mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

modified photorec and regripper to work on linux

Browse Source
This commit is contained in:
rishwanth 2018-02-12 08:54:43 -05:00
parent 4718cf7c28
commit 683f0b7430
6 changed files with 44 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
Core/src/org/sleuthkit/autopsy/modules/photoreccarver/PhotoRecCarverFileIngestModule.java
View File

@ -79,7 +79,6 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {
private static final String PHOTOREC_DIRECTORY = "photorec_exec"; //NON-NLS private static final String PHOTOREC_DIRECTORY = "photorec_exec"; //NON-NLS
private static final String PHOTOREC_EXECUTABLE = "photorec_win.exe"; //NON-NLS private static final String PHOTOREC_EXECUTABLE = "photorec_win.exe"; //NON-NLS
private static String photorec_linux_directory;
private static final String PHOTOREC_LINUX_EXECUTABLE = "photorec"; private static final String PHOTOREC_LINUX_EXECUTABLE = "photorec";
private static final String PHOTOREC_RESULTS_BASE = "results"; //NON-NLS private static final String PHOTOREC_RESULTS_BASE = "results"; //NON-NLS
private static final String PHOTOREC_RESULTS_EXTENDED = "results.1"; //NON-NLS private static final String PHOTOREC_RESULTS_EXTENDED = "results.1"; //NON-NLS
@ -140,11 +139,7 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {
this.rootOutputDirPath = createModuleOutputDirectoryForCase(); this.rootOutputDirPath = createModuleOutputDirectoryForCase();
//Set photorec executable directory based on operating system. //Set photorec executable directory based on operating system.
try {
executableFile = locateExecutable(); executableFile = locateExecutable();
} catch (IOException ex) {
Exceptions.printStackTrace(ex);
}
if (PhotoRecCarverFileIngestModule.refCounter.incrementAndGet(this.jobId) == 1) { if (PhotoRecCarverFileIngestModule.refCounter.incrementAndGet(this.jobId) == 1) {
try { try {
@ -442,20 +437,22 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {
* *
* @throws IngestModuleException * @throws IngestModuleException
*/ */
public static File locateExecutable() throws IngestModule.IngestModuleException, IOException { public static File locateExecutable() throws IngestModule.IngestModuleException {
File exeFile = null; File exeFile = null;
Path execName = null; Path execName = null;
String photorec_linux_directory = "/usr/bin";
if (PlatformUtil.isWindowsOS()) { if (PlatformUtil.isWindowsOS()) {
execName = Paths.get(PHOTOREC_DIRECTORY, PHOTOREC_EXECUTABLE); execName = Paths.get(PHOTOREC_DIRECTORY, PHOTOREC_EXECUTABLE);
exeFile = InstalledFileLocator.getDefault().locate(execName.toString(), PhotoRecCarverFileIngestModule.class.getPackage().getName(), false); exeFile = InstalledFileLocator.getDefault().locate(execName.toString(), PhotoRecCarverFileIngestModule.class.getPackage().getName(), false);
} else { } else {
if (checkPhotorec("photorec", new File("/usr/bin"))) { File usrBin = new File("/usr/bin/photorec");
File usrLocalBin = new File("/usr/local/bin/photorec");
if (usrBin.canExecute() && usrBin.exists() && !usrBin.isDirectory()) {
photorec_linux_directory = "/usr/bin"; photorec_linux_directory = "/usr/bin";
}else if(checkPhotorec("photorec", new File("/usr/local/bin"))){ }else if(usrLocalBin.canExecute() && usrLocalBin.exists() && !usrLocalBin.isDirectory()){
photorec_linux_directory = "/usr/local/bin"; photorec_linux_directory = "/usr/local/bin";
}else{ }else{
exeFile = null; throw new IngestModule.IngestModuleException("Photorec not found");
} }
execName = Paths.get(photorec_linux_directory, PHOTOREC_LINUX_EXECUTABLE); execName = Paths.get(photorec_linux_directory, PHOTOREC_LINUX_EXECUTABLE);
exeFile = new File(execName.toString()); exeFile = new File(execName.toString());
@ -473,18 +470,4 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {
return exeFile; return exeFile;
} }
public static boolean checkPhotorec(String name, File file) {
File[] list = file.listFiles();
if (list != null) {
for (File fil : list) {
if (fil.isDirectory()) {
checkPhotorec(name, fil);
} else if (name.equals(fil.getName())) {
return true;
}
}
}
return false;
}
} }

40
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -76,10 +76,13 @@ class ExtractRegistry extends Extract {
final private static UsbDeviceIdMapper USB_MAPPER = new UsbDeviceIdMapper(); final private static UsbDeviceIdMapper USB_MAPPER = new UsbDeviceIdMapper();
final private static String RIP_EXE = "rip.exe"; final private static String RIP_EXE = "rip.exe";
final private static String RIP_PL = "rip.pl"; final private static String RIP_PL = "rip.pl";
private static String PERL = "perl "; private List<String> rrCmd = new ArrayList<>();
private List<String> rrFullCmd= new ArrayList<>();
ExtractRegistry() throws IngestModuleException { ExtractRegistry() throws IngestModuleException {
moduleName = NbBundle.getMessage(ExtractIE.class, "ExtractRegistry.moduleName.text"); moduleName = NbBundle.getMessage(ExtractIE.class, "ExtractRegistry.moduleName.text");
final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false); //NON-NLS final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false); //NON-NLS
if (rrRoot == null) { if (rrRoot == null) {
throw new IngestModuleException(Bundle.RegRipperNotFound()); throw new IngestModuleException(Bundle.RegRipperNotFound());
@ -98,19 +101,33 @@ class ExtractRegistry extends Extract {
RR_PATH = rrHome.resolve(executableToRun).toString(); RR_PATH = rrHome.resolve(executableToRun).toString();
rrFullHome = rrFullRoot.toPath(); rrFullHome = rrFullRoot.toPath();
RR_FULL_PATH = rrFullHome.resolve(executableToRun).toString(); RR_FULL_PATH = rrFullHome.resolve(executableToRun).toString();
if (!(new File(RR_PATH).exists())) { if (!(new File(RR_PATH).exists())) {
throw new IngestModuleException(Bundle.RegRipperNotFound()); throw new IngestModuleException(Bundle.RegRipperNotFound());
} }
if (!(new File(RR_FULL_PATH).exists())) { if (!(new File(RR_FULL_PATH).exists())) {
throw new IngestModuleException(Bundle.RegRipperFullNotFound()); throw new IngestModuleException(Bundle.RegRipperFullNotFound());
} }
if(PlatformUtil.isWindowsOS()){
if (!PlatformUtil.isWindowsOS()) { rrCmd.add(RR_PATH);
PERL = "/usr/bin/perl"; rrFullCmd.add(RR_FULL_PATH);
}else{
String perl;
File usrBin = new File("/usr/bin/perl");
File usrLocalBin = new File("/usr/local/bin/perl");
if(usrBin.canExecute() && usrBin.exists() && !usrBin.isDirectory()){
perl = "/usr/bin/perl";
}else if(usrLocalBin.canExecute() && usrLocalBin.exists() && !usrLocalBin.isDirectory()){
perl = "/usr/local/bin/perl";
}else{
throw new IngestModuleException("perl not found in your system");
}
rrCmd.add(perl);
rrCmd.add(RR_PATH);
rrFullCmd.add(perl);
rrFullCmd.add(RR_FULL_PATH);
} }
} }
/** /**
* Search for the registry hives on the system. * Search for the registry hives on the system.
*/ */
@ -261,7 +278,7 @@ class ExtractRegistry extends Extract {
regOutputFiles.autopsyPlugins = outFilePathBase + "-autopsy.txt"; //NON-NLS regOutputFiles.autopsyPlugins = outFilePathBase + "-autopsy.txt"; //NON-NLS
String errFilePath = outFilePathBase + "-autopsy.err.txt"; //NON-NLS String errFilePath = outFilePathBase + "-autopsy.err.txt"; //NON-NLS
logger.log(Level.INFO, "Writing RegRipper results to: {0}", regOutputFiles.autopsyPlugins); //NON-NLS logger.log(Level.INFO, "Writing RegRipper results to: {0}", regOutputFiles.autopsyPlugins); //NON-NLS
executeRegRipper(RR_PATH, rrHome, regFilePath, autopsyType, regOutputFiles.autopsyPlugins, errFilePath); executeRegRipper(rrCmd, rrHome, regFilePath, autopsyType, regOutputFiles.autopsyPlugins, errFilePath);
} }
if (context.dataSourceIngestIsCancelled()) { if (context.dataSourceIngestIsCancelled()) {
return regOutputFiles; return regOutputFiles;
@ -272,16 +289,17 @@ class ExtractRegistry extends Extract {
regOutputFiles.fullPlugins = outFilePathBase + "-full.txt"; //NON-NLS regOutputFiles.fullPlugins = outFilePathBase + "-full.txt"; //NON-NLS
String errFilePath = outFilePathBase + "-full.err.txt"; //NON-NLS String errFilePath = outFilePathBase + "-full.err.txt"; //NON-NLS
logger.log(Level.INFO, "Writing Full RegRipper results to: {0}", regOutputFiles.fullPlugins); //NON-NLS logger.log(Level.INFO, "Writing Full RegRipper results to: {0}", regOutputFiles.fullPlugins); //NON-NLS
executeRegRipper(RR_FULL_PATH, rrFullHome, regFilePath, fullType, regOutputFiles.fullPlugins, errFilePath); executeRegRipper(rrFullCmd, rrFullHome, regFilePath, fullType, regOutputFiles.fullPlugins, errFilePath);
} }
return regOutputFiles; return regOutputFiles;
} }
private void executeRegRipper(String regRipperPath, Path regRipperHomeDir, String hiveFilePath, String hiveFileType, String outputFile, String errFile) { private void executeRegRipper(List<String> regRipperPath, Path regRipperHomeDir, String hiveFilePath, String hiveFileType, String outputFile, String errFile) {
try { try {
List<String> commandLine = new ArrayList<>(); List<String> commandLine = new ArrayList<>();
commandLine.add(PERL); for(String cmd: regRipperPath){
commandLine.add(regRipperPath); commandLine.add(cmd);
}
commandLine.add("-r"); //NON-NLS commandLine.add("-r"); //NON-NLS
commandLine.add(hiveFilePath); commandLine.add(hiveFilePath);
commandLine.add("-f"); //NON-NLS commandLine.add("-f"); //NON-NLS

4
thirdparty/rr-full/rip.pl vendored
View File

@ -1,4 +1,4 @@
#! /usr/bin/perl #! c:\perl\bin\perl.exe
#------------------------------------------------------------------------- #-------------------------------------------------------------------------
# Rip - RegRipper, CLI version # Rip - RegRipper, CLI version
# Use this utility to run a plugins file or a single plugin against a Reg # Use this utility to run a plugins file or a single plugin against a Reg
@ -347,4 +347,4 @@ sub getTime($$) {
}; };
$t = 0 if ($t < 0); $t = 0 if ($t < 0);
return $t; return $t;
} }

4
thirdparty/rr-full/rr.pl vendored
View File

@ -1,4 +1,4 @@
#! /usr/bin/perl #! c:\perl\bin\perl.exe
#----------------------------------------------------------- #-----------------------------------------------------------
# Registry Ripper # Registry Ripper
# Parse a Registry hive file for data pertinent to an investigation # Parse a Registry hive file for data pertinent to an investigation
@ -451,4 +451,4 @@ sub getTime($$) {
}; };
$t = 0 if ($t < 0); $t = 0 if ($t < 0);
return $t; return $t;
} }

4
thirdparty/rr/rip.pl vendored
View File

@ -1,4 +1,4 @@
#! /usr/bin/perl #! c:\perl\bin\perl.exe
#------------------------------------------------------------------------- #-------------------------------------------------------------------------
# Rip - RegRipper, CLI version # Rip - RegRipper, CLI version
# Use this utility to run a plugins file or a single plugin against a Reg # Use this utility to run a plugins file or a single plugin against a Reg
@ -347,4 +347,4 @@ sub getTime($$) {
}; };
$t = 0 if ($t < 0); $t = 0 if ($t < 0);
return $t; return $t;
} }

4
thirdparty/rr/rr.pl vendored
View File

@ -1,4 +1,4 @@
#!/usr/bin/perl #! c:\perl\bin\perl.exe
#----------------------------------------------------------- #-----------------------------------------------------------
# Registry Ripper # Registry Ripper
# Parse a Registry hive file for data pertinent to an investigation # Parse a Registry hive file for data pertinent to an investigation
@ -451,4 +451,4 @@ sub getTime($$) {
}; };
$t = 0 if ($t < 0); $t = 0 if ($t < 0);
return $t; return $t;
} }