mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-13 00:16:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Report formatting and additional extract bugfixes.

Browse Source 
Signed-off-by: Alex Ebadirad <aebadirad@42six.com>
This commit is contained in:
Alex Ebadirad 2012-03-14 22:28:13 -07:00
parent bbe3e1c33f
commit 42b184312a
4 changed files with 85 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -240,18 +240,30 @@ public class ExtractIE { // implements BrowserActivity {
String[] lineBuff = line.split("\\t");
PASCO_RESULTS_LUT = new HashMap<String, Object>();
String url[] = lineBuff[1].split("@",2);
String ddtime = lineBuff[2];
String actime = lineBuff[3];
String user = "";
String realurl = "";
if(url.length > 1)
{
user = url[0];
user = user.replace("Visited:", "");
user = user.replace(":(.*?):", "");
user = user.replace(":Host:", "");
user = user.replaceAll("(:)(.*?)(:)", "");
user = user.trim();
realurl = url[1];
realurl = realurl.replace("Visited:", "");
realurl = realurl.replace(":(.*?):", "");
realurl = realurl.replaceAll(":(.*?):", "");
realurl = realurl.replace(":Host:", "");
realurl = realurl.trim();
}
if(!ddtime.isEmpty()){
ddtime = ddtime.replace("T"," ");
ddtime = ddtime.substring(ddtime.length()-4);
}
if(!actime.isEmpty()){
actime = actime.replace("z"," ");
actime = actime.substring(0,actime.length()-5);
}
// TODO: Need to fix this so we have the right obj_id
@ -259,11 +271,11 @@ public class ExtractIE { // implements BrowserActivity {
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", realurl));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "", lineBuff[3]));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "", actime));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), "RecentActivity", "", "None"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "", lineBuff[2]));
// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "", ddtime));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Internet Explorer"));

2
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -76,7 +76,7 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
if(Success)
{
//Delete dat file since it was succcessfully by Pasco
regFile.delete();
//regFile.delete();
}
j++;

2
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -88,7 +88,7 @@ public class Firefox {
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","",temprs.getString("url")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getString("visit_date")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),"RecentActivity","",temprs.getString("ref")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),"RecentActivity","",((temprs.getString("ref") != null) ? temprs.getString("ref") : "None")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),"RecentActivity","",((temprs.getString("title") != null) ? temprs.getString("title") : "No Title")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox"));
bbart.addAttributes(bbattributes);

95
Report/src/org/sleuthkit/autopsy/report/reportHTML.java
View File

@ -4,6 +4,7 @@
*/
package org.sleuthkit.autopsy.report;
import java.io.File;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
@ -41,57 +42,85 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
Date date = new Date();
String datetime = datetimeFormat.format(date);
String datenotime = dateFormat.format(date);
//Add html header info
formatted_Report.append("<html><head>Autopsy Report for Case:").append(caseName).append("</head><body><div id=\"main\"><div id=\"content\">");
// String CSS = "<replaceme>"
// + "body {padding: 30px; margin: 0; background: #FFFFFF; font: 13px/20px Arial, Helvetica, sans-serif; color: #535353;} "
// + "h1 {font-size: 26px; color: #005577; margin: 0 0 20px 0;} "
// + "h2 {font-size: 20px; font-weight: normal; color: #0077aa; margin: 40px 0 10px 0; padding: 0 0 10px 0; border-bottom: 1px solid #dddddd;} "
// + "h3 {font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;} "
// + "p {margin: 0 0 20px 0;} table {width: 100%; padding: 0; margin: 0; border-collapse: collapse; border-bottom: 1px solid #e5e5e5;} "
// + "table thead th {display: table-cell; text-align: left; padding: 8px 16px; background: #e5e5e5; color: #777;font-size: 11px;text-shadow: #e9f9fd 0 1px 0; border-top: 1px solid #dedede; border-bottom: 2px solid #dedede;} "
// + "table tr th:nth-child(1) {text-align: center; width: 60px;} table td {display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif;} "
// + "table tr:nth-child(even) td {background: #f3f3f3;} "
// + "table tr td:nth-child(1) {text-align: center; width: 60px; background: #f3f3f3;} "
// + "table tr:nth-child(even) td:nth-child(1) {background: #eaeaea;}"
// + "</replaceme>";
//Add additional header information
formatted_Report.append("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\"><html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\"><head><title>Autopsy Report for Case:").append(caseName).append("</title>");
//formatted_Report.append("<link rel=\"stylesheet\" href=\"" + rrpath + "report.css\" type=\"text/css\" />");
formatted_Report.append("</head><body style=\"padding: 30px; margin: 0; background: #FFFFFF; font: 13px/20px Arial, Helvetica, sans-serif; color: #535353;\"><div id=\"main\"><div id=\"content\">");
// Add summary information now
formatted_Report.append("<h1>Report for Case: ").append(caseName).append("</h1>");
formatted_Report.append("<h3>Case Summary</h3><p>HTML Report Generated by Autopsy 3 on ").append(datetime).append("<br /><ul>");
// formatted_Report.append("<style>" + CSS + "</style>");
formatted_Report.append("<h1 style=\"font-size: 26px; color: #005577; margin: 0 0 20px 0;\">Report for Case: ").append(caseName).append("</h1>");
formatted_Report.append("<h2 style=\"font-size: 20px; font-weight: normal; color: #0077aa; margin: 40px 0 10px 0; padding: 0 0 10px 0; border-bottom: 1px solid #dddddd;\">Case Summary</h2><p>HTML Report Generated by <strong>Autopsy 3</strong> on ").append(datetime).append("<br /><ul>");
formatted_Report.append("<li># of Images: ").append(imagecount).append("</li>");
formatted_Report.append("<li>FileSystems: ").append(filesystemcount).append("</li>");
StringBuilder nodeGen = new StringBuilder("<h3>General Information</h3>");
StringBuilder nodeWebBookmark = new StringBuilder("<h3>Web Bookmarks</h3>");
StringBuilder nodeWebCookie = new StringBuilder("<h3>Web Cookies</h3>");
StringBuilder nodeWebHistory = new StringBuilder("<h3>Web History</h3>");
StringBuilder nodeWebDownload = new StringBuilder("<h3>Web Downloads</h3>");
StringBuilder nodeRecentObjects = new StringBuilder("<h3>Recent Documents</h3>");
StringBuilder nodeTrackPoint = new StringBuilder("<h3>Track Points</h3>");
StringBuilder nodeInstalled = new StringBuilder("<h3>Installed Programs</h3>");
StringBuilder nodeKeyword = new StringBuilder("<h3>Keyword Search Hits</h3>");
StringBuilder nodeHash = new StringBuilder("<h3>Hashset Hits</h3>");
String tableHeader = "<table><thead style=\"display: table-cell; text-align: left; padding: 8px 16px; background: #e5e5e5; color: #777;font-size: 11px;text-shadow: #e9f9fd 0 1px 0; border-top: 1px solid #dedede; border-bottom: 2px solid #dedede; \"><tr><th style=\"text-align: center; width: 60px; \">Artifact ID</th><th style=\"text-align: center; width: 60px; \">Name</th><th style=\"text-align: center; width: 60px; \">Size</th><th style=\"text-align: center; width: 60px; \">Attribute</th><th style=\"text-align: center; width: 60px; \">Value</th></tr></thead><tbody>";
StringBuilder nodeGen = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">General Information</h3>" + tableHeader);
StringBuilder nodeWebBookmark = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Web Bookmarks</h3>" + tableHeader);
StringBuilder nodeWebCookie = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Web Cookies</h3>" + tableHeader);
StringBuilder nodeWebHistory = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Web History</h3>" + tableHeader);
StringBuilder nodeWebDownload = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Web Downloads</h3>" + tableHeader);
StringBuilder nodeRecentObjects = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Recent Documents</h3>" + tableHeader);
StringBuilder nodeTrackPoint = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Track Points</h3>" + tableHeader);
StringBuilder nodeInstalled = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Installed Programs</h3>" + tableHeader);
StringBuilder nodeKeyword = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Keyword Search Hits</h3>" + tableHeader);
StringBuilder nodeHash = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Hashset Hits</h3>" + tableHeader);
int pp = 0;
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(reportFilter.cancel == true){
break;
}
int cc = 0;
StringBuilder artifact = new StringBuilder("<p>Artifact");
StringBuilder artifact = new StringBuilder("");
Long objId = entry.getKey().getObjectID();
//Content file = skCase.getContentById(objId);
FsContent file = skCase.getFsContentById(objId);
// File file = cfile
// File file = cfile.
String tdcolor = "";
Long filesize = file.getSize();
artifact.append(" ID: ").append(objId.toString());
artifact.append(" Name: <strong>").append(file.getName().toString()).append("</strong>");
artifact.append("<br />Path: ").append(file.getParentPath());
artifact.append("<br /> Size: ").append(filesize.toString());
artifact.append("</p><ul style=\"list-style-type: none;\">");
// Get all the attributes for this guy
for (BlackboardAttribute tempatt : entry.getValue())
{
if(reportFilter.cancel == true){
break;
}
StringBuilder attribute = new StringBuilder("<li style=\"list-style-type: none;\">Type: ").append(tempatt.getAttributeTypeDisplayName()).append("</li>");
attribute.append("<li style=\"list-style-type: none;\">Value: ").append(tempatt.getValueString()).append("</li>");
attribute.append("<li style=\"list-style-type: none;\"> Context: ").append(tempatt.getContext()).append("</li>");
if(pp > 0)
{
pp = 0;
tdcolor = "background: #eaeaea;";
}
else
{
tdcolor = "";
pp = 1;
}
artifact.append("<tr><td style=\"display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif; " + tdcolor + " \">").append(objId.toString());
artifact.append("</td><td style=\"display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif;" + tdcolor + " \"><strong>").append(file.getName().toString()).append("</strong></td>");
//artifact.append("Path: ").append(file.getParentPath());
artifact.append("<td style=\"display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif;" + tdcolor + " \">").append(filesize.toString()).append("</td>");
StringBuilder attribute = new StringBuilder("<td style=\"display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif; " + tdcolor + " \">").append(tempatt.getAttributeTypeDisplayName()).append("</td>");
attribute.append("<td style=\"display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif;" + tdcolor + " \">").append(tempatt.getValueString()).append("</td></tr>");
//attribute.append("<li style=\"list-style-type: none;\"> Context: ").append(tempatt.getContext()).append("</li>");
artifact.append(attribute);
cc++;
}
artifact.append("</ul>");
//artifact.append("</tr>");
if(entry.getKey().getArtifactTypeID() == 1){
nodeGen.append(artifact);
}
@ -129,15 +158,25 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
}
//Add them back in order
formatted_Report.append(nodeGen);
formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeWebBookmark);
formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeWebCookie);
formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeWebHistory);
formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeWebDownload);
formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeRecentObjects);
formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeTrackPoint);
formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeInstalled);
formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeKeyword);
formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeHash);
formatted_Report.append("</tbody></table>");
//end of master loop
formatted_Report.append("</div></div></body></html>");