mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4630 from raman-bt/4841-ra-sansYYYY

Browse Source 
4841: RecentActivity not making progress on large image
This commit is contained in:
Richard Cordovano 2019-03-20 19:51:06 -04:00 committed by GitHub
commit 72d2c0ee22
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 65 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties-MERGED
View File

@ -2,6 +2,7 @@ cannotBuildXmlParser=Unable to build XML parser:
cannotLoadSEUQA=Unable to load Search Engine URL Query Analyzer settings file, SEUQAMappings.xml:
cannotParseXml=Unable to parse XML file:
ChromeCacheExtractor.moduleName=ChromeCacheExtractor
ChromeCacheExtractor.progressMsg={0}: Extracting cache entry {1} of {2} entries from {3}
DataSourceUsage_AndroidMedia=Android Media Card
DataSourceUsage_FlashDrive=Flash Drive
# {0} - OS name
@ -134,6 +135,7 @@ Progress_Message_Analyze_Registry=Analyzing Registry Files
Progress_Message_Analyze_Usage=Data Sources Usage Analysis
Progress_Message_Chrome_AutoFill=Chrome Auto Fill
Progress_Message_Chrome_Bookmarks=Chrome Bookmarks
Progress_Message_Chrome_Cache=Chrome Cache
Progress_Message_Chrome_Cookies=Chrome Cookies
Progress_Message_Chrome_Downloads=Chrome Downloads
Progress_Message_Chrome_FormHistory=Chrome Form History

4
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
View File

@ -93,6 +93,7 @@ class Chrome extends Extract {
"Progress_Message_Chrome_FormHistory=Chrome Form History",
"Progress_Message_Chrome_AutoFill=Chrome Auto Fill",
"Progress_Message_Chrome_Logins=Chrome Logins",
"Progress_Message_Chrome_Cache=Chrome Cache",
})
Chrome() {
@ -123,7 +124,8 @@ class Chrome extends Extract {
progressBar.progress(Bundle.Progress_Message_Chrome_Downloads());
this.getDownload();
ChromeCacheExtractor chromeCacheExtractor = new ChromeCacheExtractor(dataSource, context);
progressBar.progress(Bundle.Progress_Message_Chrome_Cache());
ChromeCacheExtractor chromeCacheExtractor = new ChromeCacheExtractor(dataSource, context, progressBar);
chromeCacheExtractor.getCaches();
}

85
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ChromeCacheExtractor.java
View File

@ -44,6 +44,7 @@ import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
import org.sleuthkit.autopsy.casemodule.services.FileManager;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
import org.sleuthkit.autopsy.ingest.IngestJobContext;
import org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException;
import org.sleuthkit.autopsy.ingest.IngestServices;
@ -55,7 +56,6 @@ import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.DerivedFile;
import org.sleuthkit.datamodel.ReadContentInputStream;
import org.sleuthkit.datamodel.TimeUtilities;
import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.TskData;
@ -93,12 +93,17 @@ final class ChromeCacheExtractor {
private final Content dataSource;
private final IngestJobContext context;
private final DataSourceIngestModuleProgress progressBar;
private final IngestServices services = IngestServices.getInstance();
private Case currentCase;
private FileManager fileManager;
// A file table to cache copies of index and data_n files.
private final Map<String, CacheFileCopy> filesTable = new HashMap<>();
// A file table to cache the f_* files.
private final Map<String, AbstractFile> externalFilesTable = new HashMap<>();
/**
* Encapsulates abstract file for a cache file as well as a temp file copy
* that can be accessed as a random access file.
@ -127,12 +132,14 @@ final class ChromeCacheExtractor {
}
@NbBundle.Messages({
"ChromeCacheExtractor.moduleName=ChromeCacheExtractor"
"ChromeCacheExtractor.moduleName=ChromeCacheExtractor",
"ChromeCacheExtractor.progressMsg={0}: Extracting cache entry {1} of {2} entries from {3}"
})
ChromeCacheExtractor(Content dataSource, IngestJobContext context ) {
ChromeCacheExtractor(Content dataSource, IngestJobContext context, DataSourceIngestModuleProgress progressBar ) {
moduleName = Bundle.ChromeCacheExtractor_moduleName();
this.dataSource = dataSource;
this.context = context;
this.progressBar = progressBar;
}
@ -171,6 +178,7 @@ final class ChromeCacheExtractor {
void subInit(String cachePath) throws IngestModuleException {
filesTable.clear();
externalFilesTable.clear();
String cacheAbsOutputFolderName = this.getAbsOutputFolderName() + cachePath;
File outDir = new File(cacheAbsOutputFolderName);
@ -284,6 +292,9 @@ final class ChromeCacheExtractor {
return;
}
}
// find all f_* files in a single query.
findExternalFiles(cachePath);
} catch (TskCoreException | IngestModuleException ex) {
String msg = "Failed to find cache files in path " + cachePath; //NON-NLS
@ -306,8 +317,10 @@ final class ChromeCacheExtractor {
// Process each address in the table
for (int i = 0; i < indexHdr.getTableLen(); i++) {
CacheAddress addr = new CacheAddress(indexFileROBuffer.getInt() & UINT32_MASK, cachePath);
if (addr.isInitialized()) {
progressBar.progress( NbBundle.getMessage(this.getClass(),
"ChromeCacheExtractor.progressMsg",
moduleName, i, indexHdr.getTableLen(), cachePath) );
try {
List<DerivedFile> addedFiles = this.getCacheEntry(addr, sourceArtifacts, webCacheArtifacts);
derivedFiles.addAll(addedFiles);
@ -412,13 +425,10 @@ final class ChromeCacheExtractor {
moduleName,
dataFile.get().getUniquePath()));
long pathID = Util.findID(dataSource, dataFile.get().getUniquePath());
if (pathID != -1) {
webCacheArtifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID,
moduleName, pathID));
}
webCacheArtifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID,
moduleName, dataFile.get().getId()));
webCacheArtifacts.add(webCacheArtifact);
webCacheArtifacts.add(webCacheArtifact);
}
if (isBrotliCompressed) {
@ -459,12 +469,10 @@ final class ChromeCacheExtractor {
webCacheArtifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH,
moduleName,
derivedFile.getUniquePath()));
long pathID = Util.findID(dataSource, derivedFile.getUniquePath());
if (pathID != -1) {
webCacheArtifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID,
moduleName, pathID));
}
webCacheArtifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID,
moduleName, derivedFile.getId()));
webCacheArtifacts.add(webCacheArtifact);
}
@ -485,13 +493,37 @@ final class ChromeCacheExtractor {
}
/**
* Finds abstract file for cache file with a specified name
* Finds all the f_* files in the specified path, and fills them in the
* effFilesTable, so that subsequent searches are fast.
*
* @param cachePath path under which to look for.
*
* @throws TskCoreException
*/
private void findExternalFiles(String cachePath) throws TskCoreException {
List<AbstractFile> effFiles = fileManager.findFiles(dataSource, "f_%", cachePath); //NON-NLS
for (AbstractFile abstractFile : effFiles ) {
this.externalFilesTable.put(cachePath + abstractFile.getName(), abstractFile);
}
}
/**
* Finds abstract file for cache file with a specified name.
* First checks in the file tables.
*
* @param cacheFileName
* @return Opt
* @return Optional abstract file
* @throws TskCoreException
*/
Optional<AbstractFile> findCacheFile(String cacheFileName, String cachePath) throws TskCoreException {
String fileTableKey = cachePath + cacheFileName;
if (cacheFileName.startsWith("f_") && externalFilesTable.containsKey(fileTableKey)) {
return Optional.of(externalFilesTable.get(fileTableKey));
}
if (filesTable.containsKey(fileTableKey)) {
return Optional.of(filesTable.get(fileTableKey).getAbstractFile());
}
List<AbstractFile> cacheFiles = fileManager.findFiles(dataSource, cacheFileName, cachePath); //NON-NLS
if (!cacheFiles.isEmpty()) {
@ -914,9 +946,11 @@ final class ChromeCacheExtractor {
return;
}
cacheFileCopy = getCacheFileCopy(address.getFilename(), address.getCachePath()).get();
// Don't extract data from external files.
if (!address.isInExternalFile() ) {
cacheFileCopy = getCacheFileCopy(address.getFilename(), address.getCachePath()).get();
this.data = new byte [length];
ByteBuffer buf = cacheFileCopy.getByteBuffer();
int dataOffset = DATAFILE_HDR_SIZE + address.getStartBlock() * address.getBlockSize();
@ -952,8 +986,8 @@ final class ChromeCacheExtractor {
i++;
}
// hhtp headers are terminated by 0x00 0x00
if (data[i+1] == 0) {
// http headers are terminated by 0x00 0x00
if (i == data.length || data[i+1] == 0) {
done = true;
}
@ -965,10 +999,11 @@ final class ChromeCacheExtractor {
httpResponse = headerLine;
} else {
int nPos = headerLine.indexOf(':');
String key = headerLine.substring(0, nPos);
String val= headerLine.substring(nPos+1);
httpHeaders.put(key.toLowerCase(), val);
if (nPos > 0 ) {
String key = headerLine.substring(0, nPos);
String val= headerLine.substring(nPos+1);
httpHeaders.put(key.toLowerCase(), val);
}
}
i++;