From ba3f2cb81bfcc55ba9aa86db08ce04fb2e25cd16 Mon Sep 17 00:00:00 2001 From: Ann Priestman Date: Thu, 21 Jul 2016 15:48:54 -0400 Subject: [PATCH 1/6] Add rar to the mime types to be processed by seven zip. --- .../modules/embeddedfileextractor/SevenZipExtractor.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java index 18a81126fa..b4d8109988 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java @@ -104,7 +104,8 @@ class SevenZipExtractor { XGZIP("application/x-gzip"), //NON-NLS XBZIP2("application/x-bzip2"), //NON-NLS XTAR("application/x-tar"), //NON-NLS - XGTAR("application/x-gtar"); //NON-NLS + XGTAR("application/x-gtar"), + XRAR("application/x-rar-compressed"); //NON-NLS private final String mimeType; From 6e5ccfb0253371870761a498397b0b0f519caffb Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 26 Jul 2016 15:00:15 -0400 Subject: [PATCH 2/6] Fix recently injected bug in handling of main window title --- .../sleuthkit/autopsy/casemodule/Case.java | 68 ++++++++++--------- 1 file changed, 37 insertions(+), 31 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java index 90785595e8..91bb5c0a95 100644 --- a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java +++ b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java @@ -278,13 +278,14 @@ public class Case implements SleuthkitCase.ErrorObserver { private static final int MIN_SECS_BETWEEN_TSK_ERROR_REPORTS = 60; private static final Logger logger = Logger.getLogger(Case.class.getName()); private static final AutopsyEventPublisher eventPublisher = new AutopsyEventPublisher(); - private static Case currentCase = null; + private static String appName; + private static Case currentCase; private final CaseMetadata caseMetadata; private final SleuthkitCase db; private final Services services; private CollaborationMonitor collaborationMonitor; - private boolean hasDataSources = false; - private volatile IntervalErrorReportData tskErrorReporter = null; + private boolean hasDataSources; + private volatile IntervalErrorReportData tskErrorReporter; /** * Constructs an Autopsy case. Currently, only one case at a time may be @@ -493,10 +494,10 @@ public class Case implements SleuthkitCase.ErrorObserver { } /** - * Gets the root case output directory for this case, creating it if it does not exist. If the case is a - * single-user case, this is the case directory. If the case is a multi-user - * case, this is a subdirectory of the case directory specific to the host - * machine. + * Gets the root case output directory for this case, creating it if it does + * not exist. If the case is a single-user case, this is the case directory. + * If the case is a multi-user case, this is a subdirectory of the case + * directory specific to the host machine. * * @return the path to the host output directory. */ @@ -515,7 +516,8 @@ public class Case implements SleuthkitCase.ErrorObserver { } /** - * Gets the full path to the temp directory for this case, creating it if it does not exist. + * Gets the full path to the temp directory for this case, creating it if it + * does not exist. * * @return The temp subdirectory path. */ @@ -524,7 +526,8 @@ public class Case implements SleuthkitCase.ErrorObserver { } /** - * Gets the full path to the cache directory for this case, creating it if it does not exist. + * Gets the full path to the cache directory for this case, creating it if + * it does not exist. * * @return The cache directory path. */ @@ -533,7 +536,8 @@ public class Case implements SleuthkitCase.ErrorObserver { } /** - * Gets the full path to the export directory for this case, creating it if it does not exist. + * Gets the full path to the export directory for this case, creating it if + * it does not exist. * * @return The export directory path. */ @@ -542,7 +546,8 @@ public class Case implements SleuthkitCase.ErrorObserver { } /** - * Gets the full path to the log directory for this case, creating it if it does not exist. + * Gets the full path to the log directory for this case, creating it if it + * does not exist. * * @return The log directory path. */ @@ -551,7 +556,8 @@ public class Case implements SleuthkitCase.ErrorObserver { } /** - * Gets the full path to the reports directory for this case, creating it if it does not exist. + * Gets the full path to the reports directory for this case, creating it if + * it does not exist. * * @return The report directory path. */ @@ -560,7 +566,8 @@ public class Case implements SleuthkitCase.ErrorObserver { } /** - * Gets the full path to the module output directory for this case, creating it if it does not exist. + * Gets the full path to the module output directory for this case, creating + * it if it does not exist. * * @return The module output directory path. */ @@ -862,6 +869,18 @@ public class Case implements SleuthkitCase.ErrorObserver { } } + /** + * Gets the application name. + * + * @return The application name. + */ + public static String getAppName() { + if ((appName == null) || appName.equals("")) { + appName = WindowManager.getDefault().getMainWindow().getTitle(); + } + return appName; + } + /** * Checks if a string is a valid case name. * @@ -872,7 +891,7 @@ public class Case implements SleuthkitCase.ErrorObserver { * * @return True or false. */ - static public boolean isValidName(String caseName) { + public static boolean isValidName(String caseName) { return !(caseName.contains("\\") || caseName.contains("/") || caseName.contains(":") || caseName.contains("*") || caseName.contains("?") || caseName.contains("\"") || caseName.contains("<") || caseName.contains(">") || caseName.contains("|")); @@ -1189,7 +1208,7 @@ public class Case implements SleuthkitCase.ErrorObserver { if (!fileExists) { int ret = JOptionPane.showConfirmDialog( WindowManager.getDefault().getMainWindow(), - NbBundle.getMessage(Case.class, "Case.checkImgExist.confDlg.doesntExist.msg", WindowManager.getDefault().getMainWindow().getTitle(), path), + NbBundle.getMessage(Case.class, "Case.checkImgExist.confDlg.doesntExist.msg", getAppName(), path), NbBundle.getMessage(Case.class, "Case.checkImgExist.confDlg.doesntExist.title"), JOptionPane.YES_NO_OPTION); if (ret == JOptionPane.YES_OPTION) { @@ -1343,7 +1362,7 @@ public class Case implements SleuthkitCase.ErrorObserver { } else { SwingUtilities.invokeLater(() -> { Frame f = WindowManager.getDefault().getMainWindow(); - f.setTitle(WindowManager.getDefault().getMainWindow().getTitle()); // set the window name to just application name + f.setTitle(getAppName()); // set the window name to just application name }); } @@ -1365,7 +1384,7 @@ public class Case implements SleuthkitCase.ErrorObserver { //clear pending notifications MessageNotifyUtil.Notify.clear(); Frame f = WindowManager.getDefault().getMainWindow(); - f.setTitle(WindowManager.getDefault().getMainWindow().getTitle()); // set the window name to just application name + f.setTitle(getAppName()); // set the window name to just application name }); //try to force gc to happen @@ -1405,7 +1424,7 @@ public class Case implements SleuthkitCase.ErrorObserver { private static void addCaseNameToMainWindowTitle(String newCaseName) { if (!newCaseName.equals("")) { Frame f = WindowManager.getDefault().getMainWindow(); - f.setTitle(newCaseName + " - " + WindowManager.getDefault().getMainWindow().getTitle()); + f.setTitle(newCaseName + " - " + getAppName()); } } @@ -1519,19 +1538,6 @@ public class Case implements SleuthkitCase.ErrorObserver { return new File(filePath).isFile(); } - /** - * Gets the application name from the main window title. - * - * @return appName - * - * @deprecated Use WindowManager.getDefault().getMainWindow().getTitle() - * instead. - */ - @Deprecated - public static String getAppName() { - return WindowManager.getDefault().getMainWindow().getTitle(); - } - /** * Gets the Autopsy version. * From e4c539232a74c42bf1a317e9440cb55599c75fd5 Mon Sep 17 00:00:00 2001 From: Ann Priestman Date: Wed, 27 Jul 2016 08:56:49 -0400 Subject: [PATCH 3/6] Adding left-to-right markers to children count --- .../autopsy/directorytree/DirectoryTreeFilterNode.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/DirectoryTreeFilterNode.java b/Core/src/org/sleuthkit/autopsy/directorytree/DirectoryTreeFilterNode.java index a25f7c819e..0ae016bd00 100755 --- a/Core/src/org/sleuthkit/autopsy/directorytree/DirectoryTreeFilterNode.java +++ b/Core/src/org/sleuthkit/autopsy/directorytree/DirectoryTreeFilterNode.java @@ -75,7 +75,10 @@ class DirectoryTreeFilterNode extends FilterNode { if (file != null) { try { final int numChildren = file.getChildrenCount(); - name = name + " (" + numChildren + ")"; + + // left-to-right marks here are necessary to keep the count and parens together + // for mixed right-to-left and left-to-right names + name = name + " \u200E(\u200E" + numChildren + ")\u200E"; } catch (TskCoreException ex) { logger.log(Level.SEVERE, "Error getting children count to display for file: " + file, ex); //NON-NLS } From 3022fb73e3135a7877ab1f976f513e5b198dc26a Mon Sep 17 00:00:00 2001 From: Ann Priestman Date: Mon, 1 Aug 2016 08:56:02 -0400 Subject: [PATCH 4/6] Added left to right codes to display name in Tags and ExtractedContent --- Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java | 2 +- Core/src/org/sleuthkit/autopsy/datamodel/Tags.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java b/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java index 8a9b31936f..6aac72300a 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java @@ -358,7 +358,7 @@ public class ExtractedContent implements AutopsyVisitableItem { Logger.getLogger(TypeNode.class.getName()) .log(Level.WARNING, "Error getting child count", ex); //NON-NLS } - super.setDisplayName(type.getDisplayName() + " (" + childCount + ")"); + super.setDisplayName(type.getDisplayName() + " \u200E(\u200E" + childCount + ")\u200E"); } @Override diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/Tags.java b/Core/src/org/sleuthkit/autopsy/datamodel/Tags.java index 16f0ac7084..ac85cd8787 100755 --- a/Core/src/org/sleuthkit/autopsy/datamodel/Tags.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/Tags.java @@ -244,7 +244,7 @@ public class Tags implements AutopsyVisitableItem { } catch (TskCoreException ex) { Logger.getLogger(TagNameNode.class.getName()).log(Level.SEVERE, "Failed to get tags count for " + tagName.getDisplayName() + " tag name", ex); //NON-NLS } - setDisplayName(tagName.getDisplayName() + " (" + tagsCount + ")"); + setDisplayName(tagName.getDisplayName() + " \u200E(\u200E" + tagsCount + ")\u200E"); } @Override From c1ee8ea839af16acf2af021c9c274df868185eb0 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 2 Aug 2016 12:39:27 -0400 Subject: [PATCH 5/6] Lint of VirtualMachineFinder --- .../vmextractor/VirtualMachineFinder.java | 57 ++++++------------- 1 file changed, 16 insertions(+), 41 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/vmextractor/VirtualMachineFinder.java b/Core/src/org/sleuthkit/autopsy/modules/vmextractor/VirtualMachineFinder.java index 19f51d8ab6..21463f9a92 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/vmextractor/VirtualMachineFinder.java +++ b/Core/src/org/sleuthkit/autopsy/modules/vmextractor/VirtualMachineFinder.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2012-2015 Basis Technology Corp. + * Copyright 2012-2016 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -40,8 +40,8 @@ public final class VirtualMachineFinder { private static final Logger logger = Logger.getLogger(VirtualMachineFinder.class.getName()); private static final int MAX_VMDK_DESCRIPTOR_FILE_SIZE_BYTES = 10000; - private static final int MIN_VMDK_EXTENT_DESCRIPTOR_FIELDS_NUM = 4; // See readExtentFilesFromVmdkDescriptorFile() for details - private static final int FILE_NAME_FIELD_INDX_IN_EXTENT_DESCRIPTOR = 3; // See readExtentFilesFromVmdkDescriptorFile() for details + private static final int MIN_VMDK_EXTENT_DESCRIPTOR_FIELDS = 4; // See readExtentFilesFromVmdkDescriptorFile() for details + private static final int FILE_NAME_FIELD_INDX = 3; // See readExtentFilesFromVmdkDescriptorFile() for details private static final GeneralFilter virtualMachineFilter = new GeneralFilter(GeneralFilter.VIRTUAL_MACHINE_EXTS, GeneralFilter.VIRTUAL_MACHINE_DESC); private static final List vmFiltersList = new ArrayList<>(); @@ -59,11 +59,7 @@ public final class VirtualMachineFinder { } private static boolean isVirtualMachine(String fileName) { - // is file a virtual machine - if (!isAcceptedByFiler(new File(fileName), vmFiltersList)) { - return false; - } - return true; + return isAcceptedByFiler(new File(fileName), vmFiltersList); } /** @@ -119,8 +115,8 @@ public final class VirtualMachineFinder { // remove from the list all VMDK files that are listed in the descriptor file try (BufferedReader br = new BufferedReader(new FileReader(file))) { - String line; - while ((line = br.readLine()) != null) { + String line = br.readLine(); + while (null != line) { // The extent descriptions provide the following key information: // Access – may be RW, RDONLY, or NOACCESS // Size in sectors – a sector is 512 bytes @@ -131,18 +127,19 @@ public final class VirtualMachineFinder { // Example: RW 4192256 SPARSE "win7-ult-vm-0-s001.vmdk" String[] splited = line.split(" "); - if (splited.length < MIN_VMDK_EXTENT_DESCRIPTOR_FIELDS_NUM) { + if (splited.length < MIN_VMDK_EXTENT_DESCRIPTOR_FIELDS) { // line doesn't have enough fields, can't be an extent descriptor continue; } if (splited[0].equals("RW") || splited[0].equals("RDONLY") || splited[0].equals("NOACCESS")) { //NON-NLS // found an extent descriptor // remove quotation marks around the file name - String extentFileName = splited[FILE_NAME_FIELD_INDX_IN_EXTENT_DESCRIPTOR].replace("\"", ""); + String extentFileName = splited[FILE_NAME_FIELD_INDX].replace("\"", ""); // add extent file to list of extent files extentFiles.add(extentFileName); } + line = br.readLine(); } } catch (Exception ex) { logger.log(Level.WARNING, String.format("Error while parsing vmdk descriptor file %s", file.toString()), ex); //NON-NLS @@ -150,35 +147,6 @@ public final class VirtualMachineFinder { return extentFiles; } - /** - * Identifies whether a vmdk file is part of split vmdk image - * - * @param fileName Name of the vmdk file - * - * @return True if the file is part of split vmdk image, false if not - */ - private static boolean isPartOfSplitVMDKImage(String fileName) { - - // only need to worry about ".vmdk" images - if (!isAcceptedByFiler(new File(fileName), vmdkFiltersList)) { - return false; - } - - // this needs to identify and handle different VMDK scenarios: - // i single image in a single file - // ii. Single image split over multiple files - just need to pass the first to TSK and it will combine the split image files. - // Note there may be more than than one split images in a single dir, - // e.g. icrd-te-google.vmdk, icrd-te-google-s001.vmdk, icrd-te-google-s002.vmdk... (split sparse vmdk format) - // e.g. win7-ult-vm.vmdk, win7-ult-vm-f001.vmdk, win7-ult-vm-f002.vmdk... (split flat vmdk format) - String fName = fileName.toLowerCase(); - int lastPeriod = fName.lastIndexOf('.'); - if (-1 == lastPeriod) { - return false; - } - String fNameNoExt = fName.substring(0, lastPeriod); - return fNameNoExt.matches(".*-[fs]\\d+$"); // anything followed by "-" then either "f" or "s" and followed by digits at the end of the string - } - private static boolean isAcceptedByFiler(File file, List filters) { for (FileFilter filter : filters) { @@ -207,4 +175,11 @@ public final class VirtualMachineFinder { } return new ArrayList<>(Arrays.asList(files)); } + + /** + * Prevent instantiation of this utility class. + */ + private VirtualMachineFinder() { + } + } From 730ff023515cf3359579f957c49bcff2def4c80e Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 2 Aug 2016 13:36:20 -0400 Subject: [PATCH 6/6] Make VirtualMachineFinder.isVirtualMachine a public API --- .../autopsy/modules/vmextractor/VirtualMachineFinder.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/vmextractor/VirtualMachineFinder.java b/Core/src/org/sleuthkit/autopsy/modules/vmextractor/VirtualMachineFinder.java index 21463f9a92..5ab2ffc334 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/vmextractor/VirtualMachineFinder.java +++ b/Core/src/org/sleuthkit/autopsy/modules/vmextractor/VirtualMachineFinder.java @@ -58,7 +58,7 @@ public final class VirtualMachineFinder { vmdkFiltersList.add(vmdkFilter); } - private static boolean isVirtualMachine(String fileName) { + public static final boolean isVirtualMachine(String fileName) { return isAcceptedByFiler(new File(fileName), vmFiltersList); }