diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractPrefetch.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractPrefetch.java index 18e823f5b3..50cde40af9 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractPrefetch.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractPrefetch.java @@ -69,8 +69,7 @@ final class ExtractPrefetch extends Extract { private static final String PREFETCH_TSK_COMMENT = "Prefetch File"; private static final String PREFETCH_FILE_LOCATION = "/windows/prefetch"; private static final String PREFETCH_TOOL_FOLDER = "markmckinnon"; //NON-NLS - private static final String PREFETCH_TOOL_NAME_WINDOWS_64 = "parse_prefetch_x64.exe"; //NON-NLS - private static final String PREFETCH_TOOL_NAME_WINDOWS_32 = "parse_prefetch_x32.exe"; //NON-NLS + private static final String PREFETCH_TOOL_NAME_WINDOWS = "parse_prefetch.exe"; //NON-NLS private static final String PREFETCH_TOOL_NAME_MACOS = "parse_prefetch_macos"; //NON-NLS private static final String PREFETCH_TOOL_NAME_LINUX = "parse_prefetch_linux"; //NON-NLS private static final String PREFETCH_OUTPUT_FILE_NAME = "Output.txt"; //NON-NLS @@ -178,7 +177,6 @@ final class ExtractPrefetch extends Extract { } } } - } /** @@ -219,11 +217,7 @@ final class ExtractPrefetch extends Extract { private String getPathForPrefetchDumper() { Path path = null; if (PlatformUtil.isWindowsOS()) { - if (PlatformUtil.is64BitOS()) { - path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_WINDOWS_64); - } else { - path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_WINDOWS_32); - } + path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_WINDOWS); } else { if ("Linux".equals(PlatformUtil.getOSName())) { path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_LINUX); diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractSru.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractSru.java index 8940b46ca9..4a61129386 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractSru.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractSru.java @@ -62,10 +62,8 @@ final class ExtractSru extends Extract { private static final String APPLICATION_USAGE_SOURCE_NAME = "System Resource Usage - Application Usage"; //NON-NLS private static final String NETWORK_USAGE_SOURCE_NAME = "System Resource Usage - Network Usage"; private static final String SRU_TOOL_FOLDER = "markmckinnon"; //NON-NLS - private static final String SRU_TOOL_NAME_WINDOWS_32 = "Export_Srudb_32.exe"; //NON-NLS - private static final String SRU_TOOL_NAME_WINDOWS_64 = "Export_Srudb_64.exe"; //NON-NLS + private static final String SRU_TOOL_NAME_WINDOWS = "Export_Srudb.exe"; //NON-NLS private static final String SRU_TOOL_NAME_LINUX = "Export_Srudb_Linux.exe"; //NON-NLS - private static final String SRU_TOOL_NAME_MAC = "Export_srudb_macos"; //NON-NLS private static final String SRU_OUTPUT_FILE_NAME = "Output.txt"; //NON-NLS private static final String SRU_ERROR_FILE_NAME = "Error.txt"; //NON-NLS @@ -239,8 +237,11 @@ final class ExtractSru extends Extract { List commandLine = new ArrayList<>(); commandLine.add(sruExePath); + commandLine.add("-sr"); commandLine.add(sruFile); //NON-NLS + commandLine.add("-s"); commandLine.add(softwareHiveFile); + commandLine.add("-db"); commandLine.add(tempOutFile); ProcessBuilder processBuilder = new ProcessBuilder(commandLine); @@ -253,17 +254,10 @@ final class ExtractSru extends Extract { private String getPathForSruDumper() { Path path = null; if (PlatformUtil.isWindowsOS()) { - if (PlatformUtil.is64BitOS()) { - path = Paths.get(SRU_TOOL_FOLDER, SRU_TOOL_NAME_WINDOWS_64); - } else { - path = Paths.get(SRU_TOOL_FOLDER, SRU_TOOL_NAME_WINDOWS_32); - } + path = Paths.get(SRU_TOOL_FOLDER, SRU_TOOL_NAME_WINDOWS); } else { if ("Linux".equals(PlatformUtil.getOSName())) { path = Paths.get(SRU_TOOL_FOLDER, SRU_TOOL_NAME_LINUX); - } else { - path = Paths.get(SRU_TOOL_FOLDER, SRU_TOOL_NAME_MAC); - } } File sruToolFile = InstalledFileLocator.getDefault().locate(path.toString(), ExtractSru.class.getPackage().getName(), false); @@ -320,7 +314,7 @@ final class ExtractSru extends Extract { } private void createNetUsageArtifacts(String sruDb, AbstractFile sruAbstractFile) { - List bba = new ArrayList<>(); + List bba = new ArrayList<>(); String sqlStatement = "SELECT STRFTIME('%s', timestamp) ExecutionTime, a.application_name, b.Application_Name formatted_application_name, User_Name, " + " bytesSent, BytesRecvd FROM network_Usage a, SruDbIdMapTable, exe_to_app b " diff --git a/thirdparty/markmckinnon/Export_Srudb_Linux b/thirdparty/markmckinnon/Export_Srudb_Linux index 0af32da85b..10c18ab1f3 100755 Binary files a/thirdparty/markmckinnon/Export_Srudb_Linux and b/thirdparty/markmckinnon/Export_Srudb_Linux differ diff --git a/thirdparty/markmckinnon/Export_srudb_macos b/thirdparty/markmckinnon/Export_srudb_macos deleted file mode 100755 index eeff65b668..0000000000 Binary files a/thirdparty/markmckinnon/Export_srudb_macos and /dev/null differ diff --git a/thirdparty/markmckinnon/parse_prefetch_x64.exe b/thirdparty/markmckinnon/export_srudb.exe similarity index 50% rename from thirdparty/markmckinnon/parse_prefetch_x64.exe rename to thirdparty/markmckinnon/export_srudb.exe index 3e0b7ae674..2544ac2c96 100644 Binary files a/thirdparty/markmckinnon/parse_prefetch_x64.exe and b/thirdparty/markmckinnon/export_srudb.exe differ diff --git a/thirdparty/markmckinnon/export_srudb_32.exe b/thirdparty/markmckinnon/export_srudb_32.exe deleted file mode 100644 index e642c1d8df..0000000000 Binary files a/thirdparty/markmckinnon/export_srudb_32.exe and /dev/null differ diff --git a/thirdparty/markmckinnon/export_srudb_64.exe b/thirdparty/markmckinnon/export_srudb_64.exe deleted file mode 100644 index 7b07367739..0000000000 Binary files a/thirdparty/markmckinnon/export_srudb_64.exe and /dev/null differ diff --git a/thirdparty/markmckinnon/parse_prefetch.exe b/thirdparty/markmckinnon/parse_prefetch.exe new file mode 100644 index 0000000000..99c5122317 Binary files /dev/null and b/thirdparty/markmckinnon/parse_prefetch.exe differ diff --git a/thirdparty/markmckinnon/parse_prefetch_linux b/thirdparty/markmckinnon/parse_prefetch_linux index 183674e9cf..88685e9e12 100755 Binary files a/thirdparty/markmckinnon/parse_prefetch_linux and b/thirdparty/markmckinnon/parse_prefetch_linux differ diff --git a/thirdparty/markmckinnon/parse_prefetch_x86.exe b/thirdparty/markmckinnon/parse_prefetch_x86.exe deleted file mode 100644 index fb58178c3a..0000000000 Binary files a/thirdparty/markmckinnon/parse_prefetch_x86.exe and /dev/null differ