mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-11 23:46:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ingest manager global setting to process unalloc space

Browse Source 
Inbox adjustment to disable navigation to unalloc file dir
Add pagefile to medium priority
This commit is contained in:
adam-m 2012-05-30 13:54:19 -04:00
parent d851e45aa9
commit 3a51d2e35a
5 changed files with 136 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
Ingest/src/org/sleuthkit/autopsy/ingest/GetAllFilesContentVisitor.java
View File

@ -43,6 +43,11 @@ import org.sleuthkit.datamodel.TskData.FileKnown;
class GetAllFilesContentVisitor extends GetFilesContentVisitor {
private static final Logger logger = Logger.getLogger(GetAllFilesContentVisitor.class.getName());
private boolean getUnallocatedFiles;
GetAllFilesContentVisitor(boolean getUnallocatedFiles) {
this.getUnallocatedFiles = getUnallocatedFiles;
}
@Override
public Collection<AbstractFile> visit(File file) {
@ -61,11 +66,18 @@ class GetAllFilesContentVisitor extends GetFilesContentVisitor {
SleuthkitCase sc = Case.getCurrentCase().getSleuthkitCase();
String query = "SELECT * FROM tsk_files WHERE fs_obj_id = " + fs.getId()
+ " AND (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getMetaType()
+ ") AND (size > 0)";
StringBuilder queryB = new StringBuilder();
queryB.append("SELECT * FROM tsk_files WHERE fs_obj_id = ").append(fs.getId());
queryB.append(" AND (meta_type = ").append(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getMetaType());
queryB.append(") AND (size > 0)");
if (getUnallocatedFiles == false) {
queryB.append( "AND (type = ");
queryB.append(TskData.TSK_DB_FILES_TYPE_ENUM.FS.getFileType());
queryB.append(")");
}
try {
ResultSet rs = sc.runQuery(query);
ResultSet rs = sc.runQuery(queryB.toString());
List<AbstractFile> contents = sc.resultSetToAbstractFiles(rs);
Statement s = rs.getStatement();
rs.close();

40
Ingest/src/org/sleuthkit/autopsy/ingest/IngestDialogPanel.form
View File

@ -44,7 +44,7 @@
<Group type="103" groupAlignment="0" attributes="0">
<Component id="jPanel1" alignment="0" pref="235" max="32767" attributes="0"/>
<Group type="102" alignment="0" attributes="0">
<Component id="servicesScrollPane" pref="111" max="32767" attributes="0"/>
<Component id="servicesScrollPane" pref="90" max="32767" attributes="0"/>
<EmptySpace max="32767" attributes="0"/>
<Component id="timePanel" min="-2" max="-2" attributes="0"/>
</Group>
@ -174,22 +174,35 @@
<Layout>
<DimensionLayout dim="0">
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0">
<EmptySpace max="-2" attributes="0"/>
<Group type="102" attributes="0">
<Group type="103" groupAlignment="0" attributes="0">
<Component id="timeRadioButton3" alignment="0" min="-2" max="-2" attributes="0"/>
<Component id="timeRadioButton1" alignment="0" min="-2" max="-2" attributes="0"/>
<Component id="timeLabel" alignment="0" min="-2" max="-2" attributes="0"/>
<Component id="timeRadioButton2" alignment="0" min="-2" max="-2" attributes="0"/>
<Group type="102" attributes="0">
<EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Component id="timeRadioButton2" alignment="0" min="-2" max="-2" attributes="0"/>
<Component id="timeRadioButton3" alignment="0" min="-2" max="-2" attributes="0"/>
</Group>
</Group>
<Group type="102" alignment="0" attributes="0">
<EmptySpace max="-2" attributes="0"/>
<Component id="timeLabel" min="-2" max="-2" attributes="0"/>
</Group>
<Component id="processUnallocCheckbox" alignment="0" min="-2" max="-2" attributes="0"/>
<Group type="102" alignment="0" attributes="0">
<EmptySpace max="-2" attributes="0"/>
<Component id="timeRadioButton1" min="-2" max="-2" attributes="0"/>
</Group>
</Group>
<EmptySpace max="32767" attributes="0"/>
<EmptySpace pref="10" max="32767" attributes="0"/>
</Group>
</Group>
</DimensionLayout>
<DimensionLayout dim="1">
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="1" attributes="0">
<EmptySpace max="32767" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Component id="processUnallocCheckbox" min="-2" max="-2" attributes="0"/>
<EmptySpace pref="15" max="32767" attributes="0"/>
<Component id="timeLabel" min="-2" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Component id="timeRadioButton1" min="-2" max="-2" attributes="0"/>
@ -197,7 +210,7 @@
<Component id="timeRadioButton2" min="-2" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Component id="timeRadioButton3" min="-2" max="-2" attributes="0"/>
<EmptySpace min="-2" pref="20" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
</Group>
</Group>
</DimensionLayout>
@ -246,6 +259,13 @@
</Property>
</Properties>
</Component>
<Component class="javax.swing.JCheckBox" name="processUnallocCheckbox">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/ingest/Bundle.properties" key="IngestDialogPanel.processUnallocCheckbox.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
</Component>
</SubComponents>
</Container>
</SubComponents>

47
Ingest/src/org/sleuthkit/autopsy/ingest/IngestDialogPanel.java
View File

@ -148,6 +148,8 @@ public class IngestDialogPanel extends javax.swing.JPanel implements IngestConfi
}
}
});
processUnallocCheckbox.setSelected(manager.getProcessUnallocSpace());
}
@ -156,15 +158,21 @@ public class IngestDialogPanel extends javax.swing.JPanel implements IngestConfi
timeRadioButton2.setEnabled(enabled);
timeRadioButton3.setEnabled(enabled);
}
private void setProcessUnallocSpaceEnabled(boolean enabled) {
processUnallocCheckbox.setEnabled(enabled);
}
@Override
public void paint(Graphics g) {
super.paint(g);
if (manager.isIngestRunning()) {
setTimeSettingEnabled(false);
setProcessUnallocSpaceEnabled(false);
} else {
setTimeSettingEnabled(true);
setProcessUnallocSpaceEnabled(true);
}
}
@ -196,6 +204,7 @@ public class IngestDialogPanel extends javax.swing.JPanel implements IngestConfi
timeRadioButton2 = new javax.swing.JRadioButton();
timeRadioButton1 = new javax.swing.JRadioButton();
timeLabel = new javax.swing.JLabel();
processUnallocCheckbox = new javax.swing.JCheckBox();
setPreferredSize(new java.awt.Dimension(522, 257));
@ -273,23 +282,34 @@ public class IngestDialogPanel extends javax.swing.JPanel implements IngestConfi
timeLabel.setText(org.openide.util.NbBundle.getMessage(IngestDialogPanel.class, "IngestDialogPanel.timeLabel.text")); // NOI18N
timeLabel.setToolTipText(org.openide.util.NbBundle.getMessage(IngestDialogPanel.class, "IngestDialogPanel.timeLabel.toolTipText")); // NOI18N
processUnallocCheckbox.setText(org.openide.util.NbBundle.getMessage(IngestDialogPanel.class, "IngestDialogPanel.processUnallocCheckbox.text")); // NOI18N
javax.swing.GroupLayout timePanelLayout = new javax.swing.GroupLayout(timePanel);
timePanel.setLayout(timePanelLayout);
timePanelLayout.setHorizontalGroup(
timePanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(timePanelLayout.createSequentialGroup()
.addContainerGap()
.addGroup(timePanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(timeRadioButton3)
.addComponent(timeRadioButton1)
.addComponent(timeLabel)
.addComponent(timeRadioButton2))
.addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
.addGroup(timePanelLayout.createSequentialGroup()
.addContainerGap()
.addGroup(timePanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(timeRadioButton2)
.addComponent(timeRadioButton3)))
.addGroup(timePanelLayout.createSequentialGroup()
.addContainerGap()
.addComponent(timeLabel))
.addComponent(processUnallocCheckbox)
.addGroup(timePanelLayout.createSequentialGroup()
.addContainerGap()
.addComponent(timeRadioButton1)))
.addContainerGap(10, Short.MAX_VALUE))
);
timePanelLayout.setVerticalGroup(
timePanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(javax.swing.GroupLayout.Alignment.TRAILING, timePanelLayout.createSequentialGroup()
.addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addContainerGap()
.addComponent(processUnallocCheckbox)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 15, Short.MAX_VALUE)
.addComponent(timeLabel)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(timeRadioButton1)
@ -297,7 +317,7 @@ public class IngestDialogPanel extends javax.swing.JPanel implements IngestConfi
.addComponent(timeRadioButton2)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(timeRadioButton3)
.addGap(20, 20, 20))
.addContainerGap())
);
javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
@ -320,7 +340,7 @@ public class IngestDialogPanel extends javax.swing.JPanel implements IngestConfi
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jPanel1, javax.swing.GroupLayout.DEFAULT_SIZE, 235, Short.MAX_VALUE)
.addGroup(layout.createSequentialGroup()
.addComponent(servicesScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 111, Short.MAX_VALUE)
.addComponent(servicesScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 90, Short.MAX_VALUE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addComponent(timePanel, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)))
.addContainerGap())
@ -350,6 +370,7 @@ private void timeRadioButton1ActionPerformed(java.awt.event.ActionEvent evt) {//
private javax.swing.JPanel jPanel1;
private javax.swing.JScrollPane jScrollPane1;
private javax.swing.JSeparator jSeparator2;
private javax.swing.JCheckBox processUnallocCheckbox;
private javax.swing.JScrollPane servicesScrollPane;
private javax.swing.JTable servicesTable;
private javax.swing.JPanel simplePanel;
@ -416,6 +437,10 @@ private void timeRadioButton1ActionPerformed(java.awt.event.ActionEvent evt) {//
private boolean timeSelectionEnabled() {
return timeRadioButton1.isEnabled() && timeRadioButton2.isEnabled() && timeRadioButton3.isEnabled();
}
private boolean processUnallocSpaceEnabled() {
return processUnallocCheckbox.isEnabled();
}
private UpdateFrequency getSelectedTimeValue() {
if (timeRadioButton1.isSelected()) {
@ -470,6 +495,10 @@ private void timeRadioButton1ActionPerformed(java.awt.event.ActionEvent evt) {//
if (timeSelectionEnabled()) {
manager.setUpdateFrequency(getSelectedTimeValue());
}
//update ingest proc. unalloc space
if (processUnallocSpaceEnabled() ) {
manager.setProcessUnallocSpace(processUnallocCheckbox.isSelected());
}
}
@Override

33
Ingest/src/org/sleuthkit/autopsy/ingest/IngestManager.java
View File

@ -76,6 +76,7 @@ public class IngestManager {
private static final Logger logger = Logger.getLogger(IngestManager.class.getName());
private IngestManagerStats stats;
private volatile UpdateFrequency updateFrequency = UpdateFrequency.AVG;
private boolean processUnallocSpace = true;
//queues
private final ImageQueue imageQueue = new ImageQueue(); // list of services and images to analyze
private final AbstractFileQueue AbstractFileQueue = new AbstractFileQueue();
@ -446,6 +447,22 @@ public class IngestManager {
void setUpdateFrequency(UpdateFrequency frequency) {
this.updateFrequency = frequency;
}
/**
* returns if manager is currently configured to process unalloc space
* @return true if process unaloc space is set
*/
boolean getProcessUnallocSpace() {
return processUnallocSpace;
}
/**
* Sets process unalloc space setting on the manager
* @param processUnallocSpace
*/
void setProcessUnallocSpace(boolean processUnallocSpace) {
this.processUnallocSpace = processUnallocSpace;
}
/**
* returns ingest summary report (how many files ingested, any errors, etc)
@ -613,6 +630,8 @@ public class IngestManager {
lowPriorityPaths.add(Pattern.compile("^\\/Windows", Pattern.CASE_INSENSITIVE));
mediumPriorityPaths.add(Pattern.compile("^\\/Program Files", Pattern.CASE_INSENSITIVE));
mediumPriorityPaths.add(Pattern.compile("^pagefile", Pattern.CASE_INSENSITIVE));
mediumPriorityPaths.add(Pattern.compile("^hiberfil", Pattern.CASE_INSENSITIVE));
highPriorityPaths.add(Pattern.compile("^\\/Users", Pattern.CASE_INSENSITIVE));
highPriorityPaths.add(Pattern.compile("^\\/Documents and Settings", Pattern.CASE_INSENSITIVE));
@ -1138,7 +1157,7 @@ public class IngestManager {
int processed = 0;
for (Image image : images) {
final String imageName = image.getName();
Collection<AbstractFile> AbstractFiles = null;
Collection<AbstractFile> files = null;
for (IngestServiceAbstract service : services) {
if (isCancelled()) {
logger.log(Level.INFO, "Terminating ingest queueing due to cancellation.");
@ -1162,22 +1181,22 @@ public class IngestManager {
//addImage((IngestServiceImage) service, image);
break;
case AbstractFile:
if (AbstractFiles == null) {
if (files == null) {
long start = System.currentTimeMillis();
AbstractFiles = new GetAllFilesContentVisitor().visit(image);
files = new GetAllFilesContentVisitor(processUnallocSpace).visit(image);
logger.info("Get all files took " + (System.currentTimeMillis() - start) + "ms");
}
//enqueue the same singleton AbstractFile service
logger.log(Level.INFO, "Adding image " + image.getName() + " with " + AbstractFiles.size() + " number of AbstractFile to service " + service.getName());
addAbstractFile((IngestServiceAbstractFile) service, AbstractFiles);
logger.log(Level.INFO, "Adding image " + image.getName() + " with " + files.size() + " number of AbstractFile to service " + service.getName());
addAbstractFile((IngestServiceAbstractFile) service, files);
break;
default:
logger.log(Level.SEVERE, "Unexpected service type: " + service.getType().name());
}
progress.progress(serviceName + " " + imageName, ++processed);
}
if (AbstractFiles != null) {
AbstractFiles.clear();
if (files != null) {
files.clear();
}
}

35
Ingest/src/org/sleuthkit/autopsy/ingest/IngestMessageDetailsPanel.java
View File

@ -24,10 +24,15 @@ import java.awt.event.ActionListener;
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import javax.swing.JMenuItem;
import org.openide.util.Exceptions;
import org.openide.util.Lookup;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.corecomponentinterfaces.BlackboardResultViewer;
import org.sleuthkit.autopsy.ingest.IngestMessagePanel.IngestMessageGroup;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM;
import org.sleuthkit.datamodel.TskException;
/**
* Details panel within IngestMessagePanel
@ -53,14 +58,7 @@ class IngestMessageDetailsPanel extends javax.swing.JPanel {
@Override
public void propertyChange(PropertyChangeEvent evt) {
if (evt.getPropertyName().equals(BlackboardResultViewer.FINISHED_DISPLAY_EVT)) {
// SwingUtilities.invokeLater(new Runnable() {
// @Override
// public void run() {
artifactViewerFinished();
//}
//});
}
}
@ -259,9 +257,27 @@ class IngestMessageDetailsPanel extends javax.swing.JPanel {
this.messageDetailsPane.setText("");
}
//show artifact/content only for a message group with a single message
if (messageGroup.getData() != null && messageGroup.getCount() == 1) {
BlackboardArtifact artifact = messageGroup.getData();;
if (artifact != null && messageGroup.getCount() == 1) {
viewArtifactButton.setEnabled(true);
viewContentButton.setEnabled(true);
//check file type
long objId = artifact.getObjectID();
AbstractFile file = null;
try {
file = Case.getCurrentCase().getSleuthkitCase().getAbstractFileById(objId);
} catch (TskException ex) {
}
if (file == null) {
viewContentButton.setEnabled(false);
}
else if (! file.getType().equals(TSK_DB_FILES_TYPE_ENUM.FS)) {
viewContentButton.setEnabled(false);
}
else {
viewContentButton.setEnabled(true);
}
} else {
viewArtifactButton.setEnabled(false);
viewContentButton.setEnabled(false);
@ -271,5 +287,6 @@ class IngestMessageDetailsPanel extends javax.swing.JPanel {
viewContentButton.setEnabled(false);
messageDetailsPane.setText("");
}
}
}