mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-12 07:56:16 +00:00
Report if any browser data was found, not just history.
This commit is contained in:
Jeff Wallace
parent
b1552110e8
commit
48a8afec6f
@ -82,7 +82,7 @@ public class Chrome extends Extract {
|
||||
|
||||
@Override
|
||||
public void process(PipelineContext<IngestModuleDataSource>pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) {
|
||||
historyFound = true;
|
||||
dataFound = false;
|
||||
this.getHistory(dataSource, controller);
|
||||
this.getBookmark(dataSource, controller);
|
||||
this.getCookie(dataSource, controller);
|
||||
@ -105,7 +105,6 @@ public class Chrome extends Extract {
|
||||
String msg = "Error when trying to get Chrome history files.";
|
||||
logger.log(Level.SEVERE, msg, ex);
|
||||
this.addErrorMessage(this.getName() + ": " + msg);
|
||||
historyFound = false;
|
||||
return;
|
||||
}
|
||||
|
||||
@ -121,11 +120,10 @@ public class Chrome extends Extract {
|
||||
if (allocatedHistoryFiles.isEmpty()) {
|
||||
String msg = "Could not find any allocated Chrome history files.";
|
||||
logger.log(Level.INFO, msg);
|
||||
addErrorMessage(getName() + ": " + msg);
|
||||
historyFound = false;
|
||||
return;
|
||||
}
|
||||
|
||||
dataFound = true;
|
||||
int j = 0;
|
||||
while (j < historyFiles.size()) {
|
||||
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + historyFiles.get(j).getName().toString() + j + ".db";
|
||||
@ -187,6 +185,12 @@ public class Chrome extends Extract {
|
||||
return;
|
||||
}
|
||||
|
||||
if (bookmarkFiles.isEmpty()) {
|
||||
logger.log(Level.INFO, "Didn't find any Chrome bookmark files.");
|
||||
return;
|
||||
}
|
||||
|
||||
dataFound = true;
|
||||
int j = 0;
|
||||
|
||||
while (j < bookmarkFiles.size()) {
|
||||
@ -306,6 +310,12 @@ public class Chrome extends Extract {
|
||||
return;
|
||||
}
|
||||
|
||||
if (cookiesFiles.isEmpty()) {
|
||||
logger.log(Level.INFO, "Didn't find any Chrome cookies files.");
|
||||
return;
|
||||
}
|
||||
|
||||
dataFound = true;
|
||||
int j = 0;
|
||||
while (j < cookiesFiles.size()) {
|
||||
AbstractFile cookiesFile = cookiesFiles.get(j++);
|
||||
@ -355,9 +365,9 @@ public class Chrome extends Extract {
|
||||
private void getDownload(Content dataSource, IngestDataSourceWorkerController controller) {
|
||||
|
||||
FileManager fileManager = currentCase.getServices().getFileManager();
|
||||
List<AbstractFile> historyFiles = null;
|
||||
List<AbstractFile> downloadFiles = null;
|
||||
try {
|
||||
historyFiles = fileManager.findFiles(dataSource, "History", "Chrome");
|
||||
downloadFiles = fileManager.findFiles(dataSource, "History", "Chrome");
|
||||
} catch (TskCoreException ex) {
|
||||
String msg = "Error when trying to get Chrome history files.";
|
||||
logger.log(Level.SEVERE, msg, ex);
|
||||
@ -365,18 +375,24 @@ public class Chrome extends Extract {
|
||||
return;
|
||||
}
|
||||
|
||||
if (downloadFiles.isEmpty()) {
|
||||
logger.log(Level.INFO, "Didn't find any Chrome download files.");
|
||||
return;
|
||||
}
|
||||
|
||||
dataFound = true;
|
||||
int j = 0;
|
||||
while (j < historyFiles.size()) {
|
||||
AbstractFile historyFile = historyFiles.get(j++);
|
||||
if (historyFile.getSize() == 0) {
|
||||
while (j < downloadFiles.size()) {
|
||||
AbstractFile downloadFile = downloadFiles.get(j++);
|
||||
if (downloadFile.getSize() == 0) {
|
||||
continue;
|
||||
}
|
||||
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + historyFile.getName().toString() + j + ".db";
|
||||
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + downloadFile.getName().toString() + j + ".db";
|
||||
try {
|
||||
ContentUtils.writeToFile(historyFile, new File(temps));
|
||||
ContentUtils.writeToFile(downloadFile, new File(temps));
|
||||
} catch (IOException ex) {
|
||||
logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome download artifacts.{0}", ex);
|
||||
this.addErrorMessage(this.getName() + ": Error while trying to analyze file:" + historyFile.getName());
|
||||
this.addErrorMessage(this.getName() + ": Error while trying to analyze file:" + downloadFile.getName());
|
||||
continue;
|
||||
}
|
||||
File dbFile = new File(temps);
|
||||
@ -409,7 +425,7 @@ public class Chrome extends Extract {
|
||||
String domain = Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "");
|
||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "Recent Activity", domain));
|
||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "Recent Activity", "Chrome"));
|
||||
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, historyFile, bbattributes);
|
||||
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadFile, bbattributes);
|
||||
}
|
||||
|
||||
dbFile.delete();
|
||||
@ -436,6 +452,12 @@ public class Chrome extends Extract {
|
||||
return;
|
||||
}
|
||||
|
||||
if (signonFiles.isEmpty()) {
|
||||
logger.log(Level.INFO, "Didn't find any Chrome signon files.");
|
||||
return;
|
||||
}
|
||||
|
||||
dataFound = true;
|
||||
int j = 0;
|
||||
while (j < signonFiles.size()) {
|
||||
AbstractFile signonFile = signonFiles.get(j++);
|
||||
|
||||
@ -40,11 +40,11 @@ abstract public class Extract extends IngestModuleDataSource{
|
||||
public final Logger logger = Logger.getLogger(this.getClass().getName());
|
||||
protected final ArrayList<String> errorMessages = new ArrayList<>();
|
||||
protected String moduleName = "";
|
||||
protected boolean historyFound = false;
|
||||
protected boolean dataFound = false;
|
||||
|
||||
//hide public constructor to prevent from instantiation by ingest module loader
|
||||
Extract() {
|
||||
historyFound = true;
|
||||
dataFound = false;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -145,7 +145,7 @@ abstract public class Extract extends IngestModuleDataSource{
|
||||
return moduleName;
|
||||
}
|
||||
|
||||
public boolean foundHistory() {
|
||||
return historyFound;
|
||||
public boolean foundData() {
|
||||
return dataFound;
|
||||
}
|
||||
}
|
||||
@ -93,7 +93,7 @@ public class ExtractIE extends Extract {
|
||||
|
||||
@Override
|
||||
public void process(PipelineContext<IngestModuleDataSource>pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) {
|
||||
historyFound = true;
|
||||
dataFound = false;
|
||||
this.getBookmark(dataSource, controller);
|
||||
this.getCookie(dataSource, controller);
|
||||
this.getRecentDocuments(dataSource, controller);
|
||||
@ -116,6 +116,12 @@ public class ExtractIE extends Extract {
|
||||
return;
|
||||
}
|
||||
|
||||
if (favoritesFiles.isEmpty()) {
|
||||
logger.log(Level.INFO, "Didn't find any IE bookmark files.");
|
||||
return;
|
||||
}
|
||||
|
||||
dataFound = true;
|
||||
for (AbstractFile favoritesFile : favoritesFiles) {
|
||||
if (favoritesFile.getSize() == 0) {
|
||||
continue;
|
||||
@ -171,11 +177,17 @@ public class ExtractIE extends Extract {
|
||||
try {
|
||||
cookiesFiles = fileManager.findFiles(dataSource, "%.txt", "Cookies");
|
||||
} catch (TskCoreException ex) {
|
||||
logger.log(Level.WARNING, "Error finding cookie files for IE");
|
||||
logger.log(Level.WARNING, "Error getting cookie files for IE");
|
||||
this.addErrorMessage(this.getName() + ": " + "Error getting Internet Explorer cookie files.");
|
||||
return;
|
||||
}
|
||||
|
||||
if (cookiesFiles.isEmpty()) {
|
||||
logger.log(Level.INFO, "Didn't find any IE cookies files.");
|
||||
return;
|
||||
}
|
||||
|
||||
dataFound = true;
|
||||
for (AbstractFile cookiesFile : cookiesFiles) {
|
||||
if (controller.isCancelled()) {
|
||||
break;
|
||||
@ -231,6 +243,12 @@ public class ExtractIE extends Extract {
|
||||
return;
|
||||
}
|
||||
|
||||
if (recentFiles.isEmpty()) {
|
||||
logger.log(Level.INFO, "Didn't find any IE recent files.");
|
||||
return;
|
||||
}
|
||||
|
||||
dataFound = true;
|
||||
for (AbstractFile recentFile : recentFiles) {
|
||||
if (controller.isCancelled()) {
|
||||
break;
|
||||
@ -303,11 +321,10 @@ public class ExtractIE extends Extract {
|
||||
if (indexFiles.isEmpty()) {
|
||||
String msg = "No InternetExplorer history files found.";
|
||||
logger.log(Level.INFO, msg);
|
||||
addErrorMessage(getName() + ": " + msg);
|
||||
historyFound = false;
|
||||
return;
|
||||
}
|
||||
|
||||
dataFound = true;
|
||||
String temps;
|
||||
String indexFileName;
|
||||
for (AbstractFile indexFile : indexFiles) {
|
||||
|
||||
@ -75,7 +75,7 @@ public class Firefox extends Extract {
|
||||
|
||||
@Override
|
||||
public void process(PipelineContext<IngestModuleDataSource> pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) {
|
||||
historyFound = true;
|
||||
dataFound = false;
|
||||
this.getHistory(dataSource, controller);
|
||||
this.getBookmark(dataSource, controller);
|
||||
this.getDownload(dataSource, controller);
|
||||
@ -95,18 +95,17 @@ public class Firefox extends Extract {
|
||||
String msg = "Error fetching internet history files for Firefox.";
|
||||
logger.log(Level.WARNING, msg);
|
||||
this.addErrorMessage(this.getName() + ": " + msg);
|
||||
historyFound = false;
|
||||
return;
|
||||
}
|
||||
|
||||
if (historyFiles.isEmpty()) {
|
||||
String msg = "No FireFox history files found.";
|
||||
logger.log(Level.INFO, msg);
|
||||
addErrorMessage(getName() + ": " + msg);
|
||||
historyFound = false;
|
||||
return;
|
||||
}
|
||||
|
||||
dataFound = true;
|
||||
|
||||
int j = 0;
|
||||
for (AbstractFile historyFile : historyFiles) {
|
||||
if (historyFile.getSize() == 0) {
|
||||
@ -168,6 +167,13 @@ public class Firefox extends Extract {
|
||||
return;
|
||||
}
|
||||
|
||||
if (bookmarkFiles.isEmpty()) {
|
||||
logger.log(Level.INFO, "Didn't find any firefox bookmark files.");
|
||||
return;
|
||||
}
|
||||
|
||||
dataFound = true;
|
||||
|
||||
int j = 0;
|
||||
for (AbstractFile bookmarkFile : bookmarkFiles) {
|
||||
if (bookmarkFile.getSize() == 0) {
|
||||
@ -224,6 +230,12 @@ public class Firefox extends Extract {
|
||||
return;
|
||||
}
|
||||
|
||||
if (cookiesFiles.isEmpty()) {
|
||||
logger.log(Level.INFO, "Didn't find any Firefox cookie files.");
|
||||
return;
|
||||
}
|
||||
|
||||
dataFound = true;
|
||||
int j = 0;
|
||||
for (AbstractFile cookiesFile : cookiesFiles) {
|
||||
if (cookiesFile.getSize() == 0) {
|
||||
@ -308,6 +320,12 @@ public class Firefox extends Extract {
|
||||
return;
|
||||
}
|
||||
|
||||
if (downloadsFiles.isEmpty()) {
|
||||
logger.log(Level.INFO, "Didn't find any pre-version-24.0 Firefox download files.");
|
||||
return;
|
||||
}
|
||||
|
||||
dataFound = true;
|
||||
int j = 0;
|
||||
for (AbstractFile downloadsFile : downloadsFiles) {
|
||||
if (downloadsFile.getSize() == 0) {
|
||||
@ -386,6 +404,12 @@ public class Firefox extends Extract {
|
||||
return;
|
||||
}
|
||||
|
||||
if (downloadsFiles.isEmpty()) {
|
||||
logger.log(Level.INFO, "Didn't find any version-24.0 Firefox download files.");
|
||||
return;
|
||||
}
|
||||
|
||||
dataFound = true;
|
||||
int j = 0;
|
||||
for (AbstractFile downloadsFile : downloadsFiles) {
|
||||
if (downloadsFile.getSize() == 0) {
|
||||
|
||||
@ -113,7 +113,7 @@ public final class RAImageIngestModule extends IngestModuleDataSource {
|
||||
historyMsg.append("<p>Browser Data on ").append(dataSource.getName()).append(":<ul>\n");
|
||||
for (Extract module : browserModules) {
|
||||
historyMsg.append("<li>").append(module.getName());
|
||||
historyMsg.append(": ").append((module.foundHistory()) ? " Found." : " Not Found.");
|
||||
historyMsg.append(": ").append((module.foundData()) ? " Found." : " Not Found.");
|
||||
historyMsg.append("</li>");
|
||||
}
|
||||
historyMsg.append("</ul>");
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user