mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-06 21:00:22 +00:00
Merge branch 'develop' of github.com:sleuthkit/autopsy into 8425_linuxMacBuild
This commit is contained in:
commit
6a9c0eba6e
@ -64,8 +64,8 @@ file.reference.postgresql-42.3.5.jar=release/modules/ext/postgresql-42.3.5.jar
|
|||||||
file.reference.Rejistry-1.1-SNAPSHOT.jar=release/modules/ext/Rejistry-1.1-SNAPSHOT.jar
|
file.reference.Rejistry-1.1-SNAPSHOT.jar=release/modules/ext/Rejistry-1.1-SNAPSHOT.jar
|
||||||
file.reference.sevenzipjbinding-AllPlatforms.jar=release/modules/ext/sevenzipjbinding-AllPlatforms.jar
|
file.reference.sevenzipjbinding-AllPlatforms.jar=release/modules/ext/sevenzipjbinding-AllPlatforms.jar
|
||||||
file.reference.sevenzipjbinding.jar=release/modules/ext/sevenzipjbinding.jar
|
file.reference.sevenzipjbinding.jar=release/modules/ext/sevenzipjbinding.jar
|
||||||
file.reference.sleuthkit-4.11.1.jar=release/modules/ext/sleuthkit-4.11.1.jar
|
file.reference.sleuthkit-4.12.0.jar=release/modules/ext/sleuthkit-4.12.0.jar
|
||||||
file.reference.sleuthkit-caseuco-4.11.1.jar=release/modules/ext/sleuthkit-caseuco-4.11.1.jar
|
file.reference.sleuthkit-caseuco-4.12.0.jar=release/modules/ext/sleuthkit-caseuco-4.12.0.jar
|
||||||
file.reference.snakeyaml-1.30.jar=release/modules/ext/snakeyaml-1.30.jar
|
file.reference.snakeyaml-1.30.jar=release/modules/ext/snakeyaml-1.30.jar
|
||||||
file.reference.SparseBitSet-1.1.jar=release/modules/ext/SparseBitSet-1.1.jar
|
file.reference.SparseBitSet-1.1.jar=release/modules/ext/SparseBitSet-1.1.jar
|
||||||
file.reference.spotbugs-annotations-4.6.0.jar=release/modules/ext/spotbugs-annotations-4.6.0.jar
|
file.reference.spotbugs-annotations-4.6.0.jar=release/modules/ext/spotbugs-annotations-4.6.0.jar
|
||||||
|
@ -611,12 +611,12 @@
|
|||||||
<binary-origin>release/modules/ext/sevenzipjbinding.jar</binary-origin>
|
<binary-origin>release/modules/ext/sevenzipjbinding.jar</binary-origin>
|
||||||
</class-path-extension>
|
</class-path-extension>
|
||||||
<class-path-extension>
|
<class-path-extension>
|
||||||
<runtime-relative-path>ext/sleuthkit-4.11.1.jar</runtime-relative-path>
|
<runtime-relative-path>ext/sleuthkit-4.12.0.jar</runtime-relative-path>
|
||||||
<binary-origin>release/modules/ext/sleuthkit-4.11.1.jar</binary-origin>
|
<binary-origin>release/modules/ext/sleuthkit-4.12.0.jar</binary-origin>
|
||||||
</class-path-extension>
|
</class-path-extension>
|
||||||
<class-path-extension>
|
<class-path-extension>
|
||||||
<runtime-relative-path>ext/sleuthkit-caseuco-4.11.1.jar</runtime-relative-path>
|
<runtime-relative-path>ext/sleuthkit-caseuco-4.12.0.jar</runtime-relative-path>
|
||||||
<binary-origin>release/modules/ext/sleuthkit-caseuco-4.11.1.jar</binary-origin>
|
<binary-origin>release/modules/ext/sleuthkit-caseuco-4.12.0.jar</binary-origin>
|
||||||
</class-path-extension>
|
</class-path-extension>
|
||||||
<class-path-extension>
|
<class-path-extension>
|
||||||
<runtime-relative-path>ext/snakeyaml-1.30.jar</runtime-relative-path>
|
<runtime-relative-path>ext/snakeyaml-1.30.jar</runtime-relative-path>
|
||||||
|
@ -247,15 +247,10 @@ AddImageWizardIngestConfigPanel.dsProcDone.errs.text=*Errors encountered in addi
|
|||||||
AddImageWizardIngestConfigVisual.getName.text=Configure Ingest
|
AddImageWizardIngestConfigVisual.getName.text=Configure Ingest
|
||||||
AddImageWizardIterator.stepXofN=Step {0} of {1}
|
AddImageWizardIterator.stepXofN=Step {0} of {1}
|
||||||
AddLocalFilesTask.localFileAdd.progress.text=Adding: {0}/{1}
|
AddLocalFilesTask.localFileAdd.progress.text=Adding: {0}/{1}
|
||||||
Case.getCurCase.exception.noneOpen=Cannot get the current case; there is no case open\!
|
Case.getCurCase.exception.noneOpen=Cannot get the current case; there is no case open!
|
||||||
Case.open.msgDlg.updated.msg=Updated case database schema.\nA backup copy of the database with the following path has been made:\n {0}
|
Case.open.msgDlg.updated.msg=Updated case database schema.\nA backup copy of the database with the following path has been made:\n {0}
|
||||||
Case.open.msgDlg.updated.title=Case Database Schema Update
|
Case.open.msgDlg.updated.title=Case Database Schema Update
|
||||||
Case.checkImgExist.confDlg.doesntExist.msg=One of the images associated with \n\
|
Case.checkImgExist.confDlg.doesntExist.msg=One of the images associated with \nthis case are missing. Would you like to search for them now?\nPreviously, the image was located at:\n{0}\nPlease note that you will still be able to browse directories and generate reports\nif you choose No, but you will not be able to view file content or run the ingest process.
|
||||||
this case are missing. Would you like to search for them now?\n\
|
|
||||||
Previously, the image was located at:\n\
|
|
||||||
{0}\n\
|
|
||||||
Please note that you will still be able to browse directories and generate reports\n\
|
|
||||||
if you choose No, but you will not be able to view file content or run the ingest process.
|
|
||||||
Case.checkImgExist.confDlg.doesntExist.title=Missing Image
|
Case.checkImgExist.confDlg.doesntExist.title=Missing Image
|
||||||
Case.addImg.exception.msg=Error adding image to the case
|
Case.addImg.exception.msg=Error adding image to the case
|
||||||
Case.updateCaseName.exception.msg=Error while trying to update the case name.
|
Case.updateCaseName.exception.msg=Error while trying to update the case name.
|
||||||
@ -274,12 +269,9 @@ Case.GetCaseTypeGivenPath.Failure=Unable to get case type
|
|||||||
Case.metaDataFileCorrupt.exception.msg=The case metadata file (.aut) is corrupted.
|
Case.metaDataFileCorrupt.exception.msg=The case metadata file (.aut) is corrupted.
|
||||||
Case.deleteReports.deleteFromDiskException.log.msg=Unable to delete the report from the disk.
|
Case.deleteReports.deleteFromDiskException.log.msg=Unable to delete the report from the disk.
|
||||||
Case.deleteReports.deleteFromDiskException.msg=Unable to delete the report {0} from the disk.\nYou may manually delete it from {1}
|
Case.deleteReports.deleteFromDiskException.msg=Unable to delete the report {0} from the disk.\nYou may manually delete it from {1}
|
||||||
CaseDeleteAction.closeConfMsg.text=Are you sure want to close and delete this case? \n\
|
CaseDeleteAction.closeConfMsg.text=Are you sure want to close and delete this case? \nCase Name: {0}\nCase Directory: {1}
|
||||||
Case Name: {0}\n\
|
|
||||||
Case Directory: {1}
|
|
||||||
CaseDeleteAction.closeConfMsg.title=Warning: Closing the Current Case
|
CaseDeleteAction.closeConfMsg.title=Warning: Closing the Current Case
|
||||||
CaseDeleteAction.msgDlg.fileInUse.msg=The delete action cannot be fully completed because the folder or file in it is open by another program.\n\n\
|
CaseDeleteAction.msgDlg.fileInUse.msg=The delete action cannot be fully completed because the folder or file in it is open by another program.\n\nClose the folder and file and try again or you can delete the case manually.
|
||||||
Close the folder and file and try again or you can delete the case manually.
|
|
||||||
CaseDeleteAction.msgDlg.fileInUse.title=Error: Folder In Use
|
CaseDeleteAction.msgDlg.fileInUse.title=Error: Folder In Use
|
||||||
CaseDeleteAction.msgDlg.caseDelete.msg=Case {0} has been deleted.
|
CaseDeleteAction.msgDlg.caseDelete.msg=Case {0} has been deleted.
|
||||||
CaseOpenAction.autFilter.title={0} Case File ( {1})
|
CaseOpenAction.autFilter.title={0} Case File ( {1})
|
||||||
@ -311,8 +303,7 @@ NewCaseWizardAction.databaseProblem1.text=Cannot open database. Cancelling case
|
|||||||
NewCaseWizardAction.databaseProblem2.text=Error
|
NewCaseWizardAction.databaseProblem2.text=Error
|
||||||
NewCaseWizardPanel1.validate.errMsg.invalidSymbols=The Case Name cannot contain any of the following symbols: \\ / : * ? " < > |
|
NewCaseWizardPanel1.validate.errMsg.invalidSymbols=The Case Name cannot contain any of the following symbols: \\ / : * ? " < > |
|
||||||
NewCaseWizardPanel1.validate.errMsg.dirExists=Case directory ''{0}'' already exists.
|
NewCaseWizardPanel1.validate.errMsg.dirExists=Case directory ''{0}'' already exists.
|
||||||
NewCaseWizardPanel1.validate.confMsg.createDir.msg=The base directory "{0}" does not exist. \n\n\
|
NewCaseWizardPanel1.validate.confMsg.createDir.msg=The base directory "{0}" does not exist. \n\nDo you want to create that directory?
|
||||||
Do you want to create that directory?
|
|
||||||
NewCaseWizardPanel1.validate.confMsg.createDir.title=Create directory
|
NewCaseWizardPanel1.validate.confMsg.createDir.title=Create directory
|
||||||
NewCaseWizardPanel1.validate.errMsg.cantCreateParDir.msg=Error: Could not create case parent directory {0}
|
NewCaseWizardPanel1.validate.errMsg.cantCreateParDir.msg=Error: Could not create case parent directory {0}
|
||||||
NewCaseWizardPanel1.validate.errMsg.prevCreateBaseDir.msg=Prevented from creating base directory {0}
|
NewCaseWizardPanel1.validate.errMsg.prevCreateBaseDir.msg=Prevented from creating base directory {0}
|
||||||
@ -369,8 +360,8 @@ UnpackageWorker.doInBackground.previouslySeenCase=Case has been previously opene
|
|||||||
UpdateRecentCases.menuItem.clearRecentCases.text=Clear Recent Cases
|
UpdateRecentCases.menuItem.clearRecentCases.text=Clear Recent Cases
|
||||||
UpdateRecentCases.menuItem.empty=-Empty-
|
UpdateRecentCases.menuItem.empty=-Empty-
|
||||||
AddImageWizardIngestConfigPanel.CANCEL_BUTTON.text=Cancel
|
AddImageWizardIngestConfigPanel.CANCEL_BUTTON.text=Cancel
|
||||||
NewCaseVisualPanel1.CaseFolderOnCDriveError.text=Warning: Path to multi-user case folder is on \"C:\" drive
|
NewCaseVisualPanel1.CaseFolderOnCDriveError.text=Warning: Path to multi-user case folder is on "C:" drive
|
||||||
NewCaseVisualPanel1.CaseFolderOnInternalDriveWindowsError.text=Warning: Path to case folder is on \"C:\" drive. Case folder is created on the target system
|
NewCaseVisualPanel1.CaseFolderOnInternalDriveWindowsError.text=Warning: Path to case folder is on "C:" drive. Case folder is created on the target system
|
||||||
NewCaseVisualPanel1.CaseFolderOnInternalDriveLinuxError.text=Warning: Path to case folder is on the target system. Create case folder in mounted drive.
|
NewCaseVisualPanel1.CaseFolderOnInternalDriveLinuxError.text=Warning: Path to case folder is on the target system. Create case folder in mounted drive.
|
||||||
NewCaseVisualPanel1.uncPath.error=Error: UNC paths are not allowed for Single-User cases
|
NewCaseVisualPanel1.uncPath.error=Error: UNC paths are not allowed for Single-User cases
|
||||||
CollaborationMonitor.addingDataSourceStatus.msg={0} adding data source
|
CollaborationMonitor.addingDataSourceStatus.msg={0} adding data source
|
||||||
@ -378,7 +369,7 @@ CollaborationMonitor.analyzingDataSourceStatus.msg={0} analyzing {1}
|
|||||||
MissingImageDialog.lbWarning.text=
|
MissingImageDialog.lbWarning.text=
|
||||||
MissingImageDialog.lbWarning.toolTipText=
|
MissingImageDialog.lbWarning.toolTipText=
|
||||||
NewCaseVisualPanel1.caseParentDirWarningLabel.text=
|
NewCaseVisualPanel1.caseParentDirWarningLabel.text=
|
||||||
NewCaseVisualPanel1.multiUserCaseRadioButton.text=Multi-User
|
NewCaseVisualPanel1.multiUserCaseRadioButton.text=Multi-User\t\t
|
||||||
NewCaseVisualPanel1.singleUserCaseRadioButton.text=Single-User
|
NewCaseVisualPanel1.singleUserCaseRadioButton.text=Single-User
|
||||||
NewCaseVisualPanel1.caseTypeLabel.text=Case Type:
|
NewCaseVisualPanel1.caseTypeLabel.text=Case Type:
|
||||||
SingleUserCaseConverter.BadDatabaseFileName=Database file does not exist!
|
SingleUserCaseConverter.BadDatabaseFileName=Database file does not exist!
|
||||||
|
@ -5,10 +5,7 @@ CentralRepoCommentDialog.title.addEditCentralRepoComment=Add/Edit Central Reposi
|
|||||||
OpenIDE-Module-Name=Central Repository
|
OpenIDE-Module-Name=Central Repository
|
||||||
OpenIDE-Module-Display-Category=Ingest Module
|
OpenIDE-Module-Display-Category=Ingest Module
|
||||||
OpenIDE-Module-Short-Description=Central Repository Ingest Module
|
OpenIDE-Module-Short-Description=Central Repository Ingest Module
|
||||||
OpenIDE-Module-Long-Description=\
|
OpenIDE-Module-Long-Description=Central Repository ingest module and central database. \n\nThe Central Repository ingest module stores attributes of artifacts matching selected correlation types into a central database.\nStored attributes are used in future cases to correlate and analyzes files and artifacts during ingest.
|
||||||
Central Repository ingest module and central database. \n\n\
|
|
||||||
The Central Repository ingest module stores attributes of artifacts matching selected correlation types into a central database.\n\
|
|
||||||
Stored attributes are used in future cases to correlate and analyzes files and artifacts during ingest.
|
|
||||||
CentralRepoCommentDialog.commentLabel.text=Comment:
|
CentralRepoCommentDialog.commentLabel.text=Comment:
|
||||||
CentralRepoCommentDialog.okButton.text=&OK
|
CentralRepoCommentDialog.okButton.text=&OK
|
||||||
CentralRepoCommentDialog.cancelButton.text=C&ancel
|
CentralRepoCommentDialog.cancelButton.text=C&ancel
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -24,6 +24,7 @@ import org.openide.DialogDescriptor;
|
|||||||
import org.openide.DialogDisplayer;
|
import org.openide.DialogDisplayer;
|
||||||
import org.openide.awt.ActionID;
|
import org.openide.awt.ActionID;
|
||||||
import org.openide.awt.ActionReference;
|
import org.openide.awt.ActionReference;
|
||||||
|
import org.openide.awt.ActionRegistration;
|
||||||
import org.openide.util.NbBundle;
|
import org.openide.util.NbBundle;
|
||||||
import org.openide.util.NbBundle.Messages;
|
import org.openide.util.NbBundle.Messages;
|
||||||
|
|
||||||
@ -32,6 +33,7 @@ import org.openide.util.NbBundle.Messages;
|
|||||||
* menu.
|
* menu.
|
||||||
*/
|
*/
|
||||||
@ActionID(id = "org.sleuthkit.autopsy.corecomponents.AboutWindowAction", category = "Help")
|
@ActionID(id = "org.sleuthkit.autopsy.corecomponents.AboutWindowAction", category = "Help")
|
||||||
|
@ActionRegistration(displayName = "#CTL_CustomAboutAction", iconInMenu = true, lazy = false)
|
||||||
@ActionReference(path = "Menu/Help", position = 3000, separatorBefore = 2999)
|
@ActionReference(path = "Menu/Help", position = 3000, separatorBefore = 2999)
|
||||||
public class AboutWindowAction extends AboutAction {
|
public class AboutWindowAction extends AboutAction {
|
||||||
|
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
CTL_CustomAboutAction=About
|
||||||
CTL_DataContentAction=DataContent
|
CTL_DataContentAction=DataContent
|
||||||
CTL_DataContentTopComponent=Data Content
|
CTL_DataContentTopComponent=Data Content
|
||||||
OptionsCategory_Name_General=Application
|
OptionsCategory_Name_General=Application
|
||||||
|
1
Core/src/org/sleuthkit/autopsy/filesearch/Bundle.properties
Normal file → Executable file
1
Core/src/org/sleuthkit/autopsy/filesearch/Bundle.properties
Normal file → Executable file
@ -62,3 +62,4 @@ MimeTypePanel.noteLabel.text=*Note: Multiple MIME types can be selected
|
|||||||
HashSearchPanel.sha256CheckBox.text=SHA-256:
|
HashSearchPanel.sha256CheckBox.text=SHA-256:
|
||||||
HashSearchPanel.sha256TextField.text=
|
HashSearchPanel.sha256TextField.text=
|
||||||
FileSearchPanel.closeButton.text=Close
|
FileSearchPanel.closeButton.text=Close
|
||||||
|
DeletedFilesSearchPanel.deletedCheckbox.text=Deleted
|
||||||
|
@ -19,7 +19,7 @@ KnownStatusSearchPanel.knownCheckBox.text=Known Status:
|
|||||||
KnownStatusSearchPanel.knownBadOptionCheckBox.text=Notable
|
KnownStatusSearchPanel.knownBadOptionCheckBox.text=Notable
|
||||||
KnownStatusSearchPanel.knownOptionCheckBox.text=Known (NSRL or other)
|
KnownStatusSearchPanel.knownOptionCheckBox.text=Known (NSRL or other)
|
||||||
KnownStatusSearchPanel.unknownOptionCheckBox.text=Unknown
|
KnownStatusSearchPanel.unknownOptionCheckBox.text=Unknown
|
||||||
DateSearchFilter.noneSelectedMsg.text=At least one date type must be selected\!
|
DateSearchFilter.noneSelectedMsg.text=At least one date type must be selected!
|
||||||
DateSearchPanel.dateCheckBox.text=Date:
|
DateSearchPanel.dateCheckBox.text=Date:
|
||||||
DateSearchPanel.jLabel4.text=Timezone:
|
DateSearchPanel.jLabel4.text=Timezone:
|
||||||
DateSearchPanel.createdCheckBox.text=Created
|
DateSearchPanel.createdCheckBox.text=Created
|
||||||
@ -60,7 +60,7 @@ FileSearchPanel.search.results.details=Large number of matches may impact perfor
|
|||||||
FileSearchPanel.search.exception.noFilterSelected.msg=At least one filter must be selected.
|
FileSearchPanel.search.exception.noFilterSelected.msg=At least one filter must be selected.
|
||||||
FileSearchPanel.search.validationErr.msg=Validation Error: {0}
|
FileSearchPanel.search.validationErr.msg=Validation Error: {0}
|
||||||
FileSearchPanel.emptyWhereClause.text=Invalid options, nothing to show.
|
FileSearchPanel.emptyWhereClause.text=Invalid options, nothing to show.
|
||||||
KnownStatusSearchFilter.noneSelectedMsg.text=At least one known status must be selected\!
|
KnownStatusSearchFilter.noneSelectedMsg.text=At least one known status must be selected!
|
||||||
NameSearchFilter.emptyNameMsg.text=Must enter something for name search.
|
NameSearchFilter.emptyNameMsg.text=Must enter something for name search.
|
||||||
SizeSearchPanel.sizeCompareComboBox.equalTo=equal to
|
SizeSearchPanel.sizeCompareComboBox.equalTo=equal to
|
||||||
SizeSearchPanel.sizeCompareComboBox.greaterThan=greater than
|
SizeSearchPanel.sizeCompareComboBox.greaterThan=greater than
|
||||||
@ -81,3 +81,4 @@ MimeTypePanel.noteLabel.text=*Note: Multiple MIME types can be selected
|
|||||||
HashSearchPanel.sha256CheckBox.text=SHA-256:
|
HashSearchPanel.sha256CheckBox.text=SHA-256:
|
||||||
HashSearchPanel.sha256TextField.text=
|
HashSearchPanel.sha256TextField.text=
|
||||||
FileSearchPanel.closeButton.text=Close
|
FileSearchPanel.closeButton.text=Close
|
||||||
|
DeletedFilesSearchPanel.deletedCheckbox.text=Deleted
|
||||||
|
43
Core/src/org/sleuthkit/autopsy/filesearch/DeletedFilesSearchPanel.form
Executable file
43
Core/src/org/sleuthkit/autopsy/filesearch/DeletedFilesSearchPanel.form
Executable file
@ -0,0 +1,43 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8" ?>
|
||||||
|
|
||||||
|
<Form version="1.5" maxVersion="1.9" type="org.netbeans.modules.form.forminfo.JPanelFormInfo">
|
||||||
|
<Properties>
|
||||||
|
<Property name="minimumSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
|
||||||
|
<Dimension value="[337, 49]"/>
|
||||||
|
</Property>
|
||||||
|
<Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
|
||||||
|
<Dimension value="[337, 49]"/>
|
||||||
|
</Property>
|
||||||
|
</Properties>
|
||||||
|
<AuxValues>
|
||||||
|
<AuxValue name="FormSettings_autoResourcing" type="java.lang.Integer" value="1"/>
|
||||||
|
<AuxValue name="FormSettings_autoSetComponentName" type="java.lang.Boolean" value="false"/>
|
||||||
|
<AuxValue name="FormSettings_generateFQN" type="java.lang.Boolean" value="true"/>
|
||||||
|
<AuxValue name="FormSettings_generateMnemonicsCode" type="java.lang.Boolean" value="true"/>
|
||||||
|
<AuxValue name="FormSettings_i18nAutoMode" type="java.lang.Boolean" value="true"/>
|
||||||
|
<AuxValue name="FormSettings_layoutCodeTarget" type="java.lang.Integer" value="1"/>
|
||||||
|
<AuxValue name="FormSettings_listenerGenerationStyle" type="java.lang.Integer" value="0"/>
|
||||||
|
<AuxValue name="FormSettings_variablesLocal" type="java.lang.Boolean" value="false"/>
|
||||||
|
<AuxValue name="FormSettings_variablesModifier" type="java.lang.Integer" value="2"/>
|
||||||
|
<AuxValue name="designerSize" type="java.awt.Dimension" value="-84,-19,0,5,115,114,0,18,106,97,118,97,46,97,119,116,46,68,105,109,101,110,115,105,111,110,65,-114,-39,-41,-84,95,68,20,2,0,2,73,0,6,104,101,105,103,104,116,73,0,5,119,105,100,116,104,120,112,0,0,0,35,0,0,0,76"/>
|
||||||
|
</AuxValues>
|
||||||
|
|
||||||
|
<Layout class="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout"/>
|
||||||
|
<SubComponents>
|
||||||
|
<Component class="javax.swing.JCheckBox" name="deletedCheckbox">
|
||||||
|
<Properties>
|
||||||
|
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
|
||||||
|
<ResourceString bundle="org/sleuthkit/autopsy/filesearch/Bundle.properties" key="DeletedFilesSearchPanel.deletedCheckbox.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, "{key}")"/>
|
||||||
|
</Property>
|
||||||
|
<Property name="minimumSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
|
||||||
|
<Dimension value="[0, 0]"/>
|
||||||
|
</Property>
|
||||||
|
</Properties>
|
||||||
|
<Constraints>
|
||||||
|
<Constraint layoutClass="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout" value="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout$GridBagConstraintsDescription">
|
||||||
|
<GridBagConstraints gridX="0" gridY="0" gridWidth="1" gridHeight="1" fill="0" ipadX="0" ipadY="0" insetsTop="0" insetsLeft="0" insetsBottom="0" insetsRight="0" anchor="18" weightX="1.0" weightY="1.0"/>
|
||||||
|
</Constraint>
|
||||||
|
</Constraints>
|
||||||
|
</Component>
|
||||||
|
</SubComponents>
|
||||||
|
</Form>
|
118
Core/src/org/sleuthkit/autopsy/filesearch/DeletedFilesSearchPanel.java
Executable file
118
Core/src/org/sleuthkit/autopsy/filesearch/DeletedFilesSearchPanel.java
Executable file
@ -0,0 +1,118 @@
|
|||||||
|
/*
|
||||||
|
* Autopsy Forensic Browser
|
||||||
|
*
|
||||||
|
* Copyright 2022 Basis Technology Corp.
|
||||||
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.sleuthkit.autopsy.filesearch;
|
||||||
|
|
||||||
|
import java.awt.event.ActionListener;
|
||||||
|
import org.sleuthkit.datamodel.TskData;
|
||||||
|
|
||||||
|
class DeletedFilesSearchPanel extends javax.swing.JPanel {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
private final static String ALL_DELETED_CONTENT_QUERY = "( "
|
||||||
|
+ "(dir_flags = " + TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC.getValue() //NON-NLS
|
||||||
|
+ " OR " //NON-NLS
|
||||||
|
+ "meta_flags = " + TskData.TSK_FS_META_FLAG_ENUM.ORPHAN.getValue() //NON-NLS
|
||||||
|
+ ")"
|
||||||
|
+ " AND type = " + TskData.TSK_DB_FILES_TYPE_ENUM.FS.getFileType() //NON-NLS
|
||||||
|
+ " )"
|
||||||
|
+ " OR type = " + TskData.TSK_DB_FILES_TYPE_ENUM.CARVED.getFileType() //NON-NLS
|
||||||
|
+ " OR (dir_flags = " + TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC.getValue()
|
||||||
|
+ " AND type = " + TskData.TSK_DB_FILES_TYPE_ENUM.LAYOUT_FILE.getFileType() + " )";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates new form DeletedFilesSearchPanel
|
||||||
|
*/
|
||||||
|
DeletedFilesSearchPanel() {
|
||||||
|
initComponents();
|
||||||
|
}
|
||||||
|
|
||||||
|
boolean isDeletedFileSelected() {
|
||||||
|
return deletedCheckbox.isSelected();
|
||||||
|
}
|
||||||
|
|
||||||
|
void setDeletedFileSelected(boolean selected) {
|
||||||
|
deletedCheckbox.setSelected(selected);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method is called from within the constructor to initialize the form.
|
||||||
|
* WARNING: Do NOT modify this code. The content of this method is always
|
||||||
|
* regenerated by the Form Editor.
|
||||||
|
*/
|
||||||
|
@SuppressWarnings("unchecked")
|
||||||
|
// <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents
|
||||||
|
private void initComponents() {
|
||||||
|
java.awt.GridBagConstraints gridBagConstraints;
|
||||||
|
|
||||||
|
deletedCheckbox = new javax.swing.JCheckBox();
|
||||||
|
|
||||||
|
setMinimumSize(new java.awt.Dimension(337, 49));
|
||||||
|
setPreferredSize(new java.awt.Dimension(337, 49));
|
||||||
|
setLayout(new java.awt.GridBagLayout());
|
||||||
|
|
||||||
|
org.openide.awt.Mnemonics.setLocalizedText(deletedCheckbox, org.openide.util.NbBundle.getMessage(DeletedFilesSearchPanel.class, "DeletedFilesSearchPanel.deletedCheckbox.text")); // NOI18N
|
||||||
|
deletedCheckbox.setMinimumSize(new java.awt.Dimension(0, 0));
|
||||||
|
gridBagConstraints = new java.awt.GridBagConstraints();
|
||||||
|
gridBagConstraints.gridx = 0;
|
||||||
|
gridBagConstraints.gridy = 0;
|
||||||
|
gridBagConstraints.anchor = java.awt.GridBagConstraints.NORTHWEST;
|
||||||
|
gridBagConstraints.weightx = 1.0;
|
||||||
|
gridBagConstraints.weighty = 1.0;
|
||||||
|
add(deletedCheckbox, gridBagConstraints);
|
||||||
|
}// </editor-fold>//GEN-END:initComponents
|
||||||
|
|
||||||
|
|
||||||
|
// Variables declaration - do not modify//GEN-BEGIN:variables
|
||||||
|
private javax.swing.JCheckBox deletedCheckbox;
|
||||||
|
// End of variables declaration//GEN-END:variables
|
||||||
|
static final class DeletedFileSearchFilter extends AbstractFileSearchFilter<DeletedFilesSearchPanel> {
|
||||||
|
|
||||||
|
DeletedFileSearchFilter() {
|
||||||
|
super(new DeletedFilesSearchPanel());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isEnabled() {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isValid() {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getPredicate() throws FilterValidationException {
|
||||||
|
if (getComponent().isDeletedFileSelected()) {
|
||||||
|
return ALL_DELETED_CONTENT_QUERY;
|
||||||
|
}
|
||||||
|
|
||||||
|
return "";
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void addActionListener(ActionListener l) {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
1
Core/src/org/sleuthkit/autopsy/filesearch/FileSearchPanel.form
Normal file → Executable file
1
Core/src/org/sleuthkit/autopsy/filesearch/FileSearchPanel.form
Normal file → Executable file
@ -16,6 +16,7 @@
|
|||||||
<AuxValue name="FormSettings_listenerGenerationStyle" type="java.lang.Integer" value="0"/>
|
<AuxValue name="FormSettings_listenerGenerationStyle" type="java.lang.Integer" value="0"/>
|
||||||
<AuxValue name="FormSettings_variablesLocal" type="java.lang.Boolean" value="false"/>
|
<AuxValue name="FormSettings_variablesLocal" type="java.lang.Boolean" value="false"/>
|
||||||
<AuxValue name="FormSettings_variablesModifier" type="java.lang.Integer" value="2"/>
|
<AuxValue name="FormSettings_variablesModifier" type="java.lang.Integer" value="2"/>
|
||||||
|
<AuxValue name="designerSize" type="java.awt.Dimension" value="-84,-19,0,5,115,114,0,18,106,97,118,97,46,97,119,116,46,68,105,109,101,110,115,105,111,110,65,-114,-39,-41,-84,95,68,20,2,0,2,73,0,6,104,101,105,103,104,116,73,0,5,119,105,100,116,104,120,112,0,0,1,44,0,0,1,-112"/>
|
||||||
</AuxValues>
|
</AuxValues>
|
||||||
|
|
||||||
<Layout class="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout"/>
|
<Layout class="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout"/>
|
||||||
|
17
Core/src/org/sleuthkit/autopsy/filesearch/FileSearchPanel.java
Normal file → Executable file
17
Core/src/org/sleuthkit/autopsy/filesearch/FileSearchPanel.java
Normal file → Executable file
@ -47,6 +47,7 @@ import org.sleuthkit.autopsy.corecomponents.TableFilterNode;
|
|||||||
import org.sleuthkit.autopsy.coreutils.Logger;
|
import org.sleuthkit.autopsy.coreutils.Logger;
|
||||||
import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
|
import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
|
||||||
import org.sleuthkit.autopsy.datamodel.EmptyNode;
|
import org.sleuthkit.autopsy.datamodel.EmptyNode;
|
||||||
|
import org.sleuthkit.autopsy.filesearch.DeletedFilesSearchPanel.DeletedFileSearchFilter;
|
||||||
import org.sleuthkit.autopsy.filesearch.FileSearchFilter.FilterValidationException;
|
import org.sleuthkit.autopsy.filesearch.FileSearchFilter.FilterValidationException;
|
||||||
import org.sleuthkit.datamodel.AbstractFile;
|
import org.sleuthkit.datamodel.AbstractFile;
|
||||||
import org.sleuthkit.datamodel.SleuthkitCase;
|
import org.sleuthkit.datamodel.SleuthkitCase;
|
||||||
@ -105,18 +106,19 @@ class FileSearchPanel extends javax.swing.JPanel {
|
|||||||
SizeSearchFilter sizeFilter = new SizeSearchFilter();
|
SizeSearchFilter sizeFilter = new SizeSearchFilter();
|
||||||
DateSearchFilter dateFilter = new DateSearchFilter();
|
DateSearchFilter dateFilter = new DateSearchFilter();
|
||||||
KnownStatusSearchFilter knowStatusFilter = new KnownStatusSearchFilter();
|
KnownStatusSearchFilter knowStatusFilter = new KnownStatusSearchFilter();
|
||||||
|
DeletedFileSearchFilter deleltedFilter = new DeletedFileSearchFilter();
|
||||||
HashSearchFilter hashFilter = new HashSearchFilter();
|
HashSearchFilter hashFilter = new HashSearchFilter();
|
||||||
panel2.add(new FilterArea(NbBundle.getMessage(this.getClass(), "FileSearchPanel.filterTitle.name"), nameFilter));
|
panel2.add(new FilterArea(NbBundle.getMessage(this.getClass(), "FileSearchPanel.filterTitle.name"), nameFilter));
|
||||||
|
|
||||||
panel3.add(new FilterArea(NbBundle.getMessage(this.getClass(), "FileSearchPanel.filterTitle.metadata"), sizeFilter));
|
panel3.add(new FilterArea(NbBundle.getMessage(this.getClass(), "FileSearchPanel.filterTitle.metadata"), sizeFilter));
|
||||||
|
|
||||||
panel2.add(new FilterArea(NbBundle.getMessage(this.getClass(), "FileSearchPanel.filterTitle.metadata"), dateFilter));
|
panel2.add(new FilterArea(NbBundle.getMessage(this.getClass(), "FileSearchPanel.filterTitle.metadata"), dateFilter));
|
||||||
panel3.add(new FilterArea(NbBundle.getMessage(this.getClass(), "FileSearchPanel.filterTitle.knownStatus"), knowStatusFilter));
|
panel3.add(new FilterArea(NbBundle.getMessage(this.getClass(), "FileSearchPanel.filterTitle.knownStatus"), knowStatusFilter));
|
||||||
|
|
||||||
panel5.add(new FilterArea(NbBundle.getMessage(this.getClass(), "HashSearchPanel.md5CheckBox.text"), hashFilter));
|
panel5.add(new FilterArea(NbBundle.getMessage(this.getClass(), "HashSearchPanel.md5CheckBox.text"), hashFilter));
|
||||||
panel5.add(new JLabel(""));
|
|
||||||
panel4.add(new FilterArea(NbBundle.getMessage(this.getClass(), "FileSearchPanel.filterTitle.metadata"), mimeTypeFilter));
|
panel4.add(new FilterArea(NbBundle.getMessage(this.getClass(), "FileSearchPanel.filterTitle.metadata"), mimeTypeFilter));
|
||||||
panel4.add(new FilterArea(NbBundle.getMessage(this.getClass(), "DataSourcePanel.dataSourceCheckBox.text"), dataSourceFilter));
|
panel4.add(new FilterArea(NbBundle.getMessage(this.getClass(), "DataSourcePanel.dataSourceCheckBox.text"), dataSourceFilter));
|
||||||
|
panel5.add(new FilterArea(NbBundle.getMessage(this.getClass(), "DeletedFilesSearchPanel.deletedCheckbox.text"), deleltedFilter));
|
||||||
|
|
||||||
filterPanel.add(panel1);
|
filterPanel.add(panel1);
|
||||||
filterPanel.add(panel2);
|
filterPanel.add(panel2);
|
||||||
filterPanel.add(panel3);
|
filterPanel.add(panel3);
|
||||||
@ -130,6 +132,7 @@ class FileSearchPanel extends javax.swing.JPanel {
|
|||||||
filters.add(hashFilter);
|
filters.add(hashFilter);
|
||||||
filters.add(mimeTypeFilter);
|
filters.add(mimeTypeFilter);
|
||||||
filters.add(dataSourceFilter);
|
filters.add(dataSourceFilter);
|
||||||
|
filters.add(deleltedFilter);
|
||||||
|
|
||||||
for (FileSearchFilter filter : this.getFilters()) {
|
for (FileSearchFilter filter : this.getFilters()) {
|
||||||
filter.addPropertyChangeListener(new PropertyChangeListener() {
|
filter.addPropertyChangeListener(new PropertyChangeListener() {
|
||||||
@ -294,15 +297,7 @@ class FileSearchPanel extends javax.swing.JPanel {
|
|||||||
*
|
*
|
||||||
* @throws
|
* @throws
|
||||||
* org.sleuthkit.autopsy.filesearch.FileSearchFilter.FilterValidationException
|
* org.sleuthkit.autopsy.filesearch.FileSearchFilter.FilterValidationException
|
||||||
* if
|
* if an enabled filter is in an invalid state
|
||||||
* an
|
|
||||||
* enabled
|
|
||||||
* filter
|
|
||||||
* is
|
|
||||||
* in
|
|
||||||
* an
|
|
||||||
* invalid
|
|
||||||
* state
|
|
||||||
*/
|
*/
|
||||||
private String getQuery() throws FilterValidationException {
|
private String getQuery() throws FilterValidationException {
|
||||||
|
|
||||||
|
@ -61,10 +61,7 @@ ImportCentralRepoDbProgressDialog.errorParsingFile.message=Error parsing hash se
|
|||||||
ImportCentralRepoDbProgressDialog.linesProcessed.message=\ hashes processed
|
ImportCentralRepoDbProgressDialog.linesProcessed.message=\ hashes processed
|
||||||
ImportCentralRepoDbProgressDialog.title.text=Central Repository Import Progress
|
ImportCentralRepoDbProgressDialog.title.text=Central Repository Import Progress
|
||||||
OpenIDE-Module-Display-Category=Ingest Module
|
OpenIDE-Module-Display-Category=Ingest Module
|
||||||
OpenIDE-Module-Long-Description=\
|
OpenIDE-Module-Long-Description=Hash Set ingest module. \n\nThe ingest module analyzes files in the disk image and marks them as "known" (based on NSRL hashset lookup for "known" files) and "bad / interesting" (based on one or more hash sets supplied by the user).\n\nThe module also contains additional non-ingest tools that are integrated in the GUI, such as file lookup by hash and hash set configuration.
|
||||||
Hash Set ingest module. \n\n\
|
|
||||||
The ingest module analyzes files in the disk image and marks them as "known" (based on NSRL hashset lookup for "known" files) and "bad / interesting" (based on one or more hash sets supplied by the user).\n\n\
|
|
||||||
The module also contains additional non-ingest tools that are integrated in the GUI, such as file lookup by hash and hash set configuration.
|
|
||||||
OpenIDE-Module-Name=HashDatabases
|
OpenIDE-Module-Name=HashDatabases
|
||||||
OptionsCategory_Name_HashDatabase=Hash Sets
|
OptionsCategory_Name_HashDatabase=Hash Sets
|
||||||
OptionsCategory_Keywords_HashDatabase=Hash Sets
|
OptionsCategory_Keywords_HashDatabase=Hash Sets
|
||||||
@ -191,10 +188,7 @@ HashDbSearchThread.name.searching=Searching
|
|||||||
HashDbSearchThread.noMoreFilesWithMD5Msg=No other files with the same MD5 hash were found.
|
HashDbSearchThread.noMoreFilesWithMD5Msg=No other files with the same MD5 hash were found.
|
||||||
ModalNoButtons.indexingDbsTitle=Indexing hash sets
|
ModalNoButtons.indexingDbsTitle=Indexing hash sets
|
||||||
ModalNoButtons.indexingDbTitle=Indexing hash set
|
ModalNoButtons.indexingDbTitle=Indexing hash set
|
||||||
ModalNoButtons.exitHashDbIndexingMsg=You are about to exit out of indexing your hash sets. \n\
|
ModalNoButtons.exitHashDbIndexingMsg=You are about to exit out of indexing your hash sets. \nThe generated index will be left unusable. If you choose to continue,\nplease delete the corresponding -md5.idx file in the hash folder.\nExit indexing?
|
||||||
The generated index will be left unusable. If you choose to continue,\n\
|
|
||||||
please delete the corresponding -md5.idx file in the hash folder.\n\
|
|
||||||
Exit indexing?
|
|
||||||
ModalNoButtons.dlgTitle.unfinishedIndexing=Unfinished Indexing
|
ModalNoButtons.dlgTitle.unfinishedIndexing=Unfinished Indexing
|
||||||
ModalNoButtons.indexThis.currentlyIndexing1Db=Currently indexing 1 hash set
|
ModalNoButtons.indexThis.currentlyIndexing1Db=Currently indexing 1 hash set
|
||||||
ModalNoButtons.indexThese.currentlyIndexing1OfNDbs=Currently indexing 1 of {0}
|
ModalNoButtons.indexThese.currentlyIndexing1OfNDbs=Currently indexing 1 of {0}
|
||||||
|
@ -123,8 +123,8 @@ FilesSetRulePanel.nameTextField.text=
|
|||||||
FilesSetRulePanel.ruleNameLabel.text=Rule Name (Optional):
|
FilesSetRulePanel.ruleNameLabel.text=Rule Name (Optional):
|
||||||
FilesSetRulePanel.messages.emptyNameCondition=You must specify a name pattern for this rule.
|
FilesSetRulePanel.messages.emptyNameCondition=You must specify a name pattern for this rule.
|
||||||
FilesSetRulePanel.messages.invalidNameRegex=The name regular expression is not valid:\n\n{0}
|
FilesSetRulePanel.messages.invalidNameRegex=The name regular expression is not valid:\n\n{0}
|
||||||
FilesSetRulePanel.messages.invalidCharInName=The name cannot contain \\, /, :, *, ?, \", <, or > unless it is a regular expression.
|
FilesSetRulePanel.messages.invalidCharInName=The name cannot contain \\, /, :, *, ?, ", <, or > unless it is a regular expression.
|
||||||
FilesSetRulePanel.messages.invalidCharInPath=The path cannot contain \\, :, *, ?, \", <, or > unless it is a regular expression.
|
FilesSetRulePanel.messages.invalidCharInPath=The path cannot contain \\, :, *, ?, ", <, or > unless it is a regular expression.
|
||||||
FilesSetRulePanel.messages.invalidPathRegex=The path regular expression is not valid:\n\n{0}
|
FilesSetRulePanel.messages.invalidPathRegex=The path regular expression is not valid:\n\n{0}
|
||||||
FilesSetDefsPanel.doFileSetsDialog.duplicateRuleSet.text=Rule set with name {0} already exists.
|
FilesSetDefsPanel.doFileSetsDialog.duplicateRuleSet.text=Rule set with name {0} already exists.
|
||||||
FilesSetRulePanel.pathSeparatorInfoLabel.text=Folder must be in parent path. Use '/' to give consecutive names
|
FilesSetRulePanel.pathSeparatorInfoLabel.text=Folder must be in parent path. Use '/' to give consecutive names
|
||||||
|
@ -24,7 +24,7 @@ PhotoRecIngestModule.complete.totalParsetime=Total Parsing Time:
|
|||||||
PhotoRecIngestModule.complete.photoRecResults=PhotoRec Results
|
PhotoRecIngestModule.complete.photoRecResults=PhotoRec Results
|
||||||
PhotoRecIngestModule.NotEnoughDiskSpace.detail.msg=PhotoRec error processing {0} with {1} Not enough space on primary disk to save unallocated space.
|
PhotoRecIngestModule.NotEnoughDiskSpace.detail.msg=PhotoRec error processing {0} with {1} Not enough space on primary disk to save unallocated space.
|
||||||
PhotoRecIngestModule.cancelledByUser=PhotoRec cancelled by user.
|
PhotoRecIngestModule.cancelledByUser=PhotoRec cancelled by user.
|
||||||
PhotoRecIngestModule.error.exitValue=PhotoRec carver returned error exit value \= {0} when scanning {1}
|
PhotoRecIngestModule.error.exitValue=PhotoRec carver returned error exit value = {0} when scanning {1}
|
||||||
PhotoRecIngestModule.error.msg=Error processing {0} with PhotoRec carver.
|
PhotoRecIngestModule.error.msg=Error processing {0} with PhotoRec carver.
|
||||||
PhotoRecIngestModule.complete.numberOfErrors=Number of Errors while Carving:
|
PhotoRecIngestModule.complete.numberOfErrors=Number of Errors while Carving:
|
||||||
PhotoRecCarverIngestJobSettingsPanel.detectionSettingsLabel.text=PhotoRec Settings
|
PhotoRecCarverIngestJobSettingsPanel.detectionSettingsLabel.text=PhotoRec Settings
|
||||||
|
@ -9,6 +9,21 @@ PortableCaseTagsListPanel.error.noOpenCase=There is no case open
|
|||||||
ReportGenerator.artTableColHdr.comment=Comment
|
ReportGenerator.artTableColHdr.comment=Comment
|
||||||
ReportGenerator.errList.failedGetBBArtifactTags=Failed to get result tags.
|
ReportGenerator.errList.failedGetBBArtifactTags=Failed to get result tags.
|
||||||
ReportGenerator.errList.noOpenCase=No open case available.
|
ReportGenerator.errList.noOpenCase=No open case available.
|
||||||
|
# {0} - report module name
|
||||||
|
ReportGenerator.error.exception=Exception while running report module {0}
|
||||||
|
# {0} - report module name
|
||||||
|
ReportGenerator.error.invalidSettings=Invalid settings for report module {0}
|
||||||
|
# {0} - report module name
|
||||||
|
ReportGenerator.error.moduleNotFound=Report module {0} not found
|
||||||
|
# {0} - report module name
|
||||||
|
ReportGenerator.error.noFileReportSettings=No file report settings for report module {0}
|
||||||
|
ReportGenerator.error.noReportModules=No report modules found
|
||||||
|
# {0} - report module name
|
||||||
|
ReportGenerator.error.noTableReportSettings=No table report settings for report module {0}
|
||||||
|
# {0} - report configuration name
|
||||||
|
ReportGenerator.error.unableToLoadConfig=Unable to load reporting configuration {0}.
|
||||||
|
# {0} - report module name
|
||||||
|
ReportGenerator.error.unsupportedType=Report module {0} has unsupported report module type
|
||||||
ReportGenerator.tagTable.header.userName=User Name
|
ReportGenerator.tagTable.header.userName=User Name
|
||||||
ReportProgressIndicator.cancelledMessage=Report generation cancelled
|
ReportProgressIndicator.cancelledMessage=Report generation cancelled
|
||||||
ReportProgressIndicator.completedMessage=Report generation completed
|
ReportProgressIndicator.completedMessage=Report generation completed
|
||||||
|
@ -5,8 +5,8 @@ ReportHTML.getName.text=HTML Report
|
|||||||
ReportHTML.getDesc.text=A report about results and tagged items in HTML format.
|
ReportHTML.getDesc.text=A report about results and tagged items in HTML format.
|
||||||
ReportHTML.writeIndex.title=for case {0}
|
ReportHTML.writeIndex.title=for case {0}
|
||||||
ReportHTML.writeIndex.noFrames.msg=Your browser is not compatible with our frame setup.
|
ReportHTML.writeIndex.noFrames.msg=Your browser is not compatible with our frame setup.
|
||||||
ReportHTML.writeIndex.noFrames.seeNav=Please see <a href\="content\nav.html">the navigation page</a> for artifact links,
|
ReportHTML.writeIndex.noFrames.seeNav=Please see <a href="content\nav.html">the navigation page</a> for artifact links,
|
||||||
ReportHTML.writeIndex.seeSum=and <a href\="content\summary.html">the summary page</a> for a case summary.
|
ReportHTML.writeIndex.seeSum=and <a href="contentsummary.html">the summary page</a> for a case summary.
|
||||||
ReportHTML.writeNav.title=Report Navigation
|
ReportHTML.writeNav.title=Report Navigation
|
||||||
ReportHTML.writeNav.h1=Report Navigation
|
ReportHTML.writeNav.h1=Report Navigation
|
||||||
ReportHTML.writeNav.summary=Case Summary
|
ReportHTML.writeNav.summary=Case Summary
|
||||||
@ -16,7 +16,7 @@ ReportHTML.writeSum.caseNumber=Case Number:
|
|||||||
ReportHTML.writeSum.caseNumImages=Number of data sources in case:
|
ReportHTML.writeSum.caseNumImages=Number of data sources in case:
|
||||||
ReportHTML.writeSum.examiner=Examiner:
|
ReportHTML.writeSum.examiner=Examiner:
|
||||||
ReportHTML.writeSum.title=Case Summary
|
ReportHTML.writeSum.title=Case Summary
|
||||||
ReportHTML.writeSum.warningMsg=<span>Warning, this report was run before ingest services completed\!</span>
|
ReportHTML.writeSum.warningMsg=<span>Warning, this report was run before ingest services completed!</span>
|
||||||
#
|
#
|
||||||
# autopsy/test/scripts/regression.py._html_report_diff() uses reportGenOn.text, caseName, caseNum,
|
# autopsy/test/scripts/regression.py._html_report_diff() uses reportGenOn.text, caseName, caseNum,
|
||||||
# examiner as a regex signature to skip report.html and summary.html
|
# examiner as a regex signature to skip report.html and summary.html
|
||||||
|
@ -14,7 +14,7 @@
|
|||||||
|
|
||||||
<!-- for viewers -->
|
<!-- for viewers -->
|
||||||
<dependency conf="autopsy_core->default" org="org.freedesktop.gstreamer" name="gst1-java-core" rev="1.4.0"/>
|
<dependency conf="autopsy_core->default" org="org.freedesktop.gstreamer" name="gst1-java-core" rev="1.4.0"/>
|
||||||
<dependency conf="autopsy_core->default" org="net.java.dev.jna" name="jna-platform" rev="5.12.0"/>
|
<dependency conf="autopsy_core->default" org="net.java.dev.jna" name="jna-platform" rev="5.13.0"/>
|
||||||
|
|
||||||
<!-- for file search -->
|
<!-- for file search -->
|
||||||
<dependency conf="autopsy_core->default" org="com.github.lgooddatepicker" name="LGoodDatePicker" rev="11.2.1"/>
|
<dependency conf="autopsy_core->default" org="com.github.lgooddatepicker" name="LGoodDatePicker" rev="11.2.1"/>
|
||||||
|
@ -88,8 +88,8 @@ file.reference.jericho-html-3.4.jar=release/modules/ext/jericho-html-3.4.jar
|
|||||||
file.reference.jfxtras-common-8.0-r4.jar=release/modules/ext/jfxtras-common-8.0-r4.jar
|
file.reference.jfxtras-common-8.0-r4.jar=release/modules/ext/jfxtras-common-8.0-r4.jar
|
||||||
file.reference.jfxtras-controls-8.0-r4.jar=release/modules/ext/jfxtras-controls-8.0-r4.jar
|
file.reference.jfxtras-controls-8.0-r4.jar=release/modules/ext/jfxtras-controls-8.0-r4.jar
|
||||||
file.reference.jfxtras-fxml-8.0-r4.jar=release/modules/ext/jfxtras-fxml-8.0-r4.jar
|
file.reference.jfxtras-fxml-8.0-r4.jar=release/modules/ext/jfxtras-fxml-8.0-r4.jar
|
||||||
file.reference.jna-5.12.1.jar=release/modules/ext/jna-5.12.1.jar
|
file.reference.jna-5.13.0.jar=release/modules/ext/jna-5.13.0.jar
|
||||||
file.reference.jna-platform-5.12.0.jar=release/modules/ext/jna-platform-5.12.0.jar
|
file.reference.jna-platform-5.13.0.jar=release/modules/ext/jna-platform-5.13.0.jar
|
||||||
file.reference.joda-time-2.10.14.jar=release/modules/ext/joda-time-2.10.14.jar
|
file.reference.joda-time-2.10.14.jar=release/modules/ext/joda-time-2.10.14.jar
|
||||||
file.reference.jsr305-3.0.2.jar=release/modules/ext/jsr305-3.0.2.jar
|
file.reference.jsr305-3.0.2.jar=release/modules/ext/jsr305-3.0.2.jar
|
||||||
file.reference.LGoodDatePicker-11.2.1.jar=release/modules/ext/LGoodDatePicker-11.2.1.jar
|
file.reference.LGoodDatePicker-11.2.1.jar=release/modules/ext/LGoodDatePicker-11.2.1.jar
|
||||||
|
@ -821,12 +821,12 @@
|
|||||||
<binary-origin>release/modules/ext/jfxtras-fxml-8.0-r4.jar</binary-origin>
|
<binary-origin>release/modules/ext/jfxtras-fxml-8.0-r4.jar</binary-origin>
|
||||||
</class-path-extension>
|
</class-path-extension>
|
||||||
<class-path-extension>
|
<class-path-extension>
|
||||||
<runtime-relative-path>ext/jna-5.12.1.jar</runtime-relative-path>
|
<runtime-relative-path>ext/jna-5.13.0.jar</runtime-relative-path>
|
||||||
<binary-origin>release/modules/ext/jna-5.12.1.jar</binary-origin>
|
<binary-origin>release/modules/ext/jna-5.13.0.jar</binary-origin>
|
||||||
</class-path-extension>
|
</class-path-extension>
|
||||||
<class-path-extension>
|
<class-path-extension>
|
||||||
<runtime-relative-path>ext/jna-platform-5.12.0.jar</runtime-relative-path>
|
<runtime-relative-path>ext/jna-platform-5.13.0.jar</runtime-relative-path>
|
||||||
<binary-origin>release/modules/ext/jna-platform-5.12.0.jar</binary-origin>
|
<binary-origin>release/modules/ext/jna-platform-5.13.0.jar</binary-origin>
|
||||||
</class-path-extension>
|
</class-path-extension>
|
||||||
<class-path-extension>
|
<class-path-extension>
|
||||||
<runtime-relative-path>ext/joda-time-2.10.14.jar</runtime-relative-path>
|
<runtime-relative-path>ext/joda-time-2.10.14.jar</runtime-relative-path>
|
||||||
|
@ -371,7 +371,6 @@ SolrSearchService.exceptionMessage.noCurrentSolrCore=IndexMetadata did not conta
|
|||||||
SolrSearchService.exceptionMessage.noIndexMetadata=Unable to create IndexMetaData from case directory: {0}
|
SolrSearchService.exceptionMessage.noIndexMetadata=Unable to create IndexMetaData from case directory: {0}
|
||||||
# {0} - collection name
|
# {0} - collection name
|
||||||
SolrSearchService.exceptionMessage.unableToDeleteCollection=Unable to delete collection {0}
|
SolrSearchService.exceptionMessage.unableToDeleteCollection=Unable to delete collection {0}
|
||||||
SolrSearchService.indexingError=Unable to index blackboard artifact.
|
|
||||||
SolrSearchService.ServiceName=Solr Keyword Search Service
|
SolrSearchService.ServiceName=Solr Keyword Search Service
|
||||||
SolrSearchService.DeleteDataSource.msg=Error Deleting Solr data for data source id {0}
|
SolrSearchService.DeleteDataSource.msg=Error Deleting Solr data for data source id {0}
|
||||||
DropdownSingleTermSearchPanel.dataSourceCheckBox.text=Restrict search to the selected data sources:
|
DropdownSingleTermSearchPanel.dataSourceCheckBox.text=Restrict search to the selected data sources:
|
||||||
|
49
NEWS.txt
49
NEWS.txt
@ -1,3 +1,52 @@
|
|||||||
|
---------------- VERSION 4.20.0 --------------
|
||||||
|
Recent Activity Updates:
|
||||||
|
- Added Favicons, Profiles and Extensions to Chromium Browsers
|
||||||
|
- Added Security Questions/Answers from SAM registry Hive
|
||||||
|
|
||||||
|
Data Source Processing
|
||||||
|
- Added Jython Support for Data Source Processor modules.
|
||||||
|
- Added example Python DSP plugin
|
||||||
|
|
||||||
|
Ingest Pipelines
|
||||||
|
- Added new DataArtifact ingest pipeline that artifacts will go down.
|
||||||
|
- Moved Keyword search functionality for artifacts to the new pipeline.
|
||||||
|
|
||||||
|
Linux / Mac Improvements
|
||||||
|
- Script to install prerequisites using Homebrew and Debian package.
|
||||||
|
- Script that allows you to install TSK from source
|
||||||
|
- Script that sets JAVA home per install
|
||||||
|
- Updating Linux and Mac Installation Documentation
|
||||||
|
|
||||||
|
Command Line Interface
|
||||||
|
- Simplified command line input parameters
|
||||||
|
- The -listAllIngestProfiles switch was added
|
||||||
|
- The -nogui switch now works.
|
||||||
|
- Return codes now reflect if the application failed
|
||||||
|
|
||||||
|
Bug Fixes:
|
||||||
|
- Solr 8.11.2 Upgrade which includes update to Log4j to version 2.17.1
|
||||||
|
- Change Timezone format for Plaso output.
|
||||||
|
- Regex fix for Mbox parsing.
|
||||||
|
- Portable Case report string index out of range -1 fixed
|
||||||
|
- Extracting files, numbering of files and overwriting of files.
|
||||||
|
- Image tagging
|
||||||
|
- Joda-Time updated from 2.4 to 2.10 - fixes certain timezone errors
|
||||||
|
|
||||||
|
Misc:
|
||||||
|
- Update to USB id's.
|
||||||
|
- Update Tesseract to 4.10.
|
||||||
|
- Moved configuration settings to separate ones that are machine-dependent.
|
||||||
|
- Interesting files and file filters can now exclude certain features, such as folders.
|
||||||
|
- Adds host to artifact content viewer.
|
||||||
|
- When an OS Account is selected the Other Occurrences tab will no longer show the open case in the case list.
|
||||||
|
|
||||||
|
- The Communication window Message Viewer Threads panel layout was cleaned up so that the buttons are visible despite the subject length.
|
||||||
|
- Limit ingest inbox messages to first 20 keyword hits
|
||||||
|
- GStreamer update to version 1.20.0
|
||||||
|
- libheif v1.12.0 replaces ImageMagick
|
||||||
|
- Removal of 32bit version of Autopsy
|
||||||
|
|
||||||
|
|
||||||
---------------- VERSION 4.19.3 --------------
|
---------------- VERSION 4.19.3 --------------
|
||||||
Bug Fixes:
|
Bug Fixes:
|
||||||
- Updates for log4j vulnerabilities.
|
- Updates for log4j vulnerabilities.
|
||||||
|
@ -4,10 +4,15 @@ cannotParseXml=Unable to parse XML file:
|
|||||||
ChromeCacheExtract_adding_artifacts_msg=Chrome Cache: Adding %d artifacts for analysis.
|
ChromeCacheExtract_adding_artifacts_msg=Chrome Cache: Adding %d artifacts for analysis.
|
||||||
ChromeCacheExtract_adding_extracted_files_msg=Chrome Cache: Adding %d extracted files for analysis.
|
ChromeCacheExtract_adding_extracted_files_msg=Chrome Cache: Adding %d extracted files for analysis.
|
||||||
ChromeCacheExtract_loading_files_msg=Chrome Cache: Loading files from %s.
|
ChromeCacheExtract_loading_files_msg=Chrome Cache: Loading files from %s.
|
||||||
|
# {0} - module name
|
||||||
|
# {1} - row number
|
||||||
|
# {2} - table length
|
||||||
|
# {3} - cache path
|
||||||
ChromeCacheExtractor.progressMsg={0}: Extracting cache entry {1} of {2} entries from {3}
|
ChromeCacheExtractor.progressMsg={0}: Extracting cache entry {1} of {2} entries from {3}
|
||||||
DataSourceUsage_AndroidMedia=Android Media Card
|
DataSourceUsage_AndroidMedia=Android Media Card
|
||||||
DataSourceUsage_DJU_Drone_DAT=DJI Internal SD Card
|
DataSourceUsage_DJU_Drone_DAT=DJI Internal SD Card
|
||||||
DataSourceUsage_FlashDrive=Flash Drive
|
DataSourceUsage_FlashDrive=Flash Drive
|
||||||
|
# {0} - OS name
|
||||||
DataSourceUsageAnalyzer.customVolume.label=OS Drive ({0})
|
DataSourceUsageAnalyzer.customVolume.label=OS Drive ({0})
|
||||||
DataSourceUsageAnalyzer.displayName=Data Source Usage Analyzer
|
DataSourceUsageAnalyzer.displayName=Data Source Usage Analyzer
|
||||||
DefaultPriorityDomainCategorizer_searchEngineCategory=Search Engine
|
DefaultPriorityDomainCategorizer_searchEngineCategory=Search Engine
|
||||||
@ -21,6 +26,7 @@ ExtractEdge_process_errMsg_spartanFail=Failure processing Microsoft Edge spartan
|
|||||||
ExtractEdge_process_errMsg_unableFindESEViewer=Unable to find ESEDatabaseViewer
|
ExtractEdge_process_errMsg_unableFindESEViewer=Unable to find ESEDatabaseViewer
|
||||||
ExtractEdge_process_errMsg_webcacheFail=Failure processing Microsoft Edge WebCacheV01.dat file
|
ExtractEdge_process_errMsg_webcacheFail=Failure processing Microsoft Edge WebCacheV01.dat file
|
||||||
ExtractFavicon_Display_Name=Favicon
|
ExtractFavicon_Display_Name=Favicon
|
||||||
|
# {0} - sub module name
|
||||||
ExtractIE_executePasco_errMsg_errorRunningPasco={0}: Error analyzing Internet Explorer web history
|
ExtractIE_executePasco_errMsg_errorRunningPasco={0}: Error analyzing Internet Explorer web history
|
||||||
ExtractOs.androidOs.label=Android
|
ExtractOs.androidOs.label=Android
|
||||||
ExtractOs.androidVolume.label=OS Drive (Android)
|
ExtractOs.androidVolume.label=OS Drive (Android)
|
||||||
@ -53,6 +59,7 @@ ExtractOs.windowsVolume.label=OS Drive (Windows)
|
|||||||
ExtractOs.yellowDogLinuxOs.label=Linux (Yellow Dog)
|
ExtractOs.yellowDogLinuxOs.label=Linux (Yellow Dog)
|
||||||
ExtractOs.yellowDogLinuxVolume.label=OS Drive (Linux Yellow Dog)
|
ExtractOs.yellowDogLinuxVolume.label=OS Drive (Linux Yellow Dog)
|
||||||
ExtractOS_progressMessage=Checking for OS
|
ExtractOS_progressMessage=Checking for OS
|
||||||
|
# {0} - sub module name
|
||||||
ExtractPrefetch_errMsg_prefetchParsingFailed={0}: Error analyzing prefetch files
|
ExtractPrefetch_errMsg_prefetchParsingFailed={0}: Error analyzing prefetch files
|
||||||
ExtractPrefetch_module_name=Windows Prefetch Analyzer
|
ExtractPrefetch_module_name=Windows Prefetch Analyzer
|
||||||
ExtractRecycleBin_module_name=Recycle Bin Analyzer
|
ExtractRecycleBin_module_name=Recycle Bin Analyzer
|
||||||
@ -163,15 +170,21 @@ Firefox.getDlV24.errMsg.errAnalyzeFile={0}: Error while trying to analyze file:{
|
|||||||
Firefox.getDlV24.errMsg.errParsingArtifacts={0}: Error parsing {1} Firefox web download artifacts.
|
Firefox.getDlV24.errMsg.errParsingArtifacts={0}: Error parsing {1} Firefox web download artifacts.
|
||||||
Progress_Message_Analyze_Registry=Analyzing Registry Files
|
Progress_Message_Analyze_Registry=Analyzing Registry Files
|
||||||
Progress_Message_Analyze_Usage=Data Sources Usage Analysis
|
Progress_Message_Analyze_Usage=Data Sources Usage Analysis
|
||||||
|
# {0} - browserName
|
||||||
Progress_Message_Chrome_AutoFill=Chrome Auto Fill Browser {0}
|
Progress_Message_Chrome_AutoFill=Chrome Auto Fill Browser {0}
|
||||||
|
# {0} - browserName
|
||||||
Progress_Message_Chrome_Bookmarks=Chrome Bookmarks Browser {0}
|
Progress_Message_Chrome_Bookmarks=Chrome Bookmarks Browser {0}
|
||||||
Progress_Message_Chrome_Cache=Chrome Cache
|
Progress_Message_Chrome_Cache=Chrome Cache
|
||||||
|
# {0} - browserName
|
||||||
Progress_Message_Chrome_Cookies=Chrome Cookies Browser {0}
|
Progress_Message_Chrome_Cookies=Chrome Cookies Browser {0}
|
||||||
|
# {0} - browserName
|
||||||
Progress_Message_Chrome_Downloads=Chrome Downloads Browser {0}
|
Progress_Message_Chrome_Downloads=Chrome Downloads Browser {0}
|
||||||
Progress_Message_Chrome_Extensions=Chrome Extensions {0}
|
Progress_Message_Chrome_Extensions=Chrome Extensions {0}
|
||||||
Progress_Message_Chrome_Favicons=Chrome Downloads Favicons {0}
|
Progress_Message_Chrome_Favicons=Chrome Downloads Favicons {0}
|
||||||
Progress_Message_Chrome_FormHistory=Chrome Form History
|
Progress_Message_Chrome_FormHistory=Chrome Form History
|
||||||
|
# {0} - browserName
|
||||||
Progress_Message_Chrome_History=Chrome History Browser {0}
|
Progress_Message_Chrome_History=Chrome History Browser {0}
|
||||||
|
# {0} - browserName
|
||||||
Progress_Message_Chrome_Logins=Chrome Logins Browser {0}
|
Progress_Message_Chrome_Logins=Chrome Logins Browser {0}
|
||||||
Progress_Message_Chrome_Profiles=Chrome Profiles {0}
|
Progress_Message_Chrome_Profiles=Chrome Profiles {0}
|
||||||
Progress_Message_Edge_Bookmarks=Microsoft Edge Bookmarks
|
Progress_Message_Edge_Bookmarks=Microsoft Edge Bookmarks
|
||||||
@ -234,6 +247,7 @@ Sam_Security_Answer_3_Attribute_Display_Name=Security Answer 3
|
|||||||
Sam_Security_Question_1_Attribute_Display_Name=Security Question 1
|
Sam_Security_Question_1_Attribute_Display_Name=Security Question 1
|
||||||
Sam_Security_Question_2_Attribute_Display_Name=Security Question 2
|
Sam_Security_Question_2_Attribute_Display_Name=Security Question 2
|
||||||
Sam_Security_Question_3_Attribute_Display_Name=Security Question 3
|
Sam_Security_Question_3_Attribute_Display_Name=Security Question 3
|
||||||
|
# {0} - file name
|
||||||
SearchEngineURLQueryAnalyzer.init.exception.msg=Unable to find {0}.
|
SearchEngineURLQueryAnalyzer.init.exception.msg=Unable to find {0}.
|
||||||
SearchEngineURLQueryAnalyzer.moduleName.text=Search Engine Query Analyzer
|
SearchEngineURLQueryAnalyzer.moduleName.text=Search Engine Query Analyzer
|
||||||
SearchEngineURLQueryAnalyzer.engineName.none=NONE
|
SearchEngineURLQueryAnalyzer.engineName.none=NONE
|
||||||
|
@ -570,11 +570,13 @@ class Chromium extends Extract {
|
|||||||
JsonObject permissions = ext.get("active_permissions").getAsJsonObject();
|
JsonObject permissions = ext.get("active_permissions").getAsJsonObject();
|
||||||
JsonArray apiPermissions = permissions.get("api").getAsJsonArray();
|
JsonArray apiPermissions = permissions.get("api").getAsJsonArray();
|
||||||
for (JsonElement apiPermission : apiPermissions) {
|
for (JsonElement apiPermission : apiPermissions) {
|
||||||
String apigrantEl = apiPermission.getAsString();
|
if (apiPermission.isJsonPrimitive()) {
|
||||||
if (apigrantEl != null) {
|
String apigrantEl = apiPermission.getAsString();
|
||||||
apiGrantedPermissions = apiGrantedPermissions + ", " + apigrantEl;
|
if (apigrantEl != null) {
|
||||||
} else {
|
apiGrantedPermissions = apiGrantedPermissions + ", " + apigrantEl;
|
||||||
apiGrantedPermissions = apiGrantedPermissions + "";
|
} else {
|
||||||
|
apiGrantedPermissions = apiGrantedPermissions + "";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,138 +1,22 @@
|
|||||||
# Overview
|
# Overview
|
||||||
*The installation process requires some [prerequisites](#installing-prerequisites), [The Sleuth Kit](#install-sleuthkit), and installing [Autopsy itself](#install-autopsy). If using Windows, there is a pre-built installer bundling all dependencies that can be found in the [Autopsy downloads section](https://www.autopsy.com/download/) or in the [Releases section on GitHub](https://github.com/sleuthkit/autopsy/releases/).*
|
When installing on Debian-based Linux or macOS systems, there are three general steps: [installing prerequisites](#installing-prerequisites), [installing The Sleuth Kit](#installing-the-sleuth-kit), and [installing Autopsy](#installing-autopsy) itself. On macOS, you will want to [setup the JNA paths](#setup-macos-jna-paths).
|
||||||
|
|
||||||
# Installing Prerequisites
|
# Installing Prerequisites
|
||||||
|
- **Linux**: Run [`linux_macos_install_scripts/install_prereqs_ubuntu.sh`](./linux_macos_install_scripts/install_prereqs_ubuntu.sh).
|
||||||
|
- **macOS**: Run [`linux_macos_install_scripts/install_prereqs_macos.sh`](./linux_macos_install_scripts/install_prereqs_macos.sh). This script requires the package manager: [Homebrew](https://brew.sh/), which has installation steps on their site.
|
||||||
|
|
||||||
## On macOS
|
*NOTE: The last output of the script is the path to the Java 8 installation. You will want to note that path when installing Autopsy.*
|
||||||
|
|
||||||
*A script to install these dependencies that can be found [here](./linux_macos_install_scripts/install_prereqs_macos.sh). Make sure the script is executable before running.*
|
# Installing The Sleuth Kit
|
||||||
- Using [Homebrew](https://brew.sh/), install dependencies that have formulas:
|
- **Linux**: Download the .deb file for the release you want to install from the [release section](https://github.com/sleuthkit/sleuthkit/releases). Install The Sleuth Kit package from the repositories with the following command: `sudo apt update && sudo apt install /path/to/sleuthkit-version.deb`.
|
||||||
```
|
- **macOS**: Ensure that for this session, your `JAVA_HOME` variable is set to the java 8 installation by running `export JAVA_HOME=$(/usr/libexec/java_home -v 1.8)/bin/java`. Then, install The Sleuth Kit from source by running [`linux_macos_install_scripts/install_tsk_from_src.sh`](./linux_macos_install_scripts/install_tsk_from_src.sh), which will download, build, and install The Sleuth Kit. It can be run as follows: `install_tsk_from_src.sh -p ~/src/sleuthkit -b sleuthkit-4.11.1`. Make sure that your path to download source ends with "sleuthkit" as the last directory, and the release is the corresponding tag in the [repository](https://github.com/sleuthkit/sleuthkit).
|
||||||
brew install ant automake libtool afflib libewf postgresql testdisk
|
|
||||||
```
|
|
||||||
- You will also need to install Java 8 and JavaFX to run autopsy. We recommend Liberica OpenJDK which can be installed by tapping this third-party dependency:
|
|
||||||
```
|
|
||||||
brew tap bell-sw/liberica
|
|
||||||
```
|
|
||||||
- Then, you can install this dependency using `brew`:
|
|
||||||
```
|
|
||||||
brew install --cask liberica-jdk8-full
|
|
||||||
```
|
|
||||||
- - Confirm that java has been successfully installed by running `java -version`. You should get a result like the following:
|
|
||||||
```
|
|
||||||
% java -version
|
|
||||||
openjdk version "1.8.0_342"
|
|
||||||
OpenJDK Runtime Environment (build 1.8.0_342-b07)
|
|
||||||
OpenJDK 64-Bit Server VM (build 25.342-b07, mixed mode)
|
|
||||||
```
|
|
||||||
- You will need the java path for properly setting up autopsy. You can get the path to java by calling:
|
|
||||||
```
|
|
||||||
/usr/libexec/java_home -v 1.8
|
|
||||||
```
|
|
||||||
- If you want gstreamer to open media, you can download and install gstreamer here: `https://gstreamer.freedesktop.org/data/pkg/osx/1.20.3/gstreamer-1.0-1.20.3-universal.pkg`
|
|
||||||
|
|
||||||
## On Linux (Ubuntu / Debian-based)
|
|
||||||
|
|
||||||
*A script to install these dependencies that can be found [here](./linux_macos_install_scripts/install_prereqs_ubuntu.sh). Make sure the script is executable before running.*
|
# Installing Autopsy
|
||||||
- You will need to include some repositories in order to install this software. One way to do that is to uncomment lines in your `sources.list`:
|
- Download the Autopsy zip file from [repository releases](https://github.com/sleuthkit/autopsy/releases). The file will be marked as "autopsy-<release>.zip" (i.e. "autopsy-4.19.2.zip").
|
||||||
```
|
- Run [`install_application.sh`](./linux_macos_install_scripts/install_application.sh) with the following parameters: `install_application.sh [-z zip_path] [-i install_directory] [-j java_home]`. An example would be `install_application.sh -z ~/Downloads/autopsy-4.19.2.zip -i ~/autopsy -j /usr/lib/jvm/bellsoft-java8-full-amd64`. The path to the Java 8 home is the last output from the [prequisites installation scripts](#installing-prerequisites), but typically, the path will be `/usr/lib/jvm/bellsoft-java8-full-amd64` on Debian-based Linux or the output of running `/usr/libexec/java_home -v 1.8` on macOS.
|
||||||
sudo sed -Ei 's/^# deb-src /deb-src /' /etc/apt/sources.list
|
|
||||||
```
|
|
||||||
- Use `apt` to install dependencies:
|
|
||||||
```
|
|
||||||
sudo apt update && \
|
|
||||||
sudo apt -y install build-essential autoconf libtool git-core automake git zip wget ant \
|
|
||||||
libde265-dev libheif-dev \
|
|
||||||
libpq-dev \
|
|
||||||
testdisk libafflib-dev libewf-dev libvhdi-dev libvmdk-dev \
|
|
||||||
libgstreamer1.0-0 gstreamer1.0-plugins-base gstreamer1.0-plugins-good gstreamer1.0-plugins-bad \
|
|
||||||
gstreamer1.0-plugins-ugly gstreamer1.0-libav gstreamer1.0-tools gstreamer1.0-x \
|
|
||||||
gstreamer1.0-alsa gstreamer1.0-gl gstreamer1.0-gtk3 gstreamer1.0-qt5 gstreamer1.0-pulseaudio
|
|
||||||
```
|
|
||||||
- You will also need to install Java 8 and JavaFX to run autopsy. We recommend Liberica OpenJDK which can be installed as follows:
|
|
||||||
```
|
|
||||||
pushd /usr/src/ && \
|
|
||||||
wget -q -O - https://download.bell-sw.com/pki/GPG-KEY-bellsoft | sudo apt-key add - && \
|
|
||||||
echo "deb [arch=amd64] https://apt.bell-sw.com/ stable main" | sudo tee /etc/apt/sources.list.d/bellsoft.list && \
|
|
||||||
sudo apt update && \
|
|
||||||
sudo apt -y install bellsoft-java8-full && \
|
|
||||||
popd
|
|
||||||
```
|
|
||||||
- Confirm that java has been successfully installed by running `java -version`. You should get a result like the following:
|
|
||||||
```
|
|
||||||
% java -version
|
|
||||||
openjdk version "1.8.0_342"
|
|
||||||
OpenJDK Runtime Environment (build 1.8.0_342-b07)
|
|
||||||
OpenJDK 64-Bit Server VM (build 25.342-b07, mixed mode)
|
|
||||||
```
|
|
||||||
- Take note of the location of the java 1.8 install. This will be necessary to properly setup Autopsy. If using the recommended method, the path should be `/usr/lib/jvm/bellsoft-java8-full-amd64`
|
|
||||||
|
|
||||||
# Install The Sleuth Kit
|
|
||||||
|
|
||||||
The Sleuth Kit must be installed before trying to install Autopsy. If you are on a Debian-like system (i.e. Ubuntu) you can download the most recent deb file from the [github release section](https://github.com/sleuthkit/sleuthkit/releases), and install by running something like `sudo apt install ./sleuthkit-java_4.11.1-1_amd64.deb`. Otherwise, you can follow the directions below to install The Sleuth Kit from source code.
|
|
||||||
|
|
||||||
## Install The Sleuth Kit from Source
|
|
||||||
*A script to install these dependencies on Unix-like systems (i.e. macOS, Linux) that can be found [here](./linux_macos_install_scripts/install_tsk_from_src.sh). Make sure the script is executable before running.*
|
|
||||||
- Please ensure you have all the prerequisites installed on your system (see the directions [here](#installing-prerequisites)).
|
|
||||||
- If you don't have a copy of the repository on your local machine, clone it (this requires git):
|
|
||||||
```
|
|
||||||
git clone --depth 1 https://github.com/sleuthkit/sleuthkit.git
|
|
||||||
```
|
|
||||||
- If you want to build source from a particular branch or tag (i.e. `develop` or `release-4.11.0`), check out that branch:
|
|
||||||
```
|
|
||||||
git checkout <YOUR BRANCH HERE> && git pull
|
|
||||||
```
|
|
||||||
- Then, with The Sleuth Kit repo as your working directory, you can build with:
|
|
||||||
```
|
|
||||||
./bootstrap && ./configure && make
|
|
||||||
```
|
|
||||||
- If the output from `make` looks good, then install:
|
|
||||||
```
|
|
||||||
sudo make install
|
|
||||||
```
|
|
||||||
|
|
||||||
# Install Autopsy
|
|
||||||
|
|
||||||
## Create Autopsy Zip File from Source
|
|
||||||
*In most instances, you should download the Autopsy Zip file from the [Autopsy downloads section](https://www.autopsy.com/download/) or in the [Releases section on GitHub](https://github.com/sleuthkit/autopsy/releases/), but if you have a special use case you can do the following. Please make sure you have the [prerequisites installed](#installing-prerequisites) and have [installed The Sleuth Kit](#install-sleuthkit).*
|
|
||||||
- If you haven't already, clone the repo:
|
|
||||||
```
|
|
||||||
git clone --depth 1 https://github.com/sleuthkit/autopsy.git
|
|
||||||
```
|
|
||||||
- With the autopsy repo as your working directory, you can run:
|
|
||||||
```
|
|
||||||
ant clean && ant build && ant build-zip
|
|
||||||
```
|
|
||||||
- The zip file should be created within the `dist` folder of the Autopsy repository and will have the version in the name (i.e. `autopsy-4.18.0.zip`).
|
|
||||||
|
|
||||||
## Install Autopsy from Zip File
|
|
||||||
*These instructions are for Unix-like systems like macOS and Linux. If you are on Windows, there is an installer that can be downloaded from the [Autopsy downloads section](https://www.autopsy.com/download/) or in the [Releases section on GitHub](https://github.com/sleuthkit/autopsy/releases/). Please make sure you have the [prerequisites installed](#installing-prerequisites) and have [installed The Sleuth Kit](#install-sleuthkit). A script to perform these steps can be found [here](./linux_macos_install_scripts/install_application.sh). Make sure the script is executable before running.*
|
|
||||||
|
|
||||||
- Download the zip file from the [Autopsy downloads section](https://www.autopsy.com/download/) or in the [Releases section on GitHub](https://github.com/sleuthkit/autopsy/releases/). You can also create a zip file from source using [these directions](#create-autopsy-zip-file-from-source).
|
|
||||||
- If you downloaded the zip file, you can verify the zip file with the [The Sleuth Kit key](https://sleuthkit.org/carrier.asc) and the related `.asc` file found in the [Releases section on GitHub](https://github.com/sleuthkit/autopsy/releases/). For instance, you would use `autopsy-4.18.0.zip.asc` with `autopsy-4.18.0.zip`. Here is an example where `$ASC_FILE` is the path to the `.asc` file and `$AUTOPSY_ZIP_PATH` is the path to the autopsy zip file:
|
|
||||||
```
|
|
||||||
mkdir -p ${VERIFY_DIR} && \
|
|
||||||
pushd ${VERIFY_DIR} && \
|
|
||||||
wget https://sleuthkit.org/carrier.asc && \
|
|
||||||
gpg --homedir "${VERIFY_DIR}" --import https://sleuthkit.org/carrier.asc && \
|
|
||||||
gpg --homedir "${VERIFY_DIR}" --keyring "${VERIFY_DIR}/pubring.kbx" ${ASC_FILE} ${AUTOPSY_ZIP_PATH} && \
|
|
||||||
rm -r ${VERIFY_DIR}
|
|
||||||
popd
|
|
||||||
```
|
|
||||||
- Extract the zip file to a location where you would like to have Autopsy installed.
|
|
||||||
- Set up java path. There are two ways to provide the path to java: `JAVA_HOME` can be set as an environmental variable or the `autopsy.conf` file can define the home for java.
|
|
||||||
- To update the `autopsy.conf` file, navigate to where autopsy has been extracted and then open `etc/autopsy.conf`. Within that file, replace the commented line or add a new line specifying the java home like: `jdkhome=<JAVA_PATH>`. Another option is to provide an argument to `unix_setup.sh` like the following `unix_setup.sh -j <JAVA_PATH>` when performing the next step.
|
|
||||||
- With the extracted folder as the working directory, you can run the following commands to perform setup:
|
|
||||||
```
|
|
||||||
chown -R $(whoami) . && \
|
|
||||||
chmod u+x ./unix_setup.sh && \
|
|
||||||
./unix_setup.sh
|
|
||||||
```
|
|
||||||
- At this point, you should be able to run Autopsy with the command `./autopsy` from within the `bin` directory of the extracted folder.
|
|
||||||
|
|
||||||
## Setup macOS JNA paths
|
|
||||||
A few features in Autopsy will only work (i.e. gstreamer) if the JNA paths are specified. If you installed the necessary dependencies through Homebrew, you will want to either run this [script](./linux_macos_install_scripts/add_macos_jna.sh) or manually add all the gstreamer lib and dependency lib paths to the env variable `jre_flags` with jre flag: `-Djna.library.path`.
|
|
||||||
|
|
||||||
|
# Setup macOS JNA paths
|
||||||
|
If you are on macOS, run [linux_macos_install_scripts/add_macos_jna.sh](./linux_macos_install_scripts/add_macos_jna.sh) to properly setup the jna path to get things like gstreamer working. An example would be `add_macos_jna.sh -i ~/autopsy`.
|
||||||
|
|
||||||
# Troubleshooting
|
# Troubleshooting
|
||||||
- If you see something like "Cannot create case: javafx/scene/paint/Color" it is an indication that Java FX
|
- If you see something like "Cannot create case: javafx/scene/paint/Color" it is an indication that Java FX
|
||||||
@ -166,6 +50,5 @@ A few features in Autopsy will only work (i.e. gstreamer) if the JNA paths are s
|
|||||||
- Recent Activity
|
- Recent Activity
|
||||||
- The LEAPP processors
|
- The LEAPP processors
|
||||||
- HEIF processing
|
- HEIF processing
|
||||||
- Timeline does not work on OS X
|
|
||||||
- Video thumbnails
|
- Video thumbnails
|
||||||
- VHD and VMDK files not supported on OS X
|
- VHD and VMDK files not supported on OS X
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
<project name="TSK_VERSION">
|
<project name="TSK_VERSION">
|
||||||
<property name="TSK_VERSION" value="4.11.1"/>
|
<property name="TSK_VERSION" value="4.12.0"/>
|
||||||
</project>
|
</project>
|
||||||
|
@ -50,6 +50,15 @@
|
|||||||
<specification-version>10.24</specification-version>
|
<specification-version>10.24</specification-version>
|
||||||
</run-dependency>
|
</run-dependency>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<code-name-base>org.sleuthkit.autopsy.corelibs</code-name-base>
|
||||||
|
<build-prerequisite/>
|
||||||
|
<compile-dependency/>
|
||||||
|
<run-dependency>
|
||||||
|
<release-version>3</release-version>
|
||||||
|
<specification-version>1.4</specification-version>
|
||||||
|
</run-dependency>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<code-name-base>org.sleuthkit.autopsy.coretestlibs</code-name-base>
|
<code-name-base>org.sleuthkit.autopsy.coretestlibs</code-name-base>
|
||||||
<build-prerequisite/>
|
<build-prerequisite/>
|
||||||
|
@ -25,18 +25,33 @@ import java.awt.Toolkit;
|
|||||||
import java.awt.image.BufferedImage;
|
import java.awt.image.BufferedImage;
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.nio.charset.StandardCharsets;
|
||||||
import java.text.DateFormat;
|
import java.text.DateFormat;
|
||||||
|
import java.text.MessageFormat;
|
||||||
import java.text.SimpleDateFormat;
|
import java.text.SimpleDateFormat;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
import java.util.Comparator;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
|
import java.util.HashMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
import java.util.Random;
|
import java.util.Random;
|
||||||
|
import java.util.Set;
|
||||||
|
import java.util.function.Function;
|
||||||
import java.util.logging.Logger;
|
import java.util.logging.Logger;
|
||||||
import java.util.logging.Level;
|
import java.util.logging.Level;
|
||||||
|
import java.util.regex.Matcher;
|
||||||
|
import java.util.regex.Pattern;
|
||||||
|
import java.util.stream.Collectors;
|
||||||
|
import java.util.stream.Stream;
|
||||||
import javax.imageio.ImageIO;
|
import javax.imageio.ImageIO;
|
||||||
import javax.swing.JDialog;
|
import javax.swing.JDialog;
|
||||||
import javax.swing.text.JTextComponent;
|
import javax.swing.text.JTextComponent;
|
||||||
import javax.swing.tree.TreePath;
|
import javax.swing.tree.TreePath;
|
||||||
|
import org.apache.commons.io.IOUtils;
|
||||||
|
import org.apache.commons.lang3.StringUtils;
|
||||||
|
import org.apache.commons.lang3.tuple.Pair;
|
||||||
|
import org.apache.commons.lang3.tuple.Triple;
|
||||||
import org.netbeans.jellytools.MainWindowOperator;
|
import org.netbeans.jellytools.MainWindowOperator;
|
||||||
import org.netbeans.jellytools.NbDialogOperator;
|
import org.netbeans.jellytools.NbDialogOperator;
|
||||||
import org.netbeans.jellytools.WizardOperator;
|
import org.netbeans.jellytools.WizardOperator;
|
||||||
@ -59,6 +74,7 @@ import org.netbeans.jemmy.operators.JTreeOperator;
|
|||||||
import org.netbeans.jemmy.operators.JTreeOperator.NoSuchPathException;
|
import org.netbeans.jemmy.operators.JTreeOperator.NoSuchPathException;
|
||||||
import org.sleuthkit.autopsy.core.UserPreferences;
|
import org.sleuthkit.autopsy.core.UserPreferences;
|
||||||
import org.sleuthkit.autopsy.core.UserPreferencesException;
|
import org.sleuthkit.autopsy.core.UserPreferencesException;
|
||||||
|
import org.sleuthkit.autopsy.coreutils.PlatformUtil;
|
||||||
import org.sleuthkit.autopsy.events.MessageServiceConnectionInfo;
|
import org.sleuthkit.autopsy.events.MessageServiceConnectionInfo;
|
||||||
import org.sleuthkit.autopsy.ingest.IngestManager;
|
import org.sleuthkit.autopsy.ingest.IngestManager;
|
||||||
import org.sleuthkit.datamodel.CaseDbConnectionInfo;
|
import org.sleuthkit.datamodel.CaseDbConnectionInfo;
|
||||||
@ -68,6 +84,13 @@ public class AutopsyTestCases {
|
|||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(AutopsyTestCases.class.getName()); // DO NOT USE AUTOPSY LOGGER
|
private static final Logger logger = Logger.getLogger(AutopsyTestCases.class.getName()); // DO NOT USE AUTOPSY LOGGER
|
||||||
private long start;
|
private long start;
|
||||||
|
|
||||||
|
// by default, how many minutes jemmy waits for a dialog to appear (default is 1 minute).
|
||||||
|
private static final long DIALOG_FIND_TIMEOUT_MINUTES = 5;
|
||||||
|
|
||||||
|
static {
|
||||||
|
Timeouts.setDefault("Waiter.WaitingTime", DIALOG_FIND_TIMEOUT_MINUTES * 60 * 1000);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Escapes the slashes in a file or directory path.
|
* Escapes the slashes in a file or directory path.
|
||||||
@ -104,8 +127,9 @@ public class AutopsyTestCases {
|
|||||||
JButtonOperator jbo = new JButtonOperator(nbdo, 0); // the "New Case" button
|
JButtonOperator jbo = new JButtonOperator(nbdo, 0); // the "New Case" button
|
||||||
jbo.pushNoBlock();
|
jbo.pushNoBlock();
|
||||||
} catch (TimeoutExpiredException ex) {
|
} catch (TimeoutExpiredException ex) {
|
||||||
screenshot("TimeoutScreenshot");
|
|
||||||
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
||||||
|
logSystemDiagnostics();
|
||||||
|
screenshot("TimeoutScreenshot");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -125,8 +149,9 @@ public class AutopsyTestCases {
|
|||||||
start = System.currentTimeMillis();
|
start = System.currentTimeMillis();
|
||||||
wo.btFinish().clickMouse();
|
wo.btFinish().clickMouse();
|
||||||
} catch (TimeoutExpiredException ex) {
|
} catch (TimeoutExpiredException ex) {
|
||||||
screenshot("TimeoutScreenshot");
|
|
||||||
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
||||||
|
logSystemDiagnostics();
|
||||||
|
screenshot("TimeoutScreenshot");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -159,8 +184,9 @@ public class AutopsyTestCases {
|
|||||||
comboBoxOperator.setSelectedItem("(GMT-5:00) America/New_York");
|
comboBoxOperator.setSelectedItem("(GMT-5:00) America/New_York");
|
||||||
wo.btNext().clickMouse();
|
wo.btNext().clickMouse();
|
||||||
} catch (TimeoutExpiredException ex) {
|
} catch (TimeoutExpiredException ex) {
|
||||||
screenshot("TimeoutScreenshot");
|
|
||||||
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
||||||
|
logSystemDiagnostics();
|
||||||
|
screenshot("TimeoutScreenshot");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -194,8 +220,9 @@ public class AutopsyTestCases {
|
|||||||
fileChooserOperator.chooseFile(new File(getEscapedPath(System.getProperty("img_path"))).getName());
|
fileChooserOperator.chooseFile(new File(getEscapedPath(System.getProperty("img_path"))).getName());
|
||||||
wo.btNext().clickMouse();
|
wo.btNext().clickMouse();
|
||||||
} catch (TimeoutExpiredException ex) {
|
} catch (TimeoutExpiredException ex) {
|
||||||
screenshot("TimeoutScreenshot");
|
|
||||||
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
||||||
|
logSystemDiagnostics();
|
||||||
|
screenshot("TimeoutScreenshot");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -208,8 +235,9 @@ public class AutopsyTestCases {
|
|||||||
logger.log(Level.INFO, "Add image took {0}ms", (System.currentTimeMillis() - start));
|
logger.log(Level.INFO, "Add image took {0}ms", (System.currentTimeMillis() - start));
|
||||||
wo.btFinish().clickMouse();
|
wo.btFinish().clickMouse();
|
||||||
} catch (TimeoutExpiredException ex) {
|
} catch (TimeoutExpiredException ex) {
|
||||||
screenshot("TimeoutScreenshot");
|
|
||||||
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
||||||
|
logSystemDiagnostics();
|
||||||
|
screenshot("TimeoutScreenshot");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -234,8 +262,9 @@ public class AutopsyTestCases {
|
|||||||
jbo1.pushNoBlock();
|
jbo1.pushNoBlock();
|
||||||
logger.info("Pushed Global Settings button for hash lookup module in ingest job settings panel");
|
logger.info("Pushed Global Settings button for hash lookup module in ingest job settings panel");
|
||||||
} catch (TimeoutExpiredException ex) {
|
} catch (TimeoutExpiredException ex) {
|
||||||
screenshot("TimeoutScreenshot");
|
|
||||||
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
||||||
|
logSystemDiagnostics();
|
||||||
|
screenshot("TimeoutScreenshot");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -273,8 +302,9 @@ public class AutopsyTestCases {
|
|||||||
JButtonOperator jbo4 = new JButtonOperator(hashMainDialogOperator, "OK", 0);
|
JButtonOperator jbo4 = new JButtonOperator(hashMainDialogOperator, "OK", 0);
|
||||||
jbo4.pushNoBlock();
|
jbo4.pushNoBlock();
|
||||||
} catch (TimeoutExpiredException ex) {
|
} catch (TimeoutExpiredException ex) {
|
||||||
screenshot("TimeoutScreenshot");
|
|
||||||
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
||||||
|
logSystemDiagnostics();
|
||||||
|
screenshot("TimeoutScreenshot");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -293,8 +323,9 @@ public class AutopsyTestCases {
|
|||||||
jbo1.pushNoBlock();
|
jbo1.pushNoBlock();
|
||||||
logger.info("Pushed Global Settings button for keyword search module in ingest job settings panel");
|
logger.info("Pushed Global Settings button for keyword search module in ingest job settings panel");
|
||||||
} catch (TimeoutExpiredException ex) {
|
} catch (TimeoutExpiredException ex) {
|
||||||
screenshot("TimeoutScreenshot");
|
|
||||||
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
||||||
|
logSystemDiagnostics();
|
||||||
|
screenshot("TimeoutScreenshot");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -326,8 +357,9 @@ public class AutopsyTestCases {
|
|||||||
new Timeout("pausing", 10000).sleep(); // let things catch up
|
new Timeout("pausing", 10000).sleep(); // let things catch up
|
||||||
wo.btNext().clickMouse();
|
wo.btNext().clickMouse();
|
||||||
} catch (TimeoutExpiredException ex) {
|
} catch (TimeoutExpiredException ex) {
|
||||||
screenshot("TimeoutScreenshot");
|
|
||||||
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
||||||
|
logSystemDiagnostics();
|
||||||
|
screenshot("TimeoutScreenshot");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -347,8 +379,9 @@ public class AutopsyTestCases {
|
|||||||
Random rand = new Random();
|
Random rand = new Random();
|
||||||
new Timeout("pausing", 10000 + (rand.nextInt(15000) + 5000)).sleep();
|
new Timeout("pausing", 10000 + (rand.nextInt(15000) + 5000)).sleep();
|
||||||
} catch (TimeoutExpiredException ex) {
|
} catch (TimeoutExpiredException ex) {
|
||||||
screenshot("TimeoutScreenshot");
|
|
||||||
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
||||||
|
logSystemDiagnostics();
|
||||||
|
screenshot("TimeoutScreenshot");
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -362,8 +395,9 @@ public class AutopsyTestCases {
|
|||||||
TreePath tp = jto.findPath(nodeNames);
|
TreePath tp = jto.findPath(nodeNames);
|
||||||
expandNodes(jto, tp);
|
expandNodes(jto, tp);
|
||||||
} catch (TimeoutExpiredException ex) {
|
} catch (TimeoutExpiredException ex) {
|
||||||
screenshot("TimeoutScreenshot");
|
|
||||||
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
||||||
|
logSystemDiagnostics();
|
||||||
|
screenshot("TimeoutScreenshot");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -374,8 +408,9 @@ public class AutopsyTestCases {
|
|||||||
JButtonOperator jbo = new JButtonOperator(mwo, "Generate Report");
|
JButtonOperator jbo = new JButtonOperator(mwo, "Generate Report");
|
||||||
jbo.pushNoBlock();
|
jbo.pushNoBlock();
|
||||||
} catch (TimeoutExpiredException ex) {
|
} catch (TimeoutExpiredException ex) {
|
||||||
screenshot("TimeoutScreenshot");
|
|
||||||
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
||||||
|
logSystemDiagnostics();
|
||||||
|
screenshot("TimeoutScreenshot");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -409,8 +444,9 @@ public class AutopsyTestCases {
|
|||||||
new Timeout("pausing", 10000).sleep();
|
new Timeout("pausing", 10000).sleep();
|
||||||
System.setProperty("ReportStr", datenotime);
|
System.setProperty("ReportStr", datenotime);
|
||||||
} catch (TimeoutExpiredException ex) {
|
} catch (TimeoutExpiredException ex) {
|
||||||
screenshot("TimeoutScreenshot");
|
|
||||||
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
|
||||||
|
logSystemDiagnostics();
|
||||||
|
screenshot("TimeoutScreenshot");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -456,6 +492,7 @@ public class AutopsyTestCases {
|
|||||||
UserPreferences.setDatabaseConnectionInfo(connectionInfo);
|
UserPreferences.setDatabaseConnectionInfo(connectionInfo);
|
||||||
} catch (UserPreferencesException ex) {
|
} catch (UserPreferencesException ex) {
|
||||||
logger.log(Level.SEVERE, "Error saving case database connection info", ex); //NON-NLS
|
logger.log(Level.SEVERE, "Error saving case database connection info", ex); //NON-NLS
|
||||||
|
logSystemDiagnostics();
|
||||||
}
|
}
|
||||||
//Solr Index settings
|
//Solr Index settings
|
||||||
UserPreferences.setIndexingServerHost(System.getProperty("solrHost"));
|
UserPreferences.setIndexingServerHost(System.getProperty("solrHost"));
|
||||||
@ -470,6 +507,7 @@ public class AutopsyTestCases {
|
|||||||
UserPreferences.setMessageServiceConnectionInfo(msgServiceInfo);
|
UserPreferences.setMessageServiceConnectionInfo(msgServiceInfo);
|
||||||
} catch (UserPreferencesException ex) {
|
} catch (UserPreferencesException ex) {
|
||||||
logger.log(Level.SEVERE, "Error saving messaging service connection info", ex); //NON-NLS
|
logger.log(Level.SEVERE, "Error saving messaging service connection info", ex); //NON-NLS
|
||||||
|
logSystemDiagnostics();
|
||||||
}
|
}
|
||||||
|
|
||||||
UserPreferences.setZkServerHost(System.getProperty("zooKeeperHost"));
|
UserPreferences.setZkServerHost(System.getProperty("zooKeeperHost"));
|
||||||
@ -484,6 +522,253 @@ public class AutopsyTestCases {
|
|||||||
}
|
}
|
||||||
} catch (NoSuchPathException ne) {
|
} catch (NoSuchPathException ne) {
|
||||||
logger.log(Level.SEVERE, "Error expanding tree path", ne);
|
logger.log(Level.SEVERE, "Error expanding tree path", ne);
|
||||||
|
logSystemDiagnostics();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
private void logSystemDiagnostics() {
|
||||||
|
logger.log(Level.INFO, getSystemDiagnostics());
|
||||||
|
}
|
||||||
|
|
||||||
|
private static final String NEWLINE = System.lineSeparator();
|
||||||
|
|
||||||
|
private static final int TOP_NUM = 10;
|
||||||
|
|
||||||
|
private static Set<String> IGNORED_PROCESSES = Stream.of("_Total", "Idle", "Memory Compression").collect(Collectors.toSet());
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return A string of system diagnostic information.
|
||||||
|
*
|
||||||
|
* NOTE: currently only works for windows.
|
||||||
|
*/
|
||||||
|
private static String getSystemDiagnostics() {
|
||||||
|
if (PlatformUtil.isWindowsOS()) {
|
||||||
|
try {
|
||||||
|
List<Map<String, String>> processPerformance = getWmicTable("wmic path Win32_PerfFormattedData_PerfProc_Process get Name,PercentProcessorTime,IOReadBytesPerSec,IOWriteBytesPerSec,WorkingSetPeak").stream()
|
||||||
|
.filter(obj -> !IGNORED_PROCESSES.contains(obj.get("name")))
|
||||||
|
.collect(Collectors.toList());
|
||||||
|
|
||||||
|
List<Pair<String, Long>> cpuUsageProcesses = getKeyValLimited(processPerformance, "name", "percentprocessortime");
|
||||||
|
List<Pair<String, Long>> memUsageProcesses = getKeyValLimited(processPerformance, "name", "workingsetpeak");
|
||||||
|
|
||||||
|
List<Triple<String, Long, Long>> ioProcesses = getFilteredLimited(
|
||||||
|
processPerformance,
|
||||||
|
obj -> {
|
||||||
|
String key = obj.get("name");
|
||||||
|
if (key == null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
return Triple.of(key, Long.parseLong(obj.get("ioreadbytespersec")), Long.parseLong(obj.get("iowritebytespersec")));
|
||||||
|
} catch (NumberFormatException | NullPointerException ex) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
},
|
||||||
|
Comparator.comparing(pr -> -(pr.getMiddle() + pr.getRight())));
|
||||||
|
|
||||||
|
String cpuLoad = getWmicString("wmic cpu get loadpercentage", "loadpercentage");
|
||||||
|
String cpuCores = getWmicString("wmic cpu get numberofcores", "numberofcores");
|
||||||
|
String freePhysicalMemory = getWmicString("wmic OS get FreeSpaceInPagingFiles", "freespaceinpagingfiles"); // in kb
|
||||||
|
String totalPhysicalMemory = getWmicString("wmic ComputerSystem get TotalPhysicalMemory", "totalphysicalmemory"); // bytes
|
||||||
|
String memUsage;
|
||||||
|
try {
|
||||||
|
double freeMemMb = Double.parseDouble(freePhysicalMemory) / 1000;
|
||||||
|
double totalMemMb = Double.parseDouble(totalPhysicalMemory) / 1000 / 1000;
|
||||||
|
memUsage = MessageFormat.format("Free Physical Memory: {0,number,#.##}MB and total physical: {1,number,#.##}MB", freeMemMb, totalMemMb);
|
||||||
|
} catch (NumberFormatException ex) {
|
||||||
|
memUsage = MessageFormat.format("Free Physical Memory: \"{0}\" and total physical: \"{1}\"", freePhysicalMemory, totalPhysicalMemory);
|
||||||
|
}
|
||||||
|
|
||||||
|
List<Triple<String, Long, String>> networkStatus = getFilteredLimited(
|
||||||
|
getWmicTable("wmic path win32_networkadapter where \"netconnectionstatus = 2 OR NOT errordescription IS NULL\" get netconnectionid, name, speed, maxspeed, errordescription"),
|
||||||
|
(Map<String, String> obj) -> {
|
||||||
|
String name = obj.get("netconnectionid");
|
||||||
|
if (StringUtils.isBlank(name)) {
|
||||||
|
name = obj.get("name");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (StringUtils.isBlank(name)) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
String errorDescription = obj.get("errordescription");
|
||||||
|
|
||||||
|
Long speed = 0L;
|
||||||
|
try {
|
||||||
|
speed = Long.parseLong(obj.get("speed"));
|
||||||
|
} catch (NumberFormatException | NullPointerException ex) {
|
||||||
|
}
|
||||||
|
|
||||||
|
return Triple.of(name, speed, errorDescription);
|
||||||
|
},
|
||||||
|
(a, b) -> StringUtils.compareIgnoreCase(a.getLeft(), b.getRight()));
|
||||||
|
|
||||||
|
List<Pair<String, Long>> diskStatus = getKeyValLimited(
|
||||||
|
getWmicTable("wmic path Win32_PerfFormattedData_PerfDisk_LogicalDisk get AvgDiskQueueLength,Name").stream()
|
||||||
|
.filter(obj -> !IGNORED_PROCESSES.contains(obj.get("name")))
|
||||||
|
.collect(Collectors.toList()),
|
||||||
|
"name",
|
||||||
|
"avgdiskqueuelength");
|
||||||
|
|
||||||
|
return "SYSTEM DIAGNOSTICS:" + NEWLINE
|
||||||
|
+ MessageFormat.format("CPU Load Percentage: {0}% with {1} cores", cpuLoad, cpuCores) + NEWLINE
|
||||||
|
+ MessageFormat.format("Memory Usage: {0}", memUsage) + NEWLINE
|
||||||
|
+ "Disk Usage (disk to average disk queue length): " + NEWLINE
|
||||||
|
+ diskStatus.stream().map(pr -> pr.getKey() + ": " + pr.getValue()).collect(Collectors.joining(NEWLINE)) + NEWLINE
|
||||||
|
+ NEWLINE
|
||||||
|
+ "Network Status (of only connected or error): " + NEWLINE
|
||||||
|
+ networkStatus.stream().map(obj -> {
|
||||||
|
String errorString = StringUtils.isBlank(obj.getRight()) ? "" : MessageFormat.format(" (error: {0})", obj.getRight());
|
||||||
|
return MessageFormat.format("{0}: {1,number,#.##}MB/S possible {2}", obj.getLeft(), ((double) obj.getMiddle()) / 1000 / 1000, errorString);
|
||||||
|
}).collect(Collectors.joining(NEWLINE)) + NEWLINE
|
||||||
|
+ NEWLINE
|
||||||
|
+ "CPU consuming processes: " + NEWLINE
|
||||||
|
+ cpuUsageProcesses.stream().map(pr -> MessageFormat.format("{0}: {1}%", pr.getKey(), pr.getValue())).collect(Collectors.joining(NEWLINE)) + NEWLINE
|
||||||
|
+ NEWLINE
|
||||||
|
+ "Memory consuming processes (working set peak): " + NEWLINE
|
||||||
|
+ memUsageProcesses.stream()
|
||||||
|
.map(
|
||||||
|
pr -> MessageFormat.format(
|
||||||
|
"{0}: {1,number,#.##}MB",
|
||||||
|
pr.getKey(),
|
||||||
|
((double) pr.getValue()) / 1000 / 1000
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.collect(Collectors.joining(NEWLINE)) + NEWLINE
|
||||||
|
+ NEWLINE
|
||||||
|
+ "I/O consuming processes (read/write): " + NEWLINE
|
||||||
|
+ ioProcesses.stream()
|
||||||
|
.map(
|
||||||
|
pr -> MessageFormat.format(
|
||||||
|
"{0}: {1,number,#.##}MB/{2,number,#.##}MB", pr.getLeft(),
|
||||||
|
((double) pr.getMiddle()) / 1000 / 1000,
|
||||||
|
((double) pr.getRight()) / 1000 / 1000
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.collect(Collectors.joining(NEWLINE)) + NEWLINE;
|
||||||
|
} catch (Throwable ex) {
|
||||||
|
return "SYSTEM DIAGNOSTICS:" + NEWLINE
|
||||||
|
+ "Encountered IO exception: " + ex.getMessage() + NEWLINE;
|
||||||
|
}
|
||||||
|
|
||||||
|
} else {
|
||||||
|
return "System diagnostics only implemented for windows at this time.";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns a pair of a string key and long number value limited to TOP_NUM of the highest number values.
|
||||||
|
* @param objects The list of objects.
|
||||||
|
* @param keyId The id of the key in the map.
|
||||||
|
* @param valId The id of the value in the map.
|
||||||
|
* @return The highest valued key value pairs.
|
||||||
|
*/
|
||||||
|
private static List<Pair<String, Long>> getKeyValLimited(List<Map<String, String>> objects, String keyId, String valId) {
|
||||||
|
return getFilteredLimited(
|
||||||
|
objects,
|
||||||
|
obj -> {
|
||||||
|
String key = obj.get(keyId);
|
||||||
|
if (key == null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
return Pair.of(key, Long.parseLong(obj.get(valId)));
|
||||||
|
} catch (NumberFormatException | NullPointerException ex) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
},
|
||||||
|
Comparator.comparing(pr -> -pr.getValue()));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns a list of a given type limited to TOP_NUM of the first values.
|
||||||
|
* @param objects The objects to sort and filter.
|
||||||
|
* @param keyObjMapper Maps the list of map objects to the new new value.
|
||||||
|
* @param comparator Comparator determining first values.
|
||||||
|
* @return The list capped at TOP_NUM.
|
||||||
|
*/
|
||||||
|
private static <T> List<T> getFilteredLimited(List<Map<String, String>> objects, Function<Map<String, String>, T> keyObjMapper, Comparator<T> comparator) {
|
||||||
|
return objects.stream()
|
||||||
|
.map(keyObjMapper)
|
||||||
|
.filter(a -> a != null)
|
||||||
|
.sorted(comparator)
|
||||||
|
.limit(TOP_NUM)
|
||||||
|
.collect(Collectors.toList());
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Runs the command line entry returning standard output.
|
||||||
|
* @param cmd The command.
|
||||||
|
* @return The standard output.
|
||||||
|
* @throws IOException
|
||||||
|
*/
|
||||||
|
private static String getProcStdOut(String... cmd) throws IOException {
|
||||||
|
ProcessBuilder pb = new ProcessBuilder(cmd);
|
||||||
|
String output = IOUtils.toString(pb.start().getInputStream(), StandardCharsets.UTF_8);
|
||||||
|
return output;
|
||||||
|
}
|
||||||
|
|
||||||
|
// matches key=value
|
||||||
|
private static final Pattern EQUALS_PATTERN = Pattern.compile("^([^=]*)=(.*)$");
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns a list of maps mapping the wmic header column (lower cased) to
|
||||||
|
* the value for the row.
|
||||||
|
*
|
||||||
|
* @param cmd The wmic command to run.
|
||||||
|
*
|
||||||
|
* @return The list of rows.
|
||||||
|
*
|
||||||
|
* @throws IOException
|
||||||
|
*/
|
||||||
|
private static List<Map<String, String>> getWmicTable(String cmd) throws IOException {
|
||||||
|
String stdOut = getProcStdOut("cmd", "/c", cmd + " /format:list");
|
||||||
|
|
||||||
|
List<Map<String, String>> rows = new ArrayList<>();
|
||||||
|
Map<String, String> curObj = new HashMap<>();
|
||||||
|
for (String line : stdOut.split("\\r?\\n")) {
|
||||||
|
// if line, try to parse as key=value
|
||||||
|
if (StringUtils.isNotBlank(line)) {
|
||||||
|
Matcher matcher = EQUALS_PATTERN.matcher(line);
|
||||||
|
if (matcher.find()) {
|
||||||
|
String key = matcher.group(1).trim().toLowerCase();
|
||||||
|
String value = matcher.group(2).trim();
|
||||||
|
curObj.put(key, value);
|
||||||
|
}
|
||||||
|
// if no line and the object has keys, we have finished an entry, add it to the list.
|
||||||
|
} else if (!curObj.isEmpty()) {
|
||||||
|
rows.add(curObj);
|
||||||
|
curObj = new HashMap<>();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!curObj.isEmpty()) {
|
||||||
|
rows.add(curObj);
|
||||||
|
curObj = new HashMap<>();
|
||||||
|
}
|
||||||
|
|
||||||
|
return rows;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns a string from a wmic query.
|
||||||
|
* @param wmicQuery The wmic query.
|
||||||
|
* @param key The key column to return.
|
||||||
|
* @return The first row's value for the given key.
|
||||||
|
* @throws IOException
|
||||||
|
*/
|
||||||
|
private static String getWmicString(String wmicQuery, String key) throws IOException {
|
||||||
|
List<Map<String, String>> retVal = getWmicTable(wmicQuery);
|
||||||
|
if (retVal != null && !retVal.isEmpty() && retVal.get(0) != null && retVal.get(0).get(key) != null) {
|
||||||
|
return retVal.get(0).get(key);
|
||||||
|
} else {
|
||||||
|
return null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#Updated by build script
|
#Updated by build script
|
||||||
#Wed, 01 Dec 2021 12:53:03 -0500
|
#Wed, 28 Sep 2022 13:57:05 -0400
|
||||||
LBL_splash_window_title=Starting Autopsy
|
LBL_splash_window_title=Starting Autopsy
|
||||||
SPLASH_HEIGHT=314
|
SPLASH_HEIGHT=314
|
||||||
SPLASH_WIDTH=538
|
SPLASH_WIDTH=538
|
||||||
@ -8,4 +8,4 @@ SplashRunningTextBounds=0,289,538,18
|
|||||||
SplashRunningTextColor=0x0
|
SplashRunningTextColor=0x0
|
||||||
SplashRunningTextFontSize=19
|
SplashRunningTextFontSize=19
|
||||||
|
|
||||||
currentVersion=Autopsy 4.19.2
|
currentVersion=Autopsy 4.19.3
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
#Updated by build script
|
#Updated by build script
|
||||||
#Wed, 01 Dec 2021 12:53:03 -0500
|
#Wed, 28 Sep 2022 13:57:05 -0400
|
||||||
CTL_MainWindow_Title=Autopsy 4.19.2
|
CTL_MainWindow_Title=Autopsy 4.19.3
|
||||||
CTL_MainWindow_Title_No_Project=Autopsy 4.19.2
|
CTL_MainWindow_Title_No_Project=Autopsy 4.19.3
|
||||||
|
@ -9,7 +9,7 @@ ActiveMQ is a messaging service that allows the Autopsy clients to communicate w
|
|||||||
|
|
||||||
You will need:
|
You will need:
|
||||||
- 64-bit version of the Java 8 Runtime Environment (JRE) from https://github.com/ojdkbuild/ojdkbuild (<a href="https://github.com/ojdkbuild/ojdkbuild/releases/download/java-1.8.0-openjdk-1.8.0.242-1.b08/java-1.8.0-openjdk-1.8.0.242-1.b08.ojdkbuild.windows.x86_64.msi"> Link to installer</a>)
|
- 64-bit version of the Java 8 Runtime Environment (JRE) from https://github.com/ojdkbuild/ojdkbuild (<a href="https://github.com/ojdkbuild/ojdkbuild/releases/download/java-1.8.0-openjdk-1.8.0.242-1.b08/java-1.8.0-openjdk-1.8.0.242-1.b08.ojdkbuild.windows.x86_64.msi"> Link to installer</a>)
|
||||||
- Download ActiveMQ from: http://activemq.apache.org/download.html . Autopsy has been tested with ActiveMQ version 5.14.0.
|
- Download ActiveMQ from: http://activemq.apache.org/download.html . Autopsy has been tested with ActiveMQ version 5.14.0. Note that newer versions will not work with Java 8.
|
||||||
|
|
||||||
|
|
||||||
\section install_activemq_install Installation
|
\section install_activemq_install Installation
|
||||||
@ -29,7 +29,9 @@ If you need the JRE, install it with the default settings.
|
|||||||
|
|
||||||
<li>Open the <i>conf\\activemq.xml</i> file in the extracted folder in a text editor and make the following changes:
|
<li>Open the <i>conf\\activemq.xml</i> file in the extracted folder in a text editor and make the following changes:
|
||||||
<ul>
|
<ul>
|
||||||
<li> Add <i>"schedulePeriodForDestinationPurge="10000""</i> to the _broker_ tag then add <i>"gcInactiveDestinations="true" inactiveTimoutBeforeGC="30000""</i> to the _policyEntry_ tag. This is highlighted in yellow below:
|
<li> Add <i>"schedulePeriodForDestinationPurge="10000""</i> to the _broker_ tag</li>
|
||||||
|
<li> Add <i>"gcInactiveDestinations="true" inactiveTimoutBeforeGC="30000""</i> to the _policyEntry_ tag.
|
||||||
|
<li> These are both highlighted in yellow below:
|
||||||
|
|
||||||
\image html activeMQ_node_cleanup.png
|
\image html activeMQ_node_cleanup.png
|
||||||
|
|
||||||
@ -41,6 +43,8 @@ If you need the JRE, install it with the default settings.
|
|||||||
|
|
||||||
<li>Install ActiveMQ as a service by navigating to the folder <i>bin\\win64</i>, right-clicking _InstallService.bat_, clicking _Run as administrator_, then click _Yes_.
|
<li>Install ActiveMQ as a service by navigating to the folder <i>bin\\win64</i>, right-clicking _InstallService.bat_, clicking _Run as administrator_, then click _Yes_.
|
||||||
|
|
||||||
|
<li>Add the bin\\win64\\wrapper.exe and java.exe (from the JRE) to the Windows firewall so that they can accept network communications.
|
||||||
|
|
||||||
<li>Start the ActiveMQ service by pressing _Start_, type _services.msc_, and press _Enter_. Find _ActiveMQ_ in the list and press the _Start the service_ link.
|
<li>Start the ActiveMQ service by pressing _Start_, type _services.msc_, and press _Enter_. Find _ActiveMQ_ in the list and press the _Start the service_ link.
|
||||||
|
|
||||||
<li>ActiveMQ should now be installed and configured using the default credentials.
|
<li>ActiveMQ should now be installed and configured using the default credentials.
|
||||||
@ -48,7 +52,7 @@ If you need the JRE, install it with the default settings.
|
|||||||
|
|
||||||
\subsection install_activemq_test Testing
|
\subsection install_activemq_test Testing
|
||||||
|
|
||||||
To test your installation, you can access the admin pages in your web browser via a URL like this: http://localhost:8161/admin.
|
To test your installation, you can access the admin pages in your web browser (on the server) via a URL like this: http://localhost:8161/admin. NOTE that you cannot access this page from other hosts unless you go into jetty.xml and change org.apache.activemq.web.WebConsolePort so that host is 0.0.0.0 (and ensure that it is properly secured).
|
||||||
|
|
||||||
The default administrator username is _admin_ with a password of _admin_ and the default regular username is _user_ with a default password of _password_. You can change these passwords by following the instructions below.
|
The default administrator username is _admin_ with a password of _admin_ and the default regular username is _user_ with a default password of _password_. You can change these passwords by following the instructions below.
|
||||||
|
|
||||||
@ -57,7 +61,7 @@ If you can see a page that looks like the following, it confirms that the Active
|
|||||||
\image html activemq.PNG
|
\image html activemq.PNG
|
||||||
<br><br>
|
<br><br>
|
||||||
|
|
||||||
You can confirm that your ActiveMQ installation is visible to other computers on the network by attempting to connect to a URL like the following (replacing the host name with that of the ActiveMQ computer) in a web browser: http://activemq-computer:61616
|
You can also confirm that your ActiveMQ installation is visible to other computers on the network by attempting to connect to a URL like the following (replacing the host name with that of the ActiveMQ computer) in a web browser: http://activemq-computer:61616. This will not give you a nice web page, but will give you data from the server.
|
||||||
|
|
||||||
If you are unable to connect to this address:
|
If you are unable to connect to this address:
|
||||||
- Double check that the ActiveMQ service is running
|
- Double check that the ActiveMQ service is running
|
||||||
|
@ -40,7 +40,7 @@ To install PostgreSQL, perform the following steps:
|
|||||||
<br><br>
|
<br><br>
|
||||||
\image html newPassword.PNG
|
\image html newPassword.PNG
|
||||||
<br><br>
|
<br><br>
|
||||||
- Check <i>"Can create databases"</i> on the <i>"Role Privileges"</i> tab.
|
- For <i>"Role Privileges"</i>, give the user <i>"Can Login?"</i> and <i>"Can create databases"</i>.
|
||||||
<br><br>
|
<br><br>
|
||||||
\image html newRights.PNG
|
\image html newRights.PNG
|
||||||
<br><br>
|
<br><br>
|
||||||
@ -86,7 +86,7 @@ To this:
|
|||||||
Note the removal of the leading number symbol-this uncomments that entry.
|
Note the removal of the leading number symbol-this uncomments that entry.
|
||||||
<br><br>
|
<br><br>
|
||||||
|
|
||||||
4. Still in <i id="max_connections">"C:\Program Files\PostgreSQL\9.5\data\postgresql.conf"</i>, find the entry named _max_connections_ and set it to the number of suggested connections for your configuration. A rule of thumb is add 100 connections for each Automated Ingest Node and 100 connections for each Reviewer node you plan to have in the network. See the screenshot below.
|
4. Still in <i id="max_connections">"C:\Program Files\PostgreSQL\9.5\data\postgresql.conf"</i>, find the entry named _max_connections_ and set it to the number of suggested connections for your configuration. A rule of thumb is 100 connections per each Automated Ingest node and reviewer node. See the screenshot below.
|
||||||
<br><br>
|
<br><br>
|
||||||
\image html maxConnections.PNG
|
\image html maxConnections.PNG
|
||||||
<br><br>
|
<br><br>
|
||||||
@ -98,6 +98,8 @@ Note the removal of the leading number symbol-this uncomments that entry.
|
|||||||
\image html postgresqlinstall7.PNG
|
\image html postgresqlinstall7.PNG
|
||||||
<br><br>
|
<br><br>
|
||||||
|
|
||||||
|
6. Add the bin\\postgres.exe file to the Windows firewall to allow it to receive connections.
|
||||||
|
|
||||||
|
|
||||||
\section install_post_test Testing
|
\section install_post_test Testing
|
||||||
|
|
||||||
|
@ -114,6 +114,10 @@ Start the "Solr_8.6.3" service, and verify that the service status changes to "R
|
|||||||
|
|
||||||
\image html solr_start_2.png
|
\image html solr_start_2.png
|
||||||
|
|
||||||
|
\subsection install_solr_security AntiVirus Settings
|
||||||
|
|
||||||
|
We have observed that Antivirus may detect strings in the Solr indexes as being malware. You should add the Solr data directory to the exclusion list for your security product. We saw this with Windows Defender.
|
||||||
|
|
||||||
\section install_solr_testing Testing
|
\section install_solr_testing Testing
|
||||||
|
|
||||||
There are two tests that you should perform to confirm that the Solr machine is configured correctly.
|
There are two tests that you should perform to confirm that the Solr machine is configured correctly.
|
||||||
|
@ -28,7 +28,17 @@ then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
awk '!/^\s*#?\s*export jreflags=.*$/' $INSTALL_LOC/etc/$APPLICATION_NAME.conf > $INSTALL_LOC/etc/$APPLICATION_NAME.conf.tmp && \
|
GSTREAMER_LOC=$(brew --prefix gstreamer)
|
||||||
mv $INSTALL_LOC/etc/$APPLICATION_NAME.conf.tmp $INSTALL_LOC/etc/$APPLICATION_NAME.conf && \
|
if [[ $? -ne 0 ]]
|
||||||
echo -e "\nexport jreflags=-Djna.library.path=\"/Library/Frameworks/GStreamer.framework/Versions/1.0/lib\"" >> $INSTALL_LOC/etc/$APPLICATION_NAME.conf
|
then
|
||||||
|
echo "Unable to find homebrew installation of gstreamer" >> /dev/stderr
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
awk '!/^ *#? *export +?(jreflags|GST_PLUGIN_SYSTEM_PATH|GST_PLUGIN_SCANNER)=.*$/' $INSTALL_LOC/etc/$APPLICATION_NAME.conf > $INSTALL_LOC/etc/$APPLICATION_NAME.conf.tmp && \
|
||||||
|
mv $INSTALL_LOC/etc/$APPLICATION_NAME.conf.tmp $INSTALL_LOC/etc/$APPLICATION_NAME.conf && \
|
||||||
|
echo "
|
||||||
|
export jreflags=\"-Djna.library.path=\\\"/usr/local/lib\\\" \$jreflags\"
|
||||||
|
export GST_PLUGIN_SYSTEM_PATH=\"/usr/local/lib/gstreamer-1.0\"
|
||||||
|
export GST_PLUGIN_SCANNER=\"${GSTREAMER_LOC}/libexec/gstreamer-1.0/gst-plugin-scanner\"" >> $INSTALL_LOC/etc/$APPLICATION_NAME.conf
|
||||||
|
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
# Unzips an application platform zip to specified directory and does setup
|
# Unzips an application platform zip to specified directory and does setup
|
||||||
|
|
||||||
usage() {
|
usage() {
|
||||||
echo "Usage: install_application_from_zip.sh [-z zip_path] [-i install_directory] [-j java_home] [-n application_name] [-v asc_file]" 1>&2
|
echo "Usage: install_application.sh [-z zip_path] [-i install_directory] [-j java_home] [-n application_name] [-v asc_file]" 1>&2
|
||||||
echo "If specifying a .asc verification file (with -v flag), the program will attempt to create a temp folder in the working directory and verify the signature with gpg. If you already have an extracted zip, the '-z' flag can be ignored as long as the directory specifying the extracted contents is provided for the installation directory." 1>&2
|
echo "If specifying a .asc verification file (with -v flag), the program will attempt to create a temp folder in the working directory and verify the signature with gpg. If you already have an extracted zip, the '-z' flag can be ignored as long as the directory specifying the extracted contents is provided for the installation directory." 1>&2
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,27 +1,14 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
echo "Installing dependencies..."
|
echo "Installing dependencies..."
|
||||||
# dependencies taken from: https://github.com/sleuthkit/autopsy/pull/5111/files
|
brew install ant automake libtool afflib libewf postgresql testdisk libheif \
|
||||||
# brew install gettext cppunit && \
|
gst-libav gst-plugins-bad gst-plugins-base gst-plugins-good gst-plugins-ugly gstreamer
|
||||||
brew install ant automake libtool afflib libewf postgresql testdisk
|
|
||||||
if [[ $? -ne 0 ]]
|
if [[ $? -ne 0 ]]
|
||||||
then
|
then
|
||||||
echo "Unable to install necessary dependencies" >> /dev/stderr
|
echo "Unable to install necessary dependencies" >> /dev/stderr
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# brew gstreamer packages don't seem to play nice with autopsy. Installing directly from gstreamer
|
|
||||||
echo "Installing gstreamer..."
|
|
||||||
gstreamer_tmp_path=$TMPDIR/gstreamer-1.0-1.20.3-universal.pkg
|
|
||||||
curl -k -o $gstreamer_tmp_path 'https://gstreamer.freedesktop.org/data/pkg/osx/1.20.3/gstreamer-1.0-1.20.3-universal.pkg' && \
|
|
||||||
sudo installer -pkg //Users/4911_admin/Downloads/gstreamer-1.0-1.20.3-universal.pkg -target /
|
|
||||||
gstreamer_install_result=$?
|
|
||||||
rm $gstreamer_tmp_path
|
|
||||||
if [[ $? -ne 0 ]]
|
|
||||||
then
|
|
||||||
echo "Unable to install gstreamer" >> /dev/stderr
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Installing liberica java 8..."
|
echo "Installing liberica java 8..."
|
||||||
brew tap bell-sw/liberica && \
|
brew tap bell-sw/liberica && \
|
||||||
brew install --cask liberica-jdk8-full
|
brew install --cask liberica-jdk8-full
|
||||||
|
@ -1,10 +1,10 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# Clones sleuthkit repo from github (if necessary) and installs
|
# Clones sleuthkit repo from github (if necessary) and installs
|
||||||
# this script does require sudo privileges
|
# this script does require sudo privileges
|
||||||
# called like: build_tsk.sh -p <repo path to be created or existing> -b <tsk branch to checkout> -r <non-standard remote repo (optional)>
|
# called like: install_tsk_from_src.sh -p <repo path to be created or existing> -b <tsk branch to checkout> -r <non-standard remote repo (optional)>
|
||||||
|
|
||||||
usage() {
|
usage() {
|
||||||
echo "Usage: install_tsk_from_src [-p repo_path (should end with '/sleuthkit')] [-b tsk_branch] [-r sleuthkit_repo]" 1>&2
|
echo "Usage: install_tsk_from_src.sh [-p repo_path (should end with '/sleuthkit')] [-b tsk_branch] [-r sleuthkit_repo]" 1>&2
|
||||||
}
|
}
|
||||||
|
|
||||||
# default repo path
|
# default repo path
|
||||||
|
@ -4,7 +4,7 @@ app.title=Autopsy
|
|||||||
### lowercase version of above
|
### lowercase version of above
|
||||||
app.name=${branding.token}
|
app.name=${branding.token}
|
||||||
### if left unset, version will default to today's date
|
### if left unset, version will default to today's date
|
||||||
app.version=4.19.3
|
app.version=4.20.0
|
||||||
### build.type must be one of: DEVELOPMENT, RELEASE
|
### build.type must be one of: DEVELOPMENT, RELEASE
|
||||||
#build.type=RELEASE
|
#build.type=RELEASE
|
||||||
build.type=DEVELOPMENT
|
build.type=DEVELOPMENT
|
||||||
|
@ -1,14 +1,14 @@
|
|||||||
et-xmlfile==1.0.1
|
et-xmlfile>=1.1.0
|
||||||
gitdb==4.0.5
|
gitdb>=4.0.10
|
||||||
GitPython==3.1.12
|
GitPython>=3.1.29
|
||||||
jdcal==1.4.1
|
jdcal>=1.4.1
|
||||||
jproperties==2.1.0
|
jproperties>=2.1.1
|
||||||
lml==0.1.0
|
lml>=0.1.0
|
||||||
openpyxl==3.0.6
|
openpyxl>=3.0.10
|
||||||
pyexcel==0.6.6
|
pyexcel>=0.7.0
|
||||||
pyexcel-io==0.6.4
|
pyexcel-io>=0.6.6
|
||||||
pyexcel-xlsx==0.6.0
|
pyexcel-xlsx>=0.6.0
|
||||||
six==1.15.0
|
six>=1.16.0
|
||||||
smmap==3.0.4
|
smmap>=5.0.0
|
||||||
texttable==1.6.3
|
texttable>=1.6.7
|
||||||
XlsxWriter==1.3.7
|
XlsxWriter>=3.0.3
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
|
|
||||||
# NOTE: update_sleuthkit_version.pl updates this value and relies
|
# NOTE: update_sleuthkit_version.pl updates this value and relies
|
||||||
# on it keeping the same name and whitespace. Don't change it.
|
# on it keeping the same name and whitespace. Don't change it.
|
||||||
TSK_VERSION=4.11.1
|
TSK_VERSION=4.12.0
|
||||||
|
|
||||||
|
|
||||||
usage() {
|
usage() {
|
||||||
|
Loading…
x
Reference in New Issue
Block a user