mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 16:06:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Report if any browser data was found, not just history.

Browse Source
This commit is contained in:
Jeff Wallace 2013-10-31 11:25:20 -04:00
parent b1552110e8
commit 48a8afec6f
5 changed files with 89 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
View File

@ -82,7 +82,7 @@ public class Chrome extends Extract {
@Override @Override
public void process(PipelineContext<IngestModuleDataSource>pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) { public void process(PipelineContext<IngestModuleDataSource>pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) {
historyFound = true; dataFound = false;
this.getHistory(dataSource, controller); this.getHistory(dataSource, controller);
this.getBookmark(dataSource, controller); this.getBookmark(dataSource, controller);
this.getCookie(dataSource, controller); this.getCookie(dataSource, controller);
@ -105,7 +105,6 @@ public class Chrome extends Extract {
String msg = "Error when trying to get Chrome history files."; String msg = "Error when trying to get Chrome history files.";
logger.log(Level.SEVERE, msg, ex); logger.log(Level.SEVERE, msg, ex);
this.addErrorMessage(this.getName() + ": " + msg); this.addErrorMessage(this.getName() + ": " + msg);
historyFound = false;
return; return;
} }
@ -121,11 +120,10 @@ public class Chrome extends Extract {
if (allocatedHistoryFiles.isEmpty()) { if (allocatedHistoryFiles.isEmpty()) {
String msg = "Could not find any allocated Chrome history files."; String msg = "Could not find any allocated Chrome history files.";
logger.log(Level.INFO, msg); logger.log(Level.INFO, msg);
addErrorMessage(getName() + ": " + msg);
historyFound = false;
return; return;
} }
dataFound = true;
int j = 0; int j = 0;
while (j < historyFiles.size()) { while (j < historyFiles.size()) {
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + historyFiles.get(j).getName().toString() + j + ".db"; String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + historyFiles.get(j).getName().toString() + j + ".db";
@ -187,6 +185,12 @@ public class Chrome extends Extract {
return; return;
} }
if (bookmarkFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any Chrome bookmark files.");
return;
}
dataFound = true;
int j = 0; int j = 0;
while (j < bookmarkFiles.size()) { while (j < bookmarkFiles.size()) {
@ -306,6 +310,12 @@ public class Chrome extends Extract {
return; return;
} }
if (cookiesFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any Chrome cookies files.");
return;
}
dataFound = true;
int j = 0; int j = 0;
while (j < cookiesFiles.size()) { while (j < cookiesFiles.size()) {
AbstractFile cookiesFile = cookiesFiles.get(j++); AbstractFile cookiesFile = cookiesFiles.get(j++);
@ -355,9 +365,9 @@ public class Chrome extends Extract {
private void getDownload(Content dataSource, IngestDataSourceWorkerController controller) { private void getDownload(Content dataSource, IngestDataSourceWorkerController controller) {
FileManager fileManager = currentCase.getServices().getFileManager(); FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> historyFiles = null; List<AbstractFile> downloadFiles = null;
try { try {
historyFiles = fileManager.findFiles(dataSource, "History", "Chrome"); downloadFiles = fileManager.findFiles(dataSource, "History", "Chrome");
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
String msg = "Error when trying to get Chrome history files."; String msg = "Error when trying to get Chrome history files.";
logger.log(Level.SEVERE, msg, ex); logger.log(Level.SEVERE, msg, ex);
@ -365,18 +375,24 @@ public class Chrome extends Extract {
return; return;
} }
if (downloadFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any Chrome download files.");
return;
}
dataFound = true;
int j = 0; int j = 0;
while (j < historyFiles.size()) { while (j < downloadFiles.size()) {
AbstractFile historyFile = historyFiles.get(j++); AbstractFile downloadFile = downloadFiles.get(j++);
if (historyFile.getSize() == 0) { if (downloadFile.getSize() == 0) {
continue; continue;
} }
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + historyFile.getName().toString() + j + ".db"; String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + downloadFile.getName().toString() + j + ".db";
try { try {
ContentUtils.writeToFile(historyFile, new File(temps)); ContentUtils.writeToFile(downloadFile, new File(temps));
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome download artifacts.{0}", ex); logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome download artifacts.{0}", ex);
this.addErrorMessage(this.getName() + ": Error while trying to analyze file:" + historyFile.getName()); this.addErrorMessage(this.getName() + ": Error while trying to analyze file:" + downloadFile.getName());
continue; continue;
} }
File dbFile = new File(temps); File dbFile = new File(temps);
@ -409,7 +425,7 @@ public class Chrome extends Extract {
String domain = Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : ""); String domain = Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "");
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "Recent Activity", domain)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "Recent Activity", domain));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "Recent Activity", "Chrome")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "Recent Activity", "Chrome"));
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, historyFile, bbattributes); this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadFile, bbattributes);
} }
dbFile.delete(); dbFile.delete();
@ -436,6 +452,12 @@ public class Chrome extends Extract {
return; return;
} }
if (signonFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any Chrome signon files.");
return;
}
dataFound = true;
int j = 0; int j = 0;
while (j < signonFiles.size()) { while (j < signonFiles.size()) {
AbstractFile signonFile = signonFiles.get(j++); AbstractFile signonFile = signonFiles.get(j++);

8
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Extract.java
View File

@ -40,11 +40,11 @@ abstract public class Extract extends IngestModuleDataSource{
public final Logger logger = Logger.getLogger(this.getClass().getName()); public final Logger logger = Logger.getLogger(this.getClass().getName());
protected final ArrayList<String> errorMessages = new ArrayList<>(); protected final ArrayList<String> errorMessages = new ArrayList<>();
protected String moduleName = ""; protected String moduleName = "";
protected boolean historyFound = false; protected boolean dataFound = false;
//hide public constructor to prevent from instantiation by ingest module loader //hide public constructor to prevent from instantiation by ingest module loader
Extract() { Extract() {
historyFound = true; dataFound = false;
} }
/** /**
@ -145,7 +145,7 @@ abstract public class Extract extends IngestModuleDataSource{
return moduleName; return moduleName;
} }
public boolean foundHistory() { public boolean foundData() {
return historyFound; return dataFound;
} }
} }

25
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -93,7 +93,7 @@ public class ExtractIE extends Extract {
@Override @Override
public void process(PipelineContext<IngestModuleDataSource>pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) { public void process(PipelineContext<IngestModuleDataSource>pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) {
historyFound = true; dataFound = false;
this.getBookmark(dataSource, controller); this.getBookmark(dataSource, controller);
this.getCookie(dataSource, controller); this.getCookie(dataSource, controller);
this.getRecentDocuments(dataSource, controller); this.getRecentDocuments(dataSource, controller);
@ -116,6 +116,12 @@ public class ExtractIE extends Extract {
return; return;
} }
if (favoritesFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any IE bookmark files.");
return;
}
dataFound = true;
for (AbstractFile favoritesFile : favoritesFiles) { for (AbstractFile favoritesFile : favoritesFiles) {
if (favoritesFile.getSize() == 0) { if (favoritesFile.getSize() == 0) {
continue; continue;
@ -171,11 +177,17 @@ public class ExtractIE extends Extract {
try { try {
cookiesFiles = fileManager.findFiles(dataSource, "%.txt", "Cookies"); cookiesFiles = fileManager.findFiles(dataSource, "%.txt", "Cookies");
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error finding cookie files for IE"); logger.log(Level.WARNING, "Error getting cookie files for IE");
this.addErrorMessage(this.getName() + ": " + "Error getting Internet Explorer cookie files."); this.addErrorMessage(this.getName() + ": " + "Error getting Internet Explorer cookie files.");
return; return;
} }
if (cookiesFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any IE cookies files.");
return;
}
dataFound = true;
for (AbstractFile cookiesFile : cookiesFiles) { for (AbstractFile cookiesFile : cookiesFiles) {
if (controller.isCancelled()) { if (controller.isCancelled()) {
break; break;
@ -231,6 +243,12 @@ public class ExtractIE extends Extract {
return; return;
} }
if (recentFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any IE recent files.");
return;
}
dataFound = true;
for (AbstractFile recentFile : recentFiles) { for (AbstractFile recentFile : recentFiles) {
if (controller.isCancelled()) { if (controller.isCancelled()) {
break; break;
@ -303,11 +321,10 @@ public class ExtractIE extends Extract {
if (indexFiles.isEmpty()) { if (indexFiles.isEmpty()) {
String msg = "No InternetExplorer history files found."; String msg = "No InternetExplorer history files found.";
logger.log(Level.INFO, msg); logger.log(Level.INFO, msg);
addErrorMessage(getName() + ": " + msg);
historyFound = false;
return; return;
} }
dataFound = true;
String temps; String temps;
String indexFileName; String indexFileName;
for (AbstractFile indexFile : indexFiles) { for (AbstractFile indexFile : indexFiles) {

32
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -75,7 +75,7 @@ public class Firefox extends Extract {
@Override @Override
public void process(PipelineContext<IngestModuleDataSource> pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) { public void process(PipelineContext<IngestModuleDataSource> pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) {
historyFound = true; dataFound = false;
this.getHistory(dataSource, controller); this.getHistory(dataSource, controller);
this.getBookmark(dataSource, controller); this.getBookmark(dataSource, controller);
this.getDownload(dataSource, controller); this.getDownload(dataSource, controller);
@ -95,18 +95,17 @@ public class Firefox extends Extract {
String msg = "Error fetching internet history files for Firefox."; String msg = "Error fetching internet history files for Firefox.";
logger.log(Level.WARNING, msg); logger.log(Level.WARNING, msg);
this.addErrorMessage(this.getName() + ": " + msg); this.addErrorMessage(this.getName() + ": " + msg);
historyFound = false;
return; return;
} }
if (historyFiles.isEmpty()) { if (historyFiles.isEmpty()) {
String msg = "No FireFox history files found."; String msg = "No FireFox history files found.";
logger.log(Level.INFO, msg); logger.log(Level.INFO, msg);
addErrorMessage(getName() + ": " + msg);
historyFound = false;
return; return;
} }
dataFound = true;
int j = 0; int j = 0;
for (AbstractFile historyFile : historyFiles) { for (AbstractFile historyFile : historyFiles) {
if (historyFile.getSize() == 0) { if (historyFile.getSize() == 0) {
@ -168,6 +167,13 @@ public class Firefox extends Extract {
return; return;
} }
if (bookmarkFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any firefox bookmark files.");
return;
}
dataFound = true;
int j = 0; int j = 0;
for (AbstractFile bookmarkFile : bookmarkFiles) { for (AbstractFile bookmarkFile : bookmarkFiles) {
if (bookmarkFile.getSize() == 0) { if (bookmarkFile.getSize() == 0) {
@ -224,6 +230,12 @@ public class Firefox extends Extract {
return; return;
} }
if (cookiesFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any Firefox cookie files.");
return;
}
dataFound = true;
int j = 0; int j = 0;
for (AbstractFile cookiesFile : cookiesFiles) { for (AbstractFile cookiesFile : cookiesFiles) {
if (cookiesFile.getSize() == 0) { if (cookiesFile.getSize() == 0) {
@ -308,6 +320,12 @@ public class Firefox extends Extract {
return; return;
} }
if (downloadsFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any pre-version-24.0 Firefox download files.");
return;
}
dataFound = true;
int j = 0; int j = 0;
for (AbstractFile downloadsFile : downloadsFiles) { for (AbstractFile downloadsFile : downloadsFiles) {
if (downloadsFile.getSize() == 0) { if (downloadsFile.getSize() == 0) {
@ -386,6 +404,12 @@ public class Firefox extends Extract {
return; return;
} }
if (downloadsFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any version-24.0 Firefox download files.");
return;
}
dataFound = true;
int j = 0; int j = 0;
for (AbstractFile downloadsFile : downloadsFiles) { for (AbstractFile downloadsFile : downloadsFiles) {
if (downloadsFile.getSize() == 0) { if (downloadsFile.getSize() == 0) {

2
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java
View File

@ -113,7 +113,7 @@ public final class RAImageIngestModule extends IngestModuleDataSource {
historyMsg.append("<p>Browser Data on ").append(dataSource.getName()).append(":<ul>\n"); historyMsg.append("<p>Browser Data on ").append(dataSource.getName()).append(":<ul>\n");
for (Extract module : browserModules) { for (Extract module : browserModules) {
historyMsg.append("<li>").append(module.getName()); historyMsg.append("<li>").append(module.getName());
historyMsg.append(": ").append((module.foundHistory()) ? " Found." : " Not Found."); historyMsg.append(": ").append((module.foundData()) ? " Found." : " Not Found.");
historyMsg.append("</li>"); historyMsg.append("</li>");
} }
historyMsg.append("</ul>"); historyMsg.append("</ul>");