mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' of github.com:sleuthkit/autopsy into graphicsEnvHeadless

Browse Source
This commit is contained in:
Greg DiCristofaro 2024-09-17 11:14:03 -04:00
commit 5c2d9ec816
21 changed files with 35 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Core/src/org/sleuthkit/autopsy/casemodule/GeneralFilter.java
View File

@ -38,8 +38,8 @@ public class GeneralFilter extends FileFilter {
@NbBundle.Messages("GeneralFilter.encaseImageDesc.text=Encase Images (*.e01)") @NbBundle.Messages("GeneralFilter.encaseImageDesc.text=Encase Images (*.e01)")
public static final String ENCASE_IMAGE_DESC = Bundle.GeneralFilter_encaseImageDesc_text(); public static final String ENCASE_IMAGE_DESC = Bundle.GeneralFilter_encaseImageDesc_text();
public static final List<String> VIRTUAL_MACHINE_EXTS = Arrays.asList(".vmdk", ".vhd"); //NON-NLS public static final List<String> VIRTUAL_MACHINE_EXTS = Arrays.asList(".vmdk", ".vhd", ".vhdx"); //NON-NLS
@NbBundle.Messages("GeneralFilter.virtualMachineImageDesc.text=Virtual Machines (*.vmdk, *.vhd)") @NbBundle.Messages("GeneralFilter.virtualMachineImageDesc.text=Virtual Machines (*.vmdk, *.vhd, *.vhdx)")
public static final String VIRTUAL_MACHINE_DESC = Bundle.GeneralFilter_virtualMachineImageDesc_text(); public static final String VIRTUAL_MACHINE_DESC = Bundle.GeneralFilter_virtualMachineImageDesc_text();
public static final List<String> EXECUTABLE_EXTS = Arrays.asList(".exe"); //NON-NLS public static final List<String> EXECUTABLE_EXTS = Arrays.asList(".exe"); //NON-NLS

2
CoreLibs/ivy.xml
View File

@ -62,7 +62,7 @@
<!-- for viewers --> <!-- for viewers -->
<dependency conf="autopsy_core->default" org="org.freedesktop.gstreamer" name="gst1-java-core" rev="1.4.0"/> <dependency conf="autopsy_core->default" org="org.freedesktop.gstreamer" name="gst1-java-core" rev="1.4.0"/>
<dependency conf="autopsy_core->default" org="net.java.dev.jna" name="jna-platform" rev="5.14.0"/> <dependency conf="autopsy_core->default" org="net.java.dev.jna" name="jna-platform" rev="5.15.0"/>
<!-- for file search --> <!-- for file search -->
<dependency conf="autopsy_core->default" org="com.github.lgooddatepicker" name="LGoodDatePicker" rev="11.2.1"/> <dependency conf="autopsy_core->default" org="com.github.lgooddatepicker" name="LGoodDatePicker" rev="11.2.1"/>

4
CoreLibs/nbproject/project.properties
View File

@ -118,8 +118,8 @@ file.reference.jericho-html-3.4.jar=release/modules/ext/jericho-html-3.4.jar
file.reference.jfxtras-common-17-r1.jar=release/modules/ext/jfxtras-common-17-r1.jar file.reference.jfxtras-common-17-r1.jar=release/modules/ext/jfxtras-common-17-r1.jar
file.reference.jfxtras-controls-17-r1.jar=release/modules/ext/jfxtras-controls-17-r1.jar file.reference.jfxtras-controls-17-r1.jar=release/modules/ext/jfxtras-controls-17-r1.jar
file.reference.jfxtras-fxml-17-r1.jar=release/modules/ext/jfxtras-fxml-17-r1.jar file.reference.jfxtras-fxml-17-r1.jar=release/modules/ext/jfxtras-fxml-17-r1.jar
file.reference.jna-5.14.0.jar=release/modules/ext/jna-5.14.0.jar file.reference.jna-5.15.0.jar=release/modules/ext/jna-5.15.0.jar
file.reference.jna-platform-5.14.0.jar=release/modules/ext/jna-platform-5.14.0.jar file.reference.jna-platform-5.15.0.jar=release/modules/ext/jna-platform-5.15.0.jar
file.reference.joda-time-2.10.14.jar=release/modules/ext/joda-time-2.10.14.jar file.reference.joda-time-2.10.14.jar=release/modules/ext/joda-time-2.10.14.jar
file.reference.jsr305-3.0.2.jar=release/modules/ext/jsr305-3.0.2.jar file.reference.jsr305-3.0.2.jar=release/modules/ext/jsr305-3.0.2.jar
file.reference.LGoodDatePicker-11.2.1.jar=release/modules/ext/LGoodDatePicker-11.2.1.jar file.reference.LGoodDatePicker-11.2.1.jar=release/modules/ext/LGoodDatePicker-11.2.1.jar

8
CoreLibs/nbproject/project.xml
View File

@ -1041,12 +1041,12 @@
<binary-origin>release/modules/ext/jfxtras-fxml-17-r1.jar</binary-origin> <binary-origin>release/modules/ext/jfxtras-fxml-17-r1.jar</binary-origin>
</class-path-extension> </class-path-extension>
<class-path-extension> <class-path-extension>
<runtime-relative-path>ext/jna-5.14.0.jar</runtime-relative-path> <runtime-relative-path>ext/jna-5.15.0.jar</runtime-relative-path>
<binary-origin>release/modules/ext/jna-5.14.0.jar</binary-origin> <binary-origin>release/modules/ext/jna-5.15.0.jar</binary-origin>
</class-path-extension> </class-path-extension>
<class-path-extension> <class-path-extension>
<runtime-relative-path>ext/jna-platform-5.14.0.jar</runtime-relative-path> <runtime-relative-path>ext/jna-platform-5.15.0.jar</runtime-relative-path>
<binary-origin>release/modules/ext/jna-platform-5.14.0.jar</binary-origin> <binary-origin>release/modules/ext/jna-platform-5.15.0.jar</binary-origin>
</class-path-extension> </class-path-extension>
<class-path-extension> <class-path-extension>
<runtime-relative-path>ext/joda-time-2.10.14.jar</runtime-relative-path> <runtime-relative-path>ext/joda-time-2.10.14.jar</runtime-relative-path>

13
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractPrefetch.java
View File

@ -69,9 +69,7 @@ final class ExtractPrefetch extends Extract {
private static final String PREFETCH_TSK_COMMENT = "Prefetch File"; private static final String PREFETCH_TSK_COMMENT = "Prefetch File";
private static final String PREFETCH_FILE_LOCATION = "/windows/prefetch"; private static final String PREFETCH_FILE_LOCATION = "/windows/prefetch";
private static final String PREFETCH_TOOL_FOLDER = "markmckinnon"; //NON-NLS private static final String PREFETCH_TOOL_FOLDER = "markmckinnon"; //NON-NLS
private static final String PREFETCH_TOOL_NAME_WINDOWS_64 = "parse_prefetch_x64.exe"; //NON-NLS private static final String PREFETCH_TOOL_NAME_WINDOWS = "parse_prefetch.exe"; //NON-NLS
private static final String PREFETCH_TOOL_NAME_WINDOWS_32 = "parse_prefetch_x32.exe"; //NON-NLS
private static final String PREFETCH_TOOL_NAME_MACOS = "parse_prefetch_macos"; //NON-NLS
private static final String PREFETCH_TOOL_NAME_LINUX = "parse_prefetch_linux"; //NON-NLS private static final String PREFETCH_TOOL_NAME_LINUX = "parse_prefetch_linux"; //NON-NLS
private static final String PREFETCH_OUTPUT_FILE_NAME = "Output.txt"; //NON-NLS private static final String PREFETCH_OUTPUT_FILE_NAME = "Output.txt"; //NON-NLS
private static final String PREFETCH_ERROR_FILE_NAME = "Error.txt"; //NON-NLS private static final String PREFETCH_ERROR_FILE_NAME = "Error.txt"; //NON-NLS
@ -178,7 +176,6 @@ final class ExtractPrefetch extends Extract {
} }
} }
} }
} }
/** /**
@ -219,16 +216,10 @@ final class ExtractPrefetch extends Extract {
private String getPathForPrefetchDumper() { private String getPathForPrefetchDumper() {
Path path = null; Path path = null;
if (PlatformUtil.isWindowsOS()) { if (PlatformUtil.isWindowsOS()) {
if (PlatformUtil.is64BitOS()) { path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_WINDOWS);
path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_WINDOWS_64);
} else {
path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_WINDOWS_32);
}
} else { } else {
if ("Linux".equals(PlatformUtil.getOSName())) { if ("Linux".equals(PlatformUtil.getOSName())) {
path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_LINUX); path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_LINUX);
} else {
path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_MACOS);
} }
} }
File prefetchToolFile = InstalledFileLocator.getDefault().locate(path.toString(), File prefetchToolFile = InstalledFileLocator.getDefault().locate(path.toString(),

34
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractSru.java
View File

@ -62,10 +62,8 @@ final class ExtractSru extends Extract {
private static final String APPLICATION_USAGE_SOURCE_NAME = "System Resource Usage - Application Usage"; //NON-NLS private static final String APPLICATION_USAGE_SOURCE_NAME = "System Resource Usage - Application Usage"; //NON-NLS
private static final String NETWORK_USAGE_SOURCE_NAME = "System Resource Usage - Network Usage"; private static final String NETWORK_USAGE_SOURCE_NAME = "System Resource Usage - Network Usage";
private static final String SRU_TOOL_FOLDER = "markmckinnon"; //NON-NLS private static final String SRU_TOOL_FOLDER = "markmckinnon"; //NON-NLS
private static final String SRU_TOOL_NAME_WINDOWS_32 = "Export_Srudb_32.exe"; //NON-NLS private static final String SRU_TOOL_NAME_WINDOWS = "Export_Srudb.exe"; //NON-NLS
private static final String SRU_TOOL_NAME_WINDOWS_64 = "Export_Srudb_64.exe"; //NON-NLS
private static final String SRU_TOOL_NAME_LINUX = "Export_Srudb_Linux.exe"; //NON-NLS private static final String SRU_TOOL_NAME_LINUX = "Export_Srudb_Linux.exe"; //NON-NLS
private static final String SRU_TOOL_NAME_MAC = "Export_srudb_macos"; //NON-NLS
private static final String SRU_OUTPUT_FILE_NAME = "Output.txt"; //NON-NLS private static final String SRU_OUTPUT_FILE_NAME = "Output.txt"; //NON-NLS
private static final String SRU_ERROR_FILE_NAME = "Error.txt"; //NON-NLS private static final String SRU_ERROR_FILE_NAME = "Error.txt"; //NON-NLS
@ -239,8 +237,11 @@ final class ExtractSru extends Extract {
List<String> commandLine = new ArrayList<>(); List<String> commandLine = new ArrayList<>();
commandLine.add(sruExePath); commandLine.add(sruExePath);
commandLine.add("-sr");
commandLine.add(sruFile); //NON-NLS commandLine.add(sruFile); //NON-NLS
commandLine.add("-s");
commandLine.add(softwareHiveFile); commandLine.add(softwareHiveFile);
commandLine.add("-db");
commandLine.add(tempOutFile); commandLine.add(tempOutFile);
ProcessBuilder processBuilder = new ProcessBuilder(commandLine); ProcessBuilder processBuilder = new ProcessBuilder(commandLine);
@ -253,16 +254,10 @@ final class ExtractSru extends Extract {
private String getPathForSruDumper() { private String getPathForSruDumper() {
Path path = null; Path path = null;
if (PlatformUtil.isWindowsOS()) { if (PlatformUtil.isWindowsOS()) {
if (PlatformUtil.is64BitOS()) { path = Paths.get(SRU_TOOL_FOLDER, SRU_TOOL_NAME_WINDOWS);
path = Paths.get(SRU_TOOL_FOLDER, SRU_TOOL_NAME_WINDOWS_64);
} else {
path = Paths.get(SRU_TOOL_FOLDER, SRU_TOOL_NAME_WINDOWS_32);
}
} else { } else {
if ("Linux".equals(PlatformUtil.getOSName())) { if ("Linux".equals(PlatformUtil.getOSName())) {
path = Paths.get(SRU_TOOL_FOLDER, SRU_TOOL_NAME_LINUX); path = Paths.get(SRU_TOOL_FOLDER, SRU_TOOL_NAME_LINUX);
} else {
path = Paths.get(SRU_TOOL_FOLDER, SRU_TOOL_NAME_MAC);
} }
} }
File sruToolFile = InstalledFileLocator.getDefault().locate(path.toString(), File sruToolFile = InstalledFileLocator.getDefault().locate(path.toString(),
@ -322,9 +317,11 @@ final class ExtractSru extends Extract {
private void createNetUsageArtifacts(String sruDb, AbstractFile sruAbstractFile) { private void createNetUsageArtifacts(String sruDb, AbstractFile sruAbstractFile) {
List<BlackboardArtifact> bba = new ArrayList<>(); List<BlackboardArtifact> bba = new ArrayList<>();
String sqlStatement = "SELECT STRFTIME('%s', timestamp) ExecutionTime, a.application_name, b.Application_Name formatted_application_name, User_Name, " String sqlStatement = "SELECT STRFTIME('%s', timestamp) ExecutionTime, b.application_name, b.Application_Name formatted_application_name, username User_Name, \n" +
+ " bytesSent, BytesRecvd FROM network_Usage a, SruDbIdMapTable, exe_to_app b " " bytesSent, BytesRecvd \n" +
+ " where appId = IdIndex and IdType = 0 and a.application_name = b.source_name order by ExecutionTime;"; //NON-NLS " FROM network_Usage a, SruDbIdMapTable s, exe_to_app b, userNames u\n" +
" WHERE s.idType = 0 and s.idIndex = appId and idblob = b.source_name and u.idindex = userid \n" +
" order by ExecutionTime;"; //NON-NLS
try (SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", "jdbc:sqlite:" + sruDb); //NON-NLS try (SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", "jdbc:sqlite:" + sruDb); //NON-NLS
ResultSet resultSet = tempdbconnect.executeQry(sqlStatement)) { ResultSet resultSet = tempdbconnect.executeQry(sqlStatement)) {
@ -384,9 +381,11 @@ final class ExtractSru extends Extract {
private void createAppUsageArtifacts(String sruDb, AbstractFile sruAbstractFile) { private void createAppUsageArtifacts(String sruDb, AbstractFile sruAbstractFile) {
List<BlackboardArtifact> bba = new ArrayList<>(); List<BlackboardArtifact> bba = new ArrayList<>();
String sqlStatement = "SELECT STRFTIME('%s', timestamp) ExecutionTime, a.application_name, b.Application_Name formatted_application_name, User_Name " String sqlStatement = "SELECT STRFTIME('%s', timestamp) ExecutionTime, b.Application_Name \n" +
+ " FROM Application_Resource_Usage a, SruDbIdMapTable, exe_to_app b WHERE " " formatted_application_name, username User_Name \n" +
+ " idType = 0 and idIndex = appId and a.application_name = b.source_name order by ExecutionTime;"; //NON-NLS " FROM Application_Resource_Usage a, SruDbIdMapTable s, exe_to_app b, userNames u \n" +
" WHERE s.idType = 0 and s.idIndex = appId and idblob = b.source_name and u.idindex = userid \n" +
" order by ExecutionTime;"; //NON-NLS
try (SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", "jdbc:sqlite:" + sruDb); //NON-NLS try (SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", "jdbc:sqlite:" + sruDb); //NON-NLS
ResultSet resultSet = tempdbconnect.executeQry(sqlStatement)) { ResultSet resultSet = tempdbconnect.executeQry(sqlStatement)) {
@ -398,7 +397,6 @@ final class ExtractSru extends Extract {
return; return;
} }
String applicationName = resultSet.getString("Application_Name"); //NON-NLS
String formattedApplicationName = resultSet.getString("formatted_application_name"); String formattedApplicationName = resultSet.getString("formatted_application_name");
Long executionTime = Long.valueOf(resultSet.getInt("ExecutionTime")); //NON-NLS Long executionTime = Long.valueOf(resultSet.getInt("ExecutionTime")); //NON-NLS
String userName = resultSet.getString("User_Name"); String userName = resultSet.getString("User_Name");
@ -419,7 +417,7 @@ final class ExtractSru extends Extract {
try { try {
BlackboardArtifact bbart = createArtifactWithAttributes(BlackboardArtifact.Type.TSK_PROG_RUN, sruAbstractFile, bbattributes); BlackboardArtifact bbart = createArtifactWithAttributes(BlackboardArtifact.Type.TSK_PROG_RUN, sruAbstractFile, bbattributes);
bba.add(bbart); bba.add(bbart);
BlackboardArtifact associateBbArtifact = createAssociatedArtifact(applicationName.toLowerCase(), bbart); BlackboardArtifact associateBbArtifact = createAssociatedArtifact(formattedApplicationName.toLowerCase(), bbart);
if (associateBbArtifact != null) { if (associateBbArtifact != null) {
bba.add(associateBbArtifact); bba.add(associateBbArtifact);
} }

2
Tika/nbproject/project.properties
View File

@ -64,7 +64,7 @@ file.reference.jdom2-2.0.6.1.jar=release/modules/ext/jdom2-2.0.6.1.jar
file.reference.jempbox-1.8.16.jar=release/modules/ext/jempbox-1.8.16.jar file.reference.jempbox-1.8.16.jar=release/modules/ext/jempbox-1.8.16.jar
file.reference.jhighlight-1.0.3.jar=release/modules/ext/jhighlight-1.0.3.jar file.reference.jhighlight-1.0.3.jar=release/modules/ext/jhighlight-1.0.3.jar
file.reference.jmatio-1.5.jar=release/modules/ext/jmatio-1.5.jar file.reference.jmatio-1.5.jar=release/modules/ext/jmatio-1.5.jar
file.reference.jna-5.10.0.jar=release/modules/ext/jna-5.10.0.jar file.reference.jna-5.15.0.jar=release/modules/ext/jna-5.15.0.jar
file.reference.joda-time-2.2.jar=release/modules/ext/joda-time-2.2.jar file.reference.joda-time-2.2.jar=release/modules/ext/joda-time-2.2.jar
file.reference.json-simple-1.1.1.jar=release/modules/ext/json-simple-1.1.1.jar file.reference.json-simple-1.1.1.jar=release/modules/ext/json-simple-1.1.1.jar
file.reference.jsr305-3.0.2.jar=release/modules/ext/jsr305-3.0.2.jar file.reference.jsr305-3.0.2.jar=release/modules/ext/jsr305-3.0.2.jar

4
Tika/nbproject/project.xml
View File

@ -620,8 +620,8 @@
<binary-origin>release/modules/ext/jmatio-1.5.jar</binary-origin> <binary-origin>release/modules/ext/jmatio-1.5.jar</binary-origin>
</class-path-extension> </class-path-extension>
<class-path-extension> <class-path-extension>
<runtime-relative-path>ext/jna-5.10.0.jar</runtime-relative-path> <runtime-relative-path>ext/jna-5.15.0.jar</runtime-relative-path>
<binary-origin>release/modules/ext/jna-5.10.0.jar</binary-origin> <binary-origin>release/modules/ext/jna-5.15.0.jar</binary-origin>
</class-path-extension> </class-path-extension>
<class-path-extension> <class-path-extension>
<runtime-relative-path>ext/joda-time-2.2.jar</runtime-relative-path> <runtime-relative-path>ext/joda-time-2.2.jar</runtime-relative-path>

2
docs/doxygen-dev/footer.html
View File

@ -1,5 +1,5 @@
<hr/> <hr/>
<p><i>Copyright &#169; 2012-2022 Basis Technology. Generated on $date<br/> <p><i>Copyright &#169; 2012-2024 Sleuth Kit Labs. Generated on $date<br/>
This work is licensed under a This work is licensed under a
<a rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/us/">Creative Commons Attribution-Share Alike 3.0 United States License</a>. <a rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/us/">Creative Commons Attribution-Share Alike 3.0 United States License</a>.
</i></p> </i></p>

2
docs/doxygen-user/footer.html
View File

@ -1,5 +1,5 @@
<hr/> <hr/>
<p><i>Copyright &#169; 2012-2023 BasisTech. Generated on $date<br/> <p><i>Copyright &#169; 2012-2024 Sleuth Kit Labs. Generated on $date<br/>
This work is licensed under a This work is licensed under a
<a rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/us/">Creative Commons Attribution-Share Alike 3.0 United States License</a>. <a rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/us/">Creative Commons Attribution-Share Alike 3.0 United States License</a>.
</i></p> </i></p>

2
docs/doxygen/footer.html
View File

@ -1,5 +1,5 @@
<hr/> <hr/>
<p><i>Copyright &#169; 2012-2022 Basis Technology. Generated on: $date<br/> <p><i>Copyright &#169; 2012-2024 Sleuth Kit Labs. Generated on: $date<br/>
This work is licensed under a This work is licensed under a
<a rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/us/">Creative Commons Attribution-Share Alike 3.0 United States License</a>. <a rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/us/">Creative Commons Attribution-Share Alike 3.0 United States License</a>.
</i></p> </i></p>

2
linux_macos_install_scripts/install_tsk_from_src.sh
View File

@ -34,7 +34,7 @@ if [[ -z "${SLEUTHKIT_SRC_DIR}" ]]; then
exit 1 exit 1
fi fi
if [[ ! -d $SLEUTHKIT_SRC_DIR ]]; then if [[ ! -d $SLEUTHKIT_SRC_DIR/.git ]]; then
TSK_REPO_PATH=$(dirname "$SLEUTHKIT_SRC_DIR") TSK_REPO_PATH=$(dirname "$SLEUTHKIT_SRC_DIR")
echo "Cloning Sleuthkit to $TSK_REPO_PATH..." echo "Cloning Sleuthkit to $TSK_REPO_PATH..."
mkdir -p $TSK_REPO_PATH && mkdir -p $TSK_REPO_PATH &&

BIN
thirdparty/markmckinnon/Export_Srudb_Linux vendored
View File

Binary file not shown.

BIN
thirdparty/markmckinnon/Export_srudb_macos vendored
View File

Binary file not shown.

BIN
thirdparty/markmckinnon/parse_prefetch_x64.exe → thirdparty/markmckinnon/export_srudb.exe vendored
View File

Binary file not shown.

BIN
thirdparty/markmckinnon/export_srudb_32.exe vendored
View File

Binary file not shown.

BIN
thirdparty/markmckinnon/export_srudb_64.exe vendored
View File

Binary file not shown.

BIN
thirdparty/markmckinnon/parse_prefetch.exe vendored Normal file
View File

Binary file not shown.

BIN
thirdparty/markmckinnon/parse_prefetch_linux vendored
View File

Binary file not shown.

BIN
thirdparty/markmckinnon/parse_prefetch_macos vendored
View File

Binary file not shown.

BIN
thirdparty/markmckinnon/parse_prefetch_x86.exe vendored
View File

Binary file not shown.