modified photorec and regripper to work on linux

Core/src/org/sleuthkit/autopsy/modules/photoreccarver/PhotoRecCarverFileIngestModule.java

@@ -79,7 +79,6 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {
 
     private static final String PHOTOREC_DIRECTORY = "photorec_exec"; //NON-NLS
     private static final String PHOTOREC_EXECUTABLE = "photorec_win.exe"; //NON-NLS
-    private static String photorec_linux_directory;
     private static final String PHOTOREC_LINUX_EXECUTABLE = "photorec";
     private static final String PHOTOREC_RESULTS_BASE = "results"; //NON-NLS
     private static final String PHOTOREC_RESULTS_EXTENDED = "results.1"; //NON-NLS
@@ -140,11 +139,7 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {
         this.rootOutputDirPath = createModuleOutputDirectoryForCase();
 
         //Set photorec executable directory based on operating system.
-        try {
             executableFile = locateExecutable();
-        } catch (IOException ex) {
-            Exceptions.printStackTrace(ex);
-        }
 
         if (PhotoRecCarverFileIngestModule.refCounter.incrementAndGet(this.jobId) == 1) {
             try {
@@ -442,20 +437,22 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {
      *
      * @throws IngestModuleException
      */
-    public static File locateExecutable() throws IngestModule.IngestModuleException, IOException {
+    public static File locateExecutable() throws IngestModule.IngestModuleException {
         File exeFile = null;
         Path execName = null;
-
+        String photorec_linux_directory = "/usr/bin";
         if (PlatformUtil.isWindowsOS()) {
             execName = Paths.get(PHOTOREC_DIRECTORY, PHOTOREC_EXECUTABLE);
             exeFile = InstalledFileLocator.getDefault().locate(execName.toString(), PhotoRecCarverFileIngestModule.class.getPackage().getName(), false);
         } else {
-            if (checkPhotorec("photorec", new File("/usr/bin"))) {
+            File usrBin = new File("/usr/bin/photorec");
+            File usrLocalBin = new File("/usr/local/bin/photorec");
+            if (usrBin.canExecute() && usrBin.exists() && !usrBin.isDirectory()) {
                 photorec_linux_directory = "/usr/bin";
-            }else if(checkPhotorec("photorec", new File("/usr/local/bin"))){
+            }else if(usrLocalBin.canExecute() && usrLocalBin.exists() && !usrLocalBin.isDirectory()){
                 photorec_linux_directory = "/usr/local/bin";
             }else{
-                exeFile = null;
+                throw new IngestModule.IngestModuleException("Photorec not found");
             }
             execName = Paths.get(photorec_linux_directory, PHOTOREC_LINUX_EXECUTABLE);
             exeFile = new File(execName.toString());
@@ -473,18 +470,4 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {
         return exeFile;
     }
 
-    public static boolean checkPhotorec(String name, File file) {
-        File[] list = file.listFiles();
-        if (list != null) {
-            for (File fil : list) {
-                if (fil.isDirectory()) {
-                    checkPhotorec(name, fil);
-                } else if (name.equals(fil.getName())) {
-                    return true;
-                }
-            }
-        }
-        return false;
-    }
-
 }

RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java

@@ -76,10 +76,13 @@ class ExtractRegistry extends Extract {
     final private static UsbDeviceIdMapper USB_MAPPER = new UsbDeviceIdMapper();
     final private static String RIP_EXE = "rip.exe";
     final private static String RIP_PL = "rip.pl";
-    private static String PERL = "perl ";
+    private List<String> rrCmd = new ArrayList<>();
+    private List<String> rrFullCmd= new ArrayList<>();
+    
 
     ExtractRegistry() throws IngestModuleException {
         moduleName = NbBundle.getMessage(ExtractIE.class, "ExtractRegistry.moduleName.text");
+        
         final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false); //NON-NLS
         if (rrRoot == null) {
             throw new IngestModuleException(Bundle.RegRipperNotFound());
@@ -105,12 +108,26 @@ class ExtractRegistry extends Extract {
         if (!(new File(RR_FULL_PATH).exists())) {
             throw new IngestModuleException(Bundle.RegRipperFullNotFound());
         }
-
+        if(PlatformUtil.isWindowsOS()){
-        if (!PlatformUtil.isWindowsOS()) {
+            rrCmd.add(RR_PATH);
-            PERL = "/usr/bin/perl";
+            rrFullCmd.add(RR_FULL_PATH);
+        }else{
+            String perl;
+            File usrBin = new File("/usr/bin/perl");
+            File usrLocalBin = new File("/usr/local/bin/perl");
+            if(usrBin.canExecute() && usrBin.exists() && !usrBin.isDirectory()){
+                perl = "/usr/bin/perl";
+            }else if(usrLocalBin.canExecute() && usrLocalBin.exists() && !usrLocalBin.isDirectory()){
+                perl = "/usr/local/bin/perl";
+            }else{
+                throw new IngestModuleException("perl not found in your system");
+            }
+            rrCmd.add(perl);
+            rrCmd.add(RR_PATH);
+            rrFullCmd.add(perl);
+            rrFullCmd.add(RR_FULL_PATH);
         }
     }
-
     /**
      * Search for the registry hives on the system.
      */
@@ -261,7 +278,7 @@ class ExtractRegistry extends Extract {
             regOutputFiles.autopsyPlugins = outFilePathBase + "-autopsy.txt"; //NON-NLS
             String errFilePath = outFilePathBase + "-autopsy.err.txt"; //NON-NLS
             logger.log(Level.INFO, "Writing RegRipper results to: {0}", regOutputFiles.autopsyPlugins); //NON-NLS
-            executeRegRipper(RR_PATH, rrHome, regFilePath, autopsyType, regOutputFiles.autopsyPlugins, errFilePath);
+            executeRegRipper(rrCmd, rrHome, regFilePath, autopsyType, regOutputFiles.autopsyPlugins, errFilePath);
         }
         if (context.dataSourceIngestIsCancelled()) {
             return regOutputFiles;
@@ -272,16 +289,17 @@ class ExtractRegistry extends Extract {
             regOutputFiles.fullPlugins = outFilePathBase + "-full.txt"; //NON-NLS
             String errFilePath = outFilePathBase + "-full.err.txt"; //NON-NLS
             logger.log(Level.INFO, "Writing Full RegRipper results to: {0}", regOutputFiles.fullPlugins); //NON-NLS
-            executeRegRipper(RR_FULL_PATH, rrFullHome, regFilePath, fullType, regOutputFiles.fullPlugins, errFilePath);
+            executeRegRipper(rrFullCmd, rrFullHome, regFilePath, fullType, regOutputFiles.fullPlugins, errFilePath);
         }
         return regOutputFiles;
     }
 
-    private void executeRegRipper(String regRipperPath, Path regRipperHomeDir, String hiveFilePath, String hiveFileType, String outputFile, String errFile) {
+    private void executeRegRipper(List<String> regRipperPath, Path regRipperHomeDir, String hiveFilePath, String hiveFileType, String outputFile, String errFile) {
         try {
             List<String> commandLine = new ArrayList<>();
-            commandLine.add(PERL);
+            for(String cmd: regRipperPath){
-            commandLine.add(regRipperPath);
+                commandLine.add(cmd);
+            }
             commandLine.add("-r"); //NON-NLS
             commandLine.add(hiveFilePath);
             commandLine.add("-f"); //NON-NLS

thirdparty/rr-full/rip.pl

@@ -1,4 +1,4 @@
-#! /usr/bin/perl
+#! c:\perl\bin\perl.exe
 #-------------------------------------------------------------------------
 # Rip - RegRipper, CLI version
 # Use this utility to run a plugins file or a single plugin against a Reg

thirdparty/rr-full/rr.pl

@@ -1,4 +1,4 @@
-#! /usr/bin/perl
+#! c:\perl\bin\perl.exe
 #-----------------------------------------------------------
 # Registry Ripper
 # Parse a Registry hive file for data pertinent to an investigation

thirdparty/rr/rip.pl

@@ -1,4 +1,4 @@
-#! /usr/bin/perl
+#! c:\perl\bin\perl.exe
 #-------------------------------------------------------------------------
 # Rip - RegRipper, CLI version
 # Use this utility to run a plugins file or a single plugin against a Reg

thirdparty/rr/rr.pl

@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#! c:\perl\bin\perl.exe
 #-----------------------------------------------------------
 # Registry Ripper
 # Parse a Registry hive file for data pertinent to an investigation