diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java index f28ecf8569..540bc15a54 100755 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java @@ -240,18 +240,30 @@ public class ExtractIE { // implements BrowserActivity { String[] lineBuff = line.split("\\t"); PASCO_RESULTS_LUT = new HashMap(); String url[] = lineBuff[1].split("@",2); + String ddtime = lineBuff[2]; + String actime = lineBuff[3]; String user = ""; String realurl = ""; if(url.length > 1) { user = url[0]; user = user.replace("Visited:", ""); - user = user.replace(":(.*?):", ""); user = user.replace(":Host:", ""); + user = user.replaceAll("(:)(.*?)(:)", ""); + user = user.trim(); realurl = url[1]; realurl = realurl.replace("Visited:", ""); - realurl = realurl.replace(":(.*?):", ""); + realurl = realurl.replaceAll(":(.*?):", ""); realurl = realurl.replace(":Host:", ""); + realurl = realurl.trim(); + } + if(!ddtime.isEmpty()){ + ddtime = ddtime.replace("T"," "); + ddtime = ddtime.substring(ddtime.length()-4); + } + if(!actime.isEmpty()){ + actime = actime.replace("z"," "); + actime = actime.substring(0,actime.length()-5); } // TODO: Need to fix this so we have the right obj_id @@ -259,11 +271,11 @@ public class ExtractIE { // implements BrowserActivity { Collection bbattributes = new ArrayList(); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", realurl)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "", lineBuff[3])); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "", actime)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), "RecentActivity", "", "None")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "", lineBuff[2])); + // bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "", ddtime)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Internet Explorer")); diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java index bc6bc7cb5e..395416397b 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java @@ -76,7 +76,7 @@ public void getregistryfiles(List image, IngestImageWorkerController con if(Success) { //Delete dat file since it was succcessfully by Pasco - regFile.delete(); + //regFile.delete(); } j++; diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java index 84e1a7e186..c7c4a68eee 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java @@ -88,7 +88,7 @@ public class Firefox { Collection bbattributes = new ArrayList(); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","",temprs.getString("url"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getString("visit_date"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),"RecentActivity","",temprs.getString("ref"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),"RecentActivity","",((temprs.getString("ref") != null) ? temprs.getString("ref") : "None"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),"RecentActivity","",((temprs.getString("title") != null) ? temprs.getString("title") : "No Title"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox")); bbart.addAttributes(bbattributes); diff --git a/Report/src/org/sleuthkit/autopsy/report/reportHTML.java b/Report/src/org/sleuthkit/autopsy/report/reportHTML.java index f0714f677c..df962744ff 100644 --- a/Report/src/org/sleuthkit/autopsy/report/reportHTML.java +++ b/Report/src/org/sleuthkit/autopsy/report/reportHTML.java @@ -4,6 +4,7 @@ */ package org.sleuthkit.autopsy.report; +import java.io.File; import java.text.DateFormat; import java.text.SimpleDateFormat; import java.util.ArrayList; @@ -41,57 +42,85 @@ public reportHTML (HashMap> re Date date = new Date(); String datetime = datetimeFormat.format(date); String datenotime = dateFormat.format(date); - //Add html header info - formatted_Report.append("Autopsy Report for Case:").append(caseName).append("
"); + // String CSS = "" + // + "body {padding: 30px; margin: 0; background: #FFFFFF; font: 13px/20px Arial, Helvetica, sans-serif; color: #535353;} " + // + "h1 {font-size: 26px; color: #005577; margin: 0 0 20px 0;} " + // + "h2 {font-size: 20px; font-weight: normal; color: #0077aa; margin: 40px 0 10px 0; padding: 0 0 10px 0; border-bottom: 1px solid #dddddd;} " + // + "h3 {font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;} " + // + "p {margin: 0 0 20px 0;} table {width: 100%; padding: 0; margin: 0; border-collapse: collapse; border-bottom: 1px solid #e5e5e5;} " + // + "table thead th {display: table-cell; text-align: left; padding: 8px 16px; background: #e5e5e5; color: #777;font-size: 11px;text-shadow: #e9f9fd 0 1px 0; border-top: 1px solid #dedede; border-bottom: 2px solid #dedede;} " + // + "table tr th:nth-child(1) {text-align: center; width: 60px;} table td {display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif;} " + // + "table tr:nth-child(even) td {background: #f3f3f3;} " + // + "table tr td:nth-child(1) {text-align: center; width: 60px; background: #f3f3f3;} " + // + "table tr:nth-child(even) td:nth-child(1) {background: #eaeaea;}" + // + ""; + //Add additional header information + formatted_Report.append("Autopsy Report for Case:").append(caseName).append(""); + + //formatted_Report.append(""); + formatted_Report.append("
"); // Add summary information now - formatted_Report.append("

Report for Case: ").append(caseName).append("

"); - formatted_Report.append("

Case Summary

HTML Report Generated by Autopsy 3 on ").append(datetime).append("

    "); + // formatted_Report.append(""); + formatted_Report.append("

    Report for Case: ").append(caseName).append("

    "); + formatted_Report.append("

    Case Summary

    HTML Report Generated by Autopsy 3 on ").append(datetime).append("

      "); formatted_Report.append("
    • # of Images: ").append(imagecount).append("
      • "); formatted_Report.append("
    • FileSystems: ").append(filesystemcount).append("
      • "); - - StringBuilder nodeGen = new StringBuilder("

      General Information

      "); - StringBuilder nodeWebBookmark = new StringBuilder("

      Web Bookmarks

      "); - StringBuilder nodeWebCookie = new StringBuilder("

      Web Cookies

      "); - StringBuilder nodeWebHistory = new StringBuilder("

      Web History

      "); - StringBuilder nodeWebDownload = new StringBuilder("

      Web Downloads

      "); - StringBuilder nodeRecentObjects = new StringBuilder("

      Recent Documents

      "); - StringBuilder nodeTrackPoint = new StringBuilder("

      Track Points

      "); - StringBuilder nodeInstalled = new StringBuilder("

      Installed Programs

      "); - StringBuilder nodeKeyword = new StringBuilder("

      Keyword Search Hits

      "); - StringBuilder nodeHash = new StringBuilder("

      Hashset Hits

      "); - + String tableHeader = ""; + StringBuilder nodeGen = new StringBuilder("

      General Information

      " + tableHeader); + StringBuilder nodeWebBookmark = new StringBuilder("

      Web Bookmarks

      " + tableHeader); + StringBuilder nodeWebCookie = new StringBuilder("

      Web Cookies

      " + tableHeader); + StringBuilder nodeWebHistory = new StringBuilder("

      Web History

      " + tableHeader); + StringBuilder nodeWebDownload = new StringBuilder("

      Web Downloads

      " + tableHeader); + StringBuilder nodeRecentObjects = new StringBuilder("

      Recent Documents

      " + tableHeader); + StringBuilder nodeTrackPoint = new StringBuilder("

      Track Points

      " + tableHeader); + StringBuilder nodeInstalled = new StringBuilder("

      Installed Programs

      " + tableHeader); + StringBuilder nodeKeyword = new StringBuilder("

      Keyword Search Hits

      " + tableHeader); + StringBuilder nodeHash = new StringBuilder("

      Hashset Hits

      " + tableHeader); + int pp = 0; for (Entry> entry : report.entrySet()) { if(reportFilter.cancel == true){ break; } int cc = 0; - StringBuilder artifact = new StringBuilder("

      Artifact"); + StringBuilder artifact = new StringBuilder(""); Long objId = entry.getKey().getObjectID(); //Content file = skCase.getContentById(objId); FsContent file = skCase.getFsContentById(objId); - // File file = cfile - // File file = cfile. + String tdcolor = ""; Long filesize = file.getSize(); - artifact.append(" ID: ").append(objId.toString()); - artifact.append(" Name: ").append(file.getName().toString()).append(""); - artifact.append("
      Path: ").append(file.getParentPath()); - artifact.append("
      Size: ").append(filesize.toString()); - artifact.append("

        "); + + // Get all the attributes for this guy for (BlackboardAttribute tempatt : entry.getValue()) { + if(reportFilter.cancel == true){ break; } - StringBuilder attribute = new StringBuilder("
      • Type: ").append(tempatt.getAttributeTypeDisplayName()).append("
        • "); - attribute.append("
      • Value: ").append(tempatt.getValueString()).append("
        • "); - attribute.append("
      • Context: ").append(tempatt.getContext()).append("
        • "); + if(pp > 0) + { + pp = 0; + tdcolor = "background: #eaeaea;"; + } + else + { + tdcolor = ""; + pp = 1; + } + artifact.append("
      "); + //artifact.append("Path: ").append(file.getParentPath()); + artifact.append(""); + StringBuilder attribute = new StringBuilder(""); + attribute.append(""); + //attribute.append("
    • Context: ").append(tempatt.getContext()).append("
      • "); artifact.append(attribute); cc++; + } - artifact.append(""); + //artifact.append(""); if(entry.getKey().getArtifactTypeID() == 1){ nodeGen.append(artifact); } @@ -129,15 +158,25 @@ public reportHTML (HashMap> re } //Add them back in order formatted_Report.append(nodeGen); + formatted_Report.append("
      Artifact IDNameSizeAttributeValue
      ").append(objId.toString()); + artifact.append("").append(file.getName().toString()).append("").append(filesize.toString()).append("").append(tempatt.getAttributeTypeDisplayName()).append("").append(tempatt.getValueString()).append("
      "); formatted_Report.append(nodeWebBookmark); + formatted_Report.append(""); formatted_Report.append(nodeWebCookie); + formatted_Report.append(""); formatted_Report.append(nodeWebHistory); + formatted_Report.append(""); formatted_Report.append(nodeWebDownload); + formatted_Report.append(""); formatted_Report.append(nodeRecentObjects); + formatted_Report.append(""); formatted_Report.append(nodeTrackPoint); + formatted_Report.append(""); formatted_Report.append(nodeInstalled); + formatted_Report.append(""); formatted_Report.append(nodeKeyword); + formatted_Report.append(""); formatted_Report.append(nodeHash); + formatted_Report.append(""); //end of master loop formatted_Report.append("
");