mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 16:06:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' of github.com:sleuthkit/autopsy into ds_summary_report_7893

Browse Source
This commit is contained in:
Eugene Livis 2021-08-13 13:37:20 -04:00
commit 31f5f1fc7f
10 changed files with 236 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Core/src/org/sleuthkit/autopsy/allcasessearch/AllCasesSearchAction.java
View File

@ -32,9 +32,9 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository;
* Action for accessing the Search Other Cases dialog.
*/
@ActionID(category = "Tools", id = "org.sleuthkit.autopsy.allcasessearch.AllCasesSearchAction")
@ActionRegistration(displayName = "#CTL_OtherCasesSearchAction=Search All Cases", lazy = false)
@ActionRegistration(displayName = "#CTL_OtherCasesSearchAction=Search Central Repository", lazy = false)
@ActionReference(path = "Menu/Tools", position = 201)
@NbBundle.Messages({"CTL_AllCasesSearchAction=Search All Cases"})
@NbBundle.Messages({"CTL_AllCasesSearchAction=Search Central Repository"})
public class AllCasesSearchAction extends CallableSystemAction {
@Override
@ -54,7 +54,7 @@ public class AllCasesSearchAction extends CallableSystemAction {
}
@NbBundle.Messages({
"AllCasesSearchAction.getName.text=Search All Cases"})
"AllCasesSearchAction.getName.text=Search Central Repository"})
@Override
public String getName() {
return Bundle.AllCasesSearchAction_getName_text();

83
Core/src/org/sleuthkit/autopsy/allcasessearch/AllCasesSearchDialog.form
View File

@ -24,10 +24,15 @@
<Layout>
<DimensionLayout dim="0">
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0">
<Group type="102" attributes="0">
<EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Component id="descriptionLabel" pref="430" max="32767" attributes="0"/>
<Component id="descriptionLabel" max="32767" attributes="0"/>
<Group type="102" alignment="0" attributes="0">
<Component id="casesLabel" max="32767" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Component id="searchButton" min="-2" max="-2" attributes="0"/>
</Group>
<Group type="102" alignment="0" attributes="0">
<Group type="103" groupAlignment="0" attributes="0">
<Component id="correlationValueLabel" alignment="0" min="-2" max="-2" attributes="0"/>
@ -35,16 +40,23 @@
</Group>
<EmptySpace type="unrelated" max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Component id="correlationTypeComboBox" max="32767" attributes="0"/>
<Component id="correlationValueTextField" max="32767" attributes="0"/>
<Group type="102" attributes="0">
<Component id="normalizedLabel" min="-2" max="-2" attributes="0"/>
<EmptySpace min="0" pref="0" max="32767" attributes="0"/>
</Group>
<Group type="102" attributes="0">
<Group type="103" groupAlignment="0" attributes="0">
<Component id="correlationTypeComboBox" max="32767" attributes="0"/>
<Group type="102" attributes="0">
<Component id="correlationValueScrollPane" min="-2" pref="379" max="-2" attributes="0"/>
<EmptySpace min="0" pref="0" max="32767" attributes="0"/>
</Group>
</Group>
<EmptySpace min="-2" pref="142" max="-2" attributes="0"/>
</Group>
<Component id="errorLabel" alignment="0" max="32767" attributes="0"/>
</Group>
</Group>
<Group type="102" alignment="1" attributes="0">
<Component id="casesLabel" max="32767" attributes="0"/>
<EmptySpace type="separate" max="-2" attributes="0"/>
<Component id="searchButton" min="-2" max="-2" attributes="0"/>
</Group>
</Group>
<EmptySpace max="-2" attributes="0"/>
</Group>
@ -60,17 +72,19 @@
<Component id="correlationTypeComboBox" alignment="3" min="-2" max="-2" attributes="0"/>
<Component id="correlationTypeLabel" alignment="3" min="-2" max="-2" attributes="0"/>
</Group>
<EmptySpace min="-2" pref="15" max="-2" attributes="0"/>
<Group type="103" groupAlignment="3" attributes="0">
<Component id="correlationValueTextField" alignment="3" min="-2" max="-2" attributes="0"/>
<Component id="correlationValueLabel" alignment="3" min="-2" max="-2" attributes="0"/>
<EmptySpace min="-2" pref="18" max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Component id="correlationValueLabel" min="-2" max="-2" attributes="0"/>
<Component id="correlationValueScrollPane" min="-2" pref="190" max="-2" attributes="0"/>
</Group>
<EmptySpace max="-2" attributes="0"/>
<Component id="normalizedLabel" min="-2" max="-2" attributes="0"/>
<EmptySpace pref="19" max="32767" attributes="0"/>
<Component id="errorLabel" min="-2" max="-2" attributes="0"/>
<EmptySpace pref="20" max="32767" attributes="0"/>
<Group type="103" groupAlignment="3" attributes="0">
<Component id="searchButton" alignment="3" min="-2" max="-2" attributes="0"/>
<Component id="casesLabel" alignment="3" min="-2" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Component id="casesLabel" alignment="1" min="-2" max="-2" attributes="0"/>
<Component id="searchButton" alignment="1" min="-2" max="-2" attributes="0"/>
</Group>
<EmptySpace max="-2" attributes="0"/>
</Group>
@ -85,16 +99,6 @@
</Property>
</Properties>
</Component>
<Component class="javax.swing.JTextField" name="correlationValueTextField">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/allcasessearch/Bundle.properties" key="AllCasesSearchDialog.correlationValueTextField.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
<Events>
<EventHandler event="keyReleased" listener="java.awt.event.KeyListener" parameters="java.awt.event.KeyEvent" handler="valueFieldKeyReleaseListener"/>
</Events>
</Component>
<Component class="javax.swing.JButton" name="searchButton">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
@ -158,5 +162,30 @@
</Property>
</Properties>
</Component>
<Container class="javax.swing.JScrollPane" name="correlationValueScrollPane">
<AuxValues>
<AuxValue name="autoScrollPane" type="java.lang.Boolean" value="true"/>
</AuxValues>
<Layout class="org.netbeans.modules.form.compat2.layouts.support.JScrollPaneSupportLayout"/>
<SubComponents>
<Component class="javax.swing.JTextArea" name="correlationValueTextArea">
<Properties>
<Property name="columns" type="int" value="20"/>
<Property name="rows" type="int" value="5"/>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/allcasessearch/Bundle.properties" key="AllCasesSearchDialog.correlationValueTextArea.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
</Component>
</SubComponents>
</Container>
<Component class="javax.swing.JLabel" name="normalizedLabel">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/allcasessearch/Bundle.properties" key="AllCasesSearchDialog.normalizedLabel.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
</Component>
</SubComponents>
</Form>

219
Core/src/org/sleuthkit/autopsy/allcasessearch/AllCasesSearchDialog.java
View File

@ -21,8 +21,10 @@ package org.sleuthkit.autopsy.allcasessearch;
import java.awt.Color;
import java.awt.event.ItemEvent;
import java.awt.event.ItemListener;
import java.text.Collator;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.ExecutionException;
import java.util.logging.Level;
@ -30,6 +32,7 @@ import javax.swing.JFrame;
import javax.swing.SwingWorker;
import javax.swing.event.DocumentEvent;
import javax.swing.event.DocumentListener;
import org.apache.commons.lang3.StringUtils;
import org.openide.nodes.Node;
import org.openide.util.NbBundle.Messages;
import org.openide.windows.TopComponent;
@ -48,9 +51,9 @@ import org.sleuthkit.autopsy.datamodel.EmptyNode;
import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository;
@Messages({
"AllCasesSearchDialog.dialogTitle.text=Search All Cases",
"AllCasesSearchDialog.dialogTitle.text=Search Central Repository",
"AllCasesSearchDialog.resultsTitle.text=All Cases",
"AllCasesSearchDialog.resultsDescription.text=All Cases Search",
"AllCasesSearchDialog.resultsDescription.text=Search Central Repository",
"AllCasesSearchDialog.emptyNode.text=No results found.",
"AllCasesSearchDialog.validation.invalidHash=The supplied value is not a valid MD5 hash.",
"AllCasesSearchDialog.validation.invalidEmail=The supplied value is not a valid e-mail address.",
@ -63,14 +66,14 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository;
"AllCasesSearchDialog.validation.invalidIccid=The supplied value is not a valid ICCID number.",
"AllCasesSearchDialog.validation.genericMessage=The supplied value is not valid.",
"# {0} - number of cases",
"AllCasesSearchDialog.caseLabel.text=The current Central Repository contains {0} case(s)."
"AllCasesSearchDialog.caseLabel.text=The Central Repository contains {0} case(s)."
})
/**
* The Search All Cases dialog allows users to search for specific types of
* correlation properties in the Central Repository.
*/
@SuppressWarnings("PMD.SingularField") // UI widgets cause lots of false positives
final class AllCasesSearchDialog extends javax.swing.JDialog {
final class AllCasesSearchDialog extends javax.swing.JDialog {
private static final Logger logger = Logger.getLogger(AllCasesSearchDialog.class.getName());
private static final long serialVersionUID = 1L;
@ -95,19 +98,21 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
* @param type The correlation type.
* @param value The value to be matched.
*/
private void search(CorrelationAttributeInstance.Type type, String value) {
private void search(CorrelationAttributeInstance.Type type, String[] values) {
new SwingWorker<List<CorrelationAttributeInstance>, Void>() {
@Override
protected List<CorrelationAttributeInstance> doInBackground() {
List<CorrelationAttributeInstance> correlationInstances = new ArrayList<>();
try {
correlationInstances = CentralRepository.getInstance().getArtifactInstancesByTypeValue(type, value);
} catch (CentralRepoException ex) {
logger.log(Level.SEVERE, "Unable to connect to the Central Repository database.", ex);
} catch (CorrelationAttributeNormalizationException ex) {
logger.log(Level.SEVERE, "Unable to retrieve data from the Central Repository.", ex);
for (String value : values) {
try {
correlationInstances.addAll(CentralRepository.getInstance().getArtifactInstancesByTypeValue(type, value));
} catch (CentralRepoException ex) {
logger.log(Level.SEVERE, "Unable to connect to the Central Repository database.", ex);
} catch (CorrelationAttributeNormalizationException ex) {
logger.log(Level.SEVERE, "Unable to retrieve data from the Central Repository.", ex);
}
}
return correlationInstances;
@ -125,8 +130,8 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
AllCasesSearchNode searchNode = new AllCasesSearchNode(correlationInstances);
TableFilterNode tableFilterNode = new TableFilterNode(searchNode, true, searchNode.getName());
String resultsText = String.format("%s (%s; \"%s\")",
Bundle.AllCasesSearchDialog_resultsTitle_text(), type.getDisplayName(), value);
String resultsText = String.format("%s (%s)",
Bundle.AllCasesSearchDialog_resultsTitle_text(), type.getDisplayName());
final TopComponent searchResultWin;
if (correlationInstances.isEmpty()) {
Node emptyNode = new TableFilterNode(
@ -155,26 +160,21 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
private void initComponents() {
correlationValueLabel = new javax.swing.JLabel();
correlationValueTextField = new javax.swing.JTextField();
searchButton = new javax.swing.JButton();
correlationTypeComboBox = new javax.swing.JComboBox<>();
correlationTypeLabel = new javax.swing.JLabel();
errorLabel = new javax.swing.JLabel();
descriptionLabel = new javax.swing.JLabel();
casesLabel = new javax.swing.JLabel();
correlationValueScrollPane = new javax.swing.JScrollPane();
correlationValueTextArea = new javax.swing.JTextArea();
normalizedLabel = new javax.swing.JLabel();
setDefaultCloseOperation(javax.swing.WindowConstants.DISPOSE_ON_CLOSE);
setResizable(false);
org.openide.awt.Mnemonics.setLocalizedText(correlationValueLabel, org.openide.util.NbBundle.getMessage(AllCasesSearchDialog.class, "AllCasesSearchDialog.correlationValueLabel.text")); // NOI18N
correlationValueTextField.setText(org.openide.util.NbBundle.getMessage(AllCasesSearchDialog.class, "AllCasesSearchDialog.correlationValueTextField.text")); // NOI18N
correlationValueTextField.addKeyListener(new java.awt.event.KeyAdapter() {
public void keyReleased(java.awt.event.KeyEvent evt) {
valueFieldKeyReleaseListener(evt);
}
});
org.openide.awt.Mnemonics.setLocalizedText(searchButton, org.openide.util.NbBundle.getMessage(AllCasesSearchDialog.class, "AllCasesSearchDialog.searchButton.text")); // NOI18N
searchButton.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
@ -198,6 +198,13 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
casesLabel.setHorizontalAlignment(javax.swing.SwingConstants.LEFT);
org.openide.awt.Mnemonics.setLocalizedText(casesLabel, org.openide.util.NbBundle.getMessage(AllCasesSearchDialog.class, "AllCasesSearchDialog.casesLabel.text")); // NOI18N
correlationValueTextArea.setColumns(20);
correlationValueTextArea.setRows(5);
correlationValueTextArea.setText(org.openide.util.NbBundle.getMessage(AllCasesSearchDialog.class, "AllCasesSearchDialog.correlationValueTextArea.text")); // NOI18N
correlationValueScrollPane.setViewportView(correlationValueTextArea);
org.openide.awt.Mnemonics.setLocalizedText(normalizedLabel, org.openide.util.NbBundle.getMessage(AllCasesSearchDialog.class, "AllCasesSearchDialog.normalizedLabel.text")); // NOI18N
javax.swing.GroupLayout layout = new javax.swing.GroupLayout(getContentPane());
getContentPane().setLayout(layout);
layout.setHorizontalGroup(
@ -205,20 +212,28 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
.addGroup(layout.createSequentialGroup()
.addContainerGap()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(descriptionLabel, javax.swing.GroupLayout.DEFAULT_SIZE, 430, Short.MAX_VALUE)
.addComponent(descriptionLabel)
.addGroup(layout.createSequentialGroup()
.addComponent(casesLabel, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(searchButton))
.addGroup(layout.createSequentialGroup()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(correlationValueLabel)
.addComponent(correlationTypeLabel))
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(correlationTypeComboBox, 0, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addComponent(correlationValueTextField)
.addComponent(errorLabel, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)))
.addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup()
.addComponent(casesLabel, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addGap(18, 18, 18)
.addComponent(searchButton)))
.addGroup(layout.createSequentialGroup()
.addComponent(normalizedLabel)
.addGap(0, 0, Short.MAX_VALUE))
.addGroup(layout.createSequentialGroup()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(correlationTypeComboBox, 0, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addGroup(layout.createSequentialGroup()
.addComponent(correlationValueScrollPane, javax.swing.GroupLayout.PREFERRED_SIZE, 379, javax.swing.GroupLayout.PREFERRED_SIZE)
.addGap(0, 0, Short.MAX_VALUE)))
.addGap(142, 142, 142))
.addComponent(errorLabel, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))))
.addContainerGap())
);
layout.setVerticalGroup(
@ -230,16 +245,18 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(correlationTypeComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
.addComponent(correlationTypeLabel))
.addGap(15, 15, 15)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(correlationValueTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
.addComponent(correlationValueLabel))
.addGap(18, 18, 18)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(correlationValueLabel)
.addComponent(correlationValueScrollPane, javax.swing.GroupLayout.PREFERRED_SIZE, 190, javax.swing.GroupLayout.PREFERRED_SIZE))
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(normalizedLabel)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 19, Short.MAX_VALUE)
.addComponent(errorLabel)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 20, Short.MAX_VALUE)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(searchButton)
.addComponent(casesLabel))
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(casesLabel, javax.swing.GroupLayout.Alignment.TRAILING)
.addComponent(searchButton, javax.swing.GroupLayout.Alignment.TRAILING))
.addContainerGap())
);
@ -251,50 +268,55 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
private void searchButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_searchButtonActionPerformed
CorrelationAttributeInstance.Type correlationType = selectedCorrelationType;
String correlationValue = correlationValueTextField.getText().trim();
String correlationValue = correlationValueTextArea.getText().trim();
if (validateInputs(correlationType, correlationValue)) {
search(correlationType, correlationValue);
dispose();
} else {
String validationMessage;
switch (correlationType.getId()) {
case CorrelationAttributeInstance.FILES_TYPE_ID:
validationMessage = Bundle.AllCasesSearchDialog_validation_invalidHash();
break;
case CorrelationAttributeInstance.DOMAIN_TYPE_ID:
validationMessage = Bundle.AllCasesSearchDialog_validation_invalidDomain();
break;
case CorrelationAttributeInstance.EMAIL_TYPE_ID:
validationMessage = Bundle.AllCasesSearchDialog_validation_invalidEmail();
break;
case CorrelationAttributeInstance.PHONE_TYPE_ID:
validationMessage = Bundle.AllCasesSearchDialog_validation_invalidPhone();
break;
case CorrelationAttributeInstance.SSID_TYPE_ID:
validationMessage = Bundle.AllCasesSearchDialog_validation_invalidSsid();
break;
case CorrelationAttributeInstance.MAC_TYPE_ID:
validationMessage = Bundle.AllCasesSearchDialog_validation_invalidMac();
break;
case CorrelationAttributeInstance.IMEI_TYPE_ID:
validationMessage = Bundle.AllCasesSearchDialog_validation_invalidImei();
break;
case CorrelationAttributeInstance.IMSI_TYPE_ID:
validationMessage = Bundle.AllCasesSearchDialog_validation_invalidImsi();
break;
case CorrelationAttributeInstance.ICCID_TYPE_ID:
validationMessage = Bundle.AllCasesSearchDialog_validation_invalidIccid();
break;
default:
validationMessage = Bundle.AllCasesSearchDialog_validation_genericMessage();
break;
String[] correlationValueLines = correlationValue.split("\r\n|\n|\r");
// for (String correlationValueLine : lines) {
if (validateInputs(correlationType, correlationValueLines)) {
search(correlationType, correlationValueLines);
dispose();
} else {
String validationMessage;
switch (correlationType.getId()) {
case CorrelationAttributeInstance.FILES_TYPE_ID:
validationMessage = Bundle.AllCasesSearchDialog_validation_invalidHash();
break;
case CorrelationAttributeInstance.DOMAIN_TYPE_ID:
validationMessage = Bundle.AllCasesSearchDialog_validation_invalidDomain();
break;
case CorrelationAttributeInstance.EMAIL_TYPE_ID:
validationMessage = Bundle.AllCasesSearchDialog_validation_invalidEmail();
break;
case CorrelationAttributeInstance.PHONE_TYPE_ID:
validationMessage = Bundle.AllCasesSearchDialog_validation_invalidPhone();
break;
case CorrelationAttributeInstance.SSID_TYPE_ID:
validationMessage = Bundle.AllCasesSearchDialog_validation_invalidSsid();
break;
case CorrelationAttributeInstance.MAC_TYPE_ID:
validationMessage = Bundle.AllCasesSearchDialog_validation_invalidMac();
break;
case CorrelationAttributeInstance.IMEI_TYPE_ID:
validationMessage = Bundle.AllCasesSearchDialog_validation_invalidImei();
break;
case CorrelationAttributeInstance.IMSI_TYPE_ID:
validationMessage = Bundle.AllCasesSearchDialog_validation_invalidImsi();
break;
case CorrelationAttributeInstance.ICCID_TYPE_ID:
validationMessage = Bundle.AllCasesSearchDialog_validation_invalidIccid();
break;
default:
validationMessage = Bundle.AllCasesSearchDialog_validation_genericMessage();
break;
}
errorLabel.setText(validationMessage);
searchButton.setEnabled(false);
correlationValueTextArea.grabFocus();
}
errorLabel.setText(validationMessage);
searchButton.setEnabled(false);
correlationValueTextField.grabFocus();
}
// }
}//GEN-LAST:event_searchButtonActionPerformed
private void correlationTypeComboBoxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_correlationTypeComboBoxActionPerformed
@ -302,11 +324,6 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
errorLabel.setText("");
}//GEN-LAST:event_correlationTypeComboBoxActionPerformed
private void valueFieldKeyReleaseListener(java.awt.event.KeyEvent evt) {//GEN-FIRST:event_valueFieldKeyReleaseListener
//make error message go away when the user enters anything in the value field
errorLabel.setText("");
}//GEN-LAST:event_valueFieldKeyReleaseListener
/**
* Validate the supplied input.
*
@ -315,9 +332,11 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
*
* @return True if the input is valid for the given type; otherwise false.
*/
private boolean validateInputs(CorrelationAttributeInstance.Type type, String value) {
private boolean validateInputs(CorrelationAttributeInstance.Type type, String[] values) {
try {
CorrelationAttributeNormalizer.normalize(type, value);
for (String value : values) {
CorrelationAttributeNormalizer.normalize(type, value);
}
} catch (CorrelationAttributeNormalizationException ex) {
// No need to log this.
return false;
@ -339,15 +358,33 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
CentralRepository dbManager = CentralRepository.getInstance();
correlationTypes.clear();
correlationTypes.addAll(dbManager.getDefinedCorrelationTypes());
// correlationTypes.addAll(java.util.Collections.sort(dbManager.getDefinedCorrelationTypes(), Collator.getInstance()));
int numberOfCases = dbManager.getCases().size();
casesLabel.setText(Bundle.AllCasesSearchDialog_caseLabel_text(numberOfCases));
} catch (CentralRepoException ex) {
logger.log(Level.SEVERE, "Unable to connect to the Central Repository database.", ex);
}
List<String> displayNames = new ArrayList<>();
for (CorrelationAttributeInstance.Type type : correlationTypes) {
correlationTypeComboBox.addItem(type.getDisplayName());
String displayName = type.getDisplayName();
if (displayName.toLowerCase().contains("addresses")) {
type.setDisplayName(displayName.replace("Addresses", "Address"));
} else if (displayName.toLowerCase().equals("files")) {
type.setDisplayName("File MD5");
} else if (displayName.toLowerCase().endsWith("s") && !displayName.toLowerCase().endsWith("address")) {
type.setDisplayName(StringUtils.substring(displayName, 0, displayName.length() - 1));
} else {
type.setDisplayName(displayName);
}
displayNames.add(type.getDisplayName());
}
Collections.sort(displayNames);
for (String displayName : displayNames) {
correlationTypeComboBox.addItem(displayName);
}
correlationTypeComboBox.setSelectedIndex(0);
correlationTypeComboBox.addItemListener(new ItemListener() {
@ -364,7 +401,7 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
/*
* Create listener for text input.
*/
correlationValueTextField.getDocument().addDocumentListener(new DocumentListener() {
correlationValueTextArea.getDocument().addDocumentListener(new DocumentListener() {
@Override
public void changedUpdate(DocumentEvent e) {
updateSearchButton();
@ -440,7 +477,7 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
text = "";
break;
}
correlationValueTextFieldPrompt = new TextPrompt(text, correlationValueTextField);
correlationValueTextFieldPrompt = new TextPrompt(text, correlationValueTextArea);
/**
* Sets the foreground color and transparency of the text prompt.
@ -470,7 +507,7 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
* been provided for the correlation property value.
*/
private void updateSearchButton() {
searchButton.setEnabled(correlationValueTextField.getText().isEmpty() == false);
searchButton.setEnabled(correlationValueTextArea.getText().isEmpty() == false);
}
/**
@ -486,9 +523,11 @@ final class AllCasesSearchDialog extends javax.swing.JDialog {
private javax.swing.JComboBox<String> correlationTypeComboBox;
private javax.swing.JLabel correlationTypeLabel;
private javax.swing.JLabel correlationValueLabel;
private javax.swing.JTextField correlationValueTextField;
private javax.swing.JScrollPane correlationValueScrollPane;
private javax.swing.JTextArea correlationValueTextArea;
private javax.swing.JLabel descriptionLabel;
private javax.swing.JLabel errorLabel;
private javax.swing.JLabel normalizedLabel;
private javax.swing.JButton searchButton;
// End of variables declaration//GEN-END:variables
}

9
Core/src/org/sleuthkit/autopsy/allcasessearch/Bundle.properties
View File

@ -1,10 +1,11 @@
AllCasesSearchDialog.descriptionLabel.text=<html>Search the Central Repository for correlation properties with a specified value. The search is case insensitive.</html>
AllCasesSearchDialog.descriptionLabel.text=<html>Search the Central Repository for the given values.</html>
AllCasesSearchDialog.errorLabel.text=\
AllCasesSearchDialog.correlationTypeLabel.text=Correlation Property Type:
AllCasesSearchDialog.correlationTypeLabel.text=Type:
AllCasesSearchDialog.searchButton.AccessibleContext.accessibleDescription=
AllCasesSearchDialog.searchButton.AccessibleContext.accessibleName=Search
AllCasesSearchDialog.searchButton.text=Search
AllCasesSearchDialog.correlationValueTextField.text=
AllCasesSearchDialog.correlationValueLabel.text=Correlation Property Value:
AllCasesSearchDialog.correlationValueLabel.text=Value:
AllCasesSearchDialog.casesLabel.text=\
AllCasesSearchDialog.correlationValueTextArea.text=
AllCasesSearchDialog.normalizedLabel.text=Values will be normalized to ensure consistent case and formatting.

20
Core/src/org/sleuthkit/autopsy/allcasessearch/Bundle.properties-MERGED
View File

@ -1,7 +1,7 @@
AllCasesSearchAction.getName.text=Search All Cases
AllCasesSearchAction.getName.text=Search Central Repository
# {0} - number of cases
AllCasesSearchDialog.caseLabel.text=The current Central Repository contains {0} case(s).
AllCasesSearchDialog.caseLabel.text=The Central Repository contains {0} case(s).
AllCasesSearchDialog.correlationValueTextField.domainExample=Example: "domain.com"
AllCasesSearchDialog.correlationValueTextField.emailExample=Example: "user@host.com"
AllCasesSearchDialog.correlationValueTextField.filesExample=Example: "f0e1d2c3b4a5968778695a4b3c2d1e0f"
@ -12,19 +12,20 @@ AllCasesSearchDialog.correlationValueTextField.macExample=Example: "0C-14-F2-01-
AllCasesSearchDialog.correlationValueTextField.phoneExample=Example: "(800)123-4567"
AllCasesSearchDialog.correlationValueTextField.ssidExample=Example: "WirelessNetwork-5G"
AllCasesSearchDialog.correlationValueTextField.usbExample=Example: "4&1234567&0"
AllCasesSearchDialog.descriptionLabel.text=<html>Search the Central Repository for correlation properties with a specified value. The search is case insensitive.</html>
AllCasesSearchDialog.dialogTitle.text=Search All Cases
AllCasesSearchDialog.descriptionLabel.text=<html>Search the Central Repository for the given values.</html>
AllCasesSearchDialog.dialogTitle.text=Search Central Repository
AllCasesSearchDialog.emptyNode.text=No results found.
AllCasesSearchDialog.errorLabel.text=\
AllCasesSearchDialog.correlationTypeLabel.text=Correlation Property Type:
AllCasesSearchDialog.resultsDescription.text=All Cases Search
AllCasesSearchDialog.correlationTypeLabel.text=Type:
AllCasesSearchDialog.resultsDescription.text=Search Central Repository
AllCasesSearchDialog.resultsTitle.text=All Cases
AllCasesSearchDialog.searchButton.AccessibleContext.accessibleDescription=
AllCasesSearchDialog.searchButton.AccessibleContext.accessibleName=Search
AllCasesSearchDialog.searchButton.text=Search
AllCasesSearchDialog.correlationValueTextField.text=
AllCasesSearchDialog.correlationValueLabel.text=Correlation Property Value:
AllCasesSearchDialog.correlationValueLabel.text=Value:
AllCasesSearchDialog.casesLabel.text=\
AllCasesSearchDialog.correlationValueTextArea.text=
AllCasesSearchDialog.normalizedLabel.text=Values will be normalized to ensure consistent case and formatting.
AllCasesSearchDialog.validation.genericMessage=The supplied value is not valid.
AllCasesSearchDialog.validation.invalidDomain=The supplied value is not a valid domain.
AllCasesSearchDialog.validation.invalidEmail=The supplied value is not a valid e-mail address.
@ -43,4 +44,5 @@ CorrelationAttributeInstanceNode.columnName.device=Device
CorrelationAttributeInstanceNode.columnName.known=Known
CorrelationAttributeInstanceNode.columnName.name=Name
CorrelationAttributeInstanceNode.columnName.path=Path
CTL_AllCasesSearchAction=Search All Cases
CorrelationAttributeInstanceNode.columnName.value=Value
CTL_AllCasesSearchAction=Search Central Repository

1
Core/src/org/sleuthkit/autopsy/allcasessearch/Bundle_ja.properties
View File

@ -22,7 +22,6 @@ AllCasesSearchDialog.resultsTitle.text=\u3059\u3079\u3066\u306e\u30b1\u30fc\u30b
AllCasesSearchDialog.searchButton.AccessibleContext.accessibleDescription=
AllCasesSearchDialog.searchButton.AccessibleContext.accessibleName=\u691c\u7d22
AllCasesSearchDialog.searchButton.text=\u691c\u7d22
AllCasesSearchDialog.correlationValueTextField.text=
AllCasesSearchDialog.correlationValueLabel.text=\u76f8\u95a2\u5206\u6790\u30d7\u30ed\u30d1\u30c6\u30a3\u5024:
AllCasesSearchDialog.casesLabel.text=\
AllCasesSearchDialog.validation.genericMessage=\u63d0\u4f9b\u3055\u308c\u305f\u5024\u306f\u6709\u52b9\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002

5
Core/src/org/sleuthkit/autopsy/allcasessearch/CorrelationAttributeInstanceNode.java
View File

@ -84,6 +84,7 @@ public final class CorrelationAttributeInstanceNode extends DisplayableItemNode
"CorrelationAttributeInstanceNode.columnName.name=Name",
"CorrelationAttributeInstanceNode.columnName.case=Case",
"CorrelationAttributeInstanceNode.columnName.dataSource=Data Source",
"CorrelationAttributeInstanceNode.columnName.value=Value",
"CorrelationAttributeInstanceNode.columnName.known=Known",
"CorrelationAttributeInstanceNode.columnName.path=Path",
"CorrelationAttributeInstanceNode.columnName.comment=Comment",
@ -109,6 +110,7 @@ public final class CorrelationAttributeInstanceNode extends DisplayableItemNode
final String dataSourceName = dataSource.getName();
final String known = centralRepoFile.getKnownStatus().getName();
final String comment = centralRepoFile.getComment();
final String value = centralRepoFile.getCorrelationValue();
final String device = dataSource.getDeviceID();
final String NO_DESCR = "";
@ -122,6 +124,9 @@ public final class CorrelationAttributeInstanceNode extends DisplayableItemNode
sheetSet.put(new NodeProperty<>(
Bundle.CorrelationAttributeInstanceNode_columnName_dataSource(),
Bundle.CorrelationAttributeInstanceNode_columnName_dataSource(), NO_DESCR, dataSourceName));
sheetSet.put(new NodeProperty<>(
Bundle.CorrelationAttributeInstanceNode_columnName_value(),
Bundle.CorrelationAttributeInstanceNode_columnName_value(), NO_DESCR, value));
sheetSet.put(new NodeProperty<>(
Bundle.CorrelationAttributeInstanceNode_columnName_known(),
Bundle.CorrelationAttributeInstanceNode_columnName_known(), NO_DESCR, known));

18
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeInstance.java
View File

@ -269,21 +269,21 @@ public class CorrelationAttributeInstance implements Serializable {
* @throws CentralRepoException if the Type's dbTableName has invalid
* characters/format
*/
@Messages({"CorrelationType.FILES.displayName=Files",
"CorrelationType.DOMAIN.displayName=Domains",
"CorrelationType.EMAIL.displayName=Email Addresses",
"CorrelationType.PHONE.displayName=Phone Numbers",
"CorrelationType.USBID.displayName=USB Devices",
"CorrelationType.SSID.displayName=Wireless Networks",
"CorrelationType.MAC.displayName=MAC Addresses",
@Messages({"CorrelationType.FILES.displayName=File MD5",
"CorrelationType.DOMAIN.displayName=Domain",
"CorrelationType.EMAIL.displayName=Email Address",
"CorrelationType.PHONE.displayName=Phone Number",
"CorrelationType.USBID.displayName=USB Device",
"CorrelationType.SSID.displayName=Wireless Network",
"CorrelationType.MAC.displayName=MAC Address",
"CorrelationType.IMEI.displayName=IMEI Number",
"CorrelationType.IMSI.displayName=IMSI Number",
"CorrelationType.PROG_NAME.displayName=Installed Programs",
"CorrelationType.PROG_NAME.displayName=Installed Program",
"CorrelationType.ICCID.displayName=ICCID Number",
"CorrelationType.OS_ACCOUNT.displayName=Os Account"})
public static List<CorrelationAttributeInstance.Type> getDefaultCorrelationTypes() throws CentralRepoException {
List<CorrelationAttributeInstance.Type> defaultCorrelationTypes = new ArrayList<>();
defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(FILES_TYPE_ID, Bundle.CorrelationType_FILES_displayName(), "file", true, true)); // NON-NLS
defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(DOMAIN_TYPE_ID, Bundle.CorrelationType_DOMAIN_displayName(), "domain", true, true)); // NON-NLS
defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(EMAIL_TYPE_ID, Bundle.CorrelationType_EMAIL_displayName(), "email_address", true, true)); // NON-NLS

25
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractJumpLists.java
View File

@ -27,10 +27,12 @@ import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level;
import org.apache.poi.EmptyFileException;
import org.apache.poi.poifs.filesystem.DirectoryEntry;
import org.apache.poi.poifs.filesystem.DocumentEntry;
import org.apache.poi.poifs.filesystem.DocumentInputStream;
import org.apache.poi.poifs.filesystem.Entry;
import org.apache.poi.poifs.filesystem.NotOLE2FileException;
import org.apache.poi.poifs.filesystem.POIFSFileSystem;
import org.openide.util.NbBundle.Messages;
import org.sleuthkit.autopsy.casemodule.Case;
@ -62,7 +64,6 @@ final class ExtractJumpLists extends Extract {
private static final String JUMPLIST_TSK_COMMENT = "Jumplist File";
private static final String RA_DIR_NAME = "RecentActivity"; //NON-NLS
private static final String MODULE_OUTPUT_DIR = "ModuleOutput"; //NON-NLS
private static final String AUTOMATIC_DESTINATIONS_FILE_DIRECTORY = "%/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations/";
private static final String JUMPLIST_DIR_NAME = "jumplists"; //NON-NLS
private static final String VERSION_NUMBER = "1.0.0"; //NON-NLS
@ -86,7 +87,8 @@ final class ExtractJumpLists extends Extract {
fileManager = currentCase.getServices().getFileManager();
long ingestJobId = context.getJobId();
List<AbstractFile> jumpListFiles = extractJumplistFiles(dataSource, ingestJobId);
String baseRaTempPath = RAImageIngestModule.getRATempPath(Case.getCurrentCase(), JUMPLIST_DIR_NAME , ingestJobId);
List<AbstractFile> jumpListFiles = extractJumplistFiles(dataSource, ingestJobId, baseRaTempPath);
if (jumpListFiles.isEmpty()) {
return;
@ -98,13 +100,13 @@ final class ExtractJumpLists extends Extract {
List<AbstractFile> derivedFiles = new ArrayList<>();
String derivedPath = null;
String baseRaTempPath = RAImageIngestModule.getRATempPath(Case.getCurrentCase(), JUMPLIST_DIR_NAME + "_" + dataSource.getId(), ingestJobId);
String baseRaModPath = RAImageIngestModule.getRAOutputPath(Case.getCurrentCase(), JUMPLIST_DIR_NAME, ingestJobId);
for (AbstractFile jumplistFile : jumpListFiles) {
if (!jumplistFile.getName().toLowerCase().contains("-slack") && !jumplistFile.getName().equals("..") &&
!jumplistFile.getName().equals(".") && jumplistFile.getSize() > 0) {
String jlFile = Paths.get(baseRaTempPath, jumplistFile.getName() + "_" + jumplistFile.getId()).toString();
String moduleOutPath = Case.getCurrentCase().getModuleDirectory() + File.separator + RA_DIR_NAME + File.separator + JUMPLIST_DIR_NAME + "_" + dataSource.getId() + File.separator + jumplistFile.getName() + "_" + jumplistFile.getId();
derivedPath = RA_DIR_NAME + File.separator + JUMPLIST_DIR_NAME + "_" + dataSource.getId() + File.separator + jumplistFile.getName() + "_" + jumplistFile.getId();
String moduleOutPath = baseRaModPath + File.separator + jumplistFile.getName() + "_" + jumplistFile.getId();
derivedPath = RA_DIR_NAME + File.separator + JUMPLIST_DIR_NAME + "_" + ingestJobId + File.separator + jumplistFile.getName() + "_" + jumplistFile.getId();
File jlDir = new File(moduleOutPath);
if (jlDir.exists() == false) {
boolean dirMade = jlDir.mkdirs();
@ -129,7 +131,7 @@ final class ExtractJumpLists extends Extract {
*
* @return - list of jumplist abstractfiles or empty list
*/
private List<AbstractFile> extractJumplistFiles(Content dataSource, Long ingestJobId) {
private List<AbstractFile> extractJumplistFiles(Content dataSource, Long ingestJobId, String baseRaTempPath) {
List<AbstractFile> jumpListFiles = new ArrayList<>();;
List<AbstractFile> tempJumpListFiles = new ArrayList<>();;
@ -150,11 +152,10 @@ final class ExtractJumpLists extends Extract {
if (context.dataSourceIngestIsCancelled()) {
return jumpListFiles;
}
if (!jumpListFile.getName().toLowerCase().contains("-slack") && !jumpListFile.getName().equals("..") &&
!jumpListFile.getName().equals(".") && jumpListFile.getSize() > 0) {
String fileName = jumpListFile.getName() + "_" + jumpListFile.getId();
String baseRaTempPath = RAImageIngestModule.getRATempPath(Case.getCurrentCase(), JUMPLIST_DIR_NAME+ "_" + dataSource.getId(), ingestJobId);
String jlFile = Paths.get(baseRaTempPath, fileName).toString();
try {
ContentUtils.writeToFile(jumpListFile, new File(jlFile));
@ -176,7 +177,7 @@ final class ExtractJumpLists extends Extract {
List<DerivedFile> derivedFiles = new ArrayList<>();
DerivedFile derivedFile;
String lnkFileName = "";
try (POIFSFileSystem fs = new POIFSFileSystem(new File(jumpListFile))) {
DirectoryEntry root = fs.getRoot();
for (Entry entry : root) {
@ -196,7 +197,8 @@ final class ExtractJumpLists extends Extract {
JLNK lnk = lnkParser.parse();
lnkFileName = lnk.getBestName() + ".lnk";
File targetFile = new File(moduleOutPath + File.separator + entry.getName() + "-" + lnkFileName);
String derivedFileName = MODULE_OUTPUT_DIR + File.separator + derivedPath + File.separator + entry.getName() + "-" + lnkFileName;
String relativePath = Case.getCurrentCase().getModuleOutputDirectoryRelativePath();
String derivedFileName = Case.getCurrentCase().getModuleOutputDirectoryRelativePath() + File.separator + derivedPath + File.separator + entry.getName() + "-" + lnkFileName;
OutputStream outStream = new FileOutputStream(targetFile);
outStream.write(buffer);
outStream.close();
@ -226,6 +228,8 @@ final class ExtractJumpLists extends Extract {
continue;
}
}
} catch (NotOLE2FileException | EmptyFileException ex1) {
logger.log(Level.WARNING, String.format("Error file not a valid OLE2 Document $s", jumpListFile)); //NON-NLS
} catch (IOException | TskCoreException ex) {
logger.log(Level.WARNING, String.format("Error lnk parsing the file to get recent files $s", jumpListFile), ex); //NON-NLS
}
@ -235,3 +239,4 @@ final class ExtractJumpLists extends Extract {
}
}

3
docs/doxygen-user/main.dox
View File

@ -8,6 +8,9 @@ This is the User's Guide for the <a href="http://www.sleuthkit.org/autopsy/">ope
Note: For those users running Autopsy on Mac devices, the functionality available through the "Tools" -> "Options" dialog as described in this documentation can be accessed through the system menu bar under "Preferences" or through the Cmd + , (command-comma) shortcut.
Translated versions of this guide:
- <a href="https://sleuthkit.org/autopsy/docs/user-docs_fr/4.19.0/">Français (4.19.0)</a>
Help Topics
-------
The following topics are available here: