mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-18 10:37:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

No longer assume that blackboard artifacts are associated with a File object,

Browse Source 
instead they are associated with any generic Content object
This commit is contained in:
Dick Fickling 2012-02-27 12:49:04 -05:00
parent c69e143baf
commit 4512964496
9 changed files with 178 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
DataModel/src/org/sleuthkit/autopsy/datamodel/AbstractContentChildren.java
View File

@ -63,7 +63,7 @@ abstract class AbstractContentChildren extends Keys<Object> {
/** /**
* Creates appropriate Node for each sub-class of Content * Creates appropriate Node for each sub-class of Content
*/ */
static class CreateSleuthkitNodeVisitor extends SleuthkitItemVisitor.Default<AbstractNode> { static class CreateSleuthkitNodeVisitor extends SleuthkitItemVisitor.Default<AbstractContentNode> {
@Override @Override
public AbstractContentNode visit(Directory drctr) { public AbstractContentNode visit(Directory drctr) {
@ -76,7 +76,7 @@ abstract class AbstractContentChildren extends Keys<Object> {
} }
@Override @Override
public AbstractNode visit(FileSystem fs) { public AbstractContentNode visit(FileSystem fs) {
return defaultVisit(fs); return defaultVisit(fs);
} }
@ -91,22 +91,22 @@ abstract class AbstractContentChildren extends Keys<Object> {
} }
@Override @Override
public AbstractNode visit(VolumeSystem vs) { public AbstractContentNode visit(VolumeSystem vs) {
return defaultVisit(vs); return defaultVisit(vs);
} }
@Override @Override
public AbstractNode visit(BlackboardArtifact.ARTIFACT_TYPE a) { public AbstractContentNode visit(BlackboardArtifact.ARTIFACT_TYPE a) {
return defaultVisit(a); return defaultVisit(a);
} }
@Override @Override
public AbstractNode visit(BlackboardArtifact ba) { public AbstractContentNode visit(BlackboardArtifact ba) {
return defaultVisit(ba); return defaultVisit(ba);
} }
@Override @Override
protected AbstractNode defaultVisit(SleuthkitVisitableItem di) { protected AbstractContentNode defaultVisit(SleuthkitVisitableItem di) {
throw new UnsupportedOperationException("No Node defined for the given DisplayableItem"); throw new UnsupportedOperationException("No Node defined for the given DisplayableItem");
} }
} }

13
DataModel/src/org/sleuthkit/autopsy/datamodel/ArtifactStringContent.java
View File

@ -18,13 +18,11 @@
*/ */
package org.sleuthkit.autopsy.datamodel; package org.sleuthkit.autopsy.datamodel;
import java.sql.SQLException;
import java.util.Arrays; import java.util.Arrays;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.File;
import org.sleuthkit.datamodel.TskException; import org.sleuthkit.datamodel.TskException;
/** /**
@ -78,15 +76,4 @@ public class ArtifactStringContent implements StringContent{
} }
} }
public static File getAssociatedFile(BlackboardArtifact artifact){
try {
return artifact.getSleuthkitCase().getFileById(artifact.getObjectID());
} catch (SQLException ex) {
logger.log(Level.WARNING, "SQL query threw exception", ex);
} catch (TskException ex) {
logger.log(Level.WARNING, "Getting file failed", ex);
}
throw new IllegalArgumentException("Couldn't get file from database");
}
} }

28
DataModel/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java
View File

@ -25,12 +25,14 @@ import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import org.openide.nodes.AbstractNode; import org.openide.nodes.AbstractNode;
import org.openide.nodes.Children; import org.openide.nodes.Children;
import org.openide.nodes.Node;
import org.openide.nodes.Sheet; import org.openide.nodes.Sheet;
import org.openide.util.Lookup; import org.openide.util.Lookup;
import org.openide.util.lookup.Lookups; import org.openide.util.lookup.Lookups;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.Directory; import org.sleuthkit.datamodel.Directory;
import org.sleuthkit.datamodel.File; import org.sleuthkit.datamodel.File;
import org.sleuthkit.datamodel.TskException; import org.sleuthkit.datamodel.TskException;
@ -45,7 +47,7 @@ public class BlackboardArtifactNode extends AbstractNode implements DisplayableI
static final Logger logger = Logger.getLogger(BlackboardArtifactNode.class.getName()); static final Logger logger = Logger.getLogger(BlackboardArtifactNode.class.getName());
public BlackboardArtifactNode(BlackboardArtifact artifact) { public BlackboardArtifactNode(BlackboardArtifact artifact) {
super(Children.LEAF, Lookups.singleton(getAssociatedFile(artifact))); super(Children.LEAF, Lookups.singleton(getAssociatedContent(artifact)));
//super(Children.LEAF, Lookups.singleton(new ArtifactStringContent(artifact))); //super(Children.LEAF, Lookups.singleton(new ArtifactStringContent(artifact)));
this.artifact = artifact; this.artifact = artifact;
this.setName(Long.toString(artifact.getArtifactID())); this.setName(Long.toString(artifact.getArtifactID()));
@ -120,9 +122,9 @@ public class BlackboardArtifactNode extends AbstractNode implements DisplayableI
return v.visit(this); return v.visit(this);
} }
public File getAssociatedFile(){ public Content getAssociatedContent(){
try { try {
return artifact.getSleuthkitCase().getFileById(artifact.getObjectID()); return artifact.getSleuthkitCase().getContentById(artifact.getObjectID());
} catch (SQLException ex) { } catch (SQLException ex) {
logger.log(Level.WARNING, "SQL query threw exception", ex); logger.log(Level.WARNING, "SQL query threw exception", ex);
} catch (TskException ex) { } catch (TskException ex) {
@ -131,9 +133,9 @@ public class BlackboardArtifactNode extends AbstractNode implements DisplayableI
throw new IllegalArgumentException("Couldn't get file from database"); throw new IllegalArgumentException("Couldn't get file from database");
} }
public static File getAssociatedFile(BlackboardArtifact artifact){ public static Content getAssociatedContent(BlackboardArtifact artifact){
try { try {
return artifact.getSleuthkitCase().getFileById(artifact.getObjectID()); return artifact.getSleuthkitCase().getContentById(artifact.getObjectID());
} catch (SQLException ex) { } catch (SQLException ex) {
logger.log(Level.WARNING, "SQL query threw exception", ex); logger.log(Level.WARNING, "SQL query threw exception", ex);
} catch (TskException ex) { } catch (TskException ex) {
@ -142,21 +144,9 @@ public class BlackboardArtifactNode extends AbstractNode implements DisplayableI
throw new IllegalArgumentException("Couldn't get file from database"); throw new IllegalArgumentException("Couldn't get file from database");
} }
public Directory getParentDirectory(){ public Node getContentNode() {
try{ return getAssociatedContent().accept(new AbstractContentChildren.CreateSleuthkitNodeVisitor());
return getAssociatedFile().getParentDirectory();
} catch (TskException ex) {
logger.log(Level.WARNING, "File has no parent", ex);
}
throw new IllegalArgumentException("Couldn't get context");
} }
public FileNode getContentNode() {
return new FileNode(getAssociatedFile());
}
public DirectoryNode getContextNode() {
return new DirectoryNode(getParentDirectory());
}
} }

2
DirectoryTree/src/org/sleuthkit/autopsy/directorytree/ViewContextAction.java
View File

@ -67,7 +67,7 @@ class ViewContextAction extends AbstractAction {
@Override @Override
public void run() { public void run() {
ReverseHierarchyVisitor vtor = new ReverseHierarchyVisitor(); ReverseHierarchyVisitor vtor = new ReverseHierarchyVisitor();
List<Content> hierarchy = node.getAssociatedFile().accept(vtor); List<Content> hierarchy = node.getAssociatedContent().accept(vtor);
Collections.reverse(hierarchy); Collections.reverse(hierarchy);
Node generated = new DirectoryTreeFilterNode(new AbstractNode(new RootContentChildren(hierarchy))); Node generated = new DirectoryTreeFilterNode(new AbstractNode(new RootContentChildren(hierarchy)));
Children genChilds = generated.getChildren(); Children genChilds = generated.getChildren();

2
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -252,7 +252,7 @@ public class ExtractIE { // implements BrowserActivity {
} }
// TODO: Need to fix this so we have the right obj_id // TODO: Need to fix this so we have the right obj_id
BlackboardArtifact bbart = tempDb.getFileById(artObjId).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); BlackboardArtifact bbart = tempDb.getContentById(artObjId).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "Internet Explorer", realurl)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "Internet Explorer", realurl));

18
Report/src/org/sleuthkit/autopsy/report/report.java
View File

@ -9,6 +9,8 @@ import java.sql.SQLException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
@ -40,7 +42,7 @@ public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getGenInfo() {
} }
catch (Exception e) catch (Exception e)
{ {
Logger.getLogger(report.class.getName()).log(Level.INFO, "Exception occurred", e);
} }
return reportMap; return reportMap;
@ -62,7 +64,7 @@ public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getWebHistory(
} }
catch (Exception e) catch (Exception e)
{ {
Logger.getLogger(report.class.getName()).log(Level.INFO, "Exception occurred", e);
} }
return reportMap; return reportMap;
@ -83,7 +85,7 @@ public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getWebCookie()
} }
catch (Exception e) catch (Exception e)
{ {
Logger.getLogger(report.class.getName()).log(Level.INFO, "Exception occurred", e);
} }
return reportMap; return reportMap;
@ -104,7 +106,7 @@ public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getWebBookmark
} }
catch (Exception e) catch (Exception e)
{ {
Logger.getLogger(report.class.getName()).log(Level.INFO, "Exception occurred", e);
} }
return reportMap; return reportMap;
@ -126,7 +128,7 @@ public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getWebDownload
} }
catch (Exception e) catch (Exception e)
{ {
Logger.getLogger(report.class.getName()).log(Level.INFO, "Exception occurred", e);
} }
return reportMap; return reportMap;
@ -148,7 +150,7 @@ public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getRecentObjec
} }
catch (Exception e) catch (Exception e)
{ {
Logger.getLogger(report.class.getName()).log(Level.INFO, "Exception occurred", e);
} }
return reportMap; return reportMap;
@ -170,7 +172,7 @@ public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getKeywordHit(
} }
catch (Exception e) catch (Exception e)
{ {
Logger.getLogger(report.class.getName()).log(Level.INFO, "Exception occurred", e);
} }
return reportMap; return reportMap;
@ -191,7 +193,7 @@ public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getHashHit() {
} }
catch (Exception e) catch (Exception e)
{ {
Logger.getLogger(report.class.getName()).log(Level.INFO, "Exception occurred", e);
} }
return reportMap; return reportMap;

62
Report/src/org/sleuthkit/autopsy/report/reportAction.java
View File

@ -4,18 +4,23 @@
*/ */
package org.sleuthkit.autopsy.report; package org.sleuthkit.autopsy.report;
import java.awt.Component;
import java.awt.Dimension; import java.awt.Dimension;
import java.awt.Toolkit; import java.awt.Toolkit;
import java.awt.event.ActionEvent; import java.awt.event.ActionEvent;
import java.awt.event.ActionListener; import java.awt.event.ActionListener;
import java.util.logging.Level; import java.util.logging.Level;
import javax.swing.JButton;
import javax.swing.JDialog; import javax.swing.JDialog;
import javax.swing.JFrame; import javax.swing.JFrame;
import org.openide.awt.ActionRegistration; import org.openide.awt.ActionRegistration;
import org.openide.awt.ActionReference; import org.openide.awt.ActionReference;
import org.openide.awt.ActionReferences; import org.openide.awt.ActionReferences;
import org.openide.awt.ActionID; import org.openide.awt.ActionID;
import org.openide.util.HelpCtx;
import org.openide.util.NbBundle.Messages; import org.openide.util.NbBundle.Messages;
import org.openide.util.actions.CallableSystemAction;
import org.openide.util.actions.Presenter;
import org.sleuthkit.autopsy.coreutils.Log; import org.sleuthkit.autopsy.coreutils.Log;
@ActionID(category = "Tools", @ActionID(category = "Tools",
@ -25,8 +30,24 @@ id = "org.sleuthkit.autopsy.report.reportAction")
@ActionReference(path = "Menu/Tools", position = 80) @ActionReference(path = "Menu/Tools", position = 80)
}) })
@Messages("CTL_reportAction=Run Report") @Messages("CTL_reportAction=Run Report")
public final class reportAction implements ActionListener { public final class reportAction extends CallableSystemAction implements Presenter.Toolbar{
private JButton toolbarButton = new JButton();
private static final String ACTION_NAME = "Report Filter"; private static final String ACTION_NAME = "Report Filter";
public reportAction() {
// set action of the toolbar button
toolbarButton.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
reportAction.this.actionPerformed(e);
}
});
}
@Override
public void actionPerformed(ActionEvent e) { public void actionPerformed(ActionEvent e) {
try { try {
@ -65,7 +86,42 @@ public final class reportAction implements ActionListener {
} }
} }
public void closeme(JFrame frame){ @Override
frame.dispose(); public void performAction() {
}
@Override
public String getName() {
return ACTION_NAME;
}
@Override
public HelpCtx getHelpCtx() {
return HelpCtx.DEFAULT_HELP;
}
/**
* Returns the toolbar component of this action
*
* @return component the toolbar button
*/
@Override
public Component getToolbarPresenter() {
//ImageIcon icon = new ImageIcon(getClass().getResource("close-icon.png"));
//toolbarButton.setIcon(icon);
toolbarButton.setText(this.getName());
return toolbarButton;
}
/**
* Set this action to be enabled/disabled
*
* @param value whether to enable this action or not
*/
@Override
public void setEnabled(boolean value){
super.setEnabled(value);
toolbarButton.setEnabled(value);
} }
} }

62
Report/src/org/sleuthkit/autopsy/report/reportHTML.java
View File

@ -10,13 +10,21 @@ import java.util.ArrayList;
import java.util.Date; import java.util.Date;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map.Entry; import java.util.Map.Entry;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.jdom.Comment; import org.jdom.Comment;
import org.jdom.Element; import org.jdom.Element;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.ContentVisitor;
import org.sleuthkit.datamodel.Directory;
import org.sleuthkit.datamodel.File; import org.sleuthkit.datamodel.File;
import org.sleuthkit.datamodel.FileSystem;
import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.Volume;
/** /**
* *
@ -64,11 +72,11 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) { for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
String artifact = "<p>Artifact"; String artifact = "<p>Artifact";
Long objId = entry.getKey().getObjectID(); Long objId = entry.getKey().getObjectID();
File file = skCase.getFileById(objId); Content cont = skCase.getContentById(objId);
Long filesize = file.getSize(); Long filesize = cont.getSize();
artifact += " ID: " + objId.toString(); artifact += " ID: " + objId.toString();
artifact += "<br /> Name: <strong>" + file.getName().toString() + "</strong>"; artifact += "<br /> Name: <strong>" + cont.accept(new NameVisitor()) + "</strong>";
artifact += "<br />Path: " + file.getParentPath(); artifact += "<br />Path: " + cont.accept(new PathVisitor());
artifact += "<br /> Size: " + filesize.toString(); artifact += "<br /> Size: " + filesize.toString();
artifact += "</p><ul style=\"list-style-type: none;\">"; artifact += "</p><ul style=\"list-style-type: none;\">";
@ -131,9 +139,53 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
} }
catch(Exception e) catch(Exception e)
{ {
Logger.getLogger(reportHTML.class.getName()).log(Level.INFO, "Exception occurred", e);
} }
} }
private class NameVisitor extends ContentVisitor.Default<String> {
@Override
protected String defaultVisit(Content cntnt) {
throw new UnsupportedOperationException("Not supported for " + cntnt.toString());
}
@Override
public String visit(Directory dir) {
return dir.getName();
}
@Override
public String visit(Image img) {
return img.getName();
}
@Override
public String visit(File fil) {
return fil.getName();
}
}
private class PathVisitor extends ContentVisitor.Default<String> {
@Override
protected String defaultVisit(Content cntnt) {
throw new UnsupportedOperationException("Not supported for " + cntnt.toString());
}
@Override
public String visit(Directory dir) {
return dir.getParentPath();
}
@Override
public String visit(Image img) {
return img.getName();
}
@Override
public String visit(File fil) {
return fil.getParentPath();
}
}
} }

35
Report/src/org/sleuthkit/autopsy/report/reportXML.java
View File

@ -11,6 +11,8 @@ import java.util.ArrayList;
import java.util.Date; import java.util.Date;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map.Entry; import java.util.Map.Entry;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.jdom.Comment; import org.jdom.Comment;
import org.jdom.Document; import org.jdom.Document;
import org.jdom.Document.*; import org.jdom.Document.*;
@ -19,7 +21,11 @@ import org.jdom.output.XMLOutputter;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.ContentVisitor;
import org.sleuthkit.datamodel.Directory;
import org.sleuthkit.datamodel.File; import org.sleuthkit.datamodel.File;
import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
public class reportXML { public class reportXML {
@ -59,10 +65,10 @@ public class reportXML {
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) { for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
Element artifact = new Element("Artifact"); Element artifact = new Element("Artifact");
Long objId = entry.getKey().getObjectID(); Long objId = entry.getKey().getObjectID();
File file = skCase.getFileById(objId); Content cont = skCase.getContentById(objId);
Long filesize = file.getSize(); Long filesize = cont.getSize();
artifact.setAttribute("ID", objId.toString()); artifact.setAttribute("ID", objId.toString());
artifact.setAttribute("Name", file.getName().toString()); artifact.setAttribute("Name", cont.accept(new NameVisitor()));
artifact.setAttribute("Size", filesize.toString()); artifact.setAttribute("Size", filesize.toString());
// Get all the attributes for this guy // Get all the attributes for this guy
@ -142,7 +148,30 @@ public class reportXML {
} }
catch (Exception e){ catch (Exception e){
Logger.getLogger(reportXML.class.getName()).log(Level.INFO, "Exception occurred", e);
}
}
private class NameVisitor extends ContentVisitor.Default<String> {
@Override
protected String defaultVisit(Content cntnt) {
throw new UnsupportedOperationException("Not supported for " + cntnt.toString());
}
@Override
public String visit(Directory dir) {
return dir.getName();
}
@Override
public String visit(Image img) {
return img.getName();
}
@Override
public String visit(File fil) {
return fil.getName();
} }
} }
} }