mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-12 16:06:15 +00:00
fixed ExtractUSB
Signed-off-by: Sean-M <Smoss117@gmail.com>
This commit is contained in:
Sean-M
parent
89c30f9cf5
commit
6e3d951e45
@ -64,7 +64,6 @@ public class ExtractRegistry extends Extract {
|
|||||||
private int sysid;
|
private int sysid;
|
||||||
private IngestServices services;
|
private IngestServices services;
|
||||||
final public static String MODULE_VERSION = "1.0";
|
final public static String MODULE_VERSION = "1.0";
|
||||||
|
|
||||||
private ExecUtil execRR;
|
private ExecUtil execRR;
|
||||||
|
|
||||||
//hide public constructor to prevent from instantiation by ingest module loader
|
//hide public constructor to prevent from instantiation by ingest module loader
|
||||||
@ -92,8 +91,7 @@ public class ExtractRegistry extends Extract {
|
|||||||
|
|
||||||
if (PlatformUtil.isWindowsOS()) {
|
if (PlatformUtil.isWindowsOS()) {
|
||||||
RR_PATH = rrHome + File.separator + "rip.exe";
|
RR_PATH = rrHome + File.separator + "rip.exe";
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
RR_PATH = "perl " + rrHome + File.separator + "rip.pl";
|
RR_PATH = "perl " + rrHome + File.separator + "rip.pl";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -103,7 +101,6 @@ public class ExtractRegistry extends Extract {
|
|||||||
return MODULE_VERSION;
|
return MODULE_VERSION;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
private void getRegistryFiles(Image image, IngestImageWorkerController controller) {
|
private void getRegistryFiles(Image image, IngestImageWorkerController controller) {
|
||||||
|
|
||||||
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager();
|
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager();
|
||||||
@ -124,7 +121,7 @@ public class ExtractRegistry extends Extract {
|
|||||||
logger.log(Level.WARNING, "Error fetching registry file: " + regFileName);
|
logger.log(Level.WARNING, "Error fetching registry file: " + regFileName);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
ExtractUSB extrctr = new ExtractUSB();
|
||||||
int j = 0;
|
int j = 0;
|
||||||
for (FsContent regFile : allRegistryFiles) {
|
for (FsContent regFile : allRegistryFiles) {
|
||||||
String regFileName = regFile.getName();
|
String regFileName = regFile.getName();
|
||||||
@ -136,7 +133,6 @@ public class ExtractRegistry extends Extract {
|
|||||||
}
|
}
|
||||||
File aRegFile = new File(temps);
|
File aRegFile = new File(temps);
|
||||||
logger.log(Level.INFO, moduleName + "- Now getting registry information from " + temps);
|
logger.log(Level.INFO, moduleName + "- Now getting registry information from " + temps);
|
||||||
ExtractUSB extrctr = new ExtractUSB();
|
|
||||||
String txtPath = executeRegRip(temps, j++);
|
String txtPath = executeRegRip(temps, j++);
|
||||||
if (txtPath.length() > 0) {
|
if (txtPath.length() > 0) {
|
||||||
if (parseReg(txtPath, regFile.getId(), extrctr) == false) {
|
if (parseReg(txtPath, regFile.getId(), extrctr) == false) {
|
||||||
@ -160,23 +156,17 @@ public class ExtractRegistry extends Extract {
|
|||||||
try {
|
try {
|
||||||
if (regFilePath.toLowerCase().contains("system")) {
|
if (regFilePath.toLowerCase().contains("system")) {
|
||||||
type = "autopsysystem";
|
type = "autopsysystem";
|
||||||
}
|
} else if (regFilePath.toLowerCase().contains("software")) {
|
||||||
else if (regFilePath.toLowerCase().contains("software")) {
|
|
||||||
type = "autopsysoftware";
|
type = "autopsysoftware";
|
||||||
}
|
} else if (regFilePath.toLowerCase().contains("ntuser")) {
|
||||||
else if (regFilePath.toLowerCase().contains("ntuser")) {
|
|
||||||
type = "autopsy";
|
type = "autopsy";
|
||||||
}
|
} else if (regFilePath.toLowerCase().contains("default")) {
|
||||||
else if (regFilePath.toLowerCase().contains("default")) {
|
|
||||||
type = "1default";
|
type = "1default";
|
||||||
}
|
} else if (regFilePath.toLowerCase().contains("sam")) {
|
||||||
else if (regFilePath.toLowerCase().contains("sam")) {
|
|
||||||
type = "1sam";
|
type = "1sam";
|
||||||
}
|
} else if (regFilePath.toLowerCase().contains("security")) {
|
||||||
else if (regFilePath.toLowerCase().contains("security")) {
|
|
||||||
type = "1security";
|
type = "1security";
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
type = "1default";
|
type = "1default";
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -190,8 +180,7 @@ public class ExtractRegistry extends Extract {
|
|||||||
logger.log(Level.SEVERE, "Unable to RegRipper and process parse some registry files.", ex);
|
logger.log(Level.SEVERE, "Unable to RegRipper and process parse some registry files.", ex);
|
||||||
} catch (InterruptedException ex) {
|
} catch (InterruptedException ex) {
|
||||||
logger.log(Level.SEVERE, "RegRipper has been interrupted, failed to parse registry.", ex);
|
logger.log(Level.SEVERE, "RegRipper has been interrupted, failed to parse registry.", ex);
|
||||||
}
|
} finally {
|
||||||
finally {
|
|
||||||
if (writer != null) {
|
if (writer != null) {
|
||||||
try {
|
try {
|
||||||
writer.close();
|
writer.close();
|
||||||
@ -289,9 +278,11 @@ public class ExtractRegistry extends Extract {
|
|||||||
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_ID.getTypeID(), "RecentActivity", context, value));
|
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_ID.getTypeID(), "RecentActivity", context, value));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID(), "RecentActivity", dev));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID(), "RecentActivity", dev));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_ID.getTypeID(), "RecentActivity", value));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_ID.getTypeID(), "RecentActivity", value));
|
||||||
|
if (dev.toLowerCase().contains("vid")) {
|
||||||
USB_Info info = extrctr.get(dev);
|
USB_Info info = extrctr.get(dev);
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID(), "RecentActivity", info.get_Vendor()));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID(), "RecentActivity", info.get_Vendor()));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID(), "RecentActivity", info.get_Product()));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID(), "RecentActivity", info.get_Product()));
|
||||||
|
}
|
||||||
bbart.addAttributes(bbattributes);
|
bbart.addAttributes(bbattributes);
|
||||||
} catch (TskCoreException ex) {
|
} catch (TskCoreException ex) {
|
||||||
logger.log(Level.SEVERE, "Error adding device attached artifact to blackboard.");
|
logger.log(Level.SEVERE, "Error adding device attached artifact to blackboard.");
|
||||||
@ -434,7 +425,6 @@ public class ExtractRegistry extends Extract {
|
|||||||
return "Extracts activity from the Windows registry utilizing RegRipper.";
|
return "Extracts activity from the Windows registry utilizing RegRipper.";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean hasBackgroundJobsRunning() {
|
public boolean hasBackgroundJobsRunning() {
|
||||||
return false;
|
return false;
|
||||||
|
|||||||
@ -22,12 +22,15 @@
|
|||||||
*/
|
*/
|
||||||
package org.sleuthkit.autopsy.recentactivity;
|
package org.sleuthkit.autopsy.recentactivity;
|
||||||
|
|
||||||
|
import java.io.File;
|
||||||
import java.io.FileInputStream;
|
import java.io.FileInputStream;
|
||||||
import java.io.FileNotFoundException;
|
import java.io.FileNotFoundException;
|
||||||
|
import java.io.IOException;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Scanner;
|
import java.util.Scanner;
|
||||||
import java.util.logging.Level;
|
import java.util.logging.Level;
|
||||||
import java.util.logging.Logger;
|
import java.util.logging.Logger;
|
||||||
|
import org.sleuthkit.autopsy.coreutils.PlatformUtil;
|
||||||
public class ExtractUSB {
|
public class ExtractUSB {
|
||||||
|
|
||||||
private HashMap<String, USB_Info> devices;
|
private HashMap<String, USB_Info> devices;
|
||||||
@ -41,11 +44,11 @@ public class ExtractUSB {
|
|||||||
} else {
|
} else {
|
||||||
pID = mID + dtokens[3];
|
pID = mID + dtokens[3];
|
||||||
}
|
}
|
||||||
//if (!devices.containsKey(pID)) {
|
if (!devices.containsKey(pID)) {
|
||||||
// return new String[]{"No such Device", null};
|
return new USB_Info("No such Device", null);
|
||||||
//} else {
|
} else {
|
||||||
return devices.get(pID);
|
return devices.get(pID);
|
||||||
//}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public ExtractUSB() {
|
public ExtractUSB() {
|
||||||
@ -54,12 +57,15 @@ public class ExtractUSB {
|
|||||||
} catch (FileNotFoundException ex) {
|
} catch (FileNotFoundException ex) {
|
||||||
Logger.getLogger(ExtractUSB.class.getName()).log(Level.SEVERE, null, ex);
|
Logger.getLogger(ExtractUSB.class.getName()).log(Level.SEVERE, null, ex);
|
||||||
devices = null;
|
devices = null;
|
||||||
|
} catch (IOException ex) {
|
||||||
|
Logger.getLogger(ExtractUSB.class.getName()).log(Level.SEVERE, null, ex);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void Devices() throws FileNotFoundException {
|
private void Devices() throws FileNotFoundException, IOException {
|
||||||
devices = new HashMap<String, USB_Info>();
|
devices = new HashMap<String, USB_Info>();
|
||||||
try (Scanner dat = new Scanner(new FileInputStream(new java.io.File("src" + java.io.File.separator + "org" + java.io.File.separator + "sleuthkit" + java.io.File.separator + "autopsy" + java.io.File.separator + "recentactivity" + java.io.File.separator + "USB_DATA.txt")))) {
|
PlatformUtil.extractResourceToUserConfigDir(this.getClass(), "USB_DATA.txt");
|
||||||
|
try (Scanner dat = new Scanner(new FileInputStream(new java.io.File(PlatformUtil.getUserConfigDirectory() + File.separator + "USB_DATA.txt")))) {
|
||||||
String line = dat.nextLine();
|
String line = dat.nextLine();
|
||||||
while (dat.hasNext()) {
|
while (dat.hasNext()) {
|
||||||
String dvc = "";
|
String dvc = "";
|
||||||
@ -69,23 +75,22 @@ public class ExtractUSB {
|
|||||||
for (int n = 1; n < tokens.length; n++) {
|
for (int n = 1; n < tokens.length; n++) {
|
||||||
dvc += tokens[n] + " ";
|
dvc += tokens[n] + " ";
|
||||||
}
|
}
|
||||||
|
String pID = vID + "0000";
|
||||||
|
USB_Info info = new USB_Info(dvc, null);
|
||||||
|
devices.put(pID, info);
|
||||||
line = dat.nextLine();
|
line = dat.nextLine();
|
||||||
if (line.startsWith("\t")) {
|
if (line.startsWith("\t")) {
|
||||||
while (dat.hasNext() && line.startsWith("\t")) {
|
while (dat.hasNext() && line.startsWith("\t")) {
|
||||||
tokens = line.split("[\\t\\s]+");
|
tokens = line.split("[\\t\\s]+");
|
||||||
String pID = vID + tokens[1];
|
pID = vID + tokens[1];
|
||||||
String device = "";
|
String device = "";
|
||||||
line = dat.nextLine();
|
line = dat.nextLine();
|
||||||
for (int n = 2; n < tokens.length; n++) {
|
for (int n = 2; n < tokens.length; n++) {
|
||||||
device += tokens[n] + " ";
|
device += tokens[n] + " ";
|
||||||
}
|
}
|
||||||
USB_Info info = new USB_Info(dvc, device);
|
info = new USB_Info(dvc, device);
|
||||||
devices.put(pID, info);
|
devices.put(pID, info);
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
String pID = vID + "0000";
|
|
||||||
USB_Info info = new USB_Info(dvc, null);
|
|
||||||
devices.put(pID, info);
|
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
line = dat.nextLine();
|
line = dat.nextLine();
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user