mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 16:06:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Cleaned up the download code to put it on hold, fixed code to make sure we clean up the temp files properly and cleaned up a few javadocs

Browse Source
This commit is contained in:
Kelly Kelly 2019-03-04 10:22:42 -05:00
parent 7f75882ab7
commit 4065b99967
1 changed files with 39 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractEdge.java
View File

@ -95,11 +95,13 @@ final class ExtractEdge extends Extract {
private static final String EDGE_FAVORITE_FILE_NAME = "Favorites.csv"; //NON-NLS private static final String EDGE_FAVORITE_FILE_NAME = "Favorites.csv"; //NON-NLS
private static final String EDGE_OUTPUT_FILE_NAME = "Output.txt"; //NON-NLS private static final String EDGE_OUTPUT_FILE_NAME = "Output.txt"; //NON-NLS
private static final String EDGE_ERROR_FILE_NAME = "File.txt"; //NON-NLS private static final String EDGE_ERROR_FILE_NAME = "File.txt"; //NON-NLS
private static final String EDGE_WEBCACHE_FOLDER_NAME = "WebCache"; //NON-NLS
private static final String EDGE_SPARTAN_FOLDER_NAME = "MicrosoftEdge"; //NON-NLS
private static final String ESE_TOOL_FOLDER = "ESEDatabaseView"; //NON-NLS private static final String ESE_TOOL_FOLDER = "ESEDatabaseView"; //NON-NLS
private static final String EDGE_RESULT_FOLDER_NAME = "results"; //NON-NLS private static final String EDGE_RESULT_FOLDER_NAME = "results"; //NON-NLS
private static final SimpleDateFormat DATE_FORMATTER = new SimpleDateFormat("MM/dd/yyyy hh:mm:ss a"); private static final SimpleDateFormat DATE_FORMATTER = new SimpleDateFormat("MM/dd/yyyy hh:mm:ss a"); //NON-NLS
@Messages({ @Messages({
"ExtractEdge_process_errMsg_unableFindESEViewer=Unable to find ESEDatabaseViewer", "ExtractEdge_process_errMsg_unableFindESEViewer=Unable to find ESEDatabaseViewer",
@ -174,7 +176,7 @@ final class ExtractEdge extends Extract {
try { try {
this.processSpartanDbFile(esedumper, spartanFiles); this.processSpartanDbFile(esedumper, spartanFiles);
} catch (IOException | TskCoreException ex) { } catch (IOException | TskCoreException ex) {
this.addErrorMessage(Bundle.ExtractEdge_process_errMsg_webcacheFail()); this.addErrorMessage(Bundle.ExtractEdge_process_errMsg_spartanFail());
LOG.log(Level.SEVERE, "Error returned from processSpartanDbFile", ex); // NON-NLS LOG.log(Level.SEVERE, "Error returned from processSpartanDbFile", ex); // NON-NLS
} }
} }
@ -228,13 +230,15 @@ final class ExtractEdge extends Extract {
this.getCookies(webCacheFile, resultsDir); this.getCookies(webCacheFile, resultsDir);
// if (context.dataSourceIngestIsCancelled()) {
// return;
// }
// Putting downloads on hold
// this.getDownload(webCacheFile, resultsDir);
} finally { } finally {
tempWebCacheFile.delete(); tempWebCacheFile.delete();
// Emppty the result dir
File[] resultFiles = resultsDir.listFiles();
for (File file : resultFiles) {
file.delete();
}
resultsDir.delete(); resultsDir.delete();
} }
} }
@ -283,6 +287,13 @@ final class ExtractEdge extends Extract {
} finally { } finally {
tempSpartanFile.delete(); tempSpartanFile.delete();
// Empty the result dir
File[] resultFiles = resultsDir.listFiles();
for (File file : resultFiles) {
file.delete();
}
resultsDir.delete(); resultsDir.delete();
} }
} }
@ -393,7 +404,7 @@ final class ExtractEdge extends Extract {
} }
/** /**
* Queries for cookie files and adds artifacts * Queries for cookie files and adds artifacts.
* *
* @param origFile Original case file * @param origFile Original case file
* @param resultDir Output directory of ESEDatabaseViewer * @param resultDir Output directory of ESEDatabaseViewer
@ -445,7 +456,9 @@ final class ExtractEdge extends Extract {
} }
/** /**
* Queries for download files and adds artifacts * Queries for download files and adds artifacts.
*
* Leaving for future use.
* *
* @param origFile Original case file * @param origFile Original case file
* @param resultDir Output directory of ESEDatabaseViewer * @param resultDir Output directory of ESEDatabaseViewer
@ -524,7 +537,7 @@ final class ExtractEdge extends Extract {
private List<AbstractFile> fetchWebCacheDBFiles() throws TskCoreException { private List<AbstractFile> fetchWebCacheDBFiles() throws TskCoreException {
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager org.sleuthkit.autopsy.casemodule.services.FileManager fileManager
= currentCase.getServices().getFileManager(); = currentCase.getServices().getFileManager();
return fileManager.findFiles(dataSource, EDGE_WEBCACHE_NAME, "WebCache"); //NON-NLS return fileManager.findFiles(dataSource, EDGE_WEBCACHE_NAME, EDGE_WEBCACHE_FOLDER_NAME); //NON-NLS
} }
/** /**
@ -536,7 +549,7 @@ final class ExtractEdge extends Extract {
private List<AbstractFile> fetchSpartanDBFiles() throws TskCoreException { private List<AbstractFile> fetchSpartanDBFiles() throws TskCoreException {
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager org.sleuthkit.autopsy.casemodule.services.FileManager fileManager
= currentCase.getServices().getFileManager(); = currentCase.getServices().getFileManager();
return fileManager.findFiles(dataSource, EDGE_SPARTAN_NAME, "MicrosoftEdge"); //NON-NLS return fileManager.findFiles(dataSource, EDGE_SPARTAN_NAME, EDGE_SPARTAN_FOLDER_NAME); //NON-NLS
} }
/** /**
@ -622,7 +635,7 @@ final class ExtractEdge extends Extract {
* @throws TskCoreException * @throws TskCoreException
*/ */
private BlackboardArtifact getCookieArtifact(AbstractFile origFile, List<String> headers, String line) throws TskCoreException { private BlackboardArtifact getCookieArtifact(AbstractFile origFile, List<String> headers, String line) throws TskCoreException {
String[] lineSplit = line.split(","); String[] lineSplit = line.split(","); // NON-NLS
String accessTime = lineSplit[headers.indexOf(EDGE_HEAD_LASTMOD)].trim(); String accessTime = lineSplit[headers.indexOf(EDGE_HEAD_LASTMOD)].trim();
Long ftime = null; Long ftime = null;
@ -636,9 +649,10 @@ final class ExtractEdge extends Extract {
String domain = lineSplit[headers.indexOf(EDGE_HEAD_RDOMAIN)].trim(); String domain = lineSplit[headers.indexOf(EDGE_HEAD_RDOMAIN)].trim();
String name = hexToChar(lineSplit[headers.indexOf(EDGE_HEAD_NAME)].trim()); String name = hexToChar(lineSplit[headers.indexOf(EDGE_HEAD_NAME)].trim());
String value = hexToChar(lineSplit[headers.indexOf(EDGE_HEAD_VALUE)].trim()); String value = hexToChar(lineSplit[headers.indexOf(EDGE_HEAD_VALUE)].trim());
String url = flipDomain(domain);
BlackboardArtifact bbart = origFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE); BlackboardArtifact bbart = origFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE);
bbart.addAttributes(createCookieAttributes(null, ftime, name, value, this.getName(), flipDomain(domain))); bbart.addAttributes(createCookieAttributes(url, ftime, name, value, this.getName(), NetworkUtils.extractDomain(url)));
return bbart; return bbart;
} }
@ -656,18 +670,12 @@ final class ExtractEdge extends Extract {
* @throws TskCoreException * @throws TskCoreException
*/ */
private BlackboardArtifact getDownloadArtifact(AbstractFile origFile, List<String> headers, String line) throws TskCoreException { private BlackboardArtifact getDownloadArtifact(AbstractFile origFile, List<String> headers, String line) throws TskCoreException {
BlackboardArtifact bbart = null;
// String[] lineSplit = line.split(",");
// String[] lineSplit = line.split(","); // NON-NLS
// String url = lineSplit[headers.indexOf(EDGE_HEAD_URL)]; String rheader = lineSplit[headers.indexOf(EDGE_HEAD_RESPONSEHEAD)];
//
// String rheader = lineSplit[headers.indexOf(EDGE_HEAD_RESPONSEHEAD)]; return bbart;
//
// String decodedheader = this.hexToASCII(rheader);
// BlackboardArtifact bbart = origFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD);
// bbart.addAttributes(createDownloadAttributes(decodedheader, "Test2", null, "microsoft.com", this.getName()));
// return bbart;
return null;
} }
/** /**
@ -687,7 +695,7 @@ final class ExtractEdge extends Extract {
String[] lineSplit = line.split(IGNORE_COMMA_IN_QUOTES_REGEX, -1); String[] lineSplit = line.split(IGNORE_COMMA_IN_QUOTES_REGEX, -1);
String url = lineSplit[headers.indexOf(EDGE_HEAD_URL)]; String url = lineSplit[headers.indexOf(EDGE_HEAD_URL)];
String title = lineSplit[headers.indexOf(EDGE_HEAD_TITLE)].replace("\"", ""); String title = lineSplit[headers.indexOf(EDGE_HEAD_TITLE)].replace("\"", ""); // NON-NLS
if (url.isEmpty()) { if (url.isEmpty()) {
return null; return null;
@ -801,15 +809,14 @@ final class ExtractEdge extends Extract {
* @param programName Name of the module creating the attribute * @param programName Name of the module creating the attribute
* @return A collection of attributed of a downloaded file * @return A collection of attributed of a downloaded file
*/ */
private Collection<BlackboardAttribute> createDownloadAttributes(String path, String url, Long accessTime, String domain, String programName) { private Collection<BlackboardAttribute> createDownloadAttributes(String path, Long pathID, String url, Long accessTime, String domain, String programName) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH, bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH,
RecentActivityExtracterModuleFactory.getModuleName(), RecentActivityExtracterModuleFactory.getModuleName(),
(path != null) ? path : "")); (path != null) ? path : ""));
long pathID = Util.findID(dataSource, path); if (pathID != null && pathID != -1) {
if (pathID != -1) {
bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID, bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID,
RecentActivityExtracterModuleFactory.getModuleName(), RecentActivityExtracterModuleFactory.getModuleName(),
pathID)); pathID));
@ -879,7 +886,7 @@ final class ExtractEdge extends Extract {
* @return "decoded" string or null if a non-hex value was found * @return "decoded" string or null if a non-hex value was found
*/ */
private String hexToChar(String hexString) { private String hexToChar(String hexString) {
String[] hexValues = hexString.split(" "); String[] hexValues = hexString.split(" "); // NON-NLS
StringBuilder output = new StringBuilder(); StringBuilder output = new StringBuilder();
for (String str : hexValues) { for (String str : hexValues) {
@ -912,7 +919,7 @@ final class ExtractEdge extends Extract {
return null; return null;
} }
String[] tokens = domain.split("\\."); String[] tokens = domain.split("\\."); // NON-NLS
if (tokens.length < 2 || tokens.length > 3) { if (tokens.length < 2 || tokens.length > 3) {
return domain; // don't know what to do, just send it back as is return domain; // don't know what to do, just send it back as is
@ -1004,7 +1011,7 @@ final class ExtractEdge extends Extract {
nameIdx = headers.indexOf(EDGE_HEAD_NAME); nameIdx = headers.indexOf(EDGE_HEAD_NAME);
idIdx = headers.indexOf(EDGE_HEAD_CONTAINER_ID); idIdx = headers.indexOf(EDGE_HEAD_CONTAINER_ID);
} else { } else {
String[] row = line.split(","); String[] row = line.split(","); // NON-NLS
String name = row[nameIdx]; String name = row[nameIdx];
String id = row[idIdx]; String id = row[idIdx];