Merge branch 'develop' of github.com:sleuthkit/autopsy into ds_summary_report_7893

This commit is contained in:
Eugene Livis 2021-08-13 13:37:20 -04:00
commit 31f5f1fc7f
10 changed files with 236 additions and 153 deletions

View File

@ -32,9 +32,9 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository;
* Action for accessing the Search Other Cases dialog. * Action for accessing the Search Other Cases dialog.
*/ */
@ActionID(category = "Tools", id = "org.sleuthkit.autopsy.allcasessearch.AllCasesSearchAction") @ActionID(category = "Tools", id = "org.sleuthkit.autopsy.allcasessearch.AllCasesSearchAction")
@ActionRegistration(displayName = "#CTL_OtherCasesSearchAction=Search All Cases", lazy = false) @ActionRegistration(displayName = "#CTL_OtherCasesSearchAction=Search Central Repository", lazy = false)
@ActionReference(path = "Menu/Tools", position = 201) @ActionReference(path = "Menu/Tools", position = 201)
@NbBundle.Messages({"CTL_AllCasesSearchAction=Search All Cases"}) @NbBundle.Messages({"CTL_AllCasesSearchAction=Search Central Repository"})
public class AllCasesSearchAction extends CallableSystemAction { public class AllCasesSearchAction extends CallableSystemAction {
@Override @Override
@ -54,7 +54,7 @@ public class AllCasesSearchAction extends CallableSystemAction {
} }
@NbBundle.Messages({ @NbBundle.Messages({
"AllCasesSearchAction.getName.text=Search All Cases"}) "AllCasesSearchAction.getName.text=Search Central Repository"})
@Override @Override
public String getName() { public String getName() {
return Bundle.AllCasesSearchAction_getName_text(); return Bundle.AllCasesSearchAction_getName_text();

View File

@ -24,27 +24,39 @@
<Layout> <Layout>
<DimensionLayout dim="0"> <DimensionLayout dim="0">
<Group type="103" groupAlignment="0" attributes="0"> <Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0"> <Group type="102" attributes="0">
<EmptySpace max="-2" attributes="0"/> <EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0"> <Group type="103" groupAlignment="0" attributes="0">
<Component id="descriptionLabel" pref="430" max="32767" attributes="0"/> <Component id="descriptionLabel" max="32767" attributes="0"/>
<Group type="102" alignment="0" attributes="0">
<Component id="casesLabel" max="32767" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Component id="searchButton" min="-2" max="-2" attributes="0"/>
</Group>
<Group type="102" alignment="0" attributes="0"> <Group type="102" alignment="0" attributes="0">
<Group type="103" groupAlignment="0" attributes="0"> <Group type="103" groupAlignment="0" attributes="0">
<Component id="correlationValueLabel" alignment="0" min="-2" max="-2" attributes="0"/> <Component id="correlationValueLabel" alignment="0" min="-2" max="-2" attributes="0"/>
<Component id="correlationTypeLabel" alignment="0" min="-2" max="-2" attributes="0"/> <Component id="correlationTypeLabel" alignment="0" min="-2" max="-2" attributes="0"/>
</Group> </Group>
<EmptySpace type="unrelated" max="-2" attributes="0"/> <EmptySpace type="unrelated" max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" attributes="0">
<Component id="normalizedLabel" min="-2" max="-2" attributes="0"/>
<EmptySpace min="0" pref="0" max="32767" attributes="0"/>
</Group>
<Group type="102" attributes="0">
<Group type="103" groupAlignment="0" attributes="0"> <Group type="103" groupAlignment="0" attributes="0">
<Component id="correlationTypeComboBox" max="32767" attributes="0"/> <Component id="correlationTypeComboBox" max="32767" attributes="0"/>
<Component id="correlationValueTextField" max="32767" attributes="0"/> <Group type="102" attributes="0">
<Component id="correlationValueScrollPane" min="-2" pref="379" max="-2" attributes="0"/>
<EmptySpace min="0" pref="0" max="32767" attributes="0"/>
</Group>
</Group>
<EmptySpace min="-2" pref="142" max="-2" attributes="0"/>
</Group>
<Component id="errorLabel" alignment="0" max="32767" attributes="0"/> <Component id="errorLabel" alignment="0" max="32767" attributes="0"/>
</Group> </Group>
</Group> </Group>
<Group type="102" alignment="1" attributes="0">
<Component id="casesLabel" max="32767" attributes="0"/>
<EmptySpace type="separate" max="-2" attributes="0"/>
<Component id="searchButton" min="-2" max="-2" attributes="0"/>
</Group>
</Group> </Group>
<EmptySpace max="-2" attributes="0"/> <EmptySpace max="-2" attributes="0"/>
</Group> </Group>
@ -60,17 +72,19 @@
<Component id="correlationTypeComboBox" alignment="3" min="-2" max="-2" attributes="0"/> <Component id="correlationTypeComboBox" alignment="3" min="-2" max="-2" attributes="0"/>
<Component id="correlationTypeLabel" alignment="3" min="-2" max="-2" attributes="0"/> <Component id="correlationTypeLabel" alignment="3" min="-2" max="-2" attributes="0"/>
</Group> </Group>
<EmptySpace min="-2" pref="15" max="-2" attributes="0"/> <EmptySpace min="-2" pref="18" max="-2" attributes="0"/>
<Group type="103" groupAlignment="3" attributes="0"> <Group type="103" groupAlignment="0" attributes="0">
<Component id="correlationValueTextField" alignment="3" min="-2" max="-2" attributes="0"/> <Component id="correlationValueLabel" min="-2" max="-2" attributes="0"/>
<Component id="correlationValueLabel" alignment="3" min="-2" max="-2" attributes="0"/> <Component id="correlationValueScrollPane" min="-2" pref="190" max="-2" attributes="0"/>
</Group> </Group>
<EmptySpace max="-2" attributes="0"/> <EmptySpace max="-2" attributes="0"/>
<Component id="normalizedLabel" min="-2" max="-2" attributes="0"/>
<EmptySpace pref="19" max="32767" attributes="0"/>
<Component id="errorLabel" min="-2" max="-2" attributes="0"/> <Component id="errorLabel" min="-2" max="-2" attributes="0"/>
<EmptySpace pref="20" max="32767" attributes="0"/> <EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="3" attributes="0"> <Group type="103" groupAlignment="0" attributes="0">
<Component id="searchButton" alignment="3" min="-2" max="-2" attributes="0"/> <Component id="casesLabel" alignment="1" min="-2" max="-2" attributes="0"/>
<Component id="casesLabel" alignment="3" min="-2" max="-2" attributes="0"/> <Component id="searchButton" alignment="1" min="-2" max="-2" attributes="0"/>
</Group> </Group>
<EmptySpace max="-2" attributes="0"/> <EmptySpace max="-2" attributes="0"/>
</Group> </Group>
@ -85,16 +99,6 @@
</Property> </Property>
</Properties> </Properties>
</Component> </Component>
<Component class="javax.swing.JTextField" name="correlationValueTextField">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/allcasessearch/Bundle.properties" key="AllCasesSearchDialog.correlationValueTextField.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
<Events>
<EventHandler event="keyReleased" listener="java.awt.event.KeyListener" parameters="java.awt.event.KeyEvent" handler="valueFieldKeyReleaseListener"/>
</Events>
</Component>
<Component class="javax.swing.JButton" name="searchButton"> <Component class="javax.swing.JButton" name="searchButton">
<Properties> <Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor"> <Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
@ -158,5 +162,30 @@
</Property> </Property>
</Properties> </Properties>
</Component> </Component>
<Container class="javax.swing.JScrollPane" name="correlationValueScrollPane">
<AuxValues>
<AuxValue name="autoScrollPane" type="java.lang.Boolean" value="true"/>
</AuxValues>
<Layout class="org.netbeans.modules.form.compat2.layouts.support.JScrollPaneSupportLayout"/>
<SubComponents>
<Component class="javax.swing.JTextArea" name="correlationValueTextArea">
<Properties>
<Property name="columns" type="int" value="20"/>
<Property name="rows" type="int" value="5"/>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/allcasessearch/Bundle.properties" key="AllCasesSearchDialog.correlationValueTextArea.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
</Component>
</SubComponents>
</Container>
<Component class="javax.swing.JLabel" name="normalizedLabel">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/allcasessearch/Bundle.properties" key="AllCasesSearchDialog.normalizedLabel.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
</Component>
</SubComponents> </SubComponents>
</Form> </Form>

View File

@ -21,8 +21,10 @@ package org.sleuthkit.autopsy.allcasessearch;
import java.awt.Color; import java.awt.Color;
import java.awt.event.ItemEvent; import java.awt.event.ItemEvent;
import java.awt.event.ItemListener; import java.awt.event.ItemListener;
import java.text.Collator;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;
import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.concurrent.ExecutionException; import java.util.concurrent.ExecutionException;
import java.util.logging.Level; import java.util.logging.Level;
@ -30,6 +32,7 @@ import javax.swing.JFrame;
import javax.swing.SwingWorker; import javax.swing.SwingWorker;
import javax.swing.event.DocumentEvent; import javax.swing.event.DocumentEvent;
import javax.swing.event.DocumentListener; import javax.swing.event.DocumentListener;
import org.apache.commons.lang3.StringUtils;
import org.openide.nodes.Node; import org.openide.nodes.Node;
import org.openide.util.NbBundle.Messages; import org.openide.util.NbBundle.Messages;
import org.openide.windows.TopComponent; import org.openide.windows.TopComponent;
@ -48,9 +51,9 @@ import org.sleuthkit.autopsy.datamodel.EmptyNode;
import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository; import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository;
@Messages({ @Messages({
"AllCasesSearchDialog.dialogTitle.text=Search All Cases", "AllCasesSearchDialog.dialogTitle.text=Search Central Repository",
"AllCasesSearchDialog.resultsTitle.text=All Cases", "AllCasesSearchDialog.resultsTitle.text=All Cases",
"AllCasesSearchDialog.resultsDescription.text=All Cases Search", "AllCasesSearchDialog.resultsDescription.text=Search Central Repository",
"AllCasesSearchDialog.emptyNode.text=No results found.", "AllCasesSearchDialog.emptyNode.text=No results found.",
"AllCasesSearchDialog.validation.invalidHash=The supplied value is not a valid MD5 hash.", "AllCasesSearchDialog.validation.invalidHash=The supplied value is not a valid MD5 hash.",
"AllCasesSearchDialog.validation.invalidEmail=The supplied value is not a valid e-mail address.", "AllCasesSearchDialog.validation.invalidEmail=The supplied value is not a valid e-mail address.",
@ -63,14 +66,14 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository;
"AllCasesSearchDialog.validation.invalidIccid=The supplied value is not a valid ICCID number.", "AllCasesSearchDialog.validation.invalidIccid=The supplied value is not a valid ICCID number.",
"AllCasesSearchDialog.validation.genericMessage=The supplied value is not valid.", "AllCasesSearchDialog.validation.genericMessage=The supplied value is not valid.",
"# {0} - number of cases", "# {0} - number of cases",
"AllCasesSearchDialog.caseLabel.text=The current Central Repository contains {0} case(s)." "AllCasesSearchDialog.caseLabel.text=The Central Repository contains {0} case(s)."
}) })
/** /**
* The Search All Cases dialog allows users to search for specific types of * The Search All Cases dialog allows users to search for specific types of
* correlation properties in the Central Repository. * correlation properties in the Central Repository.
*/ */
@SuppressWarnings("PMD.SingularField") // UI widgets cause lots of false positives @SuppressWarnings("PMD.SingularField") // UI widgets cause lots of false positives
final class AllCasesSearchDialog extends javax.swing.JDialog { final class AllCasesSearchDialog extends javax.swing.JDialog {
private static final Logger logger = Logger.getLogger(AllCasesSearchDialog.class.getName()); private static final Logger logger = Logger.getLogger(AllCasesSearchDialog.class.getName());
private static final long serialVersionUID = 1L; private static final long serialVersionUID = 1L;
@ -95,20 +98,22 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
* @param type The correlation type. * @param type The correlation type.
* @param value The value to be matched. * @param value The value to be matched.
*/ */
private void search(CorrelationAttributeInstance.Type type, String value) { private void search(CorrelationAttributeInstance.Type type, String[] values) {
new SwingWorker<List<CorrelationAttributeInstance>, Void>() { new SwingWorker<List<CorrelationAttributeInstance>, Void>() {
@Override @Override
protected List<CorrelationAttributeInstance> doInBackground() { protected List<CorrelationAttributeInstance> doInBackground() {
List<CorrelationAttributeInstance> correlationInstances = new ArrayList<>(); List<CorrelationAttributeInstance> correlationInstances = new ArrayList<>();
for (String value : values) {
try { try {
correlationInstances = CentralRepository.getInstance().getArtifactInstancesByTypeValue(type, value); correlationInstances.addAll(CentralRepository.getInstance().getArtifactInstancesByTypeValue(type, value));
} catch (CentralRepoException ex) { } catch (CentralRepoException ex) {
logger.log(Level.SEVERE, "Unable to connect to the Central Repository database.", ex); logger.log(Level.SEVERE, "Unable to connect to the Central Repository database.", ex);
} catch (CorrelationAttributeNormalizationException ex) { } catch (CorrelationAttributeNormalizationException ex) {
logger.log(Level.SEVERE, "Unable to retrieve data from the Central Repository.", ex); logger.log(Level.SEVERE, "Unable to retrieve data from the Central Repository.", ex);
} }
}
return correlationInstances; return correlationInstances;
} }
@ -125,8 +130,8 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
AllCasesSearchNode searchNode = new AllCasesSearchNode(correlationInstances); AllCasesSearchNode searchNode = new AllCasesSearchNode(correlationInstances);
TableFilterNode tableFilterNode = new TableFilterNode(searchNode, true, searchNode.getName()); TableFilterNode tableFilterNode = new TableFilterNode(searchNode, true, searchNode.getName());
String resultsText = String.format("%s (%s; \"%s\")", String resultsText = String.format("%s (%s)",
Bundle.AllCasesSearchDialog_resultsTitle_text(), type.getDisplayName(), value); Bundle.AllCasesSearchDialog_resultsTitle_text(), type.getDisplayName());
final TopComponent searchResultWin; final TopComponent searchResultWin;
if (correlationInstances.isEmpty()) { if (correlationInstances.isEmpty()) {
Node emptyNode = new TableFilterNode( Node emptyNode = new TableFilterNode(
@ -155,26 +160,21 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
private void initComponents() { private void initComponents() {
correlationValueLabel = new javax.swing.JLabel(); correlationValueLabel = new javax.swing.JLabel();
correlationValueTextField = new javax.swing.JTextField();
searchButton = new javax.swing.JButton(); searchButton = new javax.swing.JButton();
correlationTypeComboBox = new javax.swing.JComboBox<>(); correlationTypeComboBox = new javax.swing.JComboBox<>();
correlationTypeLabel = new javax.swing.JLabel(); correlationTypeLabel = new javax.swing.JLabel();
errorLabel = new javax.swing.JLabel(); errorLabel = new javax.swing.JLabel();
descriptionLabel = new javax.swing.JLabel(); descriptionLabel = new javax.swing.JLabel();
casesLabel = new javax.swing.JLabel(); casesLabel = new javax.swing.JLabel();
correlationValueScrollPane = new javax.swing.JScrollPane();
correlationValueTextArea = new javax.swing.JTextArea();
normalizedLabel = new javax.swing.JLabel();
setDefaultCloseOperation(javax.swing.WindowConstants.DISPOSE_ON_CLOSE); setDefaultCloseOperation(javax.swing.WindowConstants.DISPOSE_ON_CLOSE);
setResizable(false); setResizable(false);
org.openide.awt.Mnemonics.setLocalizedText(correlationValueLabel, org.openide.util.NbBundle.getMessage(AllCasesSearchDialog.class, "AllCasesSearchDialog.correlationValueLabel.text")); // NOI18N org.openide.awt.Mnemonics.setLocalizedText(correlationValueLabel, org.openide.util.NbBundle.getMessage(AllCasesSearchDialog.class, "AllCasesSearchDialog.correlationValueLabel.text")); // NOI18N
correlationValueTextField.setText(org.openide.util.NbBundle.getMessage(AllCasesSearchDialog.class, "AllCasesSearchDialog.correlationValueTextField.text")); // NOI18N
correlationValueTextField.addKeyListener(new java.awt.event.KeyAdapter() {
public void keyReleased(java.awt.event.KeyEvent evt) {
valueFieldKeyReleaseListener(evt);
}
});
org.openide.awt.Mnemonics.setLocalizedText(searchButton, org.openide.util.NbBundle.getMessage(AllCasesSearchDialog.class, "AllCasesSearchDialog.searchButton.text")); // NOI18N org.openide.awt.Mnemonics.setLocalizedText(searchButton, org.openide.util.NbBundle.getMessage(AllCasesSearchDialog.class, "AllCasesSearchDialog.searchButton.text")); // NOI18N
searchButton.addActionListener(new java.awt.event.ActionListener() { searchButton.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) { public void actionPerformed(java.awt.event.ActionEvent evt) {
@ -198,6 +198,13 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
casesLabel.setHorizontalAlignment(javax.swing.SwingConstants.LEFT); casesLabel.setHorizontalAlignment(javax.swing.SwingConstants.LEFT);
org.openide.awt.Mnemonics.setLocalizedText(casesLabel, org.openide.util.NbBundle.getMessage(AllCasesSearchDialog.class, "AllCasesSearchDialog.casesLabel.text")); // NOI18N org.openide.awt.Mnemonics.setLocalizedText(casesLabel, org.openide.util.NbBundle.getMessage(AllCasesSearchDialog.class, "AllCasesSearchDialog.casesLabel.text")); // NOI18N
correlationValueTextArea.setColumns(20);
correlationValueTextArea.setRows(5);
correlationValueTextArea.setText(org.openide.util.NbBundle.getMessage(AllCasesSearchDialog.class, "AllCasesSearchDialog.correlationValueTextArea.text")); // NOI18N
correlationValueScrollPane.setViewportView(correlationValueTextArea);
org.openide.awt.Mnemonics.setLocalizedText(normalizedLabel, org.openide.util.NbBundle.getMessage(AllCasesSearchDialog.class, "AllCasesSearchDialog.normalizedLabel.text")); // NOI18N
javax.swing.GroupLayout layout = new javax.swing.GroupLayout(getContentPane()); javax.swing.GroupLayout layout = new javax.swing.GroupLayout(getContentPane());
getContentPane().setLayout(layout); getContentPane().setLayout(layout);
layout.setHorizontalGroup( layout.setHorizontalGroup(
@ -205,20 +212,28 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
.addGroup(layout.createSequentialGroup() .addGroup(layout.createSequentialGroup()
.addContainerGap() .addContainerGap()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(descriptionLabel, javax.swing.GroupLayout.DEFAULT_SIZE, 430, Short.MAX_VALUE) .addComponent(descriptionLabel)
.addGroup(layout.createSequentialGroup()
.addComponent(casesLabel, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(searchButton))
.addGroup(layout.createSequentialGroup() .addGroup(layout.createSequentialGroup()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(correlationValueLabel) .addComponent(correlationValueLabel)
.addComponent(correlationTypeLabel)) .addComponent(correlationTypeLabel))
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addComponent(normalizedLabel)
.addGap(0, 0, Short.MAX_VALUE))
.addGroup(layout.createSequentialGroup()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(correlationTypeComboBox, 0, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) .addComponent(correlationTypeComboBox, 0, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addComponent(correlationValueTextField) .addGroup(layout.createSequentialGroup()
.addComponent(errorLabel, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))) .addComponent(correlationValueScrollPane, javax.swing.GroupLayout.PREFERRED_SIZE, 379, javax.swing.GroupLayout.PREFERRED_SIZE)
.addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup() .addGap(0, 0, Short.MAX_VALUE)))
.addComponent(casesLabel, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) .addGap(142, 142, 142))
.addGap(18, 18, 18) .addComponent(errorLabel, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))))
.addComponent(searchButton)))
.addContainerGap()) .addContainerGap())
); );
layout.setVerticalGroup( layout.setVerticalGroup(
@ -230,16 +245,18 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(correlationTypeComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addComponent(correlationTypeComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
.addComponent(correlationTypeLabel)) .addComponent(correlationTypeLabel))
.addGap(15, 15, 15) .addGap(18, 18, 18)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(correlationValueTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addComponent(correlationValueLabel)
.addComponent(correlationValueLabel)) .addComponent(correlationValueScrollPane, javax.swing.GroupLayout.PREFERRED_SIZE, 190, javax.swing.GroupLayout.PREFERRED_SIZE))
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(normalizedLabel)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 19, Short.MAX_VALUE)
.addComponent(errorLabel) .addComponent(errorLabel)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 20, Short.MAX_VALUE) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(searchButton) .addComponent(casesLabel, javax.swing.GroupLayout.Alignment.TRAILING)
.addComponent(casesLabel)) .addComponent(searchButton, javax.swing.GroupLayout.Alignment.TRAILING))
.addContainerGap()) .addContainerGap())
); );
@ -251,10 +268,13 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
private void searchButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_searchButtonActionPerformed private void searchButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_searchButtonActionPerformed
CorrelationAttributeInstance.Type correlationType = selectedCorrelationType; CorrelationAttributeInstance.Type correlationType = selectedCorrelationType;
String correlationValue = correlationValueTextField.getText().trim(); String correlationValue = correlationValueTextArea.getText().trim();
if (validateInputs(correlationType, correlationValue)) { String[] correlationValueLines = correlationValue.split("\r\n|\n|\r");
search(correlationType, correlationValue); // for (String correlationValueLine : lines) {
if (validateInputs(correlationType, correlationValueLines)) {
search(correlationType, correlationValueLines);
dispose(); dispose();
} else { } else {
String validationMessage; String validationMessage;
@ -291,10 +311,12 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
break; break;
} }
errorLabel.setText(validationMessage); errorLabel.setText(validationMessage);
searchButton.setEnabled(false); searchButton.setEnabled(false);
correlationValueTextField.grabFocus(); correlationValueTextArea.grabFocus();
} }
// }
}//GEN-LAST:event_searchButtonActionPerformed }//GEN-LAST:event_searchButtonActionPerformed
private void correlationTypeComboBoxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_correlationTypeComboBoxActionPerformed private void correlationTypeComboBoxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_correlationTypeComboBoxActionPerformed
@ -302,11 +324,6 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
errorLabel.setText(""); errorLabel.setText("");
}//GEN-LAST:event_correlationTypeComboBoxActionPerformed }//GEN-LAST:event_correlationTypeComboBoxActionPerformed
private void valueFieldKeyReleaseListener(java.awt.event.KeyEvent evt) {//GEN-FIRST:event_valueFieldKeyReleaseListener
//make error message go away when the user enters anything in the value field
errorLabel.setText("");
}//GEN-LAST:event_valueFieldKeyReleaseListener
/** /**
* Validate the supplied input. * Validate the supplied input.
* *
@ -315,9 +332,11 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
* *
* @return True if the input is valid for the given type; otherwise false. * @return True if the input is valid for the given type; otherwise false.
*/ */
private boolean validateInputs(CorrelationAttributeInstance.Type type, String value) { private boolean validateInputs(CorrelationAttributeInstance.Type type, String[] values) {
try { try {
for (String value : values) {
CorrelationAttributeNormalizer.normalize(type, value); CorrelationAttributeNormalizer.normalize(type, value);
}
} catch (CorrelationAttributeNormalizationException ex) { } catch (CorrelationAttributeNormalizationException ex) {
// No need to log this. // No need to log this.
return false; return false;
@ -339,15 +358,33 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
CentralRepository dbManager = CentralRepository.getInstance(); CentralRepository dbManager = CentralRepository.getInstance();
correlationTypes.clear(); correlationTypes.clear();
correlationTypes.addAll(dbManager.getDefinedCorrelationTypes()); correlationTypes.addAll(dbManager.getDefinedCorrelationTypes());
// correlationTypes.addAll(java.util.Collections.sort(dbManager.getDefinedCorrelationTypes(), Collator.getInstance()));
int numberOfCases = dbManager.getCases().size(); int numberOfCases = dbManager.getCases().size();
casesLabel.setText(Bundle.AllCasesSearchDialog_caseLabel_text(numberOfCases)); casesLabel.setText(Bundle.AllCasesSearchDialog_caseLabel_text(numberOfCases));
} catch (CentralRepoException ex) { } catch (CentralRepoException ex) {
logger.log(Level.SEVERE, "Unable to connect to the Central Repository database.", ex); logger.log(Level.SEVERE, "Unable to connect to the Central Repository database.", ex);
} }
List<String> displayNames = new ArrayList<>();
for (CorrelationAttributeInstance.Type type : correlationTypes) { for (CorrelationAttributeInstance.Type type : correlationTypes) {
correlationTypeComboBox.addItem(type.getDisplayName()); String displayName = type.getDisplayName();
if (displayName.toLowerCase().contains("addresses")) {
type.setDisplayName(displayName.replace("Addresses", "Address"));
} else if (displayName.toLowerCase().equals("files")) {
type.setDisplayName("File MD5");
} else if (displayName.toLowerCase().endsWith("s") && !displayName.toLowerCase().endsWith("address")) {
type.setDisplayName(StringUtils.substring(displayName, 0, displayName.length() - 1));
} else {
type.setDisplayName(displayName);
} }
displayNames.add(type.getDisplayName());
}
Collections.sort(displayNames);
for (String displayName : displayNames) {
correlationTypeComboBox.addItem(displayName);
}
correlationTypeComboBox.setSelectedIndex(0); correlationTypeComboBox.setSelectedIndex(0);
correlationTypeComboBox.addItemListener(new ItemListener() { correlationTypeComboBox.addItemListener(new ItemListener() {
@ -364,7 +401,7 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
/* /*
* Create listener for text input. * Create listener for text input.
*/ */
correlationValueTextField.getDocument().addDocumentListener(new DocumentListener() { correlationValueTextArea.getDocument().addDocumentListener(new DocumentListener() {
@Override @Override
public void changedUpdate(DocumentEvent e) { public void changedUpdate(DocumentEvent e) {
updateSearchButton(); updateSearchButton();
@ -440,7 +477,7 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
text = ""; text = "";
break; break;
} }
correlationValueTextFieldPrompt = new TextPrompt(text, correlationValueTextField); correlationValueTextFieldPrompt = new TextPrompt(text, correlationValueTextArea);
/** /**
* Sets the foreground color and transparency of the text prompt. * Sets the foreground color and transparency of the text prompt.
@ -470,7 +507,7 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
* been provided for the correlation property value. * been provided for the correlation property value.
*/ */
private void updateSearchButton() { private void updateSearchButton() {
searchButton.setEnabled(correlationValueTextField.getText().isEmpty() == false); searchButton.setEnabled(correlationValueTextArea.getText().isEmpty() == false);
} }
/** /**
@ -486,9 +523,11 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
private javax.swing.JComboBox<String> correlationTypeComboBox; private javax.swing.JComboBox<String> correlationTypeComboBox;
private javax.swing.JLabel correlationTypeLabel; private javax.swing.JLabel correlationTypeLabel;
private javax.swing.JLabel correlationValueLabel; private javax.swing.JLabel correlationValueLabel;
private javax.swing.JTextField correlationValueTextField; private javax.swing.JScrollPane correlationValueScrollPane;
private javax.swing.JTextArea correlationValueTextArea;
private javax.swing.JLabel descriptionLabel; private javax.swing.JLabel descriptionLabel;
private javax.swing.JLabel errorLabel; private javax.swing.JLabel errorLabel;
private javax.swing.JLabel normalizedLabel;
private javax.swing.JButton searchButton; private javax.swing.JButton searchButton;
// End of variables declaration//GEN-END:variables // End of variables declaration//GEN-END:variables
} }

View File

@ -1,10 +1,11 @@
AllCasesSearchDialog.descriptionLabel.text=<html>Search the Central Repository for correlation properties with a specified value. The search is case insensitive.</html> AllCasesSearchDialog.descriptionLabel.text=<html>Search the Central Repository for the given values.</html>
AllCasesSearchDialog.errorLabel.text=\ AllCasesSearchDialog.errorLabel.text=\
AllCasesSearchDialog.correlationTypeLabel.text=Correlation Property Type: AllCasesSearchDialog.correlationTypeLabel.text=Type:
AllCasesSearchDialog.searchButton.AccessibleContext.accessibleDescription= AllCasesSearchDialog.searchButton.AccessibleContext.accessibleDescription=
AllCasesSearchDialog.searchButton.AccessibleContext.accessibleName=Search AllCasesSearchDialog.searchButton.AccessibleContext.accessibleName=Search
AllCasesSearchDialog.searchButton.text=Search AllCasesSearchDialog.searchButton.text=Search
AllCasesSearchDialog.correlationValueTextField.text= AllCasesSearchDialog.correlationValueLabel.text=Value:
AllCasesSearchDialog.correlationValueLabel.text=Correlation Property Value:
AllCasesSearchDialog.casesLabel.text=\ AllCasesSearchDialog.casesLabel.text=\
AllCasesSearchDialog.correlationValueTextArea.text=
AllCasesSearchDialog.normalizedLabel.text=Values will be normalized to ensure consistent case and formatting.

View File

@ -1,7 +1,7 @@
AllCasesSearchAction.getName.text=Search All Cases AllCasesSearchAction.getName.text=Search Central Repository
# {0} - number of cases # {0} - number of cases
AllCasesSearchDialog.caseLabel.text=The current Central Repository contains {0} case(s). AllCasesSearchDialog.caseLabel.text=The Central Repository contains {0} case(s).
AllCasesSearchDialog.correlationValueTextField.domainExample=Example: "domain.com" AllCasesSearchDialog.correlationValueTextField.domainExample=Example: "domain.com"
AllCasesSearchDialog.correlationValueTextField.emailExample=Example: "user@host.com" AllCasesSearchDialog.correlationValueTextField.emailExample=Example: "user@host.com"
AllCasesSearchDialog.correlationValueTextField.filesExample=Example: "f0e1d2c3b4a5968778695a4b3c2d1e0f" AllCasesSearchDialog.correlationValueTextField.filesExample=Example: "f0e1d2c3b4a5968778695a4b3c2d1e0f"
@ -12,19 +12,20 @@ AllCasesSearchDialog.correlationValueTextField.macExample=Example: "0C-14-F2-01-
AllCasesSearchDialog.correlationValueTextField.phoneExample=Example: "(800)123-4567" AllCasesSearchDialog.correlationValueTextField.phoneExample=Example: "(800)123-4567"
AllCasesSearchDialog.correlationValueTextField.ssidExample=Example: "WirelessNetwork-5G" AllCasesSearchDialog.correlationValueTextField.ssidExample=Example: "WirelessNetwork-5G"
AllCasesSearchDialog.correlationValueTextField.usbExample=Example: "4&1234567&0" AllCasesSearchDialog.correlationValueTextField.usbExample=Example: "4&1234567&0"
AllCasesSearchDialog.descriptionLabel.text=<html>Search the Central Repository for correlation properties with a specified value. The search is case insensitive.</html> AllCasesSearchDialog.descriptionLabel.text=<html>Search the Central Repository for the given values.</html>
AllCasesSearchDialog.dialogTitle.text=Search All Cases AllCasesSearchDialog.dialogTitle.text=Search Central Repository
AllCasesSearchDialog.emptyNode.text=No results found. AllCasesSearchDialog.emptyNode.text=No results found.
AllCasesSearchDialog.errorLabel.text=\ AllCasesSearchDialog.errorLabel.text=\
AllCasesSearchDialog.correlationTypeLabel.text=Correlation Property Type: AllCasesSearchDialog.correlationTypeLabel.text=Type:
AllCasesSearchDialog.resultsDescription.text=All Cases Search AllCasesSearchDialog.resultsDescription.text=Search Central Repository
AllCasesSearchDialog.resultsTitle.text=All Cases AllCasesSearchDialog.resultsTitle.text=All Cases
AllCasesSearchDialog.searchButton.AccessibleContext.accessibleDescription= AllCasesSearchDialog.searchButton.AccessibleContext.accessibleDescription=
AllCasesSearchDialog.searchButton.AccessibleContext.accessibleName=Search AllCasesSearchDialog.searchButton.AccessibleContext.accessibleName=Search
AllCasesSearchDialog.searchButton.text=Search AllCasesSearchDialog.searchButton.text=Search
AllCasesSearchDialog.correlationValueTextField.text= AllCasesSearchDialog.correlationValueLabel.text=Value:
AllCasesSearchDialog.correlationValueLabel.text=Correlation Property Value:
AllCasesSearchDialog.casesLabel.text=\ AllCasesSearchDialog.casesLabel.text=\
AllCasesSearchDialog.correlationValueTextArea.text=
AllCasesSearchDialog.normalizedLabel.text=Values will be normalized to ensure consistent case and formatting.
AllCasesSearchDialog.validation.genericMessage=The supplied value is not valid. AllCasesSearchDialog.validation.genericMessage=The supplied value is not valid.
AllCasesSearchDialog.validation.invalidDomain=The supplied value is not a valid domain. AllCasesSearchDialog.validation.invalidDomain=The supplied value is not a valid domain.
AllCasesSearchDialog.validation.invalidEmail=The supplied value is not a valid e-mail address. AllCasesSearchDialog.validation.invalidEmail=The supplied value is not a valid e-mail address.
@ -43,4 +44,5 @@ CorrelationAttributeInstanceNode.columnName.device=Device
CorrelationAttributeInstanceNode.columnName.known=Known CorrelationAttributeInstanceNode.columnName.known=Known
CorrelationAttributeInstanceNode.columnName.name=Name CorrelationAttributeInstanceNode.columnName.name=Name
CorrelationAttributeInstanceNode.columnName.path=Path CorrelationAttributeInstanceNode.columnName.path=Path
CTL_AllCasesSearchAction=Search All Cases CorrelationAttributeInstanceNode.columnName.value=Value
CTL_AllCasesSearchAction=Search Central Repository

View File

@ -22,7 +22,6 @@ AllCasesSearchDialog.resultsTitle.text=\u3059\u3079\u3066\u306e\u30b1\u30fc\u30b
AllCasesSearchDialog.searchButton.AccessibleContext.accessibleDescription= AllCasesSearchDialog.searchButton.AccessibleContext.accessibleDescription=
AllCasesSearchDialog.searchButton.AccessibleContext.accessibleName=\u691c\u7d22 AllCasesSearchDialog.searchButton.AccessibleContext.accessibleName=\u691c\u7d22
AllCasesSearchDialog.searchButton.text=\u691c\u7d22 AllCasesSearchDialog.searchButton.text=\u691c\u7d22
AllCasesSearchDialog.correlationValueTextField.text=
AllCasesSearchDialog.correlationValueLabel.text=\u76f8\u95a2\u5206\u6790\u30d7\u30ed\u30d1\u30c6\u30a3\u5024: AllCasesSearchDialog.correlationValueLabel.text=\u76f8\u95a2\u5206\u6790\u30d7\u30ed\u30d1\u30c6\u30a3\u5024:
AllCasesSearchDialog.casesLabel.text=\ AllCasesSearchDialog.casesLabel.text=\
AllCasesSearchDialog.validation.genericMessage=\u63d0\u4f9b\u3055\u308c\u305f\u5024\u306f\u6709\u52b9\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002 AllCasesSearchDialog.validation.genericMessage=\u63d0\u4f9b\u3055\u308c\u305f\u5024\u306f\u6709\u52b9\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002

View File

@ -84,6 +84,7 @@ public final class CorrelationAttributeInstanceNode extends DisplayableItemNode
"CorrelationAttributeInstanceNode.columnName.name=Name", "CorrelationAttributeInstanceNode.columnName.name=Name",
"CorrelationAttributeInstanceNode.columnName.case=Case", "CorrelationAttributeInstanceNode.columnName.case=Case",
"CorrelationAttributeInstanceNode.columnName.dataSource=Data Source", "CorrelationAttributeInstanceNode.columnName.dataSource=Data Source",
"CorrelationAttributeInstanceNode.columnName.value=Value",
"CorrelationAttributeInstanceNode.columnName.known=Known", "CorrelationAttributeInstanceNode.columnName.known=Known",
"CorrelationAttributeInstanceNode.columnName.path=Path", "CorrelationAttributeInstanceNode.columnName.path=Path",
"CorrelationAttributeInstanceNode.columnName.comment=Comment", "CorrelationAttributeInstanceNode.columnName.comment=Comment",
@ -109,6 +110,7 @@ public final class CorrelationAttributeInstanceNode extends DisplayableItemNode
final String dataSourceName = dataSource.getName(); final String dataSourceName = dataSource.getName();
final String known = centralRepoFile.getKnownStatus().getName(); final String known = centralRepoFile.getKnownStatus().getName();
final String comment = centralRepoFile.getComment(); final String comment = centralRepoFile.getComment();
final String value = centralRepoFile.getCorrelationValue();
final String device = dataSource.getDeviceID(); final String device = dataSource.getDeviceID();
final String NO_DESCR = ""; final String NO_DESCR = "";
@ -122,6 +124,9 @@ public final class CorrelationAttributeInstanceNode extends DisplayableItemNode
sheetSet.put(new NodeProperty<>( sheetSet.put(new NodeProperty<>(
Bundle.CorrelationAttributeInstanceNode_columnName_dataSource(), Bundle.CorrelationAttributeInstanceNode_columnName_dataSource(),
Bundle.CorrelationAttributeInstanceNode_columnName_dataSource(), NO_DESCR, dataSourceName)); Bundle.CorrelationAttributeInstanceNode_columnName_dataSource(), NO_DESCR, dataSourceName));
sheetSet.put(new NodeProperty<>(
Bundle.CorrelationAttributeInstanceNode_columnName_value(),
Bundle.CorrelationAttributeInstanceNode_columnName_value(), NO_DESCR, value));
sheetSet.put(new NodeProperty<>( sheetSet.put(new NodeProperty<>(
Bundle.CorrelationAttributeInstanceNode_columnName_known(), Bundle.CorrelationAttributeInstanceNode_columnName_known(),
Bundle.CorrelationAttributeInstanceNode_columnName_known(), NO_DESCR, known)); Bundle.CorrelationAttributeInstanceNode_columnName_known(), NO_DESCR, known));

View File

@ -269,16 +269,16 @@ public class CorrelationAttributeInstance implements Serializable {
* @throws CentralRepoException if the Type's dbTableName has invalid * @throws CentralRepoException if the Type's dbTableName has invalid
* characters/format * characters/format
*/ */
@Messages({"CorrelationType.FILES.displayName=Files", @Messages({"CorrelationType.FILES.displayName=File MD5",
"CorrelationType.DOMAIN.displayName=Domains", "CorrelationType.DOMAIN.displayName=Domain",
"CorrelationType.EMAIL.displayName=Email Addresses", "CorrelationType.EMAIL.displayName=Email Address",
"CorrelationType.PHONE.displayName=Phone Numbers", "CorrelationType.PHONE.displayName=Phone Number",
"CorrelationType.USBID.displayName=USB Devices", "CorrelationType.USBID.displayName=USB Device",
"CorrelationType.SSID.displayName=Wireless Networks", "CorrelationType.SSID.displayName=Wireless Network",
"CorrelationType.MAC.displayName=MAC Addresses", "CorrelationType.MAC.displayName=MAC Address",
"CorrelationType.IMEI.displayName=IMEI Number", "CorrelationType.IMEI.displayName=IMEI Number",
"CorrelationType.IMSI.displayName=IMSI Number", "CorrelationType.IMSI.displayName=IMSI Number",
"CorrelationType.PROG_NAME.displayName=Installed Programs", "CorrelationType.PROG_NAME.displayName=Installed Program",
"CorrelationType.ICCID.displayName=ICCID Number", "CorrelationType.ICCID.displayName=ICCID Number",
"CorrelationType.OS_ACCOUNT.displayName=Os Account"}) "CorrelationType.OS_ACCOUNT.displayName=Os Account"})
public static List<CorrelationAttributeInstance.Type> getDefaultCorrelationTypes() throws CentralRepoException { public static List<CorrelationAttributeInstance.Type> getDefaultCorrelationTypes() throws CentralRepoException {

View File

@ -27,10 +27,12 @@ import java.nio.file.Paths;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.logging.Level; import java.util.logging.Level;
import org.apache.poi.EmptyFileException;
import org.apache.poi.poifs.filesystem.DirectoryEntry; import org.apache.poi.poifs.filesystem.DirectoryEntry;
import org.apache.poi.poifs.filesystem.DocumentEntry; import org.apache.poi.poifs.filesystem.DocumentEntry;
import org.apache.poi.poifs.filesystem.DocumentInputStream; import org.apache.poi.poifs.filesystem.DocumentInputStream;
import org.apache.poi.poifs.filesystem.Entry; import org.apache.poi.poifs.filesystem.Entry;
import org.apache.poi.poifs.filesystem.NotOLE2FileException;
import org.apache.poi.poifs.filesystem.POIFSFileSystem; import org.apache.poi.poifs.filesystem.POIFSFileSystem;
import org.openide.util.NbBundle.Messages; import org.openide.util.NbBundle.Messages;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
@ -62,7 +64,6 @@ final class ExtractJumpLists extends Extract {
private static final String JUMPLIST_TSK_COMMENT = "Jumplist File"; private static final String JUMPLIST_TSK_COMMENT = "Jumplist File";
private static final String RA_DIR_NAME = "RecentActivity"; //NON-NLS private static final String RA_DIR_NAME = "RecentActivity"; //NON-NLS
private static final String MODULE_OUTPUT_DIR = "ModuleOutput"; //NON-NLS
private static final String AUTOMATIC_DESTINATIONS_FILE_DIRECTORY = "%/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations/"; private static final String AUTOMATIC_DESTINATIONS_FILE_DIRECTORY = "%/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations/";
private static final String JUMPLIST_DIR_NAME = "jumplists"; //NON-NLS private static final String JUMPLIST_DIR_NAME = "jumplists"; //NON-NLS
private static final String VERSION_NUMBER = "1.0.0"; //NON-NLS private static final String VERSION_NUMBER = "1.0.0"; //NON-NLS
@ -86,7 +87,8 @@ final class ExtractJumpLists extends Extract {
fileManager = currentCase.getServices().getFileManager(); fileManager = currentCase.getServices().getFileManager();
long ingestJobId = context.getJobId(); long ingestJobId = context.getJobId();
List<AbstractFile> jumpListFiles = extractJumplistFiles(dataSource, ingestJobId); String baseRaTempPath = RAImageIngestModule.getRATempPath(Case.getCurrentCase(), JUMPLIST_DIR_NAME , ingestJobId);
List<AbstractFile> jumpListFiles = extractJumplistFiles(dataSource, ingestJobId, baseRaTempPath);
if (jumpListFiles.isEmpty()) { if (jumpListFiles.isEmpty()) {
return; return;
@ -98,13 +100,13 @@ final class ExtractJumpLists extends Extract {
List<AbstractFile> derivedFiles = new ArrayList<>(); List<AbstractFile> derivedFiles = new ArrayList<>();
String derivedPath = null; String derivedPath = null;
String baseRaTempPath = RAImageIngestModule.getRATempPath(Case.getCurrentCase(), JUMPLIST_DIR_NAME + "_" + dataSource.getId(), ingestJobId); String baseRaModPath = RAImageIngestModule.getRAOutputPath(Case.getCurrentCase(), JUMPLIST_DIR_NAME, ingestJobId);
for (AbstractFile jumplistFile : jumpListFiles) { for (AbstractFile jumplistFile : jumpListFiles) {
if (!jumplistFile.getName().toLowerCase().contains("-slack") && !jumplistFile.getName().equals("..") && if (!jumplistFile.getName().toLowerCase().contains("-slack") && !jumplistFile.getName().equals("..") &&
!jumplistFile.getName().equals(".") && jumplistFile.getSize() > 0) { !jumplistFile.getName().equals(".") && jumplistFile.getSize() > 0) {
String jlFile = Paths.get(baseRaTempPath, jumplistFile.getName() + "_" + jumplistFile.getId()).toString(); String jlFile = Paths.get(baseRaTempPath, jumplistFile.getName() + "_" + jumplistFile.getId()).toString();
String moduleOutPath = Case.getCurrentCase().getModuleDirectory() + File.separator + RA_DIR_NAME + File.separator + JUMPLIST_DIR_NAME + "_" + dataSource.getId() + File.separator + jumplistFile.getName() + "_" + jumplistFile.getId(); String moduleOutPath = baseRaModPath + File.separator + jumplistFile.getName() + "_" + jumplistFile.getId();
derivedPath = RA_DIR_NAME + File.separator + JUMPLIST_DIR_NAME + "_" + dataSource.getId() + File.separator + jumplistFile.getName() + "_" + jumplistFile.getId(); derivedPath = RA_DIR_NAME + File.separator + JUMPLIST_DIR_NAME + "_" + ingestJobId + File.separator + jumplistFile.getName() + "_" + jumplistFile.getId();
File jlDir = new File(moduleOutPath); File jlDir = new File(moduleOutPath);
if (jlDir.exists() == false) { if (jlDir.exists() == false) {
boolean dirMade = jlDir.mkdirs(); boolean dirMade = jlDir.mkdirs();
@ -129,7 +131,7 @@ final class ExtractJumpLists extends Extract {
* *
* @return - list of jumplist abstractfiles or empty list * @return - list of jumplist abstractfiles or empty list
*/ */
private List<AbstractFile> extractJumplistFiles(Content dataSource, Long ingestJobId) { private List<AbstractFile> extractJumplistFiles(Content dataSource, Long ingestJobId, String baseRaTempPath) {
List<AbstractFile> jumpListFiles = new ArrayList<>();; List<AbstractFile> jumpListFiles = new ArrayList<>();;
List<AbstractFile> tempJumpListFiles = new ArrayList<>();; List<AbstractFile> tempJumpListFiles = new ArrayList<>();;
@ -154,7 +156,6 @@ final class ExtractJumpLists extends Extract {
if (!jumpListFile.getName().toLowerCase().contains("-slack") && !jumpListFile.getName().equals("..") && if (!jumpListFile.getName().toLowerCase().contains("-slack") && !jumpListFile.getName().equals("..") &&
!jumpListFile.getName().equals(".") && jumpListFile.getSize() > 0) { !jumpListFile.getName().equals(".") && jumpListFile.getSize() > 0) {
String fileName = jumpListFile.getName() + "_" + jumpListFile.getId(); String fileName = jumpListFile.getName() + "_" + jumpListFile.getId();
String baseRaTempPath = RAImageIngestModule.getRATempPath(Case.getCurrentCase(), JUMPLIST_DIR_NAME+ "_" + dataSource.getId(), ingestJobId);
String jlFile = Paths.get(baseRaTempPath, fileName).toString(); String jlFile = Paths.get(baseRaTempPath, fileName).toString();
try { try {
ContentUtils.writeToFile(jumpListFile, new File(jlFile)); ContentUtils.writeToFile(jumpListFile, new File(jlFile));
@ -196,7 +197,8 @@ final class ExtractJumpLists extends Extract {
JLNK lnk = lnkParser.parse(); JLNK lnk = lnkParser.parse();
lnkFileName = lnk.getBestName() + ".lnk"; lnkFileName = lnk.getBestName() + ".lnk";
File targetFile = new File(moduleOutPath + File.separator + entry.getName() + "-" + lnkFileName); File targetFile = new File(moduleOutPath + File.separator + entry.getName() + "-" + lnkFileName);
String derivedFileName = MODULE_OUTPUT_DIR + File.separator + derivedPath + File.separator + entry.getName() + "-" + lnkFileName; String relativePath = Case.getCurrentCase().getModuleOutputDirectoryRelativePath();
String derivedFileName = Case.getCurrentCase().getModuleOutputDirectoryRelativePath() + File.separator + derivedPath + File.separator + entry.getName() + "-" + lnkFileName;
OutputStream outStream = new FileOutputStream(targetFile); OutputStream outStream = new FileOutputStream(targetFile);
outStream.write(buffer); outStream.write(buffer);
outStream.close(); outStream.close();
@ -226,6 +228,8 @@ final class ExtractJumpLists extends Extract {
continue; continue;
} }
} }
} catch (NotOLE2FileException | EmptyFileException ex1) {
logger.log(Level.WARNING, String.format("Error file not a valid OLE2 Document $s", jumpListFile)); //NON-NLS
} catch (IOException | TskCoreException ex) { } catch (IOException | TskCoreException ex) {
logger.log(Level.WARNING, String.format("Error lnk parsing the file to get recent files $s", jumpListFile), ex); //NON-NLS logger.log(Level.WARNING, String.format("Error lnk parsing the file to get recent files $s", jumpListFile), ex); //NON-NLS
} }
@ -235,3 +239,4 @@ final class ExtractJumpLists extends Extract {
} }
} }

View File

@ -8,6 +8,9 @@ This is the User's Guide for the <a href="http://www.sleuthkit.org/autopsy/">ope
Note: For those users running Autopsy on Mac devices, the functionality available through the "Tools" -> "Options" dialog as described in this documentation can be accessed through the system menu bar under "Preferences" or through the Cmd + , (command-comma) shortcut. Note: For those users running Autopsy on Mac devices, the functionality available through the "Tools" -> "Options" dialog as described in this documentation can be accessed through the system menu bar under "Preferences" or through the Cmd + , (command-comma) shortcut.
Translated versions of this guide:
- <a href="https://sleuthkit.org/autopsy/docs/user-docs_fr/4.19.0/">Français (4.19.0)</a>
Help Topics Help Topics
------- -------
The following topics are available here: The following topics are available here: