diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/GeneralFilter.java b/Core/src/org/sleuthkit/autopsy/casemodule/GeneralFilter.java index 7d06ae23c3..d831e449c3 100644 --- a/Core/src/org/sleuthkit/autopsy/casemodule/GeneralFilter.java +++ b/Core/src/org/sleuthkit/autopsy/casemodule/GeneralFilter.java @@ -38,8 +38,8 @@ public class GeneralFilter extends FileFilter { @NbBundle.Messages("GeneralFilter.encaseImageDesc.text=Encase Images (*.e01)") public static final String ENCASE_IMAGE_DESC = Bundle.GeneralFilter_encaseImageDesc_text(); - public static final List VIRTUAL_MACHINE_EXTS = Arrays.asList(".vmdk", ".vhd"); //NON-NLS - @NbBundle.Messages("GeneralFilter.virtualMachineImageDesc.text=Virtual Machines (*.vmdk, *.vhd)") + public static final List VIRTUAL_MACHINE_EXTS = Arrays.asList(".vmdk", ".vhd", ".vhdx"); //NON-NLS + @NbBundle.Messages("GeneralFilter.virtualMachineImageDesc.text=Virtual Machines (*.vmdk, *.vhd, *.vhdx)") public static final String VIRTUAL_MACHINE_DESC = Bundle.GeneralFilter_virtualMachineImageDesc_text(); public static final List EXECUTABLE_EXTS = Arrays.asList(".exe"); //NON-NLS diff --git a/CoreLibs/ivy.xml b/CoreLibs/ivy.xml index 3566041703..446106e111 100644 --- a/CoreLibs/ivy.xml +++ b/CoreLibs/ivy.xml @@ -62,7 +62,7 @@ - + diff --git a/CoreLibs/nbproject/project.properties b/CoreLibs/nbproject/project.properties index 9bd3153105..3dcee33819 100644 --- a/CoreLibs/nbproject/project.properties +++ b/CoreLibs/nbproject/project.properties @@ -118,8 +118,8 @@ file.reference.jericho-html-3.4.jar=release/modules/ext/jericho-html-3.4.jar file.reference.jfxtras-common-17-r1.jar=release/modules/ext/jfxtras-common-17-r1.jar file.reference.jfxtras-controls-17-r1.jar=release/modules/ext/jfxtras-controls-17-r1.jar file.reference.jfxtras-fxml-17-r1.jar=release/modules/ext/jfxtras-fxml-17-r1.jar -file.reference.jna-5.14.0.jar=release/modules/ext/jna-5.14.0.jar -file.reference.jna-platform-5.14.0.jar=release/modules/ext/jna-platform-5.14.0.jar +file.reference.jna-5.15.0.jar=release/modules/ext/jna-5.15.0.jar +file.reference.jna-platform-5.15.0.jar=release/modules/ext/jna-platform-5.15.0.jar file.reference.joda-time-2.10.14.jar=release/modules/ext/joda-time-2.10.14.jar file.reference.jsr305-3.0.2.jar=release/modules/ext/jsr305-3.0.2.jar file.reference.LGoodDatePicker-11.2.1.jar=release/modules/ext/LGoodDatePicker-11.2.1.jar diff --git a/CoreLibs/nbproject/project.xml b/CoreLibs/nbproject/project.xml index 49cdfcd0c1..ba5941acfb 100644 --- a/CoreLibs/nbproject/project.xml +++ b/CoreLibs/nbproject/project.xml @@ -1041,12 +1041,12 @@ release/modules/ext/jfxtras-fxml-17-r1.jar - ext/jna-5.14.0.jar - release/modules/ext/jna-5.14.0.jar + ext/jna-5.15.0.jar + release/modules/ext/jna-5.15.0.jar - ext/jna-platform-5.14.0.jar - release/modules/ext/jna-platform-5.14.0.jar + ext/jna-platform-5.15.0.jar + release/modules/ext/jna-platform-5.15.0.jar ext/joda-time-2.10.14.jar diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractPrefetch.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractPrefetch.java index 18e823f5b3..a500367ba9 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractPrefetch.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractPrefetch.java @@ -69,9 +69,7 @@ final class ExtractPrefetch extends Extract { private static final String PREFETCH_TSK_COMMENT = "Prefetch File"; private static final String PREFETCH_FILE_LOCATION = "/windows/prefetch"; private static final String PREFETCH_TOOL_FOLDER = "markmckinnon"; //NON-NLS - private static final String PREFETCH_TOOL_NAME_WINDOWS_64 = "parse_prefetch_x64.exe"; //NON-NLS - private static final String PREFETCH_TOOL_NAME_WINDOWS_32 = "parse_prefetch_x32.exe"; //NON-NLS - private static final String PREFETCH_TOOL_NAME_MACOS = "parse_prefetch_macos"; //NON-NLS + private static final String PREFETCH_TOOL_NAME_WINDOWS = "parse_prefetch.exe"; //NON-NLS private static final String PREFETCH_TOOL_NAME_LINUX = "parse_prefetch_linux"; //NON-NLS private static final String PREFETCH_OUTPUT_FILE_NAME = "Output.txt"; //NON-NLS private static final String PREFETCH_ERROR_FILE_NAME = "Error.txt"; //NON-NLS @@ -178,7 +176,6 @@ final class ExtractPrefetch extends Extract { } } } - } /** @@ -219,16 +216,10 @@ final class ExtractPrefetch extends Extract { private String getPathForPrefetchDumper() { Path path = null; if (PlatformUtil.isWindowsOS()) { - if (PlatformUtil.is64BitOS()) { - path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_WINDOWS_64); - } else { - path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_WINDOWS_32); - } + path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_WINDOWS); } else { if ("Linux".equals(PlatformUtil.getOSName())) { path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_LINUX); - } else { - path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_MACOS); } } File prefetchToolFile = InstalledFileLocator.getDefault().locate(path.toString(), diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractSru.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractSru.java index 8940b46ca9..abea7f47aa 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractSru.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractSru.java @@ -62,10 +62,8 @@ final class ExtractSru extends Extract { private static final String APPLICATION_USAGE_SOURCE_NAME = "System Resource Usage - Application Usage"; //NON-NLS private static final String NETWORK_USAGE_SOURCE_NAME = "System Resource Usage - Network Usage"; private static final String SRU_TOOL_FOLDER = "markmckinnon"; //NON-NLS - private static final String SRU_TOOL_NAME_WINDOWS_32 = "Export_Srudb_32.exe"; //NON-NLS - private static final String SRU_TOOL_NAME_WINDOWS_64 = "Export_Srudb_64.exe"; //NON-NLS + private static final String SRU_TOOL_NAME_WINDOWS = "Export_Srudb.exe"; //NON-NLS private static final String SRU_TOOL_NAME_LINUX = "Export_Srudb_Linux.exe"; //NON-NLS - private static final String SRU_TOOL_NAME_MAC = "Export_srudb_macos"; //NON-NLS private static final String SRU_OUTPUT_FILE_NAME = "Output.txt"; //NON-NLS private static final String SRU_ERROR_FILE_NAME = "Error.txt"; //NON-NLS @@ -239,8 +237,11 @@ final class ExtractSru extends Extract { List commandLine = new ArrayList<>(); commandLine.add(sruExePath); + commandLine.add("-sr"); commandLine.add(sruFile); //NON-NLS + commandLine.add("-s"); commandLine.add(softwareHiveFile); + commandLine.add("-db"); commandLine.add(tempOutFile); ProcessBuilder processBuilder = new ProcessBuilder(commandLine); @@ -253,16 +254,10 @@ final class ExtractSru extends Extract { private String getPathForSruDumper() { Path path = null; if (PlatformUtil.isWindowsOS()) { - if (PlatformUtil.is64BitOS()) { - path = Paths.get(SRU_TOOL_FOLDER, SRU_TOOL_NAME_WINDOWS_64); - } else { - path = Paths.get(SRU_TOOL_FOLDER, SRU_TOOL_NAME_WINDOWS_32); - } + path = Paths.get(SRU_TOOL_FOLDER, SRU_TOOL_NAME_WINDOWS); } else { if ("Linux".equals(PlatformUtil.getOSName())) { path = Paths.get(SRU_TOOL_FOLDER, SRU_TOOL_NAME_LINUX); - } else { - path = Paths.get(SRU_TOOL_FOLDER, SRU_TOOL_NAME_MAC); } } File sruToolFile = InstalledFileLocator.getDefault().locate(path.toString(), @@ -320,11 +315,13 @@ final class ExtractSru extends Extract { } private void createNetUsageArtifacts(String sruDb, AbstractFile sruAbstractFile) { - List bba = new ArrayList<>(); + List bba = new ArrayList<>(); - String sqlStatement = "SELECT STRFTIME('%s', timestamp) ExecutionTime, a.application_name, b.Application_Name formatted_application_name, User_Name, " - + " bytesSent, BytesRecvd FROM network_Usage a, SruDbIdMapTable, exe_to_app b " - + " where appId = IdIndex and IdType = 0 and a.application_name = b.source_name order by ExecutionTime;"; //NON-NLS + String sqlStatement = "SELECT STRFTIME('%s', timestamp) ExecutionTime, b.application_name, b.Application_Name formatted_application_name, username User_Name, \n" + + " bytesSent, BytesRecvd \n" + + " FROM network_Usage a, SruDbIdMapTable s, exe_to_app b, userNames u\n" + + " WHERE s.idType = 0 and s.idIndex = appId and idblob = b.source_name and u.idindex = userid \n" + + " order by ExecutionTime;"; //NON-NLS try (SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", "jdbc:sqlite:" + sruDb); //NON-NLS ResultSet resultSet = tempdbconnect.executeQry(sqlStatement)) { @@ -384,9 +381,11 @@ final class ExtractSru extends Extract { private void createAppUsageArtifacts(String sruDb, AbstractFile sruAbstractFile) { List bba = new ArrayList<>(); - String sqlStatement = "SELECT STRFTIME('%s', timestamp) ExecutionTime, a.application_name, b.Application_Name formatted_application_name, User_Name " - + " FROM Application_Resource_Usage a, SruDbIdMapTable, exe_to_app b WHERE " - + " idType = 0 and idIndex = appId and a.application_name = b.source_name order by ExecutionTime;"; //NON-NLS + String sqlStatement = "SELECT STRFTIME('%s', timestamp) ExecutionTime, b.Application_Name \n" + + " formatted_application_name, username User_Name \n" + + " FROM Application_Resource_Usage a, SruDbIdMapTable s, exe_to_app b, userNames u \n" + + " WHERE s.idType = 0 and s.idIndex = appId and idblob = b.source_name and u.idindex = userid \n" + + " order by ExecutionTime;"; //NON-NLS try (SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", "jdbc:sqlite:" + sruDb); //NON-NLS ResultSet resultSet = tempdbconnect.executeQry(sqlStatement)) { @@ -398,7 +397,6 @@ final class ExtractSru extends Extract { return; } - String applicationName = resultSet.getString("Application_Name"); //NON-NLS String formattedApplicationName = resultSet.getString("formatted_application_name"); Long executionTime = Long.valueOf(resultSet.getInt("ExecutionTime")); //NON-NLS String userName = resultSet.getString("User_Name"); @@ -419,7 +417,7 @@ final class ExtractSru extends Extract { try { BlackboardArtifact bbart = createArtifactWithAttributes(BlackboardArtifact.Type.TSK_PROG_RUN, sruAbstractFile, bbattributes); bba.add(bbart); - BlackboardArtifact associateBbArtifact = createAssociatedArtifact(applicationName.toLowerCase(), bbart); + BlackboardArtifact associateBbArtifact = createAssociatedArtifact(formattedApplicationName.toLowerCase(), bbart); if (associateBbArtifact != null) { bba.add(associateBbArtifact); } diff --git a/Tika/nbproject/project.properties b/Tika/nbproject/project.properties index 2ebead2a20..92b72c53ea 100755 --- a/Tika/nbproject/project.properties +++ b/Tika/nbproject/project.properties @@ -64,7 +64,7 @@ file.reference.jdom2-2.0.6.1.jar=release/modules/ext/jdom2-2.0.6.1.jar file.reference.jempbox-1.8.16.jar=release/modules/ext/jempbox-1.8.16.jar file.reference.jhighlight-1.0.3.jar=release/modules/ext/jhighlight-1.0.3.jar file.reference.jmatio-1.5.jar=release/modules/ext/jmatio-1.5.jar -file.reference.jna-5.10.0.jar=release/modules/ext/jna-5.10.0.jar +file.reference.jna-5.15.0.jar=release/modules/ext/jna-5.15.0.jar file.reference.joda-time-2.2.jar=release/modules/ext/joda-time-2.2.jar file.reference.json-simple-1.1.1.jar=release/modules/ext/json-simple-1.1.1.jar file.reference.jsr305-3.0.2.jar=release/modules/ext/jsr305-3.0.2.jar diff --git a/Tika/nbproject/project.xml b/Tika/nbproject/project.xml index c103d1a1c6..244530be96 100755 --- a/Tika/nbproject/project.xml +++ b/Tika/nbproject/project.xml @@ -620,8 +620,8 @@ release/modules/ext/jmatio-1.5.jar - ext/jna-5.10.0.jar - release/modules/ext/jna-5.10.0.jar + ext/jna-5.15.0.jar + release/modules/ext/jna-5.15.0.jar ext/joda-time-2.2.jar diff --git a/docs/doxygen-dev/footer.html b/docs/doxygen-dev/footer.html index d648961fdc..fe4f9e42d1 100755 --- a/docs/doxygen-dev/footer.html +++ b/docs/doxygen-dev/footer.html @@ -1,5 +1,5 @@
-

Copyright © 2012-2022 Basis Technology. Generated on $date
+

Copyright © 2012-2024 Sleuth Kit Labs. Generated on $date
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

diff --git a/docs/doxygen-user/footer.html b/docs/doxygen-user/footer.html index cfedffe82c..fe4f9e42d1 100644 --- a/docs/doxygen-user/footer.html +++ b/docs/doxygen-user/footer.html @@ -1,5 +1,5 @@
-

Copyright © 2012-2023 BasisTech. Generated on $date
+

Copyright © 2012-2024 Sleuth Kit Labs. Generated on $date
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

diff --git a/docs/doxygen/footer.html b/docs/doxygen/footer.html index f9eb00590e..6d97889cc8 100644 --- a/docs/doxygen/footer.html +++ b/docs/doxygen/footer.html @@ -1,5 +1,5 @@
-

Copyright © 2012-2022 Basis Technology. Generated on: $date
+

Copyright © 2012-2024 Sleuth Kit Labs. Generated on: $date
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

diff --git a/linux_macos_install_scripts/install_tsk_from_src.sh b/linux_macos_install_scripts/install_tsk_from_src.sh index 83e1a4ae3e..6e5c7a320b 100644 --- a/linux_macos_install_scripts/install_tsk_from_src.sh +++ b/linux_macos_install_scripts/install_tsk_from_src.sh @@ -34,7 +34,7 @@ if [[ -z "${SLEUTHKIT_SRC_DIR}" ]]; then exit 1 fi -if [[ ! -d $SLEUTHKIT_SRC_DIR ]]; then +if [[ ! -d $SLEUTHKIT_SRC_DIR/.git ]]; then TSK_REPO_PATH=$(dirname "$SLEUTHKIT_SRC_DIR") echo "Cloning Sleuthkit to $TSK_REPO_PATH..." mkdir -p $TSK_REPO_PATH && diff --git a/thirdparty/markmckinnon/Export_Srudb_Linux b/thirdparty/markmckinnon/Export_Srudb_Linux index 0af32da85b..603bb032e9 100755 Binary files a/thirdparty/markmckinnon/Export_Srudb_Linux and b/thirdparty/markmckinnon/Export_Srudb_Linux differ diff --git a/thirdparty/markmckinnon/Export_srudb_macos b/thirdparty/markmckinnon/Export_srudb_macos deleted file mode 100755 index eeff65b668..0000000000 Binary files a/thirdparty/markmckinnon/Export_srudb_macos and /dev/null differ diff --git a/thirdparty/markmckinnon/parse_prefetch_x64.exe b/thirdparty/markmckinnon/export_srudb.exe similarity index 50% rename from thirdparty/markmckinnon/parse_prefetch_x64.exe rename to thirdparty/markmckinnon/export_srudb.exe index 3e0b7ae674..15f1bcb53d 100644 Binary files a/thirdparty/markmckinnon/parse_prefetch_x64.exe and b/thirdparty/markmckinnon/export_srudb.exe differ diff --git a/thirdparty/markmckinnon/export_srudb_32.exe b/thirdparty/markmckinnon/export_srudb_32.exe deleted file mode 100644 index e642c1d8df..0000000000 Binary files a/thirdparty/markmckinnon/export_srudb_32.exe and /dev/null differ diff --git a/thirdparty/markmckinnon/export_srudb_64.exe b/thirdparty/markmckinnon/export_srudb_64.exe deleted file mode 100644 index 7b07367739..0000000000 Binary files a/thirdparty/markmckinnon/export_srudb_64.exe and /dev/null differ diff --git a/thirdparty/markmckinnon/parse_prefetch.exe b/thirdparty/markmckinnon/parse_prefetch.exe new file mode 100644 index 0000000000..eec6490f99 Binary files /dev/null and b/thirdparty/markmckinnon/parse_prefetch.exe differ diff --git a/thirdparty/markmckinnon/parse_prefetch_linux b/thirdparty/markmckinnon/parse_prefetch_linux index 183674e9cf..2519a2c05e 100755 Binary files a/thirdparty/markmckinnon/parse_prefetch_linux and b/thirdparty/markmckinnon/parse_prefetch_linux differ diff --git a/thirdparty/markmckinnon/parse_prefetch_macos b/thirdparty/markmckinnon/parse_prefetch_macos deleted file mode 100755 index f36fa57d09..0000000000 Binary files a/thirdparty/markmckinnon/parse_prefetch_macos and /dev/null differ diff --git a/thirdparty/markmckinnon/parse_prefetch_x86.exe b/thirdparty/markmckinnon/parse_prefetch_x86.exe deleted file mode 100644 index fb58178c3a..0000000000 Binary files a/thirdparty/markmckinnon/parse_prefetch_x86.exe and /dev/null differ