportThread = new Thread(new Runnable() { + + @Override + public void run() { + + for (String s : classList) { + cc++; + try { + Class reportclass = Class.forName(s); + Object reportObject = reportclass.newInstance(); + Class[] argTypes = new Class[] { ReportConfiguration.class}; + Method generatereport = reportclass.getDeclaredMethod("generateReport",argTypes); + Object invoke = generatereport.invoke(reportObject,reportconfig); + String path = invoke.toString(); + Class[] argTypes2 = new Class[] { String.class}; + Method getpreview = reportclass.getMethod("getPreview",argTypes2); + + + if(s == null ? preview == null : s.equals(preview)) + { + getpreview.invoke(reportObject,path); + } + + } catch (Exception e) { + + } + rr.progBarSet(cc); + } + +// StopWatch a = new StopWatch(); +// a.start(); +// ReportHTML htmlReport = new ReportHTML(); +// try { +// String htmlpath = htmlReport.generateReport(reportconfig, rr); +// } catch (ReportModuleException e) { +// Logger.getLogger(ReportHTML.class.getName()).log(Level.WARNING, "Exception occurred in generating the htmlReport", e); +// } +// a.stop(); +// System.out.println("html in milliseconds: " + a.getElapsedTime()); +// +// StopWatch s = new StopWatch(); +// s.start(); +// ReportXLS xlsReport = new ReportXLS(); +// try { +// xlsReport.generateReport(reportconfig, rr); +// } catch (ReportModuleException e) { +// Logger.getLogger(ReportHTML.class.getName()).log(Level.WARNING, "Exception occurred in generating the XLS Report", e); +// } +// s.stop(); +// System.out.println("xls in milliseconds: " + s.getElapsedTime()); +// +// StopWatch S = new StopWatch(); +// S.start(); +// ReportXML xmlReport = new ReportXML(); +// try { +// xmlReport.generateReport(reportconfig, rr); +// } catch (ReportModuleException e) { +// Logger.getLogger(ReportHTML.class.getName()).log(Level.WARNING, "Exception occurred in generating the XML Report", e); +// } +// S.stop(); +// System.out.println("xml in milliseconds: " + S.getElapsedTime()); + } + }); + + + // start our threads + reportThread.start(); + + // display the window + + // create the popUp window for it + if (ReportFilter.cancel == false) { + + final JFrame frame = new JFrame(ACTION_NAME); + final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal + + + // initialize panel with loaded settings + + //Set the temporary label to let the user know its done and is waiting on the report + + final ReportPanel panel = new ReportPanel(); + + + panel.setjButton1ActionListener(new ActionListener() { + + @Override + public void actionPerformed(ActionEvent e) { + popUpWindow.dispose(); + } + }); + // add the panel to the popup window + popUpWindow.add(panel); + + popUpWindow.setResizable(true); + popUpWindow.pack(); + // set the location of the popUp Window on the center of the screen + Dimension screenDimension = Toolkit.getDefaultToolkit().getScreenSize(); + double w = popUpWindow.getSize().getWidth(); + double h = popUpWindow.getSize().getHeight(); + popUpWindow.setLocation((int) ((screenDimension.getWidth() - w) / 2), (int) ((screenDimension.getHeight() - h) / 2)); + + reportThread.join(); + rr.progBarText(); + rr.progBarDone(); + panel.setFinishedReportText(); + popUpWindow.setVisible(true); + + + + + } + } catch (Exception ex) { + Log.get(ReportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex); + } + } +} diff --git a/Report/src/org/sleuthkit/autopsy/report/ReportUtils.java b/Report/src/org/sleuthkit/autopsy/report/ReportUtils.java new file mode 100644 index 0000000000..8c5b86f554 --- /dev/null +++ b/Report/src/org/sleuthkit/autopsy/report/ReportUtils.java @@ -0,0 +1,75 @@ + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.sleuthkit.autopsy.report; + +import java.io.BufferedInputStream; +import java.io.BufferedOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; + +/** + * + * @author Alex + */ +public class ReportUtils { + + static String changeExtension(String originalName, String newExtension) { + int lastDot = originalName.lastIndexOf("."); + if (lastDot != -1) { + return originalName.substring(0, lastDot) + newExtension; + } else { + return originalName + newExtension; + } + } + + public static String insertPeriodically(String text, String insert, int period) { + StringBuilder builder = new StringBuilder( + text.length() + insert.length() * (text.length() / period) + 1); + + int index = 0; + String prefix = ""; + while (index < text.length()) { + // Don't put the insert in the very first iteration. + // This is easier than appending it *after* each substring + builder.append(prefix); + prefix = insert; + builder.append(text.substring(index, + Math.min(index + period, text.length()))); + index += period; + } + return builder.toString(); + } + + public static void copy(InputStream in, OutputStream out) throws IOException { + + BufferedInputStream bin = new BufferedInputStream(in); + BufferedOutputStream bout = new BufferedOutputStream(out); + + while (true) { + int datum = bin.read(); + if (datum == -1) + break; + bout.write(datum); + } + bout.flush(); + } +} \ No newline at end of file diff --git a/Report/src/org/sleuthkit/autopsy/report/ReportXLS.java b/Report/src/org/sleuthkit/autopsy/report/ReportXLS.java new file mode 100644 index 0000000000..94a72b0454 --- /dev/null +++ b/Report/src/org/sleuthkit/autopsy/report/ReportXLS.java @@ -0,0 +1,448 @@ + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.sleuthkit.autopsy.report; + +import java.awt.Desktop; +import java.io.File; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.File; +import java.text.DateFormat; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.Date; +import java.util.HashMap; +import java.util.Map.Entry; +import java.util.TreeMap; +import java.util.logging.Level; +import java.util.logging.Logger; +import org.apache.poi.ss.usermodel.*; +import org.apache.poi.xssf.usermodel.XSSFWorkbook; +import org.sleuthkit.autopsy.casemodule.Case; +import org.sleuthkit.datamodel.*; + +/** + * + * @author Alex + */ +public class ReportXLS implements ReportModule { + + public static Workbook wb = new XSSFWorkbook(); + private static String xlsPath = ""; + private ReportConfiguration config; + private static ReportXLS instance = null; + + public ReportXLS() { + //Empty the workbook first + } + + public static synchronized ReportXLS getDefault() { + if (instance == null) { + instance = new ReportXLS(); + } + return instance; + } + + @Override + public String generateReport(ReportConfiguration reportconfig) throws ReportModuleException { + config = reportconfig; + ReportGen reportobj = new ReportGen(); + reportobj.populateReport(reportconfig); + HashMap> report = reportobj.Results; + Workbook wbtemp = new XSSFWorkbook(); + int countGen = 0; + int countBookmark = 0; + int countCookie = 0; + int countHistory = 0; + int countDownload = 0; + int countRecentObjects = 0; + int countTrackPoint = 0; + int countInstalled = 0; + int countKeyword = 0; + int countHash = 0; + int countDevice = 0; + for (Entry> entry : report.entrySet()) { + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) { + countGen++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) { + countBookmark++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) { + + countCookie++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) { + + countHistory++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) { + countDownload++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) { + countRecentObjects++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) { + countTrackPoint++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) { + countInstalled++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) { + countKeyword++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) { + countHash++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) { + countDevice++; + } + } + + try { + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase skCase = currentCase.getSleuthkitCase(); + String caseName = currentCase.getName(); + Integer imagecount = currentCase.getImageIDs().length; + Integer filesystemcount = currentCase.getRootObjectsCount(); + Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG); + Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR); + DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); + DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss"); + Date date = new Date(); + String datetime = datetimeFormat.format(date); + String datenotime = dateFormat.format(date); + + //The first summary report page + Sheet sheetSummary = wbtemp.createSheet("Summary"); + + //Generate a sheet per artifact type + // Sheet sheetGen = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getDisplayName()); + Sheet sheetHash = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getDisplayName()); + Sheet sheetDevice = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getDisplayName()); + Sheet sheetInstalled = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getDisplayName()); + Sheet sheetKeyword = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getDisplayName()); + // Sheet sheetTrackpoint = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getDisplayName()); + Sheet sheetRecent = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getDisplayName()); + Sheet sheetCookie = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getDisplayName()); + Sheet sheetBookmark = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getDisplayName()); + Sheet sheetDownload = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getDisplayName()); + Sheet sheetHistory = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getDisplayName()); + + //Bold/underline cell style for the top header rows + CellStyle style = wbtemp.createCellStyle(); + style.setBorderBottom((short) 2); + Font font = wbtemp.createFont(); + font.setFontHeightInPoints((short) 14); + font.setFontName("Arial"); + font.setBoldweight((short) 2); + style.setFont(font); + + //create 'default' style + CellStyle defaultstyle = wbtemp.createCellStyle(); + defaultstyle.setBorderBottom((short) 2); + Font defaultfont = wbtemp.createFont(); + defaultfont.setFontHeightInPoints((short) 14); + defaultfont.setFontName("Arial"); + defaultfont.setBoldweight((short) 2); + defaultstyle.setFont(defaultfont); + //create the rows in the worksheet for our records + //Create first row and header + // sheetGen.createRow(0); + // sheetGen.getRow(0).createCell(0).setCellValue("Name"); + // sheetGen.getRow(0).createCell(1).setCellValue("Value"); + // sheetGen.getRow(0).createCell(2).setCellValue("Date/Time"); + sheetSummary.setDefaultColumnStyle(1, defaultstyle); + sheetSummary.createRow(0).setRowStyle(style); + sheetSummary.getRow(0).createCell(0).setCellValue("Summary Information"); + sheetSummary.getRow(0).createCell(1).setCellValue(caseName); + //add some basic information + sheetSummary.createRow(1).setRowStyle(defaultstyle); + sheetSummary.getRow(1).createCell(0).setCellValue("# of Images"); + sheetSummary.getRow(1).createCell(1).setCellValue(imagecount); + sheetSummary.createRow(2); + sheetSummary.getRow(2).createCell(0).setCellValue("Filesystems found"); + sheetSummary.getRow(2).createCell(1).setCellValue(imagecount); + sheetSummary.createRow(3); + sheetSummary.getRow(3).createCell(0).setCellValue("# of Files"); + sheetSummary.getRow(3).createCell(1).setCellValue(totalfiles); + sheetSummary.createRow(4); + sheetSummary.getRow(4).createCell(0).setCellValue("# of Directories"); + sheetSummary.getRow(4).createCell(1).setCellValue(totaldirs); + sheetSummary.createRow(5); + sheetSummary.getRow(5).createCell(0).setCellValue("Date/Time"); + sheetSummary.getRow(5).createCell(1).setCellValue(datetime); + + + sheetHash.setDefaultColumnStyle(1, defaultstyle); + sheetHash.createRow(0).setRowStyle(style); + sheetHash.getRow(0).createCell(0).setCellValue("Name"); + sheetHash.getRow(0).createCell(1).setCellValue("Size"); + sheetHash.getRow(0).createCell(2).setCellValue("Hashset Name"); + + sheetDevice.setDefaultColumnStyle(1, defaultstyle); + sheetDevice.createRow(0).setRowStyle(style); + sheetDevice.getRow(0).createCell(0).setCellValue("Name"); + sheetDevice.getRow(0).createCell(1).setCellValue("Serial #"); + sheetDevice.getRow(0).createCell(2).setCellValue("Time"); + + sheetInstalled.setDefaultColumnStyle(1, defaultstyle); + sheetInstalled.createRow(0).setRowStyle(style); + sheetInstalled.getRow(0).createCell(0).setCellValue("Program Name"); + sheetInstalled.getRow(0).createCell(1).setCellValue("Install Date/Time"); + + sheetKeyword.setDefaultColumnStyle(1, defaultstyle); + sheetKeyword.createRow(0).setRowStyle(style); + sheetKeyword.getRow(0).createCell(0).setCellValue("Keyword"); + sheetKeyword.getRow(0).createCell(1).setCellValue("File Name"); + sheetKeyword.getRow(0).createCell(2).setCellValue("Preview"); + sheetKeyword.getRow(0).createCell(3).setCellValue("Keyword LIst"); + + sheetRecent.setDefaultColumnStyle(1, defaultstyle); + sheetRecent.createRow(0).setRowStyle(style); + sheetRecent.getRow(0).createCell(0).setCellValue("Name"); + sheetRecent.getRow(0).createCell(1).setCellValue("Path"); + sheetRecent.getRow(0).createCell(2).setCellValue("Related Shortcut"); + + sheetCookie.setDefaultColumnStyle(1, defaultstyle); + sheetCookie.createRow(0).setRowStyle(style); + sheetCookie.getRow(0).createCell(0).setCellValue("URL"); + sheetCookie.getRow(0).createCell(1).setCellValue("Date"); + sheetCookie.getRow(0).createCell(2).setCellValue("Name"); + sheetCookie.getRow(0).createCell(3).setCellValue("Value"); + sheetCookie.getRow(0).createCell(4).setCellValue("Program"); + + sheetBookmark.setDefaultColumnStyle(1, defaultstyle); + sheetBookmark.createRow(0).setRowStyle(style); + sheetBookmark.getRow(0).createCell(0).setCellValue("URL"); + sheetBookmark.getRow(0).createCell(1).setCellValue("Title"); + sheetBookmark.getRow(0).createCell(2).setCellValue("Program"); + + sheetDownload.setDefaultColumnStyle(1, defaultstyle); + sheetDownload.createRow(0).setRowStyle(style); + sheetDownload.getRow(0).createCell(0).setCellValue("File"); + sheetDownload.getRow(0).createCell(1).setCellValue("Source"); + sheetDownload.getRow(0).createCell(2).setCellValue("Time"); + sheetDownload.getRow(0).createCell(3).setCellValue("Program"); + + sheetHistory.setDefaultColumnStyle(1, defaultstyle); + sheetHistory.createRow(0).setRowStyle(style); + sheetHistory.getRow(0).createCell(0).setCellValue("URL"); + sheetHistory.getRow(0).createCell(1).setCellValue("Date"); + sheetHistory.getRow(0).createCell(2).setCellValue("Referrer"); + sheetHistory.getRow(0).createCell(3).setCellValue("Title"); + sheetHistory.getRow(0).createCell(4).setCellValue("Program"); + + for (int i = 0; i < wbtemp.getNumberOfSheets(); i++) { + Sheet tempsheet = wbtemp.getSheetAt(i); + tempsheet.setAutobreaks(true); + + for (Row temprow : tempsheet) { + for (Cell cell : temprow) { + cell.setCellStyle(style); + tempsheet.autoSizeColumn(cell.getColumnIndex()); + } + } + } + + int countedGen = 0; + int countedBookmark = 0; + int countedCookie = 0; + int countedHistory = 0; + int countedDownload = 0; + int countedRecentObjects = 0; + int countedTrackPoint = 0; + int countedInstalled = 0; + int countedKeyword = 0; + int countedHash = 0; + int countedDevice = 0; + + //start populating the sheets in the workbook + for (Entry> entry : report.entrySet()) { + if (ReportFilter.cancel == true) { + break; + } + int cc = 0; + Long objId = entry.getKey().getObjectID(); + FsContent file = skCase.getFsContentById(objId); + Long filesize = file.getSize(); + TreeMap attributes = new TreeMap(); + // Get all the attributes, line them up to be added. Place empty string placeholders for each attribute type + int n; + for (n = 1; n <= 36; n++) { + attributes.put(n, ""); + + } + for (BlackboardAttribute tempatt : entry.getValue()) { + if (ReportFilter.cancel == true) { + break; + } + String value = ""; + int type = tempatt.getAttributeTypeID(); + if (tempatt.getValueString() == null || "null".equals(tempatt.getValueString())) { + } else if (type == 2 || type == 33) { + value = new java.text.SimpleDateFormat("MM/dd/yyyy HH:mm:ss").format(new java.util.Date((tempatt.getValueLong()) * 1000)); + } else { + value = tempatt.getValueString(); + } + + attributes.put(type, value); + cc++; + } + + + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) { + countedGen++; + // Row temp = sheetGen.getRow(countedGen); + + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) { + countedBookmark++; + Row temp = sheetBookmark.createRow(countedBookmark); + temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID())); + temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID())); + temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) { + countedCookie++; + Row temp = sheetCookie.createRow(countedCookie); + temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID())); + temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID())); + temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID())); + temp.createCell(3).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID())); + temp.createCell(4).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) { + countedHistory++; + Row temp = sheetHistory.createRow(countedHistory); + temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID())); + temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID())); + temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID())); + temp.createCell(3).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID())); + temp.createCell(4).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) { + countedDownload++; + Row temp = sheetDownload.createRow(countedDownload); + temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH.getTypeID())); + temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID())); + temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID())); + temp.createCell(3).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) { + countedRecentObjects++; + Row temp = sheetRecent.createRow(countedRecentObjects); + temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID())); + temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH.getTypeID())); + temp.createCell(2).setCellValue(file.getName()); + temp.createCell(3).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) { + // sheetTrackpoint.addContent(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) { + countedInstalled++; + Row temp = sheetInstalled.createRow(countedInstalled); + temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())); + temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID())); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) { + countedKeyword++; + Row temp = sheetKeyword.createRow(countedKeyword); + temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD.getTypeID())); + temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID())); + temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW.getTypeID())); + temp.createCell(3).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_SET.getTypeID())); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) { + countedHash++; + Row temp = sheetHash.createRow(countedHash); + temp.createCell(0).setCellValue(file.getName().toString()); + temp.createCell(1).setCellValue(filesize.toString()); + temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_HASHSET_NAME.getTypeID())); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) { + countedDevice++; + Row temp = sheetDevice.createRow(countedDevice); + temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID())); + temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_ID.getTypeID())); + temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID())); + } + } + + + //write out the report to the reports folder, set the wbtemp to the primary wb object + wb = wbtemp; + xlsPath = currentCase.getCaseDirectory() + File.separator + "Reports" + File.separator + caseName + "-" + datenotime + ".xlsx"; + this.save(xlsPath); + + } catch (Exception E) { + String test = E.toString(); + } + + return xlsPath; + } + + @Override + public void save(String path) { + try { + FileOutputStream fos = new FileOutputStream(path); + wb.write(fos); + fos.close(); + } catch (IOException e) { + Logger.getLogger(ReportXLS.class.getName()).log(Level.SEVERE, "Could not write out XLS report!", e); + } + + } + + @Override + public String getName() { + String name = "Excel"; + return name; + } + + @Override + public String getReportType() { + String type = "XLS"; + return type; + } + + @Override + public ReportConfiguration GetReportConfiguration() { + return config; + } + + @Override + public String getReportTypeDescription() { + String desc = "This is an xls formatted report that is meant to be viewed in Excel."; + return desc; + } + + @Override + public void getPreview(String path) { + File file = new File(path); + try { + Desktop.getDesktop().open(file); + } catch (IOException e) { + Logger.getLogger(ReportXLS.class.getName()).log(Level.SEVERE, "Could not open XLS report! ", e); + } + } +} diff --git a/Report/src/org/sleuthkit/autopsy/report/ReportXML.java b/Report/src/org/sleuthkit/autopsy/report/ReportXML.java new file mode 100644 index 0000000000..8f50db617b --- /dev/null +++ b/Report/src/org/sleuthkit/autopsy/report/ReportXML.java @@ -0,0 +1,276 @@ + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.sleuthkit.autopsy.report; + +import java.io.FileOutputStream; +import java.io.File; +import java.io.IOException; +import java.text.DateFormat; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.Date; +import java.util.HashMap; +import java.util.Map.Entry; +import java.util.logging.Level; +import java.util.logging.Logger; +import java.util.regex.Pattern; +import org.apache.commons.lang3.StringEscapeUtils; +import org.jdom.Comment; +import org.jdom.Document; +import org.jdom.Element; +import org.jdom.output.XMLOutputter; +import org.sleuthkit.autopsy.casemodule.Case; +import org.sleuthkit.autopsy.ingest.IngestManager; +import org.sleuthkit.datamodel.*; + +public class ReportXML implements ReportModule { + + public static Document xmldoc = new Document(); + private ReportConfiguration reportconfig; + private String xmlPath; + private static ReportXML instance = null; + + public ReportXML() { + } + + public static synchronized ReportXML getDefault() { + if (instance == null) { + instance = new ReportXML(); + } + return instance; + } + + @Override + public String generateReport(ReportConfiguration reportconfig) throws ReportModuleException { + ReportGen reportobj = new ReportGen(); + reportobj.populateReport(reportconfig); + HashMap> report = reportobj.Results; + try { + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase skCase = currentCase.getSleuthkitCase(); + String caseName = currentCase.getName(); + Integer imagecount = currentCase.getImageIDs().length; + Integer filesystemcount = currentCase.getRootObjectsCount(); + Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG); + Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR); + Element root = new Element("Case"); + xmldoc = new Document(root); + DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); + DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss"); + Date date = new Date(); + String datetime = datetimeFormat.format(date); + String datenotime = dateFormat.format(date); + Comment comment = new Comment("XML Report Generated by Autopsy 3 on " + datetime); + root.addContent(comment); + //Create summary node involving how many of each type + Element summary = new Element("Summary"); + if (IngestManager.getDefault().isIngestRunning()) { + summary.addContent(new Element("Warning").setText("Report was run before ingest services completed!")); + } + summary.addContent(new Element("Name").setText(caseName)); + summary.addContent(new Element("Total-Images").setText(imagecount.toString())); + summary.addContent(new Element("Total-FileSystems").setText(filesystemcount.toString())); + summary.addContent(new Element("Total-Files").setText(totalfiles.toString())); + summary.addContent(new Element("Total-Directories").setText(totaldirs.toString())); + root.addContent(summary); + //generate the nodes for each of the types so we can use them later + Element nodeGen = new Element("General-Information"); + Element nodeWebBookmark = new Element("Web-Bookmarks"); + Element nodeWebCookie = new Element("Web-Cookies"); + Element nodeWebHistory = new Element("Web-History"); + Element nodeWebDownload = new Element("Web-Downloads"); + Element nodeRecentObjects = new Element("Recent-Documents"); + Element nodeTrackPoint = new Element("Track-Points"); + Element nodeInstalled = new Element("Installed-Programfiles"); + Element nodeKeyword = new Element("Keyword-Search-Hits"); + Element nodeHash = new Element("Hashset-Hits"); + Element nodeDevice = new Element("Attached-Devices"); + //remove bytes + Pattern INVALID_XML_CHARS = Pattern.compile("[^\\u0009\\u000A\\u000D\\u0020-\\uD7FF\\uE000-\\uFFFD\uD800\uDC00-\uDBFF\uDFFF]"); + for (Entry> entry : report.entrySet()) { + if (ReportFilter.cancel == true) { + break; + } + int cc = 0; + Element artifact = new Element("Artifact"); + Long objId = entry.getKey().getObjectID(); + Content cont = skCase.getContentById(objId); + Long filesize = cont.getSize(); + try { + artifact.setAttribute("ID", objId.toString()); + artifact.setAttribute("Name", cont.accept(new NameVisitor())); + artifact.setAttribute("Size", filesize.toString()); + } catch (Exception e) { + Logger.getLogger(ReportXML.class.getName()).log(Level.WARNING, "Visitor content exception occurred:", e); + } + // Get all the attributes for this guy + for (BlackboardAttribute tempatt : entry.getValue()) { + if (ReportFilter.cancel == true) { + break; + } + Element attribute = new Element("Attribute").setAttribute("Type", tempatt.getAttributeTypeDisplayName()); + String tempvalue = tempatt.getValueString(); + //INVALID_XML_CHARS.matcher(tempvalue).replaceAll(""); + Element value = new Element("Value").setText(tempvalue); + attribute.addContent(value); + Element context = new Element("Context").setText(StringEscapeUtils.escapeXml(tempatt.getContext())); + attribute.addContent(context); + artifact.addContent(attribute); + cc++; + } + + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) { + //while (entry.getValue().iterator().hasNext()) + // { + // } + nodeGen.addContent(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) { + + + nodeWebBookmark.addContent(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) { + + nodeWebCookie.addContent(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) { + + nodeWebHistory.addContent(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) { + nodeWebDownload.addContent(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) { + nodeRecentObjects.addContent(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) { + nodeTrackPoint.addContent(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) { + nodeInstalled.addContent(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) { + nodeKeyword.addContent(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) { + nodeHash.addContent(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) { + nodeDevice.addContent(artifact); + } + + //end of master loop + } + + //add them in the order we want them to the document + root.addContent(nodeGen); + root.addContent(nodeWebBookmark); + root.addContent(nodeWebCookie); + root.addContent(nodeWebHistory); + root.addContent(nodeWebDownload); + root.addContent(nodeRecentObjects); + root.addContent(nodeTrackPoint); + root.addContent(nodeInstalled); + root.addContent(nodeKeyword); + root.addContent(nodeHash); + root.addContent(nodeDevice); + + + //Export it the first time + xmlPath = currentCase.getCaseDirectory() + File.separator + "Reports" + File.separator + caseName + "-" + datenotime + ".xml"; + this.save(xmlPath); + + } catch (Exception e) { + Logger.getLogger(ReportXML.class.getName()).log(Level.WARNING, "Exception occurred", e); + } + + return xmlPath; + } + + @Override + public void save(String path) { + + try { + + FileOutputStream out = new FileOutputStream(path); + XMLOutputter serializer = new XMLOutputter(); + serializer.output(xmldoc, out); + out.flush(); + out.close(); + } catch (IOException e) { + System.err.println(e); + } + + } + + @Override + public String getName() { + String name = "Default XML"; + return name; + } + + @Override + public String getReportType() { + String type = "XML"; + return type; + } + + @Override + public ReportConfiguration GetReportConfiguration() { + ReportConfiguration config = reportconfig; + return config; + } + + @Override + public void getPreview(String path) { + BrowserControl.openUrl(path); + } + + @Override + public String getReportTypeDescription() { + String desc = "This is an html formatted report that is meant to be viewed in a modern browser."; + return desc; + } + + private class NameVisitor extends ContentVisitor.Default { + + @Override + protected String defaultVisit(Content cntnt) { + throw new UnsupportedOperationException("Not supported for " + cntnt.toString()); + } + + @Override + public String visit(Directory dir) { + return dir.getName(); + } + + @Override + public String visit(Image img) { + return img.getName(); + } + + //@Override + public String visit(File file) { + return file.getName(); + } + } +} diff --git a/Report/src/org/sleuthkit/autopsy/report/StopWatch.java b/Report/src/org/sleuthkit/autopsy/report/StopWatch.java new file mode 100644 index 0000000000..796c3af43e --- /dev/null +++ b/Report/src/org/sleuthkit/autopsy/report/StopWatch.java @@ -0,0 +1,60 @@ +/* + * To change this template, choose Tools | Templates + * and open the template in the editor. + */ +package org.sleuthkit.autopsy.report; + +/** + * + * @author Alex + */ +public class StopWatch { + + private long startTime = 0; + private long stopTime = 0; + private boolean running = false; + + + public void start() { + this.startTime = System.currentTimeMillis(); + this.running = true; + } + + + public void stop() { + this.stopTime = System.currentTimeMillis(); + this.running = false; + } + + + //elaspsed time in milliseconds + public long getElapsedTime() { + long elapsed; + if (running) { + elapsed = (System.currentTimeMillis() - startTime); + } + else { + elapsed = (stopTime - startTime); + } + return elapsed; + } + + public void reset(){ + + startTime = 0; + stopTime = 0; + running = false; + } + + //elaspsed time in seconds + public long getElapsedTimeSecs() { + long elapsed; + if (running) { + elapsed = ((System.currentTimeMillis() - startTime) / 1000); + } + else { + elapsed = ((stopTime - startTime) / 1000); + } + return elapsed; + } +} \ No newline at end of file diff --git a/Report/src/org/sleuthkit/autopsy/report/layer.xml b/Report/src/org/sleuthkit/autopsy/report/layer.xml index c5606919b8..910891e120 100644 --- a/Report/src/org/sleuthkit/autopsy/report/layer.xml +++ b/Report/src/org/sleuthkit/autopsy/report/layer.xml @@ -1,16 +1,36 @@ - + + + + + + + + + + + + + + + + + + + + + + - - - - + + + - + diff --git a/Report/src/org/sleuthkit/autopsy/report/report.java b/Report/src/org/sleuthkit/autopsy/report/report.java deleted file mode 100644 index 1c95b969d0..0000000000 --- a/Report/src/org/sleuthkit/autopsy/report/report.java +++ /dev/null @@ -1,295 +0,0 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ -package org.sleuthkit.autopsy.report; - -import java.sql.ResultSet; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.logging.Level; -import java.util.logging.Logger; -import org.sleuthkit.autopsy.casemodule.Case; -import org.sleuthkit.datamodel.BlackboardArtifact; -import org.sleuthkit.datamodel.BlackboardAttribute; -import org.sleuthkit.datamodel.SleuthkitCase; - -/** - * - * @author Alex - */ -public class report implements reportInterface { - -private void report(){ - -} -@Override -public HashMap> getGenInfo() { - HashMap> reportMap = new HashMap>(); - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - try - { - ArrayList bbart = tempDb.getBlackboardArtifacts(1); - for (BlackboardArtifact artifact : bbart) - { - ArrayList attributes = artifact.getAttributes(); - reportMap.put(artifact, attributes); - } - } - catch (Exception e) - { - Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - - return reportMap; -} - -@Override -public HashMap> getWebHistory() { - HashMap> reportMap = new HashMap>(); - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - try - { - ArrayList bbart = tempDb.getBlackboardArtifacts(4); - for (BlackboardArtifact artifact : bbart) - { - ArrayList attributes = artifact.getAttributes(); - reportMap.put(artifact, attributes); - } - } - catch (Exception e) - { - Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - - return reportMap; -} -@Override -public HashMap> getWebCookie() { - HashMap> reportMap = new HashMap>(); - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - try - { - ArrayList bbart = tempDb.getBlackboardArtifacts(3); - for (BlackboardArtifact artifact : bbart) - { - ArrayList attributes = artifact.getAttributes(); - reportMap.put(artifact, attributes); - } - } - catch (Exception e) - { - Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - - return reportMap; -} -@Override -public HashMap> getWebBookmark() { - HashMap> reportMap = new HashMap>(); - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - try - { - ArrayList bbart = tempDb.getBlackboardArtifacts(2); - for (BlackboardArtifact artifact : bbart) - { - ArrayList attributes = artifact.getAttributes(); - reportMap.put(artifact, attributes); - } - } - catch (Exception e) - { - Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - - return reportMap; -} - -@Override -public HashMap> getWebDownload() { - HashMap> reportMap = new HashMap>(); - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - try - { - ArrayList bbart = tempDb.getBlackboardArtifacts(5); - for (BlackboardArtifact artifact : bbart) - { - ArrayList attributes = artifact.getAttributes(); - reportMap.put(artifact, attributes); - } - } - catch (Exception e) - { - Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - - return reportMap; -} - -@Override -public HashMap> getRecentObject() { - HashMap> reportMap = new HashMap>(); - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - try - { - ArrayList bbart = tempDb.getBlackboardArtifacts(6); - for (BlackboardArtifact artifact : bbart) - { - ArrayList attributes = artifact.getAttributes(); - reportMap.put(artifact, attributes); - } - } - catch (Exception e) - { - Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - - return reportMap; -} - -@Override -public HashMap> getKeywordHit() { - HashMap> reportMap = new HashMap>(); - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - try - { - ArrayList bbart = tempDb.getBlackboardArtifacts(9); - for (BlackboardArtifact artifact : bbart) - { - ArrayList attributes = artifact.getAttributes(); - reportMap.put(artifact, attributes); - } - } - catch (Exception e) - { - Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - - return reportMap; -} -@Override -public HashMap> getHashHit() { - HashMap> reportMap = new HashMap>(); - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - try - { - ArrayList bbart = tempDb.getBlackboardArtifacts(10); - for (BlackboardArtifact artifact : bbart) - { - ArrayList attributes = artifact.getAttributes(); - reportMap.put(artifact, attributes); - } - } - catch (Exception e) - { - Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - - return reportMap; -} -@Override -public HashMap> getInstalledProg() { - HashMap> reportMap = new HashMap>(); - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - try - { - ArrayList bbart = tempDb.getBlackboardArtifacts(8); - for (BlackboardArtifact artifact : bbart) - { - ArrayList attributes = artifact.getAttributes(); - reportMap.put(artifact, attributes); - } - } - catch (Exception e) - { - Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - - return reportMap; -} - -@Override -public HashMap> getDevices() { - HashMap> reportMap = new HashMap>(); - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - try - { - ArrayList bbart = tempDb.getBlackboardArtifacts(11); - for (BlackboardArtifact artifact : bbart) - { - ArrayList attributes = artifact.getAttributes(); - reportMap.put(artifact, attributes); - } - } - catch (Exception e) - { - Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - - return reportMap; -} - -@Override -public String getGroupedKeywordHit() { - StringBuilder table = new StringBuilder(); - HashMap> reportMap = new HashMap>(); - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - try - { - ResultSet uniqueresults = tempDb.runQuery("SELECT DISTINCT value_text from blackboard_attributes where attribute_type_id = '10' order by value_text ASC"); - while(uniqueresults.next()) - { - table.append("").append(uniqueresults.getString("value_text")).append(""); - table.append(""); - ArrayList artlist = new ArrayList(); - ResultSet tempresults = tempDb.runQuery("select DISTINCT artifact_id from blackboard_attributes where attribute_type_id = '10' and value_text = '" + uniqueresults.getString("value_text") +"'"); - while(tempresults.next()) - { - artlist.add(tempDb.getBlackboardArtifact(tempresults.getLong("artifact_id"))); - } - for(BlackboardArtifact art : artlist) - { - String filename = tempDb.getFsContentById(art.getObjectID()).getName(); - String preview = ""; - String set = ""; - table.append(""); - ArrayList tempatts = art.getAttributes(); - for(BlackboardAttribute att : tempatts) - { - if(att.getAttributeTypeID() == 12) - { - preview = ""; - } - if(att.getAttributeTypeID() == 13) - { - set = ""; - } - } - table.append(preview).append(set).append(""); - } - - - table.append("
").append("File Name").append("PreviewKeyword List
").append(filename).append("" + att.getValueString() + "" + att.getValueString() + "


"); - } - } - catch (Exception e) - { - Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - - String result = table.toString(); - return result; -} - -} \ No newline at end of file diff --git a/Report/src/org/sleuthkit/autopsy/report/reportAction.java b/Report/src/org/sleuthkit/autopsy/report/reportAction.java deleted file mode 100644 index dbdd86f698..0000000000 --- a/Report/src/org/sleuthkit/autopsy/report/reportAction.java +++ /dev/null @@ -1,173 +0,0 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ -package org.sleuthkit.autopsy.report; - -import java.awt.Component; -import java.awt.Dimension; -import java.awt.Toolkit; -import java.awt.event.ActionEvent; -import java.awt.event.ActionListener; -import java.beans.PropertyChangeEvent; -import java.beans.PropertyChangeListener; -import java.io.File; -import javax.swing.JButton; -import javax.swing.JDialog; -import javax.swing.JFrame; -import org.openide.awt.ActionRegistration; -import org.openide.awt.ActionReference; -import org.openide.awt.ActionReferences; -import org.openide.awt.ActionID; -import org.openide.util.HelpCtx; -import org.openide.util.NbBundle.Messages; -import org.openide.util.actions.CallableSystemAction; -import org.openide.util.actions.Presenter; -import org.sleuthkit.autopsy.casemodule.Case; -import org.sleuthkit.autopsy.coreutils.Log; -import java.util.logging.Level; -import java.util.logging.Logger; -import javax.swing.ImageIcon; - -@ActionID(category = "Tools", -id = "org.sleuthkit.autopsy.report.reportAction") -@ActionRegistration(displayName = "#CTL_reportAction") -@ActionReferences({ - @ActionReference(path = "Menu/Tools", position = 80) -}) -@Messages("CTL_reportAction=Run Report") -public final class reportAction extends CallableSystemAction implements Presenter.Toolbar{ - - private JButton toolbarButton = new JButton(); - private static final String ACTION_NAME = "Generate Report"; - Logger logger = Logger.getLogger(reportAction.class.getName()); - - public reportAction() { - setEnabled(false); - Case.addPropertyChangeListener(new PropertyChangeListener() { - - @Override - public void propertyChange(PropertyChangeEvent evt) { - if(evt.getPropertyName().equals(Case.CASE_CURRENT_CASE)){ - setEnabled(evt.getNewValue() != null); - } - } - - }); - //attempt to create a report folder if a case is active - Case.addPropertyChangeListener(new PropertyChangeListener () { - - @Override - public void propertyChange(PropertyChangeEvent evt) { - String changed = evt.getPropertyName(); - - //case has been changed - if (changed.equals(Case.CASE_CURRENT_CASE)) { - Case newCase = (Case)evt.getNewValue(); - - if (newCase != null) { - boolean exists = (new File(newCase.getCaseDirectory() + "\\Reports")).exists(); - if (exists) { - // report directory exists -- don't need to do anything - - } else { - // report directory does not exist -- create it - boolean reportCreate = (new File(newCase.getCaseDirectory() + "\\Reports")).mkdirs(); - if(!reportCreate){ - logger.log(Level.WARNING, "Could not create Reports directory for case. It does not exist."); - } - } - } - } - } - -}); - - // set action of the toolbar button - toolbarButton.addActionListener(new ActionListener() { - - @Override - public void actionPerformed(ActionEvent e) { - reportAction.this.actionPerformed(e); - } - }); - - } - - @Override - public void actionPerformed(ActionEvent e) { - try { - - // create the popUp window for it - final JFrame frame = new JFrame(ACTION_NAME); - final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal - - // initialize panel with loaded settings - final reportFilter panel = new reportFilter(); - panel.setjButton2ActionListener(new ActionListener() { - @Override - public void actionPerformed(ActionEvent e) { - popUpWindow.dispose(); - } - }); - - // add the panel to the popup window - popUpWindow.add(panel); - popUpWindow.pack(); - popUpWindow.setResizable(false); - - // set the location of the popUp Window on the center of the screen - Dimension screenDimension = Toolkit.getDefaultToolkit().getScreenSize(); - double w = popUpWindow.getSize().getWidth(); - double h = popUpWindow.getSize().getHeight(); - popUpWindow.setLocation((int) ((screenDimension.getWidth() - w) / 2), (int) ((screenDimension.getHeight() - h) / 2)); - - // display the window - popUpWindow.setVisible(true); - // add the command to close the window to the button on the Case Properties form / panel - - - } catch (Exception ex) { - Log.get(reportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex); - } - } - - @Override - public void performAction() { - - } - - @Override - public String getName() { - return ACTION_NAME; - } - - @Override - public HelpCtx getHelpCtx() { - return HelpCtx.DEFAULT_HELP; - } - - /** - * Returns the toolbar component of this action - * - * @return component the toolbar button - */ - @Override - public Component getToolbarPresenter() { - ImageIcon icon = new ImageIcon(getClass().getResource("btn_icon_generate_report.png")); - toolbarButton.setIcon(icon); - toolbarButton.setText("Generate Report"); - return toolbarButton; - } - - /** - * Set this action to be enabled/disabled - * - * @param value whether to enable this action or not - */ - @Override - public void setEnabled(boolean value){ - super.setEnabled(value); - toolbarButton.setEnabled(value); - } -} \ No newline at end of file diff --git a/Report/src/org/sleuthkit/autopsy/report/reportFilter.form b/Report/src/org/sleuthkit/autopsy/report/reportFilter.form deleted file mode 100644 index 7b3e65968b..0000000000 --- a/Report/src/org/sleuthkit/autopsy/report/reportFilter.form +++ /dev/null @@ -1,185 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/Report/src/org/sleuthkit/autopsy/report/reportFilter.java b/Report/src/org/sleuthkit/autopsy/report/reportFilter.java deleted file mode 100644 index ed3e7e0007..0000000000 --- a/Report/src/org/sleuthkit/autopsy/report/reportFilter.java +++ /dev/null @@ -1,304 +0,0 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ - -/* - * reportFilter.java - * - * Created on Feb 22, 2012, 11:12:12 AM - */ -package org.sleuthkit.autopsy.report; -import java.awt.event.ActionListener; -import java.util.ArrayList; -import javax.swing.SwingUtilities; -import javax.swing.SwingWorker; -import org.sleuthkit.autopsy.casemodule.Case; -import org.sleuthkit.datamodel.SleuthkitCase; -import org.sleuthkit.datamodel.TskException; -/** - * - * @author Alex - */ -public class reportFilter extends javax.swing.JPanel { - public static ArrayList filters = new ArrayList(); - public final reportFilter panel = this; - reportPanelAction rpa = new reportPanelAction(); - public static boolean cancel = false; - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase skCase = currentCase.getSleuthkitCase(); - /** Creates new form reportFilter */ - public reportFilter() { - initComponents(); - cancel = false; - - } - - /** This method is called from within the constructor to - * initialize the form. - * WARNING: Do NOT modify this code. The content of this method is - * always regenerated by the Form Editor. - */ - @SuppressWarnings("unchecked") - // //GEN-BEGIN:initComponents - private void initComponents() { - - jButton2 = new javax.swing.JButton(); - jCheckBox1 = new javax.swing.JCheckBox(); - jCheckBox2 = new javax.swing.JCheckBox(); - jCheckBox3 = new javax.swing.JCheckBox(); - jCheckBox4 = new javax.swing.JCheckBox(); - jCheckBox5 = new javax.swing.JCheckBox(); - jButton1 = new javax.swing.JButton(); - progBar = new javax.swing.JProgressBar(); - cancelButton = new javax.swing.JButton(); - - jButton2.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jButton2.text")); // NOI18N - jButton2.setActionCommand(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jButton2.actionCommand")); // NOI18N - jButton2.setLabel(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jButton2.label")); // NOI18N - - setPreferredSize(new java.awt.Dimension(250, 193)); - - jCheckBox1.setSelected(true); - jCheckBox1.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jCheckBox1.text")); // NOI18N - jCheckBox1.addActionListener(new java.awt.event.ActionListener() { - public void actionPerformed(java.awt.event.ActionEvent evt) { - jCheckBox1ActionPerformed(evt); - } - }); - - jCheckBox2.setSelected(true); - jCheckBox2.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jCheckBox2.text")); // NOI18N - - jCheckBox3.setSelected(true); - jCheckBox3.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jCheckBox3.text")); // NOI18N - - jCheckBox4.setSelected(true); - jCheckBox4.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jCheckBox4.text")); // NOI18N - - jCheckBox5.setSelected(true); - jCheckBox5.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jCheckBox5.text")); // NOI18N - - jButton1.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jButton1.text")); // NOI18N - jButton1.addMouseListener(new java.awt.event.MouseAdapter() { - public void mouseReleased(java.awt.event.MouseEvent evt) { - jButton1MouseReleased(evt); - } - }); - jButton1.addActionListener(new java.awt.event.ActionListener() { - public void actionPerformed(java.awt.event.ActionEvent evt) { - jButton1ActionPerformed(evt); - } - }); - - progBar.setDoubleBuffered(true); - progBar.setEnabled(false); - progBar.setName(""); // NOI18N - progBar.setPreferredSize(new java.awt.Dimension(146, 15)); - progBar.setString(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.progBar.string")); // NOI18N - progBar.setStringPainted(true); - - cancelButton.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.cancelButton.text")); // NOI18N - cancelButton.setActionCommand(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.cancelButton.actionCommand")); // NOI18N - cancelButton.setEnabled(false); - cancelButton.addActionListener(new java.awt.event.ActionListener() { - public void actionPerformed(java.awt.event.ActionEvent evt) { - cancelButtonActionPerformed(evt); - } - }); - - javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this); - this.setLayout(layout); - layout.setHorizontalGroup( - layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addGroup(layout.createSequentialGroup() - .addContainerGap() - .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addGroup(layout.createSequentialGroup() - .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addGroup(layout.createSequentialGroup() - .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addComponent(jCheckBox3) - .addGroup(layout.createSequentialGroup() - .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addComponent(jCheckBox2) - .addComponent(jCheckBox1)) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addComponent(jCheckBox5) - .addComponent(jCheckBox4)))) - .addGap(69, 69, 69)) - .addGroup(layout.createSequentialGroup() - .addComponent(jButton1) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) - .addComponent(cancelButton) - .addGap(156, 156, 156))) - .addContainerGap()) - .addGroup(layout.createSequentialGroup() - .addComponent(progBar, javax.swing.GroupLayout.PREFERRED_SIZE, 231, javax.swing.GroupLayout.PREFERRED_SIZE) - .addContainerGap(109, Short.MAX_VALUE)))) - ); - layout.setVerticalGroup( - layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addGroup(layout.createSequentialGroup() - .addContainerGap() - .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) - .addComponent(jCheckBox1) - .addComponent(jCheckBox4)) - .addGap(18, 18, 18) - .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) - .addComponent(jCheckBox2) - .addComponent(jCheckBox5)) - .addGap(18, 18, 18) - .addComponent(jCheckBox3) - .addGap(18, 18, 18) - .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) - .addComponent(jButton1, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) - .addComponent(cancelButton, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(progBar, javax.swing.GroupLayout.DEFAULT_SIZE, 17, Short.MAX_VALUE) - .addContainerGap()) - ); - }// //GEN-END:initComponents - -private void jCheckBox1ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jCheckBox1ActionPerformed - -}//GEN-LAST:event_jCheckBox1ActionPerformed - -public void getfilters(java.awt.event.ActionEvent evt) -{ - jButton1ActionPerformed(evt); -} - -private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButton1ActionPerformed - - jButton1.setEnabled(false); - progBar.setEnabled(true); - cancelButton.setEnabled(true); - progBar.setStringPainted(true); - progBar.setValue(0); - filters.clear(); - if(jCheckBox1.isSelected()) - { - filters.add(2); - filters.add(3); - filters.add(4); - filters.add(5); - } - if(jCheckBox2.isSelected()) - { - filters.add(1); - } - if(jCheckBox3.isSelected()) - { - filters.add(9); - } - if(jCheckBox4.isSelected()) - { - filters.add(10); - - } - if(jCheckBox5.isSelected()) - { - filters.add(6); - filters.add(8); - filters.add(11); - } - getReports(); -}//GEN-LAST:event_jButton1ActionPerformed - -public void getReports() { - new SwingWorker() { - protected Void doInBackground() throws Exception { - rpa.reportGenerate(filters, panel); - return null; - }; - - // this is called when the SwingWorker's doInBackground finishes - protected void done() { - progBar.setVisible(false); // hide my progress bar JFrame - }; - }.execute(); - progBar.setVisible(true); -} - -private void cancelButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_cancelButtonActionPerformed - cancelButton.setText("Cancelled!"); - cancel = true; -}//GEN-LAST:event_cancelButtonActionPerformed - -private void jButton1MouseReleased(java.awt.event.MouseEvent evt) {//GEN-FIRST:event_jButton1MouseReleased - -}//GEN-LAST:event_jButton1MouseReleased - -public void progBarSet(int cc) -{ - final int count = cc; - SwingUtilities.invokeLater(new Runnable() { - public void run() { - int start = progBar.getValue(); - int end = start + count; - progBar.setValue(end); - progBar.setString(null); - progBar.setString(progBar.getString()); - progBar.setStringPainted(true); - if(progBar.getPercentComplete() == 1.0){ - progBar.setString("Populating Report - Please wait..."); - progBar.setStringPainted(true); - progBar.setIndeterminate(true); - } - }}); -} - -public void progBarDone(){ - int max = progBar.getMaximum(); - progBar.setValue(max); - jButton2.doClick(); -} -public void progBarStartText(){ - progBar.setIndeterminate(true); - progBar.setString("Querying Database for Report Results..."); -} -public void progBarText(){ - - progBar.setString("Populating Report - Please wait..."); - progBar.setStringPainted(true); - progBar.repaint(); - progBar.setIndeterminate(true); - -} - -public void progBarCount(int count){ - progBar.setIndeterminate(false); - progBar.setString(null); - progBar.setMinimum(0); - progBar.setMaximum(count); - progBar.setValue(0); - //Double bper = progBar.getPercentComplete(); - progBar.setString(progBar.getString()); - -} - -public void setjButton1ActionListener(ActionListener e){ - jButton1.addActionListener(e); - - } - -public void setjButton2ActionListener(ActionListener e){ - jButton2.addActionListener(e); - cancelButton.addActionListener(e); - } - - // Variables declaration - do not modify//GEN-BEGIN:variables - private javax.swing.JButton cancelButton; - private javax.swing.JButton jButton1; - private javax.swing.JButton jButton2; - private javax.swing.JCheckBox jCheckBox1; - private javax.swing.JCheckBox jCheckBox2; - private javax.swing.JCheckBox jCheckBox3; - private javax.swing.JCheckBox jCheckBox4; - private javax.swing.JCheckBox jCheckBox5; - private javax.swing.JProgressBar progBar; - // End of variables declaration//GEN-END:variables - -} diff --git a/Report/src/org/sleuthkit/autopsy/report/reportHTML.java b/Report/src/org/sleuthkit/autopsy/report/reportHTML.java deleted file mode 100644 index b9d086c5eb..0000000000 --- a/Report/src/org/sleuthkit/autopsy/report/reportHTML.java +++ /dev/null @@ -1,412 +0,0 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ -package org.sleuthkit.autopsy.report; - -import java.io.BufferedWriter; -import java.io.FileOutputStream; -import java.io.OutputStreamWriter; -import java.io.Writer; -import java.text.DateFormat; -import java.text.SimpleDateFormat; -import java.util.ArrayList; -import java.util.Date; -import java.util.HashMap; -import java.util.Map.Entry; -import java.util.TreeMap; -import java.util.logging.Level; -import java.util.logging.Logger; -import org.sleuthkit.autopsy.casemodule.Case; -import org.sleuthkit.autopsy.ingest.IngestManager; -import org.sleuthkit.datamodel.BlackboardArtifact; -import org.sleuthkit.datamodel.BlackboardAttribute; -import org.sleuthkit.datamodel.FsContent; -import org.sleuthkit.datamodel.SleuthkitCase; -import org.sleuthkit.datamodel.TskData; - -/** - * - * @author Alex - */ -public class reportHTML { - - //Declare our publically accessible formatted report, this will change everytime they run a report - public static StringBuilder formatted_Report = new StringBuilder(); - public static StringBuilder unformatted_header = new StringBuilder(); - public static StringBuilder formatted_header = new StringBuilder(); - public static String htmlPath = ""; -public reportHTML (HashMap> report, reportFilter rr){ - - //This is literally a terrible way to count up all the types of artifacts, and doesn't include any added ones. - //Unlike the XML report, which is dynamic, this is formatted and needs to be redone later instead of being hardcoded. - //Also, clearing variables to generate new report. - formatted_Report.setLength(0); - unformatted_header.setLength(0); - formatted_header.setLength(0); - - int countGen = 0; - int countWebBookmark = 0; - int countWebCookie = 0; - int countWebHistory = 0; - int countWebDownload = 0; - int countRecentObjects = 0; - int countTrackPoint = 0; - int countInstalled = 0; - int countKeyword = 0; - int countHash = 0; - int countDevice = 0; - for (Entry> entry : report.entrySet()) { - if(entry.getKey().getArtifactTypeID() == 1){ - countGen++; - } - if(entry.getKey().getArtifactTypeID() == 2){ - countWebBookmark++; - } - if(entry.getKey().getArtifactTypeID() == 3){ - - countWebCookie++; - } - if(entry.getKey().getArtifactTypeID() == 4){ - - countWebHistory++; - } - if(entry.getKey().getArtifactTypeID() == 5){ - countWebDownload++; - } - if(entry.getKey().getArtifactTypeID() == 6){ - countRecentObjects++; - } - if(entry.getKey().getArtifactTypeID() == 7){ - countTrackPoint++; - } - if(entry.getKey().getArtifactTypeID() == 8){ - countInstalled++; - } - if(entry.getKey().getArtifactTypeID() == 9){ - countKeyword++; - } - if(entry.getKey().getArtifactTypeID() == 10){ - countHash++; - } - if(entry.getKey().getArtifactTypeID() == 11){ - countDevice++; - } - } - - try{ - String ingestwarning = "

Warning, this report was run before ingest services completed!

"; - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase skCase = currentCase.getSleuthkitCase(); - String caseName = currentCase.getName(); - Integer imagecount = currentCase.getImageIDs().length; - Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG); - Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR); - int reportsize = report.size(); - Integer filesystemcount = currentCase.getRootObjectsCount(); - DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); - DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy"); - Date date = new Date(); - String datetime = datetimeFormat.format(date); - String datenotime = dateFormat.format(date); - String CSS = ""; - //Add additional header information - String header = "Autopsy Report for Case: " + caseName + ""; - formatted_header.append(header); - formatted_header.append(CSS); - - //do for unformatted - String simpleCSS = ""; - unformatted_header.append(header); - unformatted_header.append(simpleCSS); - //formatted_Report.append(""); - formatted_Report.append("
"); - // Add summary information now - - formatted_Report.append("

Report for Case: ").append(caseName).append("

"); - if(IngestManager.getDefault().isIngestRunning()) - { - formatted_Report.append(ingestwarning); - } - formatted_Report.append("

Case Summary

HTML Report Generated by Autopsy 3 on ").append(datetime).append("

    "); - formatted_Report.append("
  • # of Images: ").append(imagecount).append("
    • "); - formatted_Report.append("
  • FileSystems: ").append(filesystemcount).append("
    • "); - formatted_Report.append("
  • # of Files: ").append(totalfiles.toString()).append("
    • "); - formatted_Report.append("
  • # of Dirs: ").append(totaldirs.toString()).append("
    • "); - formatted_Report.append("
  • # of Artifacts: ").append(reportsize).append("
"); - - formatted_Report.append("
"); - if(countWebBookmark > 0){ - formatted_Report.append(""); - } - if(countWebCookie > 0){ - formatted_Report.append(""); - } - if(countWebHistory > 0){ - formatted_Report.append(""); - } - if(countWebDownload > 0){ - formatted_Report.append(""); - } - if(countRecentObjects > 0){ - formatted_Report.append(""); - } - if(countInstalled > 0){ - formatted_Report.append(""); - } - if(countKeyword > 0){ - formatted_Report.append(""); - } - if(countHash > 0){ - formatted_Report.append(""); - } - if(countDevice > 0){ - formatted_Report.append(""); - } - formatted_Report.append("
SectionCount
Web Bookmarks").append(countWebBookmark).append("
Web Cookies").append(countWebCookie).append("
Web History").append(countWebHistory).append("
Web Downloads").append(countWebDownload).append("
Recent Documents").append(countRecentObjects).append("
Installed Programs").append(countInstalled).append("
Keyword Hits").append(countKeyword).append("
Hash Hits").append(countHash).append("
Attached Devices").append(countDevice).append("

"); - String tableHeader = ""; - StringBuilder nodeGen = new StringBuilder("

General Information (").append(countGen).append(")

").append(tableHeader).append(""); - StringBuilder nodeWebBookmark = new StringBuilder("

Web Bookmarks (").append(countWebBookmark).append(")

").append(tableHeader).append(""); - StringBuilder nodeWebCookie = new StringBuilder("

Web Cookies (").append(countWebCookie).append(")

").append(tableHeader).append(""); - StringBuilder nodeWebHistory = new StringBuilder("

Web History (").append(countWebHistory).append(")

").append(tableHeader).append(""); - StringBuilder nodeWebDownload = new StringBuilder("

Web Downloads (").append(countWebDownload).append(")

").append(tableHeader).append(""); - StringBuilder nodeRecentObjects = new StringBuilder("

Recent Documents (").append(countRecentObjects).append(")

").append(tableHeader).append(""); - StringBuilder nodeTrackPoint = new StringBuilder("

Track Points (").append(countTrackPoint).append(")

").append(tableHeader).append(""); - StringBuilder nodeInstalled = new StringBuilder("

Installed Programs (").append(countInstalled).append(")

").append(tableHeader).append(""); - StringBuilder nodeKeyword = new StringBuilder("

Keyword Search Hits (").append(countKeyword).append(")

"); - StringBuilder nodeHash = new StringBuilder("

Hashset Hit (").append(countHash).append(")

").append(tableHeader).append(""); - StringBuilder nodeDevice = new StringBuilder("

Attached Devices (").append(countHash).append(")

").append(tableHeader).append(""); - - int alt = 0; - String altRow = ""; - for (Entry> entry : report.entrySet()) { - if(reportFilter.cancel == true){ - break; - } - int cc = 0; - - if(alt > 0) - { - altRow = " class=\"alt\""; - alt = 0; - } - else{ - altRow=""; - alt++; - } - StringBuilder artifact = new StringBuilder(""); - Long objId = entry.getKey().getObjectID(); - //Content file = skCase.getContentById(objId); - FsContent file = skCase.getFsContentById(objId); - - Long filesize = file.getSize(); - - - TreeMap attributes = new TreeMap(); - // Get all the attributes, line them up to be added. Place empty string placeholders for each attribute type - int n; - for(n=1;n<=35;n++) - { - attributes.put(n, ""); - - } - for (BlackboardAttribute tempatt : entry.getValue()) - { - if(reportFilter.cancel == true){ - break; - } - String value = ""; - int type = tempatt.getAttributeTypeID(); - if(tempatt.getValueString() == null || "null".equals(tempatt.getValueString())){ - - } - else if(type == 2 || type == 33 ){ - value = new java.text.SimpleDateFormat("MM/dd/yyyy HH:mm:ss").format(new java.util.Date ((tempatt.getValueLong()))); - if(value == null || "".equals(value)){ - value = tempatt.getValueString(); - } - } - else - { - value = tempatt.getValueString(); - } - value = reportUtils.insertPeriodically(value, "
", 30); - attributes.put(type, value); - cc++; - } - - - if(entry.getKey().getArtifactTypeID() == 1){ - - artifact.append(""); - nodeGen.append(artifact); - } - if(entry.getKey().getArtifactTypeID() == 2){ - artifact.append(""); - artifact.append(""); - artifact.append(""); - artifact.append(""); - nodeWebBookmark.append(artifact); - } - if(entry.getKey().getArtifactTypeID() == 3){ - artifact.append(""); - artifact.append(""); - artifact.append(""); - artifact.append(""); - artifact.append(""); - artifact.append(""); - nodeWebCookie.append(artifact); - } - if(entry.getKey().getArtifactTypeID() == 4){ - artifact.append(""); - artifact.append(""); - artifact.append(""); - artifact.append(""); - artifact.append(""); - artifact.append(""); - nodeWebHistory.append(artifact); - } - if(entry.getKey().getArtifactTypeID() == 5){ - artifact.append(""); - artifact.append(""); - artifact.append(""); - artifact.append(""); - artifact.append(""); - nodeWebDownload.append(artifact); - } - if(entry.getKey().getArtifactTypeID() == 6){ - //artifact.append(""); - artifact.append(""); - artifact.append(""); - artifact.append(""); - nodeRecentObjects.append(artifact); - } - if(entry.getKey().getArtifactTypeID() == 7){ - artifact.append(""); - artifact.append(""); - artifact.append(""); - nodeTrackPoint.append(artifact); - } - if(entry.getKey().getArtifactTypeID() == 8){ - artifact.append(""); - artifact.append(""); - artifact.append(""); - nodeInstalled.append(artifact); - } - if(entry.getKey().getArtifactTypeID() == 9){ - - // artifact.append("
AttributeValue
URLTitleProgram
URLDateNameValueProgram
URLDateReferrerTitleProgram
FileSourceTimeProgram
NamePathRelated Shortcut
Artifact IDNameSizeAttributeValue
Program NameInstall Date/Time
NameSizeHashset Name
NameSerial #Time
").append(attributes.get(1)).append("").append(attributes.get(3)).append("").append(attributes.get(4)).append("
").append(attributes.get(1)).append("").append(attributes.get(2)).append("").append(attributes.get(3)).append("").append(attributes.get(6)).append("").append(attributes.get(4)).append("
").append(attributes.get(1)).append("").append(attributes.get(33)).append("").append(attributes.get(32)).append("").append(attributes.get(3)).append("").append(attributes.get(4)).append("
").append(attributes.get(8)).append("").append(attributes.get(1)).append("").append(attributes.get(33)).append("").append(attributes.get(4)).append("
").append(objId.toString()); - artifact.append("").append(attributes.get(3)).append("").append(attributes.get(8)).append("").append(file.getName()).append("
").append(objId.toString()); - artifact.append("").append(file.getName().toString()).append("").append(filesize.toString()).append("
").append(attributes.get(4)).append("").append(attributes.get(2)).append("
"); - - // artifact.append("
Artifact IDNameSize
"); - // nodeKeyword.append(artifact); - } - if(entry.getKey().getArtifactTypeID() == 10){ - // artifact.append("").append(objId.toString()); - artifact.append("").append(file.getName().toString()).append(""); - artifact.append("").append(filesize.toString()).append(""); - //artifact.append("").append(attributes.get(31)).append(""); - artifact.append("").append(attributes.get(30)).append(""); - artifact.append(""); - nodeHash.append(artifact); - } - if(entry.getKey().getArtifactTypeID() == 11){ - artifact.append("").append(attributes.get(18)).append(""); - artifact.append("").append(attributes.get(20)).append(""); - artifact.append("").append(attributes.get(2)).append(""); - artifact.append(""); - nodeDevice.append(artifact); - } - cc++; - rr.progBarSet(cc); - } - //Add them back in order - //formatted_Report.append(nodeGen); - // formatted_Report.append(""); - if(countWebBookmark > 0){ - formatted_Report.append(nodeWebBookmark); - formatted_Report.append(""); - } - if(countWebCookie > 0){ - formatted_Report.append(nodeWebCookie); - formatted_Report.append(""); - } - if(countWebHistory > 0){ - formatted_Report.append(nodeWebHistory); - formatted_Report.append(""); - } - if(countWebDownload > 0){ - formatted_Report.append(nodeWebDownload); - formatted_Report.append(""); - } - if(countRecentObjects > 0){ - formatted_Report.append(nodeRecentObjects); - formatted_Report.append(""); - } - // formatted_Report.append(nodeTrackPoint); - //formatted_Report.append(""); - if(countInstalled > 0){ - formatted_Report.append(nodeInstalled); - formatted_Report.append(""); - } - if(countKeyword > 0){ - formatted_Report.append(nodeKeyword); - report keywords = new report(); - formatted_Report.append(keywords.getGroupedKeywordHit()); - // " - // formatted_Report.append("
Artifact IDNameSize
"); - } - if(countHash > 0){ - formatted_Report.append(nodeHash); - formatted_Report.append(""); - } - if(countDevice > 0){ - formatted_Report.append(nodeDevice); - formatted_Report.append(""); - } - //end of master loop - - formatted_Report.append("
"); - formatted_header.append(formatted_Report); - // unformatted_header.append(formatted_Report); - htmlPath = currentCase.getCaseDirectory()+"/Reports/" + caseName + "-" + datenotime + ".html"; - Writer out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(htmlPath), "UTF-8")); - out.write(formatted_header.toString()); - - out.flush(); - out.close(); - - } - catch(Exception e) - { - - Logger.getLogger(reportHTML.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - } - - -} \ No newline at end of file diff --git a/Report/src/org/sleuthkit/autopsy/report/reportInterface.java b/Report/src/org/sleuthkit/autopsy/report/reportInterface.java deleted file mode 100644 index 3775b92fd3..0000000000 --- a/Report/src/org/sleuthkit/autopsy/report/reportInterface.java +++ /dev/null @@ -1,28 +0,0 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ -package org.sleuthkit.autopsy.report; - -import java.util.ArrayList; -import java.util.HashMap; -import org.sleuthkit.datamodel.BlackboardArtifact; -import org.sleuthkit.datamodel.BlackboardAttribute; - -/** - * - * @author Alex - */ -public interface reportInterface{ - public HashMap> getGenInfo(); - public HashMap> getWebHistory(); - public HashMap> getWebCookie(); - public HashMap> getWebBookmark(); - public HashMap> getWebDownload(); - public HashMap> getRecentObject(); - public HashMap> getHashHit(); - public HashMap> getKeywordHit(); - public HashMap> getInstalledProg(); - public String getGroupedKeywordHit(); - public HashMap> getDevices(); -} diff --git a/Report/src/org/sleuthkit/autopsy/report/reportPanelAction.java b/Report/src/org/sleuthkit/autopsy/report/reportPanelAction.java deleted file mode 100644 index 8496b1541b..0000000000 --- a/Report/src/org/sleuthkit/autopsy/report/reportPanelAction.java +++ /dev/null @@ -1,158 +0,0 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ -package org.sleuthkit.autopsy.report; - -import java.awt.Dimension; -import java.awt.Toolkit; -import java.awt.event.ActionEvent; -import java.awt.event.ActionListener; -import java.net.URL; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.logging.Level; -import javax.swing.JDialog; -import javax.swing.JFrame; -import javax.swing.SwingUtilities; -import javax.swing.event.HyperlinkEvent; -import javax.swing.event.HyperlinkListener; -import org.sleuthkit.autopsy.coreutils.Log; -import org.sleuthkit.datamodel.BlackboardArtifact; -import org.sleuthkit.datamodel.BlackboardAttribute; - -/** - * - * @author Alex - */ -public class reportPanelAction { - private static final String ACTION_NAME = "Report Preview"; - private StringBuilder viewReport = new StringBuilder(); - public reportPanelAction(){ - - } - - public void reportGenerate(ArrayList reportlist, final reportFilter rr){ - try { - //Clear any old reports in the string - viewReport.setLength(0); - - - // Generate the reports and create the hashmap - final HashMap> Results = new HashMap>(); - report bbreport = new report(); - //see what reports we need to run and run them - //Set progress bar to move while doing this - SwingUtilities.invokeLater(new Runnable() { - @Override - public void run() { - rr.progBarStartText(); - }}); - if(reportlist.contains(1)){Results.putAll(bbreport.getGenInfo());} - if(reportlist.contains(2)){Results.putAll(bbreport.getWebBookmark());} - if(reportlist.contains(3)){Results.putAll(bbreport.getWebCookie());} - if(reportlist.contains(4)){Results.putAll(bbreport.getWebHistory());} - if(reportlist.contains(5)){Results.putAll(bbreport.getWebDownload());} - if(reportlist.contains(6)){Results.putAll(bbreport.getRecentObject());} - // if(reportlist.contains(7)){Results.putAll(bbreport.getGenInfo());} - if(reportlist.contains(8)){Results.putAll(bbreport.getInstalledProg());} - if(reportlist.contains(9)){Results.putAll(bbreport.getKeywordHit());} - if(reportlist.contains(10)){Results.putAll(bbreport.getHashHit());} - if(reportlist.contains(11)){Results.putAll(bbreport.getDevices());} - SwingUtilities.invokeLater(new Runnable() { - @Override - public void run() { - rr.progBarCount(2*Results.size()); - }}); - //Turn our results into the appropriate xml/html reports - //TODO: add a way for users to select what they will run when - Thread xmlthread = new Thread(new Runnable() - { - @Override - public void run() - { - reportXML xmlReport = new reportXML(Results, rr); - } - }); - Thread htmlthread = new Thread(new Runnable() - { - @Override - public void run() - { - reportHTML htmlReport = new reportHTML(Results,rr); - BrowserControl.openUrl(reportHTML.htmlPath); - } - }); - Thread xlsthread = new Thread(new Runnable() - { - @Override - public void run() - { - reportXLS xlsReport = new reportXLS(Results,rr); - // - } - }); - - // start our threads - xmlthread.start(); - htmlthread.start(); - xlsthread.start(); - // display the window - - // create the popUp window for it - if(reportFilter.cancel == false){ - - final JFrame frame = new JFrame(ACTION_NAME); - final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal - - - // initialize panel with loaded settings - htmlthread.join(); - //Set the temporary label to let the user know its done and is waiting on the report - rr.progBarText(); - final reportPanel panel = new reportPanel(viewReport.toString()); - - - panel.setjButton1ActionListener(new ActionListener() { - - @Override - public void actionPerformed(ActionEvent e) { - popUpWindow.dispose(); - } - }); - panel.setjEditorPane1EventListener(new HyperlinkListener(){ - @Override - public void hyperlinkUpdate(HyperlinkEvent hev) { - try { - if (hev.getEventType() == HyperlinkEvent.EventType.ACTIVATED) - - panel.getLink(hev); - } - catch (Exception e) { - // Exceptions thrown............... - } - } - }); - // add the panel to the popup window - popUpWindow.add(panel); - - popUpWindow.setResizable(true); - popUpWindow.pack(); - // set the location of the popUp Window on the center of the screen - Dimension screenDimension = Toolkit.getDefaultToolkit().getScreenSize(); - double w = popUpWindow.getSize().getWidth(); - double h = popUpWindow.getSize().getHeight(); - popUpWindow.setLocation((int) ((screenDimension.getWidth() - w) / 2), (int) ((screenDimension.getHeight() - h) / 2)); - rr.progBarDone(); - panel.setFinishedReportText(); - popUpWindow.setVisible(true); - xmlthread.join(); - xlsthread.join(); - - - } - } catch (Exception ex) { - Log.get(reportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex); - } - } -} diff --git a/Report/src/org/sleuthkit/autopsy/report/reportUtils.java b/Report/src/org/sleuthkit/autopsy/report/reportUtils.java deleted file mode 100644 index eb2ce020a1..0000000000 --- a/Report/src/org/sleuthkit/autopsy/report/reportUtils.java +++ /dev/null @@ -1,42 +0,0 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ -package org.sleuthkit.autopsy.report; - -/** - * - * @author Alex - */ -public class reportUtils { - -static String changeExtension(String originalName, String newExtension) { - int lastDot = originalName.lastIndexOf("."); - if (lastDot != -1) { - return originalName.substring(0, lastDot) + newExtension; - } else { - return originalName + newExtension; - } -} - -public static String insertPeriodically( - String text, String insert, int period) -{ - StringBuilder builder = new StringBuilder( - text.length() + insert.length() * (text.length()/period)+1); - - int index = 0; - String prefix = ""; - while (index < text.length()) - { - // Don't put the insert in the very first iteration. - // This is easier than appending it *after* each substring - builder.append(prefix); - prefix = insert; - builder.append(text.substring(index, - Math.min(index + period, text.length()))); - index += period; - } - return builder.toString(); -} -} \ No newline at end of file diff --git a/Report/src/org/sleuthkit/autopsy/report/reportXLS.java b/Report/src/org/sleuthkit/autopsy/report/reportXLS.java deleted file mode 100644 index 3d9f785a55..0000000000 --- a/Report/src/org/sleuthkit/autopsy/report/reportXLS.java +++ /dev/null @@ -1,375 +0,0 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ -package org.sleuthkit.autopsy.report; - -import java.io.FileOutputStream; - -import java.io.IOException; -import java.text.DateFormat; -import java.text.SimpleDateFormat; -import java.util.ArrayList; -import java.util.Date; -import java.util.HashMap; -import java.util.Map.Entry; -import java.util.TreeMap; -import org.apache.poi.ss.usermodel.Cell; -import org.apache.poi.ss.usermodel.CellStyle; -import org.apache.poi.ss.usermodel.Font; -import org.apache.poi.ss.usermodel.Row; -import org.apache.poi.ss.usermodel.Sheet; -import org.apache.poi.ss.usermodel.Workbook; -import org.apache.poi.xssf.usermodel.XSSFWorkbook; -import org.sleuthkit.autopsy.casemodule.Case; -import org.sleuthkit.datamodel.BlackboardArtifact; -import org.sleuthkit.datamodel.BlackboardAttribute; -import org.sleuthkit.datamodel.FsContent; -import org.sleuthkit.datamodel.SleuthkitCase; -import org.sleuthkit.datamodel.TskData; - -/** - * - * @author Alex - */ -public class reportXLS { - public static Workbook wb = new XSSFWorkbook(); - public reportXLS(HashMap> report, reportFilter rr){ - //Empty the workbook first - Workbook wbtemp = new XSSFWorkbook(); - - int countGen = 0; - int countBookmark = 0; - int countCookie = 0; - int countHistory = 0; - int countDownload = 0; - int countRecentObjects = 0; - int countTrackPoint = 0; - int countInstalled = 0; - int countKeyword = 0; - int countHash = 0; - int countDevice = 0; - for (Entry> entry : report.entrySet()) { - if(entry.getKey().getArtifactTypeID() == 1){ - countGen++; - } - if(entry.getKey().getArtifactTypeID() == 2){ - countBookmark++; - } - if(entry.getKey().getArtifactTypeID() == 3){ - - countCookie++; - } - if(entry.getKey().getArtifactTypeID() == 4){ - - countHistory++; - } - if(entry.getKey().getArtifactTypeID() == 5){ - countDownload++; - } - if(entry.getKey().getArtifactTypeID() == 6){ - countRecentObjects++; - } - if(entry.getKey().getArtifactTypeID() == 7){ - countTrackPoint++; - } - if(entry.getKey().getArtifactTypeID() == 8){ - countInstalled++; - } - if(entry.getKey().getArtifactTypeID() == 9){ - countKeyword++; - } - if(entry.getKey().getArtifactTypeID() == 10){ - countHash++; - } - if(entry.getKey().getArtifactTypeID() == 11){ - countDevice++; - } - } - - try{ - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase skCase = currentCase.getSleuthkitCase(); - String caseName = currentCase.getName(); - Integer imagecount = currentCase.getImageIDs().length; - Integer filesystemcount = currentCase.getRootObjectsCount(); - Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG); - Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR); - DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); - DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss"); - Date date = new Date(); - String datetime = datetimeFormat.format(date); - String datenotime = dateFormat.format(date); - - //The first summary report page - Sheet sheetSummary = wbtemp.createSheet("Summary"); - //Generate a sheet per artifact type - // Sheet sheetGen = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getDisplayName()); - Sheet sheetHash = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getDisplayName()); - Sheet sheetDevice = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getDisplayName()); - Sheet sheetInstalled = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getDisplayName()); - Sheet sheetKeyword = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getDisplayName()); - // Sheet sheetTrackpoint = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getDisplayName()); - Sheet sheetRecent = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getDisplayName()); - Sheet sheetCookie = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getDisplayName()); - Sheet sheetBookmark = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getDisplayName()); - Sheet sheetDownload = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getDisplayName()); - Sheet sheetHistory = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getDisplayName()); - - //Bold/underline cell style for the top header rows - CellStyle style = wbtemp.createCellStyle(); - style.setBorderBottom((short) 2); - Font font = wbtemp.createFont(); - font.setFontHeightInPoints((short)16); - font.setFontName("Courier New"); - font.setBoldweight((short)2); - style.setFont(font); - //create the rows in the worksheet for our records - //Create first row and header - // sheetGen.createRow(0); - // sheetGen.getRow(0).createCell(0).setCellValue("Name"); - // sheetGen.getRow(0).createCell(1).setCellValue("Value"); - // sheetGen.getRow(0).createCell(2).setCellValue("Date/Time"); - - sheetSummary.createRow(0).setRowStyle(style); - sheetSummary.getRow(0).createCell(0).setCellValue("Summary Information"); - sheetSummary.getRow(0).createCell(1).setCellValue(caseName); - //add some basic information - sheetSummary.createRow(1); - sheetSummary.getRow(1).createCell(0).setCellValue("# of Images"); - sheetSummary.getRow(1).createCell(1).setCellValue(imagecount); - sheetSummary.createRow(2); - sheetSummary.getRow(2).createCell(0).setCellValue("Filesystems found"); - sheetSummary.getRow(2).createCell(1).setCellValue(imagecount); - sheetSummary.createRow(3); - sheetSummary.getRow(3).createCell(0).setCellValue("# of Files"); - sheetSummary.getRow(3).createCell(1).setCellValue(totalfiles); - sheetSummary.createRow(4); - sheetSummary.getRow(4).createCell(0).setCellValue("# of Directories"); - sheetSummary.getRow(4).createCell(1).setCellValue(totaldirs); - sheetSummary.createRow(5); - sheetSummary.getRow(5).createCell(0).setCellValue("Date/Time"); - sheetSummary.getRow(5).createCell(1).setCellValue(datetime); - - - - sheetHash.createRow(0).setRowStyle(style); - sheetHash.getRow(0).createCell(0).setCellValue("Name"); - sheetHash.getRow(0).createCell(1).setCellValue("Size"); - sheetHash.getRow(0).createCell(2).setCellValue("Hashset Name"); - - sheetDevice.createRow(0).setRowStyle(style); - sheetDevice.getRow(0).createCell(0).setCellValue("Name"); - sheetDevice.getRow(0).createCell(1).setCellValue("Serial #"); - sheetDevice.getRow(0).createCell(2).setCellValue("Time"); - - sheetInstalled.createRow(0).setRowStyle(style); - sheetInstalled.getRow(0).createCell(0).setCellValue("Program Name"); - sheetInstalled.getRow(0).createCell(1).setCellValue("Install Date/Time"); - - sheetKeyword.createRow(0).setRowStyle(style); - sheetKeyword.getRow(0).createCell(0).setCellValue("Keyword"); - sheetKeyword.getRow(0).createCell(1).setCellValue("File Name"); - sheetKeyword.getRow(0).createCell(2).setCellValue("Preview"); - sheetKeyword.getRow(0).createCell(3).setCellValue("Keyword LIst"); - - sheetRecent.createRow(0).setRowStyle(style); - sheetRecent.getRow(0).createCell(0).setCellValue("Name"); - sheetRecent.getRow(0).createCell(1).setCellValue("Path"); - sheetRecent.getRow(0).createCell(2).setCellValue("Related Shortcut"); - - sheetCookie.createRow(0).setRowStyle(style); - sheetCookie.getRow(0).createCell(0).setCellValue("URL"); - sheetCookie.getRow(0).createCell(1).setCellValue("Date"); - sheetCookie.getRow(0).createCell(2).setCellValue("Name"); - sheetCookie.getRow(0).createCell(3).setCellValue("Value"); - sheetCookie.getRow(0).createCell(4).setCellValue("Program"); - - sheetBookmark.createRow(0).setRowStyle(style); - sheetBookmark.getRow(0).createCell(0).setCellValue("URL"); - sheetBookmark.getRow(0).createCell(1).setCellValue("Title"); - sheetBookmark.getRow(0).createCell(2).setCellValue("Program"); - - sheetDownload.createRow(0).setRowStyle(style); - sheetDownload.getRow(0).createCell(0).setCellValue("File"); - sheetDownload.getRow(0).createCell(1).setCellValue("Source"); - sheetDownload.getRow(0).createCell(2).setCellValue("Time"); - sheetDownload.getRow(0).createCell(3).setCellValue("Program"); - - sheetHistory.createRow(0).setRowStyle(style); - sheetHistory.getRow(0).createCell(0).setCellValue("URL"); - sheetHistory.getRow(0).createCell(1).setCellValue("Date"); - sheetHistory.getRow(0).createCell(2).setCellValue("Referrer"); - sheetHistory.getRow(0).createCell(3).setCellValue("Title"); - sheetHistory.getRow(0).createCell(4).setCellValue("Program"); - - for(int i = 0;i < wbtemp.getNumberOfSheets();i++){ - Sheet tempsheet = wbtemp.getSheetAt(i); - tempsheet.setAutobreaks(true); - - for (Row temprow : tempsheet){ - for (Cell cell : temprow) { - cell.setCellStyle(style); - tempsheet.autoSizeColumn(cell.getColumnIndex()); - } - } - } - - int countedGen = 0; - int countedBookmark = 0; - int countedCookie = 0; - int countedHistory = 0; - int countedDownload = 0; - int countedRecentObjects = 0; - int countedTrackPoint = 0; - int countedInstalled = 0; - int countedKeyword = 0; - int countedHash = 0; - int countedDevice = 0; - - //start populating the sheets in the workbook - for (Entry> entry : report.entrySet()) { - if(reportFilter.cancel == true){ - break; - } - int cc = 0; - Long objId = entry.getKey().getObjectID(); - FsContent file = skCase.getFsContentById(objId); - Long filesize = file.getSize(); - TreeMap attributes = new TreeMap(); - // Get all the attributes, line them up to be added. Place empty string placeholders for each attribute type - int n; - for(n=1;n<=36;n++) - { - attributes.put(n, ""); - - } - for (BlackboardAttribute tempatt : entry.getValue()) - { - if(reportFilter.cancel == true){ - break; - } - String value = ""; - int type = tempatt.getAttributeTypeID(); - if(tempatt.getValueString() == null || "null".equals(tempatt.getValueString())){ - - } - else if(type == 2){ - value = new java.text.SimpleDateFormat("MM/dd/yyyy HH:mm:ss").format(new java.util.Date ((tempatt.getValueLong())*1000)); - } - else - { - value = tempatt.getValueString(); - } - - attributes.put(type, value); - cc++; - } - - - if(entry.getKey().getArtifactTypeID() == 1){ - countedGen++; - // Row temp = sheetGen.getRow(countedGen); - - } - if(entry.getKey().getArtifactTypeID() == 2){ - countedBookmark++; - Row temp = sheetBookmark.createRow(countedBookmark); - temp.createCell(0).setCellValue(attributes.get(1)); - temp.createCell(1).setCellValue(attributes.get(3)); - temp.createCell(2).setCellValue(attributes.get(4)); - } - if(entry.getKey().getArtifactTypeID() == 3){ - countedCookie++; - Row temp = sheetCookie.createRow(countedCookie); - temp.createCell(0).setCellValue(attributes.get(1)); - temp.createCell(1).setCellValue(attributes.get(2)); - temp.createCell(2).setCellValue(attributes.get(3)); - temp.createCell(3).setCellValue(attributes.get(6)); - temp.createCell(4).setCellValue(attributes.get(4)); - } - if(entry.getKey().getArtifactTypeID() == 4){ - countedHistory++; - Row temp = sheetHistory.createRow(countedHistory); - temp.createCell(0).setCellValue(attributes.get(1)); - temp.createCell(1).setCellValue(attributes.get(33)); - temp.createCell(2).setCellValue(attributes.get(32)); - temp.createCell(3).setCellValue(attributes.get(3)); - temp.createCell(4).setCellValue(attributes.get(4)); - } - if(entry.getKey().getArtifactTypeID() == 5){ - countedDownload++; - Row temp = sheetDownload.createRow(countedDownload); - temp.createCell(0).setCellValue(attributes.get(8)); - temp.createCell(1).setCellValue(attributes.get(1)); - temp.createCell(2).setCellValue(attributes.get(33)); - temp.createCell(3).setCellValue(attributes.get(4)); - } - if(entry.getKey().getArtifactTypeID() == 6){ - countedRecentObjects++; - Row temp = sheetRecent.createRow(countedRecentObjects); - temp.createCell(0).setCellValue(attributes.get(3)); - temp.createCell(1).setCellValue(attributes.get(8)); - temp.createCell(2).setCellValue(file.getName()); - temp.createCell(3).setCellValue(attributes.get(4)); - } - if(entry.getKey().getArtifactTypeID() == 7){ - // sheetTrackpoint.addContent(artifact); - } - if(entry.getKey().getArtifactTypeID() == 8){ - countedInstalled++; - Row temp = sheetInstalled.createRow(countedInstalled); - temp.createCell(0).setCellValue(attributes.get(4)); - temp.createCell(1).setCellValue(attributes.get(2)); - } - if(entry.getKey().getArtifactTypeID() == 9){ - countedKeyword++; - Row temp = sheetKeyword.createRow(countedKeyword); - temp.createCell(0).setCellValue(attributes.get(10)); - temp.createCell(1).setCellValue(attributes.get(3)); - temp.createCell(2).setCellValue(attributes.get(12)); - temp.createCell(3).setCellValue(attributes.get(13)); - } - if(entry.getKey().getArtifactTypeID() == 10){ - countedHash++; - Row temp = sheetHash.createRow(countedHash); - temp.createCell(0).setCellValue(file.getName().toString()); - temp.createCell(1).setCellValue(filesize.toString()); - temp.createCell(2).setCellValue(attributes.get(30)); - } - if(entry.getKey().getArtifactTypeID() == 11){ - countedDevice++; - Row temp = sheetDevice.createRow(countedDevice); - temp.createCell(0).setCellValue(attributes.get(18)); - temp.createCell(1).setCellValue(attributes.get(20)); - temp.createCell(2).setCellValue(attributes.get(2)); - } - - - cc++; - rr.progBarSet(cc); - } - - - //write out the report to the reports folder - try { - FileOutputStream fos = new FileOutputStream(currentCase.getCaseDirectory()+"/Reports/" + caseName + "-" + datenotime + ".xlsx"); - wbtemp.write(fos); - fos.close(); - wb = wbtemp; - } - catch (IOException e) { - System.err.println(e); - } - - } - - catch(Exception E) - { - String test = E.toString(); - } - - } - - -} diff --git a/Report/src/org/sleuthkit/autopsy/report/reportXML.java b/Report/src/org/sleuthkit/autopsy/report/reportXML.java deleted file mode 100644 index c8d9d0335a..0000000000 --- a/Report/src/org/sleuthkit/autopsy/report/reportXML.java +++ /dev/null @@ -1,207 +0,0 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ -package org.sleuthkit.autopsy.report; -import java.io.FileOutputStream; -import java.io.IOException; -import java.text.DateFormat; -import java.text.SimpleDateFormat; -import java.util.ArrayList; -import java.util.Date; -import java.util.HashMap; -import java.util.Map.Entry; -import java.util.logging.Level; -import java.util.logging.Logger; -import java.util.regex.Pattern; -import org.apache.commons.lang3.StringEscapeUtils; -import org.jdom.Comment; -import org.jdom.Document; -import org.jdom.Document.*; -import org.jdom.Element; -import org.jdom.output.XMLOutputter; -import org.sleuthkit.autopsy.casemodule.Case; -import org.sleuthkit.autopsy.ingest.IngestManager; -import org.sleuthkit.datamodel.BlackboardArtifact; -import org.sleuthkit.datamodel.BlackboardAttribute; -import org.sleuthkit.datamodel.Content; -import org.sleuthkit.datamodel.ContentVisitor; -import org.sleuthkit.datamodel.Directory; -import org.sleuthkit.datamodel.File; -import org.sleuthkit.datamodel.Image; -import org.sleuthkit.datamodel.SleuthkitCase; -import org.sleuthkit.datamodel.TskData; -public class reportXML { - public static Document xmldoc = new Document(); - public reportXML (HashMap> report, reportFilter rr){ - try{ - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase skCase = currentCase.getSleuthkitCase(); - String caseName = currentCase.getName(); - Integer imagecount = currentCase.getImageIDs().length; - Integer filesystemcount = currentCase.getRootObjectsCount(); - Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG); - Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR); - Element root = new Element("Case"); - xmldoc = new Document(root); - DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); - DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss"); - Date date = new Date(); - String datetime = datetimeFormat.format(date); - String datenotime = dateFormat.format(date); - Comment comment = new Comment("XML Report Generated by Autopsy 3 on " + datetime); - root.addContent(comment); - //Create summary node involving how many of each type - Element summary = new Element("Summary"); - if(IngestManager.getDefault().isIngestRunning()) - { - summary.addContent(new Element("Warning").setText("Report was run before ingest services completed!")); - } - summary.addContent(new Element("Name").setText(caseName)); - summary.addContent(new Element("Total-Images").setText(imagecount.toString())); - summary.addContent(new Element("Total-FileSystems").setText(filesystemcount.toString())); - summary.addContent(new Element("Total-Files").setText(totalfiles.toString())); - summary.addContent(new Element("Total-Directories").setText(totaldirs.toString())); - root.addContent(summary); - //generate the nodes for each of the types so we can use them later - Element nodeGen = new Element("General-Information"); - Element nodeWebBookmark = new Element("Web-Bookmarks"); - Element nodeWebCookie = new Element("Web-Cookies"); - Element nodeWebHistory = new Element("Web-History"); - Element nodeWebDownload = new Element("Web-Downloads"); - Element nodeRecentObjects = new Element("Recent-Documents"); - Element nodeTrackPoint = new Element("Track-Points"); - Element nodeInstalled = new Element("Installed-Programfiles"); - Element nodeKeyword = new Element("Keyword-Search-Hits"); - Element nodeHash = new Element("Hashset-Hits"); - Element nodeDevice = new Element("Attached-Devices"); - //remove bytes - Pattern INVALID_XML_CHARS = Pattern.compile("[^\\u0009\\u000A\\u000D\\u0020-\\uD7FF\\uE000-\\uFFFD\uD800\uDC00-\uDBFF\uDFFF]"); - for (Entry> entry : report.entrySet()) { - if(reportFilter.cancel == true){ - break; - } - int cc = 0; - Element artifact = new Element("Artifact"); - Long objId = entry.getKey().getObjectID(); - Content cont = skCase.getContentById(objId); - Long filesize = cont.getSize(); - artifact.setAttribute("ID", objId.toString()); - artifact.setAttribute("Name", cont.accept(new NameVisitor())); - artifact.setAttribute("Size", filesize.toString()); - - // Get all the attributes for this guy - for (BlackboardAttribute tempatt : entry.getValue()) - { - if(reportFilter.cancel == true){ - break; - } - Element attribute = new Element("Attribute").setAttribute("Type",tempatt.getAttributeTypeDisplayName()); - String tempvalue = tempatt.getValueString(); - //INVALID_XML_CHARS.matcher(tempvalue).replaceAll(""); - Element value = new Element("Value").setText(tempvalue); - attribute.addContent(value); - Element context = new Element("Context").setText(StringEscapeUtils.escapeXml(tempatt.getContext())); - attribute.addContent(context); - artifact.addContent(attribute); - cc++; - } - - if(entry.getKey().getArtifactTypeID() == 1){ - //while (entry.getValue().iterator().hasNext()) - // { - // } - nodeGen.addContent(artifact); - } - if(entry.getKey().getArtifactTypeID() == 2){ - - - nodeWebBookmark.addContent(artifact); - } - if(entry.getKey().getArtifactTypeID() == 3){ - - nodeWebCookie.addContent(artifact); - } - if(entry.getKey().getArtifactTypeID() == 4){ - - nodeWebHistory.addContent(artifact); - } - if(entry.getKey().getArtifactTypeID() == 5){ - nodeWebDownload.addContent(artifact); - } - if(entry.getKey().getArtifactTypeID() == 6){ - nodeRecentObjects.addContent(artifact); - } - if(entry.getKey().getArtifactTypeID() == 7){ - nodeTrackPoint.addContent(artifact); - } - if(entry.getKey().getArtifactTypeID() == 8){ - nodeInstalled.addContent(artifact); - } - if(entry.getKey().getArtifactTypeID() == 9){ - nodeKeyword.addContent(artifact); - } - if(entry.getKey().getArtifactTypeID() == 10){ - nodeHash.addContent(artifact); - } - if(entry.getKey().getArtifactTypeID() == 11){ - nodeDevice.addContent(artifact); - } - cc++; - rr.progBarSet(cc); - //end of master loop - } - - //add them in the order we want them to the document - root.addContent(nodeGen); - root.addContent(nodeWebBookmark); - root.addContent(nodeWebCookie); - root.addContent(nodeWebHistory); - root.addContent(nodeWebDownload); - root.addContent(nodeRecentObjects); - root.addContent(nodeTrackPoint); - root.addContent(nodeInstalled); - root.addContent(nodeKeyword); - root.addContent(nodeHash); - root.addContent(nodeDevice); - - try { - FileOutputStream out = new FileOutputStream(currentCase.getCaseDirectory()+"/Reports/" + caseName + "-" + datenotime + ".xml"); - XMLOutputter serializer = new XMLOutputter(); - serializer.output(xmldoc, out); - out.flush(); - out.close(); - } - catch (IOException e) { - System.err.println(e); - } - - } - catch (Exception e){ - Logger.getLogger(reportXML.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - } - - private class NameVisitor extends ContentVisitor.Default { - - @Override - protected String defaultVisit(Content cntnt) { - throw new UnsupportedOperationException("Not supported for " + cntnt.toString()); - } - - @Override - public String visit(Directory dir) { - return dir.getName(); - } - - @Override - public String visit(Image img) { - return img.getName(); - } - - @Override - public String visit(File fil) { - return fil.getName(); - } - } -} diff --git a/branding/core/core.jar/org/netbeans/core/startup/Bundle.properties b/branding/core/core.jar/org/netbeans/core/startup/Bundle.properties index dbffcdccee..e1f91b289a 100644 --- a/branding/core/core.jar/org/netbeans/core/startup/Bundle.properties +++ b/branding/core/core.jar/org/netbeans/core/startup/Bundle.properties @@ -1,4 +1,6 @@ -currentVersion=Autopsy {0} +#Updated by build script +#Thu, 10 May 2012 15:47:15 -0700 +currentVersion=Autopsy 20120510 LBL_splash_window_title=Starting Autopsy SPLASH_HEIGHT=288 SPLASH_WIDTH=538 diff --git a/branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties b/branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties index 3400dcc9c9..967f636d4a 100644 --- a/branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties +++ b/branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties @@ -1,2 +1,4 @@ -CTL_MainWindow_Title=Autopsy {0} -CTL_MainWindow_Title_No_Project=Autopsy {0} +#Updated by build script +#Thu, 10 May 2012 15:47:15 -0700 +CTL_MainWindow_Title=Autopsy 20120510 +CTL_MainWindow_Title_No_Project=Autopsy 20120510