mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-15 09:17:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

First cut at exporting CASE/UCO data for every file

Browse Source
This commit is contained in:
Eugene Livis 2018-11-05 14:56:52 -05:00
parent a7619c1df1
commit 60b83382a6
1 changed files with 37 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
View File

@ -34,10 +34,13 @@ import com.fasterxml.jackson.core.util.DefaultIndenter;
import com.fasterxml.jackson.core.util.DefaultPrettyPrinter; import com.fasterxml.jackson.core.util.DefaultPrettyPrinter;
import java.sql.ResultSet; import java.sql.ResultSet;
import java.sql.SQLException; import java.sql.SQLException;
import java.util.SimpleTimeZone;
import java.util.TimeZone;
import org.openide.util.NbBundle; import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.autopsy.ingest.IngestManager; import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus; import org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus;
import org.sleuthkit.datamodel.*; import org.sleuthkit.datamodel.*;
@ -104,6 +107,7 @@ class ReportCaseUco implements GeneralReportModule {
// Run query to get all files // Run query to get all files
JsonGenerator jsonGenerator = null; JsonGenerator jsonGenerator = null;
SimpleTimeZone timeZone = new SimpleTimeZone(0, "GMT");
try { try {
jsonGenerator = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8); jsonGenerator = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8);
// instert \n after each field for more readable formatting // instert \n after each field for more readable formatting
@ -111,8 +115,7 @@ class ReportCaseUco implements GeneralReportModule {
progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.querying")); progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.querying"));
// exclude non-fs files/dirs and . and .. files // exclude non-fs files/dirs and . and .. files
final String query = "select obj_id, name, size, ctime, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where type = " + TskData.TSK_DB_FILES_TYPE_ENUM.FS.getFileType() //NON-NLS final String query = "select obj_id, name, size, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where name != '.' AND name != '..'"; //NON-NLS
+ " AND name != '.' AND name != '..'"; //NON-NLS
progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.loading")); progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.loading"));
@ -137,18 +140,17 @@ class ReportCaseUco implements GeneralReportModule {
} }
Long objectId = resultSet.getLong(1); Long objectId = resultSet.getLong(1);
String dataSourceName = resultSet.getString(2); String fileName = resultSet.getString(2);
long size = resultSet.getLong("size"); long size = resultSet.getLong("size");
long ctime = resultSet.getLong("ctime"); String crtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("crtime"), timeZone);
long crtime = resultSet.getLong("crtime"); String atime = ContentUtils.getStringTimeISO8601(resultSet.getLong("atime"), timeZone);
long atime = resultSet.getLong("atime"); String mtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("mtime"), timeZone);
long mtime = resultSet.getLong("mtime");
String md5Hash = resultSet.getString("md5"); String md5Hash = resultSet.getString("md5");
String parent_path = resultSet.getString("parent_path"); String parent_path = resultSet.getString("parent_path");
String mime_type = resultSet.getString("mime_type"); String mime_type = resultSet.getString("mime_type");
String extension = resultSet.getString("extension"); String extension = resultSet.getString("extension");
addFile(objectId, dataSourceName, parent_path, md5Hash, mime_type, jsonGenerator); addFile(objectId, fileName, parent_path, md5Hash, mime_type, size, crtime, atime, mtime, extension, jsonGenerator);
/* ELTODO if (count++ == 100) { /* ELTODO if (count++ == 100) {
progressPanel.increment(); progressPanel.increment();
@ -178,18 +180,42 @@ class ReportCaseUco implements GeneralReportModule {
} }
} }
private void addFile(Long objectId, String dataSourceName, String parent_path, String md5Hash, String mime_type, JsonGenerator catalog) throws IOException { private void addFile(Long objectId, String fileName, String parent_path, String md5Hash, String mime_type, long size, String ctime,
String atime, String mtime, String extension, JsonGenerator catalog) throws IOException {
catalog.writeStartObject(); catalog.writeStartObject();
catalog.writeStringField("@id", "file-"+objectId); catalog.writeStringField("@id", "file-"+objectId);
catalog.writeStringField("@type", "Trace"); catalog.writeStringField("@type", "Trace");
catalog.writeFieldName("propertyBundle"); catalog.writeFieldName("propertyBundle");
catalog.writeStartArray(); catalog.writeStartArray();
catalog.writeStartObject(); catalog.writeStartObject();
catalog.writeStringField("@type", "File"); catalog.writeStringField("@type", "File");
catalog.writeStringField("fileName", dataSourceName); catalog.writeStringField("createdTime", ctime);
catalog.writeStringField("accessedTime", atime);
catalog.writeStringField("modifiedTime", mtime);
catalog.writeStringField("extension", extension);
catalog.writeStringField("fileName", fileName);
catalog.writeStringField("filePath", parent_path); catalog.writeStringField("filePath", parent_path);
catalog.writeStringField("sizeInBytes", Long.toString(size));
catalog.writeEndObject(); catalog.writeEndObject();
catalog.writeStartObject();
catalog.writeStringField("@type", "ContentData");
catalog.writeStringField("sizeInBytes", Long.toString(size));
catalog.writeStringField("mimeType", mime_type);
catalog.writeFieldName("hash");
catalog.writeStartArray();
catalog.writeStartObject();
catalog.writeStringField("@type", "Hash");
catalog.writeStringField("hashMethod", "SHA256");
catalog.writeStringField("hashValue", md5Hash);
catalog.writeEndObject();
catalog.writeEndArray();
catalog.writeEndObject();
catalog.writeEndArray(); catalog.writeEndArray();
catalog.writeEndObject(); catalog.writeEndObject();
} }