mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' of https://github.com/sleuthkit/autopsy into 6865-FixPastOccurrencesDiscovery

Browse Source
This commit is contained in:
William Schaefer 2020-09-24 16:29:26 -04:00
commit 6bd138cdc5
17 changed files with 109 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Core/src/org/sleuthkit/autopsy/casemodule/LocalFilesDSProcessor.java
View File

@ -193,7 +193,7 @@ public class LocalFilesDSProcessor implements DataSourceProcessor, AutoIngestDat
List<String> command = new ArrayList<>();
for (final String l01Path : logicalEvidenceFilePaths) {
command.clear();
command.add(ewfexportPath.toAbsolutePath().toString());
command.add(String.format("\"%s\"", ewfexportPath.toAbsolutePath().toString()));
command.add("-f");
command.add("files");
command.add("-t");
@ -203,8 +203,8 @@ public class LocalFilesDSProcessor implements DataSourceProcessor, AutoIngestDat
}
Path dirPath = Paths.get(FilenameUtils.getBaseName(l01Path) + UNIQUENESS_CONSTRAINT_SEPERATOR + System.currentTimeMillis());
command.add(dirPath.toString());
command.add(l01Path);
command.add(String.format("\"%s\"", dirPath.toString()));
command.add(String.format("\"%s\"", l01Path));
ProcessBuilder processBuilder = new ProcessBuilder(command);
processBuilder.directory(l01Dir);
try {

4
Core/src/org/sleuthkit/autopsy/casemodule/UnpackagePortableCaseProgressDialog.java
View File

@ -173,10 +173,10 @@ class UnpackagePortableCaseProgressDialog extends javax.swing.JDialog implements
throw new TskCoreException("Error finding 7-Zip executable"); // NON-NLS
}
String outputFolderSwitch = "-o" + outputFolder; // NON-NLS
String outputFolderSwitch = "-o" + String.format("\"%s\"",outputFolder); // NON-NLS
ProcessBuilder procBuilder = new ProcessBuilder();
procBuilder.command(
sevenZipExe.getAbsolutePath(),
String.format("\"%s\"",sevenZipExe.getAbsolutePath()),
"x", // Extract
packagedCase,
outputFolderSwitch

4
Core/src/org/sleuthkit/autopsy/modules/ileappanalyzer/ILeappAnalyzerIngestModule.java
View File

@ -210,8 +210,8 @@ public class ILeappAnalyzerIngestModule implements DataSourceIngestModule {
ProcessBuilder processBuilder = buildProcessWithRunAsInvoker(
"\"" + iLeappExecutable + "\"", //NON-NLS
"-t", iLeappFileSystemType, //NON-NLS
"-i", sourceFilePath, //NON-NLS
"-o", moduleOutputPath.toString()
"-i", String.format("\"%s\"",sourceFilePath), //NON-NLS
"-o", String.format("\"%s\"",moduleOutputPath.toString())
);
processBuilder.redirectError(moduleOutputPath.resolve("iLeapp_err.txt").toFile()); //NON-NLS
processBuilder.redirectOutput(moduleOutputPath.resolve("iLeapp_out.txt").toFile()); //NON-NLS

89
Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011-2018 Basis Technology Corp.
* Copyright 2011-2020 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -46,6 +46,7 @@ import org.openide.windows.WindowManager;
import org.sleuthkit.autopsy.corecomponents.OptionsPanel;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
import org.sleuthkit.autopsy.coreutils.ModuleSettings;
import org.sleuthkit.autopsy.guiutils.SimpleListCellRenderer;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.autopsy.ingest.IngestModuleGlobalSettingsPanel;
@ -88,6 +89,14 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp
private final String filterDialogTitle;
private final String ruleDialogTitle;
private boolean canBeEnabled = true;
private static final String XML_EXTENSION = "xml";
private final JFileChooser importFileChooser;
private static final String LAST_IMPORT_PATH_KEY = "InterestingFilesRuleSetLastImport";
private final JFileChooser exportFileChooser;
private static final String LAST_EXPORT_PATH_KEY = "InterestingFilesRuleSetLastExport";
// The following is a map of interesting files set names to interesting
// files set definitions. It is a snapshot of the files set definitions
@ -146,6 +155,22 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp
enableButtons();
});
canBeEnabled = !IngestManager.getInstance().isIngestRunning();
this.importFileChooser = new JFileChooser();
this.exportFileChooser = new JFileChooser();
configureFileChooser(importFileChooser);
configureFileChooser(exportFileChooser);
}
/**
* Configure the file chooser for rule set imports and exports.
*/
private void configureFileChooser(JFileChooser fileChooser) {
FileNameExtensionFilter autopsyFilter = new FileNameExtensionFilter(
NbBundle.getMessage(this.getClass(), "FilesSetDefsPanel.interesting.fileExtensionFilterLbl"), XML_EXTENSION);
fileChooser.addChoosableFileFilter(autopsyFilter);
fileChooser.setAcceptAllFileFilterUsed(false);
fileChooser.setFileSelectionMode(JFileChooser.FILES_ONLY);
}
@NbBundle.Messages({"FilesSetDefsPanel.Interesting.Title=Global Interesting Items Settings",
@ -1131,16 +1156,13 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp
private void importSetButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_importSetButtonActionPerformed
//save currently selected value as default value to select
FilesSet selectedSet = this.setsList.getSelectedValue();
JFileChooser chooser = new JFileChooser();
final String EXTENSION = "xml"; //NON-NLS
FileNameExtensionFilter autopsyFilter = new FileNameExtensionFilter(
NbBundle.getMessage(this.getClass(), "FilesSetDefsPanel.interesting.fileExtensionFilterLbl"), EXTENSION);
chooser.addChoosableFileFilter(autopsyFilter);
chooser.setAcceptAllFileFilterUsed(false);
chooser.setFileSelectionMode(JFileChooser.FILES_ONLY);
int returnVal = chooser.showOpenDialog(this);
File lastFolder = getLastUsedDirectory(LAST_IMPORT_PATH_KEY);
importFileChooser.setCurrentDirectory(lastFolder);
int returnVal = importFileChooser.showOpenDialog(this);
if (returnVal == JFileChooser.APPROVE_OPTION) {
File selFile = chooser.getSelectedFile();
File selFile = importFileChooser.getSelectedFile();
if (selFile == null) {
JOptionPane.showMessageDialog(this,
Bundle.FilesSetDefsPanel_importSetButtonActionPerformed_noFilesSelected(),
@ -1149,6 +1171,9 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp
logger.warning("Selected file was null, when trying to import interesting files set definitions");
return;
}
ModuleSettings.setConfigSetting(ModuleSettings.MAIN_SETTINGS, LAST_IMPORT_PATH_KEY, selFile.getParent());
Collection<FilesSet> importedSets;
try {
importedSets = InterestingItemsFilesSetSettings.readDefinitionsXML(selFile).values(); //read the xml from that path
@ -1191,6 +1216,27 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp
}//GEN-LAST:event_importSetButtonActionPerformed
/**
* Get the last used directory from ModuleSettings, using the value
* associated with the input key as the directory path.
*
* @param key The input key to search in module settings.
* @return A directory instance if a value was found and the path is still
* valid, or null otherwise.
*/
private File getLastUsedDirectory(String key) {
File lastFolder = null;
if (ModuleSettings.settingExists(ModuleSettings.MAIN_SETTINGS, key)) {
final String lastDirectory = ModuleSettings.getConfigSetting(ModuleSettings.MAIN_SETTINGS, key);
File lastDirectoryFile = new File(lastDirectory);
// Only select it if it exists.
if (lastDirectoryFile.exists()) {
lastFolder = lastDirectoryFile;
}
}
return lastFolder;
}
/**
* From the files sets that can be imported, this method rectifies any
* conflicts that may occur.
@ -1420,18 +1466,16 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp
private void exportSetButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_exportSetButtonActionPerformed
//display warning that existing filessets with duplicate names will be overwritten
//create file chooser to get xml filefinal String FEATURE_NAME = NbBundle.getMessage(this.getClass(),
JFileChooser chooser = new JFileChooser();
final String EXTENSION = "xml"; //NON-NLS
FileNameExtensionFilter autopsyFilter = new FileNameExtensionFilter(
NbBundle.getMessage(this.getClass(), "FilesSetDefsPanel.interesting.fileExtensionFilterLbl"), EXTENSION);
chooser.addChoosableFileFilter(autopsyFilter);
chooser.setSelectedFile(new File(this.setsList.getSelectedValue().getName()));
chooser.setFileSelectionMode(JFileChooser.FILES_ONLY);
int returnVal = chooser.showSaveDialog(this);
exportFileChooser.setSelectedFile(new File(this.setsList.getSelectedValue().getName()));
final File lastDirectory = getLastUsedDirectory(LAST_EXPORT_PATH_KEY);
exportFileChooser.setCurrentDirectory(lastDirectory);
int returnVal = exportFileChooser.showSaveDialog(this);
if (returnVal == JFileChooser.APPROVE_OPTION) {
final String FEATURE_NAME = NbBundle.getMessage(this.getClass(),
"FilesSetDefsPanel.interesting.exportButtonAction.featureName");
File selFile = chooser.getSelectedFile();
File selFile = exportFileChooser.getSelectedFile();
if (selFile == null) {
JOptionPane.showMessageDialog(this,
NbBundle.getMessage(this.getClass(), "FilesSetDefsPanel.interesting.failExportMsg"),
@ -1440,10 +1484,13 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp
logger.warning("Selected file was null, when trying to export interesting files set definitions");
return;
}
ModuleSettings.setConfigSetting(ModuleSettings.MAIN_SETTINGS, LAST_EXPORT_PATH_KEY, selFile.getParent());
//force append extension if not given
String fileAbs = selFile.getAbsolutePath();
if (!fileAbs.endsWith("." + EXTENSION)) {
fileAbs = fileAbs + "." + EXTENSION;
if (!fileAbs.endsWith("." + XML_EXTENSION)) {
fileAbs = fileAbs + "." + XML_EXTENSION;
selFile = new File(fileAbs);
}
if (selFile.exists()) {

4
Core/src/org/sleuthkit/autopsy/modules/photoreccarver/PhotoRecCarverFileIngestModule.java
View File

@ -321,9 +321,9 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {
ProcessBuilder processAndSettings = new ProcessBuilder(
executableFile.toString(),
"/d", // NON-NLS
outputDirPath.toAbsolutePath().toString() + File.separator + PHOTOREC_RESULTS_BASE,
String.format("\"%s\"", Paths.get(outputDirPath.toAbsolutePath().toString(), PHOTOREC_RESULTS_BASE).toString()),
"/cmd", // NON-NLS
tempFilePath.toFile().toString());
String.format("\"%s\"",tempFilePath.toFile().toString()));
processAndSettings.command().add(this.optionsString);

14
Core/src/org/sleuthkit/autopsy/modules/pictureanalyzer/impls/HEICProcessor.java
View File

@ -48,6 +48,7 @@ import org.sleuthkit.autopsy.coreutils.ExecUtil;
import org.sleuthkit.autopsy.coreutils.FileUtil;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.PlatformUtil;
import org.sleuthkit.autopsy.ingest.FileIngestModuleProcessTerminator;
import org.sleuthkit.autopsy.ingest.IngestJobContext;
import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.ingest.ModuleContentEvent;
@ -71,7 +72,7 @@ public class HEICProcessor implements PictureProcessor {
private static final int EXIT_SUCCESS = 0;
private static final String HEIC_MODULE_FOLDER = "HEIC";
private static final long TIMEOUT_IN_MS = TimeUnit.MILLISECONDS.convert(2, TimeUnit.MINUTES);
private static final long TIMEOUT_IN_SEC = TimeUnit.SECONDS.convert(2, TimeUnit.MINUTES);
// Windows location
private static final String IMAGE_MAGICK_FOLDER = "ImageMagick-7.0.10-27-portable-Q16-x64";
@ -188,16 +189,13 @@ public class HEICProcessor implements PictureProcessor {
// Any additional images found within the HEIC container will be
// formatted as fileName-1.jpg, fileName-2.jpg, etc.
final ProcessBuilder processBuilder = new ProcessBuilder()
.command(IMAGE_MAGICK_PATH.toString(),
localDiskCopy.toString(),
outputFile.toString());
.command(String.format("\"%s\"",IMAGE_MAGICK_PATH.toString()),
String.format("\"%s\"",localDiskCopy.toString()),
String.format("\"%s\"",outputFile.toString()));
processBuilder.redirectError(imageMagickErrorOutput.toFile());
final long startTime = System.currentTimeMillis();
final int exitStatus = ExecUtil.execute(processBuilder, () -> {
return context.fileIngestIsCancelled() || System.currentTimeMillis() - startTime >= TIMEOUT_IN_MS;
});
final int exitStatus = ExecUtil.execute(processBuilder, new FileIngestModuleProcessTerminator(context, TIMEOUT_IN_SEC));
if (context.fileIngestIsCancelled()) {
return;

8
Core/src/org/sleuthkit/autopsy/modules/plaso/PlasoIngestModule.java
View File

@ -235,8 +235,8 @@ public class PlasoIngestModule implements DataSourceIngestModule {
"--parsers", "\"" + parsersString + "\"",//NON-NLS
"--no_dependencies_check", //NON-NLS
"--workers", String.valueOf(LOG2TIMELINE_WORKERS),//NON-NLS
moduleOutputPath.resolve(PLASO).toString(),
image.getPaths()[0]
String.format("\"%s\"",moduleOutputPath.resolve(PLASO).toString()),
String.format("\"%s\"",image.getPaths()[0])
);
processBuilder.redirectError(moduleOutputPath.resolve("log2timeline_err.txt").toFile()); //NON-NLS
return processBuilder;
@ -256,8 +256,8 @@ public class PlasoIngestModule implements DataSourceIngestModule {
ProcessBuilder processBuilder = buildProcessWithRunAsInvoker(
"\"" + psortExecutable + "\"", //NON-NLS
"-o", "4n6time_sqlite", //NON-NLS
"-w", moduleOutputPath.resolve("plasodb.db3").toString(), //NON-NLS
moduleOutputPath.resolve(PLASO).toString()
"-w", String.format("\"%s\"",moduleOutputPath.resolve("plasodb.db3").toString()), //NON-NLS
String.format("\"%s\"",moduleOutputPath.resolve(PLASO).toString())
);
processBuilder.redirectOutput(moduleOutputPath.resolve("psort_output.txt").toFile()); //NON-NLS

6
Core/src/org/sleuthkit/autopsy/report/modules/portablecase/PortableCaseReportModule.java
View File

@ -1329,10 +1329,10 @@ public class PortableCaseReportModule implements ReportModule {
File zipFile = Paths.get(tempZipFolder.getAbsolutePath(), caseName + ".zip").toFile(); // NON-NLS
ProcessBuilder procBuilder = new ProcessBuilder();
procBuilder.command(
sevenZipExe.getAbsolutePath(),
String.format("\"%s\"",sevenZipExe.getAbsolutePath()),
"a", // Add to archive
zipFile.getAbsolutePath(),
dirToCompress.toAbsolutePath().toString(),
String.format("\"%s\"",zipFile.getAbsolutePath()),
String.format("\"%s\"",dirToCompress.toAbsolutePath().toString()),
chunkOption
);

4
Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java
View File

@ -196,7 +196,7 @@ class VolatilityProcessor {
List<String> commandLine = new ArrayList<>();
commandLine.add("\"" + executableFile + "\""); //NON-NLS
File memoryImage = new File(memoryImagePath);
commandLine.add("--filename=" + memoryImage.getName()); //NON-NLS
commandLine.add("--filename=" + String.format("\"%s\"",memoryImage.getName())); //NON-NLS
if (!profile.isEmpty()) {
commandLine.add("--profile=" + profile); //NON-NLS
}
@ -213,7 +213,7 @@ class VolatilityProcessor {
if (!directory.exists()) {
directory.mkdirs();
}
commandLine.add("--dump-dir=" + outputDir); //NON-NLS
commandLine.add("--dump-dir=" + String.format("\"%s\"",outputDir)); //NON-NLS
break;
default:
break;

4
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractEdge.java
View File

@ -575,10 +575,10 @@ final class ExtractEdge extends Extract {
List<String> commandLine = new ArrayList<>();
commandLine.add(dumperPath);
commandLine.add("/table"); //NON-NLS
commandLine.add(inputFilePath);
commandLine.add(String.format("\"%s\"",inputFilePath));
commandLine.add("*"); //NON-NLS
commandLine.add("/scomma"); //NON-NLS
commandLine.add(outputDir + "\\" + "*.csv"); //NON-NLS
commandLine.add(String.format("\"%s\"",outputDir + "\\" + "*.csv")); //NON-NLS
ProcessBuilder processBuilder = new ProcessBuilder(commandLine);
processBuilder.redirectOutput(outputFilePath.toFile());

2
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -400,7 +400,7 @@ class ExtractIE extends Extract {
List<String> commandLine = new ArrayList<>();
commandLine.add(JAVA_PATH);
commandLine.add("-cp"); //NON-NLS
commandLine.add(PASCO_LIB_PATH);
commandLine.add(String.format("\"%s\"",PASCO_LIB_PATH));
commandLine.add("isi.pasco2.Main"); //NON-NLS
commandLine.add("-T"); //NON-NLS
commandLine.add("history"); //NON-NLS

6
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractPrefetch.java
View File

@ -177,9 +177,9 @@ final class ExtractPrefetch extends Extract {
final Path errFilePath = Paths.get(tempOutPath, PREFETCH_ERROR_FILE_NAME);
List<String> commandLine = new ArrayList<>();
commandLine.add(prefetchExePath);
commandLine.add(prefetchDir); //NON-NLS
commandLine.add(tempOutFile);
commandLine.add(String.format("\"%s\"",prefetchExePath));
commandLine.add(String.format("\"%s\"",prefetchDir)); //NON-NLS
commandLine.add(String.format("\"%s\"",tempOutFile));
ProcessBuilder processBuilder = new ProcessBuilder(commandLine);
processBuilder.redirectOutput(outputFilePath.toFile());

2
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -472,7 +472,7 @@ class ExtractRegistry extends Extract {
commandLine.add(cmd);
}
commandLine.add("-r"); //NON-NLS
commandLine.add(hiveFilePath);
commandLine.add(String.format("\"%s\"",hiveFilePath));
commandLine.add("-f"); //NON-NLS
commandLine.add(hiveFileType);

4
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractSru.java
View File

@ -247,10 +247,10 @@ final class ExtractSru extends Extract {
final Path errFilePath = Paths.get(tempOutPath, SRU_ERROR_FILE_NAME);
List<String> commandLine = new ArrayList<>();
commandLine.add(sruExePath);
commandLine.add(String.format("\"%s\"",sruExePath));
commandLine.add(sruFile); //NON-NLS
commandLine.add(softwareHiveFile);
commandLine.add(tempOutFile);
commandLine.add(String.format("\"%s\"",tempOutFile));
ProcessBuilder processBuilder = new ProcessBuilder(commandLine);
processBuilder.redirectOutput(outputFilePath.toFile());

BIN
docs/doxygen-user/images/portable_case_open_bat.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

BIN
docs/doxygen-user/images/portable_case_report_panel.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 21 KiB

After

Width:  |  Height:  |  Size: 33 KiB

10
docs/doxygen-user/portable_case.dox
View File

@ -33,7 +33,9 @@ You can tag any additional files you want to include in the portable case. See t
\image html portable_case_tags.png
Portable cases are created through the \ref reporting_page feature. The Generate Report dialog will display a list of all tags and interesting file sets that are in use in the current case and you can choose which ones you would like to include. At the bottom you can choose to optionally package the case. Choosing to package the case without chunking will simply compress the portable case in a single archive that can be extracted with common compression programs. If you choose split the packaged case into multiple files, you will need to use the "Unpack and Open Portable Case" option to open it. This will be discussed in the next section.
Portable cases are created through the \ref reporting_page feature. The Generate Report dialog will display a list of all tags and interesting file sets that are in use in the current case and you can choose which ones you would like to include. At the bottom you can choose to optionally package the case or to include the Autopsy application. Choosing to package the case without chunking will simply compress the portable case in a single archive that can be extracted with common compression programs. If you choose split the packaged case into multiple files, you will need to use the "Unpack and Open Portable Case" option to open it. You can not include the application if you use this option. Unpacking a portable case will be discussed in the next section.
If the recipient of the portable case does not have Autopsy, you can choose to include the Autopsy application in the portable case. This will allow the recipient to open the portable case without installing any other software. You may choose to package the case without chunking. If you do, the recipient will have to decompress it before opening Autopsy.
The portable case will be placed in the "Reports" folder in the current case.
@ -49,7 +51,11 @@ If you packaged the portable case but did not choose to split it into chunks, yo
\section portable_case_usage Using a Portable Case
Unpackaged portable cases can be opened like any other case through Case->Open Case. If your portable case was packaged, you'll need to use the unpack option to open it. Open the "Case" menu and then select "Unpack and Open Portable Case" option. This will bring up a dialog where you can browse to your packaged case and select where to extract it to. The case will also open. Note that any changes made to the case at this point will be saved to the unpacked location, and next time you open it you will need to browse to the unpacked folder.
If the Autopsy application was included in the portable case, it can be opened by double-clicking on the "open.bat" file.
\image html portable_case_open_bat.png
Otherwise, you'll start by opening the Autopsy application. Unpackaged portable cases can be opened like any other case through Case->Open Case. If your portable case was packaged, you'll need to use the unpack option to open it. Open the "Case" menu and then select "Unpack and Open Portable Case" option. This will bring up a dialog where you can browse to your packaged case and select where to extract it to. The case will also open. Note that any changes made to the case at this point will be saved to the unpacked location, and next time you open it you will need to browse to the unpacked folder.
\image html portable_case_unpackage.png