From 472b002ec5d94cec9785e97023b893632ca7d435 Mon Sep 17 00:00:00 2001 From: rishwanth1995 Date: Wed, 14 Feb 2018 15:18:27 -0500 Subject: [PATCH 01/14] disabled timeline functionality for linux --- .../autopsy/timeline/OpenTimelineAction.java | 8 ++++++-- .../autopsy/timeline/PromptDialogManager.java | 14 ++++++++++++++ 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/timeline/OpenTimelineAction.java b/Core/src/org/sleuthkit/autopsy/timeline/OpenTimelineAction.java index 4d81571db0..651f8d9029 100644 --- a/Core/src/org/sleuthkit/autopsy/timeline/OpenTimelineAction.java +++ b/Core/src/org/sleuthkit/autopsy/timeline/OpenTimelineAction.java @@ -36,6 +36,7 @@ import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.core.Installer; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil; +import org.sleuthkit.autopsy.coreutils.PlatformUtil; import org.sleuthkit.autopsy.coreutils.ThreadConfined; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.BlackboardArtifact; @@ -83,7 +84,7 @@ public final class OpenTimelineAction extends CallableSystemAction { * disabled that check because if it is executed while a data source is * being added, it blocks the edt. We still do that in ImageGallery. */ - return super.isEnabled() && Case.isCaseOpen() && Installer.isJavaFxInited(); + return PlatformUtil.isWindowsOS() && super.isEnabled() && Case.isCaseOpen() && Installer.isJavaFxInited(); } @Override @@ -97,7 +98,10 @@ public final class OpenTimelineAction extends CallableSystemAction { } } setEnabled(false); - } else { + } else if(!isEnabled()){ + Platform.runLater(PromptDialogManager::showLinuxTimelineMessage); + setEnabled(false); + }else{ showTimeline(); } } diff --git a/Core/src/org/sleuthkit/autopsy/timeline/PromptDialogManager.java b/Core/src/org/sleuthkit/autopsy/timeline/PromptDialogManager.java index a216c9366a..8229d00a64 100644 --- a/Core/src/org/sleuthkit/autopsy/timeline/PromptDialogManager.java +++ b/Core/src/org/sleuthkit/autopsy/timeline/PromptDialogManager.java @@ -222,5 +222,19 @@ public final class PromptDialogManager { dialog.setHeaderText(Bundle.PromptDialogManager_showTooManyFiles_headerText()); dialog.showAndWait(); } + + @NbBundle.Messages({ + "PromptDialogManager.showLinuxTimelineMessage.contextText=" + + "Timeline functionality is not available for linux right now." + + "Timeline will be disabled. ", + "PromptDialogManager.showLinuxTimelineMessage.headerText="}) + static void showLinuxTimelineMessage(){ + Alert dialog = new Alert(Alert.AlertType.INFORMATION, Bundle.PromptDialogManager_showLinuxTimelineMessage_contextText(),ButtonType.OK); + dialog.initModality(Modality.APPLICATION_MODAL); + dialog.setTitle(Bundle.Timeline_dialogs_title()); + setDialogIcons(dialog); + dialog.setHeaderText(Bundle.PromptDialogManager_showLinuxTimelineMessage_headerText()); + dialog.showAndWait(); + } } From aaf39427cefa3153404003b6e0d12b11e802ad87 Mon Sep 17 00:00:00 2001 From: rishwanth1995 Date: Wed, 14 Feb 2018 16:55:07 -0500 Subject: [PATCH 02/14] modified lookandfeel to make timeline work on autopsy-linux --- .../autopsy/corecomponents/Installer.java | 12 ++++++++++++ .../autopsy/timeline/OpenTimelineAction.java | 8 ++------ .../autopsy/timeline/PromptDialogManager.java | 14 -------------- 3 files changed, 14 insertions(+), 20 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/Installer.java b/Core/src/org/sleuthkit/autopsy/corecomponents/Installer.java index c908f3b35d..4867ae70a9 100644 --- a/Core/src/org/sleuthkit/autopsy/corecomponents/Installer.java +++ b/Core/src/org/sleuthkit/autopsy/corecomponents/Installer.java @@ -28,6 +28,7 @@ import javax.swing.UIManager.LookAndFeelInfo; import javax.swing.UnsupportedLookAndFeelException; import org.netbeans.swing.tabcontrol.plaf.DefaultTabbedContainerUI; import org.openide.modules.ModuleInstall; +import org.openide.util.Exceptions; import org.openide.windows.WindowManager; import org.sleuthkit.autopsy.casemodule.StartupWindowProvider; import org.sleuthkit.autopsy.coreutils.Logger; @@ -72,6 +73,8 @@ public class Installer extends ModuleInstall { private void setLookAndFeel() { if (System.getProperty("os.name").toLowerCase().contains("mac")) { //NON-NLS setOSXLookAndFeel(); + }else if (System.getProperty("os.name").toLowerCase().contains("nux")){ + setUnixLookAndFeel(); } } @@ -111,4 +114,13 @@ public class Installer extends ModuleInstall { UIManager.put(entry.getKey(), entry.getValue()); }); } + + private void setUnixLookAndFeel(){ + try { + //UIManager.setLookAndFeel(UIManager.getCrossPlatformLookAndFeelClassName()); + UIManager.setLookAndFeel(UIManager.getCrossPlatformLookAndFeelClassName()); + } catch (ClassNotFoundException | InstantiationException | IllegalAccessException | UnsupportedLookAndFeelException ex) { + Exceptions.printStackTrace(ex); + } + } } diff --git a/Core/src/org/sleuthkit/autopsy/timeline/OpenTimelineAction.java b/Core/src/org/sleuthkit/autopsy/timeline/OpenTimelineAction.java index 651f8d9029..4d81571db0 100644 --- a/Core/src/org/sleuthkit/autopsy/timeline/OpenTimelineAction.java +++ b/Core/src/org/sleuthkit/autopsy/timeline/OpenTimelineAction.java @@ -36,7 +36,6 @@ import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.core.Installer; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil; -import org.sleuthkit.autopsy.coreutils.PlatformUtil; import org.sleuthkit.autopsy.coreutils.ThreadConfined; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.BlackboardArtifact; @@ -84,7 +83,7 @@ public final class OpenTimelineAction extends CallableSystemAction { * disabled that check because if it is executed while a data source is * being added, it blocks the edt. We still do that in ImageGallery. */ - return PlatformUtil.isWindowsOS() && super.isEnabled() && Case.isCaseOpen() && Installer.isJavaFxInited(); + return super.isEnabled() && Case.isCaseOpen() && Installer.isJavaFxInited(); } @Override @@ -98,10 +97,7 @@ public final class OpenTimelineAction extends CallableSystemAction { } } setEnabled(false); - } else if(!isEnabled()){ - Platform.runLater(PromptDialogManager::showLinuxTimelineMessage); - setEnabled(false); - }else{ + } else { showTimeline(); } } diff --git a/Core/src/org/sleuthkit/autopsy/timeline/PromptDialogManager.java b/Core/src/org/sleuthkit/autopsy/timeline/PromptDialogManager.java index 8229d00a64..a216c9366a 100644 --- a/Core/src/org/sleuthkit/autopsy/timeline/PromptDialogManager.java +++ b/Core/src/org/sleuthkit/autopsy/timeline/PromptDialogManager.java @@ -222,19 +222,5 @@ public final class PromptDialogManager { dialog.setHeaderText(Bundle.PromptDialogManager_showTooManyFiles_headerText()); dialog.showAndWait(); } - - @NbBundle.Messages({ - "PromptDialogManager.showLinuxTimelineMessage.contextText=" - + "Timeline functionality is not available for linux right now." - + "Timeline will be disabled. ", - "PromptDialogManager.showLinuxTimelineMessage.headerText="}) - static void showLinuxTimelineMessage(){ - Alert dialog = new Alert(Alert.AlertType.INFORMATION, Bundle.PromptDialogManager_showLinuxTimelineMessage_contextText(),ButtonType.OK); - dialog.initModality(Modality.APPLICATION_MODAL); - dialog.setTitle(Bundle.Timeline_dialogs_title()); - setDialogIcons(dialog); - dialog.setHeaderText(Bundle.PromptDialogManager_showLinuxTimelineMessage_headerText()); - dialog.showAndWait(); - } } From 0ccc9e69a2685f66f046a26de7c2a7de09446278 Mon Sep 17 00:00:00 2001 From: rishwanth1995 Date: Thu, 15 Feb 2018 10:26:22 -0500 Subject: [PATCH 03/14] setLinuxlookandfeel to crossplatform LAF to make timeline work and disable timeline for native LAF --- .../autopsy/corecomponents/Installer.java | 10 ++++++++-- .../autopsy/timeline/OpenTimelineAction.java | 6 +++++- .../autopsy/timeline/PromptDialogManager.java | 15 +++++++++++++++ 3 files changed, 28 insertions(+), 3 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/Installer.java b/Core/src/org/sleuthkit/autopsy/corecomponents/Installer.java index 4867ae70a9..092fd70641 100644 --- a/Core/src/org/sleuthkit/autopsy/corecomponents/Installer.java +++ b/Core/src/org/sleuthkit/autopsy/corecomponents/Installer.java @@ -41,6 +41,7 @@ public class Installer extends ModuleInstall { private static final long serialVersionUID = 1L; private static final Logger logger = Logger.getLogger(Installer.class.getName()); private static Installer instance; + public static boolean enableTimeline = true; public synchronized static Installer getDefault() { if (null == instance) { @@ -117,10 +118,15 @@ public class Installer extends ModuleInstall { private void setUnixLookAndFeel(){ try { - //UIManager.setLookAndFeel(UIManager.getCrossPlatformLookAndFeelClassName()); UIManager.setLookAndFeel(UIManager.getCrossPlatformLookAndFeelClassName()); } catch (ClassNotFoundException | InstantiationException | IllegalAccessException | UnsupportedLookAndFeelException ex) { - Exceptions.printStackTrace(ex); + logger.log(Level.WARNING, "Error setting crossplatform look-and-feel, setting default look-and-feel",ex); + try { + UIManager.setLookAndFeel(UIManager.getSystemLookAndFeelClassName()); + enableTimeline=false; + } catch (ClassNotFoundException | InstantiationException | IllegalAccessException | UnsupportedLookAndFeelException ex1) { + Exceptions.printStackTrace(ex1); + } } } } diff --git a/Core/src/org/sleuthkit/autopsy/timeline/OpenTimelineAction.java b/Core/src/org/sleuthkit/autopsy/timeline/OpenTimelineAction.java index 4d81571db0..e19b91575b 100644 --- a/Core/src/org/sleuthkit/autopsy/timeline/OpenTimelineAction.java +++ b/Core/src/org/sleuthkit/autopsy/timeline/OpenTimelineAction.java @@ -34,6 +34,7 @@ import org.openide.util.NbBundle; import org.openide.util.actions.CallableSystemAction; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.core.Installer; +import static org.sleuthkit.autopsy.corecomponents.Installer.enableTimeline; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil; import org.sleuthkit.autopsy.coreutils.ThreadConfined; @@ -97,7 +98,10 @@ public final class OpenTimelineAction extends CallableSystemAction { } } setEnabled(false); - } else { + }else if(!enableTimeline) { + Platform.runLater(PromptDialogManager::showTimeLineDisabledMessage); + setEnabled(false); + }else { showTimeline(); } } diff --git a/Core/src/org/sleuthkit/autopsy/timeline/PromptDialogManager.java b/Core/src/org/sleuthkit/autopsy/timeline/PromptDialogManager.java index a216c9366a..a379fc7d8d 100644 --- a/Core/src/org/sleuthkit/autopsy/timeline/PromptDialogManager.java +++ b/Core/src/org/sleuthkit/autopsy/timeline/PromptDialogManager.java @@ -222,5 +222,20 @@ public final class PromptDialogManager { dialog.setHeaderText(Bundle.PromptDialogManager_showTooManyFiles_headerText()); dialog.showAndWait(); } + + @NbBundle.Messages({ + "PromptDialogManager.showTimeLineDisabledMessage.contentText=" + + "Timeline functionality is not available for Linux yet." + + " Timeline will be disabled. ", + "PromptDialogManager.showTimeLineDisabledMessage.headerText="}) + static void showTimeLineDisabledMessage() { + Alert dialog = new Alert(Alert.AlertType.INFORMATION, + Bundle.PromptDialogManager_showTimeLineDisabledMessage_contentText(), ButtonType.OK); + dialog.initModality(Modality.APPLICATION_MODAL); + dialog.setTitle(Bundle.Timeline_dialogs_title()); + setDialogIcons(dialog); + dialog.setHeaderText(Bundle.PromptDialogManager_showTimeLineDisabledMessage_headerText()); + dialog.showAndWait(); + } } From e3b05a836ed99b4b2eaadf8ddd7a5906815b0fa2 Mon Sep 17 00:00:00 2001 From: rishwanth1995 Date: Thu, 15 Feb 2018 10:30:08 -0500 Subject: [PATCH 04/14] setLinuxlookandfeel to crossplatform LAF to make timeline work and disable timeline for native LAF --- Core/src/org/sleuthkit/autopsy/corecomponents/Installer.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/Installer.java b/Core/src/org/sleuthkit/autopsy/corecomponents/Installer.java index 092fd70641..4588fe40e2 100644 --- a/Core/src/org/sleuthkit/autopsy/corecomponents/Installer.java +++ b/Core/src/org/sleuthkit/autopsy/corecomponents/Installer.java @@ -28,7 +28,6 @@ import javax.swing.UIManager.LookAndFeelInfo; import javax.swing.UnsupportedLookAndFeelException; import org.netbeans.swing.tabcontrol.plaf.DefaultTabbedContainerUI; import org.openide.modules.ModuleInstall; -import org.openide.util.Exceptions; import org.openide.windows.WindowManager; import org.sleuthkit.autopsy.casemodule.StartupWindowProvider; import org.sleuthkit.autopsy.coreutils.Logger; @@ -125,7 +124,7 @@ public class Installer extends ModuleInstall { UIManager.setLookAndFeel(UIManager.getSystemLookAndFeelClassName()); enableTimeline=false; } catch (ClassNotFoundException | InstantiationException | IllegalAccessException | UnsupportedLookAndFeelException ex1) { - Exceptions.printStackTrace(ex1); + logger.log(Level.WARNING, "Error setting native look-and-feel",ex1); } } } From d135eca507f4b61cf101de50ead1ae27b3a18e0b Mon Sep 17 00:00:00 2001 From: Raman Date: Fri, 16 Feb 2018 08:38:16 -0500 Subject: [PATCH 05/14] Disabled EasyPMD rule: GuardLogStatementJavaUtil --- ruleset.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ruleset.xml b/ruleset.xml index 558f99fc38..17e957e8e2 100644 --- a/ruleset.xml +++ b/ruleset.xml @@ -185,7 +185,8 @@ - + From 8a1d4abcdc9370b09b1da3cf41d9e54f5e2e188b Mon Sep 17 00:00:00 2001 From: rishwanth1995 Date: Fri, 16 Feb 2018 09:41:21 -0500 Subject: [PATCH 06/14] added enable enable_timeline settings in a propert file --- .../autopsy/corecomponents/Installer.java | 22 ++++++++++++------- .../autopsy/timeline/OpenTimelineAction.java | 4 ++-- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/Installer.java b/Core/src/org/sleuthkit/autopsy/corecomponents/Installer.java index 4588fe40e2..b7817b1490 100644 --- a/Core/src/org/sleuthkit/autopsy/corecomponents/Installer.java +++ b/Core/src/org/sleuthkit/autopsy/corecomponents/Installer.java @@ -31,6 +31,7 @@ import org.openide.modules.ModuleInstall; import org.openide.windows.WindowManager; import org.sleuthkit.autopsy.casemodule.StartupWindowProvider; import org.sleuthkit.autopsy.coreutils.Logger; +import org.sleuthkit.autopsy.coreutils.ModuleSettings; /** * Manages this module's life cycle. Opens the startup dialog during startup. @@ -40,7 +41,6 @@ public class Installer extends ModuleInstall { private static final long serialVersionUID = 1L; private static final Logger logger = Logger.getLogger(Installer.class.getName()); private static Installer instance; - public static boolean enableTimeline = true; public synchronized static Installer getDefault() { if (null == instance) { @@ -115,17 +115,23 @@ public class Installer extends ModuleInstall { }); } + private void setModuleSettings(String value) { + if (ModuleSettings.configExists("timeline")) { + ModuleSettings.setConfigSetting("timeline", "enable_timeline", value); + } else { + ModuleSettings.makeConfigFile("timeline"); + ModuleSettings.setConfigSetting("timeline", "enable_timeline", value); + } + } + private void setUnixLookAndFeel(){ try { - UIManager.setLookAndFeel(UIManager.getCrossPlatformLookAndFeelClassName()); + UIManager.put("swing.boldMetal", Boolean.FALSE); + UIManager.setLookAndFeel("com.sun.java.swing.plaf.windows.WindowsLookAndFeel"); + setModuleSettings("true"); } catch (ClassNotFoundException | InstantiationException | IllegalAccessException | UnsupportedLookAndFeelException ex) { logger.log(Level.WARNING, "Error setting crossplatform look-and-feel, setting default look-and-feel",ex); - try { - UIManager.setLookAndFeel(UIManager.getSystemLookAndFeelClassName()); - enableTimeline=false; - } catch (ClassNotFoundException | InstantiationException | IllegalAccessException | UnsupportedLookAndFeelException ex1) { - logger.log(Level.WARNING, "Error setting native look-and-feel",ex1); - } + setModuleSettings("false"); } } } diff --git a/Core/src/org/sleuthkit/autopsy/timeline/OpenTimelineAction.java b/Core/src/org/sleuthkit/autopsy/timeline/OpenTimelineAction.java index e19b91575b..aca5c4e7f7 100644 --- a/Core/src/org/sleuthkit/autopsy/timeline/OpenTimelineAction.java +++ b/Core/src/org/sleuthkit/autopsy/timeline/OpenTimelineAction.java @@ -34,9 +34,9 @@ import org.openide.util.NbBundle; import org.openide.util.actions.CallableSystemAction; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.core.Installer; -import static org.sleuthkit.autopsy.corecomponents.Installer.enableTimeline; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil; +import org.sleuthkit.autopsy.coreutils.ModuleSettings; import org.sleuthkit.autopsy.coreutils.ThreadConfined; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.BlackboardArtifact; @@ -98,7 +98,7 @@ public final class OpenTimelineAction extends CallableSystemAction { } } setEnabled(false); - }else if(!enableTimeline) { + }else if("false".equals(ModuleSettings.getConfigSetting("timeline", "enable_timeline"))) { Platform.runLater(PromptDialogManager::showTimeLineDisabledMessage); setEnabled(false); }else { From df56203f53c506201a7e1ea2123c8cc51f355464 Mon Sep 17 00:00:00 2001 From: rishwanth1995 Date: Fri, 16 Feb 2018 09:54:20 -0500 Subject: [PATCH 07/14] added enable enable_timeline settings in a propert file --- Core/src/org/sleuthkit/autopsy/corecomponents/Installer.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/Installer.java b/Core/src/org/sleuthkit/autopsy/corecomponents/Installer.java index b7817b1490..0ecfec0b30 100644 --- a/Core/src/org/sleuthkit/autopsy/corecomponents/Installer.java +++ b/Core/src/org/sleuthkit/autopsy/corecomponents/Installer.java @@ -127,7 +127,7 @@ public class Installer extends ModuleInstall { private void setUnixLookAndFeel(){ try { UIManager.put("swing.boldMetal", Boolean.FALSE); - UIManager.setLookAndFeel("com.sun.java.swing.plaf.windows.WindowsLookAndFeel"); + UIManager.setLookAndFeel(UIManager.getCrossPlatformLookAndFeelClassName()); setModuleSettings("true"); } catch (ClassNotFoundException | InstantiationException | IllegalAccessException | UnsupportedLookAndFeelException ex) { logger.log(Level.WARNING, "Error setting crossplatform look-and-feel, setting default look-and-feel",ex); From f87ad41398a3c4827cd728233ab02f97197fb4c0 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Fri, 16 Feb 2018 14:09:12 -0500 Subject: [PATCH 08/14] Remove global field in keywordsearch/ExtractedContentViewer.java --- .../sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java index dbed68e660..a43546dca9 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java @@ -54,7 +54,7 @@ public class ExtractedContentViewer implements DataContentViewer { private static final long INVALID_DOCUMENT_ID = 0L; private static final BlackboardAttribute.Type TSK_ASSOCIATED_ARTIFACT_TYPE = new BlackboardAttribute.Type(TSK_ASSOCIATED_ARTIFACT); - public static final BlackboardAttribute.Type TSK_ACCOUNT_TYPE = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ACCOUNT_TYPE); + private static final BlackboardAttribute.Type TSK_ACCOUNT_TYPE = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ACCOUNT_TYPE); private ExtractedContentPanel panel; private volatile Node currentNode = null; From 71afb13f3e7f7a0ab5290f7c06d988f97878a32f Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 20 Feb 2018 16:07:13 -0500 Subject: [PATCH 09/14] Update NEWS file for 4.6.0 release --- NEWS.txt | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/NEWS.txt b/NEWS.txt index deb4d42cba..8dc3379d6c 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -1,3 +1,68 @@ +---------------- VERSION 4.6.0 -------------- +- A new Message content viewer has been added to the content viewers section of +the main application window to provide an examiner with tabs for looking at: +message headers; content as raw text, HTML, or RTF; and attachments. +- A new Communications tool has been added to the Tools menu to supply an +examiner with a separate three part view consisting of: a filtered, tabular +display of the various accounts (email, Facebook, Twitter, etc.) discovered by +the ingest modules, a tabular view of the messages exchanged between the +accounts, and a Message content viewer for the individual messages. +- Hash sets may now be stored either locally or in the Central Repository. +- An ingest module that uses file entropy to flag possibly encrypted files has +been added as a core file-level ingest module. +- The file names and organization of HTML reports have been changed to make it +easier to find and open these reports outside of the application. +- The version of Tika used by the application has been upgraded to version 1.17 +and the amount of memory consumed by Tika has been reduced significantly by +configuring it to use the new SAX parsers exclusively. +- A live triage feature has been added that copies the application executable to +a USB drive that can then be used for live analysis of another system. +- Memory leaks and other issues revealed by fuzzing the SleuthKit have +been fixed. +- The number of application log files generated before log rollover is now +user-configurable to enable retention of more logs to better support enterprise +installations that are running auto ingest. +- Preliminary build file and code changes aimed at supporting easy creation of +Linux and OS-X binary distribution packages are in place. +- Better typing of larger slack files has been added to the file type detection +ingest module. +- The maximum number of Solr connections and the maximum number of +file ingest threads allowed have both been increased. +- The default setting for JVM memory for 64-bit Windows installations has been +increased to 4 GB, and the user can adjust the JVM memory setting via the +Application options panel. +- The embedded file extractor now uses Tika for new form MS Office documents, +which dramatically reduces the memory required for processing Excel spreadsheets. +- The amount of memory required for processing keyword hits has been reduced. +- Periodic keyword search during ingest now has logic to dynamically increase +the interval between searches when searches are taking longer than the +user-configured periodic search interval to complete, thus preventing continuous +searching. +- Keyword search has been made more responsive to both search and ingest job +cancellation. +- The use of the terminology "known bad" has been replaced by "notable." +- Tag definitions now have a "notable" property indicating that tagged content +and results should be marked as notable in the Central Repository. +- Users can now enter more information about cases including examiner contact +info, organization info, and notes. +- A new "Databases" category has been added to the Views, File Types, By +Extension ree. +- Examiner mode for an enterprise installation no longer requires a restart and +a single dialog that lists all multi-user cases is provided; selecting a row in +the dialog and beginning to type opens a search box that allows an examiner to +search for cases by name, etc., and the columns in the tabular view presented by +the dialog can be reordered or hidden. +- An auto ingest data source processor that extracts data sources from archive +files specified as data sources via auto ingest job manifests has been added. +- Auto ingest job metrics are collected and can be displayed for a +user-specified time period using a button on either the auto dashboard or the +auto ingest control panel. +- Sorting by columns has been added to both the auto ingest control panel and +the auto ingest dashboard. +- The row highlight color for tagged items in the Results table view has been +changed for better visibility. +- Assorted small enhancements and bug fixes are included. + ---------------- VERSION 4.5.0 -------------- - Memory usage has been reduced to improve support for very large cases. - The central repository and correlation engine introduced in version 4.4.1 have From 621d1fe8d093d09f68f8689526cac052e570dc92 Mon Sep 17 00:00:00 2001 From: Brian Carrier Date: Tue, 20 Feb 2018 17:00:27 -0500 Subject: [PATCH 10/14] rearranged NEWS file --- NEWS.txt | 85 +++++++++++++++++--------------------------------------- 1 file changed, 25 insertions(+), 60 deletions(-) diff --git a/NEWS.txt b/NEWS.txt index 8dc3379d6c..54e0acb883 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -1,68 +1,33 @@ ---------------- VERSION 4.6.0 -------------- -- A new Message content viewer has been added to the content viewers section of -the main application window to provide an examiner with tabs for looking at: -message headers; content as raw text, HTML, or RTF; and attachments. -- A new Communications tool has been added to the Tools menu to supply an -examiner with a separate three part view consisting of: a filtered, tabular -display of the various accounts (email, Facebook, Twitter, etc.) discovered by -the ingest modules, a tabular view of the messages exchanged between the -accounts, and a Message content viewer for the individual messages. -- Hash sets may now be stored either locally or in the Central Repository. -- An ingest module that uses file entropy to flag possibly encrypted files has -been added as a core file-level ingest module. -- The file names and organization of HTML reports have been changed to make it -easier to find and open these reports outside of the application. -- The version of Tika used by the application has been upgraded to version 1.17 -and the amount of memory consumed by Tika has been reduced significantly by -configuring it to use the new SAX parsers exclusively. -- A live triage feature has been added that copies the application executable to -a USB drive that can then be used for live analysis of another system. +New Features: +- A new Message content viewer was added to make it easier to view email message contents. +- A new Communications interface was added to make it easier to find messages and relationships. +- Hash sets can be centrally stored and shared in the Central Repository. +- New Encryption Detection module that will flag possibly encrypted files. +- Can more easily run Autopsy from a USB drive and leave few traces on target system. +- Tag definitions now have a "notable" property. The Central Repository uses this to mark files as notable. +- Large slack files are now file typed. +- The maximum number of Solr connections and ingest threads have increased. +- Periodic keyword search will dynamically change based on how long queries are taking. +- Users can change the amount of memory allocated to the application. +- The amount of memory required for processing keyword hits has been reduced. +- Layout of HTML reports has been modified make it easier to open. +- "Databases" was added to File Type by Extension view. +- Users can now enter more information about cases including examiner, organization, etc. +- New dialog to open multi-user cases that allows for searching. +- Auto ingest metrics are collected and displayed in dashboard. +- Auto ingest module that extracts disk images from archive files. +- Keyword search has been made more responsive to both search and ingest job cancellation. +- Number of log files to keep before rollover is now configurable. +- Preliminary changes to make Linux and OS X builds easier. + +Bug Fixes: - Memory leaks and other issues revealed by fuzzing the SleuthKit have been fixed. -- The number of application log files generated before log rollover is now -user-configurable to enable retention of more logs to better support enterprise -installations that are running auto ingest. -- Preliminary build file and code changes aimed at supporting easy creation of -Linux and OS-X binary distribution packages are in place. -- Better typing of larger slack files has been added to the file type detection -ingest module. -- The maximum number of Solr connections and the maximum number of -file ingest threads allowed have both been increased. -- The default setting for JVM memory for 64-bit Windows installations has been -increased to 4 GB, and the user can adjust the JVM memory setting via the -Application options panel. -- The embedded file extractor now uses Tika for new form MS Office documents, -which dramatically reduces the memory required for processing Excel spreadsheets. -- The amount of memory required for processing keyword hits has been reduced. -- Periodic keyword search during ingest now has logic to dynamically increase -the interval between searches when searches are taking longer than the -user-configured periodic search interval to complete, thus preventing continuous -searching. -- Keyword search has been made more responsive to both search and ingest job -cancellation. -- The use of the terminology "known bad" has been replaced by "notable." -- Tag definitions now have a "notable" property indicating that tagged content -and results should be marked as notable in the Central Repository. -- Users can now enter more information about cases including examiner contact -info, organization info, and notes. -- A new "Databases" category has been added to the Views, File Types, By -Extension ree. -- Examiner mode for an enterprise installation no longer requires a restart and -a single dialog that lists all multi-user cases is provided; selecting a row in -the dialog and beginning to type opens a search box that allows an examiner to -search for cases by name, etc., and the columns in the tabular view presented by -the dialog can be reordered or hidden. -- An auto ingest data source processor that extracts data sources from archive -files specified as data sources via auto ingest job manifests has been added. -- Auto ingest job metrics are collected and can be displayed for a -user-specified time period using a button on either the auto dashboard or the -auto ingest control panel. -- Sorting by columns has been added to both the auto ingest control panel and -the auto ingest dashboard. -- The row highlight color for tagged items in the Results table view has been -changed for better visibility. +- Memory issues caused by Tika are fixed (by upgrading to 1.17) - Assorted small enhancements and bug fixes are included. + ---------------- VERSION 4.5.0 -------------- - Memory usage has been reduced to improve support for very large cases. - The central repository and correlation engine introduced in version 4.4.1 have From 20c2feba60de06a6fa0d36e3c06fcf65cf7eaba5 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 20 Feb 2018 17:18:25 -0500 Subject: [PATCH 11/14] Update verson numbers for 4.6.0 release --- Core/manifest.mf | 2 +- Core/nbproject/project.properties | 2 +- .../org/sleuthkit/autopsy/corecomponents/Bundle.properties | 2 +- KeywordSearch/manifest.mf | 2 +- KeywordSearch/nbproject/project.properties | 2 +- Testing/manifest.mf | 2 +- Testing/nbproject/project.properties | 2 +- docs/doxygen-user/Doxyfile | 4 ++-- docs/doxygen/Doxyfile | 4 ++-- nbproject/project.properties | 2 +- pythonExamples/README.txt | 2 +- 11 files changed, 13 insertions(+), 13 deletions(-) diff --git a/Core/manifest.mf b/Core/manifest.mf index 795341b86d..260c73c542 100644 --- a/Core/manifest.mf +++ b/Core/manifest.mf @@ -2,7 +2,7 @@ Manifest-Version: 1.0 OpenIDE-Module: org.sleuthkit.autopsy.core/10 OpenIDE-Module-Localizing-Bundle: org/sleuthkit/autopsy/core/Bundle.properties OpenIDE-Module-Layer: org/sleuthkit/autopsy/core/layer.xml -OpenIDE-Module-Implementation-Version: 21 +OpenIDE-Module-Implementation-Version: 22 OpenIDE-Module-Requires: org.openide.windows.WindowManager AutoUpdate-Show-In-Client: true AutoUpdate-Essential-Module: true diff --git a/Core/nbproject/project.properties b/Core/nbproject/project.properties index 9adbad3e9a..e4903c6ab3 100644 --- a/Core/nbproject/project.properties +++ b/Core/nbproject/project.properties @@ -32,5 +32,5 @@ nbm.homepage=http://www.sleuthkit.org/ nbm.module.author=Brian Carrier nbm.needs.restart=true source.reference.curator-recipes-2.8.0.jar=release/modules/ext/curator-recipes-2.8.0-sources.jar -spec.version.base=10.9 +spec.version.base=10.10 diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/Bundle.properties b/Core/src/org/sleuthkit/autopsy/corecomponents/Bundle.properties index 1aecff7348..5f43502f8f 100644 --- a/Core/src/org/sleuthkit/autopsy/corecomponents/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/corecomponents/Bundle.properties @@ -27,7 +27,7 @@ Format_OperatingSystem_Value={0} version {1} running on {2} LBL_Copyright=
Autopsy™ is a digital forensics platform based on The Sleuth Kit™ and other tools.
Copyright © 2003-2017.
URL_ON_IMG=http://www.sleuthkit.org/ -URL_ON_HELP=http://sleuthkit.org/autopsy/docs/user-docs/4.5.0/ +URL_ON_HELP=http://sleuthkit.org/autopsy/docs/user-docs/4.6.0/ FILE_FOR_LOCAL_HELP=file:/// INDEX_FOR_LOCAL_HELP=/docs/index.html diff --git a/KeywordSearch/manifest.mf b/KeywordSearch/manifest.mf index 56e7a721f2..60d5379544 100644 --- a/KeywordSearch/manifest.mf +++ b/KeywordSearch/manifest.mf @@ -1,7 +1,7 @@ Manifest-Version: 1.0 AutoUpdate-Show-In-Client: true OpenIDE-Module: org.sleuthkit.autopsy.keywordsearch/6 -OpenIDE-Module-Implementation-Version: 17 +OpenIDE-Module-Implementation-Version: 18 OpenIDE-Module-Install: org/sleuthkit/autopsy/keywordsearch/Installer.class OpenIDE-Module-Layer: org/sleuthkit/autopsy/keywordsearch/layer.xml OpenIDE-Module-Localizing-Bundle: org/sleuthkit/autopsy/keywordsearch/Bundle.properties diff --git a/KeywordSearch/nbproject/project.properties b/KeywordSearch/nbproject/project.properties index ddc825b4d4..600396fb43 100644 --- a/KeywordSearch/nbproject/project.properties +++ b/KeywordSearch/nbproject/project.properties @@ -142,4 +142,4 @@ license.file=../LICENSE-2.0.txt nbm.homepage=http://www.sleuthkit.org/autopsy/ nbm.needs.restart=true source.reference.commons-validator-1.5.1.jar=release/modules/ext/commons-validator-1.5.1-sources.jar -spec.version.base=6.3 +spec.version.base=6.4 diff --git a/Testing/manifest.mf b/Testing/manifest.mf index e6829a2a04..5134bcc561 100644 --- a/Testing/manifest.mf +++ b/Testing/manifest.mf @@ -1,6 +1,6 @@ Manifest-Version: 1.0 AutoUpdate-Show-In-Client: false OpenIDE-Module: org.sleuthkit.autopsy.testing/3 -OpenIDE-Module-Implementation-Version: 10 +OpenIDE-Module-Implementation-Version: 11 OpenIDE-Module-Localizing-Bundle: org/sleuthkit/autopsy/testing/Bundle.properties diff --git a/Testing/nbproject/project.properties b/Testing/nbproject/project.properties index 7ec0a803eb..2b963e0724 100644 --- a/Testing/nbproject/project.properties +++ b/Testing/nbproject/project.properties @@ -3,4 +3,4 @@ javac.compilerargs=-Xlint -Xlint:-serial license.file=../LICENSE-2.0.txt nbm.homepage=http://www.sleuthkit.org/autopsy/ nbm.needs.restart=true -spec.version.base=1.2 +spec.version.base=1.3 diff --git a/docs/doxygen-user/Doxyfile b/docs/doxygen-user/Doxyfile index 858a9bf81a..f2f31448a0 100755 --- a/docs/doxygen-user/Doxyfile +++ b/docs/doxygen-user/Doxyfile @@ -38,7 +38,7 @@ PROJECT_NAME = "Autopsy User Documentation" # could be handy for archiving the generated documentation or if some version # control system is used. -PROJECT_NUMBER = 4.5.0 +PROJECT_NUMBER = 4.6.0 # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer a @@ -1025,7 +1025,7 @@ GENERATE_HTML = YES # The default directory is: html. # This tag requires that the tag GENERATE_HTML is set to YES. -HTML_OUTPUT = 4.5.0 +HTML_OUTPUT = 4.6.0 # The HTML_FILE_EXTENSION tag can be used to specify the file extension for each # generated HTML page (for example: .htm, .php, .asp). diff --git a/docs/doxygen/Doxyfile b/docs/doxygen/Doxyfile index deb39bd4a4..3f4797ace0 100755 --- a/docs/doxygen/Doxyfile +++ b/docs/doxygen/Doxyfile @@ -38,7 +38,7 @@ PROJECT_NAME = "Autopsy" # could be handy for archiving the generated documentation or if some version # control system is used. -PROJECT_NUMBER = 4.5.0 +PROJECT_NUMBER = 4.6.0 # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer a @@ -1063,7 +1063,7 @@ GENERATE_HTML = YES # The default directory is: html. # This tag requires that the tag GENERATE_HTML is set to YES. -HTML_OUTPUT = api-docs/4.5.0/ +HTML_OUTPUT = api-docs/4.6.0/ # The HTML_FILE_EXTENSION tag can be used to specify the file extension for each # generated HTML page (for example: .htm, .php, .asp). diff --git a/nbproject/project.properties b/nbproject/project.properties index d97ffbaecf..0cb7b69b5e 100644 --- a/nbproject/project.properties +++ b/nbproject/project.properties @@ -4,7 +4,7 @@ app.title=Autopsy ### lowercase version of above app.name=${branding.token} ### if left unset, version will default to today's date -app.version=4.5.0 +app.version=4.6.0 ### build.type must be one of: DEVELOPMENT, RELEASE build.type=RELEASE #build.type=DEVELOPMENT diff --git a/pythonExamples/README.txt b/pythonExamples/README.txt index 1c5eff7270..3564182ec9 100644 --- a/pythonExamples/README.txt +++ b/pythonExamples/README.txt @@ -5,7 +5,7 @@ your needs. See the developer guide for more details and how to use and load the modules. - http://sleuthkit.org/autopsy/docs/api-docs/4.5.0/index.html + http://sleuthkit.org/autopsy/docs/api-docs/4.6.0/index.html Each module in this folder should have a brief description about what they can do. From d7495c0e6749d0aa905173a53e6052b59cd38ced Mon Sep 17 00:00:00 2001 From: esaunders Date: Tue, 20 Feb 2018 17:33:54 -0500 Subject: [PATCH 12/14] Modified Solr status command to not request index info. --- .../src/org/sleuthkit/autopsy/keywordsearch/Server.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java index dca39b469c..0e9b804757 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java @@ -56,6 +56,7 @@ import org.apache.solr.common.SolrDocument; import org.apache.solr.common.SolrDocumentList; import org.apache.solr.common.SolrException; import org.apache.solr.common.SolrInputDocument; +import org.apache.solr.common.params.CoreAdminParams; import org.apache.solr.common.util.NamedList; import org.openide.modules.InstalledFileLocator; import org.openide.modules.Places; @@ -600,7 +601,7 @@ public class Server { // making a status request here instead of just doing solrServer.ping(), because // that doesn't work when there are no cores //TODO handle timeout in cases when some other type of server on that port - CoreAdminRequest.getStatus(null, localSolrServer); + connectToSolrServer(localSolrServer); logger.log(Level.INFO, "Solr server is running"); //NON-NLS } catch (SolrServerException ex) { @@ -1180,7 +1181,11 @@ public class Server { * @throws IOException */ void connectToSolrServer(HttpSolrServer solrServer) throws SolrServerException, IOException { - CoreAdminRequest.getStatus(null, solrServer); + CoreAdminRequest statusRequest = new CoreAdminRequest(); + statusRequest.setCoreName( null ); + statusRequest.setAction( CoreAdminParams.CoreAdminAction.STATUS ); + statusRequest.setIndexInfoNeeded(false); + statusRequest.process(solrServer); } /** From 927f1a578f0be95b8a01b731e6c770fbcaa82c74 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 20 Feb 2018 18:42:49 -0500 Subject: [PATCH 13/14] Updates for Autopsy-Core NBM version number change --- Experimental/nbproject/project.xml | 2 +- ImageGallery/nbproject/project.xml | 2 +- KeywordSearch/nbproject/project.xml | 2 +- RecentActivity/nbproject/project.xml | 2 +- Testing/nbproject/project.xml | 2 +- thunderbirdparser/nbproject/project.xml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Experimental/nbproject/project.xml b/Experimental/nbproject/project.xml index f2bf6d1996..dbd5a31c4c 100644 --- a/Experimental/nbproject/project.xml +++ b/Experimental/nbproject/project.xml @@ -119,7 +119,7 @@ 10 - 10.9 + 10.10 diff --git a/ImageGallery/nbproject/project.xml b/ImageGallery/nbproject/project.xml index 4c961c2a5b..eb907611cf 100644 --- a/ImageGallery/nbproject/project.xml +++ b/ImageGallery/nbproject/project.xml @@ -127,7 +127,7 @@ 10 - 10.9 + 10.10 diff --git a/KeywordSearch/nbproject/project.xml b/KeywordSearch/nbproject/project.xml index db9ada1b1b..a8b49012cf 100644 --- a/KeywordSearch/nbproject/project.xml +++ b/KeywordSearch/nbproject/project.xml @@ -119,7 +119,7 @@ 10 - 10.9 + 10.10 diff --git a/RecentActivity/nbproject/project.xml b/RecentActivity/nbproject/project.xml index 07961ef4c1..4b173c70c1 100644 --- a/RecentActivity/nbproject/project.xml +++ b/RecentActivity/nbproject/project.xml @@ -60,7 +60,7 @@ 10 - 10.9 + 10.10 diff --git a/Testing/nbproject/project.xml b/Testing/nbproject/project.xml index e8adf58403..597a356046 100644 --- a/Testing/nbproject/project.xml +++ b/Testing/nbproject/project.xml @@ -47,7 +47,7 @@ 10 - 10.9 + 10.10 diff --git a/thunderbirdparser/nbproject/project.xml b/thunderbirdparser/nbproject/project.xml index a1c9e275f9..2e738ef588 100644 --- a/thunderbirdparser/nbproject/project.xml +++ b/thunderbirdparser/nbproject/project.xml @@ -36,7 +36,7 @@ 10 - 10.9 + 10.10 From da5872e1323a80bd00e3d804bca4f6bdd497fcda Mon Sep 17 00:00:00 2001 From: esaunders Date: Tue, 20 Feb 2018 17:33:54 -0500 Subject: [PATCH 14/14] Modified Solr status command to not request index info. --- .../src/org/sleuthkit/autopsy/keywordsearch/Server.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java index dca39b469c..0e9b804757 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java @@ -56,6 +56,7 @@ import org.apache.solr.common.SolrDocument; import org.apache.solr.common.SolrDocumentList; import org.apache.solr.common.SolrException; import org.apache.solr.common.SolrInputDocument; +import org.apache.solr.common.params.CoreAdminParams; import org.apache.solr.common.util.NamedList; import org.openide.modules.InstalledFileLocator; import org.openide.modules.Places; @@ -600,7 +601,7 @@ public class Server { // making a status request here instead of just doing solrServer.ping(), because // that doesn't work when there are no cores //TODO handle timeout in cases when some other type of server on that port - CoreAdminRequest.getStatus(null, localSolrServer); + connectToSolrServer(localSolrServer); logger.log(Level.INFO, "Solr server is running"); //NON-NLS } catch (SolrServerException ex) { @@ -1180,7 +1181,11 @@ public class Server { * @throws IOException */ void connectToSolrServer(HttpSolrServer solrServer) throws SolrServerException, IOException { - CoreAdminRequest.getStatus(null, solrServer); + CoreAdminRequest statusRequest = new CoreAdminRequest(); + statusRequest.setCoreName( null ); + statusRequest.setAction( CoreAdminParams.CoreAdminAction.STATUS ); + statusRequest.setIndexInfoNeeded(false); + statusRequest.process(solrServer); } /**