diff --git a/Core/src/org/sleuthkit/autopsy/modules/photoreccarver/PhotoRecCarverFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/photoreccarver/PhotoRecCarverFileIngestModule.java index 49edf9cc7c..04f7f42355 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/photoreccarver/PhotoRecCarverFileIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/photoreccarver/PhotoRecCarverFileIngestModule.java @@ -79,7 +79,6 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule { private static final String PHOTOREC_DIRECTORY = "photorec_exec"; //NON-NLS private static final String PHOTOREC_EXECUTABLE = "photorec_win.exe"; //NON-NLS - private static String photorec_linux_directory; private static final String PHOTOREC_LINUX_EXECUTABLE = "photorec"; private static final String PHOTOREC_RESULTS_BASE = "results"; //NON-NLS private static final String PHOTOREC_RESULTS_EXTENDED = "results.1"; //NON-NLS @@ -140,11 +139,7 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule { this.rootOutputDirPath = createModuleOutputDirectoryForCase(); //Set photorec executable directory based on operating system. - try { executableFile = locateExecutable(); - } catch (IOException ex) { - Exceptions.printStackTrace(ex); - } if (PhotoRecCarverFileIngestModule.refCounter.incrementAndGet(this.jobId) == 1) { try { @@ -442,20 +437,22 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule { * * @throws IngestModuleException */ - public static File locateExecutable() throws IngestModule.IngestModuleException, IOException { + public static File locateExecutable() throws IngestModule.IngestModuleException { File exeFile = null; Path execName = null; - + String photorec_linux_directory = "/usr/bin"; if (PlatformUtil.isWindowsOS()) { execName = Paths.get(PHOTOREC_DIRECTORY, PHOTOREC_EXECUTABLE); exeFile = InstalledFileLocator.getDefault().locate(execName.toString(), PhotoRecCarverFileIngestModule.class.getPackage().getName(), false); } else { - if (checkPhotorec("photorec", new File("/usr/bin"))) { + File usrBin = new File("/usr/bin/photorec"); + File usrLocalBin = new File("/usr/local/bin/photorec"); + if (usrBin.canExecute() && usrBin.exists() && !usrBin.isDirectory()) { photorec_linux_directory = "/usr/bin"; - }else if(checkPhotorec("photorec", new File("/usr/local/bin"))){ + }else if(usrLocalBin.canExecute() && usrLocalBin.exists() && !usrLocalBin.isDirectory()){ photorec_linux_directory = "/usr/local/bin"; }else{ - exeFile = null; + throw new IngestModule.IngestModuleException("Photorec not found"); } execName = Paths.get(photorec_linux_directory, PHOTOREC_LINUX_EXECUTABLE); exeFile = new File(execName.toString()); @@ -473,18 +470,4 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule { return exeFile; } - public static boolean checkPhotorec(String name, File file) { - File[] list = file.listFiles(); - if (list != null) { - for (File fil : list) { - if (fil.isDirectory()) { - checkPhotorec(name, fil); - } else if (name.equals(fil.getName())) { - return true; - } - } - } - return false; - } - } diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java index e963d27811..860d282d93 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java @@ -76,10 +76,13 @@ class ExtractRegistry extends Extract { final private static UsbDeviceIdMapper USB_MAPPER = new UsbDeviceIdMapper(); final private static String RIP_EXE = "rip.exe"; final private static String RIP_PL = "rip.pl"; - private static String PERL = "perl "; + private List rrCmd = new ArrayList<>(); + private List rrFullCmd= new ArrayList<>(); + ExtractRegistry() throws IngestModuleException { moduleName = NbBundle.getMessage(ExtractIE.class, "ExtractRegistry.moduleName.text"); + final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false); //NON-NLS if (rrRoot == null) { throw new IngestModuleException(Bundle.RegRipperNotFound()); @@ -98,19 +101,33 @@ class ExtractRegistry extends Extract { RR_PATH = rrHome.resolve(executableToRun).toString(); rrFullHome = rrFullRoot.toPath(); RR_FULL_PATH = rrFullHome.resolve(executableToRun).toString(); - + if (!(new File(RR_PATH).exists())) { throw new IngestModuleException(Bundle.RegRipperNotFound()); } if (!(new File(RR_FULL_PATH).exists())) { throw new IngestModuleException(Bundle.RegRipperFullNotFound()); } - - if (!PlatformUtil.isWindowsOS()) { - PERL = "/usr/bin/perl"; + if(PlatformUtil.isWindowsOS()){ + rrCmd.add(RR_PATH); + rrFullCmd.add(RR_FULL_PATH); + }else{ + String perl; + File usrBin = new File("/usr/bin/perl"); + File usrLocalBin = new File("/usr/local/bin/perl"); + if(usrBin.canExecute() && usrBin.exists() && !usrBin.isDirectory()){ + perl = "/usr/bin/perl"; + }else if(usrLocalBin.canExecute() && usrLocalBin.exists() && !usrLocalBin.isDirectory()){ + perl = "/usr/local/bin/perl"; + }else{ + throw new IngestModuleException("perl not found in your system"); + } + rrCmd.add(perl); + rrCmd.add(RR_PATH); + rrFullCmd.add(perl); + rrFullCmd.add(RR_FULL_PATH); } } - /** * Search for the registry hives on the system. */ @@ -261,7 +278,7 @@ class ExtractRegistry extends Extract { regOutputFiles.autopsyPlugins = outFilePathBase + "-autopsy.txt"; //NON-NLS String errFilePath = outFilePathBase + "-autopsy.err.txt"; //NON-NLS logger.log(Level.INFO, "Writing RegRipper results to: {0}", regOutputFiles.autopsyPlugins); //NON-NLS - executeRegRipper(RR_PATH, rrHome, regFilePath, autopsyType, regOutputFiles.autopsyPlugins, errFilePath); + executeRegRipper(rrCmd, rrHome, regFilePath, autopsyType, regOutputFiles.autopsyPlugins, errFilePath); } if (context.dataSourceIngestIsCancelled()) { return regOutputFiles; @@ -272,16 +289,17 @@ class ExtractRegistry extends Extract { regOutputFiles.fullPlugins = outFilePathBase + "-full.txt"; //NON-NLS String errFilePath = outFilePathBase + "-full.err.txt"; //NON-NLS logger.log(Level.INFO, "Writing Full RegRipper results to: {0}", regOutputFiles.fullPlugins); //NON-NLS - executeRegRipper(RR_FULL_PATH, rrFullHome, regFilePath, fullType, regOutputFiles.fullPlugins, errFilePath); + executeRegRipper(rrFullCmd, rrFullHome, regFilePath, fullType, regOutputFiles.fullPlugins, errFilePath); } return regOutputFiles; } - private void executeRegRipper(String regRipperPath, Path regRipperHomeDir, String hiveFilePath, String hiveFileType, String outputFile, String errFile) { + private void executeRegRipper(List regRipperPath, Path regRipperHomeDir, String hiveFilePath, String hiveFileType, String outputFile, String errFile) { try { List commandLine = new ArrayList<>(); - commandLine.add(PERL); - commandLine.add(regRipperPath); + for(String cmd: regRipperPath){ + commandLine.add(cmd); + } commandLine.add("-r"); //NON-NLS commandLine.add(hiveFilePath); commandLine.add("-f"); //NON-NLS diff --git a/thirdparty/rr-full/rip.pl b/thirdparty/rr-full/rip.pl index 3c5182e9c9..5cf62efcda 100644 --- a/thirdparty/rr-full/rip.pl +++ b/thirdparty/rr-full/rip.pl @@ -1,4 +1,4 @@ -#! /usr/bin/perl +#! c:\perl\bin\perl.exe #------------------------------------------------------------------------- # Rip - RegRipper, CLI version # Use this utility to run a plugins file or a single plugin against a Reg @@ -347,4 +347,4 @@ sub getTime($$) { }; $t = 0 if ($t < 0); return $t; -} +} \ No newline at end of file diff --git a/thirdparty/rr-full/rr.pl b/thirdparty/rr-full/rr.pl index 8ec83f74dc..f4e06fe824 100644 --- a/thirdparty/rr-full/rr.pl +++ b/thirdparty/rr-full/rr.pl @@ -1,4 +1,4 @@ -#! /usr/bin/perl +#! c:\perl\bin\perl.exe #----------------------------------------------------------- # Registry Ripper # Parse a Registry hive file for data pertinent to an investigation @@ -451,4 +451,4 @@ sub getTime($$) { }; $t = 0 if ($t < 0); return $t; -} +} \ No newline at end of file diff --git a/thirdparty/rr/rip.pl b/thirdparty/rr/rip.pl index 3c5182e9c9..5cf62efcda 100644 --- a/thirdparty/rr/rip.pl +++ b/thirdparty/rr/rip.pl @@ -1,4 +1,4 @@ -#! /usr/bin/perl +#! c:\perl\bin\perl.exe #------------------------------------------------------------------------- # Rip - RegRipper, CLI version # Use this utility to run a plugins file or a single plugin against a Reg @@ -347,4 +347,4 @@ sub getTime($$) { }; $t = 0 if ($t < 0); return $t; -} +} \ No newline at end of file diff --git a/thirdparty/rr/rr.pl b/thirdparty/rr/rr.pl index 1f8af1f207..f4e06fe824 100644 --- a/thirdparty/rr/rr.pl +++ b/thirdparty/rr/rr.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#! c:\perl\bin\perl.exe #----------------------------------------------------------- # Registry Ripper # Parse a Registry hive file for data pertinent to an investigation @@ -451,4 +451,4 @@ sub getTime($$) { }; $t = 0 if ($t < 0); return $t; -} +} \ No newline at end of file