mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-18 02:27:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2576 from narfindustries/correlationengine_dev

Browse Source 
Update RecentActivity NBM to attach artifacts to ModuleDataEvents
This commit is contained in:
Richard Cordovano 2017-03-08 12:06:21 -05:00 committed by GitHub
commit 60b2eba2dd
7 changed files with 133 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
View File

@ -1,4 +1,4 @@
/* /*
* *
* Autopsy Forensic Browser * Autopsy Forensic Browser
* *
@ -112,6 +112,7 @@ class Chrome extends Extract {
} }
dataFound = true; dataFound = true;
Collection<BlackboardArtifact> bbartifacts = new ArrayList<>();
int j = 0; int j = 0;
while (j < historyFiles.size()) { while (j < historyFiles.size()) {
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + historyFiles.get(j).getName().toString() + j + ".db"; //NON-NLS String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + historyFiles.get(j).getName().toString() + j + ".db"; //NON-NLS
@ -155,13 +156,18 @@ class Chrome extends Extract {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
(Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "")))); //NON-NLS (Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "")))); //NON-NLS
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, historyFile, bbattributes);
BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, historyFile, bbattributes);
if (bbart != null) {
bbartifacts.add(bbart);
}
} }
dbFile.delete(); dbFile.delete();
} }
IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY, bbartifacts));
} }
/** /**
@ -185,6 +191,7 @@ class Chrome extends Extract {
} }
dataFound = true; dataFound = true;
Collection<BlackboardArtifact> bbartifacts = new ArrayList<>();
int j = 0; int j = 0;
while (j < bookmarkFiles.size()) { while (j < bookmarkFiles.size()) {
@ -289,6 +296,7 @@ class Chrome extends Extract {
// index the artifact for keyword search // index the artifact for keyword search
this.indexArtifact(bbart); this.indexArtifact(bbart);
bbartifacts.add(bbart);
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error while trying to insert Chrome bookmark artifact{0}", ex); //NON-NLS logger.log(Level.SEVERE, "Error while trying to insert Chrome bookmark artifact{0}", ex); //NON-NLS
this.addErrorMessage( this.addErrorMessage(
@ -299,7 +307,9 @@ class Chrome extends Extract {
dbFile.delete(); dbFile.delete();
} }
IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK, bbartifacts));
} }
/** /**
@ -324,6 +334,7 @@ class Chrome extends Extract {
} }
dataFound = true; dataFound = true;
Collection<BlackboardArtifact> bbartifacts = new ArrayList<>();
int j = 0; int j = 0;
while (j < cookiesFiles.size()) { while (j < cookiesFiles.size()) {
AbstractFile cookiesFile = cookiesFiles.get(j++); AbstractFile cookiesFile = cookiesFiles.get(j++);
@ -370,13 +381,19 @@ class Chrome extends Extract {
domain = domain.replaceFirst("^\\.+(?!$)", ""); domain = domain.replaceFirst("^\\.+(?!$)", "");
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), domain)); NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), domain));
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE, cookiesFile, bbattributes);
BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE, cookiesFile, bbattributes);
if (bbart != null) {
bbartifacts.add(bbart);
}
} }
dbFile.delete(); dbFile.delete();
} }
IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE)); IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE, bbartifacts));
} }
/** /**
@ -400,6 +417,7 @@ class Chrome extends Extract {
} }
dataFound = true; dataFound = true;
Collection<BlackboardArtifact> bbartifacts = new ArrayList<>();
int j = 0; int j = 0;
while (j < downloadFiles.size()) { while (j < downloadFiles.size()) {
AbstractFile downloadFile = downloadFiles.get(j++); AbstractFile downloadFile = downloadFiles.get(j++);
@ -456,14 +474,19 @@ class Chrome extends Extract {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME, bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME,
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
NbBundle.getMessage(this.getClass(), "Chrome.moduleName"))); NbBundle.getMessage(this.getClass(), "Chrome.moduleName")));
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadFile, bbattributes);
BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadFile, bbattributes);
if (bbart != null) {
bbartifacts.add(bbart);
}
} }
dbFile.delete(); dbFile.delete();
} }
IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD)); NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, bbartifacts));
} }
/** /**
@ -487,6 +510,7 @@ class Chrome extends Extract {
} }
dataFound = true; dataFound = true;
Collection<BlackboardArtifact> bbartifacts = new ArrayList<>();
int j = 0; int j = 0;
while (j < signonFiles.size()) { while (j < signonFiles.size()) {
AbstractFile signonFile = signonFiles.get(j++); AbstractFile signonFile = signonFiles.get(j++);
@ -539,8 +563,13 @@ class Chrome extends Extract {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
result.get("signon_realm").toString())); //NON-NLS result.get("signon_realm").toString())); //NON-NLS
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, signonFile, bbattributes);
BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, signonFile, bbattributes);
if (bbart != null) {
bbartifacts.add(bbart);
}
// Don't add TSK_OS_ACCOUNT artifacts to the ModuleDataEvent
Collection<BlackboardAttribute> osAcctAttributes = new ArrayList<>(); Collection<BlackboardAttribute> osAcctAttributes = new ArrayList<>();
osAcctAttributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USER_NAME, osAcctAttributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USER_NAME,
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
@ -551,7 +580,9 @@ class Chrome extends Extract {
dbFile.delete(); dbFile.delete();
} }
IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY, bbartifacts));
} }
private boolean isChromePreVersion30(String temps) { private boolean isChromePreVersion30(String temps) {

5
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Extract.java
View File

@ -86,16 +86,19 @@ abstract class Extract {
* @param bbattributes is the collection of blackboard attributes that need * @param bbattributes is the collection of blackboard attributes that need
* to be added to the artifact after the artifact has * to be added to the artifact after the artifact has
* been created * been created
* @return The newly-created artifact, or null on error
*/ */
protected void addArtifact(BlackboardArtifact.ARTIFACT_TYPE type, AbstractFile content, Collection<BlackboardAttribute> bbattributes) { protected BlackboardArtifact addArtifact(BlackboardArtifact.ARTIFACT_TYPE type, AbstractFile content, Collection<BlackboardAttribute> bbattributes) {
try { try {
BlackboardArtifact bbart = content.newArtifact(type); BlackboardArtifact bbart = content.newArtifact(type);
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
// index the artifact for keyword search // index the artifact for keyword search
this.indexArtifact(bbart); this.indexArtifact(bbart);
return bbart;
} catch (TskException ex) { } catch (TskException ex) {
logger.log(Level.SEVERE, "Error while trying to add an artifact", ex); //NON-NLS logger.log(Level.SEVERE, "Error while trying to add an artifact", ex); //NON-NLS
} }
return null;
} }
/** /**

45
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -1,4 +1,4 @@
/* /*
* *
* Autopsy Forensic Browser * Autopsy Forensic Browser
* *
@ -41,6 +41,7 @@ import java.util.logging.Level;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
import java.util.Collection; import java.util.Collection;
import java.util.Scanner; import java.util.Scanner;
import java.util.stream.Collectors;
import org.openide.modules.InstalledFileLocator; import org.openide.modules.InstalledFileLocator;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.datamodel.ContentUtils;
@ -109,6 +110,7 @@ class ExtractIE extends Extract {
} }
dataFound = true; dataFound = true;
Collection<BlackboardArtifact> bbartifacts = new ArrayList<>();
for (AbstractFile fav : favoritesFiles) { for (AbstractFile fav : favoritesFiles) {
if (fav.getSize() == 0) { if (fav.getSize() == 0) {
continue; continue;
@ -143,10 +145,15 @@ class ExtractIE extends Extract {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"ExtractIE.parentModuleName.noSpace"), domain)); "ExtractIE.parentModuleName.noSpace"), domain));
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, fav, bbattributes);
BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, fav, bbattributes);
if (bbart != null) {
bbartifacts.add(bbart);
}
} }
services.fireModuleDataEvent(new ModuleDataEvent( services.fireModuleDataEvent(new ModuleDataEvent(
NbBundle.getMessage(this.getClass(), "ExtractIE.parentModuleName"), BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); NbBundle.getMessage(this.getClass(), "ExtractIE.parentModuleName"),
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK, bbartifacts));
} }
private String getURLFromIEBookmarkFile(AbstractFile fav) { private String getURLFromIEBookmarkFile(AbstractFile fav) {
@ -205,6 +212,7 @@ class ExtractIE extends Extract {
} }
dataFound = true; dataFound = true;
Collection<BlackboardArtifact> bbartifacts = new ArrayList<>();
for (AbstractFile cookiesFile : cookiesFiles) { for (AbstractFile cookiesFile : cookiesFiles) {
if (context.dataSourceIngestIsCancelled()) { if (context.dataSourceIngestIsCancelled()) {
break; break;
@ -253,10 +261,14 @@ class ExtractIE extends Extract {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"ExtractIE.parentModuleName.noSpace"), domain)); "ExtractIE.parentModuleName.noSpace"), domain));
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE, cookiesFile, bbattributes); BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE, cookiesFile, bbattributes);
if (bbart != null) {
bbartifacts.add(bbart);
}
} }
services.fireModuleDataEvent(new ModuleDataEvent( services.fireModuleDataEvent(new ModuleDataEvent(
NbBundle.getMessage(this.getClass(), "ExtractIE.parentModuleName"), BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE)); NbBundle.getMessage(this.getClass(), "ExtractIE.parentModuleName"),
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE, bbartifacts));
} }
/** /**
@ -302,6 +314,7 @@ class ExtractIE extends Extract {
} }
dataFound = true; dataFound = true;
Collection<BlackboardArtifact> bbartifacts = new ArrayList<>();
String temps; String temps;
String indexFileName; String indexFileName;
for (AbstractFile indexFile : indexFiles) { for (AbstractFile indexFile : indexFiles) {
@ -336,7 +349,10 @@ class ExtractIE extends Extract {
//At this point pasco2 proccessed the index files. //At this point pasco2 proccessed the index files.
//Now fetch the results, parse them and the delete the files. //Now fetch the results, parse them and the delete the files.
if (bPascProcSuccess) { if (bPascProcSuccess) {
parsePascoOutput(indexFile, filename); // Don't add TSK_OS_ACCOUNT artifacts to the ModuleDataEvent
bbartifacts.addAll(parsePascoOutput(indexFile, filename).stream()
.filter(bbart -> bbart.getArtifactTypeID() == ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID())
.collect(Collectors.toList()));
foundHistory = true; foundHistory = true;
//Delete index<n>.dat file since it was succcessfully by Pasco //Delete index<n>.dat file since it was succcessfully by Pasco
@ -350,7 +366,8 @@ class ExtractIE extends Extract {
if (foundHistory) { if (foundHistory) {
services.fireModuleDataEvent(new ModuleDataEvent( services.fireModuleDataEvent(new ModuleDataEvent(
NbBundle.getMessage(this.getClass(), "ExtractIE.parentModuleName"), BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); NbBundle.getMessage(this.getClass(), "ExtractIE.parentModuleName"),
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY, bbartifacts));
} }
} }
@ -403,9 +420,12 @@ class ExtractIE extends Extract {
* @param origFile Original index.dat file that was analyzed to * @param origFile Original index.dat file that was analyzed to
* get this output * get this output
* @param pascoOutputFileName name of pasco output file * @param pascoOutputFileName name of pasco output file
*
* @return A collection of created artifacts
*/ */
private void parsePascoOutput(AbstractFile origFile, String pascoOutputFileName) { private Collection<BlackboardArtifact> parsePascoOutput(AbstractFile origFile, String pascoOutputFileName) {
Collection<BlackboardArtifact> bbartifacts = new ArrayList<>();
String fnAbs = moduleTempResultsDir + File.separator + pascoOutputFileName; String fnAbs = moduleTempResultsDir + File.separator + pascoOutputFileName;
File file = new File(fnAbs); File file = new File(fnAbs);
@ -414,13 +434,13 @@ class ExtractIE extends Extract {
NbBundle.getMessage(this.getClass(), "ExtractIE.parsePascoOutput.errMsg.notFound", this.getName(), NbBundle.getMessage(this.getClass(), "ExtractIE.parsePascoOutput.errMsg.notFound", this.getName(),
file.getName())); file.getName()));
logger.log(Level.WARNING, "Pasco Output not found: {0}", file.getPath()); //NON-NLS logger.log(Level.WARNING, "Pasco Output not found: {0}", file.getPath()); //NON-NLS
return; return bbartifacts;
} }
// Make sure the file the is not empty or the Scanner will // Make sure the file the is not empty or the Scanner will
// throw a "No Line found" Exception // throw a "No Line found" Exception
if (file.length() == 0) { if (file.length() == 0) {
return; return bbartifacts;
} }
Scanner fileScanner; Scanner fileScanner;
@ -431,7 +451,7 @@ class ExtractIE extends Extract {
NbBundle.getMessage(this.getClass(), "ExtractIE.parsePascoOutput.errMsg.errParsing", this.getName(), NbBundle.getMessage(this.getClass(), "ExtractIE.parsePascoOutput.errMsg.errParsing", this.getName(),
file.getName())); file.getName()));
logger.log(Level.WARNING, "Unable to find the Pasco file at " + file.getPath(), ex); //NON-NLS logger.log(Level.WARNING, "Unable to find the Pasco file at " + file.getPath(), ex); //NON-NLS
return; return bbartifacts;
} }
// Keep a list of reported user accounts to avoid repeats // Keep a list of reported user accounts to avoid repeats
@ -521,6 +541,7 @@ class ExtractIE extends Extract {
// index the artifact for keyword search // index the artifact for keyword search
this.indexArtifact(bbart); this.indexArtifact(bbart);
bbartifacts.add(bbart);
if ((!user.isEmpty()) && (!reportedUserAccounts.contains(user))) { if ((!user.isEmpty()) && (!reportedUserAccounts.contains(user))) {
BlackboardArtifact osAttr = origFile.newArtifact(ARTIFACT_TYPE.TSK_OS_ACCOUNT); BlackboardArtifact osAttr = origFile.newArtifact(ARTIFACT_TYPE.TSK_OS_ACCOUNT);
@ -529,6 +550,7 @@ class ExtractIE extends Extract {
// index the artifact for keyword search // index the artifact for keyword search
this.indexArtifact(osAttr); this.indexArtifact(osAttr);
bbartifacts.add(osAttr);
reportedUserAccounts.add(user); reportedUserAccounts.add(user);
} }
@ -537,5 +559,6 @@ class ExtractIE extends Extract {
} }
} }
fileScanner.close(); fileScanner.close();
return bbartifacts;
} }
} }

49
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -97,7 +97,7 @@ class Firefox extends Extract {
} }
dataFound = true; dataFound = true;
Collection<BlackboardArtifact> bbartifacts = new ArrayList<>();
int j = 0; int j = 0;
for (AbstractFile historyFile : historyFiles) { for (AbstractFile historyFile : historyFiles) {
if (historyFile.getSize() == 0) { if (historyFile.getSize() == 0) {
@ -148,14 +148,19 @@ class Firefox extends Extract {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), (Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "")))); //NON-NLS "Firefox.parentModuleName.noSpace"), (Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "")))); //NON-NLS
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, historyFile, bbattributes);
BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, historyFile, bbattributes);
if (bbart != null) {
bbartifacts.add(bbart);
}
} }
++j; ++j;
dbFile.delete(); dbFile.delete();
} }
services.fireModuleDataEvent(new ModuleDataEvent( services.fireModuleDataEvent(new ModuleDataEvent(
NbBundle.getMessage(this.getClass(), "Firefox.parentModuleName"), BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); NbBundle.getMessage(this.getClass(), "Firefox.parentModuleName"),
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY, bbartifacts));
} }
/** /**
@ -180,7 +185,7 @@ class Firefox extends Extract {
} }
dataFound = true; dataFound = true;
Collection<BlackboardArtifact> bbartifacts = new ArrayList<>();
int j = 0; int j = 0;
for (AbstractFile bookmarkFile : bookmarkFiles) { for (AbstractFile bookmarkFile : bookmarkFiles) {
if (bookmarkFile.getSize() == 0) { if (bookmarkFile.getSize() == 0) {
@ -228,15 +233,19 @@ class Firefox extends Extract {
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
(Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "")))); //NON-NLS (Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "")))); //NON-NLS
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, bookmarkFile, bbattributes);
BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, bookmarkFile, bbattributes);
if (bbart != null) {
bbartifacts.add(bbart);
}
} }
++j; ++j;
dbFile.delete(); dbFile.delete();
} }
services.fireModuleDataEvent(new ModuleDataEvent( services.fireModuleDataEvent(new ModuleDataEvent(
NbBundle.getMessage(this.getClass(), "Firefox.parentModuleName"), BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); NbBundle.getMessage(this.getClass(), "Firefox.parentModuleName"),
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK, bbartifacts));
} }
/** /**
@ -260,6 +269,7 @@ class Firefox extends Extract {
} }
dataFound = true; dataFound = true;
Collection<BlackboardArtifact> bbartifacts = new ArrayList<>();
int j = 0; int j = 0;
for (AbstractFile cookiesFile : cookiesFiles) { for (AbstractFile cookiesFile : cookiesFiles) {
if (cookiesFile.getSize() == 0) { if (cookiesFile.getSize() == 0) {
@ -326,14 +336,19 @@ class Firefox extends Extract {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), domain)); "Firefox.parentModuleName.noSpace"), domain));
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE, cookiesFile, bbattributes);
BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE, cookiesFile, bbattributes);
if (bbart != null) {
bbartifacts.add(bbart);
}
} }
++j; ++j;
dbFile.delete(); dbFile.delete();
} }
services.fireModuleDataEvent(new ModuleDataEvent( services.fireModuleDataEvent(new ModuleDataEvent(
NbBundle.getMessage(this.getClass(), "Firefox.parentModuleName"), BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE)); NbBundle.getMessage(this.getClass(), "Firefox.parentModuleName"),
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE, bbartifacts));
} }
/** /**
@ -368,6 +383,7 @@ class Firefox extends Extract {
} }
dataFound = true; dataFound = true;
Collection<BlackboardArtifact> bbartifacts = new ArrayList<>();
int j = 0; int j = 0;
for (AbstractFile downloadsFile : downloadsFiles) { for (AbstractFile downloadsFile : downloadsFiles) {
if (downloadsFile.getSize() == 0) { if (downloadsFile.getSize() == 0) {
@ -436,8 +452,11 @@ class Firefox extends Extract {
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
(Util.extractDomain((result.get("source").toString() != null) ? result.get("source").toString() : "")))); //NON-NLS (Util.extractDomain((result.get("source").toString() != null) ? result.get("source").toString() : "")))); //NON-NLS
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes);
BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes);
if (bbart != null) {
bbartifacts.add(bbart);
}
} }
if (errors > 0) { if (errors > 0) {
this.addErrorMessage( this.addErrorMessage(
@ -450,7 +469,8 @@ class Firefox extends Extract {
} }
services.fireModuleDataEvent(new ModuleDataEvent( services.fireModuleDataEvent(new ModuleDataEvent(
NbBundle.getMessage(this.getClass(), "Firefox.parentModuleName"), BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD)); NbBundle.getMessage(this.getClass(), "Firefox.parentModuleName"),
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, bbartifacts));
} }
/** /**
@ -476,6 +496,7 @@ class Firefox extends Extract {
} }
dataFound = true; dataFound = true;
Collection<BlackboardArtifact> bbartifacts = new ArrayList<>();
int j = 0; int j = 0;
for (AbstractFile downloadsFile : downloadsFiles) { for (AbstractFile downloadsFile : downloadsFiles) {
if (downloadsFile.getSize() == 0) { if (downloadsFile.getSize() == 0) {
@ -546,8 +567,11 @@ class Firefox extends Extract {
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
(Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "")))); //NON-NLS (Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "")))); //NON-NLS
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes);
BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes);
if (bbart != null) {
bbartifacts.add(bbart);
}
} }
if (errors > 0) { if (errors > 0) {
this.addErrorMessage(NbBundle.getMessage(this.getClass(), "Firefox.getDlV24.errMsg.errParsingArtifacts", this.addErrorMessage(NbBundle.getMessage(this.getClass(), "Firefox.getDlV24.errMsg.errParsingArtifacts",
@ -559,6 +583,7 @@ class Firefox extends Extract {
} }
services.fireModuleDataEvent(new ModuleDataEvent( services.fireModuleDataEvent(new ModuleDataEvent(
NbBundle.getMessage(this.getClass(), "Firefox.parentModuleName"), BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD)); NbBundle.getMessage(this.getClass(), "Firefox.parentModuleName"),
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, bbartifacts));
} }
} }

2
branding/core/core.jar/org/netbeans/core/startup/Bundle.properties
View File

@ -1,5 +1,5 @@
#Updated by build script #Updated by build script
#Mon, 30 Jan 2017 13:39:12 -0500 #Mon, 06 Mar 2017 10:02:14 -0500
LBL_splash_window_title=Starting Autopsy LBL_splash_window_title=Starting Autopsy
SPLASH_HEIGHT=314 SPLASH_HEIGHT=314
SPLASH_WIDTH=538 SPLASH_WIDTH=538

2
branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties
View File

@ -1,4 +1,4 @@
#Updated by build script #Updated by build script
#Mon, 30 Jan 2017 13:39:12 -0500 #Mon, 06 Mar 2017 10:02:14 -0500
CTL_MainWindow_Title=Autopsy 4.3.0 CTL_MainWindow_Title=Autopsy 4.3.0
CTL_MainWindow_Title_No_Project=Autopsy 4.3.0 CTL_MainWindow_Title_No_Project=Autopsy 4.3.0

2
nbproject/genfiles.properties
View File

@ -8,4 +8,4 @@ nbproject/build-impl.xml.script.CRC32=b72261eb
nbproject/build-impl.xml.stylesheet.CRC32=0f381476@2.47.1 nbproject/build-impl.xml.stylesheet.CRC32=0f381476@2.47.1
nbproject/platform.xml.data.CRC32=2e7964b0 nbproject/platform.xml.data.CRC32=2e7964b0
nbproject/platform.xml.script.CRC32=6dcbd131 nbproject/platform.xml.script.CRC32=6dcbd131
nbproject/platform.xml.stylesheet.CRC32=4e1f53d4@2.62.1 nbproject/platform.xml.stylesheet.CRC32=45ddf0e0@2.72.1