mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4633 from sleuthkit/revert-4630-4841-ra-sansYYYY

Browse Source 
Revert "4841: RecentActivity not making progress on large image"
This commit is contained in:
Richard Cordovano 2019-03-21 08:32:33 -04:00 committed by GitHub
commit 5d24cec81a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 26 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties-MERGED
View File

@ -2,7 +2,6 @@ cannotBuildXmlParser=Unable to build XML parser:
cannotLoadSEUQA=Unable to load Search Engine URL Query Analyzer settings file, SEUQAMappings.xml: cannotLoadSEUQA=Unable to load Search Engine URL Query Analyzer settings file, SEUQAMappings.xml:
cannotParseXml=Unable to parse XML file: cannotParseXml=Unable to parse XML file:
ChromeCacheExtractor.moduleName=ChromeCacheExtractor ChromeCacheExtractor.moduleName=ChromeCacheExtractor
ChromeCacheExtractor.progressMsg={0}: Extracting cache entry {1} of {2} entries from {3}
DataSourceUsage_AndroidMedia=Android Media Card DataSourceUsage_AndroidMedia=Android Media Card
DataSourceUsage_FlashDrive=Flash Drive DataSourceUsage_FlashDrive=Flash Drive
# {0} - OS name # {0} - OS name
@ -135,7 +134,6 @@ Progress_Message_Analyze_Registry=Analyzing Registry Files
Progress_Message_Analyze_Usage=Data Sources Usage Analysis Progress_Message_Analyze_Usage=Data Sources Usage Analysis
Progress_Message_Chrome_AutoFill=Chrome Auto Fill Progress_Message_Chrome_AutoFill=Chrome Auto Fill
Progress_Message_Chrome_Bookmarks=Chrome Bookmarks Progress_Message_Chrome_Bookmarks=Chrome Bookmarks
Progress_Message_Chrome_Cache=Chrome Cache
Progress_Message_Chrome_Cookies=Chrome Cookies Progress_Message_Chrome_Cookies=Chrome Cookies
Progress_Message_Chrome_Downloads=Chrome Downloads Progress_Message_Chrome_Downloads=Chrome Downloads
Progress_Message_Chrome_FormHistory=Chrome Form History Progress_Message_Chrome_FormHistory=Chrome Form History

4
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
View File

@ -93,7 +93,6 @@ class Chrome extends Extract {
"Progress_Message_Chrome_FormHistory=Chrome Form History", "Progress_Message_Chrome_FormHistory=Chrome Form History",
"Progress_Message_Chrome_AutoFill=Chrome Auto Fill", "Progress_Message_Chrome_AutoFill=Chrome Auto Fill",
"Progress_Message_Chrome_Logins=Chrome Logins", "Progress_Message_Chrome_Logins=Chrome Logins",
"Progress_Message_Chrome_Cache=Chrome Cache",
}) })
Chrome() { Chrome() {
@ -124,8 +123,7 @@ class Chrome extends Extract {
progressBar.progress(Bundle.Progress_Message_Chrome_Downloads()); progressBar.progress(Bundle.Progress_Message_Chrome_Downloads());
this.getDownload(); this.getDownload();
progressBar.progress(Bundle.Progress_Message_Chrome_Cache()); ChromeCacheExtractor chromeCacheExtractor = new ChromeCacheExtractor(dataSource, context);
ChromeCacheExtractor chromeCacheExtractor = new ChromeCacheExtractor(dataSource, context, progressBar);
chromeCacheExtractor.getCaches(); chromeCacheExtractor.getCaches();
} }

71
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ChromeCacheExtractor.java
View File

@ -44,7 +44,6 @@ import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
import org.sleuthkit.autopsy.casemodule.services.FileManager; import org.sleuthkit.autopsy.casemodule.services.FileManager;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
import org.sleuthkit.autopsy.ingest.IngestJobContext; import org.sleuthkit.autopsy.ingest.IngestJobContext;
import org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException; import org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException;
import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestServices;
@ -56,6 +55,7 @@ import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.DerivedFile; import org.sleuthkit.datamodel.DerivedFile;
import org.sleuthkit.datamodel.ReadContentInputStream;
import org.sleuthkit.datamodel.TimeUtilities; import org.sleuthkit.datamodel.TimeUtilities;
import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.TskData; import org.sleuthkit.datamodel.TskData;
@ -93,17 +93,12 @@ final class ChromeCacheExtractor {
private final Content dataSource; private final Content dataSource;
private final IngestJobContext context; private final IngestJobContext context;
private final DataSourceIngestModuleProgress progressBar;
private final IngestServices services = IngestServices.getInstance(); private final IngestServices services = IngestServices.getInstance();
private Case currentCase; private Case currentCase;
private FileManager fileManager; private FileManager fileManager;
// A file table to cache copies of index and data_n files.
private final Map<String, CacheFileCopy> filesTable = new HashMap<>(); private final Map<String, CacheFileCopy> filesTable = new HashMap<>();
// A file table to cache the f_* files.
private final Map<String, AbstractFile> externalFilesTable = new HashMap<>();
/** /**
* Encapsulates abstract file for a cache file as well as a temp file copy * Encapsulates abstract file for a cache file as well as a temp file copy
* that can be accessed as a random access file. * that can be accessed as a random access file.
@ -132,14 +127,12 @@ final class ChromeCacheExtractor {
} }
@NbBundle.Messages({ @NbBundle.Messages({
"ChromeCacheExtractor.moduleName=ChromeCacheExtractor", "ChromeCacheExtractor.moduleName=ChromeCacheExtractor"
"ChromeCacheExtractor.progressMsg={0}: Extracting cache entry {1} of {2} entries from {3}"
}) })
ChromeCacheExtractor(Content dataSource, IngestJobContext context, DataSourceIngestModuleProgress progressBar ) { ChromeCacheExtractor(Content dataSource, IngestJobContext context ) {
moduleName = Bundle.ChromeCacheExtractor_moduleName(); moduleName = Bundle.ChromeCacheExtractor_moduleName();
this.dataSource = dataSource; this.dataSource = dataSource;
this.context = context; this.context = context;
this.progressBar = progressBar;
} }
@ -178,7 +171,6 @@ final class ChromeCacheExtractor {
void subInit(String cachePath) throws IngestModuleException { void subInit(String cachePath) throws IngestModuleException {
filesTable.clear(); filesTable.clear();
externalFilesTable.clear();
String cacheAbsOutputFolderName = this.getAbsOutputFolderName() + cachePath; String cacheAbsOutputFolderName = this.getAbsOutputFolderName() + cachePath;
File outDir = new File(cacheAbsOutputFolderName); File outDir = new File(cacheAbsOutputFolderName);
@ -293,9 +285,6 @@ final class ChromeCacheExtractor {
} }
} }
// find all f_* files in a single query.
findExternalFiles(cachePath);
} catch (TskCoreException | IngestModuleException ex) { } catch (TskCoreException | IngestModuleException ex) {
String msg = "Failed to find cache files in path " + cachePath; //NON-NLS String msg = "Failed to find cache files in path " + cachePath; //NON-NLS
logger.log(Level.SEVERE, msg, ex); logger.log(Level.SEVERE, msg, ex);
@ -317,10 +306,8 @@ final class ChromeCacheExtractor {
// Process each address in the table // Process each address in the table
for (int i = 0; i < indexHdr.getTableLen(); i++) { for (int i = 0; i < indexHdr.getTableLen(); i++) {
CacheAddress addr = new CacheAddress(indexFileROBuffer.getInt() & UINT32_MASK, cachePath); CacheAddress addr = new CacheAddress(indexFileROBuffer.getInt() & UINT32_MASK, cachePath);
if (addr.isInitialized()) { if (addr.isInitialized()) {
progressBar.progress( NbBundle.getMessage(this.getClass(),
"ChromeCacheExtractor.progressMsg",
moduleName, i, indexHdr.getTableLen(), cachePath) );
try { try {
List<DerivedFile> addedFiles = this.getCacheEntry(addr, sourceArtifacts, webCacheArtifacts); List<DerivedFile> addedFiles = this.getCacheEntry(addr, sourceArtifacts, webCacheArtifacts);
derivedFiles.addAll(addedFiles); derivedFiles.addAll(addedFiles);
@ -425,8 +412,11 @@ final class ChromeCacheExtractor {
moduleName, moduleName,
dataFile.get().getUniquePath())); dataFile.get().getUniquePath()));
long pathID = Util.findID(dataSource, dataFile.get().getUniquePath());
if (pathID != -1) {
webCacheArtifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID, webCacheArtifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID,
moduleName, dataFile.get().getId())); moduleName, pathID));
}
webCacheArtifacts.add(webCacheArtifact); webCacheArtifacts.add(webCacheArtifact);
} }
@ -469,9 +459,11 @@ final class ChromeCacheExtractor {
webCacheArtifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH, webCacheArtifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH,
moduleName, moduleName,
derivedFile.getUniquePath())); derivedFile.getUniquePath()));
long pathID = Util.findID(dataSource, derivedFile.getUniquePath());
if (pathID != -1) {
webCacheArtifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID, webCacheArtifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID,
moduleName, derivedFile.getId())); moduleName, pathID));
}
webCacheArtifacts.add(webCacheArtifact); webCacheArtifacts.add(webCacheArtifact);
} }
@ -493,38 +485,14 @@ final class ChromeCacheExtractor {
} }
/** /**
* Finds all the f_* files in the specified path, and fills them in the * Finds abstract file for cache file with a specified name
* effFilesTable, so that subsequent searches are fast.
*
* @param cachePath path under which to look for.
*
* @throws TskCoreException
*/
private void findExternalFiles(String cachePath) throws TskCoreException {
List<AbstractFile> effFiles = fileManager.findFiles(dataSource, "f_%", cachePath); //NON-NLS
for (AbstractFile abstractFile : effFiles ) {
this.externalFilesTable.put(cachePath + abstractFile.getName(), abstractFile);
}
}
/**
* Finds abstract file for cache file with a specified name.
* First checks in the file tables.
* *
* @param cacheFileName * @param cacheFileName
* @return Optional abstract file * @return Opt
* @throws TskCoreException * @throws TskCoreException
*/ */
Optional<AbstractFile> findCacheFile(String cacheFileName, String cachePath) throws TskCoreException { Optional<AbstractFile> findCacheFile(String cacheFileName, String cachePath) throws TskCoreException {
String fileTableKey = cachePath + cacheFileName;
if (cacheFileName.startsWith("f_") && externalFilesTable.containsKey(fileTableKey)) {
return Optional.of(externalFilesTable.get(fileTableKey));
}
if (filesTable.containsKey(fileTableKey)) {
return Optional.of(filesTable.get(fileTableKey).getAbstractFile());
}
List<AbstractFile> cacheFiles = fileManager.findFiles(dataSource, cacheFileName, cachePath); //NON-NLS List<AbstractFile> cacheFiles = fileManager.findFiles(dataSource, cacheFileName, cachePath); //NON-NLS
if (!cacheFiles.isEmpty()) { if (!cacheFiles.isEmpty()) {
for (AbstractFile abstractFile: cacheFiles ) { for (AbstractFile abstractFile: cacheFiles ) {
@ -946,10 +914,8 @@ final class ChromeCacheExtractor {
return; return;
} }
// Don't extract data from external files.
if (!address.isInExternalFile() ) {
cacheFileCopy = getCacheFileCopy(address.getFilename(), address.getCachePath()).get(); cacheFileCopy = getCacheFileCopy(address.getFilename(), address.getCachePath()).get();
if (!address.isInExternalFile() ) {
this.data = new byte [length]; this.data = new byte [length];
ByteBuffer buf = cacheFileCopy.getByteBuffer(); ByteBuffer buf = cacheFileCopy.getByteBuffer();
@ -986,8 +952,8 @@ final class ChromeCacheExtractor {
i++; i++;
} }
// http headers are terminated by 0x00 0x00 // hhtp headers are terminated by 0x00 0x00
if (i == data.length || data[i+1] == 0) { if (data[i+1] == 0) {
done = true; done = true;
} }
@ -999,12 +965,11 @@ final class ChromeCacheExtractor {
httpResponse = headerLine; httpResponse = headerLine;
} else { } else {
int nPos = headerLine.indexOf(':'); int nPos = headerLine.indexOf(':');
if (nPos > 0 ) {
String key = headerLine.substring(0, nPos); String key = headerLine.substring(0, nPos);
String val= headerLine.substring(nPos+1); String val= headerLine.substring(nPos+1);
httpHeaders.put(key.toLowerCase(), val); httpHeaders.put(key.toLowerCase(), val);
} }
}
i++; i++;
hdrNum++; hdrNum++;