diff --git a/Core/src/org/sleuthkit/autopsy/contentviewers/MediaFileViewer.java b/Core/src/org/sleuthkit/autopsy/contentviewers/MediaFileViewer.java index 201f3f1f6f..b2d4baef99 100644 --- a/Core/src/org/sleuthkit/autopsy/contentviewers/MediaFileViewer.java +++ b/Core/src/org/sleuthkit/autopsy/contentviewers/MediaFileViewer.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2018 Basis Technology Corp. + * Copyright 2011-2019 Basis Technology Corp. * Contact: carrier sleuthkit org *s * Licensed under the Apache License, Version 2.0 (the "License"); @@ -36,6 +36,7 @@ import org.sleuthkit.datamodel.AbstractFile; class MediaFileViewer extends javax.swing.JPanel implements FileTypeViewer { private static final Logger LOGGER = Logger.getLogger(MediaFileViewer.class.getName()); + private static final long serialVersionUID = 1L; private AbstractFile lastFile; //UI private MediaPlayerPanel mediaPlayerPanel; @@ -48,7 +49,7 @@ class MediaFileViewer extends javax.swing.JPanel implements FileTypeViewer { /** * Creates a new MediaFileViewer. */ - public MediaFileViewer() { + MediaFileViewer() { initComponents(); @@ -69,8 +70,8 @@ class MediaFileViewer extends javax.swing.JPanel implements FileTypeViewer { private void customizeComponents() { add(imagePanel, IMAGE_VIEWER_LAYER); - - if(mediaPlayerPanel != null) { + + if (mediaPlayerPanel != null) { add(mediaPlayerPanel, MEDIA_PLAYER_LAYER); } @@ -103,10 +104,10 @@ class MediaFileViewer extends javax.swing.JPanel implements FileTypeViewer { List mimeTypes = new ArrayList<>(); mimeTypes.addAll(this.imagePanel.getSupportedMimeTypes()); - if(mediaPlayerPanel != null) { + if (mediaPlayerPanel != null) { mimeTypes.addAll(this.mediaPlayerPanel.getSupportedMimeTypes()); } - + return mimeTypes; } diff --git a/Core/src/org/sleuthkit/autopsy/contentviewers/PListViewer.java b/Core/src/org/sleuthkit/autopsy/contentviewers/PListViewer.java index dd73b6f6ca..c1fdda1efc 100644 --- a/Core/src/org/sleuthkit/autopsy/contentviewers/PListViewer.java +++ b/Core/src/org/sleuthkit/autopsy/contentviewers/PListViewer.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2018 Basis Technology Corp. + * Copyright 2018-2019 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -79,7 +79,7 @@ class PListViewer extends javax.swing.JPanel implements FileTypeViewer, Explorer /** * Creates new form PListViewer */ - public PListViewer() { + PListViewer() { // Create an Outlineview and add to the panel outlineView = new org.openide.explorer.view.OutlineView(); @@ -193,16 +193,16 @@ class PListViewer extends javax.swing.JPanel implements FileTypeViewer, Explorer Case openCase; try { openCase = Case.getCurrentCaseThrows(); - } catch (NoCurrentCaseException ex) { - JOptionPane.showMessageDialog(this, - "Failed to export plist file.", - Bundle.PListViewer_ExportFailed_message(), - JOptionPane.ERROR_MESSAGE); + } catch (NoCurrentCaseException ex) { + JOptionPane.showMessageDialog(this, + "Failed to export plist file.", + Bundle.PListViewer_ExportFailed_message(), + JOptionPane.ERROR_MESSAGE); - logger.log(Level.SEVERE, "Exception while getting open case.", ex); - return; + logger.log(Level.SEVERE, "Exception while getting open case.", ex); + return; } - + final JFileChooser fileChooser = new JFileChooser(); fileChooser.setCurrentDirectory(new File(openCase.getExportDirectory())); fileChooser.setFileFilter(new FileNameExtensionFilter("XML file", "xml")); @@ -289,11 +289,11 @@ class PListViewer extends javax.swing.JPanel implements FileTypeViewer, Explorer // Read in and parse the file final byte[] plistFileBuf = new byte[(int) plistFile.getSize()]; plistFile.read(plistFileBuf, 0, plistFile.getSize()); - final List plist = parsePList(plistFileBuf); - + final List plist = parsePList(plistFileBuf); + return plist; } - + @Override protected void done() { super.done(); @@ -301,28 +301,28 @@ class PListViewer extends javax.swing.JPanel implements FileTypeViewer, Explorer try { plist = get(); setupTable(plist); - + SwingUtilities.invokeLater(() -> { - setColumnWidths(); + setColumnWidths(); }); } catch (InterruptedException ex) { logger.log(Level.SEVERE, "Interruption while parsing/dislaying plist file " + plistFile.getName(), ex); - - JOptionPane.showMessageDialog(WindowManager.getDefault().getMainWindow(), - ex.getMessage(), - Bundle.PListViewer_processPlist_interruptedMessage(), - JOptionPane.ERROR_MESSAGE); - + + JOptionPane.showMessageDialog(WindowManager.getDefault().getMainWindow(), + ex.getMessage(), + Bundle.PListViewer_processPlist_interruptedMessage(), + JOptionPane.ERROR_MESSAGE); + } catch (ExecutionException ex) { logger.log(Level.SEVERE, "Exception while parsing/dislaying plist file " + plistFile.getName(), ex); - JOptionPane.showMessageDialog(WindowManager.getDefault().getMainWindow(), - ex.getCause().getMessage(), - Bundle.PListViewer_processPlist_errorMessage(), - JOptionPane.ERROR_MESSAGE); + JOptionPane.showMessageDialog(WindowManager.getDefault().getMainWindow(), + ex.getCause().getMessage(), + Bundle.PListViewer_processPlist_errorMessage(), + JOptionPane.ERROR_MESSAGE); } - + } - }.execute(); + }.execute(); } /** @@ -431,16 +431,16 @@ class PListViewer extends javax.swing.JPanel implements FileTypeViewer, Explorer * else is unexpected and will be ignored. */ if (rootDict instanceof NSArray) { - for (int i=0; i < ((NSArray)rootDict).count(); i++) { - final PropKeyValue pkv = parseProperty("", ((NSArray)rootDict).objectAtIndex(i)); + for (int i = 0; i < ((NSArray) rootDict).count(); i++) { + final PropKeyValue pkv = parseProperty("", ((NSArray) rootDict).objectAtIndex(i)); if (null != pkv) { plist.add(pkv); } } } else if (rootDict instanceof NSDictionary) { - final String[] keys = ((NSDictionary)rootDict).allKeys(); + final String[] keys = ((NSDictionary) rootDict).allKeys(); for (final String key : keys) { - final PropKeyValue pkv = parseProperty(key, ((NSDictionary)rootDict).objectForKey(key)); + final PropKeyValue pkv = parseProperty(key, ((NSDictionary) rootDict).objectForKey(key)); if (null != pkv) { plist.add(pkv); } @@ -533,7 +533,7 @@ class PListViewer extends javax.swing.JPanel implements FileTypeViewer, Explorer .map(child -> new PropKeyValue(child)) .toArray(PropKeyValue[]::new); } - + } } diff --git a/Core/src/org/sleuthkit/autopsy/contentviewers/SQLiteViewer.java b/Core/src/org/sleuthkit/autopsy/contentviewers/SQLiteViewer.java index 104c70ef6b..078cc78c58 100755 --- a/Core/src/org/sleuthkit/autopsy/contentviewers/SQLiteViewer.java +++ b/Core/src/org/sleuthkit/autopsy/contentviewers/SQLiteViewer.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2018 Basis Technology Corp. + * Copyright 2018-2019 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -74,7 +74,7 @@ class SQLiteViewer extends javax.swing.JPanel implements FileTypeViewer { /** * Constructs a file content viewer for SQLite database files. */ - public SQLiteViewer() { + SQLiteViewer() { initComponents(); jTableDataPanel.add(selectedTableView, BorderLayout.CENTER); } @@ -544,19 +544,19 @@ class SQLiteViewer extends javax.swing.JPanel implements FileTypeViewer { @Override public void accept(String columnName) { columnIndex++; - + String csvString = columnName; //Format the value to adhere to the format of a CSV file if (columnIndex == 1) { - columnName = "\"" + columnName + "\""; + csvString = "\"" + csvString + "\""; } else { - columnName = ",\"" + columnName + "\""; + csvString = ",\"" + csvString + "\""; } if (columnIndex == totalColumnCount) { - columnName += "\n"; + csvString += "\n"; } try { - out.write(columnName.getBytes()); + out.write(csvString.getBytes()); } catch (IOException ex) { /* * If we can no longer write to the output stream, toss a @@ -613,7 +613,7 @@ class SQLiteViewer extends javax.swing.JPanel implements FileTypeViewer { */ throw new RuntimeException(ex); } - rowIndex = rowIndex % totalColumnCount; + rowIndex %= totalColumnCount; } }; } diff --git a/Core/src/org/sleuthkit/autopsy/modules/stix/EvalRegistryObj.java b/Core/src/org/sleuthkit/autopsy/modules/stix/EvalRegistryObj.java index b5a4662ec6..8c41b87042 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/stix/EvalRegistryObj.java +++ b/Core/src/org/sleuthkit/autopsy/modules/stix/EvalRegistryObj.java @@ -1,15 +1,15 @@ /* * Autopsy Forensic Browser - * - * Copyright 2013-2018 Basis Technology Corp. + * + * Copyright 2013-2019 Basis Technology Corp. * Contact: carrier sleuthkit org - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -18,12 +18,15 @@ */ package org.sleuthkit.autopsy.modules.stix; +import com.williballenthin.rejistry.RegistryHiveFile; +import com.williballenthin.rejistry.RegistryKey; +import com.williballenthin.rejistry.RegistryParseException; +import com.williballenthin.rejistry.RegistryValue; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.Content; import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.datamodel.AbstractFile; - import java.util.List; import java.util.ArrayList; import java.io.IOException; @@ -31,10 +34,8 @@ import java.io.UnsupportedEncodingException; import java.io.File; import java.util.regex.Pattern; import java.util.regex.Matcher; - import org.mitre.cybox.objects.WindowsRegistryKey; import org.mitre.cybox.common_2.ConditionTypeEnum; -import com.williballenthin.rejistry.*; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; /** @@ -43,9 +44,9 @@ import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; class EvalRegistryObj extends EvaluatableObject { private final WindowsRegistryKey obj; - private final List regFiles = new ArrayList(); + private final List regFiles = new ArrayList<>(); - public EvalRegistryObj(WindowsRegistryKey a_obj, String a_id, String a_spacing, List a_regFiles) { + EvalRegistryObj(WindowsRegistryKey a_obj, String a_id, String a_spacing, List a_regFiles) { obj = a_obj; id = a_id; spacing = a_spacing; @@ -80,7 +81,7 @@ class EvalRegistryObj extends EvaluatableObject { setUnsupportedFieldWarnings(); // Make a list of hives to test - List hiveList = new ArrayList(); + List hiveList = new ArrayList<>(); if (obj.getHive() == null) { // If the hive field is missing, add everything hiveList.addAll(regFiles); @@ -88,9 +89,9 @@ class EvalRegistryObj extends EvaluatableObject { // If the hive name is HKEY_LOCAL_MACHINE, add the ones from the config directory. // Otherwise, add the others for (RegistryFileInfo regFile : regFiles) { - if (regFile.abstractFile.getParentPath() != null) { + if (regFile.getAbstractFile().getParentPath() != null) { Pattern pattern = Pattern.compile("system32", Pattern.CASE_INSENSITIVE); - Matcher matcher = pattern.matcher(regFile.abstractFile.getParentPath()); + Matcher matcher = pattern.matcher(regFile.getAbstractFile().getParentPath()); if (matcher.find()) { // Looking for system files and found one, so add it to the list if (obj.getHive().getValue().toString().equalsIgnoreCase("HKEY_LOCAL_MACHINE")) { //NON-NLS @@ -112,7 +113,7 @@ class EvalRegistryObj extends EvaluatableObject { Pattern pattern = Pattern.compile("Temp.STIX." + stixHiveName, Pattern.CASE_INSENSITIVE); for (RegistryFileInfo hive : regFiles) { - Matcher matcher = pattern.matcher(hive.tempFileName); + Matcher matcher = pattern.matcher(hive.getTempFileName()); if (matcher.find()) { hiveList.add(hive); } @@ -163,7 +164,7 @@ class EvalRegistryObj extends EvaluatableObject { */ private ObservableResult testRegistryFile(RegistryFileInfo a_regInfo) { try { - RegistryKey root = openRegistry(a_regInfo.tempFileName); + RegistryKey root = openRegistry(a_regInfo.getTempFileName()); RegistryKey result = findKey(root, obj.getKey().getValue().toString()); if (result == null) { @@ -192,8 +193,8 @@ class EvalRegistryObj extends EvaluatableObject { if ((obj.getValues() == null) || (obj.getValues().getValues().isEmpty())) { // No values to test - List artData = new ArrayList(); - artData.add(new StixArtifactData(a_regInfo.abstractFile.getId(), id, "Registry")); //NON-NLS + List artData = new ArrayList<>(); + artData.add(new StixArtifactData(a_regInfo.getAbstractFile().getId(), id, "Registry")); //NON-NLS return new ObservableResult(id, "RegistryObject: Found key " + obj.getKey().getValue(), //NON-NLS spacing, ObservableResult.ObservableState.TRUE, artData); } @@ -262,8 +263,8 @@ class EvalRegistryObj extends EvaluatableObject { if (nameSuccess && valueSuccess) { // Found a match for all values - List artData = new ArrayList(); - artData.add(new StixArtifactData(a_regInfo.abstractFile.getId(), id, "Registry")); //NON-NLS + List artData = new ArrayList<>(); + artData.add(new StixArtifactData(a_regInfo.getAbstractFile().getId(), id, "Registry")); //NON-NLS return new ObservableResult(id, "RegistryObject: Found key " + obj.getKey().getValue() //NON-NLS + " and value " + stixRegValue.getName().getValue().toString() //NON-NLS + " = " + stixRegValue.getData().getValue().toString(), @@ -343,13 +344,13 @@ class EvalRegistryObj extends EvaluatableObject { List regFilesAbstract = findRegistryFiles(); // List to hold all the extracted file names plus their abstract file - List regFilesLocal = new ArrayList(); + List regFilesLocal = new ArrayList<>(); // Make the temp directory String tmpDir; try { - tmpDir = Case.getCurrentCaseThrows().getTempDirectory() + File.separator + "STIX"; //NON-NLS - } catch (NoCurrentCaseException ex) { + tmpDir = Case.getCurrentCaseThrows().getTempDirectory() + File.separator + "STIX"; //NON-NLS + } catch (NoCurrentCaseException ex) { throw new TskCoreException(ex.getLocalizedMessage()); } File dir = new File(tmpDir); @@ -382,11 +383,11 @@ class EvalRegistryObj extends EvaluatableObject { * RecentActivity */ private static List findRegistryFiles() throws TskCoreException { - List registryFiles = new ArrayList(); + List registryFiles = new ArrayList<>(); Case openCase; try { openCase = Case.getCurrentCaseThrows(); - } catch (NoCurrentCaseException ex) { + } catch (NoCurrentCaseException ex) { throw new TskCoreException(ex.getLocalizedMessage()); } org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = openCase.getServices().getFileManager(); @@ -413,7 +414,7 @@ class EvalRegistryObj extends EvaluatableObject { } private void setUnsupportedFieldWarnings() { - List fieldNames = new ArrayList(); + List fieldNames = new ArrayList<>(); if (obj.getNumberValues() != null) { fieldNames.add("Number_Values"); //NON-NLS @@ -462,5 +463,23 @@ class EvalRegistryObj extends EvaluatableObject { tempFileName = a_tempFileName; } + /** + * Get the AbstractFile for this RegistryFileInfo + * + * @return the abstractFile + */ + AbstractFile getAbstractFile() { + return abstractFile; + } + + /** + * Get the Temporary file name for this RegistryFileInfo + * + * @return the tempFileName + */ + String getTempFileName() { + return tempFileName; + } + } }