mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-15 09:17:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #45 from aebadirad42six/master

Browse Source 
Reporting framework integration pull
This commit is contained in:
adam 2012-05-15 07:03:02 -07:00
commit 2ec16daf42
45 changed files with 4132 additions and 3555 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CoreUtils/src/org/sleuthkit/autopsy/coreutils/Bundle.properties
View File

@ -1 +1,7 @@
#Updated by build script
#Thu, 10 May 2012 15:47:15 -0700
OpenIDE-Module-Name=CoreUtils OpenIDE-Module-Name=CoreUtils
app.name=Autopsy
app.version=20120510
build.type=DEVELOPMENT

8
RecentActivity/nbproject/genfiles.properties
View File

@ -1,8 +1,8 @@
build.xml.data.CRC32=dacaa05a build.xml.data.CRC32=f4b57a2d
build.xml.script.CRC32=d323407a build.xml.script.CRC32=d323407a
build.xml.stylesheet.CRC32=a56c6a5b@1.46.1 build.xml.stylesheet.CRC32=a56c6a5b@1.46.2
# This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml. # This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml.
# Do not edit this file. You may delete it but then the IDE will never regenerate such files for you. # Do not edit this file. You may delete it but then the IDE will never regenerate such files for you.
nbproject/build-impl.xml.data.CRC32=dacaa05a nbproject/build-impl.xml.data.CRC32=f4b57a2d
nbproject/build-impl.xml.script.CRC32=aef16a21 nbproject/build-impl.xml.script.CRC32=aef16a21
nbproject/build-impl.xml.stylesheet.CRC32=238281d1@1.46.1 nbproject/build-impl.xml.stylesheet.CRC32=238281d1@1.46.2

1
RecentActivity/nbproject/project.properties
View File

@ -1,5 +1,6 @@
file.reference.gson-2.1.jar=release/modules/ext/gson-2.1.jar file.reference.gson-2.1.jar=release/modules/ext/gson-2.1.jar
file.reference.jdom-1.1.2.jar=release/modules/ext/jdom-1.1.2.jar file.reference.jdom-1.1.2.jar=release/modules/ext/jdom-1.1.2.jar
file.reference.sqlite-jdbc-3.7.6.3-20110609.081603-3.jar=release/modules/ext/sqlite-jdbc-3.7.6.3-20110609.081603-3.jar file.reference.sqlite-jdbc-3.7.6.3-20110609.081603-3.jar=release/modules/ext/sqlite-jdbc-3.7.6.3-20110609.081603-3.jar
is.autoload=true
javac.source=1.6 javac.source=1.6
javac.compilerargs=-Xlint -Xlint:-serial javac.compilerargs=-Xlint -Xlint:-serial

10
RecentActivity/nbproject/project.xml
View File

@ -178,14 +178,10 @@
<specification-version>0.0</specification-version> <specification-version>0.0</specification-version>
</run-dependency> </run-dependency>
</dependency> </dependency>
<dependency>
<code-name-base>org.sleuthkit.autopsy.report</code-name-base>
<run-dependency>
<specification-version>1.0</specification-version>
</run-dependency>
</dependency>
</module-dependencies> </module-dependencies>
<public-packages/> <public-packages>
<package>org.sleuthkit.autopsy.recentactivity</package>
</public-packages>
<class-path-extension> <class-path-extension>
<runtime-relative-path>ext/sqlite-jdbc-3.7.6.3-20110609.081603-3.jar</runtime-relative-path> <runtime-relative-path>ext/sqlite-jdbc-3.7.6.3-20110609.081603-3.jar</runtime-relative-path>
<binary-origin>release/modules/ext/sqlite-jdbc-3.7.6.3-20110609.081603-3.jar</binary-origin> <binary-origin>release/modules/ext/sqlite-jdbc-3.7.6.3-20110609.081603-3.jar</binary-origin>

1
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties
View File

@ -1,3 +1,4 @@
OpenIDE-Module-Display-Category=Java
OpenIDE-Module-Name=RecentActivity OpenIDE-Module-Name=RecentActivity
RecentActivityTopComponent.makeNodesButton.text=Get Recent Activity RecentActivityTopComponent.makeNodesButton.text=Get Recent Activity
RecentActivityTopComponent.jLabel1.text=Filter Options RecentActivityTopComponent.jLabel1.text=Filter Options

271
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
View File

@ -1,8 +1,25 @@
/* /*
* To change this template, choose Tools | Templates *
* and open the template in the editor. * Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/ */
package org.sleuthkit.autopsy.recentactivity; package org.sleuthkit.autopsy.recentactivity;
import com.google.gson.JsonArray; import com.google.gson.JsonArray;
import com.google.gson.JsonElement; import com.google.gson.JsonElement;
import com.google.gson.JsonObject; import com.google.gson.JsonObject;
@ -25,15 +42,13 @@ import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
/** /**
* *
* @author Alex * @author Alex
*/ */
public class Chrome { public class Chrome {
public static final String chquery = "SELECT urls.url, urls.title, urls.visit_count, urls.typed_count, " public static final String chquery = "SELECT urls.url, urls.title, urls.visit_count, urls.typed_count, "
+ "last_visit_time, urls.hidden, visits.visit_time, (SELECT urls.url FROM urls WHERE urls.id=visits.url) as from_visit, visits.transition FROM urls, visits WHERE urls.id = visits.url"; + "last_visit_time, urls.hidden, visits.visit_time, (SELECT urls.url FROM urls WHERE urls.id=visits.url) as from_visit, visits.transition FROM urls, visits WHERE urls.id = visits.url";
public static final String chcookiequery = "select name, value, host_key, expires_utc,last_access_utc, creation_utc from cookies"; public static final String chcookiequery = "select name, value, host_key, expires_utc,last_access_utc, creation_utc from cookies";
@ -44,50 +59,57 @@ public class Chrome {
public int ChromeCount = 0; public int ChromeCount = 0;
public Chrome() { public Chrome() {
} }
public void getchdb(List<String> image, IngestImageWorkerController controller) { public void getchdb(List<String> image, IngestImageWorkerController controller) {
try try {
{
Case currentCase = Case.getCurrentCase(); // get the most updated case Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase(); SleuthkitCase tempDb = currentCase.getSleuthkitCase();
List<FsContent> FFSqlitedb; List<FsContent> FFSqlitedb = null;
Map<String, Object> kvs = new LinkedHashMap<String, Object>(); Map<String, Object> kvs = new LinkedHashMap<String, Object>();
String allFS = new String(); String allFS = new String();
for (int i = 0; i < image.size(); i++) { for (int i = 0; i < image.size(); i++) {
if(i == 0) if (i == 0) {
allFS += " AND (0"; allFS += " AND (0";
}
allFS += " OR fs_obj_id = '" + image.get(i) + "'"; allFS += " OR fs_obj_id = '" + image.get(i) + "'";
if(i == image.size()-1) if (i == image.size() - 1) {
allFS += ")"; allFS += ")";
} }
}
try {
ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'History' and name NOT LIKE '%journal%' AND parent_path LIKE '%Chrome%'" + allFS); ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'History' and name NOT LIKE '%journal%' AND parent_path LIKE '%Chrome%'" + allFS);
FFSqlitedb = tempDb.resultSetToFsContents(rs); FFSqlitedb = tempDb.resultSetToFsContents(rs);
ChromeCount = FFSqlitedb.size(); ChromeCount = FFSqlitedb.size();
rs.close(); rs.close();
rs.getStatement().close(); rs.getStatement().close();
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
int j = 0; int j = 0;
while (j < FFSqlitedb.size()) if(FFSqlitedb != null && !FFSqlitedb.isEmpty())
{ {
while (j < FFSqlitedb.size()) {
String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"; String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db";
String connectionString = "jdbc:sqlite:" + temps; String connectionString = "jdbc:sqlite:" + temps;
try {
ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"));
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to write to disk.{0}", ex);
}
File dbFile = new File(temps); File dbFile = new File(temps);
if (controller.isCancelled()) { if (controller.isCancelled()) {
dbFile.delete(); dbFile.delete();
break; break;
} }
try try {
{
dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString); dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString);
ResultSet temprs = tempdbconnect.executeQry(chquery); ResultSet temprs = tempdbconnect.executeQry(chquery);
while(temprs.next()) while (temprs.next()) {
{ try {
String domain = Util.extractDomain(temprs.getString("url")); String domain = Util.extractDomain(temprs.getString("url"));
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
@ -98,72 +120,77 @@ public class Chrome {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Chrome")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Chrome"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to insert BB artifact.{0}", ex);
}
} }
tempdbconnect.closeConnection(); tempdbconnect.closeConnection();
temprs.close(); temprs.close();
} } catch (Exception ex) {
catch (Exception ex)
{
logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex);
} }
j++; j++;
dbFile.delete(); dbFile.delete();
} }
IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY));
} }
catch (SQLException ex) IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY));
{ } catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex);
} }
catch(IOException ioex)
{
logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex);
}
//COOKIES section //COOKIES section
// This gets the cookie info // This gets the cookie info
try try {
{
Case currentCase = Case.getCurrentCase(); // get the most updated case Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase(); SleuthkitCase tempDb = currentCase.getSleuthkitCase();
String allFS = new String(); String allFS = new String();
for (int i = 0; i < image.size(); i++) { for (int i = 0; i < image.size(); i++) {
if(i == 0) if (i == 0) {
allFS += " AND (0"; allFS += " AND (0";
}
allFS += " OR fs_obj_id = '" + image.get(i) + "'"; allFS += " OR fs_obj_id = '" + image.get(i) + "'";
if(i == image.size()-1) if (i == image.size() - 1) {
allFS += ")"; allFS += ")";
} }
List<FsContent> FFSqlitedb; }
List<FsContent> FFSqlitedb = null;
try {
ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE '%Cookies%' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS); ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE '%Cookies%' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS);
FFSqlitedb = tempDb.resultSetToFsContents(rs); FFSqlitedb = tempDb.resultSetToFsContents(rs);
rs.close(); rs.close();
rs.getStatement().close(); rs.getStatement().close();
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
int j = 0; int j = 0;
if(FFSqlitedb != null && !FFSqlitedb.isEmpty())
while (j < FFSqlitedb.size())
{ {
while (j < FFSqlitedb.size()) {
String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"; String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db";
String connectionString = "jdbc:sqlite:" + temps; String connectionString = "jdbc:sqlite:" + temps;
try {
ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"));
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to write IO.{0}", ex);
}
File dbFile = new File(temps); File dbFile = new File(temps);
if (controller.isCancelled()) { if (controller.isCancelled()) {
dbFile.delete(); dbFile.delete();
break; break;
} }
try try {
{
dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString); dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString);
ResultSet temprs = tempdbconnect.executeQry(chcookiequery); ResultSet temprs = tempdbconnect.executeQry(chcookiequery);
while(temprs.next()) while (temprs.next()) {
{ try {
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE); BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
String domain = temprs.getString("host_key"); String domain = temprs.getString("host_key");
domain = domain.replaceFirst("^\\.+(?!$)", "");
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host_key"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host_key")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Last Visited", (temprs.getLong("last_access_utc") / 10000))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Last Visited", (temprs.getLong("last_access_utc") / 10000)));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", "", temprs.getString("value"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", "", temprs.getString("value")));
@ -171,63 +198,66 @@ public class Chrome {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Chrome")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Chrome"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
} }
tempdbconnect.closeConnection(); tempdbconnect.closeConnection();
temprs.close(); temprs.close();
} } catch (Exception ex) {
catch (Exception ex)
{
logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex);
} }
j++; j++;
dbFile.delete(); dbFile.delete();
} }
IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE));
} }
catch (SQLException ex) IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE));
{ } catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex);
} }
catch(IOException ioex)
{
logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex);
}
//BOokmarks section //BOokmarks section
// This gets the bm info // This gets the bm info
try try {
{
Case currentCase = Case.getCurrentCase(); // get the most updated case Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase(); SleuthkitCase tempDb = currentCase.getSleuthkitCase();
String allFS = new String(); String allFS = new String();
for (int i = 0; i < image.size(); i++) { for (int i = 0; i < image.size(); i++) {
if(i == 0) if (i == 0) {
allFS += " AND (0"; allFS += " AND (0";
}
allFS += " OR fs_obj_id = '" + image.get(i) + "'"; allFS += " OR fs_obj_id = '" + image.get(i) + "'";
if(i == image.size()-1) if (i == image.size() - 1) {
allFS += ")"; allFS += ")";
} }
List<FsContent> FFSqlitedb; }
List<FsContent> FFSqlitedb = null;
try {
ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'Bookmarks' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS); ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'Bookmarks' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS);
FFSqlitedb = tempDb.resultSetToFsContents(rs); FFSqlitedb = tempDb.resultSetToFsContents(rs);
rs.close(); rs.close();
rs.getStatement().close(); rs.getStatement().close();
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
int j = 0; int j = 0;
if(FFSqlitedb != null && !FFSqlitedb.isEmpty())
while (j < FFSqlitedb.size())
{ {
while (j < FFSqlitedb.size()) {
String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"; String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db";
try {
ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"));
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to write IO {0}", ex);
}
File dbFile = new File(temps); File dbFile = new File(temps);
if (controller.isCancelled()) { if (controller.isCancelled()) {
dbFile.delete(); dbFile.delete();
break; break;
} }
try try {
{
final JsonParser parser = new JsonParser(); final JsonParser parser = new JsonParser();
JsonElement jsonElement = parser.parse(new FileReader(temps)); JsonElement jsonElement = parser.parse(new FileReader(temps));
@ -235,10 +265,8 @@ public class Chrome {
JsonObject whatever = test.get("roots").getAsJsonObject(); JsonObject whatever = test.get("roots").getAsJsonObject();
JsonObject whatever2 = whatever.get("bookmark_bar").getAsJsonObject(); JsonObject whatever2 = whatever.get("bookmark_bar").getAsJsonObject();
JsonArray whatever3 = whatever2.getAsJsonArray("children"); JsonArray whatever3 = whatever2.getAsJsonArray("children");
// JsonArray results = parser.parse(new FileReader(temps)).getAsJsonObject().getAsJsonArray("roots").getAsJsonObject().getAsJsonArray("bookmark_bar").get(0).getAsJsonObject().getAsJsonArray("children");
for (JsonElement result : whatever3) { for (JsonElement result : whatever3) {
try {
JsonObject address = result.getAsJsonObject(); JsonObject address = result.getAsJsonObject();
String url = address.get("url").getAsString(); String url = address.get("url").getAsString();
String name = address.get("name").getAsString(); String name = address.get("name").getAsString();
@ -252,70 +280,77 @@ public class Chrome {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Chrome")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Chrome"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to insert BB artifact{0}", ex);
}
} }
} } catch (Exception ex) {
catch (Exception ex)
{
logger.log(Level.WARNING, "Error while trying to read into the Bookmarks for Chrome." + ex); logger.log(Level.WARNING, "Error while trying to read into the Bookmarks for Chrome." + ex);
} }
j++; j++;
dbFile.delete(); dbFile.delete();
} }
IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK));
} }
catch (SQLException ex) IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK));
{ } catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex);
} }
catch(IOException ioex)
{
logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex);
}
//Downloads section //Downloads section
// This gets the downloads info // This gets the downloads info
try try {
{
Case currentCase = Case.getCurrentCase(); // get the most updated case Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase(); SleuthkitCase tempDb = currentCase.getSleuthkitCase();
List<FsContent> FFSqlitedb; List<FsContent> FFSqlitedb = null;
String allFS = new String(); String allFS = new String();
for (int i = 0; i < image.size(); i++) { for (int i = 0; i < image.size(); i++) {
if(i == 0) if (i == 0) {
allFS += " AND (0"; allFS += " AND (0";
}
allFS += " OR fs_obj_id = '" + image.get(i) + "'"; allFS += " OR fs_obj_id = '" + image.get(i) + "'";
if(i == image.size()-1) if (i == image.size() - 1) {
allFS += ")"; allFS += ")";
} }
}
try {
ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'History' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS); ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'History' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS);
FFSqlitedb = tempDb.resultSetToFsContents(rs); FFSqlitedb = tempDb.resultSetToFsContents(rs);
rs.close(); rs.close();
rs.getStatement().close(); rs.getStatement().close();
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
int j = 0; int j = 0;
if(FFSqlitedb != null && !FFSqlitedb.isEmpty())
while (j < FFSqlitedb.size())
{ {
while (j < FFSqlitedb.size()) {
String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"; String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db";
String connectionString = "jdbc:sqlite:" + temps; String connectionString = "jdbc:sqlite:" + temps;
try {
ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"));
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
File dbFile = new File(temps); File dbFile = new File(temps);
if (controller.isCancelled()) { if (controller.isCancelled()) {
dbFile.delete(); dbFile.delete();
break; break;
} }
try try {
{
dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString); dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString);
ResultSet temprs = tempdbconnect.executeQry(chdownloadquery); ResultSet temprs = tempdbconnect.executeQry(chdownloadquery);
while(temprs.next()) while (temprs.next()) {
{ try {
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD); BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
String domain = Util.extractDomain(temprs.getString("url")); String domain = Util.extractDomain(temprs.getString("url"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",(temprs.getLong("start_time")/10000))); Long time = temprs.getLong("start_time");
String Tempdate = time.toString() + "000";
time = Long.valueOf(Tempdate);
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", time));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", ((temprs.getString("url") != null) ? temprs.getString("url") : ""))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", ((temprs.getString("url") != null) ? temprs.getString("url") : "")));
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : ""))); //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "Recent Activity", "", temprs.getString("full_path"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "Recent Activity", "", temprs.getString("full_path")));
@ -323,100 +358,98 @@ public class Chrome {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Chrome")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Chrome"));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
} }
tempdbconnect.closeConnection(); tempdbconnect.closeConnection();
temprs.close(); temprs.close();
IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD)); IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD));
} } catch (Exception ex) {
catch (Exception ex)
{
logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex);
} }
j++; j++;
dbFile.delete(); dbFile.delete();
} }
} }
catch (SQLException ex) } catch (Exception ex) {
{
logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex);
} }
catch(IOException ioex)
{
logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex);
}
//Login/Password section //Login/Password section
// This gets the user info // This gets the user info
try try {
{
Case currentCase = Case.getCurrentCase(); // get the most updated case Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase(); SleuthkitCase tempDb = currentCase.getSleuthkitCase();
String allFS = new String(); String allFS = new String();
for (int i = 0; i < image.size(); i++) { for (int i = 0; i < image.size(); i++) {
if(i == 0) if (i == 0) {
allFS += " AND (0"; allFS += " AND (0";
}
allFS += " OR fs_obj_id = '" + image.get(i) + "'"; allFS += " OR fs_obj_id = '" + image.get(i) + "'";
if(i == image.size()-1) if (i == image.size() - 1) {
allFS += ")"; allFS += ")";
} }
List<FsContent> FFSqlitedb; }
List<FsContent> FFSqlitedb = null;
try {
ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'signons.sqlite' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS); ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'signons.sqlite' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS);
FFSqlitedb = tempDb.resultSetToFsContents(rs); FFSqlitedb = tempDb.resultSetToFsContents(rs);
rs.close(); rs.close();
rs.getStatement().close(); rs.getStatement().close();
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
int j = 0; int j = 0;
if(FFSqlitedb != null && !FFSqlitedb.isEmpty())
while (j < FFSqlitedb.size())
{ {
while (j < FFSqlitedb.size()) {
String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"; String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db";
String connectionString = "jdbc:sqlite:" + temps; String connectionString = "jdbc:sqlite:" + temps;
try {
ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"));
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
File dbFile = new File(temps); File dbFile = new File(temps);
if (controller.isCancelled()) { if (controller.isCancelled()) {
dbFile.delete(); dbFile.delete();
break; break;
} }
try try {
{
dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString); dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString);
ResultSet temprs = tempdbconnect.executeQry(chloginquery); ResultSet temprs = tempdbconnect.executeQry(chloginquery);
while(temprs.next()) while (temprs.next()) {
{ try {
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getString("start_time")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", ((temprs.getString("origin_url") != null) ? temprs.getString("origin_url") : ""))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", ((temprs.getString("origin_url") != null) ? temprs.getString("origin_url") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USERNAME.getTypeID(), "RecentActivity", "", ((temprs.getString("username_value") != null) ? temprs.getString("username_value").replaceAll("'", "''") : ""))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USERNAME.getTypeID(), "RecentActivity", "", ((temprs.getString("username_value") != null) ? temprs.getString("username_value").replaceAll("'", "''") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "Recent Activity", "", temprs.getString("signon_realm"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "Recent Activity", "", temprs.getString("signon_realm")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", Util.extractDomain(((temprs.getString("origin_url") != null) ? temprs.getString("origin_url") : "")))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", Util.extractDomain(((temprs.getString("origin_url") != null) ? temprs.getString("origin_url") : ""))));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Chrome")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Chrome"));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
} }
tempdbconnect.closeConnection(); tempdbconnect.closeConnection();
temprs.close(); temprs.close();
} } catch (Exception ex) {
catch (Exception ex)
{
logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex);
} }
j++; j++;
dbFile.delete(); dbFile.delete();
} }
}
IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY));
} } catch (Exception ex) {
catch (SQLException ex)
{
logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex);
} }
catch(IOException ioex)
{
logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex);
}
} }
} }

180
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -1,8 +1,10 @@
/* /*
*
* Autopsy Forensic Browser * Autopsy Forensic Browser
* *
* Copyright 2011 Basis Technology Corp. * Copyright 2012 42six Solutions.
* Contact: carrier <at> sleuthkit <dot> org * Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -27,7 +29,6 @@ import java.io.IOException;
import java.sql.ResultSet; import java.sql.ResultSet;
//Util Imports //Util Imports
import java.sql.SQLException;
import java.text.ParseException; import java.text.ParseException;
import java.text.SimpleDateFormat; import java.text.SimpleDateFormat;
import java.util.ArrayList; import java.util.ArrayList;
@ -43,9 +44,7 @@ import java.util.regex.Pattern;
// TSK Imports // TSK Imports
import org.openide.modules.InstalledFileLocator; import org.openide.modules.InstalledFileLocator;
import org.openide.util.Exceptions;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.coreutils.PlatformUtil;
import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.autopsy.datamodel.DataConversion; import org.sleuthkit.autopsy.datamodel.DataConversion;
import org.sleuthkit.autopsy.datamodel.KeyValue; import org.sleuthkit.autopsy.datamodel.KeyValue;
@ -59,7 +58,7 @@ import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.FsContent; import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskException; import org.sleuthkit.autopsy.coreutils.PlatformUtil;
public class ExtractIE { // implements BrowserActivity { public class ExtractIE { // implements BrowserActivity {
@ -68,22 +67,18 @@ public class ExtractIE { // implements BrowserActivity {
private String favoriteQuery = "select * from `tsk_files` where parent_path LIKE '%/Favorites%' and name LIKE '%.url'"; private String favoriteQuery = "select * from `tsk_files` where parent_path LIKE '%/Favorites%' and name LIKE '%.url'";
private String cookiesQuery = "select * from `tsk_files` where parent_path LIKE '%/Cookies%' and name LIKE '%.txt'"; private String cookiesQuery = "select * from `tsk_files` where parent_path LIKE '%/Cookies%' and name LIKE '%.txt'";
private String recentQuery = "select * from `tsk_files` where parent_path LIKE '%/Recent%' and name LIKE '%.lnk'"; private String recentQuery = "select * from `tsk_files` where parent_path LIKE '%/Recent%' and name LIKE '%.lnk'";
private String JAVA_PATH = "java";
//sleauthkit db handle //sleauthkit db handle
SleuthkitCase tempDb; SleuthkitCase tempDb;
//paths set in init() //paths set in init()
private String PASCO_RESULTS_PATH; private String PASCO_RESULTS_PATH;
private String PASCO_LIB_PATH; private String PASCO_LIB_PATH;
private String JAVA_PATH;
//Results List to be referenced/used outside the class //Results List to be referenced/used outside the class
public ArrayList<HashMap<String, Object>> PASCO_RESULTS_LIST = new ArrayList<HashMap<String, Object>>(); public ArrayList<HashMap<String, Object>> PASCO_RESULTS_LIST = new ArrayList<HashMap<String, Object>>();
//Look Up Table that holds Pasco2 results //Look Up Table that holds Pasco2 results
private HashMap<String, Object> PASCO_RESULTS_LUT; private HashMap<String, Object> PASCO_RESULTS_LUT;
private KeyValue IE_PASCO_LUT = new KeyValue(BrowserType.IE.name(), BrowserType.IE.getType()); private KeyValue IE_PASCO_LUT = new KeyValue(BrowserType.IE.name(), BrowserType.IE.getType());
public LinkedHashMap<String, Object> IE_OBJ; public LinkedHashMap<String, Object> IE_OBJ;
boolean pascoFound = false; boolean pascoFound = false;
public ExtractIE(List<String> image, IngestImageWorkerController controller) { public ExtractIE(List<String> image, IngestImageWorkerController controller) {
@ -91,27 +86,30 @@ public class ExtractIE { // implements BrowserActivity {
//Favorites section //Favorites section
// This gets the favorite info // This gets the favorite info
try try {
{
Case currentCase = Case.getCurrentCase(); // get the most updated case Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase(); SleuthkitCase tempDb = currentCase.getSleuthkitCase();
String allFS = new String(); String allFS = new String();
for (int i = 0; i < image.size(); i++) { for (int i = 0; i < image.size(); i++) {
if(i == 0) if (i == 0) {
allFS += " AND (0"; allFS += " AND (0";
}
allFS += " OR fs_obj_id = '" + image.get(i) + "'"; allFS += " OR fs_obj_id = '" + image.get(i) + "'";
if(i == image.size()-1) if (i == image.size() - 1) {
allFS += ")"; allFS += ")";
} }
List<FsContent> FavoriteList; }
List<FsContent> FavoriteList = new ArrayList<FsContent>();
try {
ResultSet rs = tempDb.runQuery(favoriteQuery + allFS); ResultSet rs = tempDb.runQuery(favoriteQuery + allFS);
FavoriteList = tempDb.resultSetToFsContents(rs); FavoriteList = tempDb.resultSetToFsContents(rs);
rs.close(); rs.close();
rs.getStatement().close(); rs.getStatement().close();
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
for(FsContent Favorite : FavoriteList) for (FsContent Favorite : FavoriteList) {
{
if (controller.isCancelled()) { if (controller.isCancelled()) {
break; break;
} }
@ -124,13 +122,15 @@ public class ExtractIE { // implements BrowserActivity {
String url = ""; String url = "";
Pattern p = Pattern.compile(re1 + re2, Pattern.CASE_INSENSITIVE | Pattern.DOTALL); Pattern p = Pattern.compile(re1 + re2, Pattern.CASE_INSENSITIVE | Pattern.DOTALL);
Matcher m = p.matcher(bookmarkString); Matcher m = p.matcher(bookmarkString);
if (m.find()) if (m.find()) {
{
url = m.group(1); url = m.group(1);
} }
String name = Favorite.getName(); String name = Favorite.getName();
String datetime = Favorite.getCrtimeAsDate(); Long datetime = Favorite.getCrtime();
String domain = Util.extractDomain(url); String Tempdate = datetime.toString() + "000";
datetime = Long.valueOf(Tempdate);
String domain = Util.getBaseDomain(url);
try {
BlackboardArtifact bbart = Favorite.newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK); BlackboardArtifact bbart = Favorite.newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", datetime)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", datetime));
@ -140,41 +140,42 @@ public class ExtractIE { // implements BrowserActivity {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK));
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
} }
} } catch (Exception ex) {
catch(TskException ex)
{
logger.log(Level.WARNING, "Error while trying to retrieve content from the TSK .", ex); logger.log(Level.WARNING, "Error while trying to retrieve content from the TSK .", ex);
} }
catch(SQLException ioex)
{
logger.log(Level.WARNING, "Error while trying to retrieve files from the TSK .", ioex);
}
//Cookies section //Cookies section
// This gets the cookies info // This gets the cookies info
try try {
{
Case currentCase = Case.getCurrentCase(); // get the most updated case Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase(); SleuthkitCase tempDb = currentCase.getSleuthkitCase();
String allFS = new String(); String allFS = new String();
for (int i = 0; i < image.size(); i++) { for (int i = 0; i < image.size(); i++) {
if(i == 0) if (i == 0) {
allFS += " AND (0"; allFS += " AND (0";
}
allFS += " OR fs_obj_id = '" + image.get(i) + "'"; allFS += " OR fs_obj_id = '" + image.get(i) + "'";
if(i == image.size()-1) if (i == image.size() - 1) {
allFS += ")"; allFS += ")";
} }
List<FsContent> CookiesList; }
List<FsContent> CookiesList = new ArrayList<FsContent>();
try {
ResultSet rs = tempDb.runQuery(cookiesQuery + allFS); ResultSet rs = tempDb.runQuery(cookiesQuery + allFS);
CookiesList = tempDb.resultSetToFsContents(rs); CookiesList = tempDb.resultSetToFsContents(rs);
rs.close(); rs.close();
rs.getStatement().close(); rs.getStatement().close();
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
for(FsContent Cookie : CookiesList) for (FsContent Cookie : CookiesList) {
{
if (controller.isCancelled()) { if (controller.isCancelled()) {
break; break;
} }
@ -187,8 +188,13 @@ public class ExtractIE { // implements BrowserActivity {
String url = values.length > 2 ? values[2] : ""; String url = values.length > 2 ? values[2] : "";
String value = values.length > 1 ? values[1] : ""; String value = values.length > 1 ? values[1] : "";
String name = values.length > 0 ? values[0] : ""; String name = values.length > 0 ? values[0] : "";
String datetime = Cookie.getCrtimeAsDate(); Long datetime = Cookie.getCrtime();
String domain = Util.extractDomain(url); String Tempdate = datetime.toString() + "000";
datetime = Long.valueOf(Tempdate);
String domain = url;
domain = domain.replaceFirst("^\\.+(?!$)", "");
domain = domain.replaceFirst("/", "");
try {
BlackboardArtifact bbart = Cookie.newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE); BlackboardArtifact bbart = Cookie.newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", url)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", url));
@ -198,44 +204,46 @@ public class ExtractIE { // implements BrowserActivity {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Internet Explorer")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Internet Explorer"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
} }
IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE)); IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE));
} } catch (Exception ex) {
catch(TskException ex)
{
logger.log(Level.WARNING, "Error while trying to retrieve content from the TSK .", ex); logger.log(Level.WARNING, "Error while trying to retrieve content from the TSK .", ex);
} }
catch(SQLException ioex)
{
logger.log(Level.WARNING, "Error while trying to retrieve files from the TSK .", ioex);
}
//Recent Documents section //Recent Documents section
// This gets the recent object info // This gets the recent object info
try try {
{
Case currentCase = Case.getCurrentCase(); // get the most updated case Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase(); SleuthkitCase tempDb = currentCase.getSleuthkitCase();
String allFS = new String(); String allFS = new String();
for (int i = 0; i < image.size(); i++) { for (int i = 0; i < image.size(); i++) {
if(i == 0) if (i == 0) {
allFS += " AND (0"; allFS += " AND (0";
}
allFS += " OR fs_obj_id = '" + image.get(i) + "'"; allFS += " OR fs_obj_id = '" + image.get(i) + "'";
if(i == image.size()-1) if (i == image.size() - 1) {
allFS += ")"; allFS += ")";
} }
List<FsContent> RecentList; }
List<FsContent> RecentList = new ArrayList<FsContent>();
try {
ResultSet rs = tempDb.runQuery(recentQuery + allFS); ResultSet rs = tempDb.runQuery(recentQuery + allFS);
RecentList = tempDb.resultSetToFsContents(rs); RecentList = tempDb.resultSetToFsContents(rs);
rs.close(); rs.close();
rs.getStatement().close(); rs.getStatement().close();
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
for(FsContent Recent : RecentList) for (FsContent Recent : RecentList) {
{
if (controller.isCancelled()) { if (controller.isCancelled()) {
break; break;
} }
@ -248,9 +256,7 @@ public class ExtractIE { // implements BrowserActivity {
bytesRead = fav.read(t, 0, fav.getSize()); // read the data bytesRead = fav.read(t, 0, fav.getSize()); // read the data
} }
// set the data on the bottom and show it // set the data on the bottom and show it
String recentString = new String(); String recentString = new String();
@ -261,7 +267,10 @@ public class ExtractIE { // implements BrowserActivity {
String path = Util.getPath(recentString); String path = Util.getPath(recentString);
String name = Util.getFileName(path); String name = Util.getFileName(path);
String datetime = Recent.getCrtimeAsDate(); Long datetime = Recent.getCrtime();
String Tempdate = datetime.toString() + "000";
datetime = Long.valueOf(Tempdate);
try {
BlackboardArtifact bbart = Recent.newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT); BlackboardArtifact bbart = Recent.newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "RecentActivity", "Last Visited", path)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "RecentActivity", "Last Visited", path));
@ -270,19 +279,17 @@ public class ExtractIE { // implements BrowserActivity {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Date Created", datetime)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Date Created", datetime));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Windows Explorer")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Windows Explorer"));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
} }
IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT)); IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT));
} } catch (Exception ex) {
catch(TskException ex)
{
logger.log(Level.WARNING, "Error while trying to retrieve content from the TSK .", ex); logger.log(Level.WARNING, "Error while trying to retrieve content from the TSK .", ex);
} }
catch(SQLException ioex)
{
logger.log(Level.WARNING, "Error while trying to retrieve files from the TSK .", ioex);
}
} }
@ -297,8 +304,7 @@ public class ExtractIE { // implements BrowserActivity {
final String caseDir = Case.getCurrentCase().getCaseDirectory(); final String caseDir = Case.getCurrentCase().getCaseDirectory();
PASCO_RESULTS_PATH = Case.getCurrentCase().getTempDirectory() + File.separator + "results"; PASCO_RESULTS_PATH = Case.getCurrentCase().getTempDirectory() + File.separator + "results";
JAVA_PATH = PlatformUtil.getJavaPath(); JAVA_PATH = PlatformUtil.getJavaPath();
if(JAVA_PATH == null || JAVA_PATH.isEmpty()) if (JAVA_PATH.isEmpty() || JAVA_PATH == null) {
{
JAVA_PATH = "java"; JAVA_PATH = "java";
} }
logger.log(Level.INFO, "Pasco results path: " + PASCO_RESULTS_PATH); logger.log(Level.INFO, "Pasco results path: " + PASCO_RESULTS_PATH);
@ -308,8 +314,7 @@ public class ExtractIE { // implements BrowserActivity {
logger.log(Level.SEVERE, "Pasco2 not found"); logger.log(Level.SEVERE, "Pasco2 not found");
pascoFound = false; pascoFound = false;
return; return;
} } else {
else {
pascoFound = true; pascoFound = true;
} }
@ -323,20 +328,26 @@ public class ExtractIE { // implements BrowserActivity {
File resultsDir = new File(PASCO_RESULTS_PATH); File resultsDir = new File(PASCO_RESULTS_PATH);
resultsDir.mkdirs(); resultsDir.mkdirs();
Collection<FsContent> FsContentCollection; Collection<FsContent> FsContentCollection = null;
tempDb = currentCase.getSleuthkitCase(); tempDb = currentCase.getSleuthkitCase();
String allFS = new String(); String allFS = new String();
for (int i = 0; i < image.size(); i++) { for (int i = 0; i < image.size(); i++) {
if(i == 0) if (i == 0) {
allFS += " AND (0"; allFS += " AND (0";
}
allFS += " OR fs_obj_id = '" + image.get(i) + "'"; allFS += " OR fs_obj_id = '" + image.get(i) + "'";
if(i == image.size()-1) if (i == image.size() - 1) {
allFS += ")"; allFS += ")";
} }
}
try {
ResultSet rs = tempDb.runQuery(indexDatQueryStr + allFS); ResultSet rs = tempDb.runQuery(indexDatQueryStr + allFS);
FsContentCollection = tempDb.resultSetToFsContents(rs); FsContentCollection = tempDb.resultSetToFsContents(rs);
rs.close(); rs.close();
rs.getStatement().close(); rs.getStatement().close();
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
String temps; String temps;
String indexFileName; String indexFileName;
@ -356,8 +367,7 @@ public class ExtractIE { // implements BrowserActivity {
} }
try { try {
ContentUtils.writeToFile(fsc, datFile); ContentUtils.writeToFile(fsc, datFile);
} } catch (IOException e) {
catch (IOException e) {
logger.log(Level.WARNING, "Error while trying to write index.dat file " + datFile.getAbsolutePath(), e); logger.log(Level.WARNING, "Error while trying to write index.dat file " + datFile.getAbsolutePath(), e);
} }
@ -384,8 +394,9 @@ public class ExtractIE { // implements BrowserActivity {
// TODO: Hardcoded command args/path needs to be removed. Maybe set some constants and set env variables for classpath // TODO: Hardcoded command args/path needs to be removed. Maybe set some constants and set env variables for classpath
// I'm not happy with this code. Can't stand making a system call, is not an acceptable solution but is a hack for now. // I'm not happy with this code. Can't stand making a system call, is not an acceptable solution but is a hack for now.
private boolean executePasco(String indexFilePath, int fileIndex) { private boolean executePasco(String indexFilePath, int fileIndex) {
if (pascoFound == false) if (pascoFound == false) {
return false; return false;
}
boolean success = true; boolean success = true;
try { try {
@ -399,7 +410,7 @@ public class ExtractIE { // implements BrowserActivity {
command.append(" > \"").append(PASCO_RESULTS_PATH).append("\\pasco2Result.").append(Integer.toString(fileIndex)).append(".txt\""); command.append(" > \"").append(PASCO_RESULTS_PATH).append("\\pasco2Result.").append(Integer.toString(fileIndex)).append(".txt\"");
// command.add(" > " + "\"" + PASCO_RESULTS_PATH + File.separator + Long.toString(bbId) + "\""); // command.add(" > " + "\"" + PASCO_RESULTS_PATH + File.separator + Long.toString(bbId) + "\"");
String cmd = command.toString(); String cmd = command.toString();
JavaSystemCaller.Exec.execute("\"\"" + JAVA_PATH + "\" "+cmd+ "\""); JavaSystemCaller.Exec.execute("\"" + JAVA_PATH + " " + cmd + "\"");
} catch (Exception e) { } catch (Exception e) {
success = false; success = false;
@ -410,8 +421,9 @@ public class ExtractIE { // implements BrowserActivity {
} }
public void parsePascoResults() { public void parsePascoResults() {
if (pascoFound == false) if (pascoFound == false) {
return; return;
}
// First thing we want to do is check to make sure the results directory // First thing we want to do is check to make sure the results directory
// is not empty. // is not empty.
File rFile = new File(PASCO_RESULTS_PATH); File rFile = new File(PASCO_RESULTS_PATH);
@ -462,8 +474,7 @@ public class ExtractIE { // implements BrowserActivity {
String user = ""; String user = "";
String realurl = ""; String realurl = "";
String domain = ""; String domain = "";
if(url.length > 1) if (url.length > 1) {
{
user = url[0]; user = url[0];
user = user.replace("Visited:", ""); user = user.replace("Visited:", "");
user = user.replace(":Host:", ""); user = user.replace(":Host:", "");
@ -474,7 +485,7 @@ public class ExtractIE { // implements BrowserActivity {
realurl = realurl.replaceAll(":(.*?):", ""); realurl = realurl.replaceAll(":(.*?):", "");
realurl = realurl.replace(":Host:", ""); realurl = realurl.replace(":Host:", "");
realurl = realurl.trim(); realurl = realurl.trim();
domain = Util.extractDomain(realurl); domain = Util.getBaseDomain(realurl);
} }
if (!ddtime.isEmpty()) { if (!ddtime.isEmpty()) {
ddtime = ddtime.replace("T", " "); ddtime = ddtime.replace("T", " ");
@ -484,13 +495,13 @@ public class ExtractIE { // implements BrowserActivity {
try { try {
Long epochtime = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'").parse(actime).getTime(); Long epochtime = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'").parse(actime).getTime();
ftime = epochtime.longValue(); ftime = epochtime.longValue();
} } catch (ParseException e) {
catch(ParseException e){
logger.log(Level.SEVERE, "ExtractIE::parsePascosResults() -> ", e.getMessage()); logger.log(Level.SEVERE, "ExtractIE::parsePascosResults() -> ", e.getMessage());
} }
} }
// TODO: Need to fix this so we have the right obj_id // TODO: Need to fix this so we have the right obj_id
try {
BlackboardArtifact bbart = tempDb.getContentById(artObjId).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); BlackboardArtifact bbart = tempDb.getContentById(artObjId).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", realurl)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", realurl));
@ -505,6 +516,9 @@ public class ExtractIE { // implements BrowserActivity {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USERNAME.getTypeID(), "RecentActivity", "", user)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USERNAME.getTypeID(), "RecentActivity", "", user));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
//KeyValueThing //KeyValueThing
//This will be redundant in terms IE.name() because of //This will be redundant in terms IE.name() because of
@ -514,8 +528,8 @@ public class ExtractIE { // implements BrowserActivity {
IE_PASCO_LUT.addMap(IE_OBJ); IE_PASCO_LUT.addMap(IE_OBJ);
PASCO_RESULTS_LIST.add(PASCO_RESULTS_LUT); PASCO_RESULTS_LIST.add(PASCO_RESULTS_LUT);
} catch (TskException ex) { } catch (Exception ex) {
Exceptions.printStackTrace(ex); logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
} }
} }

219
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -4,22 +4,14 @@
*/ */
package org.sleuthkit.autopsy.recentactivity; package org.sleuthkit.autopsy.recentactivity;
import java.io.BufferedReader;
import java.io.File; import java.io.File;
import java.io.FileInputStream; import java.io.*;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.sql.ResultSet; import java.sql.ResultSet;
import java.sql.SQLException; import java.text.ParseException;
import java.util.ArrayList; import java.text.SimpleDateFormat;
import java.util.Collection; import java.util.*;
import java.util.Iterator;
import java.util.List;
import java.util.Scanner;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import org.apache.commons.lang3.StringEscapeUtils;
import org.jdom.Document; import org.jdom.Document;
import org.jdom.Element; import org.jdom.Element;
import org.jdom.input.SAXBuilder; import org.jdom.input.SAXBuilder;
@ -27,15 +19,9 @@ import org.openide.modules.InstalledFileLocator;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; import org.sleuthkit.autopsy.ingest.IngestImageWorkerController;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.*;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.SleuthkitCase;
/** /**
* *
@ -47,130 +33,114 @@ public class ExtractRegistry {
private String RR_PATH; private String RR_PATH;
boolean rrFound = false; boolean rrFound = false;
private int sysid; private int sysid;
ExtractRegistry() { ExtractRegistry() {
final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false); final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false);
if (rrRoot == null) { if (rrRoot == null) {
logger.log(Level.SEVERE, "RegRipper not found"); logger.log(Level.SEVERE, "RegRipper not found");
rrFound = false; rrFound = false;
return; return;
} } else {
else {
rrFound = true; rrFound = true;
} }
try{ // try {
Case currentCase = Case.getCurrentCase(); // get the most updated case // Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase(); // SleuthkitCase tempDb = currentCase.getSleuthkitCase();
ResultSet artset = tempDb.runQuery("SELECT * from blackboard_artifact_types WHERE type_name = 'TSK_SYS_INFO'"); // ResultSet artset = tempDb.runQuery("SELECT * from blackboard_artifact_types WHERE type_name = 'TSK_SYS_INFO'");
//
while (artset.next()){ // while (artset.next()) {
sysid = artset.getInt("artifact_type_id"); // sysid = artset.getInt("artifact_type_id");
} // }
} // } catch (Exception e) {
catch(Exception e){ // }
}
final String rrHome = rrRoot.getAbsolutePath(); final String rrHome = rrRoot.getAbsolutePath();
logger.log(Level.INFO, "RegRipper home: " + rrHome); logger.log(Level.INFO, "RegRipper home: " + rrHome);
RR_PATH = rrHome + File.separator + "rip.exe"; RR_PATH = rrHome + File.separator + "rip.exe";
} }
public void getregistryfiles(List<String> image, IngestImageWorkerController controller) { public void getregistryfiles(List<String> image, IngestImageWorkerController controller) {
try try {
{
Case currentCase = Case.getCurrentCase(); // get the most updated case Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase(); SleuthkitCase tempDb = currentCase.getSleuthkitCase();
String allFS = new String(); String allFS = new String();
for (int i = 0; i < image.size(); i++) { for (int i = 0; i < image.size(); i++) {
if(i == 0) if (i == 0) {
allFS += " AND (0"; allFS += " AND (0";
}
allFS += " OR fs_obj_id = '" + image.get(i) + "'"; allFS += " OR fs_obj_id = '" + image.get(i) + "'";
if(i == image.size()-1) if (i == image.size() - 1) {
allFS += ")"; allFS += ")";
} }
List<FsContent> Regfiles; }
List<FsContent> Regfiles = new ArrayList<FsContent>();
try {
ResultSet rs = tempDb.runQuery("select * from tsk_files where lower(name) = 'ntuser.dat' OR lower(parent_path) LIKE '%/system32/config%' and (name LIKE 'system' OR name LIKE 'software' OR name = 'SECURITY' OR name = 'SAM' OR name = 'default')" + allFS); ResultSet rs = tempDb.runQuery("select * from tsk_files where lower(name) = 'ntuser.dat' OR lower(parent_path) LIKE '%/system32/config%' and (name LIKE 'system' OR name LIKE 'software' OR name = 'SECURITY' OR name = 'SAM' OR name = 'default')" + allFS);
Regfiles = tempDb.resultSetToFsContents(rs); Regfiles = tempDb.resultSetToFsContents(rs);
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
int j = 0; int j = 0;
while (j < Regfiles.size()) while (j < Regfiles.size()) {
{
boolean Success; boolean Success;
Content orgFS = Regfiles.get(j); Content orgFS = Regfiles.get(j);
long orgId = orgFS.getId(); long orgId = orgFS.getId();
String temps = currentCase.getTempDirectory() + "\\" + Regfiles.get(j).getName().toString(); String temps = currentCase.getTempDirectory() + "\\" + Regfiles.get(j).getName().toString();
try {
ContentUtils.writeToFile(Regfiles.get(j), new File(currentCase.getTempDirectory() + "\\" + Regfiles.get(j).getName())); ContentUtils.writeToFile(Regfiles.get(j), new File(currentCase.getTempDirectory() + "\\" + Regfiles.get(j).getName()));
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
File regFile = new File(temps); File regFile = new File(temps);
String txtPath = executeRegRip(temps, j); String txtPath = executeRegRip(temps, j);
if(txtPath.length() > 0) if (txtPath.length() > 0) {
{
Success = parseReg(txtPath, orgId); Success = parseReg(txtPath, orgId);
} } else {
else
{
Success = false; Success = false;
} }
//At this point pasco2 proccessed the index files. //At this point pasco2 proccessed the index files.
//Now fetch the results, parse them and the delete the files. //Now fetch the results, parse them and the delete the files.
if(Success) if (Success) {
{
//Delete dat file since it was succcessful //Delete dat file since it was succcessful
regFile.delete(); regFile.delete();
} }
j++; j++;
} }
} } catch (Exception ex) {
catch (SQLException ex)
{
logger.log(Level.WARNING, "Error while trying to get Registry files", ex); logger.log(Level.WARNING, "Error while trying to get Registry files", ex);
} }
catch(IOException ioex)
{
logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex);
}
}
}
// TODO: Hardcoded command args/path needs to be removed. Maybe set some constants and set env variables for classpath // TODO: Hardcoded command args/path needs to be removed. Maybe set some constants and set env variables for classpath
// I'm not happy with this code. Can't stand making a system call, is not an acceptable solution but is a hack for now. // I'm not happy with this code. Can't stand making a system call, is not an acceptable solution but is a hack for now.
private String executeRegRip(String regFilePath, int fileIndex) private String executeRegRip(String regFilePath, int fileIndex) {
{
String txtPath = regFilePath + Integer.toString(fileIndex) + ".txt"; String txtPath = regFilePath + Integer.toString(fileIndex) + ".txt";
String type = ""; String type = "";
try try {
{
if(regFilePath.toLowerCase().contains("system")) if (regFilePath.toLowerCase().contains("system")) {
{
type = "autopsysystem"; type = "autopsysystem";
} }
if(regFilePath.toLowerCase().contains("software")) if (regFilePath.toLowerCase().contains("software")) {
{
type = "autopsysoftware"; type = "autopsysoftware";
} }
if(regFilePath.toLowerCase().contains("ntuser")) if (regFilePath.toLowerCase().contains("ntuser")) {
{
type = "autopsy"; type = "autopsy";
} }
if(regFilePath.toLowerCase().contains("default")) if (regFilePath.toLowerCase().contains("default")) {
{
type = "1default"; type = "1default";
} }
if(regFilePath.toLowerCase().contains("sam")) if (regFilePath.toLowerCase().contains("sam")) {
{
type = "1sam"; type = "1sam";
} }
if(regFilePath.toLowerCase().contains("security")) if (regFilePath.toLowerCase().contains("security")) {
{
type = "1security"; type = "1security";
} }
@ -178,9 +148,7 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
JavaSystemCaller.Exec.execute("\"" + command + "\""); JavaSystemCaller.Exec.execute("\"" + command + "\"");
} } catch (Exception e) {
catch(Exception e)
{
logger.log(Level.SEVERE, "ExtractRegistry::executeRegRip() -> ", e.getMessage()); logger.log(Level.SEVERE, "ExtractRegistry::executeRegRip() -> ", e.getMessage());
} }
@ -188,15 +156,12 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
return txtPath; return txtPath;
} }
private boolean parseReg(String regRecord, long orgId) {
private boolean parseReg(String regRecord, long orgId)
{
Case currentCase = Case.getCurrentCase(); // get the most updated case Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase(); SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try { try {
File regfile = new File(regRecord); File regfile = new File(regRecord);
FileInputStream fstream = new FileInputStream(regfile); FileInputStream fstream = new FileInputStream(regfile);
InputStreamReader fstreamReader = new InputStreamReader(fstream, "UTF-8"); InputStreamReader fstreamReader = new InputStreamReader(fstream, "UTF-8");
BufferedReader input = new BufferedReader(fstreamReader); BufferedReader input = new BufferedReader(fstreamReader);
@ -216,25 +181,29 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
Element root = document.getRootElement(); Element root = document.getRootElement();
List<Element> types = root.getChildren(); List<Element> types = root.getChildren();
Iterator<Element> iterator = types.iterator(); Iterator<Element> iterator = types.iterator();
//for(int i = 0; i < types.size(); i++)
//for(Element tempnode : types)
while (iterator.hasNext()) { while (iterator.hasNext()) {
String time = ""; String etime = "";
String context = ""; String context = "";
Element tempnode = iterator.next(); Element tempnode = iterator.next();
// Element tempnode = types.get(i); // Element tempnode = types.get(i);
context = tempnode.getName(); context = tempnode.getName();
Element timenode = tempnode.getChild("time"); Element timenode = tempnode.getChild("time");
time = timenode.getTextTrim(); etime = timenode.getTextTrim();
Long time = null;
try {
Long epochtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(etime).getTime();
time = epochtime.longValue();
String Tempdate = time.toString();
time = Long.valueOf(Tempdate);
} catch (ParseException e) {
logger.log(Level.SEVERE, "RegRipper::Conversion on DateTime -> ", e.getMessage());
}
Element artroot = tempnode.getChild("artifacts"); Element artroot = tempnode.getChild("artifacts");
List<Element> artlist = artroot.getChildren(); List<Element> artlist = artroot.getChildren();
String winver = ""; String winver = "";
String installdate = ""; String installdate = "";
if (artlist.isEmpty()) { if (artlist.isEmpty()) {
} } else {
else{
Iterator<Element> aiterator = artlist.iterator(); Iterator<Element> aiterator = artlist.iterator();
while (aiterator.hasNext()) { while (aiterator.hasNext()) {
Element artnode = aiterator.next(); Element artnode = aiterator.next();
@ -248,66 +217,74 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", context, name)); // bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", context, name));
// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", context, value)); // bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", context, value));
// bbart.addAttributes(bbattributes); // bbart.addAttributes(bbattributes);
} else if ("usb".equals(context)) {
Long utime = null;
try {
utime = Long.parseLong(name);
String Tempdate = utime.toString() + "000";
utime = Long.valueOf(Tempdate);
} catch (Exception e) {
logger.log(Level.SEVERE, "RegRipper::Conversion on DateTime -> ", e.getMessage());
} }
else if("usb".equals(context)){
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_DEVICE_ATTACHED); BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_DEVICE_ATTACHED);
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, name)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, utime));
String dev = artnode.getAttributeValue("dev"); String dev = artnode.getAttributeValue("dev");
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID(), "RecentActivity", context, dev)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID(), "RecentActivity", context, dev));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_ID.getTypeID(), "RecentActivity", context, value)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_ID.getTypeID(), "RecentActivity", context, value));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} else if ("uninstall".equals(context)) {
Long ftime = null;
try {
Long epochtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(name).getTime();
ftime = epochtime.longValue();
} catch (ParseException e) {
logger.log(Level.SEVERE, "RegRipper::Conversion on DateTime -> ", e.getMessage());
} }
else if("uninstall".equals(context)){
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", context, value)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", context, value));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, ftime));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, name));
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG); BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG);
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} } else if ("WinVersion".equals(context)) {
else if("WinVersion".equals(context)){
if(name.contains("ProductName")) if (name.contains("ProductName")) {
{
winver = value; winver = value;
} }
if (name.contains("CSDVersion")) { if (name.contains("CSDVersion")) {
winver = winver + " " + value; winver = winver + " " + value;
} }
if(name.contains("InstallDate")) if (name.contains("InstallDate")) {
{
installdate = value; installdate = value;
Long installtime = null;
try {
Long epochtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(value).getTime();
installtime = epochtime.longValue();
String Tempdate = installtime.toString();
installtime = Long.valueOf(Tempdate);
} catch (ParseException e) {
logger.log(Level.SEVERE, "RegRipper::Conversion on DateTime -> ", e.getMessage());
}
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", context, winver)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", context, winver));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, installtime));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, installdate));
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG); BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG);
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} }
} } else {
else
{
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(sysid);
bbart.addAttributes(bbattributes);
}
}
// BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(sysid);
// bbart.addAttributes(bbattributes);
} }
} }
} }
catch (Exception ex) }
{ } catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a registry file." + ex); logger.log(Level.WARNING, "Error while trying to read into a registry file." + ex);
String sadafd = "";
} }
return true; return true;
} }
} }

249
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -1,30 +1,47 @@
/* /*
* To change this template, choose Tools | Templates *
* and open the template in the editor. * Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/ */
package org.sleuthkit.autopsy.recentactivity; package org.sleuthkit.autopsy.recentactivity;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.FsContent; import java.io.File;
import org.sleuthkit.datamodel.SleuthkitCase; import java.net.URLDecoder;
import org.sleuthkit.autopsy.datamodel.ContentUtils; import java.sql.ResultSet;
import java.sql.*; import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
//<editor-fold defaultstate="collapsed" desc="comment"> import org.sleuthkit.autopsy.casemodule.Case;
import java.lang.*; import org.sleuthkit.autopsy.datamodel.ContentUtils;
//</editor-fold>
import java.util.*;
import java.io.File;
import java.io.IOException;
import java.net.URLDecoder;
import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; import org.sleuthkit.autopsy.ingest.IngestImageWorkerController;
import org.sleuthkit.autopsy.ingest.IngestManager; import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.autopsy.ingest.ServiceDataEvent; import org.sleuthkit.autopsy.ingest.ServiceDataEvent;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifact.*;
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.SleuthkitCase;
/** /**
* *
* @author Alex * @author Alex
@ -33,64 +50,66 @@ public class Firefox {
private static final String ffquery = "SELECT moz_historyvisits.id,url,title,visit_count,(visit_date/1000) as visit_date,from_visit,(SELECT url FROM moz_places WHERE id=moz_historyvisits.from_visit) as ref FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND hidden = 0"; private static final String ffquery = "SELECT moz_historyvisits.id,url,title,visit_count,(visit_date/1000) as visit_date,from_visit,(SELECT url FROM moz_places WHERE id=moz_historyvisits.from_visit) as ref FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND hidden = 0";
private static final String ffcookiequery = "SELECT name,value,host,expiry,(lastAccessed/1000) as lastAccessed,(creationTime/1000) as creationTime FROM moz_cookies"; private static final String ffcookiequery = "SELECT name,value,host,expiry,(lastAccessed/1000) as lastAccessed,(creationTime/1000) as creationTime FROM moz_cookies";
private static final String ff3cookiequery = "SELECT name,value,host,expiry,(lastAccessed/1000) as lastAccessed FROM moz_cookies";
private static final String ffbookmarkquery = "SELECT fk, moz_bookmarks.title, url FROM moz_bookmarks INNER JOIN moz_places ON moz_bookmarks.fk=moz_places.id"; private static final String ffbookmarkquery = "SELECT fk, moz_bookmarks.title, url FROM moz_bookmarks INNER JOIN moz_places ON moz_bookmarks.fk=moz_places.id";
private static final String ffdownloadquery = "select target, source,(startTime/1000) as startTime, maxBytes from moz_downloads"; private static final String ffdownloadquery = "select target, source,(startTime/1000) as startTime, maxBytes from moz_downloads";
public Logger logger = Logger.getLogger(this.getClass().getName()); public Logger logger = Logger.getLogger(this.getClass().getName());
public int FireFoxCount = 0; public int FireFoxCount = 0;
public Firefox() { public Firefox() {
} }
public void getffdb(List<String> image, IngestImageWorkerController controller) { public void getffdb(List<String> image, IngestImageWorkerController controller) {
//Make these seperate, this is for history //Make these seperate, this is for history
try try {
{
Case currentCase = Case.getCurrentCase(); // get the most updated case Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase(); SleuthkitCase tempDb = currentCase.getSleuthkitCase();
String allFS = new String(); String allFS = new String();
for (int i = 0; i < image.size(); i++) { for (int i = 0; i < image.size(); i++) {
if(i == 0) if (i == 0) {
allFS += " AND (0"; allFS += " AND (0";
}
allFS += " OR fs_obj_id = '" + image.get(i) + "'"; allFS += " OR fs_obj_id = '" + image.get(i) + "'";
if(i == image.size()-1) if (i == image.size() - 1) {
allFS += ")"; allFS += ")";
} }
List<FsContent> FFSqlitedb; }
List<FsContent> FFSqlitedb = null;
try {
ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE '%places.sqlite%' and name NOT LIKE '%journal%' and parent_path LIKE '%Firefox%'" + allFS); ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE '%places.sqlite%' and name NOT LIKE '%journal%' and parent_path LIKE '%Firefox%'" + allFS);
FFSqlitedb = tempDb.resultSetToFsContents(rs); FFSqlitedb = tempDb.resultSetToFsContents(rs);
Statement s = rs.getStatement(); Statement s = rs.getStatement();
rs.close(); rs.close();
if (s != null) if (s != null) {
s.close(); s.close();
FireFoxCount = FFSqlitedb.size(); FireFoxCount = FFSqlitedb.size();
}
rs.close(); rs.close();
rs.getStatement().close(); rs.getStatement().close();
} catch (SQLException ex) {
logger.log(Level.WARNING, "Error while trying to get Firefox SQLite db.", ex);
}
int j = 0; int j = 0;
if(FFSqlitedb != null && !FFSqlitedb.isEmpty())
while (j < FFSqlitedb.size())
{ {
while (j < FFSqlitedb.size()) {
String temps = currentCase.getTempDirectory() + File.separator + FFSqlitedb.get(j).getName().toString() + j + ".db"; String temps = currentCase.getTempDirectory() + File.separator + FFSqlitedb.get(j).getName().toString() + j + ".db";
String connectionString = "jdbc:sqlite:" + temps; String connectionString = "jdbc:sqlite:" + temps;
try {
ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + File.separator + FFSqlitedb.get(j).getName().toString() + j + ".db")); ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + File.separator + FFSqlitedb.get(j).getName().toString() + j + ".db"));
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
File dbFile = new File(temps); File dbFile = new File(temps);
if (controller.isCancelled()) { if (controller.isCancelled()) {
dbFile.delete(); dbFile.delete();
break; break;
} }
try
{
dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString); dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString);
ResultSet temprs = tempdbconnect.executeQry(ffquery); ResultSet temprs = tempdbconnect.executeQry(ffquery);
while(temprs.next()) while (temprs.next()) {
{ try {
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", ((temprs.getString("url") != null) ? temprs.getString("url") : ""))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", ((temprs.getString("url") != null) ? temprs.getString("url") : "")));
@ -100,25 +119,20 @@ public class Firefox {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "FireFox")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "FireFox"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", (Util.extractDomain((temprs.getString("url") != null) ? temprs.getString("url") : "")))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", (Util.extractDomain((temprs.getString("url") != null) ? temprs.getString("url") : ""))));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex);
}
} }
temprs.close(); temprs.close();
tempdbconnect.closeConnection(); tempdbconnect.closeConnection();
}
catch (Exception ex)
{
logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex);
}
try
{
try {
dbconnect tempdbconnect2 = new dbconnect("org.sqlite.JDBC", connectionString); dbconnect tempdbconnect2 = new dbconnect("org.sqlite.JDBC", connectionString);
ResultSet tempbm = tempdbconnect2.executeQry(ffbookmarkquery); ResultSet tempbm = tempdbconnect2.executeQry(ffbookmarkquery);
while(tempbm.next()) while (tempbm.next()) {
{ try {
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK); BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", ((tempbm.getString("url") != null) ? tempbm.getString("url") : ""))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", ((tempbm.getString("url") != null) ? tempbm.getString("url") : "")));
@ -126,12 +140,13 @@ public class Firefox {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "FireFox")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "FireFox"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", Util.extractDomain(tempbm.getString("url")))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", Util.extractDomain(tempbm.getString("url"))));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
} }
tempbm.close(); tempbm.close();
tempdbconnect2.closeConnection(); tempdbconnect2.closeConnection();
} } catch (Exception ex) {
catch (Exception ex)
{
logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex);
} }
@ -142,173 +157,171 @@ public class Firefox {
IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY));
IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK));
} }
catch (SQLException ex)
{
logger.log(Level.WARNING, "Error while trying to get Firefox SQLite db.", ex);
} }
catch(IOException ioex) catch (Exception ex) {
{ logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex);
} }
//COOKIES section //COOKIES section
// This gets the cookie info // This gets the cookie info
try try {
{
Case currentCase = Case.getCurrentCase(); // get the most updated case Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase(); SleuthkitCase tempDb = currentCase.getSleuthkitCase();
String allFS = new String(); String allFS = new String();
for (int i = 0; i < image.size(); i++) { for (int i = 0; i < image.size(); i++) {
if(i == 0) if (i == 0) {
allFS += " AND (0"; allFS += " AND (0";
}
allFS += " OR fs_obj_id = '" + image.get(i) + "'"; allFS += " OR fs_obj_id = '" + image.get(i) + "'";
if(i == image.size()-1) if (i == image.size() - 1) {
allFS += ")"; allFS += ")";
} }
List<FsContent> FFSqlitedb; }
List<FsContent> FFSqlitedb = null;
try {
ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE '%cookies.sqlite%' and name NOT LIKE '%journal%' and parent_path LIKE '%Firefox%'" + allFS); ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE '%cookies.sqlite%' and name NOT LIKE '%journal%' and parent_path LIKE '%Firefox%'" + allFS);
FFSqlitedb = tempDb.resultSetToFsContents(rs); FFSqlitedb = tempDb.resultSetToFsContents(rs);
rs.close(); rs.close();
rs.getStatement().close(); rs.getStatement().close();
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
int j = 0; int j = 0;
if(FFSqlitedb != null && !FFSqlitedb.isEmpty())
while (j < FFSqlitedb.size())
{ {
while (j < FFSqlitedb.size()) {
String temps = currentCase.getTempDirectory() + File.separator + FFSqlitedb.get(j).getName().toString() + j + ".db"; String temps = currentCase.getTempDirectory() + File.separator + FFSqlitedb.get(j).getName().toString() + j + ".db";
String connectionString = "jdbc:sqlite:" + temps; String connectionString = "jdbc:sqlite:" + temps;
try {
ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + File.separator + FFSqlitedb.get(j).getName().toString() + j + ".db")); ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + File.separator + FFSqlitedb.get(j).getName().toString() + j + ".db"));
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
File dbFile = new File(temps); File dbFile = new File(temps);
if (controller.isCancelled()) { if (controller.isCancelled()) {
dbFile.delete(); dbFile.delete();
break; break;
} }
try boolean checkColumn = Util.checkColumn("creationTime", "moz_cookies", connectionString);
{ String query;
if (checkColumn) {
query = ffcookiequery;
} else {
query = ff3cookiequery;
}
try {
dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString); dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString);
ResultSet temprs = tempdbconnect.executeQry(ffcookiequery); ResultSet temprs = tempdbconnect.executeQry(query);
while(temprs.next()) while (temprs.next()) {
{ try {
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE); BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Last Visited", temprs.getLong("lastAccessed"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Last Visited", temprs.getLong("lastAccessed")));
if (checkColumn == true) {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Created", temprs.getLong("creationTime")));
}
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", "", temprs.getString("value"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", "", temprs.getString("value")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "Title", ((temprs.getString("name") != null) ? temprs.getString("name") : ""))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "Title", ((temprs.getString("name") != null) ? temprs.getString("name") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "FireFox")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "FireFox"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",temprs.getString("host"))); String domain = Util.getBaseDomain(temprs.getString("host"));
domain = domain.replaceFirst("^\\.+(?!$)", "");
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
} }
tempdbconnect.closeConnection(); tempdbconnect.closeConnection();
temprs.close(); temprs.close();
} } catch (Exception ex) {
catch (Exception ex)
{
logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex);
} }
j++; j++;
dbFile.delete(); dbFile.delete();
} }
IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE));
} }
catch (SQLException ex) IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE));
{ } catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to get Firefox SQLite db.", ex); logger.log(Level.WARNING, "Error while trying to get Firefox SQLite db.", ex);
} }
catch(IOException ioex)
{
logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex);
}
//Downloads section //Downloads section
// This gets the downloads info // This gets the downloads info
try try {
{
Case currentCase = Case.getCurrentCase(); // get the most updated case Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase(); SleuthkitCase tempDb = currentCase.getSleuthkitCase();
String allFS = new String(); String allFS = new String();
for (int i = 0; i < image.size(); i++) { for (int i = 0; i < image.size(); i++) {
if(i == 0) if (i == 0) {
allFS += " AND (0"; allFS += " AND (0";
}
allFS += " OR fs_obj_id = '" + image.get(i) + "'"; allFS += " OR fs_obj_id = '" + image.get(i) + "'";
if(i == image.size()-1) if (i == image.size() - 1) {
allFS += ")"; allFS += ")";
} }
List<FsContent> FFSqlitedb; }
List<FsContent> FFSqlitedb = null;
try {
ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'downloads.sqlite' and name NOT LIKE '%journal%' and parent_path LIKE '%Firefox%'" + allFS); ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'downloads.sqlite' and name NOT LIKE '%journal%' and parent_path LIKE '%Firefox%'" + allFS);
FFSqlitedb = tempDb.resultSetToFsContents(rs); FFSqlitedb = tempDb.resultSetToFsContents(rs);
rs.close(); rs.close();
rs.getStatement().close(); rs.getStatement().close();
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
int j = 0; int j = 0;
if(FFSqlitedb != null && !FFSqlitedb.isEmpty())
while (j < FFSqlitedb.size())
{ {
while (j < FFSqlitedb.size()) {
String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"; String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db";
String connectionString = "jdbc:sqlite:" + temps; String connectionString = "jdbc:sqlite:" + temps;
try {
ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"));
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
File dbFile = new File(temps); File dbFile = new File(temps);
if (controller.isCancelled()) { if (controller.isCancelled()) {
dbFile.delete(); dbFile.delete();
break; break;
} }
try try {
{
dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString); dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString);
ResultSet temprs = tempdbconnect.executeQry(ffdownloadquery); ResultSet temprs = tempdbconnect.executeQry(ffdownloadquery);
while(temprs.next()) while (temprs.next()) {
{ try {
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD); BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", temprs.getLong("startTime"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", temprs.getLong("startTime")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", ((temprs.getString("source") != null) ? temprs.getString("source") : ""))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", ((temprs.getString("source") != null) ? temprs.getString("source") : "")));
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "")));
String urldecodedtarget = URLDecoder.decode(temprs.getString("target").replaceAll("file:///", ""), "UTF-8"); String urldecodedtarget = URLDecoder.decode(temprs.getString("target").replaceAll("file:///", ""), "UTF-8");
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(), "RecentActivity", "", Util.findID(urldecodedtarget))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(), "RecentActivity", "", Util.findID(urldecodedtarget)));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "Recent Activity", "", urldecodedtarget)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "Recent Activity", "", urldecodedtarget));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", Util.extractDomain(temprs.getString("source")))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", Util.extractDomain(temprs.getString("source"))));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "FireFox")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "FireFox"));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
}
} }
tempdbconnect.closeConnection(); tempdbconnect.closeConnection();
temprs.close(); temprs.close();
} } catch (Exception ex) {
catch (Exception ex)
{
logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex);
} }
j++; j++;
dbFile.delete(); dbFile.delete();
} }
IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD));
} }
catch (SQLException ex) IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD));
{ } catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to get FireFox SQLite db.", ex); logger.log(Level.WARNING, "Error while trying to get FireFox SQLite db.", ex);
} }
catch(IOException ioex)
{
logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex);
} }
} }
}
//@Override
// public HashMap<String,String> ExtractActivity() {
// return ExtractActivity;
//
// }

44
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestService.java
View File

@ -1,8 +1,10 @@
/* /*
*
* Autopsy Forensic Browser * Autopsy Forensic Browser
* *
* Copyright 2011 Basis Technology Corp. * Copyright 2012 42six Solutions.
* Contact: carrier <at> sleuthkit <dot> org * Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -77,28 +79,21 @@ public final class RAImageIngestService implements IngestServiceImage {
try { try {
//do the work for(FileSystem img : imageFS ) //do the work for(FileSystem img : imageFS )
try{ // try {
ResultSet artset = sCurrentCase.runQuery("SELECT * from blackboard_artifact_types WHERE type_name = 'TSK_SYS_INFO'"); // ResultSet artset = sCurrentCase.runQuery("SELECT * from blackboard_artifact_types WHERE type_name = 'TSK_SYS_INFO'");
int artcount = 0; // int artcount = 0;
while (artset.next()){ // while (artset.next()) {
artcount++; // artcount++;
} // }
//
// artset.beforeFirst(); // // artset.beforeFirst();
if(artcount > 0) // if (artcount > 0) {
{ // } else {
// int artint = sCurrentCase.addArtifactType("TSK_SYS_INFO", "System Information");
} // }
else //
{ // } catch (Exception e) {
int artint = sCurrentCase.addArtifactType("TSK_SYS_INFO", "System Information"); // }
}
}
catch(Exception e)
{
}
ext.extractToBlackboard(controller, fsIds); ext.extractToBlackboard(controller, fsIds);
@ -182,5 +177,4 @@ public final class RAImageIngestService implements IngestServiceImage {
public boolean hasBackgroundJobsRunning() { public boolean hasBackgroundJobsRunning() {
return false; return false;
} }
} }

115
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Util.java
View File

@ -1,8 +1,25 @@
/* /*
* To change this template, choose Tools | Templates *
* and open the template in the editor. * Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/ */
package org.sleuthkit.autopsy.recentactivity; package org.sleuthkit.autopsy.recentactivity;
import java.io.File; import java.io.File;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.io.IOException; import java.io.IOException;
@ -24,15 +41,16 @@ import java.util.regex.Pattern;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.FsContent; import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
/** /**
* *
* @author Alex * @author Alex
*/ */
public class Util { public class Util {
private static Logger logger = Logger.getLogger(Util.class.getName()); private static Logger logger = Logger.getLogger(Util.class.getName());
private Util() { private Util() {
} }
public static boolean pathexists(String path) { public static boolean pathexists(String path) {
@ -52,10 +70,11 @@ public static String readFile(String path) throws IOException {
try { try {
FileChannel fc = stream.getChannel(); FileChannel fc = stream.getChannel();
MappedByteBuffer bb = fc.map(FileChannel.MapMode.READ_ONLY, 0, fc.size()); MappedByteBuffer bb = fc.map(FileChannel.MapMode.READ_ONLY, 0, fc.size());
/* Instead of using default, pass in a decoder. */ /*
* Instead of using default, pass in a decoder.
*/
return Charset.defaultCharset().decode(bb).toString(); return Charset.defaultCharset().decode(bb).toString();
} } finally {
finally {
stream.close(); stream.close();
} }
} }
@ -75,24 +94,39 @@ public static boolean imgpathexists(String path){
if (s != null) { if (s != null) {
s.close(); s.close();
} }
if(count > 0) if (count > 0) {
{
rt = true; rt = true;
} } else {
else
{
rt = false; rt = false;
} }
} } catch (SQLException ex) {
catch (SQLException ex)
{
//logger.log(Level.WARNING, "Error while trying to contact SQLite db.", ex); //logger.log(Level.WARNING, "Error while trying to contact SQLite db.", ex);
} }
return rt; return rt;
} }
public static String getBaseDomain(String url) {
String host = url;
int startIndex = 0;
int nextIndex = host.indexOf('.');
int lastIndex = host.lastIndexOf('.');
while (nextIndex < lastIndex) {
startIndex = nextIndex + 1;
nextIndex = host.indexOf('.', startIndex);
}
if (startIndex > 0) {
return host.substring(startIndex);
} else {
return host;
}
}
public static String extractDomain(String value) { public static String extractDomain(String value) {
if (value == null) throw new java.lang.NullPointerException("domains to extract"); if (value == null) {
throw new java.lang.NullPointerException("domains to extract");
}
String result = ""; String result = "";
// String domainPattern = "(\\w+)\\.(AC|AD|AE|AERO|AF|AG|AI|AL|AM|AN|AO|AQ|AR|ARPA|AS|ASIA|AT|AU|AW|AX|AZ|BA|BB|BD|BE|BF|BG|BH|BI|BIZ|BJ|BM|BN|BO|BR|BS|BT|BV|BW|BY|BZ|CA|CAT|CC|CD|CF|CG|CH|CI|CK|CL|CM|CN|CO|COM|COOP|CR|CU|CV|CW|CX|CY|CZ|DE|DJ|DK|DM|DO|DZ|EC|EDU|EE|EG|ER|ES|ET|EU|FI|FJ|FK|FM|FO|FR|GA|GB|GD|GE|GF|GG|GH|GI|GL|GM|GN|GOV|GP|GQ|GR|GS|GT|GU|GW|GY|HK|HM|HN|HR|HT|HU|ID|IE|IL|IM|IN|INFO|INT|IO|IQ|IR|IS|IT|JE|JM|JO|JOBS|JP|KE|KG|KH|KI|KM|KN|KP|KR|KW|KY|KZ|LA|LB|LC|LI|LK|LR|LS|LT|LU|LV|LY|MA|MC|MD|ME|MG|MH|MIL|MK|ML|MM|MN|MO|MOBI|MP|MQ|MR|MS|MT|MU|MUSEUM|MV|MW|MX|MY|MZ|NA|NAME|NC|NE|NET|NF|NG|NI|NL|NO|NP|NR|NU|NZ|OM|ORG|PA|PE|PF|PG|PH|PK|PL|PM|PN|PR|PRO|PS|PT|PW|PY|QA|RE|RO|RS|RU|RW|SA|SB|SC|SD|SE|SG|SH|SI|SJ|SK|SL|SM|SN|SO|SR|ST|SU|SV|SX|SY|SZ|TC|TD|TEL|TF|TG|TH|TJ|TK|TL|TM|TN|TO|TP|TR|TRAVEL|TT|TV|TW|TZ|UA|UG|UK|US|UY|UZ|VA|VC|VE|VG|VI|VN|VU|WF|WS|XXX|YE|YT|ZA|ZM|ZW(co\\.[a-z].))"; // String domainPattern = "(\\w+)\\.(AC|AD|AE|AERO|AF|AG|AI|AL|AM|AN|AO|AQ|AR|ARPA|AS|ASIA|AT|AU|AW|AX|AZ|BA|BB|BD|BE|BF|BG|BH|BI|BIZ|BJ|BM|BN|BO|BR|BS|BT|BV|BW|BY|BZ|CA|CAT|CC|CD|CF|CG|CH|CI|CK|CL|CM|CN|CO|COM|COOP|CR|CU|CV|CW|CX|CY|CZ|DE|DJ|DK|DM|DO|DZ|EC|EDU|EE|EG|ER|ES|ET|EU|FI|FJ|FK|FM|FO|FR|GA|GB|GD|GE|GF|GG|GH|GI|GL|GM|GN|GOV|GP|GQ|GR|GS|GT|GU|GW|GY|HK|HM|HN|HR|HT|HU|ID|IE|IL|IM|IN|INFO|INT|IO|IQ|IR|IS|IT|JE|JM|JO|JOBS|JP|KE|KG|KH|KI|KM|KN|KP|KR|KW|KY|KZ|LA|LB|LC|LI|LK|LR|LS|LT|LU|LV|LY|MA|MC|MD|ME|MG|MH|MIL|MK|ML|MM|MN|MO|MOBI|MP|MQ|MR|MS|MT|MU|MUSEUM|MV|MW|MX|MY|MZ|NA|NAME|NC|NE|NET|NF|NG|NI|NL|NO|NP|NR|NU|NZ|OM|ORG|PA|PE|PF|PG|PH|PK|PL|PM|PN|PR|PRO|PS|PT|PW|PY|QA|RE|RO|RS|RU|RW|SA|SB|SC|SD|SE|SG|SH|SI|SJ|SK|SL|SM|SN|SO|SR|ST|SU|SV|SX|SY|SZ|TC|TD|TEL|TF|TG|TH|TJ|TK|TL|TM|TN|TO|TP|TR|TRAVEL|TT|TV|TW|TZ|UA|UG|UK|US|UY|UZ|VA|VC|VE|VG|VI|VN|VU|WF|WS|XXX|YE|YT|ZA|ZM|ZW(co\\.[a-z].))";
// Pattern p = Pattern.compile(domainPattern,Pattern.CASE_INSENSITIVE); // Pattern p = Pattern.compile(domainPattern,Pattern.CASE_INSENSITIVE);
@ -103,9 +137,9 @@ public static String extractDomain(String value){
try { try {
URL url = new URL(value); URL url = new URL(value);
result = url.getHost(); result = url.getHost();
} } catch (Exception e)
catch(Exception e){ {
logger.log(Level.WARNING, "Error while trying to convert url to domain." + value, e);
} }
return result; return result;
@ -117,8 +151,7 @@ public static String getFileName(String value){
Pattern p = Pattern.compile(filematch, Pattern.CASE_INSENSITIVE | Pattern.DOTALL | Pattern.COMMENTS); Pattern p = Pattern.compile(filematch, Pattern.CASE_INSENSITIVE | Pattern.DOTALL | Pattern.COMMENTS);
Matcher m = p.matcher(value); Matcher m = p.matcher(value);
if (m.find()) if (m.find()) {
{
filename = m.group(1); filename = m.group(1);
} }
@ -134,8 +167,7 @@ public static String getPath(String txt){
String drive = "([a-z]:\\\\\\S.+)"; String drive = "([a-z]:\\\\\\S.+)";
Pattern p = Pattern.compile(drive, Pattern.CASE_INSENSITIVE | Pattern.COMMENTS); Pattern p = Pattern.compile(drive, Pattern.CASE_INSENSITIVE | Pattern.COMMENTS);
Matcher m = p.matcher(txt); Matcher m = p.matcher(txt);
if (m.find()) if (m.find()) {
{
path = m.group(1); path = m.group(1);
} else { } else {
@ -144,8 +176,7 @@ public static String getPath(String txt){
Pattern p2 = Pattern.compile(network, Pattern.CASE_INSENSITIVE | Pattern.DOTALL); Pattern p2 = Pattern.compile(network, Pattern.CASE_INSENSITIVE | Pattern.DOTALL);
Matcher m2 = p2.matcher(txt); Matcher m2 = p2.matcher(txt);
if (m2.find()) if (m2.find()) {
{
path = m2.group(1); path = m2.group(1);
} }
} }
@ -154,8 +185,9 @@ public static String getPath(String txt){
public static long findID(String path) { public static long findID(String path) {
String parent_path = path.replace('\\', '/'); // fix Chrome paths String parent_path = path.replace('\\', '/'); // fix Chrome paths
if(parent_path.length() > 2 && parent_path.charAt(1) == ':') if (parent_path.length() > 2 && parent_path.charAt(1) == ':') {
parent_path = parent_path.substring(2); // remove drive letter (e.g., 'C:') parent_path = parent_path.substring(2); // remove drive letter (e.g., 'C:')
}
int index = parent_path.lastIndexOf('/'); int index = parent_path.lastIndexOf('/');
String name = parent_path.substring(++index); String name = parent_path.substring(++index);
parent_path = parent_path.substring(0, index); parent_path = parent_path.substring(0, index);
@ -167,8 +199,9 @@ public static long findID(String path) {
List<FsContent> results = tempDb.resultSetToFsContents(rs); List<FsContent> results = tempDb.resultSetToFsContents(rs);
Statement s = rs.getStatement(); Statement s = rs.getStatement();
rs.close(); rs.close();
if (s != null) if (s != null) {
s.close(); s.close();
}
if (results.size() > 0) { if (results.size() > 0) {
return results.get(0).getId(); return results.get(0).getId();
} }
@ -177,4 +210,34 @@ public static long findID(String path) {
} }
return -1; return -1;
} }
public static boolean checkColumn(String column, String tablename, String connection) {
String query = "PRAGMA table_info(" + tablename + ")";
boolean found = false;
ResultSet temprs;
try {
dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connection);
temprs = tempdbconnect.executeQry(query);
while (temprs.next()) {
if (temprs.getString("name") == null ? column == null : temprs.getString("name").equals(column)) {
found = true;
}
}
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to get columns from sqlite db." + connection, ex);
}
return found;
}
public static ResultSet runQuery(String query, String connection) {
ResultSet results = null;
try {
dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connection);
results = tempdbconnect.executeQry(query);
tempdbconnect.closeConnection();
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to get columns from sqlite db." + connection, ex);
}
return results;
}
} }

3
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/dbconnect.java
View File

@ -15,9 +15,6 @@ import java.sql.*;
public dbconnect(String sDriverForClass, String sUrlKey) throws Exception public dbconnect(String sDriverForClass, String sUrlKey) throws Exception
{ {
init(sDriverForClass, sUrlKey); init(sDriverForClass, sUrlKey);
//Statement stmt = conn.createStatement();
//String selecthistory = "SELECT moz_historyvisits.id,url,title,visit_count,visit_date,from_visit,rev_host FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND hidden = 0";
// ResultSet rs = stmt.executeQuery(selecthistory);
} }

8
Report/nbproject/genfiles.properties
View File

@ -1,8 +1,8 @@
build.xml.data.CRC32=38c0b1aa build.xml.data.CRC32=d88c1ca9
build.xml.script.CRC32=bbb1c310 build.xml.script.CRC32=bbb1c310
build.xml.stylesheet.CRC32=a56c6a5b@1.46.1 build.xml.stylesheet.CRC32=a56c6a5b@1.46.2
# This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml. # This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml.
# Do not edit this file. You may delete it but then the IDE will never regenerate such files for you. # Do not edit this file. You may delete it but then the IDE will never regenerate such files for you.
nbproject/build-impl.xml.data.CRC32=38c0b1aa nbproject/build-impl.xml.data.CRC32=d88c1ca9
nbproject/build-impl.xml.script.CRC32=1562aec2 nbproject/build-impl.xml.script.CRC32=1562aec2
nbproject/build-impl.xml.stylesheet.CRC32=238281d1@1.46.1 nbproject/build-impl.xml.stylesheet.CRC32=238281d1@1.46.2

8
Report/nbproject/project.xml
View File

@ -135,6 +135,14 @@
<specification-version>0.0</specification-version> <specification-version>0.0</specification-version>
</run-dependency> </run-dependency>
</dependency> </dependency>
<dependency>
<code-name-base>org.sleuthkit.autopsy.recentactivity</code-name-base>
<build-prerequisite/>
<compile-dependency/>
<run-dependency>
<specification-version>1.0</specification-version>
</run-dependency>
</dependency>
</module-dependencies> </module-dependencies>
<public-packages/> <public-packages/>
<class-path-extension> <class-path-extension>

29
Report/src/org/sleuthkit/autopsy/report/Bundle.properties
View File

@ -1,18 +1,13 @@
OpenIDE-Module-Name=Report OpenIDE-Module-Name=Report
reportFilter.jCheckBox1.text=Internet History Toolbars/Reports/org-sleuthkit-autopsy-report-ReportAction.shadow=Reports
reportFilter.jCheckBox2.text=General Info ReportFilter.progBar.string=
reportFilter.jCheckBox3.text=Keyword Hits ReportFilter.cancelButton.actionCommand=
reportFilter.jCheckBox4.text=Hashlist Hits ReportFilter.cancelButton.text=Cancel
reportFilter.jCheckBox5.text=System Information ReportFilter.jButton1.text=Generate Report
reportFilter.jButton1.text=Generate Report ReportFilter.jButton2.label=
Toolbars/Reports/org-sleuthkit-autopsy-report-reportAction.shadow=Reports ReportFilter.jButton2.actionCommand=
reportPanel.jButton1.text=Close ReportFilter.jButton2.text=
reportFilter.cancelButton.text=Cancel ReportPanel.jLabel1.text=jLabel1
reportFilter.cancelButton.actionCommand= ReportPanel.saveReport.actionCommand=
reportFilter.jButton2.actionCommand= ReportPanel.saveReport.text=Export Report...
reportFilter.jButton2.label= ReportPanel.jButton1.text=Close
reportFilter.jButton2.text=
reportPanel.saveReport.actionCommand=
reportPanel.saveReport.text=Export Report...
reportFilter.progBar.string=
reportPanel.jLabel1.text=jLabel1

125
Report/src/org/sleuthkit/autopsy/report/Report.java Normal file
View File

@ -0,0 +1,125 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.SleuthkitCase;
import java.sql.*;
import org.sleuthkit.autopsy.recentactivity.dbconnect;
/**
*
* @author Alex
*/
public class Report {
private void Report() {
}
public String getGroupedKeywordHit() {
StringBuilder table = new StringBuilder();
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try {
ReportUtils util = new ReportUtils();
util.copy(new FileInputStream(currentCase.getCaseDirectory()+File.separator+"autopsy.db"), new FileOutputStream(currentCase.getCaseDirectory()+File.separator+"autopsy-copy.db"));
dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", "jdbc:sqlite:"+currentCase.getCaseDirectory()+File.separator+"autopsy-copy.db");
tempdbconnect.executeStmt("DROP TABLE IF EXISTS report_keyword;");
tempdbconnect.executeStmt("DROP TABLE IF EXISTS report_preview;");
tempdbconnect.executeStmt("DROP TABLE IF EXISTS report_exp;");
tempdbconnect.executeStmt("DROP TABLE IF EXISTS report_name;");
tempdbconnect.executeStmt("DROP TABLE IF EXISTS report;");
String temp1 = "CREATE TABLE report_keyword AS SELECT value_text as keyword,blackboard_attributes.attribute_type_id, blackboard_attributes.artifact_id FROM blackboard_attributes WHERE attribute_type_id = 10;";
String temp2 = "CREATE TABLE report_preview AS SELECT value_text as preview, blackboard_attributes.attribute_type_id, blackboard_attributes.artifact_id FROM blackboard_attributes WHERE attribute_type_id = 11;";
String temp3 = "CREATE TABLE report_exp AS SELECT value_text as exp, blackboard_attributes.attribute_type_id, blackboard_attributes.artifact_id FROM blackboard_attributes WHERE attribute_type_id = 12;";
String temp4 = "CREATE TABLE report_name AS SELECT name, report_keyword.artifact_id from tsk_files,blackboard_artifacts, report_keyword WHERE blackboard_artifacts.artifact_id = report_keyword.artifact_id AND blackboard_artifacts.obj_id = tsk_files.obj_id;";
String temp5 = "CREATE TABLE report AS SELECT keyword,preview,exp, name from report_keyword INNER JOIN report_preview ON report_keyword.artifact_id=report_preview.artifact_id INNER JOIN report_exp ON report_preview.artifact_id=report_exp.artifact_id INNER JOIN report_name ON report_exp.artifact_id=report_name.artifact_id;";
tempdbconnect.executeStmt(temp1);
tempdbconnect.executeStmt(temp2);
tempdbconnect.executeStmt(temp3);
tempdbconnect.executeStmt(temp4);
tempdbconnect.executeStmt(temp5);
ResultSet uniqueresults = tempdbconnect.executeQry("SELECT keyword, preview, exp, name FROM report ORDER BY keyword ASC");
String keyword = "";
while (uniqueresults.next()) {
if(uniqueresults.getString("keyword") == null ? keyword == null : uniqueresults.getString("keyword").equals(keyword))
{
}
else{
table.append("</tbody></table><br /><br />");
keyword = uniqueresults.getString("keyword");
table.append("<strong>").append(keyword).append("</strong>");
table.append("<table><thead><tr><th>").append("File Name").append("</th><th>Preview</th><th>Keyword List</th></tr><tbody>");
}
table.append("<tr><td>").append(uniqueresults.getString("name")).append("</td>");
table.append("<td>").append(uniqueresults.getString("preview")).append("</td>").append("<td>").append(uniqueresults.getString("exp")).append("</td>").append("</tr>");
}
tempdbconnect.executeStmt("DROP TABLE IF EXISTS report_keyword;");
tempdbconnect.executeStmt("DROP TABLE IF EXISTS report_preview;");
tempdbconnect.executeStmt("DROP TABLE IF EXISTS report_exp;");
tempdbconnect.executeStmt("DROP TABLE IF EXISTS report_name;");
tempdbconnect.executeStmt("DROP TABLE IF EXISTS report;");
tempdbconnect.closeConnection();
File f1 = new File(currentCase.getCaseDirectory()+File.separator+"autopsy-copy.db");
boolean success = f1.delete();
} catch (Exception e) {
Logger.getLogger(Report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return table.toString();
}
public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getAllTypes(ReportConfiguration config) {
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try {
for (Map.Entry<BlackboardArtifact.ARTIFACT_TYPE, Boolean> entry : config.config.entrySet()) {
if (entry.getValue()) {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(entry.getKey());
for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
}
} catch (Exception e) {
Logger.getLogger(Report.class.getName()).log(Level.INFO, "Exception occurred", e);
}
return reportMap;
}
}

316
Report/src/org/sleuthkit/autopsy/report/ReportAction.java Normal file
View File

@ -0,0 +1,316 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.awt.*;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.awt.event.ItemEvent;
import java.awt.event.ItemListener;
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import java.io.File;
import java.util.ArrayList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.swing.*;
import javax.swing.border.Border;
import org.openide.awt.ActionID;
import org.openide.awt.ActionReference;
import org.openide.awt.ActionReferences;
import org.openide.awt.ActionRegistration;
import org.openide.util.HelpCtx;
import org.openide.util.Lookup;
import org.openide.util.NbBundle.Messages;
import org.openide.util.actions.CallableSystemAction;
import org.openide.util.actions.Presenter;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.coreutils.Log;
import org.sleuthkit.datamodel.BlackboardArtifact;
@ActionID(category = "Tools", id = "org.sleuthkit.autopsy.report.ReportAction")
@ActionRegistration(displayName = "#CTL_ReportAction")
@ActionReferences(value = {
@ActionReference(path = "Menu/Tools", position = 80)})
@Messages(value = "CTL_ReportAction=Run Report")
public final class ReportAction extends CallableSystemAction implements Presenter.Toolbar {
private JButton toolbarButton = new JButton();
private static final String ACTION_NAME = "Generate Report";
static final Logger logger = Logger.getLogger(ReportAction.class.getName());
private JPanel panel;
public static ArrayList<JCheckBox> reportList = new ArrayList<JCheckBox>();
public static String preview;
public static ReportConfiguration config;
public ReportAction() {
setEnabled(false);
Case.addPropertyChangeListener(new PropertyChangeListener() {
@Override
public void propertyChange(PropertyChangeEvent evt) {
if (evt.getPropertyName().equals(Case.CASE_CURRENT_CASE)) {
setEnabled(evt.getNewValue() != null);
}
}
});
//attempt to create a report folder if a case is active
Case.addPropertyChangeListener(new PropertyChangeListener() {
@Override
public void propertyChange(PropertyChangeEvent evt) {
String changed = evt.getPropertyName();
//case has been changed
if (changed.equals(Case.CASE_CURRENT_CASE)) {
Case newCase = (Case) evt.getNewValue();
if (newCase != null) {
boolean exists = (new File(newCase.getCaseDirectory() + File.separator + "Reports")).exists();
if (exists) {
// report directory exists -- don't need to do anything
} else {
// report directory does not exist -- create it
boolean reportCreate = (new File(newCase.getCaseDirectory() + File.separator + "Reports")).mkdirs();
if (!reportCreate) {
logger.log(Level.WARNING, "Could not create Reports directory for case. It does not exist.");
}
}
}
}
}
});
// set action of the toolbar button
toolbarButton.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
ReportAction.this.actionPerformed(e);
}
});
}
private class reportListener implements ItemListener {
@Override
public void itemStateChanged(ItemEvent e) {
Object source = e.getItem();
JCheckBox comp = (JCheckBox) source;
String name = comp.getName();
JRadioButton buttan = null;
Component[] comps = comp.getParent().getComponents();
for (Component c : comps) {
if (c.getName().equals(name + "p")) {
buttan = (JRadioButton) c;
}
}
if (e.getStateChange() == ItemEvent.DESELECTED) {
buttan.setEnabled(false);
}
if (e.getStateChange() == ItemEvent.SELECTED) {
buttan.setEnabled(true);
}
}
};
private class configListener implements ItemListener {
@Override
public void itemStateChanged(ItemEvent e) {
Object source = e.getItem();
JCheckBox comp = (JCheckBox) source;
String name = comp.getName();
BlackboardArtifact.ARTIFACT_TYPE type = BlackboardArtifact.ARTIFACT_TYPE.valueOf(name);
if (e.getStateChange() == ItemEvent.DESELECTED) {
try {
config.setGenArtifactType(type, Boolean.FALSE);
} catch (ReportModuleException ex) {
}
}
if (e.getStateChange() == ItemEvent.SELECTED) {
try {
config.setGenArtifactType(type, Boolean.TRUE);
} catch (ReportModuleException ex) {
}
}
}
};
private class previewListener implements ItemListener {
@Override
public void itemStateChanged(ItemEvent e) {
Object source = e.getItem();
JRadioButton comp = (JRadioButton) source;
String name = comp.getName();
JRadioButton buttan = new JRadioButton();
Component[] comps = comp.getParent().getComponents();
for (Component c : comps) {
if (c.getName().equals(name)) {
buttan = (JRadioButton) c;
}
}
if (e.getStateChange() == ItemEvent.SELECTED) {
String temp = buttan.getName();
temp = temp.substring(0, temp.length()-1);
preview = temp;
}
}
};
@Override
public void actionPerformed(ActionEvent e) {
try {
// create the popUp window for it
final JFrame frame = new JFrame(ACTION_NAME);
final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal
popUpWindow.setLayout(new GridLayout(0, 1));
// initialize panel with loaded settings
final ReportFilter panel = new ReportFilter();
panel.setjButton2ActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
popUpWindow.dispose();
}
});
final reportListener listener = new reportListener();
final configListener clistener = new configListener();
final previewListener plistener = new previewListener();
preview = "";
reportList.clear();
config = new ReportConfiguration();
final JPanel filterpanel = new JPanel(new GridLayout(0, 2, 5, 5));
final JPanel artpanel = new JPanel(new GridLayout(0, 3, 5, 5));
SwingUtilities.invokeLater(new Runnable() {
@Override
public void run() {
Border border = BorderFactory.createTitledBorder("Reporting Modules");
filterpanel.setBorder(border);
filterpanel.setComponentOrientation(ComponentOrientation.LEFT_TO_RIGHT);
filterpanel.setAlignmentY(Component.TOP_ALIGNMENT);
filterpanel.setAlignmentX(Component.LEFT_ALIGNMENT);
filterpanel.setSize(300, 100);
ButtonGroup previewGroup = new ButtonGroup();
for (ReportModule m : Lookup.getDefault().lookupAll(ReportModule.class)) {
String name = m.getName();
String desc = m.getReportTypeDescription();
JCheckBox ch = new JCheckBox();
ch.setAlignmentY(Component.TOP_ALIGNMENT);
ch.setText(name);
ch.setName(m.getClass().getName());
ch.setToolTipText(desc);
ch.setSelected(true);
JRadioButton cb = new JRadioButton("Preview");
previewGroup.add(cb);
cb.setName(m.getClass().getName() + "p");
cb.addItemListener(plistener);
filterpanel.add(cb, 0);
ch.addItemListener(listener);
reportList.add(ch);
filterpanel.add(ch, 0);
}
Border artborder = BorderFactory.createTitledBorder("Report Data");
artpanel.setBorder(artborder);
artpanel.setComponentOrientation(ComponentOrientation.LEFT_TO_RIGHT);
artpanel.setAlignmentY(Component.TOP_ALIGNMENT);
artpanel.setAlignmentX(Component.LEFT_ALIGNMENT);
artpanel.setSize(300, 100);
for (BlackboardArtifact.ARTIFACT_TYPE a : panel.config.config.keySet()) {
JCheckBox ce = new JCheckBox();
ce.setText(a.getDisplayName());
ce.setToolTipText(a.getDisplayName());
ce.setName(a.getLabel());
ce.setSelected(true);
ce.addItemListener(clistener);
artpanel.add(ce);
}
}
});
popUpWindow.add(filterpanel, 0);
popUpWindow.add(artpanel, 1);
// add the panel to the popup window
popUpWindow.add(panel, 2);
popUpWindow.pack();
popUpWindow.setResizable(false);
// set the location of the popUp Window on the center of the screen
Dimension screenDimension = Toolkit.getDefaultToolkit().getScreenSize();
double w = popUpWindow.getSize().getWidth();
double h = popUpWindow.getSize().getHeight();
popUpWindow.setLocation((int) ((screenDimension.getWidth() - w) / 2), (int) ((screenDimension.getHeight() - h) / 2));
// display the window
popUpWindow.setVisible(true);
// add the command to close the window to the button on the Case Properties form / panel
} catch (Exception ex) {
Log.get(ReportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex);
}
}
@Override
public void performAction() {
}
@Override
public String getName() {
return ACTION_NAME;
}
@Override
public HelpCtx getHelpCtx() {
return HelpCtx.DEFAULT_HELP;
}
/**
* Returns the toolbar component of this action
*
* @return component the toolbar button
*/
@Override
public Component getToolbarPresenter() {
ImageIcon icon = new ImageIcon(getClass().getResource("btn_icon_generate_report.png"));
toolbarButton.setIcon(icon);
toolbarButton.setText("Generate Report");
return toolbarButton;
}
/**
* Set this action to be enabled/disabled
*
* @param value whether to enable this action or not
*/
@Override
public void setEnabled(boolean value) {
super.setEnabled(value);
toolbarButton.setEnabled(value);
}
}

138
Report/src/org/sleuthkit/autopsy/report/ReportConfiguration.java Normal file
View File

@ -0,0 +1,138 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.util.ArrayList;
import java.util.EnumMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.SleuthkitCase;
/**
* Configures which parts of report were requested e.g. based on user input Some
* specialized reporting modules may choose not to generate all requested
* sections and some modules may generate additional, specialized sections
*
*/
class ReportConfiguration {
//base data structure
Map<BlackboardArtifact.ARTIFACT_TYPE, Boolean> config = new EnumMap<BlackboardArtifact.ARTIFACT_TYPE, Boolean>(BlackboardArtifact.ARTIFACT_TYPE.class);
private final Logger logger = Logger.getLogger(this.getClass().getName());
ReportConfiguration() {
//clear the config just incase before we get the list from the db again
config.clear();
//now lets get the list from the tsk and current case
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
try {
ArrayList<BlackboardArtifact.ARTIFACT_TYPE> arttypes = skCase.getBlackboardArtifactTypes();
for (BlackboardArtifact.ARTIFACT_TYPE type : arttypes) {
config.put(type, Boolean.TRUE);
}
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to retrieve list of artifact types from the TSK case .", ex);
}
}
;
/**regets everything that occurs in the constructor normally
*
* @throws ReportModuleException
*/
public void getAllTypes() throws ReportModuleException {
config.clear();
//now lets get the list from the tsk and current case
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
try {
ArrayList<BlackboardArtifact.ARTIFACT_TYPE> arttypes = skCase.getBlackboardArtifactTypes();
for (BlackboardArtifact.ARTIFACT_TYPE type : arttypes) {
config.put(type, Boolean.TRUE);
}
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to retrieve list of artifact types from the TSK case .", ex);
}
}
;
/**setters for generally supported report parts
*
*/
public void setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE type, Boolean value) throws ReportModuleException {
if (config.containsKey(type)) {
config.put(type, value);
} else {
throw new ReportModuleException("The following artifact type is not present:" + type);
}
}
;
/**This allows all that setting to happen in groups
*
*/
public void setGenArtifactType(ArrayList<BlackboardArtifact.ARTIFACT_TYPE> typeList, boolean value) throws ReportModuleException {
for (BlackboardArtifact.ARTIFACT_TYPE type : typeList) {
if (config.containsKey(type)) {
config.put(type, value);
} else {
throw new ReportModuleException("The following artifact type is not present:" + type);
}
}
}
;
/** getters for generally supported report parts
*
*/
public boolean getGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE type) throws ReportModuleException {
boolean value = false;
if (config.containsKey(type)) {
value = config.get(type);
} else {
throw new ReportModuleException("The following artifact type is not present:" + type);
}
return value;
}
public void resetGenArtifactTypes() {
for (Map.Entry<BlackboardArtifact.ARTIFACT_TYPE, Boolean> entry : config.entrySet()) {
config.put(entry.getKey(), Boolean.FALSE);
}
}
}

115
Report/src/org/sleuthkit/autopsy/report/ReportFilter.form Normal file
View File

@ -0,0 +1,115 @@
<?xml version="1.0" encoding="UTF-8" ?>
<Form version="1.5" maxVersion="1.7" type="org.netbeans.modules.form.forminfo.JPanelFormInfo">
<NonVisualComponents>
<Component class="javax.swing.JButton" name="jButton2">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportFilter.jButton2.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="actionCommand" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportFilter.jButton2.actionCommand" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="label" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportFilter.jButton2.label" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
</Component>
</NonVisualComponents>
<Properties>
<Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[325, 75]"/>
</Property>
</Properties>
<AuxValues>
<AuxValue name="FormSettings_autoResourcing" type="java.lang.Integer" value="1"/>
<AuxValue name="FormSettings_autoSetComponentName" type="java.lang.Boolean" value="false"/>
<AuxValue name="FormSettings_generateFQN" type="java.lang.Boolean" value="true"/>
<AuxValue name="FormSettings_generateMnemonicsCode" type="java.lang.Boolean" value="false"/>
<AuxValue name="FormSettings_i18nAutoMode" type="java.lang.Boolean" value="true"/>
<AuxValue name="FormSettings_layoutCodeTarget" type="java.lang.Integer" value="1"/>
<AuxValue name="FormSettings_listenerGenerationStyle" type="java.lang.Integer" value="0"/>
<AuxValue name="FormSettings_variablesLocal" type="java.lang.Boolean" value="false"/>
<AuxValue name="FormSettings_variablesModifier" type="java.lang.Integer" value="2"/>
</AuxValues>
<Layout>
<DimensionLayout dim="0">
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" attributes="0">
<EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" attributes="0">
<Component id="jButton1" min="-2" max="-2" attributes="0"/>
<EmptySpace max="32767" attributes="0"/>
</Group>
<Group type="102" attributes="0">
<Component id="progBar" pref="221" max="32767" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Component id="cancelButton" min="-2" max="-2" attributes="0"/>
<EmptySpace min="-2" pref="24" max="-2" attributes="0"/>
</Group>
</Group>
</Group>
</Group>
</DimensionLayout>
<DimensionLayout dim="1">
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0">
<EmptySpace min="-2" pref="19" max="-2" attributes="0"/>
<Component id="jButton1" min="-2" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" max="-2" attributes="0">
<Component id="cancelButton" max="32767" attributes="0"/>
<Component id="progBar" min="-2" pref="23" max="-2" attributes="0"/>
</Group>
<EmptySpace max="32767" attributes="0"/>
</Group>
</Group>
</DimensionLayout>
</Layout>
<SubComponents>
<Component class="javax.swing.JProgressBar" name="progBar">
<Properties>
<Property name="doubleBuffered" type="boolean" value="true"/>
<Property name="enabled" type="boolean" value="false"/>
<Property name="name" type="java.lang.String" value="" noResource="true"/>
<Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[146, 15]"/>
</Property>
<Property name="string" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportFilter.progBar.string" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="stringPainted" type="boolean" value="true"/>
</Properties>
</Component>
<Component class="javax.swing.JButton" name="jButton1">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportFilter.jButton1.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
<Events>
<EventHandler event="mouseReleased" listener="java.awt.event.MouseListener" parameters="java.awt.event.MouseEvent" handler="jButton1MouseReleased"/>
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="jButton1ActionPerformed"/>
</Events>
<AuxValues>
<AuxValue name="JavaCodeGenerator_SerializeTo" type="java.lang.String" value="reportFilter_jButton1"/>
</AuxValues>
</Component>
<Component class="javax.swing.JButton" name="cancelButton">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportFilter.cancelButton.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="actionCommand" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportFilter.cancelButton.actionCommand" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="enabled" type="boolean" value="false"/>
</Properties>
<Events>
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="cancelButtonActionPerformed"/>
</Events>
</Component>
</SubComponents>
</Form>

269
Report/src/org/sleuthkit/autopsy/report/ReportFilter.java Normal file
View File

@ -0,0 +1,269 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.awt.GridLayout;
import java.awt.event.ActionListener;
import java.util.ArrayList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.swing.*;
import javax.swing.border.Border;
import org.openide.util.Lookup;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.SleuthkitCase;
/**
*
* @author Alex
*/
public class ReportFilter extends javax.swing.JPanel {
public static ArrayList<Integer> filters = new ArrayList<Integer>();
public static ReportConfiguration config = new ReportConfiguration();
private final Logger logger = Logger.getLogger(this.getClass().getName());
public final ReportFilter panel = this;
ReportPanelAction rpa = new ReportPanelAction();
public static boolean cancel = false;
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
/**
* Creates new form ReportFilter
*/
public ReportFilter() {
this.setLayout(new GridLayout(0,1));
initComponents();
cancel = false;
try{
config.getAllTypes();
}
catch(ReportModuleException ex)
{
Logger.getLogger(Report.class.getName()).log(Level.SEVERE, "Exception occurred", ex);
}
}
/**
* This method is called from within the constructor to initialize the form.
* WARNING: Do NOT modify this code. The content of this method is always
* regenerated by the Form Editor.
*/
@SuppressWarnings("unchecked")
// <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents
private void initComponents() {
jButton2 = new javax.swing.JButton();
progBar = new javax.swing.JProgressBar();
jButton1 = new javax.swing.JButton();
cancelButton = new javax.swing.JButton();
jButton2.setText(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.jButton2.text")); // NOI18N
jButton2.setActionCommand(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.jButton2.actionCommand")); // NOI18N
jButton2.setLabel(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.jButton2.label")); // NOI18N
setPreferredSize(new java.awt.Dimension(325, 75));
progBar.setDoubleBuffered(true);
progBar.setEnabled(false);
progBar.setName(""); // NOI18N
progBar.setPreferredSize(new java.awt.Dimension(146, 15));
progBar.setString(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.progBar.string")); // NOI18N
progBar.setStringPainted(true);
jButton1.setText(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.jButton1.text")); // NOI18N
jButton1.addMouseListener(new java.awt.event.MouseAdapter() {
public void mouseReleased(java.awt.event.MouseEvent evt) {
jButton1MouseReleased(evt);
}
});
jButton1.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
jButton1ActionPerformed(evt);
}
});
cancelButton.setText(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.cancelButton.text")); // NOI18N
cancelButton.setActionCommand(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.cancelButton.actionCommand")); // NOI18N
cancelButton.setEnabled(false);
cancelButton.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
cancelButtonActionPerformed(evt);
}
});
javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
this.setLayout(layout);
layout.setHorizontalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addContainerGap()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addComponent(jButton1)
.addContainerGap())
.addGroup(layout.createSequentialGroup()
.addComponent(progBar, javax.swing.GroupLayout.DEFAULT_SIZE, 221, Short.MAX_VALUE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(cancelButton)
.addGap(24, 24, 24))))
);
layout.setVerticalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addGap(19, 19, 19)
.addComponent(jButton1)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
.addComponent(cancelButton, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addComponent(progBar, javax.swing.GroupLayout.PREFERRED_SIZE, 23, javax.swing.GroupLayout.PREFERRED_SIZE))
.addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
);
}// </editor-fold>//GEN-END:initComponents
public void getfilters(java.awt.event.ActionEvent evt) {
jButton1ActionPerformed(evt);
}
private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButton1ActionPerformed
jButton1.setEnabled(false);
progBar.setEnabled(true);
cancelButton.setEnabled(true);
progBar.setStringPainted(true);
progBar.setValue(0);
ReportConfiguration newConfig = ReportAction.config;
String preview = ReportAction.preview;
ArrayList<JCheckBox> reportList = ReportAction.reportList;
ArrayList<String> classList = new ArrayList<String>();
for(JCheckBox box : reportList)
{
if(box.isSelected()){
classList.add(box.getName());
}
}
config.resetGenArtifactTypes();
getReports(newConfig, classList, preview);
}//GEN-LAST:event_jButton1ActionPerformed
public void getReports(final ReportConfiguration reportConfig, final ArrayList classList, final String preview) {
new SwingWorker<Void, Void>() {
@Override
protected Void doInBackground() throws Exception {
rpa.reportGenerate(reportConfig, classList, preview, panel);
return null;
}
;
// this is called when the SwingWorker's doInBackground finishes
@Override
protected void done() {
progBar.setVisible(false); // hide my progress bar JFrame
}
;
}.execute();
progBar.setVisible(true);
}
private void cancelButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_cancelButtonActionPerformed
cancelButton.setText("Cancelled!");
cancel = true;
}//GEN-LAST:event_cancelButtonActionPerformed
private void jButton1MouseReleased(java.awt.event.MouseEvent evt) {//GEN-FIRST:event_jButton1MouseReleased
}//GEN-LAST:event_jButton1MouseReleased
public void progBarSet(int cc) {
final int count = cc;
SwingUtilities.invokeLater(new Runnable() {
@Override
public void run() {
int start = progBar.getValue();
int end = start + count;
progBar.setValue(end);
progBar.setString(null);
progBar.setString(progBar.getString());
progBar.setStringPainted(true);
if (progBar.getPercentComplete() == 1.0) {
progBar.setString("Populating Report - Please wait...");
progBar.setStringPainted(true);
progBar.setIndeterminate(true);
}
}
});
}
public void progBarDone() {
int max = progBar.getMaximum();
progBar.setValue(max);
jButton2.doClick();
}
public void progBarStartText() {
progBar.setIndeterminate(true);
progBar.setString("Querying Database for Report Results...");
}
public void progBarText() {
progBar.setString("Populating Report - Please wait...");
progBar.setStringPainted(true);
progBar.repaint();
progBar.setIndeterminate(true);
}
public void progBarCount(int count) {
progBar.setIndeterminate(false);
progBar.setString(null);
progBar.setMinimum(0);
progBar.setMaximum(count);
progBar.setValue(0);
//Double bper = progBar.getPercentComplete();
progBar.setString(progBar.getString());
}
public void setjButton1ActionListener(ActionListener e) {
jButton1.addActionListener(e);
}
public void setjButton2ActionListener(ActionListener e) {
jButton2.addActionListener(e);
cancelButton.addActionListener(e);
}
// Variables declaration - do not modify//GEN-BEGIN:variables
private javax.swing.JButton cancelButton;
private javax.swing.JButton jButton1;
private javax.swing.JButton jButton2;
private javax.swing.JProgressBar progBar;
// End of variables declaration//GEN-END:variables
}

12
Report/src/org/sleuthkit/autopsy/report/reportFilterAction.java → Report/src/org/sleuthkit/autopsy/report/ReportFilterAction.java
View File

@ -16,7 +16,6 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.sleuthkit.autopsy.report; package org.sleuthkit.autopsy.report;
import java.awt.Container; import java.awt.Container;
@ -29,11 +28,12 @@ import org.openide.util.HelpCtx;
import org.sleuthkit.autopsy.coreutils.Log; import org.sleuthkit.autopsy.coreutils.Log;
/** /**
* The reportFilterAction opens the reportFilterPanel in a dialog, and saves the * The ReportFilterAction opens the reportFilterPanel in a dialog, and saves the
* settings of the panel if the Apply button is clicked. * settings of the panel if the Apply button is clicked.
*
* @author pmartel * @author pmartel
*/ */
class reportFilterAction { class ReportFilterAction {
private static final String ACTION_NAME = "Report Window"; private static final String ACTION_NAME = "Report Window";
@ -49,7 +49,7 @@ class reportFilterAction {
final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal
cpane = frame.getContentPane(); cpane = frame.getContentPane();
// initialize panel with loaded settings // initialize panel with loaded settings
final reportFilter panel = new reportFilter(); final ReportFilter panel = new ReportFilter();
// add the panel to the popup window // add the panel to the popup window
popUpWindow.add(panel); popUpWindow.add(panel);
@ -61,13 +61,12 @@ class reportFilterAction {
double w = popUpWindow.getSize().getWidth(); double w = popUpWindow.getSize().getWidth();
double h = popUpWindow.getSize().getHeight(); double h = popUpWindow.getSize().getHeight();
popUpWindow.setLocation((int) ((screenDimension.getWidth() - w) / 2), (int) ((screenDimension.getHeight() - h) / 2)); popUpWindow.setLocation((int) ((screenDimension.getWidth() - w) / 2), (int) ((screenDimension.getHeight() - h) / 2));
// display the window // display the window
popUpWindow.setVisible(true); popUpWindow.setVisible(true);
} catch (Exception ex) { } catch (Exception ex) {
Log.get(reportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex); Log.get(ReportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex);
} }
} }
@ -81,4 +80,3 @@ class reportFilterAction {
return HelpCtx.DEFAULT_HELP; return HelpCtx.DEFAULT_HELP;
} }
} }

49
Report/src/org/sleuthkit/autopsy/report/ReportGen.java Normal file
View File

@ -0,0 +1,49 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.util.ArrayList;
import java.util.HashMap;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
/**
*
* This class is the 'default' way to get artifacts/attributes from the
* blackboard using a reportconfiguration object.
*/
public class ReportGen {
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> Results = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
ReportGen() {
}
public void clearReport() {
Results.clear();
}
public void populateReport(ReportConfiguration config) {
clearReport();
Report bbreport = new Report();
Results = bbreport.getAllTypes(config);
}
}

481
Report/src/org/sleuthkit/autopsy/report/ReportHTML.java Normal file
View File

@ -0,0 +1,481 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.io.BufferedWriter;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Map.Entry;
import java.util.TreeMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskData;
/**
*
* @author Alex
*/
public class ReportHTML implements ReportModule{
//Declare our publically accessible formatted Report, this will change everytime they run a Report
public static StringBuilder formatted_Report = new StringBuilder();
private static StringBuilder unformatted_header = new StringBuilder();
private static StringBuilder formatted_header = new StringBuilder();
private static String htmlPath = "";
private ReportConfiguration config;
private static ReportHTML instance = null;
ReportHTML(){
}
public static synchronized ReportHTML getDefault() {
if (instance == null) {
instance = new ReportHTML();
}
return instance;
}
@Override
public String generateReport(ReportConfiguration reportconfig) throws ReportModuleException {
config = reportconfig;
ReportGen reportobj = new ReportGen();
reportobj.populateReport(reportconfig);
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> report = reportobj.Results;
//This is literally a terrible way to count up all the types of artifacts, and doesn't include any added ones.
//Unlike the XML Report, which is dynamic, this is formatted and needs to be redone later instead of being hardcoded.
//Also, clearing variables to generate new Report.
formatted_Report.setLength(0);
unformatted_header.setLength(0);
formatted_header.setLength(0);
int countGen = 0;
int countWebBookmark = 0;
int countWebCookie = 0;
int countWebHistory = 0;
int countWebDownload = 0;
int countRecentObjects = 0;
int countTrackPoint = 0;
int countInstalled = 0;
int countKeyword = 0;
int countHash = 0;
int countDevice = 0;
for (Entry<BlackboardArtifact, ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) {
countGen++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) {
countWebBookmark++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) {
countWebCookie++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) {
countWebHistory++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) {
countWebDownload++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) {
countRecentObjects++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) {
countTrackPoint++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) {
countInstalled++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
countKeyword++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) {
countHash++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) {
countDevice++;
}
}
try {
String ingestwarning = "<h2 style=\"color: red;\">Warning, this report was run before ingest services completed!</h2>";
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
String caseName = currentCase.getName();
Integer imagecount = currentCase.getImageIDs().length;
Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG);
Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR);
int reportsize = report.size();
Integer filesystemcount = currentCase.getRootObjectsCount();
DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy");
Date date = new Date();
String datetime = datetimeFormat.format(date);
String datenotime = dateFormat.format(date);
String CSS = "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"><style>"
+ "body {padding: 30px; margin: 0; background: #FFFFFF; font: 13px/20px Arial, Helvetica, sans-serif; color: #535353;} "
+ "h1 {font-size: 26px; color: #005577; margin: 0 0 20px 0;} "
+ "h2 {font-size: 20px; font-weight: normal; color: #0077aa; margin: 40px 0 10px 0; padding: 0 0 10px 0; border-bottom: 1px solid #dddddd;} "
+ "h3 {font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;} "
+ "p {margin: 0 0 20px 0;} table {width: 100%; padding: 0; margin: 0; border-collapse: collapse; border-bottom: 1px solid #e5e5e5;} "
+ "table thead th {display: table-cell; text-align: left; padding: 8px 16px; background: #e5e5e5; color: #777;font-size: 11px;text-shadow: #e9f9fd 0 1px 0; border-top: 1px solid #dedede; border-bottom: 2px solid #dedede;} "
+ "table tr th:nth-child(1) {text-align: center; width: 60px;} "
+ "table td {display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif;} "
+ "table tr:nth-child(even) td {background: #f3f3f3;} "
+ "table tr td:nth-child(1) {text-align: left; width: 60px; background: #f3f3f3;} "
+ "table tr:nth-child(even) td:nth-child(1) {background: #eaeaea;}"
+ "</style>";
//Add additional header information
String header = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\"><html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\"><head><title>Autopsy Report for Case: " + caseName + "</title>";
formatted_header.append(header);
formatted_header.append(CSS);
//do for unformatted
String simpleCSS = "<style>"
+ "body {padding: 30px; margin: 0; background: #FFFFFF; color: #535353;} "
+ "h1 {font-size: 26px; color: #005577; margin: 0 0 20px 0;} "
+ "h2 {font-size: 20px; font-weight: normal; color: #0077aa; margin: 40px 0 10px 0; padding: 0 0 10px 0; border-bottom: 1px solid #dddddd;} "
+ "h3 {font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;} "
+ "p {margin: 0 0 20px 0;} table {width: 100%; padding: 0; margin: 0; border-collapse: collapse; border-bottom: 1px solid #e5e5e5;} "
+ "table thead th {display: table-cell; text-align: left; padding: 4px 8px; background: #e5e5e5; color: #777;font-size: 11px; width: 80px; border-top: 1px solid #dedede; border-bottom: 2px solid #dedede;} "
+ "table tr th {text-align: left; width: 80px;} "
+ "table td {width: 100px; font-size: 8px; display: table-cell; padding: 4px 8px;} "
+ "table tr {text-align: left; width: 60px; background: #f3f3f3;} "
+ "tr.alt td{ background-color: #FFFFFF;}"
+ "</style>";
unformatted_header.append(header);
unformatted_header.append(simpleCSS);
//formatted_Report.append("<link rel=\"stylesheet\" href=\"" + rrpath + "Report.css\" type=\"text/css\" />");
formatted_Report.append("</head><body><div id=\"main\"><div id=\"content\">");
// Add summary information now
formatted_Report.append("<h1>Report for Case: ").append(caseName).append("</h1>");
if (IngestManager.getDefault().isIngestRunning()) {
formatted_Report.append(ingestwarning);
}
formatted_Report.append("<h2>Case Summary</h2><p>HTML Report Generated by <strong>Autopsy 3</strong> on ").append(datetime).append("<ul>");
formatted_Report.append("<li># of Images: ").append(imagecount).append("</li>");
formatted_Report.append("<li>FileSystems: ").append(filesystemcount).append("</li>");
formatted_Report.append("<li># of Files: ").append(totalfiles.toString()).append("</li>");
formatted_Report.append("<li># of Dirs: ").append(totaldirs.toString()).append("</li>");
formatted_Report.append("<li># of Artifacts: ").append(reportsize).append("</li></ul>");
formatted_Report.append("<br /><table><thead><tr><th>Section</th><th>Count</th></tr></thead><tbody>");
if (countWebBookmark > 0) {
formatted_Report.append("<tr><td><a href=\"#bookmark\">Web Bookmarks</a></td><td>").append(countWebBookmark).append("</td></tr>");
}
if (countWebCookie > 0) {
formatted_Report.append("<tr><td><a href=\"#cookie\">Web Cookies</a></td><td>").append(countWebCookie).append("</td></tr>");
}
if (countWebHistory > 0) {
formatted_Report.append("<tr><td><a href=\"#history\">Web History</a></td><td>").append(countWebHistory).append("</td></tr>");
}
if (countWebDownload > 0) {
formatted_Report.append("<tr><td><a href=\"#download\">Web Downloads</a></td><td>").append(countWebDownload).append("</td></tr>");
}
if (countRecentObjects > 0) {
formatted_Report.append("<tr><td><a href=\"#recent\">Recent Documents</a></td><td>").append(countRecentObjects).append("</td></tr>");
}
if (countInstalled > 0) {
formatted_Report.append("<tr><td><a href=\"#installed\">Installed Programs</a></td><td>").append(countInstalled).append("</td></tr>");
}
if (countKeyword > 0) {
formatted_Report.append("<tr><td><a href=\"#keyword\">Keyword Hits</a></td><td>").append(countKeyword).append("</td></tr>");
}
if (countHash > 0) {
formatted_Report.append("<tr><td><a href=\"#hash\">Hash Hits</a></td><td>").append(countHash).append("</td></tr>");
}
if (countDevice > 0) {
formatted_Report.append("<tr><td><a href=\"#device\">Attached Devices</a></td><td>").append(countDevice).append("</td></tr>");
}
formatted_Report.append("</tbody></table><br />");
String tableHeader = "<table><thead><tr>";
StringBuilder nodeGen = new StringBuilder("<h3>General Information (").append(countGen).append(")</h3>").append(tableHeader).append("<th>Attribute</th><th>Value</th></tr></thead><tbody>");
StringBuilder nodeWebBookmark = new StringBuilder("<h3><a name=\"bookmark\">Web Bookmarks (").append(countWebBookmark).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Title</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeWebCookie = new StringBuilder("<h3><a name=\"cookie\">Web Cookies (").append(countWebCookie).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Name</th><th>Value</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeWebHistory = new StringBuilder("<h3><a name=\"history\">Web History (").append(countWebHistory).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Referrer</th><th>Title</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeWebDownload = new StringBuilder("<h3><a name=\"download\">Web Downloads (").append(countWebDownload).append(")</h3>").append(tableHeader).append("<th>File</th><th>Source</th><th>Time</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeRecentObjects = new StringBuilder("<h3><a name=\"recent\">Recent Documents (").append(countRecentObjects).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Path</th><th>Related Shortcut</th></tr></thead><tbody>");
StringBuilder nodeTrackPoint = new StringBuilder("<h3><a name=\"track\">Track Points (").append(countTrackPoint).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Attribute</th><th>Value</th></tr></thead><tbody>");
StringBuilder nodeInstalled = new StringBuilder("<h3><a name=\"installed\">Installed Programs (").append(countInstalled).append(")</h3>").append(tableHeader).append("<th>Program Name</th><th>Install Date/Time</th></tr></thead><tbody>");
StringBuilder nodeKeyword = new StringBuilder("<h3><a name=\"keyword\">Keyword Search Hits (").append(countKeyword).append(")</h3>");
StringBuilder nodeHash = new StringBuilder("<h3><a name=\"hash\">Hashset Hit (").append(countHash).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Size</th><th>Hashset Name</th></tr></thead><tbody>");
StringBuilder nodeDevice = new StringBuilder("<h3><a name=\"device\">Attached Devices (").append(countHash).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Serial #</th><th>Time</th></tr></thead><tbody>");
int alt = 0;
String altRow = "";
for (Entry<BlackboardArtifact, ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if (ReportFilter.cancel == true) {
break;
}
if (alt > 0) {
altRow = " class=\"alt\"";
alt = 0;
} else {
altRow = "";
alt++;
}
StringBuilder artifact = new StringBuilder("");
Long objId = entry.getKey().getObjectID();
//Content file = skCase.getContentById(objId);
FsContent file = skCase.getFsContentById(objId);
Long filesize = file.getSize();
TreeMap<Integer, String> attributes = new TreeMap<Integer, String>();
// Get all the attributes, line them up to be added. Place empty string placeholders for each attribute type
int n;
for (n = 1; n <= 35; n++) {
attributes.put(n, "");
}
for (BlackboardAttribute tempatt : entry.getValue()) {
if (ReportFilter.cancel == true) {
break;
}
String value = "";
Integer type = tempatt.getAttributeTypeID();
if (type.equals(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID()) || type.equals(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID())) {
try{
SimpleDateFormat sdf = new java.text.SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
value = sdf.format(new java.util.Date((tempatt.getValueLong())));
}
catch(Exception ex){
}
} else {
value = tempatt.getValueString();
}
if(value == null || value.isEmpty())
{
value = "";
}
value = ReportUtils.insertPeriodically(value, "<br>", 30);
attributes.put(type, value);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) {
artifact.append("</tr>");
nodeGen.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())).append("</td>");
artifact.append("</tr>");
nodeWebBookmark.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())).append("</td>");
artifact.append("</tr>");
nodeWebCookie.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())).append("</td>");
artifact.append("</tr>");
nodeWebHistory.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())).append("</td>");
artifact.append("</tr>");
nodeWebDownload.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) {
//artifact.append("<tr><td>").append(objId.toString());
artifact.append("<tr").append(altRow).append("><td><strong>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID())).append("</strong></td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH.getTypeID())).append("</td>");
artifact.append("<td>").append(file.getName()).append("</td>");
artifact.append("</tr>");
nodeRecentObjects.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td>").append(objId.toString());
artifact.append("</td><td><strong>").append(file.getName().toString()).append("</strong></td>");
artifact.append("<td>").append(filesize.toString()).append("</td>");
artifact.append("</tr>");
nodeTrackPoint.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td><strong>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())).append("</strong></td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID())).append("</td>");
artifact.append("</tr>");
nodeInstalled.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
// artifact.append("<table><thead><tr><th>Artifact ID</th><th>Name</th><th>Size</th>");
// artifact.append("</tr></table>");
// nodeKeyword.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) {
// artifact.append("<tr><td>").append(objId.toString());
artifact.append("<tr").append(altRow).append("><td><strong>").append(file.getName().toString()).append("</strong></td>");
artifact.append("<td>").append(filesize.toString()).append("</td>");
//artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_INTERESTING_FILE.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_HASHSET_NAME.getTypeID())).append("</td>");
artifact.append("</tr>");
nodeHash.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td><strong>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID())).append("</strong></td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_ID.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID())).append("</td>");
artifact.append("</tr>");
nodeDevice.append(artifact);
}
}
//Add them back in order
//formatted_Report.append(nodeGen);
// formatted_Report.append("</tbody></table>");
if (countWebBookmark > 0) {
formatted_Report.append(nodeWebBookmark);
formatted_Report.append("</tbody></table>");
}
if (countWebCookie > 0) {
formatted_Report.append(nodeWebCookie);
formatted_Report.append("</tbody></table>");
}
if (countWebHistory > 0) {
formatted_Report.append(nodeWebHistory);
formatted_Report.append("</tbody></table>");
}
if (countWebDownload > 0) {
formatted_Report.append(nodeWebDownload);
formatted_Report.append("</tbody></table>");
}
if (countRecentObjects > 0) {
formatted_Report.append(nodeRecentObjects);
formatted_Report.append("</tbody></table>");
}
// formatted_Report.append(nodeTrackPoint);
//formatted_Report.append("</tbody></table>");
if (countInstalled > 0) {
formatted_Report.append(nodeInstalled);
formatted_Report.append("</tbody></table>");
}
if (countKeyword > 0) {
formatted_Report.append(nodeKeyword);
Report keywords = new Report();
formatted_Report.append(keywords.getGroupedKeywordHit());
// "<table><thead><tr><th>Artifact ID</th><th>Name</th><th>Size</th>
// formatted_Report.append("</tbody></table>");
}
if (countHash > 0) {
formatted_Report.append(nodeHash);
formatted_Report.append("</tbody></table>");
}
if (countDevice > 0) {
formatted_Report.append(nodeDevice);
formatted_Report.append("</tbody></table>");
}
//end of master loop
formatted_Report.append("</div></div></body></html>");
formatted_header.append(formatted_Report);
// unformatted_header.append(formatted_Report);
htmlPath = currentCase.getCaseDirectory() + "/Reports/" + caseName + "-" + datenotime + ".html";
this.save(htmlPath);
} catch (Exception e) {
Logger.getLogger(ReportHTML.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return htmlPath;
}
@Override
public String getName(){
String name = "HTML";
return name;
}
@Override
public void save(String path)
{
try{
Writer out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(path), "UTF-8"));
out.write(formatted_header.toString());
out.flush();
out.close();
}
catch(IOException e){
Logger.getLogger(ReportHTML.class.getName()).log(Level.SEVERE, "Could not write out HTML report!", e);
}
}
@Override
public String getReportType(){
String type = "HTML";
return type;
}
@Override
public ReportConfiguration GetReportConfiguration(){
return config;
}
@Override
public String getReportTypeDescription(){
String desc = "This is an html formatted report that is meant to be viewed in a modern browser.";
return desc;
}
@Override
public void getPreview(String path) {
BrowserControl.openUrl(path);
}
}

79
Report/src/org/sleuthkit/autopsy/report/ReportModule.java Normal file
View File

@ -0,0 +1,79 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
//interface every reporting module should implement
public interface ReportModule {
/**
* Generates a report on the current case Reporting module should traverse
* the blackboard, extract needed information as specified in the config and
* generate a report file
*
* @param config specifiying parts that should be generated
* @return absolute file path to the report generated
* @throws ReportModuleException if report generation failed
*/
public String generateReport(ReportConfiguration config) throws ReportModuleException;
/**
* This saves a copy of the report (current one) to another place specified
* by the user. Takes the input of where the path needs to be saved, include
* filename and extention.
*/
public void save(String Path) throws ReportModuleException;
/**
* Returns a short description of report type/file format this module
* generates for instance, "XML", "Excel"
*
* @return
*/
public String getReportType();
/**
* Returns a basic string name for the report. What is 'officially' titled.
*
* @return
*/
public String getName();
/**
* Returns the reportconfiguration object that was created
*
* @return
*/
public ReportConfiguration GetReportConfiguration();
/**
* Returns a one line human readable description of the type of report this
* module generates
*/
public String getReportTypeDescription();
/**
* Calls to the report module to execute a method to display the report that was generated.
*@param String the path to the file
*
*/
public void getPreview(String path);
}

33
Report/src/org/sleuthkit/autopsy/report/ReportModuleException.java Normal file
View File

@ -0,0 +1,33 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
//exception thrown by a reporting module when report generation failed
class ReportModuleException extends Exception {
public ReportModuleException(String msg) {
super(msg);
}
public ReportModuleException(String msg, Exception ex) {
super(msg, ex);
}
}

10
Report/src/org/sleuthkit/autopsy/report/reportPanel.form → Report/src/org/sleuthkit/autopsy/report/ReportPanel.form
View File

@ -1,4 +1,4 @@
<?xml version="1.1" encoding="UTF-8" ?> <?xml version="1.0" encoding="UTF-8" ?>
<Form version="1.5" maxVersion="1.7" type="org.netbeans.modules.form.forminfo.JPanelFormInfo"> <Form version="1.5" maxVersion="1.7" type="org.netbeans.modules.form.forminfo.JPanelFormInfo">
<NonVisualComponents> <NonVisualComponents>
@ -61,17 +61,17 @@
<Component class="javax.swing.JButton" name="jButton1"> <Component class="javax.swing.JButton" name="jButton1">
<Properties> <Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor"> <Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportPanel.jButton1.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/> <ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportPanel.jButton1.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property> </Property>
</Properties> </Properties>
</Component> </Component>
<Component class="javax.swing.JButton" name="saveReport"> <Component class="javax.swing.JButton" name="saveReport">
<Properties> <Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor"> <Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportPanel.saveReport.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/> <ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportPanel.saveReport.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property> </Property>
<Property name="actionCommand" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor"> <Property name="actionCommand" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportPanel.saveReport.actionCommand" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/> <ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportPanel.saveReport.actionCommand" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property> </Property>
</Properties> </Properties>
<Events> <Events>
@ -81,7 +81,7 @@
<Component class="javax.swing.JLabel" name="jLabel1"> <Component class="javax.swing.JLabel" name="jLabel1">
<Properties> <Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor"> <Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportPanel.jLabel1.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/> <ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportPanel.jLabel1.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property> </Property>
</Properties> </Properties>
</Component> </Component>

96
Report/src/org/sleuthkit/autopsy/report/reportPanel.java → Report/src/org/sleuthkit/autopsy/report/ReportPanel.java
View File

@ -1,45 +1,51 @@
/* /*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
/*
* reportPanel.java
* *
* Created on Feb 21, 2012, 12:13:14 PM * Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/ */
package org.sleuthkit.autopsy.report; package org.sleuthkit.autopsy.report;
import java.awt.event.ActionListener; import java.awt.event.ActionListener;
import java.io.BufferedWriter; import java.io.*;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.text.DateFormat; import java.text.DateFormat;
import java.text.SimpleDateFormat; import java.text.SimpleDateFormat;
import java.util.Date; import java.util.Date;
import javax.swing.JFileChooser; import javax.swing.JFileChooser;
import javax.swing.JOptionPane; import javax.swing.JOptionPane;
import javax.swing.event.HyperlinkEvent;
import javax.swing.event.HyperlinkListener;
import org.jdom.output.XMLOutputter; import org.jdom.output.XMLOutputter;
/** /**
* *
* @author Alex * @author Alex
*/ */
public class reportPanel extends javax.swing.JPanel { public class ReportPanel extends javax.swing.JPanel {
/** Creates new form reportPanel */ /**
public reportPanel(String report) { * Creates new form ReportPanel
*/
public ReportPanel() {
initComponents(); initComponents();
setReportWindow(report);
} }
/** This method is called from within the constructor to /**
* initialize the form. * This method is called from within the constructor to initialize the form.
* WARNING: Do NOT modify this code. The content of this method is * WARNING: Do NOT modify this code. The content of this method is always
* always regenerated by the Form Editor. * regenerated by the Form Editor.
*/ */
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
// <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents // <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents
@ -51,17 +57,17 @@ public class reportPanel extends javax.swing.JPanel {
saveReport = new javax.swing.JButton(); saveReport = new javax.swing.JButton();
jLabel1 = new javax.swing.JLabel(); jLabel1 = new javax.swing.JLabel();
jButton1.setText(org.openide.util.NbBundle.getMessage(reportPanel.class, "reportPanel.jButton1.text")); // NOI18N jButton1.setText(org.openide.util.NbBundle.getMessage(ReportPanel.class, "ReportPanel.jButton1.text")); // NOI18N
saveReport.setText(org.openide.util.NbBundle.getMessage(reportPanel.class, "reportPanel.saveReport.text")); // NOI18N saveReport.setText(org.openide.util.NbBundle.getMessage(ReportPanel.class, "ReportPanel.saveReport.text")); // NOI18N
saveReport.setActionCommand(org.openide.util.NbBundle.getMessage(reportPanel.class, "reportPanel.saveReport.actionCommand")); // NOI18N saveReport.setActionCommand(org.openide.util.NbBundle.getMessage(ReportPanel.class, "ReportPanel.saveReport.actionCommand")); // NOI18N
saveReport.addActionListener(new java.awt.event.ActionListener() { saveReport.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) { public void actionPerformed(java.awt.event.ActionEvent evt) {
saveReportActionPerformed(evt); saveReportActionPerformed(evt);
} }
}); });
jLabel1.setText(org.openide.util.NbBundle.getMessage(reportPanel.class, "reportPanel.jLabel1.text")); // NOI18N jLabel1.setText(org.openide.util.NbBundle.getMessage(ReportPanel.class, "ReportPanel.jLabel1.text")); // NOI18N
javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this); javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
this.setLayout(layout); this.setLayout(layout);
@ -105,25 +111,6 @@ private void saveReportActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FI
public void setjButton1ActionListener(ActionListener e) { public void setjButton1ActionListener(ActionListener e) {
jButton1.addActionListener(e); jButton1.addActionListener(e);
} }
public void getLink(HyperlinkEvent evt){
try{
String str = evt.getDescription();
// jEditorPane1.scrollToReference(str.substring(1));
}
catch(Exception e){
String whater = "";
}
}
public void setjEditorPane1EventListener(HyperlinkListener evt){
// jEditorPane1.addHyperlinkListener(evt);
}
private void setReportWindow(String report)
{
// jEditorPane1.setText(report);
// jEditorPane1.setCaretPosition(0);
}
public void setFinishedReportText() { public void setFinishedReportText() {
DateFormat dateFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); DateFormat dateFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
@ -132,7 +119,6 @@ private void saveReportActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FI
jLabel1.setText(reportText); jLabel1.setText(reportText);
} }
private void saveReportAction() { private void saveReportAction() {
int option = jFileChooser1.showSaveDialog(this); int option = jFileChooser1.showSaveDialog(this);
@ -146,34 +132,32 @@ private void saveReportActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FI
private void exportReport(String path) { private void exportReport(String path) {
String htmlpath = reportUtils.changeExtension(path, ".html"); String htmlpath = ReportUtils.changeExtension(path, ".html");
String xmlpath = reportUtils.changeExtension(path, ".xml"); String xmlpath = ReportUtils.changeExtension(path, ".xml");
String xlspath = reportUtils.changeExtension(path, ".xlsx"); String xlspath = ReportUtils.changeExtension(path, ".xlsx");
try { try {
Writer out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(htmlpath), "UTF-8")); Writer out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(htmlpath), "UTF-8"));
// FileOutputStream out = new FileOutputStream(htmlpath); // FileOutputStream out = new FileOutputStream(htmlpath);
out.write(reportHTML.formatted_header.toString()); out.write(ReportHTML.formatted_Report.toString());
out.flush(); out.flush();
out.close(); out.close();
//xls report //xls report
FileOutputStream fos = new FileOutputStream(xlspath); FileOutputStream fos = new FileOutputStream(xlspath);
reportXLS.wb.write(fos); ReportXLS.wb.write(fos);
fos.close(); fos.close();
FileOutputStream xmlout = new FileOutputStream(xmlpath); FileOutputStream xmlout = new FileOutputStream(xmlpath);
XMLOutputter serializer = new XMLOutputter(); XMLOutputter serializer = new XMLOutputter();
serializer.output(reportXML.xmldoc, xmlout); serializer.output(ReportXML.xmldoc, xmlout);
xmlout.flush(); xmlout.flush();
xmlout.close(); xmlout.close();
JOptionPane.showMessageDialog(this, "Report has been successfully saved!"); JOptionPane.showMessageDialog(this, "Report has been successfully saved!");
} } catch (IOException e) {
catch (IOException e) {
System.err.println(e); System.err.println(e);
} }
} }
// Variables declaration - do not modify//GEN-BEGIN:variables // Variables declaration - do not modify//GEN-BEGIN:variables
private javax.swing.JButton jButton1; private javax.swing.JButton jButton1;
private javax.swing.JFileChooser jFileChooser1; private javax.swing.JFileChooser jFileChooser1;
@ -181,6 +165,4 @@ private void saveReportActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FI
private javax.swing.JOptionPane jOptionPane1; private javax.swing.JOptionPane jOptionPane1;
private javax.swing.JButton saveReport; private javax.swing.JButton saveReport;
// End of variables declaration//GEN-END:variables // End of variables declaration//GEN-END:variables
} }

190
Report/src/org/sleuthkit/autopsy/report/ReportPanelAction.java Normal file
View File

@ -0,0 +1,190 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.awt.Dimension;
import java.awt.Toolkit;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.swing.JDialog;
import javax.swing.JFrame;
import javax.swing.SwingUtilities;
import org.sleuthkit.autopsy.coreutils.Log;
/**
*
* @author Alex
*/
public class ReportPanelAction {
private static final String ACTION_NAME = "Report Preview";
private StringBuilder viewReport = new StringBuilder();
private int cc = 0;
public ReportPanelAction() {
}
public void reportGenerate(final ReportConfiguration reportconfig, final ArrayList<String> classList, final String preview, final ReportFilter rr) {
try {
//Clear any old reports in the string
viewReport.setLength(0);
// Generate the reports and create the hashmap
final ReportGen report = new ReportGen();
//see what reports we need to run and run them
//Set progress bar to move while doing this
SwingUtilities.invokeLater(new Runnable() {
@Override
public void run() {
rr.progBarStartText();
}
});
SwingUtilities.invokeLater(new Runnable() {
@Override
public void run() {
rr.progBarCount(classList.size());
}
});
//Turn our results into the appropriate xml/html reports
//TODO: add a way for users to select what they will run when
Thread reportThread = new Thread(new Runnable() {
@Override
public void run() {
for (String s : classList) {
cc++;
try {
Class reportclass = Class.forName(s);
Object reportObject = reportclass.newInstance();
Class[] argTypes = new Class[] { ReportConfiguration.class};
Method generatereport = reportclass.getDeclaredMethod("generateReport",argTypes);
Object invoke = generatereport.invoke(reportObject,reportconfig);
String path = invoke.toString();
Class[] argTypes2 = new Class[] { String.class};
Method getpreview = reportclass.getMethod("getPreview",argTypes2);
if(s == null ? preview == null : s.equals(preview))
{
getpreview.invoke(reportObject,path);
}
} catch (Exception e) {
}
rr.progBarSet(cc);
}
// StopWatch a = new StopWatch();
// a.start();
// ReportHTML htmlReport = new ReportHTML();
// try {
// String htmlpath = htmlReport.generateReport(reportconfig, rr);
// } catch (ReportModuleException e) {
// Logger.getLogger(ReportHTML.class.getName()).log(Level.WARNING, "Exception occurred in generating the htmlReport", e);
// }
// a.stop();
// System.out.println("html in milliseconds: " + a.getElapsedTime());
//
// StopWatch s = new StopWatch();
// s.start();
// ReportXLS xlsReport = new ReportXLS();
// try {
// xlsReport.generateReport(reportconfig, rr);
// } catch (ReportModuleException e) {
// Logger.getLogger(ReportHTML.class.getName()).log(Level.WARNING, "Exception occurred in generating the XLS Report", e);
// }
// s.stop();
// System.out.println("xls in milliseconds: " + s.getElapsedTime());
//
// StopWatch S = new StopWatch();
// S.start();
// ReportXML xmlReport = new ReportXML();
// try {
// xmlReport.generateReport(reportconfig, rr);
// } catch (ReportModuleException e) {
// Logger.getLogger(ReportHTML.class.getName()).log(Level.WARNING, "Exception occurred in generating the XML Report", e);
// }
// S.stop();
// System.out.println("xml in milliseconds: " + S.getElapsedTime());
}
});
// start our threads
reportThread.start();
// display the window
// create the popUp window for it
if (ReportFilter.cancel == false) {
final JFrame frame = new JFrame(ACTION_NAME);
final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal
// initialize panel with loaded settings
//Set the temporary label to let the user know its done and is waiting on the report
final ReportPanel panel = new ReportPanel();
panel.setjButton1ActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
popUpWindow.dispose();
}
});
// add the panel to the popup window
popUpWindow.add(panel);
popUpWindow.setResizable(true);
popUpWindow.pack();
// set the location of the popUp Window on the center of the screen
Dimension screenDimension = Toolkit.getDefaultToolkit().getScreenSize();
double w = popUpWindow.getSize().getWidth();
double h = popUpWindow.getSize().getHeight();
popUpWindow.setLocation((int) ((screenDimension.getWidth() - w) / 2), (int) ((screenDimension.getHeight() - h) / 2));
reportThread.join();
rr.progBarText();
rr.progBarDone();
panel.setFinishedReportText();
popUpWindow.setVisible(true);
}
} catch (Exception ex) {
Log.get(ReportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex);
}
}
}

75
Report/src/org/sleuthkit/autopsy/report/ReportUtils.java Normal file
View File

@ -0,0 +1,75 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
/**
*
* @author Alex
*/
public class ReportUtils {
static String changeExtension(String originalName, String newExtension) {
int lastDot = originalName.lastIndexOf(".");
if (lastDot != -1) {
return originalName.substring(0, lastDot) + newExtension;
} else {
return originalName + newExtension;
}
}
public static String insertPeriodically(String text, String insert, int period) {
StringBuilder builder = new StringBuilder(
text.length() + insert.length() * (text.length() / period) + 1);
int index = 0;
String prefix = "";
while (index < text.length()) {
// Don't put the insert in the very first iteration.
// This is easier than appending it *after* each substring
builder.append(prefix);
prefix = insert;
builder.append(text.substring(index,
Math.min(index + period, text.length())));
index += period;
}
return builder.toString();
}
public static void copy(InputStream in, OutputStream out) throws IOException {
BufferedInputStream bin = new BufferedInputStream(in);
BufferedOutputStream bout = new BufferedOutputStream(out);
while (true) {
int datum = bin.read();
if (datum == -1)
break;
bout.write(datum);
}
bout.flush();
}
}

448
Report/src/org/sleuthkit/autopsy/report/ReportXLS.java Normal file
View File

@ -0,0 +1,448 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.awt.Desktop;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.File;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Map.Entry;
import java.util.TreeMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.poi.ss.usermodel.*;
import org.apache.poi.xssf.usermodel.XSSFWorkbook;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.*;
/**
*
* @author Alex
*/
public class ReportXLS implements ReportModule {
public static Workbook wb = new XSSFWorkbook();
private static String xlsPath = "";
private ReportConfiguration config;
private static ReportXLS instance = null;
public ReportXLS() {
//Empty the workbook first
}
public static synchronized ReportXLS getDefault() {
if (instance == null) {
instance = new ReportXLS();
}
return instance;
}
@Override
public String generateReport(ReportConfiguration reportconfig) throws ReportModuleException {
config = reportconfig;
ReportGen reportobj = new ReportGen();
reportobj.populateReport(reportconfig);
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> report = reportobj.Results;
Workbook wbtemp = new XSSFWorkbook();
int countGen = 0;
int countBookmark = 0;
int countCookie = 0;
int countHistory = 0;
int countDownload = 0;
int countRecentObjects = 0;
int countTrackPoint = 0;
int countInstalled = 0;
int countKeyword = 0;
int countHash = 0;
int countDevice = 0;
for (Entry<BlackboardArtifact, ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) {
countGen++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) {
countBookmark++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) {
countCookie++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) {
countHistory++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) {
countDownload++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) {
countRecentObjects++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) {
countTrackPoint++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) {
countInstalled++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
countKeyword++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) {
countHash++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) {
countDevice++;
}
}
try {
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
String caseName = currentCase.getName();
Integer imagecount = currentCase.getImageIDs().length;
Integer filesystemcount = currentCase.getRootObjectsCount();
Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG);
Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR);
DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss");
Date date = new Date();
String datetime = datetimeFormat.format(date);
String datenotime = dateFormat.format(date);
//The first summary report page
Sheet sheetSummary = wbtemp.createSheet("Summary");
//Generate a sheet per artifact type
// Sheet sheetGen = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getDisplayName());
Sheet sheetHash = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getDisplayName());
Sheet sheetDevice = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getDisplayName());
Sheet sheetInstalled = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getDisplayName());
Sheet sheetKeyword = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getDisplayName());
// Sheet sheetTrackpoint = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getDisplayName());
Sheet sheetRecent = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getDisplayName());
Sheet sheetCookie = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getDisplayName());
Sheet sheetBookmark = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getDisplayName());
Sheet sheetDownload = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getDisplayName());
Sheet sheetHistory = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getDisplayName());
//Bold/underline cell style for the top header rows
CellStyle style = wbtemp.createCellStyle();
style.setBorderBottom((short) 2);
Font font = wbtemp.createFont();
font.setFontHeightInPoints((short) 14);
font.setFontName("Arial");
font.setBoldweight((short) 2);
style.setFont(font);
//create 'default' style
CellStyle defaultstyle = wbtemp.createCellStyle();
defaultstyle.setBorderBottom((short) 2);
Font defaultfont = wbtemp.createFont();
defaultfont.setFontHeightInPoints((short) 14);
defaultfont.setFontName("Arial");
defaultfont.setBoldweight((short) 2);
defaultstyle.setFont(defaultfont);
//create the rows in the worksheet for our records
//Create first row and header
// sheetGen.createRow(0);
// sheetGen.getRow(0).createCell(0).setCellValue("Name");
// sheetGen.getRow(0).createCell(1).setCellValue("Value");
// sheetGen.getRow(0).createCell(2).setCellValue("Date/Time");
sheetSummary.setDefaultColumnStyle(1, defaultstyle);
sheetSummary.createRow(0).setRowStyle(style);
sheetSummary.getRow(0).createCell(0).setCellValue("Summary Information");
sheetSummary.getRow(0).createCell(1).setCellValue(caseName);
//add some basic information
sheetSummary.createRow(1).setRowStyle(defaultstyle);
sheetSummary.getRow(1).createCell(0).setCellValue("# of Images");
sheetSummary.getRow(1).createCell(1).setCellValue(imagecount);
sheetSummary.createRow(2);
sheetSummary.getRow(2).createCell(0).setCellValue("Filesystems found");
sheetSummary.getRow(2).createCell(1).setCellValue(imagecount);
sheetSummary.createRow(3);
sheetSummary.getRow(3).createCell(0).setCellValue("# of Files");
sheetSummary.getRow(3).createCell(1).setCellValue(totalfiles);
sheetSummary.createRow(4);
sheetSummary.getRow(4).createCell(0).setCellValue("# of Directories");
sheetSummary.getRow(4).createCell(1).setCellValue(totaldirs);
sheetSummary.createRow(5);
sheetSummary.getRow(5).createCell(0).setCellValue("Date/Time");
sheetSummary.getRow(5).createCell(1).setCellValue(datetime);
sheetHash.setDefaultColumnStyle(1, defaultstyle);
sheetHash.createRow(0).setRowStyle(style);
sheetHash.getRow(0).createCell(0).setCellValue("Name");
sheetHash.getRow(0).createCell(1).setCellValue("Size");
sheetHash.getRow(0).createCell(2).setCellValue("Hashset Name");
sheetDevice.setDefaultColumnStyle(1, defaultstyle);
sheetDevice.createRow(0).setRowStyle(style);
sheetDevice.getRow(0).createCell(0).setCellValue("Name");
sheetDevice.getRow(0).createCell(1).setCellValue("Serial #");
sheetDevice.getRow(0).createCell(2).setCellValue("Time");
sheetInstalled.setDefaultColumnStyle(1, defaultstyle);
sheetInstalled.createRow(0).setRowStyle(style);
sheetInstalled.getRow(0).createCell(0).setCellValue("Program Name");
sheetInstalled.getRow(0).createCell(1).setCellValue("Install Date/Time");
sheetKeyword.setDefaultColumnStyle(1, defaultstyle);
sheetKeyword.createRow(0).setRowStyle(style);
sheetKeyword.getRow(0).createCell(0).setCellValue("Keyword");
sheetKeyword.getRow(0).createCell(1).setCellValue("File Name");
sheetKeyword.getRow(0).createCell(2).setCellValue("Preview");
sheetKeyword.getRow(0).createCell(3).setCellValue("Keyword LIst");
sheetRecent.setDefaultColumnStyle(1, defaultstyle);
sheetRecent.createRow(0).setRowStyle(style);
sheetRecent.getRow(0).createCell(0).setCellValue("Name");
sheetRecent.getRow(0).createCell(1).setCellValue("Path");
sheetRecent.getRow(0).createCell(2).setCellValue("Related Shortcut");
sheetCookie.setDefaultColumnStyle(1, defaultstyle);
sheetCookie.createRow(0).setRowStyle(style);
sheetCookie.getRow(0).createCell(0).setCellValue("URL");
sheetCookie.getRow(0).createCell(1).setCellValue("Date");
sheetCookie.getRow(0).createCell(2).setCellValue("Name");
sheetCookie.getRow(0).createCell(3).setCellValue("Value");
sheetCookie.getRow(0).createCell(4).setCellValue("Program");
sheetBookmark.setDefaultColumnStyle(1, defaultstyle);
sheetBookmark.createRow(0).setRowStyle(style);
sheetBookmark.getRow(0).createCell(0).setCellValue("URL");
sheetBookmark.getRow(0).createCell(1).setCellValue("Title");
sheetBookmark.getRow(0).createCell(2).setCellValue("Program");
sheetDownload.setDefaultColumnStyle(1, defaultstyle);
sheetDownload.createRow(0).setRowStyle(style);
sheetDownload.getRow(0).createCell(0).setCellValue("File");
sheetDownload.getRow(0).createCell(1).setCellValue("Source");
sheetDownload.getRow(0).createCell(2).setCellValue("Time");
sheetDownload.getRow(0).createCell(3).setCellValue("Program");
sheetHistory.setDefaultColumnStyle(1, defaultstyle);
sheetHistory.createRow(0).setRowStyle(style);
sheetHistory.getRow(0).createCell(0).setCellValue("URL");
sheetHistory.getRow(0).createCell(1).setCellValue("Date");
sheetHistory.getRow(0).createCell(2).setCellValue("Referrer");
sheetHistory.getRow(0).createCell(3).setCellValue("Title");
sheetHistory.getRow(0).createCell(4).setCellValue("Program");
for (int i = 0; i < wbtemp.getNumberOfSheets(); i++) {
Sheet tempsheet = wbtemp.getSheetAt(i);
tempsheet.setAutobreaks(true);
for (Row temprow : tempsheet) {
for (Cell cell : temprow) {
cell.setCellStyle(style);
tempsheet.autoSizeColumn(cell.getColumnIndex());
}
}
}
int countedGen = 0;
int countedBookmark = 0;
int countedCookie = 0;
int countedHistory = 0;
int countedDownload = 0;
int countedRecentObjects = 0;
int countedTrackPoint = 0;
int countedInstalled = 0;
int countedKeyword = 0;
int countedHash = 0;
int countedDevice = 0;
//start populating the sheets in the workbook
for (Entry<BlackboardArtifact, ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if (ReportFilter.cancel == true) {
break;
}
int cc = 0;
Long objId = entry.getKey().getObjectID();
FsContent file = skCase.getFsContentById(objId);
Long filesize = file.getSize();
TreeMap<Integer, String> attributes = new TreeMap<Integer, String>();
// Get all the attributes, line them up to be added. Place empty string placeholders for each attribute type
int n;
for (n = 1; n <= 36; n++) {
attributes.put(n, "");
}
for (BlackboardAttribute tempatt : entry.getValue()) {
if (ReportFilter.cancel == true) {
break;
}
String value = "";
int type = tempatt.getAttributeTypeID();
if (tempatt.getValueString() == null || "null".equals(tempatt.getValueString())) {
} else if (type == 2 || type == 33) {
value = new java.text.SimpleDateFormat("MM/dd/yyyy HH:mm:ss").format(new java.util.Date((tempatt.getValueLong()) * 1000));
} else {
value = tempatt.getValueString();
}
attributes.put(type, value);
cc++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) {
countedGen++;
// Row temp = sheetGen.getRow(countedGen);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) {
countedBookmark++;
Row temp = sheetBookmark.createRow(countedBookmark);
temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID()));
temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID()));
temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) {
countedCookie++;
Row temp = sheetCookie.createRow(countedCookie);
temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID()));
temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID()));
temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID()));
temp.createCell(3).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID()));
temp.createCell(4).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) {
countedHistory++;
Row temp = sheetHistory.createRow(countedHistory);
temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID()));
temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID()));
temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID()));
temp.createCell(3).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID()));
temp.createCell(4).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) {
countedDownload++;
Row temp = sheetDownload.createRow(countedDownload);
temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH.getTypeID()));
temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID()));
temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID()));
temp.createCell(3).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) {
countedRecentObjects++;
Row temp = sheetRecent.createRow(countedRecentObjects);
temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID()));
temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH.getTypeID()));
temp.createCell(2).setCellValue(file.getName());
temp.createCell(3).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) {
// sheetTrackpoint.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) {
countedInstalled++;
Row temp = sheetInstalled.createRow(countedInstalled);
temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID()));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
countedKeyword++;
Row temp = sheetKeyword.createRow(countedKeyword);
temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD.getTypeID()));
temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID()));
temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW.getTypeID()));
temp.createCell(3).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_SET.getTypeID()));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) {
countedHash++;
Row temp = sheetHash.createRow(countedHash);
temp.createCell(0).setCellValue(file.getName().toString());
temp.createCell(1).setCellValue(filesize.toString());
temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_HASHSET_NAME.getTypeID()));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) {
countedDevice++;
Row temp = sheetDevice.createRow(countedDevice);
temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID()));
temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_ID.getTypeID()));
temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID()));
}
}
//write out the report to the reports folder, set the wbtemp to the primary wb object
wb = wbtemp;
xlsPath = currentCase.getCaseDirectory() + File.separator + "Reports" + File.separator + caseName + "-" + datenotime + ".xlsx";
this.save(xlsPath);
} catch (Exception E) {
String test = E.toString();
}
return xlsPath;
}
@Override
public void save(String path) {
try {
FileOutputStream fos = new FileOutputStream(path);
wb.write(fos);
fos.close();
} catch (IOException e) {
Logger.getLogger(ReportXLS.class.getName()).log(Level.SEVERE, "Could not write out XLS report!", e);
}
}
@Override
public String getName() {
String name = "Excel";
return name;
}
@Override
public String getReportType() {
String type = "XLS";
return type;
}
@Override
public ReportConfiguration GetReportConfiguration() {
return config;
}
@Override
public String getReportTypeDescription() {
String desc = "This is an xls formatted report that is meant to be viewed in Excel.";
return desc;
}
@Override
public void getPreview(String path) {
File file = new File(path);
try {
Desktop.getDesktop().open(file);
} catch (IOException e) {
Logger.getLogger(ReportXLS.class.getName()).log(Level.SEVERE, "Could not open XLS report! ", e);
}
}
}

276
Report/src/org/sleuthkit/autopsy/report/ReportXML.java Normal file
View File

@ -0,0 +1,276 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.io.FileOutputStream;
import java.io.File;
import java.io.IOException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Map.Entry;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringEscapeUtils;
import org.jdom.Comment;
import org.jdom.Document;
import org.jdom.Element;
import org.jdom.output.XMLOutputter;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.datamodel.*;
public class ReportXML implements ReportModule {
public static Document xmldoc = new Document();
private ReportConfiguration reportconfig;
private String xmlPath;
private static ReportXML instance = null;
public ReportXML() {
}
public static synchronized ReportXML getDefault() {
if (instance == null) {
instance = new ReportXML();
}
return instance;
}
@Override
public String generateReport(ReportConfiguration reportconfig) throws ReportModuleException {
ReportGen reportobj = new ReportGen();
reportobj.populateReport(reportconfig);
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> report = reportobj.Results;
try {
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
String caseName = currentCase.getName();
Integer imagecount = currentCase.getImageIDs().length;
Integer filesystemcount = currentCase.getRootObjectsCount();
Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG);
Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR);
Element root = new Element("Case");
xmldoc = new Document(root);
DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss");
Date date = new Date();
String datetime = datetimeFormat.format(date);
String datenotime = dateFormat.format(date);
Comment comment = new Comment("XML Report Generated by Autopsy 3 on " + datetime);
root.addContent(comment);
//Create summary node involving how many of each type
Element summary = new Element("Summary");
if (IngestManager.getDefault().isIngestRunning()) {
summary.addContent(new Element("Warning").setText("Report was run before ingest services completed!"));
}
summary.addContent(new Element("Name").setText(caseName));
summary.addContent(new Element("Total-Images").setText(imagecount.toString()));
summary.addContent(new Element("Total-FileSystems").setText(filesystemcount.toString()));
summary.addContent(new Element("Total-Files").setText(totalfiles.toString()));
summary.addContent(new Element("Total-Directories").setText(totaldirs.toString()));
root.addContent(summary);
//generate the nodes for each of the types so we can use them later
Element nodeGen = new Element("General-Information");
Element nodeWebBookmark = new Element("Web-Bookmarks");
Element nodeWebCookie = new Element("Web-Cookies");
Element nodeWebHistory = new Element("Web-History");
Element nodeWebDownload = new Element("Web-Downloads");
Element nodeRecentObjects = new Element("Recent-Documents");
Element nodeTrackPoint = new Element("Track-Points");
Element nodeInstalled = new Element("Installed-Programfiles");
Element nodeKeyword = new Element("Keyword-Search-Hits");
Element nodeHash = new Element("Hashset-Hits");
Element nodeDevice = new Element("Attached-Devices");
//remove bytes
Pattern INVALID_XML_CHARS = Pattern.compile("[^\\u0009\\u000A\\u000D\\u0020-\\uD7FF\\uE000-\\uFFFD\uD800\uDC00-\uDBFF\uDFFF]");
for (Entry<BlackboardArtifact, ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if (ReportFilter.cancel == true) {
break;
}
int cc = 0;
Element artifact = new Element("Artifact");
Long objId = entry.getKey().getObjectID();
Content cont = skCase.getContentById(objId);
Long filesize = cont.getSize();
try {
artifact.setAttribute("ID", objId.toString());
artifact.setAttribute("Name", cont.accept(new NameVisitor()));
artifact.setAttribute("Size", filesize.toString());
} catch (Exception e) {
Logger.getLogger(ReportXML.class.getName()).log(Level.WARNING, "Visitor content exception occurred:", e);
}
// Get all the attributes for this guy
for (BlackboardAttribute tempatt : entry.getValue()) {
if (ReportFilter.cancel == true) {
break;
}
Element attribute = new Element("Attribute").setAttribute("Type", tempatt.getAttributeTypeDisplayName());
String tempvalue = tempatt.getValueString();
//INVALID_XML_CHARS.matcher(tempvalue).replaceAll("");
Element value = new Element("Value").setText(tempvalue);
attribute.addContent(value);
Element context = new Element("Context").setText(StringEscapeUtils.escapeXml(tempatt.getContext()));
attribute.addContent(context);
artifact.addContent(attribute);
cc++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) {
//while (entry.getValue().iterator().hasNext())
// {
// }
nodeGen.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) {
nodeWebBookmark.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) {
nodeWebCookie.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) {
nodeWebHistory.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) {
nodeWebDownload.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) {
nodeRecentObjects.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) {
nodeTrackPoint.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) {
nodeInstalled.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
nodeKeyword.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) {
nodeHash.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) {
nodeDevice.addContent(artifact);
}
//end of master loop
}
//add them in the order we want them to the document
root.addContent(nodeGen);
root.addContent(nodeWebBookmark);
root.addContent(nodeWebCookie);
root.addContent(nodeWebHistory);
root.addContent(nodeWebDownload);
root.addContent(nodeRecentObjects);
root.addContent(nodeTrackPoint);
root.addContent(nodeInstalled);
root.addContent(nodeKeyword);
root.addContent(nodeHash);
root.addContent(nodeDevice);
//Export it the first time
xmlPath = currentCase.getCaseDirectory() + File.separator + "Reports" + File.separator + caseName + "-" + datenotime + ".xml";
this.save(xmlPath);
} catch (Exception e) {
Logger.getLogger(ReportXML.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return xmlPath;
}
@Override
public void save(String path) {
try {
FileOutputStream out = new FileOutputStream(path);
XMLOutputter serializer = new XMLOutputter();
serializer.output(xmldoc, out);
out.flush();
out.close();
} catch (IOException e) {
System.err.println(e);
}
}
@Override
public String getName() {
String name = "Default XML";
return name;
}
@Override
public String getReportType() {
String type = "XML";
return type;
}
@Override
public ReportConfiguration GetReportConfiguration() {
ReportConfiguration config = reportconfig;
return config;
}
@Override
public void getPreview(String path) {
BrowserControl.openUrl(path);
}
@Override
public String getReportTypeDescription() {
String desc = "This is an html formatted report that is meant to be viewed in a modern browser.";
return desc;
}
private class NameVisitor extends ContentVisitor.Default<String> {
@Override
protected String defaultVisit(Content cntnt) {
throw new UnsupportedOperationException("Not supported for " + cntnt.toString());
}
@Override
public String visit(Directory dir) {
return dir.getName();
}
@Override
public String visit(Image img) {
return img.getName();
}
//@Override
public String visit(File file) {
return file.getName();
}
}
}

60
Report/src/org/sleuthkit/autopsy/report/StopWatch.java Normal file
View File

@ -0,0 +1,60 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.sleuthkit.autopsy.report;
/**
*
* @author Alex
*/
public class StopWatch {
private long startTime = 0;
private long stopTime = 0;
private boolean running = false;
public void start() {
this.startTime = System.currentTimeMillis();
this.running = true;
}
public void stop() {
this.stopTime = System.currentTimeMillis();
this.running = false;
}
//elaspsed time in milliseconds
public long getElapsedTime() {
long elapsed;
if (running) {
elapsed = (System.currentTimeMillis() - startTime);
}
else {
elapsed = (stopTime - startTime);
}
return elapsed;
}
public void reset(){
startTime = 0;
stopTime = 0;
running = false;
}
//elaspsed time in seconds
public long getElapsedTimeSecs() {
long elapsed;
if (running) {
elapsed = ((System.currentTimeMillis() - startTime) / 1000);
}
else {
elapsed = ((stopTime - startTime) / 1000);
}
return elapsed;
}
}

30
Report/src/org/sleuthkit/autopsy/report/layer.xml
View File

@ -1,13 +1,33 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE filesystem PUBLIC "-//NetBeans//DTD Filesystem 1.2//EN" "http://www.netbeans.org/dtds/filesystem-1_2.dtd"> <!DOCTYPE filesystem PUBLIC "-//NetBeans//DTD Filesystem 1.2//EN" "http://www.netbeans.org/dtds/filesystem-1_2.dtd">
<filesystem> <filesystem>
<folder name="Services"/> <folder name="Menu">
<folder name="Tools">
<file name="org-sleuthkit-autopsy-report-ReportAction.shadow"/>
</folder>
</folder>
<folder name="Services">
<file name="org-sleuthkit-autopsy-report-ReportHTML.instance">
<attr name="instanceOf" stringvalue="org.sleuthkit.autopsy.report.ReportModule"/>
<attr name="instanceCreate" methodvalue="org.sleuthkit.autopsy.report.ReportHTML.getDefault"/>
<attr name="position" intvalue="900"/>
</file>
<file name="org-sleuthkit-autopsy-report-ReportXML.instance">
<attr name="instanceOf" stringvalue="org.sleuthkit.autopsy.report.ReportModule"/>
<attr name="instanceCreate" methodvalue="org.sleuthkit.autopsy.report.ReportXML.getDefault"/>
<attr name="position" intvalue="901"/>
</file>
<file name="org-sleuthkit-autopsy-report-ReportXLS.instance">
<attr name="instanceOf" stringvalue="org.sleuthkit.autopsy.report.ReportModule"/>
<attr name="instanceCreate" methodvalue="org.sleuthkit.autopsy.report.ReportXLS.getDefault"/>
<attr name="position" intvalue="902"/>
</file>
</folder>
<folder name="Toolbars"> <folder name="Toolbars">
<folder name="File"> <folder name="File">
<file name="org-sleuthkit-autopsy-report-reportAction.shadow"> <file name="org-sleuthkit-autopsy-report-ReportAction.shadow">
<attr name="displayName" bundlevalue="org.sleuthkit.autopsy.report.Bundle#Toolbars/Reports/org-sleuthkit-autopsy-report-reportAction.shadow"/> <attr name="displayName" bundlevalue="org.sleuthkit.autopsy.report.Bundle#Toolbars/Reports/org-sleuthkit-autopsy-report-ReportAction.shadow"/>
<attr name="originalFile" stringvalue="Actions/Tools/org-sleuthkit-autopsy-report-reportAction.instance"/> <attr name="originalFile" stringvalue="Actions/Tools/org-sleuthkit-autopsy-report-ReportAction.instance"/>
<attr name="position" intvalue="650"/> <attr name="position" intvalue="650"/>
</file> </file>
</folder> </folder>

295
Report/src/org/sleuthkit/autopsy/report/report.java
View File

@ -1,295 +0,0 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.sleuthkit.autopsy.report;
import java.sql.ResultSet;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.SleuthkitCase;
/**
*
* @author Alex
*/
public class report implements reportInterface {
private void report(){
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getGenInfo() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(1);
for (BlackboardArtifact artifact : bbart)
{
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getWebHistory() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(4);
for (BlackboardArtifact artifact : bbart)
{
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getWebCookie() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(3);
for (BlackboardArtifact artifact : bbart)
{
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getWebBookmark() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(2);
for (BlackboardArtifact artifact : bbart)
{
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getWebDownload() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(5);
for (BlackboardArtifact artifact : bbart)
{
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getRecentObject() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(6);
for (BlackboardArtifact artifact : bbart)
{
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getKeywordHit() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(9);
for (BlackboardArtifact artifact : bbart)
{
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getHashHit() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(10);
for (BlackboardArtifact artifact : bbart)
{
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getInstalledProg() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(8);
for (BlackboardArtifact artifact : bbart)
{
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getDevices() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(11);
for (BlackboardArtifact artifact : bbart)
{
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return reportMap;
}
@Override
public String getGroupedKeywordHit() {
StringBuilder table = new StringBuilder();
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ResultSet uniqueresults = tempDb.runQuery("SELECT DISTINCT value_text from blackboard_attributes where attribute_type_id = '10' order by value_text ASC");
while(uniqueresults.next())
{
table.append("<strong>").append(uniqueresults.getString("value_text")).append("</strong>");
table.append("<table><thead><tr><th>").append("File Name").append("</th><th>Preview</th><th>Keyword List</th></tr><tbody>");
ArrayList<BlackboardArtifact> artlist = new ArrayList<BlackboardArtifact>();
ResultSet tempresults = tempDb.runQuery("select DISTINCT artifact_id from blackboard_attributes where attribute_type_id = '10' and value_text = '" + uniqueresults.getString("value_text") +"'");
while(tempresults.next())
{
artlist.add(tempDb.getBlackboardArtifact(tempresults.getLong("artifact_id")));
}
for(BlackboardArtifact art : artlist)
{
String filename = tempDb.getFsContentById(art.getObjectID()).getName();
String preview = "";
String set = "";
table.append("<tr><td>").append(filename).append("</td>");
ArrayList<BlackboardAttribute> tempatts = art.getAttributes();
for(BlackboardAttribute att : tempatts)
{
if(att.getAttributeTypeID() == 12)
{
preview = "<td>" + att.getValueString() + "</td>";
}
if(att.getAttributeTypeID() == 13)
{
set = "<td>" + att.getValueString() + "</td>";
}
}
table.append(preview).append(set).append("</tr>");
}
table.append("</tbody></table><br /><br />");
}
}
catch (Exception e)
{
Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
String result = table.toString();
return result;
}
}

173
Report/src/org/sleuthkit/autopsy/report/reportAction.java
View File

@ -1,173 +0,0 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.sleuthkit.autopsy.report;
import java.awt.Component;
import java.awt.Dimension;
import java.awt.Toolkit;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import java.io.File;
import javax.swing.JButton;
import javax.swing.JDialog;
import javax.swing.JFrame;
import org.openide.awt.ActionRegistration;
import org.openide.awt.ActionReference;
import org.openide.awt.ActionReferences;
import org.openide.awt.ActionID;
import org.openide.util.HelpCtx;
import org.openide.util.NbBundle.Messages;
import org.openide.util.actions.CallableSystemAction;
import org.openide.util.actions.Presenter;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.coreutils.Log;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.swing.ImageIcon;
@ActionID(category = "Tools",
id = "org.sleuthkit.autopsy.report.reportAction")
@ActionRegistration(displayName = "#CTL_reportAction")
@ActionReferences({
@ActionReference(path = "Menu/Tools", position = 80)
})
@Messages("CTL_reportAction=Run Report")
public final class reportAction extends CallableSystemAction implements Presenter.Toolbar{
private JButton toolbarButton = new JButton();
private static final String ACTION_NAME = "Generate Report";
Logger logger = Logger.getLogger(reportAction.class.getName());
public reportAction() {
setEnabled(false);
Case.addPropertyChangeListener(new PropertyChangeListener() {
@Override
public void propertyChange(PropertyChangeEvent evt) {
if(evt.getPropertyName().equals(Case.CASE_CURRENT_CASE)){
setEnabled(evt.getNewValue() != null);
}
}
});
//attempt to create a report folder if a case is active
Case.addPropertyChangeListener(new PropertyChangeListener () {
@Override
public void propertyChange(PropertyChangeEvent evt) {
String changed = evt.getPropertyName();
//case has been changed
if (changed.equals(Case.CASE_CURRENT_CASE)) {
Case newCase = (Case)evt.getNewValue();
if (newCase != null) {
boolean exists = (new File(newCase.getCaseDirectory() + "\\Reports")).exists();
if (exists) {
// report directory exists -- don't need to do anything
} else {
// report directory does not exist -- create it
boolean reportCreate = (new File(newCase.getCaseDirectory() + "\\Reports")).mkdirs();
if(!reportCreate){
logger.log(Level.WARNING, "Could not create Reports directory for case. It does not exist.");
}
}
}
}
}
});
// set action of the toolbar button
toolbarButton.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
reportAction.this.actionPerformed(e);
}
});
}
@Override
public void actionPerformed(ActionEvent e) {
try {
// create the popUp window for it
final JFrame frame = new JFrame(ACTION_NAME);
final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal
// initialize panel with loaded settings
final reportFilter panel = new reportFilter();
panel.setjButton2ActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
popUpWindow.dispose();
}
});
// add the panel to the popup window
popUpWindow.add(panel);
popUpWindow.pack();
popUpWindow.setResizable(false);
// set the location of the popUp Window on the center of the screen
Dimension screenDimension = Toolkit.getDefaultToolkit().getScreenSize();
double w = popUpWindow.getSize().getWidth();
double h = popUpWindow.getSize().getHeight();
popUpWindow.setLocation((int) ((screenDimension.getWidth() - w) / 2), (int) ((screenDimension.getHeight() - h) / 2));
// display the window
popUpWindow.setVisible(true);
// add the command to close the window to the button on the Case Properties form / panel
} catch (Exception ex) {
Log.get(reportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex);
}
}
@Override
public void performAction() {
}
@Override
public String getName() {
return ACTION_NAME;
}
@Override
public HelpCtx getHelpCtx() {
return HelpCtx.DEFAULT_HELP;
}
/**
* Returns the toolbar component of this action
*
* @return component the toolbar button
*/
@Override
public Component getToolbarPresenter() {
ImageIcon icon = new ImageIcon(getClass().getResource("btn_icon_generate_report.png"));
toolbarButton.setIcon(icon);
toolbarButton.setText("Generate Report");
return toolbarButton;
}
/**
* Set this action to be enabled/disabled
*
* @param value whether to enable this action or not
*/
@Override
public void setEnabled(boolean value){
super.setEnabled(value);
toolbarButton.setEnabled(value);
}
}

185
Report/src/org/sleuthkit/autopsy/report/reportFilter.form
View File

@ -1,185 +0,0 @@
<?xml version="1.1" encoding="UTF-8" ?>
<Form version="1.5" maxVersion="1.7" type="org.netbeans.modules.form.forminfo.JPanelFormInfo">
<NonVisualComponents>
<Component class="javax.swing.JButton" name="jButton2">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportFilter.jButton2.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="actionCommand" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportFilter.jButton2.actionCommand" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="label" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportFilter.jButton2.label" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
</Component>
</NonVisualComponents>
<Properties>
<Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[250, 193]"/>
</Property>
</Properties>
<AuxValues>
<AuxValue name="FormSettings_autoResourcing" type="java.lang.Integer" value="1"/>
<AuxValue name="FormSettings_autoSetComponentName" type="java.lang.Boolean" value="false"/>
<AuxValue name="FormSettings_generateFQN" type="java.lang.Boolean" value="true"/>
<AuxValue name="FormSettings_generateMnemonicsCode" type="java.lang.Boolean" value="false"/>
<AuxValue name="FormSettings_i18nAutoMode" type="java.lang.Boolean" value="true"/>
<AuxValue name="FormSettings_layoutCodeTarget" type="java.lang.Integer" value="1"/>
<AuxValue name="FormSettings_listenerGenerationStyle" type="java.lang.Integer" value="0"/>
<AuxValue name="FormSettings_variablesLocal" type="java.lang.Boolean" value="false"/>
<AuxValue name="FormSettings_variablesModifier" type="java.lang.Integer" value="2"/>
</AuxValues>
<Layout>
<DimensionLayout dim="0">
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" attributes="0">
<EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0">
<Group type="103" groupAlignment="0" attributes="0">
<Component id="jCheckBox3" alignment="0" min="-2" max="-2" attributes="0"/>
<Group type="102" alignment="0" attributes="0">
<Group type="103" groupAlignment="0" attributes="0">
<Component id="jCheckBox2" alignment="0" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox1" alignment="0" min="-2" max="-2" attributes="0"/>
</Group>
<EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Component id="jCheckBox5" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox4" alignment="0" min="-2" max="-2" attributes="0"/>
</Group>
</Group>
</Group>
<EmptySpace min="-2" pref="69" max="-2" attributes="0"/>
</Group>
<Group type="102" alignment="0" attributes="0">
<Component id="jButton1" min="-2" max="-2" attributes="0"/>
<EmptySpace max="32767" attributes="0"/>
<Component id="cancelButton" min="-2" max="-2" attributes="0"/>
<EmptySpace min="-2" pref="156" max="-2" attributes="0"/>
</Group>
<Component id="progBar" alignment="0" min="-2" pref="231" max="-2" attributes="0"/>
</Group>
<EmptySpace max="-2" attributes="0"/>
</Group>
</Group>
</DimensionLayout>
<DimensionLayout dim="1">
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0">
<EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="3" attributes="0">
<Component id="jCheckBox1" alignment="3" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox4" alignment="3" min="-2" max="-2" attributes="0"/>
</Group>
<EmptySpace type="separate" max="-2" attributes="0"/>
<Group type="103" groupAlignment="3" attributes="0">
<Component id="jCheckBox2" alignment="3" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox5" alignment="3" min="-2" max="-2" attributes="0"/>
</Group>
<EmptySpace type="separate" max="-2" attributes="0"/>
<Component id="jCheckBox3" min="-2" max="-2" attributes="0"/>
<EmptySpace type="separate" max="-2" attributes="0"/>
<Group type="103" groupAlignment="3" attributes="0">
<Component id="jButton1" alignment="3" max="32767" attributes="1"/>
<Component id="cancelButton" alignment="3" max="32767" attributes="1"/>
</Group>
<EmptySpace max="-2" attributes="0"/>
<Component id="progBar" pref="23" max="32767" attributes="1"/>
<EmptySpace max="-2" attributes="0"/>
</Group>
</Group>
</DimensionLayout>
</Layout>
<SubComponents>
<Component class="javax.swing.JCheckBox" name="jCheckBox1">
<Properties>
<Property name="selected" type="boolean" value="true"/>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportFilter.jCheckBox1.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
<Events>
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="jCheckBox1ActionPerformed"/>
</Events>
</Component>
<Component class="javax.swing.JCheckBox" name="jCheckBox2">
<Properties>
<Property name="selected" type="boolean" value="true"/>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportFilter.jCheckBox2.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
</Component>
<Component class="javax.swing.JCheckBox" name="jCheckBox3">
<Properties>
<Property name="selected" type="boolean" value="true"/>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportFilter.jCheckBox3.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
</Component>
<Component class="javax.swing.JCheckBox" name="jCheckBox4">
<Properties>
<Property name="selected" type="boolean" value="true"/>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportFilter.jCheckBox4.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
</Component>
<Component class="javax.swing.JCheckBox" name="jCheckBox5">
<Properties>
<Property name="selected" type="boolean" value="true"/>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportFilter.jCheckBox5.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
</Component>
<Component class="javax.swing.JButton" name="jButton1">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportFilter.jButton1.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
<Events>
<EventHandler event="mouseReleased" listener="java.awt.event.MouseListener" parameters="java.awt.event.MouseEvent" handler="jButton1MouseReleased"/>
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="jButton1ActionPerformed"/>
</Events>
<AuxValues>
<AuxValue name="JavaCodeGenerator_SerializeTo" type="java.lang.String" value="reportFilter_jButton1"/>
</AuxValues>
</Component>
<Component class="javax.swing.JProgressBar" name="progBar">
<Properties>
<Property name="doubleBuffered" type="boolean" value="true"/>
<Property name="enabled" type="boolean" value="false"/>
<Property name="name" type="java.lang.String" value="" noResource="true"/>
<Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[146, 15]"/>
</Property>
<Property name="string" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportFilter.progBar.string" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="stringPainted" type="boolean" value="true"/>
</Properties>
</Component>
<Component class="javax.swing.JButton" name="cancelButton">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportFilter.cancelButton.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="actionCommand" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportFilter.cancelButton.actionCommand" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="enabled" type="boolean" value="false"/>
</Properties>
<Events>
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="cancelButtonActionPerformed"/>
</Events>
</Component>
</SubComponents>
</Form>

304
Report/src/org/sleuthkit/autopsy/report/reportFilter.java
View File

@ -1,304 +0,0 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
/*
* reportFilter.java
*
* Created on Feb 22, 2012, 11:12:12 AM
*/
package org.sleuthkit.autopsy.report;
import java.awt.event.ActionListener;
import java.util.ArrayList;
import javax.swing.SwingUtilities;
import javax.swing.SwingWorker;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskException;
/**
*
* @author Alex
*/
public class reportFilter extends javax.swing.JPanel {
public static ArrayList<Integer> filters = new ArrayList<Integer>();
public final reportFilter panel = this;
reportPanelAction rpa = new reportPanelAction();
public static boolean cancel = false;
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
/** Creates new form reportFilter */
public reportFilter() {
initComponents();
cancel = false;
}
/** This method is called from within the constructor to
* initialize the form.
* WARNING: Do NOT modify this code. The content of this method is
* always regenerated by the Form Editor.
*/
@SuppressWarnings("unchecked")
// <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents
private void initComponents() {
jButton2 = new javax.swing.JButton();
jCheckBox1 = new javax.swing.JCheckBox();
jCheckBox2 = new javax.swing.JCheckBox();
jCheckBox3 = new javax.swing.JCheckBox();
jCheckBox4 = new javax.swing.JCheckBox();
jCheckBox5 = new javax.swing.JCheckBox();
jButton1 = new javax.swing.JButton();
progBar = new javax.swing.JProgressBar();
cancelButton = new javax.swing.JButton();
jButton2.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jButton2.text")); // NOI18N
jButton2.setActionCommand(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jButton2.actionCommand")); // NOI18N
jButton2.setLabel(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jButton2.label")); // NOI18N
setPreferredSize(new java.awt.Dimension(250, 193));
jCheckBox1.setSelected(true);
jCheckBox1.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jCheckBox1.text")); // NOI18N
jCheckBox1.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
jCheckBox1ActionPerformed(evt);
}
});
jCheckBox2.setSelected(true);
jCheckBox2.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jCheckBox2.text")); // NOI18N
jCheckBox3.setSelected(true);
jCheckBox3.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jCheckBox3.text")); // NOI18N
jCheckBox4.setSelected(true);
jCheckBox4.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jCheckBox4.text")); // NOI18N
jCheckBox5.setSelected(true);
jCheckBox5.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jCheckBox5.text")); // NOI18N
jButton1.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jButton1.text")); // NOI18N
jButton1.addMouseListener(new java.awt.event.MouseAdapter() {
public void mouseReleased(java.awt.event.MouseEvent evt) {
jButton1MouseReleased(evt);
}
});
jButton1.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
jButton1ActionPerformed(evt);
}
});
progBar.setDoubleBuffered(true);
progBar.setEnabled(false);
progBar.setName(""); // NOI18N
progBar.setPreferredSize(new java.awt.Dimension(146, 15));
progBar.setString(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.progBar.string")); // NOI18N
progBar.setStringPainted(true);
cancelButton.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.cancelButton.text")); // NOI18N
cancelButton.setActionCommand(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.cancelButton.actionCommand")); // NOI18N
cancelButton.setEnabled(false);
cancelButton.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
cancelButtonActionPerformed(evt);
}
});
javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
this.setLayout(layout);
layout.setHorizontalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addContainerGap()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jCheckBox3)
.addGroup(layout.createSequentialGroup()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jCheckBox2)
.addComponent(jCheckBox1))
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jCheckBox5)
.addComponent(jCheckBox4))))
.addGap(69, 69, 69))
.addGroup(layout.createSequentialGroup()
.addComponent(jButton1)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addComponent(cancelButton)
.addGap(156, 156, 156)))
.addContainerGap())
.addGroup(layout.createSequentialGroup()
.addComponent(progBar, javax.swing.GroupLayout.PREFERRED_SIZE, 231, javax.swing.GroupLayout.PREFERRED_SIZE)
.addContainerGap(109, Short.MAX_VALUE))))
);
layout.setVerticalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addContainerGap()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(jCheckBox1)
.addComponent(jCheckBox4))
.addGap(18, 18, 18)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(jCheckBox2)
.addComponent(jCheckBox5))
.addGap(18, 18, 18)
.addComponent(jCheckBox3)
.addGap(18, 18, 18)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(jButton1, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addComponent(cancelButton, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(progBar, javax.swing.GroupLayout.DEFAULT_SIZE, 17, Short.MAX_VALUE)
.addContainerGap())
);
}// </editor-fold>//GEN-END:initComponents
private void jCheckBox1ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jCheckBox1ActionPerformed
}//GEN-LAST:event_jCheckBox1ActionPerformed
public void getfilters(java.awt.event.ActionEvent evt)
{
jButton1ActionPerformed(evt);
}
private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButton1ActionPerformed
jButton1.setEnabled(false);
progBar.setEnabled(true);
cancelButton.setEnabled(true);
progBar.setStringPainted(true);
progBar.setValue(0);
filters.clear();
if(jCheckBox1.isSelected())
{
filters.add(2);
filters.add(3);
filters.add(4);
filters.add(5);
}
if(jCheckBox2.isSelected())
{
filters.add(1);
}
if(jCheckBox3.isSelected())
{
filters.add(9);
}
if(jCheckBox4.isSelected())
{
filters.add(10);
}
if(jCheckBox5.isSelected())
{
filters.add(6);
filters.add(8);
filters.add(11);
}
getReports();
}//GEN-LAST:event_jButton1ActionPerformed
public void getReports() {
new SwingWorker<Void, Void>() {
protected Void doInBackground() throws Exception {
rpa.reportGenerate(filters, panel);
return null;
};
// this is called when the SwingWorker's doInBackground finishes
protected void done() {
progBar.setVisible(false); // hide my progress bar JFrame
};
}.execute();
progBar.setVisible(true);
}
private void cancelButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_cancelButtonActionPerformed
cancelButton.setText("Cancelled!");
cancel = true;
}//GEN-LAST:event_cancelButtonActionPerformed
private void jButton1MouseReleased(java.awt.event.MouseEvent evt) {//GEN-FIRST:event_jButton1MouseReleased
}//GEN-LAST:event_jButton1MouseReleased
public void progBarSet(int cc)
{
final int count = cc;
SwingUtilities.invokeLater(new Runnable() {
public void run() {
int start = progBar.getValue();
int end = start + count;
progBar.setValue(end);
progBar.setString(null);
progBar.setString(progBar.getString());
progBar.setStringPainted(true);
if(progBar.getPercentComplete() == 1.0){
progBar.setString("Populating Report - Please wait...");
progBar.setStringPainted(true);
progBar.setIndeterminate(true);
}
}});
}
public void progBarDone(){
int max = progBar.getMaximum();
progBar.setValue(max);
jButton2.doClick();
}
public void progBarStartText(){
progBar.setIndeterminate(true);
progBar.setString("Querying Database for Report Results...");
}
public void progBarText(){
progBar.setString("Populating Report - Please wait...");
progBar.setStringPainted(true);
progBar.repaint();
progBar.setIndeterminate(true);
}
public void progBarCount(int count){
progBar.setIndeterminate(false);
progBar.setString(null);
progBar.setMinimum(0);
progBar.setMaximum(count);
progBar.setValue(0);
//Double bper = progBar.getPercentComplete();
progBar.setString(progBar.getString());
}
public void setjButton1ActionListener(ActionListener e){
jButton1.addActionListener(e);
}
public void setjButton2ActionListener(ActionListener e){
jButton2.addActionListener(e);
cancelButton.addActionListener(e);
}
// Variables declaration - do not modify//GEN-BEGIN:variables
private javax.swing.JButton cancelButton;
private javax.swing.JButton jButton1;
private javax.swing.JButton jButton2;
private javax.swing.JCheckBox jCheckBox1;
private javax.swing.JCheckBox jCheckBox2;
private javax.swing.JCheckBox jCheckBox3;
private javax.swing.JCheckBox jCheckBox4;
private javax.swing.JCheckBox jCheckBox5;
private javax.swing.JProgressBar progBar;
// End of variables declaration//GEN-END:variables
}

412
Report/src/org/sleuthkit/autopsy/report/reportHTML.java
View File

@ -1,412 +0,0 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.sleuthkit.autopsy.report;
import java.io.BufferedWriter;
import java.io.FileOutputStream;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Map.Entry;
import java.util.TreeMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskData;
/**
*
* @author Alex
*/
public class reportHTML {
//Declare our publically accessible formatted report, this will change everytime they run a report
public static StringBuilder formatted_Report = new StringBuilder();
public static StringBuilder unformatted_header = new StringBuilder();
public static StringBuilder formatted_header = new StringBuilder();
public static String htmlPath = "";
public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> report, reportFilter rr){
//This is literally a terrible way to count up all the types of artifacts, and doesn't include any added ones.
//Unlike the XML report, which is dynamic, this is formatted and needs to be redone later instead of being hardcoded.
//Also, clearing variables to generate new report.
formatted_Report.setLength(0);
unformatted_header.setLength(0);
formatted_header.setLength(0);
int countGen = 0;
int countWebBookmark = 0;
int countWebCookie = 0;
int countWebHistory = 0;
int countWebDownload = 0;
int countRecentObjects = 0;
int countTrackPoint = 0;
int countInstalled = 0;
int countKeyword = 0;
int countHash = 0;
int countDevice = 0;
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(entry.getKey().getArtifactTypeID() == 1){
countGen++;
}
if(entry.getKey().getArtifactTypeID() == 2){
countWebBookmark++;
}
if(entry.getKey().getArtifactTypeID() == 3){
countWebCookie++;
}
if(entry.getKey().getArtifactTypeID() == 4){
countWebHistory++;
}
if(entry.getKey().getArtifactTypeID() == 5){
countWebDownload++;
}
if(entry.getKey().getArtifactTypeID() == 6){
countRecentObjects++;
}
if(entry.getKey().getArtifactTypeID() == 7){
countTrackPoint++;
}
if(entry.getKey().getArtifactTypeID() == 8){
countInstalled++;
}
if(entry.getKey().getArtifactTypeID() == 9){
countKeyword++;
}
if(entry.getKey().getArtifactTypeID() == 10){
countHash++;
}
if(entry.getKey().getArtifactTypeID() == 11){
countDevice++;
}
}
try{
String ingestwarning = "<h2 style=\"color: red;\">Warning, this report was run before ingest services completed!</h2>";
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
String caseName = currentCase.getName();
Integer imagecount = currentCase.getImageIDs().length;
Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG);
Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR);
int reportsize = report.size();
Integer filesystemcount = currentCase.getRootObjectsCount();
DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy");
Date date = new Date();
String datetime = datetimeFormat.format(date);
String datenotime = dateFormat.format(date);
String CSS = "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"><style>"
+ "body {padding: 30px; margin: 0; background: #FFFFFF; font: 13px/20px Arial, Helvetica, sans-serif; color: #535353;} "
+ "h1 {font-size: 26px; color: #005577; margin: 0 0 20px 0;} "
+ "h2 {font-size: 20px; font-weight: normal; color: #0077aa; margin: 40px 0 10px 0; padding: 0 0 10px 0; border-bottom: 1px solid #dddddd;} "
+ "h3 {font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;} "
+ "p {margin: 0 0 20px 0;} table {width: 100%; padding: 0; margin: 0; border-collapse: collapse; border-bottom: 1px solid #e5e5e5;} "
+ "table thead th {display: table-cell; text-align: left; padding: 8px 16px; background: #e5e5e5; color: #777;font-size: 11px;text-shadow: #e9f9fd 0 1px 0; border-top: 1px solid #dedede; border-bottom: 2px solid #dedede;} "
+ "table tr th:nth-child(1) {text-align: center; width: 60px;} "
+ "table td {display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif;} "
+ "table tr:nth-child(even) td {background: #f3f3f3;} "
+ "table tr td:nth-child(1) {text-align: left; width: 60px; background: #f3f3f3;} "
+ "table tr:nth-child(even) td:nth-child(1) {background: #eaeaea;}"
+ "</style>";
//Add additional header information
String header = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\"><html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\"><head><title>Autopsy Report for Case: " + caseName + "</title>";
formatted_header.append(header);
formatted_header.append(CSS);
//do for unformatted
String simpleCSS = "<style>"
+ "body {padding: 30px; margin: 0; background: #FFFFFF; color: #535353;} "
+ "h1 {font-size: 26px; color: #005577; margin: 0 0 20px 0;} "
+ "h2 {font-size: 20px; font-weight: normal; color: #0077aa; margin: 40px 0 10px 0; padding: 0 0 10px 0; border-bottom: 1px solid #dddddd;} "
+ "h3 {font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;} "
+ "p {margin: 0 0 20px 0;} table {width: 100%; padding: 0; margin: 0; border-collapse: collapse; border-bottom: 1px solid #e5e5e5;} "
+ "table thead th {display: table-cell; text-align: left; padding: 4px 8px; background: #e5e5e5; color: #777;font-size: 11px; width: 80px; border-top: 1px solid #dedede; border-bottom: 2px solid #dedede;} "
+ "table tr th {text-align: left; width: 80px;} "
+ "table td {width: 100px; font-size: 8px; display: table-cell; padding: 4px 8px;} "
+ "table tr {text-align: left; width: 60px; background: #f3f3f3;} "
+ "tr.alt td{ background-color: #FFFFFF;}"
+ "</style>";
unformatted_header.append(header);
unformatted_header.append(simpleCSS);
//formatted_Report.append("<link rel=\"stylesheet\" href=\"" + rrpath + "report.css\" type=\"text/css\" />");
formatted_Report.append("</head><body><div id=\"main\"><div id=\"content\">");
// Add summary information now
formatted_Report.append("<h1>Report for Case: ").append(caseName).append("</h1>");
if(IngestManager.getDefault().isIngestRunning())
{
formatted_Report.append(ingestwarning);
}
formatted_Report.append("<h2>Case Summary</h2><p>HTML Report Generated by <strong>Autopsy 3</strong> on ").append(datetime).append("<ul>");
formatted_Report.append("<li># of Images: ").append(imagecount).append("</li>");
formatted_Report.append("<li>FileSystems: ").append(filesystemcount).append("</li>");
formatted_Report.append("<li># of Files: ").append(totalfiles.toString()).append("</li>");
formatted_Report.append("<li># of Dirs: ").append(totaldirs.toString()).append("</li>");
formatted_Report.append("<li># of Artifacts: ").append(reportsize).append("</li></ul>");
formatted_Report.append("<br /><table><thead><tr><th>Section</th><th>Count</th></tr></thead><tbody>");
if(countWebBookmark > 0){
formatted_Report.append("<tr><td><a href=\"#bookmark\">Web Bookmarks</a></td><td>").append(countWebBookmark).append("</td></tr>");
}
if(countWebCookie > 0){
formatted_Report.append("<tr><td><a href=\"#cookie\">Web Cookies</a></td><td>").append(countWebCookie).append("</td></tr>");
}
if(countWebHistory > 0){
formatted_Report.append("<tr><td><a href=\"#history\">Web History</a></td><td>").append(countWebHistory).append("</td></tr>");
}
if(countWebDownload > 0){
formatted_Report.append("<tr><td><a href=\"#download\">Web Downloads</a></td><td>").append(countWebDownload).append("</td></tr>");
}
if(countRecentObjects > 0){
formatted_Report.append("<tr><td><a href=\"#recent\">Recent Documents</a></td><td>").append(countRecentObjects).append("</td></tr>");
}
if(countInstalled > 0){
formatted_Report.append("<tr><td><a href=\"#installed\">Installed Programs</a></td><td>").append(countInstalled).append("</td></tr>");
}
if(countKeyword > 0){
formatted_Report.append("<tr><td><a href=\"#keyword\">Keyword Hits</a></td><td>").append(countKeyword).append("</td></tr>");
}
if(countHash > 0){
formatted_Report.append("<tr><td><a href=\"#hash\">Hash Hits</a></td><td>").append(countHash).append("</td></tr>");
}
if(countDevice > 0){
formatted_Report.append("<tr><td><a href=\"#device\">Attached Devices</a></td><td>").append(countDevice).append("</td></tr>");
}
formatted_Report.append("</tbody></table><br />");
String tableHeader = "<table><thead><tr>";
StringBuilder nodeGen = new StringBuilder("<h3>General Information (").append(countGen).append(")</h3>").append(tableHeader).append("<th>Attribute</th><th>Value</th></tr></thead><tbody>");
StringBuilder nodeWebBookmark = new StringBuilder("<h3><a name=\"bookmark\">Web Bookmarks (").append(countWebBookmark).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Title</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeWebCookie = new StringBuilder("<h3><a name=\"cookie\">Web Cookies (").append(countWebCookie).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Name</th><th>Value</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeWebHistory = new StringBuilder("<h3><a name=\"history\">Web History (").append(countWebHistory).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Referrer</th><th>Title</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeWebDownload = new StringBuilder("<h3><a name=\"download\">Web Downloads (").append(countWebDownload).append(")</h3>").append(tableHeader).append("<th>File</th><th>Source</th><th>Time</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeRecentObjects = new StringBuilder("<h3><a name=\"recent\">Recent Documents (").append(countRecentObjects).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Path</th><th>Related Shortcut</th></tr></thead><tbody>");
StringBuilder nodeTrackPoint = new StringBuilder("<h3><a name=\"track\">Track Points (").append(countTrackPoint).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Attribute</th><th>Value</th></tr></thead><tbody>");
StringBuilder nodeInstalled = new StringBuilder("<h3><a name=\"installed\">Installed Programs (").append(countInstalled).append(")</h3>").append(tableHeader).append("<th>Program Name</th><th>Install Date/Time</th></tr></thead><tbody>");
StringBuilder nodeKeyword = new StringBuilder("<h3><a name=\"keyword\">Keyword Search Hits (").append(countKeyword).append(")</h3>");
StringBuilder nodeHash = new StringBuilder("<h3><a name=\"hash\">Hashset Hit (").append(countHash).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Size</th><th>Hashset Name</th></tr></thead><tbody>");
StringBuilder nodeDevice = new StringBuilder("<h3><a name=\"device\">Attached Devices (").append(countHash).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Serial #</th><th>Time</th></tr></thead><tbody>");
int alt = 0;
String altRow = "";
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(reportFilter.cancel == true){
break;
}
int cc = 0;
if(alt > 0)
{
altRow = " class=\"alt\"";
alt = 0;
}
else{
altRow="";
alt++;
}
StringBuilder artifact = new StringBuilder("");
Long objId = entry.getKey().getObjectID();
//Content file = skCase.getContentById(objId);
FsContent file = skCase.getFsContentById(objId);
Long filesize = file.getSize();
TreeMap<Integer, String> attributes = new TreeMap<Integer,String>();
// Get all the attributes, line them up to be added. Place empty string placeholders for each attribute type
int n;
for(n=1;n<=35;n++)
{
attributes.put(n, "");
}
for (BlackboardAttribute tempatt : entry.getValue())
{
if(reportFilter.cancel == true){
break;
}
String value = "";
int type = tempatt.getAttributeTypeID();
if(tempatt.getValueString() == null || "null".equals(tempatt.getValueString())){
}
else if(type == 2 || type == 33 ){
value = new java.text.SimpleDateFormat("MM/dd/yyyy HH:mm:ss").format(new java.util.Date ((tempatt.getValueLong())));
if(value == null || "".equals(value)){
value = tempatt.getValueString();
}
}
else
{
value = tempatt.getValueString();
}
value = reportUtils.insertPeriodically(value, "<br>", 30);
attributes.put(type, value);
cc++;
}
if(entry.getKey().getArtifactTypeID() == 1){
artifact.append("</tr>");
nodeGen.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 2){
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(3)).append("</td>");
artifact.append("<td>").append(attributes.get(4)).append("</td>");
artifact.append("</tr>");
nodeWebBookmark.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 3){
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(2)).append("</td>");
artifact.append("<td>").append(attributes.get(3)).append("</td>");
artifact.append("<td>").append(attributes.get(6)).append("</td>");
artifact.append("<td>").append(attributes.get(4)).append("</td>");
artifact.append("</tr>");
nodeWebCookie.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 4){
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(33)).append("</td>");
artifact.append("<td>").append(attributes.get(32)).append("</td>");
artifact.append("<td>").append(attributes.get(3)).append("</td>");
artifact.append("<td>").append(attributes.get(4)).append("</td>");
artifact.append("</tr>");
nodeWebHistory.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 5){
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(8)).append("</td>");
artifact.append("<td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(33)).append("</td>");
artifact.append("<td>").append(attributes.get(4)).append("</td>");
artifact.append("</tr>");
nodeWebDownload.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 6){
//artifact.append("<tr><td>").append(objId.toString());
artifact.append("<tr").append(altRow).append("><td><strong>").append(attributes.get(3)).append("</strong></td>");
artifact.append("<td>").append(attributes.get(8)).append("</td>");
artifact.append("<td>").append(file.getName()).append("</td>");
artifact.append("</tr>");
nodeRecentObjects.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 7){
artifact.append("<tr").append(altRow).append("><td>").append(objId.toString());
artifact.append("</td><td><strong>").append(file.getName().toString()).append("</strong></td>");
artifact.append("<td>").append(filesize.toString()).append("</td>");
artifact.append("</tr>");
nodeTrackPoint.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 8){
artifact.append("<tr").append(altRow).append("><td><strong>").append(attributes.get(4)).append("</strong></td>");
artifact.append("<td>").append(attributes.get(2)).append("</td>");
artifact.append("</tr>");
nodeInstalled.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 9){
// artifact.append("<table><thead><tr><th>Artifact ID</th><th>Name</th><th>Size</th>");
// artifact.append("</tr></table>");
// nodeKeyword.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 10){
// artifact.append("<tr><td>").append(objId.toString());
artifact.append("<tr").append(altRow).append("><td><strong>").append(file.getName().toString()).append("</strong></td>");
artifact.append("<td>").append(filesize.toString()).append("</td>");
//artifact.append("<td>").append(attributes.get(31)).append("</td>");
artifact.append("<td>").append(attributes.get(30)).append("</td>");
artifact.append("</tr>");
nodeHash.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 11){
artifact.append("<tr").append(altRow).append("><td><strong>").append(attributes.get(18)).append("</strong></td>");
artifact.append("<td>").append(attributes.get(20)).append("</td>");
artifact.append("<td>").append(attributes.get(2)).append("</td>");
artifact.append("</tr>");
nodeDevice.append(artifact);
}
cc++;
rr.progBarSet(cc);
}
//Add them back in order
//formatted_Report.append(nodeGen);
// formatted_Report.append("</tbody></table>");
if(countWebBookmark > 0){
formatted_Report.append(nodeWebBookmark);
formatted_Report.append("</tbody></table>");
}
if(countWebCookie > 0){
formatted_Report.append(nodeWebCookie);
formatted_Report.append("</tbody></table>");
}
if(countWebHistory > 0){
formatted_Report.append(nodeWebHistory);
formatted_Report.append("</tbody></table>");
}
if(countWebDownload > 0){
formatted_Report.append(nodeWebDownload);
formatted_Report.append("</tbody></table>");
}
if(countRecentObjects > 0){
formatted_Report.append(nodeRecentObjects);
formatted_Report.append("</tbody></table>");
}
// formatted_Report.append(nodeTrackPoint);
//formatted_Report.append("</tbody></table>");
if(countInstalled > 0){
formatted_Report.append(nodeInstalled);
formatted_Report.append("</tbody></table>");
}
if(countKeyword > 0){
formatted_Report.append(nodeKeyword);
report keywords = new report();
formatted_Report.append(keywords.getGroupedKeywordHit());
// "<table><thead><tr><th>Artifact ID</th><th>Name</th><th>Size</th>
// formatted_Report.append("</tbody></table>");
}
if(countHash > 0){
formatted_Report.append(nodeHash);
formatted_Report.append("</tbody></table>");
}
if(countDevice > 0){
formatted_Report.append(nodeDevice);
formatted_Report.append("</tbody></table>");
}
//end of master loop
formatted_Report.append("</div></div></body></html>");
formatted_header.append(formatted_Report);
// unformatted_header.append(formatted_Report);
htmlPath = currentCase.getCaseDirectory()+"/Reports/" + caseName + "-" + datenotime + ".html";
Writer out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(htmlPath), "UTF-8"));
out.write(formatted_header.toString());
out.flush();
out.close();
}
catch(Exception e)
{
Logger.getLogger(reportHTML.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
}
}

28
Report/src/org/sleuthkit/autopsy/report/reportInterface.java
View File

@ -1,28 +0,0 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.sleuthkit.autopsy.report;
import java.util.ArrayList;
import java.util.HashMap;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
/**
*
* @author Alex
*/
public interface reportInterface{
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getGenInfo();
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getWebHistory();
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getWebCookie();
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getWebBookmark();
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getWebDownload();
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getRecentObject();
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getHashHit();
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getKeywordHit();
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getInstalledProg();
public String getGroupedKeywordHit();
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getDevices();
}

158
Report/src/org/sleuthkit/autopsy/report/reportPanelAction.java
View File

@ -1,158 +0,0 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.sleuthkit.autopsy.report;
import java.awt.Dimension;
import java.awt.Toolkit;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.net.URL;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.logging.Level;
import javax.swing.JDialog;
import javax.swing.JFrame;
import javax.swing.SwingUtilities;
import javax.swing.event.HyperlinkEvent;
import javax.swing.event.HyperlinkListener;
import org.sleuthkit.autopsy.coreutils.Log;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
/**
*
* @author Alex
*/
public class reportPanelAction {
private static final String ACTION_NAME = "Report Preview";
private StringBuilder viewReport = new StringBuilder();
public reportPanelAction(){
}
public void reportGenerate(ArrayList<Integer> reportlist, final reportFilter rr){
try {
//Clear any old reports in the string
viewReport.setLength(0);
// Generate the reports and create the hashmap
final HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> Results = new HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>>();
report bbreport = new report();
//see what reports we need to run and run them
//Set progress bar to move while doing this
SwingUtilities.invokeLater(new Runnable() {
@Override
public void run() {
rr.progBarStartText();
}});
if(reportlist.contains(1)){Results.putAll(bbreport.getGenInfo());}
if(reportlist.contains(2)){Results.putAll(bbreport.getWebBookmark());}
if(reportlist.contains(3)){Results.putAll(bbreport.getWebCookie());}
if(reportlist.contains(4)){Results.putAll(bbreport.getWebHistory());}
if(reportlist.contains(5)){Results.putAll(bbreport.getWebDownload());}
if(reportlist.contains(6)){Results.putAll(bbreport.getRecentObject());}
// if(reportlist.contains(7)){Results.putAll(bbreport.getGenInfo());}
if(reportlist.contains(8)){Results.putAll(bbreport.getInstalledProg());}
if(reportlist.contains(9)){Results.putAll(bbreport.getKeywordHit());}
if(reportlist.contains(10)){Results.putAll(bbreport.getHashHit());}
if(reportlist.contains(11)){Results.putAll(bbreport.getDevices());}
SwingUtilities.invokeLater(new Runnable() {
@Override
public void run() {
rr.progBarCount(2*Results.size());
}});
//Turn our results into the appropriate xml/html reports
//TODO: add a way for users to select what they will run when
Thread xmlthread = new Thread(new Runnable()
{
@Override
public void run()
{
reportXML xmlReport = new reportXML(Results, rr);
}
});
Thread htmlthread = new Thread(new Runnable()
{
@Override
public void run()
{
reportHTML htmlReport = new reportHTML(Results,rr);
BrowserControl.openUrl(reportHTML.htmlPath);
}
});
Thread xlsthread = new Thread(new Runnable()
{
@Override
public void run()
{
reportXLS xlsReport = new reportXLS(Results,rr);
//
}
});
// start our threads
xmlthread.start();
htmlthread.start();
xlsthread.start();
// display the window
// create the popUp window for it
if(reportFilter.cancel == false){
final JFrame frame = new JFrame(ACTION_NAME);
final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal
// initialize panel with loaded settings
htmlthread.join();
//Set the temporary label to let the user know its done and is waiting on the report
rr.progBarText();
final reportPanel panel = new reportPanel(viewReport.toString());
panel.setjButton1ActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
popUpWindow.dispose();
}
});
panel.setjEditorPane1EventListener(new HyperlinkListener(){
@Override
public void hyperlinkUpdate(HyperlinkEvent hev) {
try {
if (hev.getEventType() == HyperlinkEvent.EventType.ACTIVATED)
panel.getLink(hev);
}
catch (Exception e) {
// Exceptions thrown...............
}
}
});
// add the panel to the popup window
popUpWindow.add(panel);
popUpWindow.setResizable(true);
popUpWindow.pack();
// set the location of the popUp Window on the center of the screen
Dimension screenDimension = Toolkit.getDefaultToolkit().getScreenSize();
double w = popUpWindow.getSize().getWidth();
double h = popUpWindow.getSize().getHeight();
popUpWindow.setLocation((int) ((screenDimension.getWidth() - w) / 2), (int) ((screenDimension.getHeight() - h) / 2));
rr.progBarDone();
panel.setFinishedReportText();
popUpWindow.setVisible(true);
xmlthread.join();
xlsthread.join();
}
} catch (Exception ex) {
Log.get(reportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex);
}
}
}

42
Report/src/org/sleuthkit/autopsy/report/reportUtils.java
View File

@ -1,42 +0,0 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.sleuthkit.autopsy.report;
/**
*
* @author Alex
*/
public class reportUtils {
static String changeExtension(String originalName, String newExtension) {
int lastDot = originalName.lastIndexOf(".");
if (lastDot != -1) {
return originalName.substring(0, lastDot) + newExtension;
} else {
return originalName + newExtension;
}
}
public static String insertPeriodically(
String text, String insert, int period)
{
StringBuilder builder = new StringBuilder(
text.length() + insert.length() * (text.length()/period)+1);
int index = 0;
String prefix = "";
while (index < text.length())
{
// Don't put the insert in the very first iteration.
// This is easier than appending it *after* each substring
builder.append(prefix);
prefix = insert;
builder.append(text.substring(index,
Math.min(index + period, text.length())));
index += period;
}
return builder.toString();
}
}

375
Report/src/org/sleuthkit/autopsy/report/reportXLS.java
View File

@ -1,375 +0,0 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.sleuthkit.autopsy.report;
import java.io.FileOutputStream;
import java.io.IOException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Map.Entry;
import java.util.TreeMap;
import org.apache.poi.ss.usermodel.Cell;
import org.apache.poi.ss.usermodel.CellStyle;
import org.apache.poi.ss.usermodel.Font;
import org.apache.poi.ss.usermodel.Row;
import org.apache.poi.ss.usermodel.Sheet;
import org.apache.poi.ss.usermodel.Workbook;
import org.apache.poi.xssf.usermodel.XSSFWorkbook;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskData;
/**
*
* @author Alex
*/
public class reportXLS {
public static Workbook wb = new XSSFWorkbook();
public reportXLS(HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> report, reportFilter rr){
//Empty the workbook first
Workbook wbtemp = new XSSFWorkbook();
int countGen = 0;
int countBookmark = 0;
int countCookie = 0;
int countHistory = 0;
int countDownload = 0;
int countRecentObjects = 0;
int countTrackPoint = 0;
int countInstalled = 0;
int countKeyword = 0;
int countHash = 0;
int countDevice = 0;
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(entry.getKey().getArtifactTypeID() == 1){
countGen++;
}
if(entry.getKey().getArtifactTypeID() == 2){
countBookmark++;
}
if(entry.getKey().getArtifactTypeID() == 3){
countCookie++;
}
if(entry.getKey().getArtifactTypeID() == 4){
countHistory++;
}
if(entry.getKey().getArtifactTypeID() == 5){
countDownload++;
}
if(entry.getKey().getArtifactTypeID() == 6){
countRecentObjects++;
}
if(entry.getKey().getArtifactTypeID() == 7){
countTrackPoint++;
}
if(entry.getKey().getArtifactTypeID() == 8){
countInstalled++;
}
if(entry.getKey().getArtifactTypeID() == 9){
countKeyword++;
}
if(entry.getKey().getArtifactTypeID() == 10){
countHash++;
}
if(entry.getKey().getArtifactTypeID() == 11){
countDevice++;
}
}
try{
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
String caseName = currentCase.getName();
Integer imagecount = currentCase.getImageIDs().length;
Integer filesystemcount = currentCase.getRootObjectsCount();
Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG);
Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR);
DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss");
Date date = new Date();
String datetime = datetimeFormat.format(date);
String datenotime = dateFormat.format(date);
//The first summary report page
Sheet sheetSummary = wbtemp.createSheet("Summary");
//Generate a sheet per artifact type
// Sheet sheetGen = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getDisplayName());
Sheet sheetHash = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getDisplayName());
Sheet sheetDevice = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getDisplayName());
Sheet sheetInstalled = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getDisplayName());
Sheet sheetKeyword = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getDisplayName());
// Sheet sheetTrackpoint = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getDisplayName());
Sheet sheetRecent = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getDisplayName());
Sheet sheetCookie = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getDisplayName());
Sheet sheetBookmark = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getDisplayName());
Sheet sheetDownload = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getDisplayName());
Sheet sheetHistory = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getDisplayName());
//Bold/underline cell style for the top header rows
CellStyle style = wbtemp.createCellStyle();
style.setBorderBottom((short) 2);
Font font = wbtemp.createFont();
font.setFontHeightInPoints((short)16);
font.setFontName("Courier New");
font.setBoldweight((short)2);
style.setFont(font);
//create the rows in the worksheet for our records
//Create first row and header
// sheetGen.createRow(0);
// sheetGen.getRow(0).createCell(0).setCellValue("Name");
// sheetGen.getRow(0).createCell(1).setCellValue("Value");
// sheetGen.getRow(0).createCell(2).setCellValue("Date/Time");
sheetSummary.createRow(0).setRowStyle(style);
sheetSummary.getRow(0).createCell(0).setCellValue("Summary Information");
sheetSummary.getRow(0).createCell(1).setCellValue(caseName);
//add some basic information
sheetSummary.createRow(1);
sheetSummary.getRow(1).createCell(0).setCellValue("# of Images");
sheetSummary.getRow(1).createCell(1).setCellValue(imagecount);
sheetSummary.createRow(2);
sheetSummary.getRow(2).createCell(0).setCellValue("Filesystems found");
sheetSummary.getRow(2).createCell(1).setCellValue(imagecount);
sheetSummary.createRow(3);
sheetSummary.getRow(3).createCell(0).setCellValue("# of Files");
sheetSummary.getRow(3).createCell(1).setCellValue(totalfiles);
sheetSummary.createRow(4);
sheetSummary.getRow(4).createCell(0).setCellValue("# of Directories");
sheetSummary.getRow(4).createCell(1).setCellValue(totaldirs);
sheetSummary.createRow(5);
sheetSummary.getRow(5).createCell(0).setCellValue("Date/Time");
sheetSummary.getRow(5).createCell(1).setCellValue(datetime);
sheetHash.createRow(0).setRowStyle(style);
sheetHash.getRow(0).createCell(0).setCellValue("Name");
sheetHash.getRow(0).createCell(1).setCellValue("Size");
sheetHash.getRow(0).createCell(2).setCellValue("Hashset Name");
sheetDevice.createRow(0).setRowStyle(style);
sheetDevice.getRow(0).createCell(0).setCellValue("Name");
sheetDevice.getRow(0).createCell(1).setCellValue("Serial #");
sheetDevice.getRow(0).createCell(2).setCellValue("Time");
sheetInstalled.createRow(0).setRowStyle(style);
sheetInstalled.getRow(0).createCell(0).setCellValue("Program Name");
sheetInstalled.getRow(0).createCell(1).setCellValue("Install Date/Time");
sheetKeyword.createRow(0).setRowStyle(style);
sheetKeyword.getRow(0).createCell(0).setCellValue("Keyword");
sheetKeyword.getRow(0).createCell(1).setCellValue("File Name");
sheetKeyword.getRow(0).createCell(2).setCellValue("Preview");
sheetKeyword.getRow(0).createCell(3).setCellValue("Keyword LIst");
sheetRecent.createRow(0).setRowStyle(style);
sheetRecent.getRow(0).createCell(0).setCellValue("Name");
sheetRecent.getRow(0).createCell(1).setCellValue("Path");
sheetRecent.getRow(0).createCell(2).setCellValue("Related Shortcut");
sheetCookie.createRow(0).setRowStyle(style);
sheetCookie.getRow(0).createCell(0).setCellValue("URL");
sheetCookie.getRow(0).createCell(1).setCellValue("Date");
sheetCookie.getRow(0).createCell(2).setCellValue("Name");
sheetCookie.getRow(0).createCell(3).setCellValue("Value");
sheetCookie.getRow(0).createCell(4).setCellValue("Program");
sheetBookmark.createRow(0).setRowStyle(style);
sheetBookmark.getRow(0).createCell(0).setCellValue("URL");
sheetBookmark.getRow(0).createCell(1).setCellValue("Title");
sheetBookmark.getRow(0).createCell(2).setCellValue("Program");
sheetDownload.createRow(0).setRowStyle(style);
sheetDownload.getRow(0).createCell(0).setCellValue("File");
sheetDownload.getRow(0).createCell(1).setCellValue("Source");
sheetDownload.getRow(0).createCell(2).setCellValue("Time");
sheetDownload.getRow(0).createCell(3).setCellValue("Program");
sheetHistory.createRow(0).setRowStyle(style);
sheetHistory.getRow(0).createCell(0).setCellValue("URL");
sheetHistory.getRow(0).createCell(1).setCellValue("Date");
sheetHistory.getRow(0).createCell(2).setCellValue("Referrer");
sheetHistory.getRow(0).createCell(3).setCellValue("Title");
sheetHistory.getRow(0).createCell(4).setCellValue("Program");
for(int i = 0;i < wbtemp.getNumberOfSheets();i++){
Sheet tempsheet = wbtemp.getSheetAt(i);
tempsheet.setAutobreaks(true);
for (Row temprow : tempsheet){
for (Cell cell : temprow) {
cell.setCellStyle(style);
tempsheet.autoSizeColumn(cell.getColumnIndex());
}
}
}
int countedGen = 0;
int countedBookmark = 0;
int countedCookie = 0;
int countedHistory = 0;
int countedDownload = 0;
int countedRecentObjects = 0;
int countedTrackPoint = 0;
int countedInstalled = 0;
int countedKeyword = 0;
int countedHash = 0;
int countedDevice = 0;
//start populating the sheets in the workbook
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(reportFilter.cancel == true){
break;
}
int cc = 0;
Long objId = entry.getKey().getObjectID();
FsContent file = skCase.getFsContentById(objId);
Long filesize = file.getSize();
TreeMap<Integer, String> attributes = new TreeMap<Integer,String>();
// Get all the attributes, line them up to be added. Place empty string placeholders for each attribute type
int n;
for(n=1;n<=36;n++)
{
attributes.put(n, "");
}
for (BlackboardAttribute tempatt : entry.getValue())
{
if(reportFilter.cancel == true){
break;
}
String value = "";
int type = tempatt.getAttributeTypeID();
if(tempatt.getValueString() == null || "null".equals(tempatt.getValueString())){
}
else if(type == 2){
value = new java.text.SimpleDateFormat("MM/dd/yyyy HH:mm:ss").format(new java.util.Date ((tempatt.getValueLong())*1000));
}
else
{
value = tempatt.getValueString();
}
attributes.put(type, value);
cc++;
}
if(entry.getKey().getArtifactTypeID() == 1){
countedGen++;
// Row temp = sheetGen.getRow(countedGen);
}
if(entry.getKey().getArtifactTypeID() == 2){
countedBookmark++;
Row temp = sheetBookmark.createRow(countedBookmark);
temp.createCell(0).setCellValue(attributes.get(1));
temp.createCell(1).setCellValue(attributes.get(3));
temp.createCell(2).setCellValue(attributes.get(4));
}
if(entry.getKey().getArtifactTypeID() == 3){
countedCookie++;
Row temp = sheetCookie.createRow(countedCookie);
temp.createCell(0).setCellValue(attributes.get(1));
temp.createCell(1).setCellValue(attributes.get(2));
temp.createCell(2).setCellValue(attributes.get(3));
temp.createCell(3).setCellValue(attributes.get(6));
temp.createCell(4).setCellValue(attributes.get(4));
}
if(entry.getKey().getArtifactTypeID() == 4){
countedHistory++;
Row temp = sheetHistory.createRow(countedHistory);
temp.createCell(0).setCellValue(attributes.get(1));
temp.createCell(1).setCellValue(attributes.get(33));
temp.createCell(2).setCellValue(attributes.get(32));
temp.createCell(3).setCellValue(attributes.get(3));
temp.createCell(4).setCellValue(attributes.get(4));
}
if(entry.getKey().getArtifactTypeID() == 5){
countedDownload++;
Row temp = sheetDownload.createRow(countedDownload);
temp.createCell(0).setCellValue(attributes.get(8));
temp.createCell(1).setCellValue(attributes.get(1));
temp.createCell(2).setCellValue(attributes.get(33));
temp.createCell(3).setCellValue(attributes.get(4));
}
if(entry.getKey().getArtifactTypeID() == 6){
countedRecentObjects++;
Row temp = sheetRecent.createRow(countedRecentObjects);
temp.createCell(0).setCellValue(attributes.get(3));
temp.createCell(1).setCellValue(attributes.get(8));
temp.createCell(2).setCellValue(file.getName());
temp.createCell(3).setCellValue(attributes.get(4));
}
if(entry.getKey().getArtifactTypeID() == 7){
// sheetTrackpoint.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 8){
countedInstalled++;
Row temp = sheetInstalled.createRow(countedInstalled);
temp.createCell(0).setCellValue(attributes.get(4));
temp.createCell(1).setCellValue(attributes.get(2));
}
if(entry.getKey().getArtifactTypeID() == 9){
countedKeyword++;
Row temp = sheetKeyword.createRow(countedKeyword);
temp.createCell(0).setCellValue(attributes.get(10));
temp.createCell(1).setCellValue(attributes.get(3));
temp.createCell(2).setCellValue(attributes.get(12));
temp.createCell(3).setCellValue(attributes.get(13));
}
if(entry.getKey().getArtifactTypeID() == 10){
countedHash++;
Row temp = sheetHash.createRow(countedHash);
temp.createCell(0).setCellValue(file.getName().toString());
temp.createCell(1).setCellValue(filesize.toString());
temp.createCell(2).setCellValue(attributes.get(30));
}
if(entry.getKey().getArtifactTypeID() == 11){
countedDevice++;
Row temp = sheetDevice.createRow(countedDevice);
temp.createCell(0).setCellValue(attributes.get(18));
temp.createCell(1).setCellValue(attributes.get(20));
temp.createCell(2).setCellValue(attributes.get(2));
}
cc++;
rr.progBarSet(cc);
}
//write out the report to the reports folder
try {
FileOutputStream fos = new FileOutputStream(currentCase.getCaseDirectory()+"/Reports/" + caseName + "-" + datenotime + ".xlsx");
wbtemp.write(fos);
fos.close();
wb = wbtemp;
}
catch (IOException e) {
System.err.println(e);
}
}
catch(Exception E)
{
String test = E.toString();
}
}
}

207
Report/src/org/sleuthkit/autopsy/report/reportXML.java
View File

@ -1,207 +0,0 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.sleuthkit.autopsy.report;
import java.io.FileOutputStream;
import java.io.IOException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Map.Entry;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringEscapeUtils;
import org.jdom.Comment;
import org.jdom.Document;
import org.jdom.Document.*;
import org.jdom.Element;
import org.jdom.output.XMLOutputter;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.ContentVisitor;
import org.sleuthkit.datamodel.Directory;
import org.sleuthkit.datamodel.File;
import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskData;
public class reportXML {
public static Document xmldoc = new Document();
public reportXML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> report, reportFilter rr){
try{
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
String caseName = currentCase.getName();
Integer imagecount = currentCase.getImageIDs().length;
Integer filesystemcount = currentCase.getRootObjectsCount();
Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG);
Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR);
Element root = new Element("Case");
xmldoc = new Document(root);
DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss");
Date date = new Date();
String datetime = datetimeFormat.format(date);
String datenotime = dateFormat.format(date);
Comment comment = new Comment("XML Report Generated by Autopsy 3 on " + datetime);
root.addContent(comment);
//Create summary node involving how many of each type
Element summary = new Element("Summary");
if(IngestManager.getDefault().isIngestRunning())
{
summary.addContent(new Element("Warning").setText("Report was run before ingest services completed!"));
}
summary.addContent(new Element("Name").setText(caseName));
summary.addContent(new Element("Total-Images").setText(imagecount.toString()));
summary.addContent(new Element("Total-FileSystems").setText(filesystemcount.toString()));
summary.addContent(new Element("Total-Files").setText(totalfiles.toString()));
summary.addContent(new Element("Total-Directories").setText(totaldirs.toString()));
root.addContent(summary);
//generate the nodes for each of the types so we can use them later
Element nodeGen = new Element("General-Information");
Element nodeWebBookmark = new Element("Web-Bookmarks");
Element nodeWebCookie = new Element("Web-Cookies");
Element nodeWebHistory = new Element("Web-History");
Element nodeWebDownload = new Element("Web-Downloads");
Element nodeRecentObjects = new Element("Recent-Documents");
Element nodeTrackPoint = new Element("Track-Points");
Element nodeInstalled = new Element("Installed-Programfiles");
Element nodeKeyword = new Element("Keyword-Search-Hits");
Element nodeHash = new Element("Hashset-Hits");
Element nodeDevice = new Element("Attached-Devices");
//remove bytes
Pattern INVALID_XML_CHARS = Pattern.compile("[^\\u0009\\u000A\\u000D\\u0020-\\uD7FF\\uE000-\\uFFFD\uD800\uDC00-\uDBFF\uDFFF]");
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(reportFilter.cancel == true){
break;
}
int cc = 0;
Element artifact = new Element("Artifact");
Long objId = entry.getKey().getObjectID();
Content cont = skCase.getContentById(objId);
Long filesize = cont.getSize();
artifact.setAttribute("ID", objId.toString());
artifact.setAttribute("Name", cont.accept(new NameVisitor()));
artifact.setAttribute("Size", filesize.toString());
// Get all the attributes for this guy
for (BlackboardAttribute tempatt : entry.getValue())
{
if(reportFilter.cancel == true){
break;
}
Element attribute = new Element("Attribute").setAttribute("Type",tempatt.getAttributeTypeDisplayName());
String tempvalue = tempatt.getValueString();
//INVALID_XML_CHARS.matcher(tempvalue).replaceAll("");
Element value = new Element("Value").setText(tempvalue);
attribute.addContent(value);
Element context = new Element("Context").setText(StringEscapeUtils.escapeXml(tempatt.getContext()));
attribute.addContent(context);
artifact.addContent(attribute);
cc++;
}
if(entry.getKey().getArtifactTypeID() == 1){
//while (entry.getValue().iterator().hasNext())
// {
// }
nodeGen.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 2){
nodeWebBookmark.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 3){
nodeWebCookie.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 4){
nodeWebHistory.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 5){
nodeWebDownload.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 6){
nodeRecentObjects.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 7){
nodeTrackPoint.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 8){
nodeInstalled.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 9){
nodeKeyword.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 10){
nodeHash.addContent(artifact);
}
if(entry.getKey().getArtifactTypeID() == 11){
nodeDevice.addContent(artifact);
}
cc++;
rr.progBarSet(cc);
//end of master loop
}
//add them in the order we want them to the document
root.addContent(nodeGen);
root.addContent(nodeWebBookmark);
root.addContent(nodeWebCookie);
root.addContent(nodeWebHistory);
root.addContent(nodeWebDownload);
root.addContent(nodeRecentObjects);
root.addContent(nodeTrackPoint);
root.addContent(nodeInstalled);
root.addContent(nodeKeyword);
root.addContent(nodeHash);
root.addContent(nodeDevice);
try {
FileOutputStream out = new FileOutputStream(currentCase.getCaseDirectory()+"/Reports/" + caseName + "-" + datenotime + ".xml");
XMLOutputter serializer = new XMLOutputter();
serializer.output(xmldoc, out);
out.flush();
out.close();
}
catch (IOException e) {
System.err.println(e);
}
}
catch (Exception e){
Logger.getLogger(reportXML.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
}
private class NameVisitor extends ContentVisitor.Default<String> {
@Override
protected String defaultVisit(Content cntnt) {
throw new UnsupportedOperationException("Not supported for " + cntnt.toString());
}
@Override
public String visit(Directory dir) {
return dir.getName();
}
@Override
public String visit(Image img) {
return img.getName();
}
@Override
public String visit(File fil) {
return fil.getName();
}
}
}

4
branding/core/core.jar/org/netbeans/core/startup/Bundle.properties
View File

@ -1,4 +1,6 @@
currentVersion=Autopsy {0} #Updated by build script
#Thu, 10 May 2012 15:47:15 -0700
currentVersion=Autopsy 20120510
LBL_splash_window_title=Starting Autopsy LBL_splash_window_title=Starting Autopsy
SPLASH_HEIGHT=288 SPLASH_HEIGHT=288
SPLASH_WIDTH=538 SPLASH_WIDTH=538

6
branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties
View File

@ -1,2 +1,4 @@
CTL_MainWindow_Title=Autopsy {0} #Updated by build script
CTL_MainWindow_Title_No_Project=Autopsy {0} #Thu, 10 May 2012 15:47:15 -0700
CTL_MainWindow_Title=Autopsy 20120510
CTL_MainWindow_Title_No_Project=Autopsy 20120510