mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 10:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Critical fixes to last update.

Browse Source 
Signed-off-by: Alex Ebadirad <aebadirad@42six.com>
This commit is contained in:
Alex Ebadirad 2012-05-02 09:21:43 -07:00
parent c5e71bb14e
commit 59d177ece7
6 changed files with 108 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -43,16 +43,16 @@ public class ExtractRegistry {
} else {
rrFound = true;
}
try {
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
ResultSet artset = tempDb.runQuery("SELECT * from blackboard_artifact_types WHERE type_name = 'TSK_SYS_INFO'");
while (artset.next()) {
sysid = artset.getInt("artifact_type_id");
}
} catch (Exception e) {
}
// try {
// Case currentCase = Case.getCurrentCase(); // get the most updated case
// SleuthkitCase tempDb = currentCase.getSleuthkitCase();
// ResultSet artset = tempDb.runQuery("SELECT * from blackboard_artifact_types WHERE type_name = 'TSK_SYS_INFO'");
//
// while (artset.next()) {
// sysid = artset.getInt("artifact_type_id");
// }
// } catch (Exception e) {
// }
final String rrHome = rrRoot.getAbsolutePath();
logger.log(Level.INFO, "RegRipper home: " + rrHome);
@ -191,10 +191,10 @@ public class ExtractRegistry {
etime = timenode.getTextTrim();
Long time = null;
try {
Long epochtime = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'").parse(etime).getTime();
Long epochtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(etime).getTime();
time = epochtime.longValue();
} catch (ParseException e) {
logger.log(Level.SEVERE, "ExtractIE::parsePascosResults() -> ", e.getMessage());
logger.log(Level.SEVERE, "RegRipper::Conversion on DateTime -> ", e.getMessage());
}
Element artroot = tempnode.getChild("artifacts");
List<Element> artlist = artroot.getChildren();
@ -216,16 +216,32 @@ public class ExtractRegistry {
// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", context, value));
// bbart.addAttributes(bbattributes);
} else if ("usb".equals(context)) {
Long utime = null;
try {
utime = Long.parseLong(name);
} catch (Exception e) {
logger.log(Level.SEVERE, "RegRipper::Conversion on DateTime -> ", e.getMessage());
}
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_DEVICE_ATTACHED);
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, name));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, utime));
String dev = artnode.getAttributeValue("dev");
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID(), "RecentActivity", context, dev));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_ID.getTypeID(), "RecentActivity", context, value));
bbart.addAttributes(bbattributes);
} else if ("uninstall".equals(context)) {
Long ftime = null;
try {
Long epochtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(name).getTime();
ftime = epochtime.longValue();
} catch (ParseException e) {
logger.log(Level.SEVERE, "RegRipper::Conversion on DateTime -> ", e.getMessage());
}
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", context, value));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, name));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, ftime));
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG);
bbart.addAttributes(bbattributes);
} else if ("WinVersion".equals(context)) {
@ -238,15 +254,22 @@ public class ExtractRegistry {
}
if (name.contains("InstallDate")) {
installdate = value;
Long installtime = null;
try {
Long epochtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(value).getTime();
installtime = epochtime.longValue();
} catch (ParseException e) {
logger.log(Level.SEVERE, "RegRipper::Conversion on DateTime -> ", e.getMessage());
}
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", context, winver));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, installdate));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, installtime));
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG);
bbart.addAttributes(bbattributes);
}
} else {
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(sysid);
bbart.addAttributes(bbattributes);
// BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(sysid);
// bbart.addAttributes(bbattributes);
}
}
}

7
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -108,8 +108,8 @@ public class Firefox {
dbFile.delete();
break;
}
ResultSet temprs = Util.runQuery(ffquery, connectionString);
dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString);
ResultSet temprs = tempdbconnect.executeQry(ffquery);
while (temprs.next()) {
try {
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY);
@ -126,6 +126,7 @@ public class Firefox {
}
}
temprs.close();
tempdbconnect.closeConnection();
@ -225,7 +226,7 @@ public class Firefox {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", "", temprs.getString("value")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "Title", ((temprs.getString("name") != null) ? temprs.getString("name") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "FireFox"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", temprs.getString("host")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", Util.getBaseDomain(temprs.getString("host"))));
bbart.addAttributes(bbattributes);
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);

30
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestService.java
View File

@ -79,21 +79,21 @@ public final class RAImageIngestService implements IngestServiceImage {
try {
//do the work for(FileSystem img : imageFS )
try {
ResultSet artset = sCurrentCase.runQuery("SELECT * from blackboard_artifact_types WHERE type_name = 'TSK_SYS_INFO'");
int artcount = 0;
while (artset.next()) {
artcount++;
}
// artset.beforeFirst();
if (artcount > 0) {
} else {
int artint = sCurrentCase.addArtifactType("TSK_SYS_INFO", "System Information");
}
} catch (Exception e) {
}
// try {
// ResultSet artset = sCurrentCase.runQuery("SELECT * from blackboard_artifact_types WHERE type_name = 'TSK_SYS_INFO'");
// int artcount = 0;
// while (artset.next()) {
// artcount++;
// }
//
// // artset.beforeFirst();
// if (artcount > 0) {
// } else {
// int artint = sCurrentCase.addArtifactType("TSK_SYS_INFO", "System Information");
// }
//
// } catch (Exception e) {
// }
ext.extractToBlackboard(controller, fsIds);

18
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Util.java
View File

@ -105,6 +105,24 @@ public class Util {
return rt;
}
public static String getBaseDomain(String url) {
String host = url;
int startIndex = 0;
int nextIndex = host.indexOf('.');
int lastIndex = host.lastIndexOf('.');
while (nextIndex < lastIndex) {
startIndex = nextIndex + 1;
nextIndex = host.indexOf('.', startIndex);
}
if (startIndex > 0) {
return host.substring(startIndex);
} else {
return host;
}
}
public static String extractDomain(String value) {
if (value == null) {
throw new java.lang.NullPointerException("domains to extract");

21
Report/src/org/sleuthkit/autopsy/report/ReportConfiguration.java
View File

@ -60,6 +60,27 @@ class ReportConfiguration {
}
;
//regets everything that occurs in the constructor normally
public void getAllTypes() throws ReportModuleException {
config.clear();
//now lets get the list from the tsk and current case
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
try {
ArrayList<BlackboardArtifact.ARTIFACT_TYPE> arttypes = skCase.getBlackboardArtifactTypes();
for (BlackboardArtifact.ARTIFACT_TYPE type : arttypes) {
config.put(type, Boolean.FALSE);
}
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to retrieve list of artifact types from the TSK case .", ex);
}
}
;
//setters for generally supported report parts
public void setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE type, Boolean value) throws ReportModuleException {
if (config.containsKey(type)) {

8
Report/src/org/sleuthkit/autopsy/report/reportFilter.java
View File

@ -51,7 +51,13 @@ public class reportFilter extends javax.swing.JPanel {
public reportFilter() {
initComponents();
cancel = false;
try{
config.getAllTypes();
}
catch(ReportModuleException ex)
{
Logger.getLogger(report.class.getName()).log(Level.SEVERE, "Exception occurred", ex);
}
}
/**