mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-16 17:57:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'report_generator' into develop

Browse Source
This commit is contained in:
Karl Mortensen 2014-11-17 16:03:57 -05:00
commit 55db7f03de
13 changed files with 260 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java
View File

@ -399,6 +399,8 @@ public class BlackboardArtifactNode extends DisplayableItemNode {
return "green-tag-icon-16.png"; //NON-NLS
case TSK_METADATA_EXIF:
return "camera-icon-16.png"; //NON-NLS
case TSK_EMAIL_MSG:
return "mail-icon-16.png"; //NON-NLS
case TSK_CONTACT:
return "contact.png"; //NON-NLS
case TSK_MESSAGE:

2
Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java
View File

@ -307,6 +307,8 @@ public class ExtractedContent implements AutopsyVisitableItem {
return "searchquery.png"; //NON-NLS
case TSK_METADATA_EXIF:
return "camera-icon-16.png"; //NON-NLS
case TSK_EMAIL_MSG:
return "mail-icon-16.png"; //NON-NLS
case TSK_CONTACT:
return "contact.png"; //NON-NLS
case TSK_MESSAGE:

7
Core/src/org/sleuthkit/autopsy/modules/android/CallLogAnalyzer.java
View File

@ -93,7 +93,12 @@ class CallLogAnalyzer {
try {
BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG); //create a call log and then add attributes from result set.
bba.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, number));
if(direction == CallDirection.OUTGOING) {
bba.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO.getTypeID(), moduleName, number));
}
else { /// Covers INCOMING and MISSED
bba.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM.getTypeID(), moduleName, number));
}
bba.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_START.getTypeID(), moduleName, date));
bba.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_END.getTypeID(), moduleName, duration + date));
bba.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, directionString));

9
Core/src/org/sleuthkit/autopsy/modules/iOS/CallLogAnalyzer.java
View File

@ -102,9 +102,14 @@ class CallLogAnalyzer {
duration = resultSet.getString("duration");
date = resultSet.getString("date");
type = resultSet.getString("type");
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG); //create a call log and then add attributes from result set.
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, number));
if(type.equalsIgnoreCase("outgoing")) {
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO.getTypeID(), moduleName, number));
}
else { /// Covers INCOMING and MISSED
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM.getTypeID(), moduleName, number));
}
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START.getTypeID(), moduleName, date));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END.getTypeID(), moduleName, duration + date));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, type));

11
Core/src/org/sleuthkit/autopsy/modules/iOS/TextMessageAnalyzer.java
View File

@ -105,13 +105,20 @@ class TextMessageAnalyzer {
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create Message artifact and then add attributes from result set.
// @@@ NEed to put into more specific TO or FROM
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, address));
if (type.equals("1")) {
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, "Incoming"));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM.getTypeID(), moduleName, address));
}
else {
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, "Outgoing"));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO.getTypeID(), moduleName, address));
}
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, date));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, type));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SUBJECT.getTypeID(), moduleName, subject));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(), moduleName, body));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE.getTypeID(), moduleName, "SMS Message"));
}
} catch (Exception e) {

108
Core/src/org/sleuthkit/autopsy/modules/photoreccarver/PhotoRecCarverOutputParser.java
View File

@ -18,10 +18,8 @@
*/
package org.sleuthkit.autopsy.modules.photoreccarver;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.nio.file.Path;
import java.nio.file.Paths;
@ -32,11 +30,15 @@ import java.util.logging.Level;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.services.FileManager;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.XMLUtil;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.LayoutFile;
import org.sleuthkit.datamodel.CarvedFileContainer;
import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.TskFileRange;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
/**
* This class parses the xml output from PhotoRec, and creates a list of entries to add back in to be processed.
@ -50,17 +52,6 @@ class PhotoRecCarverOutputParser {
basePath = base;
}
/**
* Gets the value inside the XML element and returns it. Ignores leading whitespace.
*
* @param name The XML element we are looking for.
* @param line The line in which we are looking for the element.
* @return The String value found
*/
private static String getValue(String name, String line) {
return line.replaceAll("[\t ]*</?" + name + ">", ""); //NON-NLS
}
/**
* Parses the given report.xml file, creating a List<LayoutFile> to return. Uses FileManager to add all carved files
* that it finds to the TSK database as $CarvedFiles under the passed-in parent id.
@ -73,66 +64,61 @@ class PhotoRecCarverOutputParser {
* @throws IOException
*/
List<LayoutFile> parse(File xmlInputFile, long id, AbstractFile af) throws FileNotFoundException, IOException {
try (BufferedReader in = new BufferedReader(new FileReader(xmlInputFile))) {
String fileName;
long fileSize;
String result;
String[] fields;
try {
final Document doc = XMLUtil.loadDoc(PhotoRecCarverOutputParser.class, xmlInputFile.toString());
if (doc == null) {
return null;
}
Element root = doc.getDocumentElement();
if (root == null) {
logger.log(Level.SEVERE, "Error loading config file: invalid file format (bad root)."); //NON-NLS
return null;
}
NodeList fileObjects = root.getElementsByTagName("fileobject"); //NON-NLS
final int numberOfFiles = fileObjects.getLength();
if (numberOfFiles == 0) {
return null;
}
String fileName;
Long fileSize;
NodeList fileNames;
NodeList fileSizes;
NodeList fileRanges;
Element entry;
Path filePath;
FileManager fileManager = Case.getCurrentCase().getServices().getFileManager();
// create and initialize the list to put into the database
List<CarvedFileContainer> carvedFileContainer = new ArrayList<>();
// create and initialize a line
String line = in.readLine();
for (int fileIndex = 0; fileIndex < numberOfFiles; ++fileIndex) {
entry = (Element) fileObjects.item(fileIndex);
fileNames = entry.getElementsByTagName("filename"); //NON-NLS
fileSizes = entry.getElementsByTagName("filesize"); //NON-NLS
fileRanges = entry.getElementsByTagName("byte_run"); //NON-NLS
// loop until an empty line is read
reachedEndOfFile:
while (!line.isEmpty()) {
while (!line.contains("<fileobject>")) //NON-NLS
{
if (line.equals("</dfxml>")) //NON-NLS
{ // We have found the end. Break out of both loops and move on to processing.
line = "";
break reachedEndOfFile;
}
line = in.readLine();
fileSize=Long.parseLong(fileSizes.item(0).getTextContent());
fileName=fileNames.item(0).getTextContent();
filePath = Paths.get(fileName);
if (filePath.startsWith(basePath)) {
fileName = filePath.getFileName().toString();
}
List<TskFileRange> ranges = new ArrayList<>();
// read filename line
line = in.readLine();
fileName = getValue("filename", line); //NON-NLS
Path p = Paths.get(fileName);
if (p.startsWith(basePath)) {
fileName = p.getFileName().toString();
List<TskFileRange> tskRanges = new ArrayList<>();
for (int rangeIndex = 0; rangeIndex < fileRanges.getLength(); ++rangeIndex) {
Long img_offset = Long.parseLong(((Element) fileRanges.item(rangeIndex)).getAttribute("img_offset")); //NON-NLS
Long len = Long.parseLong(((Element) fileRanges.item(rangeIndex)).getAttribute("len")); //NON-NLS
tskRanges.add(new TskFileRange(af.convertToImgOffset(img_offset), len, rangeIndex));
}
line = in.readLine(); /// read filesize line
fileSize = Long.parseLong(getValue("filesize", line)); //NON-NLS
in.readLine(); /// eat a line and move on to the next
line = in.readLine(); /// now get next valid line
while (line.contains("<byte_run")) //NON-NLS
{
result = line.replaceAll("[\t ]*<byte_run offset='", ""); //NON-NLS
result = result.replaceAll("'[\t ]*img_offset='", " "); //NON-NLS
result = result.replaceAll("'[\t ]*len='", " "); //NON-NLS
result = result.replaceAll("'/>[\t ]*", ""); //NON-NLS
fields = result.split(" "); /// offset, image offset, length //NON-NLS
ranges.add((new TskFileRange(af.convertToImgOffset(Long.parseLong(fields[1])), Long.parseLong(fields[2]), ranges.size())));
// read the next line
line = in.readLine();
}
carvedFileContainer.add(new CarvedFileContainer(fileName, fileSize, id, ranges));
carvedFileContainer.add(
new CarvedFileContainer(fileName, fileSize, id, tskRanges));
}
return fileManager.addCarvedFiles(carvedFileContainer);
}
catch (IOException | NumberFormatException | TskCoreException ex) {
catch (NumberFormatException | TskCoreException ex) {
logger.log(Level.SEVERE, "Error parsing PhotoRec output and inserting it into the database: {0}", ex); //NON_NLS
}

23
Core/src/org/sleuthkit/autopsy/report/Bundle.properties
View File

@ -99,6 +99,7 @@ ReportGenerator.artTableColHdr.url=URL
ReportGenerator.artTableColHdr.title=Title
ReportGenerator.artTableColHdr.dateCreated=Date Created
ReportGenerator.artTableColHdr.program=Program
ReportGenerator.artTableColHdr.urlDomainDecoded=URL Domain
ReportGenerator.artTableColHdr.srcFile=Source File
ReportGenerator.artTableColHdr.dateTime=Date/Time
ReportGenerator.artTableColHdr.name=Name
@ -118,9 +119,16 @@ ReportGenerator.artTableColHdr.text=Text
ReportGenerator.artTableColHdr.domain=Domain
ReportGenerator.artTableColHdr.dateTaken=Date Taken
ReportGenerator.artTableColHdr.devManufacturer=Device Manufacturer
ReportGenerator.artTableColHdr.devMake=Device Make
ReportGenerator.artTableColHdr.devModel=Device Model
ReportGenerator.artTableColHdr.latitude=Latitude
ReportGenerator.artTableColHdr.longitude=Longitude
ReportGenerator.artTableColHdr.latitudeStart=Starting Latitude
ReportGenerator.artTableColHdr.longitudeStart=Starting Longitude
ReportGenerator.artTableColHdr.latitudeEnd=Ending Latitude
ReportGenerator.artTableColHdr.longitudeEnd=Ending Longitude
ReportGenerator.artTableColHdr.associatedArtifact=Associated Artifact
ReportGenerator.artTableColHdr.count=Count
ReportGenerator.artTableColHdr.personName=Person Name
ReportGenerator.artTableColHdr.phoneNumber=Phone Number
ReportGenerator.artTableColHdr.phoneNumHome=Phone Number (Home)
@ -135,6 +143,20 @@ ReportGenerator.artTableColHdr.fromEmail=From Email
ReportGenerator.artTableColHdr.toPhoneNum=To Phone Number
ReportGenerator.artTableColHdr.toEmail=To Email
ReportGenerator.artTableColHdr.subject=Subject
ReportGenerator.artTableColHdr.tskEmailTo=E-Mail To
ReportGenerator.artTableColHdr.tskEmailCc=E-Mail CC
ReportGenerator.artTableColHdr.tskEmailBcc=E-Mail BCC
ReportGenerator.artTableColHdr.tskEmailFrom=E-Mail From
ReportGenerator.artTableColHdr.tskMsgId=Message ID
ReportGenerator.artTableColHdr.tskMsgReplyId=Message Reply ID
ReportGenerator.artTableColHdr.tskDateTimeRcvd=Date Received
ReportGenerator.artTableColHdr.tskDateTimeSent=Date Sent
ReportGenerator.artTableColHdr.tskSubject=Subject
ReportGenerator.artTableColHdr.tskTitle=Title
ReportGenerator.artTableColHdr.tskSetName=Set Name
ReportGenerator.artTableColHdr.tskInterestingFilesCategory=Rule
ReportGenerator.artTableColHdr.tskGpsRouteCategory=Category
ReportGenerator.artTableColHdr.tskPath=Path
ReportGenerator.artTableColHdr.calendarEntryType=Calendar Entry Type
ReportGenerator.artTableColHdr.description=Description
ReportGenerator.artTableColHdr.startDateTime=Start Date/Time
@ -147,6 +169,7 @@ ReportGenerator.artTableColHdr.altitude=Altitude
ReportGenerator.artTableColHdr.locationAddress=Location Address
ReportGenerator.artTableColHdr.category=Category
ReportGenerator.artTableColHdr.userId=User ID
ReportGenerator.artTableColHdr.userName=User Name
ReportGenerator.artTableColHdr.password=Password
ReportGenerator.artTableColHdr.appName=App Name
ReportGenerator.artTableColHdr.appPath=App Path

157
Core/src/org/sleuthkit/autopsy/report/ReportGenerator.java
View File

@ -462,7 +462,7 @@ import org.sleuthkit.datamodel.TskData;
type.getDisplayName()));
}
// Keyword hits and hashset hit artifacts get sepcial handling.
// Keyword hits and hashset hit artifacts get special handling.
if (type.equals(ARTIFACT_TYPE.TSK_KEYWORD_HIT)) {
writeKeywordHits(tableModules, comment.toString(), tagNamesFilter);
continue;
@ -491,10 +491,6 @@ import org.sleuthkit.datamodel.TskData;
List<String> columnHeaders = getArtifactTableColumnHeaders(type.getTypeID());
if (columnHeaders == null) {
// @@@ Hack to prevent system from hanging. Better solution is to merge all attributes into a single column or analyze the artifacts to find out how many are needed.
MessageNotifyUtil.Notify.show(
NbBundle.getMessage(this.getClass(), "ReportGenerator.msgShow.skippingArtType.title", type),
NbBundle.getMessage(this.getClass(), "ReportGenerator.msgShow.skippingArtType.msg"),
MessageNotifyUtil.MessageType.ERROR);
continue;
}
@ -557,7 +553,7 @@ import org.sleuthkit.datamodel.TskData;
}
// Tell the modules reporting on content tags is beginning.
for (TableReportModule module : tableModules) {
for (TableReportModule module : tableModules) {
// @@@ This casting is a tricky little workaround to allow the HTML report module to slip in a content hyperlink.
// @@@ Alos Using the obsolete ARTIFACT_TYPE.TSK_TAG_FILE is also an expedient hack.
tableProgress.get(module).updateStatusLabel(
@ -1154,6 +1150,7 @@ import org.sleuthkit.datamodel.TskData;
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.referrer"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.title"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.program"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.urlDomainDecoded"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.srcFile")}));
break;
case TSK_WEB_DOWNLOAD:
@ -1186,9 +1183,10 @@ import org.sleuthkit.datamodel.TskData;
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.file"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.size")}));
break;
case TSK_DEVICE_ATTACHED:
case TSK_DEVICE_ATTACHED:
columnHeaders = new ArrayList<>(Arrays.asList(new String[] {
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.name"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.devMake"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.devModel"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.deviceId"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.dateTime"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.srcFile")}));
@ -1208,6 +1206,7 @@ import org.sleuthkit.datamodel.TskData;
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.devModel"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.latitude"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.longitude"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.altitude"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.srcFile")}));
break;
case TSK_CONTACT:
@ -1237,7 +1236,8 @@ import org.sleuthkit.datamodel.TskData;
case TSK_CALLLOG:
columnHeaders = new ArrayList<>(Arrays.asList(new String[] {
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.personName"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.phoneNumber"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.fromPhoneNum"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.toPhoneNum"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.dateTime"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.direction"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.srcFile") }));
@ -1269,11 +1269,8 @@ import org.sleuthkit.datamodel.TskData;
columnHeaders = new ArrayList<>(Arrays.asList(new String[] {
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.latitude"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.longitude"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.altitude"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.name"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.locationAddress"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.dateTime"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.srcFile") }));
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.srcFile")}));
break;
case TSK_GPS_BOOKMARK:
columnHeaders = new ArrayList<>(Arrays.asList(new String[] {
@ -1319,12 +1316,6 @@ import org.sleuthkit.datamodel.TskData;
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.mailServer"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.srcFile") }));
break;
case TSK_TOOL_OUTPUT:
columnHeaders = new ArrayList<>(Arrays.asList(new String[] {
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.progName"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.text"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.srcFile")}));
break;
case TSK_ENCRYPTION_DETECTED:
columnHeaders = new ArrayList<>(Arrays.asList(new String[] {
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.name"),
@ -1344,6 +1335,55 @@ import org.sleuthkit.datamodel.TskData;
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.osInstallDate.text"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.srcFile")}));
break;
case TSK_EMAIL_MSG:
columnHeaders = new ArrayList<>(Arrays.asList(new String[] {
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.tskEmailTo"), //TSK_EMAIL_TO
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.tskEmailFrom"), //TSK_EMAIL_FROM
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.tskSubject"), //TSK_SUBJECT
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.tskDateTimeSent"), //TSK_DATETIME_SENT
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.tskDateTimeRcvd"), //TSK_DATETIME_RCVD
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.tskPath"), //TSK_PATH
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.tskEmailCc"), //TSK_EMAIL_CC
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.tskEmailBcc"), //TSK_EMAIL_BCC
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.tskMsgId")})); //TSK_MSG_ID
break;
case TSK_INTERESTING_FILE_HIT:
columnHeaders = new ArrayList<>(Arrays.asList(new String[]{
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.tskSetName"), //TSK_SET_NAME
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.tskInterestingFilesCategory"), //TSK_CATEGORY
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.tskPath")})); //TSK_PATH
break;
case TSK_GPS_ROUTE:
columnHeaders = new ArrayList<>(Arrays.asList(new String[]{
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.tskGpsRouteCategory"), //TSK_CATEGORY
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.dateTime"), //TSK_DATETIME
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.latitudeEnd"), //TSK_GEO_LATITUDE_END
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.longitudeEnd"), //TSK_GEO_LONGITUDE_END
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.latitudeStart"), //TSK_GEO_LATITUDE_START
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.longitudeStart"), //TSK_GEO_LONGITUDE_START
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.name"), //TSK_NAME
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.location"), //TSK_LOCATION
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.program")}));//TSK_PROG_NAME
break;
case TSK_INTERESTING_ARTIFACT_HIT:
columnHeaders = new ArrayList<>(Arrays.asList(new String[]{
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.tskSetName"), //TSK_SET_NAME
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.associatedArtifact"), //TSK_ASSOCIATED_ARTIFACT
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.program")})); //TSK_PROG_NAME
break;
case TSK_PROG_RUN:
columnHeaders = new ArrayList<>(Arrays.asList(new String[]{
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.program"), //TSK_PROG_NAME
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.associatedArtifact"), //TSK_ASSOCIATED_ARTIFACT
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.dateTime"), //TSK_DATETIME
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.count")})); //TSK_COUNT
break;
case TSK_OS_ACCOUNT:
columnHeaders = new ArrayList<>(Arrays.asList(new String[]{
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.userName"), //TSK_USER_NAME
NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.userId")})); //TSK_USER_ID
break;
default:
return null;
}
@ -1420,8 +1460,15 @@ import org.sleuthkit.datamodel.TskData;
*/
private String getFileUniquePath(long objId) {
try {
return skCase.getAbstractFileById(objId).getUniquePath();
} catch (TskCoreException ex) {
AbstractFile af = skCase.getAbstractFileById(objId);
if(af!=null) {
return af.getUniquePath();
}
else {
return "";
}
}
catch (TskCoreException ex) {
logger.log(Level.WARNING, "Failed to get Abstract File by ID.", ex); //NON-NLS
}
return "";
@ -1528,6 +1575,7 @@ import org.sleuthkit.datamodel.TskData;
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_TITLE.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
orderedRowData.add(getFileUniquePath(getObjectID()));
break;
@ -1549,6 +1597,7 @@ import org.sleuthkit.datamodel.TskData;
orderedRowData.add(getFileUniquePath(getObjectID()));
break;
case TSK_DEVICE_ATTACHED:
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_DEVICE_MAKE.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_DEVICE_ID.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID()));
@ -1561,12 +1610,13 @@ import org.sleuthkit.datamodel.TskData;
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
orderedRowData.add(getFileUniquePath(getObjectID()));
break;
case TSK_METADATA_EXIF:
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID()));
case TSK_METADATA_EXIF:
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_DATETIME_CREATED.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_DEVICE_MAKE.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_GEO_LATITUDE.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_GEO_ALTITUDE.getTypeID()));
orderedRowData.add(getFileUniquePath(getObjectID()));
break;
case TSK_CONTACT:
@ -1593,7 +1643,8 @@ import org.sleuthkit.datamodel.TskData;
break;
case TSK_CALLLOG:
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_NAME.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_DATETIME_START.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID()));
orderedRowData.add(getFileUniquePath(getObjectID()));
@ -1608,7 +1659,7 @@ import org.sleuthkit.datamodel.TskData;
break;
case TSK_SPEED_DIAL_ENTRY:
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_SHORTCUT.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_NAME.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_NAME_PERSON.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID()));
orderedRowData.add(getFileUniquePath(getObjectID()));
break;
@ -1621,9 +1672,6 @@ import org.sleuthkit.datamodel.TskData;
case TSK_GPS_TRACKPOINT:
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_GEO_LATITUDE.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_GEO_ALTITUDE.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_NAME.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_LOCATION.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID()));
orderedRowData.add(getFileUniquePath(getObjectID()));
break;
@ -1667,7 +1715,7 @@ import org.sleuthkit.datamodel.TskData;
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_SERVER_NAME.getTypeID()));
orderedRowData.add(getFileUniquePath(getObjectID()));
break;
case TSK_TOOL_OUTPUT:
case TSK_TOOL_OUTPUT:
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_TEXT.getTypeID()));
orderedRowData.add(getFileUniquePath(getObjectID()));
@ -1676,7 +1724,7 @@ import org.sleuthkit.datamodel.TskData;
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_NAME.getTypeID()));
orderedRowData.add(getFileUniquePath(getObjectID()));
break;
case TSK_EXT_MISMATCH_DETECTED:
case TSK_EXT_MISMATCH_DETECTED:
AbstractFile file = skCase.getAbstractFileById(getObjectID());
orderedRowData.add(file.getName());
orderedRowData.add(file.getNameExtension());
@ -1688,12 +1736,59 @@ import org.sleuthkit.datamodel.TskData;
}
orderedRowData.add(file.getUniquePath());
break;
case TSK_OS_INFO:
case TSK_OS_INFO:
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_PROCESSOR_ARCHITECTURE.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID()));
orderedRowData.add(getFileUniquePath(getObjectID()));
break;
case TSK_EMAIL_MSG:
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_EMAIL_TO.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_EMAIL_FROM.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_SUBJECT.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_DATETIME_SENT.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_DATETIME_RCVD.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_PATH.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_EMAIL_CC.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_EMAIL_BCC.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_MSG_ID.getTypeID()));
break;
case TSK_INTERESTING_FILE_HIT:
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_CATEGORY.getTypeID()));
String pathToShow=mappedAttributes.get(ATTRIBUTE_TYPE.TSK_PATH.getTypeID());
if (pathToShow.isEmpty())
{
pathToShow=getFileUniquePath(getObjectID());
}
orderedRowData.add(pathToShow);
break;
case TSK_GPS_ROUTE:
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_CATEGORY.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_END.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_END.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_START.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_START.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_NAME.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_LOCATION.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
break;
case TSK_INTERESTING_ARTIFACT_HIT:
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
break;
case TSK_PROG_RUN:
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_COUNT.getTypeID()));
break;
case TSK_OS_ACCOUNT:
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_USER_NAME.getTypeID()));
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_USER_ID.getTypeID()));
break;
}
orderedRowData.add(makeCommaSeparatedList(getTags()));

25
Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
View File

@ -230,7 +230,30 @@ import org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM;
case TSK_OS_INFO:
in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/report/images/computer.png"); //NON-NLS
break;
case TSK_GPS_TRACKPOINT:
in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/report/images/gps_trackpoint.png"); //NON-NLS
break;
case TSK_GPS_ROUTE:
in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/report/images/gps_trackpoint.png"); //NON-NLS
break;
case TSK_EMAIL_MSG:
in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/images/mail-icon-16.png"); //NON-NLS
break;
case TSK_ENCRYPTION_DETECTED:
in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/images/encrypted-file.png"); //NON-NLS
break;
case TSK_EXT_MISMATCH_DETECTED:
in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/images/mismatch-16.png"); //NON-NLS
break;
case TSK_INTERESTING_ARTIFACT_HIT:
in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/images/interesting_item.png"); //NON-NLS
break;
case TSK_INTERESTING_FILE_HIT:
in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/images/interesting_item.png"); //NON-NLS
break;
case TSK_PROG_RUN:
in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/report/images/installed.png"); //NON-NLS
break;
default:
logger.log(Level.WARNING, "useDataTypeIcon: unhandled artifact type = " + dataType); //NON-NLS
in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/report/images/star.png"); //NON-NLS

2
Core/src/org/sleuthkit/autopsy/timeline/events/type/MiscTypes.java
View File

@ -62,7 +62,7 @@ public enum MiscTypes implements EventType, ArtifactEventType {
final BlackboardAttribute longEnd = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_END);
return String.format("from %1$g %2$g to %3$g %4$g", latStart.getValueDouble(), longStart.getValueDouble(), latEnd.getValueDouble(), longEnd.getValueDouble());
}),
GPS_TRACKPOINT("Location History", "gps-trackpoint.png",
GPS_TRACKPOINT("Location History", "gps_trackpoint.png",
BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT,
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME,
new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME),

2
Core/src/org/sleuthkit/autopsy/timeline/events/type/WebTypes.java
View File

@ -43,7 +43,7 @@ public enum WebTypes implements EventType, ArtifactEventType {
/** Override
* {@link ArtifactEventType#parseAttributesHelper(org.sleuthkit.datamodel.BlackboardArtifact, java.util.Map)}
* with non default descritpion construction */
* with non default description construction */
@Override
public AttributeEventDescription parseAttributesHelper(BlackboardArtifact artf, Map<BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute> attrMap) {
long time = attrMap.get(getDateTimeAttrubuteType()).getValueLong();

8
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
View File

@ -530,7 +530,7 @@ class Chrome extends Extract {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
NbBundle.getMessage(this.getClass(), "Chrome.moduleName")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
(Util.extractDomain((result.get("origin_url").toString() != null) ? result.get("url").toString() : "")))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USER_NAME.getTypeID(),
@ -540,6 +540,12 @@ class Chrome extends Extract {
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
result.get("signon_realm").toString())); //NON-NLS
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, signonFile, bbattributes);
Collection<BlackboardAttribute> osAcctAttributes = new ArrayList<>();
osAcctAttributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USER_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("username_value").toString() != null) ? result.get("username_value").toString().replaceAll("'", "''") : ""))); //NON-NLS
this.addArtifact(ARTIFACT_TYPE.TSK_OS_ACCOUNT, signonFile, osAcctAttributes);
}
dbFile.delete();

5
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -505,6 +505,11 @@ class ExtractIE extends Extract {
NbBundle.getMessage(this.getClass(),
"ExtractIE.parentModuleName.noSpace"), user));
bbart.addAttributes(bbattributes);
BlackboardArtifact osAttr = origFile.newArtifact(ARTIFACT_TYPE.TSK_OS_ACCOUNT);
osAttr.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USER_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(), "ExtractIE.parentModuleName.noSpace"), user));
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error writing Internet Explorer web history artifact to the blackboard.", ex); //NON-NLS
}