mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-13 00:16:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Report formatting and additional extract bugfixes.

Browse Source 
Signed-off-by: Alex Ebadirad <aebadirad@42six.com>
This commit is contained in:
Alex Ebadirad 2012-03-14 22:28:13 -07:00
parent bbe3e1c33f
commit 42b184312a
4 changed files with 85 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -240,18 +240,30 @@ public class ExtractIE { // implements BrowserActivity {
String[] lineBuff = line.split("\\t"); String[] lineBuff = line.split("\\t");
PASCO_RESULTS_LUT = new HashMap<String, Object>(); PASCO_RESULTS_LUT = new HashMap<String, Object>();
String url[] = lineBuff[1].split("@",2); String url[] = lineBuff[1].split("@",2);
String ddtime = lineBuff[2];
String actime = lineBuff[3];
String user = ""; String user = "";
String realurl = ""; String realurl = "";
if(url.length > 1) if(url.length > 1)
{ {
user = url[0]; user = url[0];
user = user.replace("Visited:", ""); user = user.replace("Visited:", "");
user = user.replace(":(.*?):", "");
user = user.replace(":Host:", ""); user = user.replace(":Host:", "");
user = user.replaceAll("(:)(.*?)(:)", "");
user = user.trim();
realurl = url[1]; realurl = url[1];
realurl = realurl.replace("Visited:", ""); realurl = realurl.replace("Visited:", "");
realurl = realurl.replace(":(.*?):", ""); realurl = realurl.replaceAll(":(.*?):", "");
realurl = realurl.replace(":Host:", ""); realurl = realurl.replace(":Host:", "");
realurl = realurl.trim();
}
if(!ddtime.isEmpty()){
ddtime = ddtime.replace("T"," ");
ddtime = ddtime.substring(ddtime.length()-4);
}
if(!actime.isEmpty()){
actime = actime.replace("z"," ");
actime = actime.substring(0,actime.length()-5);
} }
// TODO: Need to fix this so we have the right obj_id // TODO: Need to fix this so we have the right obj_id
@ -259,11 +271,11 @@ public class ExtractIE { // implements BrowserActivity {
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", realurl)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", realurl));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "", lineBuff[3])); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "", actime));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), "RecentActivity", "", "None")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), "RecentActivity", "", "None"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "", lineBuff[2])); // bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "", ddtime));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Internet Explorer")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Internet Explorer"));

2
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -76,7 +76,7 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
if(Success) if(Success)
{ {
//Delete dat file since it was succcessfully by Pasco //Delete dat file since it was succcessfully by Pasco
regFile.delete(); //regFile.delete();
} }
j++; j++;

2
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -88,7 +88,7 @@ public class Firefox {
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","",temprs.getString("url"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","",temprs.getString("url")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getString("visit_date"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getString("visit_date")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),"RecentActivity","",temprs.getString("ref"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),"RecentActivity","",((temprs.getString("ref") != null) ? temprs.getString("ref") : "None")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),"RecentActivity","",((temprs.getString("title") != null) ? temprs.getString("title") : "No Title"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),"RecentActivity","",((temprs.getString("title") != null) ? temprs.getString("title") : "No Title")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox"));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);

95
Report/src/org/sleuthkit/autopsy/report/reportHTML.java
View File

@ -4,6 +4,7 @@
*/ */
package org.sleuthkit.autopsy.report; package org.sleuthkit.autopsy.report;
import java.io.File;
import java.text.DateFormat; import java.text.DateFormat;
import java.text.SimpleDateFormat; import java.text.SimpleDateFormat;
import java.util.ArrayList; import java.util.ArrayList;
@ -41,57 +42,85 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
Date date = new Date(); Date date = new Date();
String datetime = datetimeFormat.format(date); String datetime = datetimeFormat.format(date);
String datenotime = dateFormat.format(date); String datenotime = dateFormat.format(date);
//Add html header info // String CSS = "<replaceme>"
formatted_Report.append("<html><head>Autopsy Report for Case:").append(caseName).append("</head><body><div id=\"main\"><div id=\"content\">"); // + "body {padding: 30px; margin: 0; background: #FFFFFF; font: 13px/20px Arial, Helvetica, sans-serif; color: #535353;} "
// + "h1 {font-size: 26px; color: #005577; margin: 0 0 20px 0;} "
// + "h2 {font-size: 20px; font-weight: normal; color: #0077aa; margin: 40px 0 10px 0; padding: 0 0 10px 0; border-bottom: 1px solid #dddddd;} "
// + "h3 {font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;} "
// + "p {margin: 0 0 20px 0;} table {width: 100%; padding: 0; margin: 0; border-collapse: collapse; border-bottom: 1px solid #e5e5e5;} "
// + "table thead th {display: table-cell; text-align: left; padding: 8px 16px; background: #e5e5e5; color: #777;font-size: 11px;text-shadow: #e9f9fd 0 1px 0; border-top: 1px solid #dedede; border-bottom: 2px solid #dedede;} "
// + "table tr th:nth-child(1) {text-align: center; width: 60px;} table td {display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif;} "
// + "table tr:nth-child(even) td {background: #f3f3f3;} "
// + "table tr td:nth-child(1) {text-align: center; width: 60px; background: #f3f3f3;} "
// + "table tr:nth-child(even) td:nth-child(1) {background: #eaeaea;}"
// + "</replaceme>";
//Add additional header information
formatted_Report.append("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\"><html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\"><head><title>Autopsy Report for Case:").append(caseName).append("</title>");
//formatted_Report.append("<link rel=\"stylesheet\" href=\"" + rrpath + "report.css\" type=\"text/css\" />");
formatted_Report.append("</head><body style=\"padding: 30px; margin: 0; background: #FFFFFF; font: 13px/20px Arial, Helvetica, sans-serif; color: #535353;\"><div id=\"main\"><div id=\"content\">");
// Add summary information now // Add summary information now
formatted_Report.append("<h1>Report for Case: ").append(caseName).append("</h1>"); // formatted_Report.append("<style>" + CSS + "</style>");
formatted_Report.append("<h3>Case Summary</h3><p>HTML Report Generated by Autopsy 3 on ").append(datetime).append("<br /><ul>"); formatted_Report.append("<h1 style=\"font-size: 26px; color: #005577; margin: 0 0 20px 0;\">Report for Case: ").append(caseName).append("</h1>");
formatted_Report.append("<h2 style=\"font-size: 20px; font-weight: normal; color: #0077aa; margin: 40px 0 10px 0; padding: 0 0 10px 0; border-bottom: 1px solid #dddddd;\">Case Summary</h2><p>HTML Report Generated by <strong>Autopsy 3</strong> on ").append(datetime).append("<br /><ul>");
formatted_Report.append("<li># of Images: ").append(imagecount).append("</li>"); formatted_Report.append("<li># of Images: ").append(imagecount).append("</li>");
formatted_Report.append("<li>FileSystems: ").append(filesystemcount).append("</li>"); formatted_Report.append("<li>FileSystems: ").append(filesystemcount).append("</li>");
String tableHeader = "<table><thead style=\"display: table-cell; text-align: left; padding: 8px 16px; background: #e5e5e5; color: #777;font-size: 11px;text-shadow: #e9f9fd 0 1px 0; border-top: 1px solid #dedede; border-bottom: 2px solid #dedede; \"><tr><th style=\"text-align: center; width: 60px; \">Artifact ID</th><th style=\"text-align: center; width: 60px; \">Name</th><th style=\"text-align: center; width: 60px; \">Size</th><th style=\"text-align: center; width: 60px; \">Attribute</th><th style=\"text-align: center; width: 60px; \">Value</th></tr></thead><tbody>";
StringBuilder nodeGen = new StringBuilder("<h3>General Information</h3>"); StringBuilder nodeGen = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">General Information</h3>" + tableHeader);
StringBuilder nodeWebBookmark = new StringBuilder("<h3>Web Bookmarks</h3>"); StringBuilder nodeWebBookmark = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Web Bookmarks</h3>" + tableHeader);
StringBuilder nodeWebCookie = new StringBuilder("<h3>Web Cookies</h3>"); StringBuilder nodeWebCookie = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Web Cookies</h3>" + tableHeader);
StringBuilder nodeWebHistory = new StringBuilder("<h3>Web History</h3>"); StringBuilder nodeWebHistory = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Web History</h3>" + tableHeader);
StringBuilder nodeWebDownload = new StringBuilder("<h3>Web Downloads</h3>"); StringBuilder nodeWebDownload = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Web Downloads</h3>" + tableHeader);
StringBuilder nodeRecentObjects = new StringBuilder("<h3>Recent Documents</h3>"); StringBuilder nodeRecentObjects = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Recent Documents</h3>" + tableHeader);
StringBuilder nodeTrackPoint = new StringBuilder("<h3>Track Points</h3>"); StringBuilder nodeTrackPoint = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Track Points</h3>" + tableHeader);
StringBuilder nodeInstalled = new StringBuilder("<h3>Installed Programs</h3>"); StringBuilder nodeInstalled = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Installed Programs</h3>" + tableHeader);
StringBuilder nodeKeyword = new StringBuilder("<h3>Keyword Search Hits</h3>"); StringBuilder nodeKeyword = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Keyword Search Hits</h3>" + tableHeader);
StringBuilder nodeHash = new StringBuilder("<h3>Hashset Hits</h3>"); StringBuilder nodeHash = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Hashset Hits</h3>" + tableHeader);
int pp = 0;
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) { for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(reportFilter.cancel == true){ if(reportFilter.cancel == true){
break; break;
} }
int cc = 0; int cc = 0;
StringBuilder artifact = new StringBuilder("<p>Artifact"); StringBuilder artifact = new StringBuilder("");
Long objId = entry.getKey().getObjectID(); Long objId = entry.getKey().getObjectID();
//Content file = skCase.getContentById(objId); //Content file = skCase.getContentById(objId);
FsContent file = skCase.getFsContentById(objId); FsContent file = skCase.getFsContentById(objId);
// File file = cfile String tdcolor = "";
// File file = cfile.
Long filesize = file.getSize(); Long filesize = file.getSize();
artifact.append(" ID: ").append(objId.toString());
artifact.append(" Name: <strong>").append(file.getName().toString()).append("</strong>");
artifact.append("<br />Path: ").append(file.getParentPath());
artifact.append("<br /> Size: ").append(filesize.toString());
artifact.append("</p><ul style=\"list-style-type: none;\">");
// Get all the attributes for this guy // Get all the attributes for this guy
for (BlackboardAttribute tempatt : entry.getValue()) for (BlackboardAttribute tempatt : entry.getValue())
{ {
if(reportFilter.cancel == true){ if(reportFilter.cancel == true){
break; break;
} }
StringBuilder attribute = new StringBuilder("<li style=\"list-style-type: none;\">Type: ").append(tempatt.getAttributeTypeDisplayName()).append("</li>"); if(pp > 0)
attribute.append("<li style=\"list-style-type: none;\">Value: ").append(tempatt.getValueString()).append("</li>"); {
attribute.append("<li style=\"list-style-type: none;\"> Context: ").append(tempatt.getContext()).append("</li>"); pp = 0;
tdcolor = "background: #eaeaea;";
}
else
{
tdcolor = "";
pp = 1;
}
artifact.append("<tr><td style=\"display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif; " + tdcolor + " \">").append(objId.toString());
artifact.append("</td><td style=\"display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif;" + tdcolor + " \"><strong>").append(file.getName().toString()).append("</strong></td>");
//artifact.append("Path: ").append(file.getParentPath());
artifact.append("<td style=\"display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif;" + tdcolor + " \">").append(filesize.toString()).append("</td>");
StringBuilder attribute = new StringBuilder("<td style=\"display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif; " + tdcolor + " \">").append(tempatt.getAttributeTypeDisplayName()).append("</td>");
attribute.append("<td style=\"display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif;" + tdcolor + " \">").append(tempatt.getValueString()).append("</td></tr>");
//attribute.append("<li style=\"list-style-type: none;\"> Context: ").append(tempatt.getContext()).append("</li>");
artifact.append(attribute); artifact.append(attribute);
cc++; cc++;
} }
artifact.append("</ul>"); //artifact.append("</tr>");
if(entry.getKey().getArtifactTypeID() == 1){ if(entry.getKey().getArtifactTypeID() == 1){
nodeGen.append(artifact); nodeGen.append(artifact);
} }
@ -129,15 +158,25 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
} }
//Add them back in order //Add them back in order
formatted_Report.append(nodeGen); formatted_Report.append(nodeGen);
formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeWebBookmark); formatted_Report.append(nodeWebBookmark);
formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeWebCookie); formatted_Report.append(nodeWebCookie);
formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeWebHistory); formatted_Report.append(nodeWebHistory);
formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeWebDownload); formatted_Report.append(nodeWebDownload);
formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeRecentObjects); formatted_Report.append(nodeRecentObjects);
formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeTrackPoint); formatted_Report.append(nodeTrackPoint);
formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeInstalled); formatted_Report.append(nodeInstalled);
formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeKeyword); formatted_Report.append(nodeKeyword);
formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeHash); formatted_Report.append(nodeHash);
formatted_Report.append("</tbody></table>");
//end of master loop //end of master loop
formatted_Report.append("</div></div></body></html>"); formatted_Report.append("</div></div></body></html>");