modified photorec and regripper to work on linux

2025-07-06 21:00:22 +00:00 · 2018-02-12 08:54:43 -05:00 · 2018-02-12 08:54:43 -05:00 · 683f0b7430
commit 683f0b7430
parent 4718cf7c28
6 changed files with 44 additions and 43 deletions
--- a/Core/src/org/sleuthkit/autopsy/modules/photoreccarver/PhotoRecCarverFileIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/photoreccarver/PhotoRecCarverFileIngestModule.java
@ -79,7 +79,6 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {

    private static final String PHOTOREC_DIRECTORY = "photorec_exec"; //NON-NLS
    private static final String PHOTOREC_EXECUTABLE = "photorec_win.exe"; //NON-NLS
-    private static String photorec_linux_directory;
    private static final String PHOTOREC_LINUX_EXECUTABLE = "photorec";
    private static final String PHOTOREC_RESULTS_BASE = "results"; //NON-NLS
    private static final String PHOTOREC_RESULTS_EXTENDED = "results.1"; //NON-NLS
@ -140,11 +139,7 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {
        this.rootOutputDirPath = createModuleOutputDirectoryForCase();

        //Set photorec executable directory based on operating system.
-        try {
            executableFile = locateExecutable();
-        } catch (IOException ex) {
-            Exceptions.printStackTrace(ex);
-        }

        if (PhotoRecCarverFileIngestModule.refCounter.incrementAndGet(this.jobId) == 1) {
            try {
@ -442,20 +437,22 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {
     *
     * @throws IngestModuleException
     */
-    public static File locateExecutable() throws IngestModule.IngestModuleException, IOException {
+    public static File locateExecutable() throws IngestModule.IngestModuleException {
        File exeFile = null;
        Path execName = null;
-
+        String photorec_linux_directory = "/usr/bin";
        if (PlatformUtil.isWindowsOS()) {
            execName = Paths.get(PHOTOREC_DIRECTORY, PHOTOREC_EXECUTABLE);
            exeFile = InstalledFileLocator.getDefault().locate(execName.toString(), PhotoRecCarverFileIngestModule.class.getPackage().getName(), false);
        } else {
-            if (checkPhotorec("photorec", new File("/usr/bin"))) {
+            File usrBin = new File("/usr/bin/photorec");
+            File usrLocalBin = new File("/usr/local/bin/photorec");
+            if (usrBin.canExecute() && usrBin.exists() && !usrBin.isDirectory()) {
                photorec_linux_directory = "/usr/bin";
-            }else if(checkPhotorec("photorec", new File("/usr/local/bin"))){
+            }else if(usrLocalBin.canExecute() && usrLocalBin.exists() && !usrLocalBin.isDirectory()){
                photorec_linux_directory = "/usr/local/bin";
            }else{
-                exeFile = null;
+                throw new IngestModule.IngestModuleException("Photorec not found");
            }
            execName = Paths.get(photorec_linux_directory, PHOTOREC_LINUX_EXECUTABLE);
            exeFile = new File(execName.toString());
@ -473,18 +470,4 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {
        return exeFile;
    }

-    public static boolean checkPhotorec(String name, File file) {
-        File[] list = file.listFiles();
-        if (list != null) {
-            for (File fil : list) {
-                if (fil.isDirectory()) {
-                    checkPhotorec(name, fil);
-                } else if (name.equals(fil.getName())) {
-                    return true;
-                }
-            }
-        }
-        return false;
-    }
-
 }
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
@ -76,10 +76,13 @@ class ExtractRegistry extends Extract {
    final private static UsbDeviceIdMapper USB_MAPPER = new UsbDeviceIdMapper();
    final private static String RIP_EXE = "rip.exe";
    final private static String RIP_PL = "rip.pl";
-    private static String PERL = "perl ";
+    private List<String> rrCmd = new ArrayList<>();
+    private List<String> rrFullCmd= new ArrayList<>();
+    

    ExtractRegistry() throws IngestModuleException {
        moduleName = NbBundle.getMessage(ExtractIE.class, "ExtractRegistry.moduleName.text");
+        
        final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false); //NON-NLS
        if (rrRoot == null) {
            throw new IngestModuleException(Bundle.RegRipperNotFound());
@ -98,19 +101,33 @@ class ExtractRegistry extends Extract {
        RR_PATH = rrHome.resolve(executableToRun).toString();
        rrFullHome = rrFullRoot.toPath();
        RR_FULL_PATH = rrFullHome.resolve(executableToRun).toString();
-
+        
        if (!(new File(RR_PATH).exists())) {
            throw new IngestModuleException(Bundle.RegRipperNotFound());
        }
        if (!(new File(RR_FULL_PATH).exists())) {
            throw new IngestModuleException(Bundle.RegRipperFullNotFound());
        }
-
-        if (!PlatformUtil.isWindowsOS()) {
-            PERL = "/usr/bin/perl";
+        if(PlatformUtil.isWindowsOS()){
+            rrCmd.add(RR_PATH);
+            rrFullCmd.add(RR_FULL_PATH);
+        }else{
+            String perl;
+            File usrBin = new File("/usr/bin/perl");
+            File usrLocalBin = new File("/usr/local/bin/perl");
+            if(usrBin.canExecute() && usrBin.exists() && !usrBin.isDirectory()){
+                perl = "/usr/bin/perl";
+            }else if(usrLocalBin.canExecute() && usrLocalBin.exists() && !usrLocalBin.isDirectory()){
+                perl = "/usr/local/bin/perl";
+            }else{
+                throw new IngestModuleException("perl not found in your system");
+            }
+            rrCmd.add(perl);
+            rrCmd.add(RR_PATH);
+            rrFullCmd.add(perl);
+            rrFullCmd.add(RR_FULL_PATH);
        }
    }
-
    /**
     * Search for the registry hives on the system.
     */
@ -261,7 +278,7 @@ class ExtractRegistry extends Extract {
            regOutputFiles.autopsyPlugins = outFilePathBase + "-autopsy.txt"; //NON-NLS
            String errFilePath = outFilePathBase + "-autopsy.err.txt"; //NON-NLS
            logger.log(Level.INFO, "Writing RegRipper results to: {0}", regOutputFiles.autopsyPlugins); //NON-NLS
-            executeRegRipper(RR_PATH, rrHome, regFilePath, autopsyType, regOutputFiles.autopsyPlugins, errFilePath);
+            executeRegRipper(rrCmd, rrHome, regFilePath, autopsyType, regOutputFiles.autopsyPlugins, errFilePath);
        }
        if (context.dataSourceIngestIsCancelled()) {
            return regOutputFiles;
@ -272,16 +289,17 @@ class ExtractRegistry extends Extract {
            regOutputFiles.fullPlugins = outFilePathBase + "-full.txt"; //NON-NLS
            String errFilePath = outFilePathBase + "-full.err.txt"; //NON-NLS
            logger.log(Level.INFO, "Writing Full RegRipper results to: {0}", regOutputFiles.fullPlugins); //NON-NLS
-            executeRegRipper(RR_FULL_PATH, rrFullHome, regFilePath, fullType, regOutputFiles.fullPlugins, errFilePath);
+            executeRegRipper(rrFullCmd, rrFullHome, regFilePath, fullType, regOutputFiles.fullPlugins, errFilePath);
        }
        return regOutputFiles;
    }

-    private void executeRegRipper(String regRipperPath, Path regRipperHomeDir, String hiveFilePath, String hiveFileType, String outputFile, String errFile) {
+    private void executeRegRipper(List<String> regRipperPath, Path regRipperHomeDir, String hiveFilePath, String hiveFileType, String outputFile, String errFile) {
        try {
            List<String> commandLine = new ArrayList<>();
-            commandLine.add(PERL);
-            commandLine.add(regRipperPath);
+            for(String cmd: regRipperPath){
+                commandLine.add(cmd);
+            }
            commandLine.add("-r"); //NON-NLS
            commandLine.add(hiveFilePath);
            commandLine.add("-f"); //NON-NLS
--- a/thirdparty/rr-full/rip.pl
+++ b/thirdparty/rr-full/rip.pl
@ -1,4 +1,4 @@
-#! /usr/bin/perl
+#! c:\perl\bin\perl.exe
 #-------------------------------------------------------------------------
 # Rip - RegRipper, CLI version
 # Use this utility to run a plugins file or a single plugin against a Reg
@ -347,4 +347,4 @@ sub getTime($$) {
 	};
 	$t = 0 if ($t < 0);
 	return $t;
-}
+}
--- a/thirdparty/rr-full/rr.pl
+++ b/thirdparty/rr-full/rr.pl
@ -1,4 +1,4 @@
-#! /usr/bin/perl
+#! c:\perl\bin\perl.exe
 #-----------------------------------------------------------
 # Registry Ripper
 # Parse a Registry hive file for data pertinent to an investigation
@ -451,4 +451,4 @@ sub getTime($$) {
 	};
 	$t = 0 if ($t < 0);
 	return $t;
-}
+}
--- a/thirdparty/rr/rip.pl
+++ b/thirdparty/rr/rip.pl
@ -1,4 +1,4 @@
-#! /usr/bin/perl
+#! c:\perl\bin\perl.exe
 #-------------------------------------------------------------------------
 # Rip - RegRipper, CLI version
 # Use this utility to run a plugins file or a single plugin against a Reg
@ -347,4 +347,4 @@ sub getTime($$) {
 	};
 	$t = 0 if ($t < 0);
 	return $t;
-}
+}
--- a/thirdparty/rr/rr.pl
+++ b/thirdparty/rr/rr.pl
@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#! c:\perl\bin\perl.exe
 #-----------------------------------------------------------
 # Registry Ripper
 # Parse a Registry hive file for data pertinent to an investigation
@ -451,4 +451,4 @@ sub getTime($$) {
 	};
 	$t = 0 if ($t < 0);
 	return $t;
-}
+}