mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 16:06:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

7673 Add ingest job IDs to artifact posts

Browse Source
This commit is contained in:
Richard Cordovano 2021-10-22 12:18:30 -04:00
parent 07d912f37e
commit 491e429f50
5 changed files with 55 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties-MERGED
View File

@ -11,6 +11,7 @@ DataSourceUsage_FlashDrive=Flash Drive
# {0} - OS name
DataSourceUsageAnalyzer.customVolume.label=OS Drive ({0})
DataSourceUsageAnalyzer.displayName=Data Source Usage Analyzer
DefaultPriorityDomainCategorizer_searchEngineCategory=Search Engine
DomainCategoryRunner_moduleName_text=Domain Category Analyzer
DomainCategoryRunner_parentModuleName=Recent Activity
DomainCategoryRunner_Progress_Message_Domain_Types=Finding Domain Types

16
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java
View File

@ -252,7 +252,7 @@ class Chromium extends Extract {
break;
}
List<HashMap<String, Object>> tempList;
tempList = this.dbConnect(temps, HISTORY_QUERY);
tempList = this.querySQLiteDb(temps, HISTORY_QUERY);
logger.log(Level.INFO, "{0}- Now getting history from {1} with {2} artifacts identified.", new Object[]{getDisplayName(), temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
@ -494,7 +494,7 @@ class Chromium extends Extract {
break;
}
List<HashMap<String, Object>> tempList = this.dbConnect(temps, COOKIE_QUERY);
List<HashMap<String, Object>> tempList = this.querySQLiteDb(temps, COOKIE_QUERY);
logger.log(Level.INFO, "{0}- Now getting cookies from {1} with {2} artifacts identified.", new Object[]{getDisplayName(), temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
@ -596,9 +596,9 @@ class Chromium extends Extract {
List<HashMap<String, Object>> tempList;
if (isChromePreVersion30(temps)) {
tempList = this.dbConnect(temps, DOWNLOAD_QUERY);
tempList = this.querySQLiteDb(temps, DOWNLOAD_QUERY);
} else {
tempList = this.dbConnect(temps, DOWNLOAD_QUERY_V30);
tempList = this.querySQLiteDb(temps, DOWNLOAD_QUERY_V30);
}
logger.log(Level.INFO, "{0}- Now getting downloads from {1} with {2} artifacts identified.", new Object[]{getDisplayName(), temps, tempList.size()}); //NON-NLS
@ -710,7 +710,7 @@ class Chromium extends Extract {
dbFile.delete();
break;
}
List<HashMap<String, Object>> tempList = this.dbConnect(temps, LOGIN_QUERY);
List<HashMap<String, Object>> tempList = this.querySQLiteDb(temps, LOGIN_QUERY);
logger.log(Level.INFO, "{0}- Now getting login information from {1} with {2} artifacts identified.", new Object[]{getDisplayName(), temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
@ -869,7 +869,7 @@ class Chromium extends Extract {
String autoFillquery = (isSchemaV8X) ? AUTOFILL_QUERY_V8X
: AUTOFILL_QUERY;
List<HashMap<String, Object>> autofills = this.dbConnect(dbFilePath, autoFillquery);
List<HashMap<String, Object>> autofills = this.querySQLiteDb(dbFilePath, autoFillquery);
logger.log(Level.INFO, "{0}- Now getting Autofill information from {1} with {2} artifacts identified.", new Object[]{getDisplayName(), dbFilePath, autofills.size()}); //NON-NLS
for (HashMap<String, Object> result : autofills) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
@ -943,7 +943,7 @@ class Chromium extends Extract {
);
// Get Web form addresses
List<HashMap<String, Object>> addresses = this.dbConnect(dbFilePath, webformAddressQuery);
List<HashMap<String, Object>> addresses = this.querySQLiteDb(dbFilePath, webformAddressQuery);
logger.log(Level.INFO, "{0}- Now getting Web form addresses from {1} with {2} artifacts identified.", new Object[]{getDisplayName(), dbFilePath, addresses.size()}); //NON-NLS
for (HashMap<String, Object> result : addresses) {
@ -1031,7 +1031,7 @@ class Chromium extends Extract {
private boolean isChromePreVersion30(String temps) {
String query = "PRAGMA table_info(downloads)"; //NON-NLS
List<HashMap<String, Object>> columns = this.dbConnect(temps, query);
List<HashMap<String, Object>> columns = this.querySQLiteDb(temps, query);
for (HashMap<String, Object> col : columns) {
if (col.get("name").equals("url")) { //NON-NLS
return true;

91
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Extract.java
View File

@ -201,7 +201,7 @@ abstract class Extract {
* consists of a column name as a key and an Object as a column
* value, with empty strings substituted for nulls.
*/
protected List<HashMap<String, Object>> dbConnect(String path, String query) {
protected List<HashMap<String, Object>> querySQLiteDb(String path, String query) {
ResultSet resultSet;
List<HashMap<String, Object>> list;
String connectionString = "jdbc:sqlite:" + path; //NON-NLS
@ -233,7 +233,7 @@ abstract class Extract {
private List<HashMap<String, Object>> resultSetToArrayList(ResultSet rs) throws SQLException {
ResultSetMetaData md = rs.getMetaData();
int columns = md.getColumnCount();
List<HashMap<String, Object>> list = new ArrayList<>(50);
List<HashMap<String, Object>> results = new ArrayList<>(50);
while (rs.next()) {
HashMap<String, Object> row = new HashMap<>(columns);
for (int i = 1; i <= columns; ++i) {
@ -243,10 +243,9 @@ abstract class Extract {
row.put(md.getColumnName(i), rs.getObject(i));
}
}
list.add(row);
results.add(row);
}
return list;
return results;
}
/**
@ -297,19 +296,21 @@ abstract class Extract {
}
/**
* Creates a list of attributes for a history artifact.
* Creates a list of attributes for a web history artifact.
*
* @param url
* @param accessTime Time url was accessed
* @param referrer referred url
* @param title title of the page
* @param programName module name
* @param domain domain of the url
* @param user user that accessed url
* @param url The URL, may be null.
* @param accessTime The time the URL was accessed, may be null.
* @param referrer The referring URL, may be null.
* @param title Title of the returned resource, may be null.
* @param programName The program that executed the request, may be the
* empty string, may be null.
* @param domain The domain of the URL, may be null.
* @param user The user that accessed URL, may be null.
*
* @return List of BlackboardAttributes for giving attributes
* @return The list of attributes.
*
* @throws TskCoreException
* @throws TskCoreException The exception is thrown if there is an issue
* creating the attributes.
*/
protected Collection<BlackboardAttribute> createHistoryAttributes(String url, Long accessTime,
String referrer, String title, String programName, String domain, String user) throws TskCoreException {
@ -348,16 +349,16 @@ abstract class Extract {
}
/**
* Creates a list of attributes for a cookie.
* Creates a list of attributes for a web cookie artifact.
*
* @param url cookie url
* @param creationTime cookie creation time
* @param name cookie name
* @param value cookie value
* @param programName Name of the module creating the attribute
* @param domain Domain of the URL
* @param url The cookie url, may be null.
* @param creationTime The cookie creation time, may be null.
* @param name The cookie name, may be null.
* @param value The cookie value, may be null.
* @param programName The program that created the cookie, may be null.
* @param domain The domain of the cookie URL, may be null.
*
* @return List of BlackboarAttributes for the passed in attributes
* @return The list of attributes.
*/
protected Collection<BlackboardAttribute> createCookieAttributes(String url,
Long creationTime, Long accessTime, Long endTime, String name, String value, String programName, String domain) {
@ -402,15 +403,16 @@ abstract class Extract {
}
/**
* Creates a list of bookmark attributes from the passed in parameters.
* Creates a list of attributes for a web bookmark artifact.
*
* @param url Bookmark url.
* @param title Title of the bookmarked page.
* @param creationTime Date and time at which the bookmark was created
* @param programName Name of the program creating the attribute RJCTODO
* @param domain The domain of the bookmark's url
* @param url The bookmark URL, may be null.
* @param title The title of the bookmarked page, may be null.
* @param creationTime The date and time at which the bookmark was created,
* may be null.
* @param programName The program that created the bookmark, may be null.
* @param domain The domain of the bookmark's URL, may be null.
*
* @return A collection of bookmark attributes
* @return The list of attributes.
*/
protected Collection<BlackboardAttribute> createBookmarkAttributes(String url, String title, Long creationTime, String programName, String domain) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
@ -440,15 +442,15 @@ abstract class Extract {
}
/**
* Creates a list of the attributes of a downloaded file
* Creates a list of attributes for a web download artifact.
*
* @param path
* @param url URL of the downloaded file
* @param accessTime Time the download occurred
* @param domain Domain of the URL
* @param programName Name of the module creating the attribute
* @param path The path of the downloaded file, may be null.
* @param url The URL of the downloaded file, may be null.
* @param accessTime The time the download occurred, may be null.
* @param domain The domain of the URL, may be null.
* @param programName The program that downloaded the file, may be null.
*
* @return A collection of attributes of a downloaded file
* @return The list of attributes.
*/
protected Collection<BlackboardAttribute> createDownloadAttributes(String path, Long pathID, String url, Long accessTime, String domain, String programName) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
@ -483,21 +485,6 @@ abstract class Extract {
return bbattributes;
}
/**
* Creates a list of the attributes for source of a downloaded file
*
* @param url source URL of the downloaded file
*
* @return A collection of attributes for source of a downloaded file
*/
protected Collection<BlackboardAttribute> createDownloadSourceAttributes(String url) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
RecentActivityExtracterModuleFactory.getModuleName(),
(url != null) ? url : "")); //NON-NLS
return bbattributes;
}
/**
* Writes a file to disk in this extractor's dedicated temp directory within
* the Recent Activity ingest modules temp directory. The object ID of the

2
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractSafari.java
View File

@ -395,7 +395,7 @@ final class ExtractSafari extends Extract {
* @throws TskCoreException
*/
private Collection<BlackboardArtifact> getHistoryArtifacts(AbstractFile origFile, Path tempFilePath) throws TskCoreException {
List<HashMap<String, Object>> historyList = this.dbConnect(tempFilePath.toString(), HISTORY_QUERY);
List<HashMap<String, Object>> historyList = this.querySQLiteDb(tempFilePath.toString(), HISTORY_QUERY);
if (historyList == null || historyList.isEmpty()) {
return null;

12
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -208,7 +208,7 @@ class Firefox extends Extract {
dbFile.delete();
break;
}
List<HashMap<String, Object>> tempList = this.dbConnect(temps, HISTORY_QUERY);
List<HashMap<String, Object>> tempList = this.querySQLiteDb(temps, HISTORY_QUERY);
logger.log(Level.INFO, "{0} - Now getting history from {1} with {2} artifacts identified.", new Object[]{getDisplayName(), temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) {
@ -310,7 +310,7 @@ class Firefox extends Extract {
dbFile.delete();
break;
}
List<HashMap<String, Object>> tempList = this.dbConnect(temps, BOOKMARK_QUERY);
List<HashMap<String, Object>> tempList = this.querySQLiteDb(temps, BOOKMARK_QUERY);
logger.log(Level.INFO, "{0} - Now getting bookmarks from {1} with {2} artifacts identified.", new Object[]{getDisplayName(), temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) {
@ -421,7 +421,7 @@ class Firefox extends Extract {
query = COOKIE_QUERY_V3;
}
List<HashMap<String, Object>> tempList = this.dbConnect(temps, query);
List<HashMap<String, Object>> tempList = this.querySQLiteDb(temps, query);
logger.log(Level.INFO, "{0} - Now getting cookies from {1} with {2} artifacts identified.", new Object[]{getDisplayName(), temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) {
@ -542,7 +542,7 @@ class Firefox extends Extract {
break;
}
List<HashMap<String, Object>> tempList = this.dbConnect(temps, DOWNLOAD_QUERY);
List<HashMap<String, Object>> tempList = this.querySQLiteDb(temps, DOWNLOAD_QUERY);
logger.log(Level.INFO, "{0}- Now getting downloads from {1} with {2} artifacts identified.", new Object[]{getDisplayName(), temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) {
@ -678,7 +678,7 @@ class Firefox extends Extract {
break;
}
List<HashMap<String, Object>> tempList = this.dbConnect(temps, DOWNLOAD_QUERY_V24);
List<HashMap<String, Object>> tempList = this.querySQLiteDb(temps, DOWNLOAD_QUERY_V24);
logger.log(Level.INFO, "{0} - Now getting downloads from {1} with {2} artifacts identified.", new Object[]{getDisplayName(), temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) {
@ -824,7 +824,7 @@ class Firefox extends Extract {
boolean isFirefoxV64 = Util.checkColumn("timesUsed", "moz_formhistory", tempFilePath);
String formHistoryQuery = (isFirefoxV64) ? FORMHISTORY_QUERY_V64 : FORMHISTORY_QUERY;
List<HashMap<String, Object>> tempList = this.dbConnect(tempFilePath, formHistoryQuery);
List<HashMap<String, Object>> tempList = this.querySQLiteDb(tempFilePath, formHistoryQuery);
logger.log(Level.INFO, "{0} - Now getting history from {1} with {2} artifacts identified.", new Object[]{getDisplayName(), tempFilePath, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) {