mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 18:17:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Critical fixes to last update.

Browse Source 
Signed-off-by: Alex Ebadirad <aebadirad@42six.com>
This commit is contained in:
Alex Ebadirad 2012-05-02 09:21:43 -07:00
parent c5e71bb14e
commit 59d177ece7
6 changed files with 108 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -43,16 +43,16 @@ public class ExtractRegistry {
} else { } else {
rrFound = true; rrFound = true;
} }
try { // try {
Case currentCase = Case.getCurrentCase(); // get the most updated case // Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase(); // SleuthkitCase tempDb = currentCase.getSleuthkitCase();
ResultSet artset = tempDb.runQuery("SELECT * from blackboard_artifact_types WHERE type_name = 'TSK_SYS_INFO'"); // ResultSet artset = tempDb.runQuery("SELECT * from blackboard_artifact_types WHERE type_name = 'TSK_SYS_INFO'");
//
while (artset.next()) { // while (artset.next()) {
sysid = artset.getInt("artifact_type_id"); // sysid = artset.getInt("artifact_type_id");
} // }
} catch (Exception e) { // } catch (Exception e) {
} // }
final String rrHome = rrRoot.getAbsolutePath(); final String rrHome = rrRoot.getAbsolutePath();
logger.log(Level.INFO, "RegRipper home: " + rrHome); logger.log(Level.INFO, "RegRipper home: " + rrHome);
@ -191,10 +191,10 @@ public class ExtractRegistry {
etime = timenode.getTextTrim(); etime = timenode.getTextTrim();
Long time = null; Long time = null;
try { try {
Long epochtime = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'").parse(etime).getTime(); Long epochtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(etime).getTime();
time = epochtime.longValue(); time = epochtime.longValue();
} catch (ParseException e) { } catch (ParseException e) {
logger.log(Level.SEVERE, "ExtractIE::parsePascosResults() -> ", e.getMessage()); logger.log(Level.SEVERE, "RegRipper::Conversion on DateTime -> ", e.getMessage());
} }
Element artroot = tempnode.getChild("artifacts"); Element artroot = tempnode.getChild("artifacts");
List<Element> artlist = artroot.getChildren(); List<Element> artlist = artroot.getChildren();
@ -216,16 +216,32 @@ public class ExtractRegistry {
// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", context, value)); // bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", context, value));
// bbart.addAttributes(bbattributes); // bbart.addAttributes(bbattributes);
} else if ("usb".equals(context)) { } else if ("usb".equals(context)) {
Long utime = null;
try {
utime = Long.parseLong(name);
} catch (Exception e) {
logger.log(Level.SEVERE, "RegRipper::Conversion on DateTime -> ", e.getMessage());
}
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_DEVICE_ATTACHED); BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_DEVICE_ATTACHED);
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, name)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, utime));
String dev = artnode.getAttributeValue("dev"); String dev = artnode.getAttributeValue("dev");
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID(), "RecentActivity", context, dev)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID(), "RecentActivity", context, dev));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_ID.getTypeID(), "RecentActivity", context, value)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_ID.getTypeID(), "RecentActivity", context, value));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} else if ("uninstall".equals(context)) { } else if ("uninstall".equals(context)) {
Long ftime = null;
try {
Long epochtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(name).getTime();
ftime = epochtime.longValue();
} catch (ParseException e) {
logger.log(Level.SEVERE, "RegRipper::Conversion on DateTime -> ", e.getMessage());
}
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", context, value)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", context, value));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, name)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, ftime));
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG); BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG);
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} else if ("WinVersion".equals(context)) { } else if ("WinVersion".equals(context)) {
@ -238,15 +254,22 @@ public class ExtractRegistry {
} }
if (name.contains("InstallDate")) { if (name.contains("InstallDate")) {
installdate = value; installdate = value;
Long installtime = null;
try {
Long epochtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(value).getTime();
installtime = epochtime.longValue();
} catch (ParseException e) {
logger.log(Level.SEVERE, "RegRipper::Conversion on DateTime -> ", e.getMessage());
}
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", context, winver)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", context, winver));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, installdate)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, installtime));
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG); BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG);
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} }
} else { } else {
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(sysid); // BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(sysid);
bbart.addAttributes(bbattributes); // bbart.addAttributes(bbattributes);
} }
} }
} }

7
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -108,8 +108,8 @@ public class Firefox {
dbFile.delete(); dbFile.delete();
break; break;
} }
dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString);
ResultSet temprs = Util.runQuery(ffquery, connectionString); ResultSet temprs = tempdbconnect.executeQry(ffquery);
while (temprs.next()) { while (temprs.next()) {
try { try {
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY);
@ -126,6 +126,7 @@ public class Firefox {
} }
} }
temprs.close(); temprs.close();
tempdbconnect.closeConnection();
@ -225,7 +226,7 @@ public class Firefox {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", "", temprs.getString("value"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", "", temprs.getString("value")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "Title", ((temprs.getString("name") != null) ? temprs.getString("name") : ""))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "Title", ((temprs.getString("name") != null) ? temprs.getString("name") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "FireFox")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "FireFox"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", temprs.getString("host"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", Util.getBaseDomain(temprs.getString("host"))));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} catch (Exception ex) { } catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);

30
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestService.java
View File

@ -79,21 +79,21 @@ public final class RAImageIngestService implements IngestServiceImage {
try { try {
//do the work for(FileSystem img : imageFS ) //do the work for(FileSystem img : imageFS )
try { // try {
ResultSet artset = sCurrentCase.runQuery("SELECT * from blackboard_artifact_types WHERE type_name = 'TSK_SYS_INFO'"); // ResultSet artset = sCurrentCase.runQuery("SELECT * from blackboard_artifact_types WHERE type_name = 'TSK_SYS_INFO'");
int artcount = 0; // int artcount = 0;
while (artset.next()) { // while (artset.next()) {
artcount++; // artcount++;
} // }
//
// artset.beforeFirst(); // // artset.beforeFirst();
if (artcount > 0) { // if (artcount > 0) {
} else { // } else {
int artint = sCurrentCase.addArtifactType("TSK_SYS_INFO", "System Information"); // int artint = sCurrentCase.addArtifactType("TSK_SYS_INFO", "System Information");
} // }
//
} catch (Exception e) { // } catch (Exception e) {
} // }
ext.extractToBlackboard(controller, fsIds); ext.extractToBlackboard(controller, fsIds);

18
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Util.java
View File

@ -105,6 +105,24 @@ public class Util {
return rt; return rt;
} }
public static String getBaseDomain(String url) {
String host = url;
int startIndex = 0;
int nextIndex = host.indexOf('.');
int lastIndex = host.lastIndexOf('.');
while (nextIndex < lastIndex) {
startIndex = nextIndex + 1;
nextIndex = host.indexOf('.', startIndex);
}
if (startIndex > 0) {
return host.substring(startIndex);
} else {
return host;
}
}
public static String extractDomain(String value) { public static String extractDomain(String value) {
if (value == null) { if (value == null) {
throw new java.lang.NullPointerException("domains to extract"); throw new java.lang.NullPointerException("domains to extract");

25
Report/src/org/sleuthkit/autopsy/report/ReportConfiguration.java
View File

@ -60,8 +60,29 @@ class ReportConfiguration {
} }
; ;
//setters for generally supported report parts
public void setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE type, Boolean value) throws ReportModuleException { //regets everything that occurs in the constructor normally
public void getAllTypes() throws ReportModuleException {
config.clear();
//now lets get the list from the tsk and current case
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
try {
ArrayList<BlackboardArtifact.ARTIFACT_TYPE> arttypes = skCase.getBlackboardArtifactTypes();
for (BlackboardArtifact.ARTIFACT_TYPE type : arttypes) {
config.put(type, Boolean.FALSE);
}
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to retrieve list of artifact types from the TSK case .", ex);
}
}
;
//setters for generally supported report parts
public void setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE type, Boolean value) throws ReportModuleException {
if (config.containsKey(type)) { if (config.containsKey(type)) {
config.put(type, value); config.put(type, value);
} else { } else {

8
Report/src/org/sleuthkit/autopsy/report/reportFilter.java
View File

@ -51,7 +51,13 @@ public class reportFilter extends javax.swing.JPanel {
public reportFilter() { public reportFilter() {
initComponents(); initComponents();
cancel = false; cancel = false;
try{
config.getAllTypes();
}
catch(ReportModuleException ex)
{
Logger.getLogger(report.class.getName()).log(Level.SEVERE, "Exception occurred", ex);
}
} }
/** /**