mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-14 17:06:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:sleuthkit/autopsy

Browse Source
This commit is contained in:
Dick Fickling 2012-03-26 15:44:41 -04:00
commit 7447164b76
9 changed files with 204 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
RecentActivity/release/rr/plugins/autopsyuninstall.pl
View File

@ -73,9 +73,9 @@ sub pluginmain {
push(@{$uninst{$lastwrite}},$display); push(@{$uninst{$lastwrite}},$display);
} }
foreach my $t (reverse sort {$a <=> $b} keys %uninst) { foreach my $t (reverse sort {$a <=> $b} keys %uninst) {
::rptMsg("<item name=\"". gmtime($t).">"); #::rptMsg("<item name=\"". gmtime($t)."\">");
foreach my $item (@{$uninst{$t}}) { foreach my $item (@{$uninst{$t}}) {
::rptMsg($item."</item>"); ::rptMsg("<item name=\"". gmtime($t)."\">" .$item."</item>");
} }
#::rptMsg(""); #::rptMsg("");
} }

2
RecentActivity/release/rr/plugins/autopsywinver.pl
View File

@ -104,6 +104,6 @@ sub pluginmain {
#::rptMsg($key_path." not found."); #::rptMsg($key_path." not found.");
#::logMsg($key_path." not found."); #::logMsg($key_path." not found.");
} }
::rptMsg("</artifacts></shellfolders>"); ::rptMsg("</artifacts></WinVersion>");
} }
1; 1;

47
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -153,7 +153,7 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
} }
if(regFilePath.toLowerCase().contains("software")) if(regFilePath.toLowerCase().contains("software"))
{ {
type = "1software"; type = "autopsysoftware";
} }
if(regFilePath.toLowerCase().contains("ntuser")) if(regFilePath.toLowerCase().contains("ntuser"))
{ {
@ -199,8 +199,8 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
InputStreamReader fstreamReader = new InputStreamReader(fstream, "UTF-8"); InputStreamReader fstreamReader = new InputStreamReader(fstream, "UTF-8");
BufferedReader input = new BufferedReader(fstreamReader); BufferedReader input = new BufferedReader(fstreamReader);
//logger.log(Level.INFO, "using encoding " + fstreamReader.getEncoding()); //logger.log(Level.INFO, "using encoding " + fstreamReader.getEncoding());
String regString = new Scanner(input).useDelimiter("\\Z").next(); String regString = new Scanner(input).useDelimiter("\\Z").next();
regfile.delete();
String startdoc = "<document>"; String startdoc = "<document>";
String result = regString.replaceAll("----------------------------------------",""); String result = regString.replaceAll("----------------------------------------","");
String enddoc = "</document>"; String enddoc = "</document>";
@ -223,6 +223,8 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
Element artroot = tempnode.getChild("artifacts"); Element artroot = tempnode.getChild("artifacts");
List artlist = artroot.getChildren(); List artlist = artroot.getChildren();
String winver = "";
String installdate = "";
if(artlist.isEmpty()){ if(artlist.isEmpty()){
} }
else{ else{
@ -233,19 +235,52 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
String name = artnode.getAttributeValue("name"); String name = artnode.getAttributeValue("name");
String value = artnode.getTextTrim(); String value = artnode.getTextTrim();
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time));
if("recentdocs".equals(context)){
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT);
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", context, name)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", context, name));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", context, value)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", context, value));
if("recentdocs".equals(context)){
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT);
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} }
else if("runMRU".equals(context)){ else if("runMRU".equals(context)){
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT); BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT);
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", context, name));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", context, value));
bbart.addAttributes(bbattributes);
}
else if("uninstall".equals(context)){
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", context, value));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, name));
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG);
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} }
else if("WinVersion".equals(context)){
if(name.contains("ProductName"))
{
winver = value;
}
if(name.contains("CSDVersion")){
winver = winver + " " + value;
}
if(name.contains("InstallDate"))
{
installdate = value;
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", context, winver));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, installdate));
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG);
bbart.addAttributes(bbattributes);
}
}
else else
{ {

21
Report/src/org/sleuthkit/autopsy/report/report.java
View File

@ -196,6 +196,27 @@ public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getHashHit() {
return reportMap; return reportMap;
} }
@Override
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getInstalledProg() {
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(8);
for (BlackboardArtifact artifact : bbart)
{
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
catch (Exception e)
{
Logger.getLogger(report.class.getName()).log(Level.INFO, "Exception occurred", e);
}
return reportMap;
}
@Override @Override
public String getGroupedKeywordHit() { public String getGroupedKeywordHit() {

64
Report/src/org/sleuthkit/autopsy/report/reportFilter.form
View File

@ -16,6 +16,11 @@
</Properties> </Properties>
</Component> </Component>
</NonVisualComponents> </NonVisualComponents>
<Properties>
<Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[250, 193]"/>
</Property>
</Properties>
<AuxValues> <AuxValues>
<AuxValue name="FormSettings_autoResourcing" type="java.lang.Integer" value="1"/> <AuxValue name="FormSettings_autoResourcing" type="java.lang.Integer" value="1"/>
<AuxValue name="FormSettings_autoSetComponentName" type="java.lang.Boolean" value="false"/> <AuxValue name="FormSettings_autoSetComponentName" type="java.lang.Boolean" value="false"/>
@ -32,42 +37,48 @@
<DimensionLayout dim="0"> <DimensionLayout dim="0">
<Group type="103" groupAlignment="0" attributes="0"> <Group type="103" groupAlignment="0" attributes="0">
<Group type="102" attributes="0"> <Group type="102" attributes="0">
<EmptySpace min="-2" pref="38" max="-2" attributes="0"/> <EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0"> <Group type="103" groupAlignment="0" attributes="0">
<Group type="102" attributes="0"> <Group type="102" alignment="0" attributes="0">
<Group type="103" groupAlignment="0" attributes="0"> <Group type="103" groupAlignment="0" attributes="0">
<Component id="jCheckBox3" alignment="0" min="-2" max="-2" attributes="0"/>
<Group type="102" alignment="0" attributes="0"> <Group type="102" alignment="0" attributes="0">
<Group type="103" groupAlignment="0" attributes="0"> <Group type="103" groupAlignment="0" attributes="0">
<Component id="jCheckBox2" alignment="0" min="-2" max="-2" attributes="0"/> <Component id="jCheckBox3" alignment="0" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox1" alignment="0" min="-2" max="-2" attributes="0"/> <Group type="102" alignment="0" attributes="0">
</Group> <Group type="103" groupAlignment="0" attributes="0">
<EmptySpace max="-2" attributes="0"/> <Component id="jCheckBox2" alignment="0" min="-2" max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0"> <Component id="jCheckBox1" alignment="0" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox5" min="-2" max="-2" attributes="0"/> </Group>
<Component id="jCheckBox4" alignment="0" min="-2" max="-2" attributes="0"/> <EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Component id="jCheckBox5" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox4" alignment="0" min="-2" max="-2" attributes="0"/>
</Group>
</Group>
</Group> </Group>
<EmptySpace min="-2" pref="69" max="-2" attributes="0"/>
</Group>
<Group type="102" alignment="0" attributes="0">
<Component id="jButton1" min="-2" max="-2" attributes="0"/>
<EmptySpace max="32767" attributes="0"/>
<Component id="cancelButton" min="-2" max="-2" attributes="0"/>
<EmptySpace min="-2" pref="156" max="-2" attributes="0"/>
</Group> </Group>
</Group> </Group>
<EmptySpace min="-2" pref="69" max="-2" attributes="0"/> <EmptySpace min="-2" max="-2" attributes="0"/>
</Group> </Group>
<Group type="102" alignment="0" attributes="0"> <Group type="102" alignment="0" attributes="0">
<Component id="jButton1" min="-2" max="-2" attributes="0"/> <Component id="progBar" min="-2" pref="231" max="-2" attributes="0"/>
<EmptySpace pref="15" max="32767" attributes="0"/> <EmptySpace pref="109" max="32767" attributes="0"/>
<Component id="cancelButton" min="-2" max="-2" attributes="0"/>
<EmptySpace type="unrelated" max="-2" attributes="0"/>
<Component id="progBar" min="-2" max="-2" attributes="0"/>
<EmptySpace min="-2" pref="42" max="-2" attributes="0"/>
</Group> </Group>
</Group> </Group>
<EmptySpace max="-2" attributes="0"/>
</Group> </Group>
</Group> </Group>
</DimensionLayout> </DimensionLayout>
<DimensionLayout dim="1"> <DimensionLayout dim="1">
<Group type="103" groupAlignment="0" attributes="0"> <Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0"> <Group type="102" alignment="0" attributes="0">
<EmptySpace min="-2" pref="24" max="-2" attributes="0"/> <EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="3" attributes="0"> <Group type="103" groupAlignment="3" attributes="0">
<Component id="jCheckBox1" alignment="3" min="-2" max="-2" attributes="0"/> <Component id="jCheckBox1" alignment="3" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox4" alignment="3" min="-2" max="-2" attributes="0"/> <Component id="jCheckBox4" alignment="3" min="-2" max="-2" attributes="0"/>
@ -80,14 +91,13 @@
<EmptySpace type="separate" max="-2" attributes="0"/> <EmptySpace type="separate" max="-2" attributes="0"/>
<Component id="jCheckBox3" min="-2" max="-2" attributes="0"/> <Component id="jCheckBox3" min="-2" max="-2" attributes="0"/>
<EmptySpace type="separate" max="-2" attributes="0"/> <EmptySpace type="separate" max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0"> <Group type="103" groupAlignment="3" attributes="0">
<Group type="103" groupAlignment="3" attributes="0"> <Component id="jButton1" alignment="3" max="32767" attributes="1"/>
<Component id="jButton1" alignment="3" max="32767" attributes="1"/> <Component id="cancelButton" alignment="3" max="32767" attributes="1"/>
<Component id="cancelButton" alignment="3" max="32767" attributes="1"/>
</Group>
<Component id="progBar" min="-2" max="-2" attributes="1"/>
</Group> </Group>
<EmptySpace max="-2" attributes="0"/> <EmptySpace max="-2" attributes="0"/>
<Component id="progBar" pref="17" max="32767" attributes="1"/>
<EmptySpace max="-2" attributes="0"/>
</Group> </Group>
</Group> </Group>
</DimensionLayout> </DimensionLayout>
@ -152,11 +162,13 @@
</Component> </Component>
<Component class="javax.swing.JProgressBar" name="progBar"> <Component class="javax.swing.JProgressBar" name="progBar">
<Properties> <Properties>
<Property name="doubleBuffered" type="boolean" value="true"/>
<Property name="enabled" type="boolean" value="false"/> <Property name="enabled" type="boolean" value="false"/>
<Property name="name" type="java.lang.String" value="" noResource="true"/> <Property name="name" type="java.lang.String" value="" noResource="true"/>
<Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor"> <Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[146, 23]"/> <Dimension value="[146, 15]"/>
</Property> </Property>
<Property name="stringPainted" type="boolean" value="true"/>
</Properties> </Properties>
</Component> </Component>
<Component class="javax.swing.JButton" name="cancelButton"> <Component class="javax.swing.JButton" name="cancelButton">

53
Report/src/org/sleuthkit/autopsy/report/reportFilter.java
View File

@ -57,6 +57,8 @@ public class reportFilter extends javax.swing.JPanel {
jButton2.setActionCommand(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jButton2.actionCommand")); // NOI18N jButton2.setActionCommand(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jButton2.actionCommand")); // NOI18N
jButton2.setLabel(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jButton2.label")); // NOI18N jButton2.setLabel(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jButton2.label")); // NOI18N
setPreferredSize(new java.awt.Dimension(250, 193));
jCheckBox1.setSelected(true); jCheckBox1.setSelected(true);
jCheckBox1.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jCheckBox1.text")); // NOI18N jCheckBox1.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jCheckBox1.text")); // NOI18N
jCheckBox1.addActionListener(new java.awt.event.ActionListener() { jCheckBox1.addActionListener(new java.awt.event.ActionListener() {
@ -89,9 +91,11 @@ public class reportFilter extends javax.swing.JPanel {
} }
}); });
progBar.setDoubleBuffered(true);
progBar.setEnabled(false); progBar.setEnabled(false);
progBar.setName(""); // NOI18N progBar.setName(""); // NOI18N
progBar.setPreferredSize(new java.awt.Dimension(146, 23)); progBar.setPreferredSize(new java.awt.Dimension(146, 15));
progBar.setStringPainted(true);
cancelButton.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.cancelButton.text")); // NOI18N cancelButton.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.cancelButton.text")); // NOI18N
cancelButton.setActionCommand(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.cancelButton.actionCommand")); // NOI18N cancelButton.setActionCommand(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.cancelButton.actionCommand")); // NOI18N
@ -107,33 +111,36 @@ public class reportFilter extends javax.swing.JPanel {
layout.setHorizontalGroup( layout.setHorizontalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup() .addGroup(layout.createSequentialGroup()
.addGap(38, 38, 38) .addContainerGap()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup() .addGroup(layout.createSequentialGroup()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jCheckBox3)
.addGroup(layout.createSequentialGroup() .addGroup(layout.createSequentialGroup()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jCheckBox2) .addComponent(jCheckBox3)
.addComponent(jCheckBox1)) .addGroup(layout.createSequentialGroup()
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addComponent(jCheckBox2)
.addComponent(jCheckBox5) .addComponent(jCheckBox1))
.addComponent(jCheckBox4)))) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addGap(69, 69, 69)) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jCheckBox5)
.addComponent(jCheckBox4))))
.addGap(69, 69, 69))
.addGroup(layout.createSequentialGroup()
.addComponent(jButton1)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addComponent(cancelButton)
.addGap(156, 156, 156)))
.addContainerGap())
.addGroup(layout.createSequentialGroup() .addGroup(layout.createSequentialGroup()
.addComponent(jButton1) .addComponent(progBar, javax.swing.GroupLayout.PREFERRED_SIZE, 231, javax.swing.GroupLayout.PREFERRED_SIZE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 15, Short.MAX_VALUE) .addContainerGap(109, Short.MAX_VALUE))))
.addComponent(cancelButton)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addComponent(progBar, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
.addGap(42, 42, 42)))
.addContainerGap())
); );
layout.setVerticalGroup( layout.setVerticalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup() .addGroup(layout.createSequentialGroup()
.addGap(24, 24, 24) .addContainerGap()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(jCheckBox1) .addComponent(jCheckBox1)
.addComponent(jCheckBox4)) .addComponent(jCheckBox4))
@ -144,11 +151,11 @@ public class reportFilter extends javax.swing.JPanel {
.addGap(18, 18, 18) .addGap(18, 18, 18)
.addComponent(jCheckBox3) .addComponent(jCheckBox3)
.addGap(18, 18, 18) .addGap(18, 18, 18)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(jButton1, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addComponent(jButton1, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) .addComponent(cancelButton, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
.addComponent(cancelButton, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(progBar, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)) .addComponent(progBar, javax.swing.GroupLayout.DEFAULT_SIZE, 17, Short.MAX_VALUE)
.addContainerGap()) .addContainerGap())
); );
}// </editor-fold>//GEN-END:initComponents }// </editor-fold>//GEN-END:initComponents

97
Report/src/org/sleuthkit/autopsy/report/reportHTML.java
View File

@ -38,6 +38,10 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
//This is literally a terrible way to count up all the types of artifacts, and doesn't include any added ones. //This is literally a terrible way to count up all the types of artifacts, and doesn't include any added ones.
//Unlike the XML report, which is dynamic, this is formatted and needs to be redone later instead of being hardcoded. //Unlike the XML report, which is dynamic, this is formatted and needs to be redone later instead of being hardcoded.
//Also, clearing variables to generate new report.
formatted_Report.setLength(0);
unformatted_header.setLength(0);
formatted_header.setLength(0);
int countGen = 0; int countGen = 0;
int countWebBookmark = 0; int countWebBookmark = 0;
@ -128,6 +132,7 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
+ "table tr th {text-align: left; width: 80px;} " + "table tr th {text-align: left; width: 80px;} "
+ "table td {width: 100px; font-size: 8px; display: table-cell; padding: 4px 8px;} " + "table td {width: 100px; font-size: 8px; display: table-cell; padding: 4px 8px;} "
+ "table tr {text-align: left; width: 60px; background: #f3f3f3;} " + "table tr {text-align: left; width: 60px; background: #f3f3f3;} "
+ "tr.alt td{ background-color: #FFFFFF;}"
+ "</style>"; + "</style>";
unformatted_header.append(header); unformatted_header.append(header);
unformatted_header.append(simpleCSS); unformatted_header.append(simpleCSS);
@ -140,29 +145,50 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
{ {
formatted_Report.append(ingestwarning); formatted_Report.append(ingestwarning);
} }
formatted_Report.append("<h2>Case Summary</h2><p>HTML Report Generated by <strong>Autopsy 3</strong> on ").append(datetime).append("<br /><ul>"); formatted_Report.append("<h2>Case Summary</h2><p>HTML Report Generated by <strong>Autopsy 3</strong> on ").append(datetime).append("<ul>");
formatted_Report.append("<li># of Images: ").append(imagecount).append("</li>"); formatted_Report.append("<li># of Images: ").append(imagecount).append("</li>");
formatted_Report.append("<li>FileSystems: ").append(filesystemcount).append("</li>"); formatted_Report.append("<li>FileSystems: ").append(filesystemcount).append("</li>");
formatted_Report.append("<li># of Files: ").append(totalfiles.toString()).append("</li>"); formatted_Report.append("<li># of Files: ").append(totalfiles.toString()).append("</li>");
formatted_Report.append("<li># of Dirs: ").append(totaldirs.toString()).append("</li>"); formatted_Report.append("<li># of Dirs: ").append(totaldirs.toString()).append("</li>");
formatted_Report.append("<li># of Artifacts: ").append(reportsize).append("</li>"); formatted_Report.append("<li># of Artifacts: ").append(reportsize).append("</li></ul>");
formatted_Report.append("<br /><table><thead><tr><th>Section</th><th>Count</th></tr></thead><tbody>");
formatted_Report.append("<tr><td><a href=\"#bookmark\">Web Bookmarks</a></td><td>").append(countWebBookmark).append("</td></tr>");
formatted_Report.append("<tr><td><a href=\"#history\">Web History</a></td><td>").append(countWebHistory).append("</td></tr>");
formatted_Report.append("<tr><td><a href=\"#download\">Web Downloads</a></td><td>").append(countWebDownload).append("</td></tr>");
formatted_Report.append("<tr><td><a href=\"#recent\">Recent Documents</a></td><td>").append(countRecentObjects).append("</td></tr>");
formatted_Report.append("<tr><td><a href=\"#installed\">Installed Programs</a></td><td>").append(countInstalled).append("</td></tr>");
formatted_Report.append("<tr><td><a href=\"#keyword\">Keyword Hits</a></td><td>").append(countKeyword).append("</td></tr>");
formatted_Report.append("<tr><td><a href=\"#hash\">Hash Hits</a></td><td>").append(countHash).append("</td></tr>");
formatted_Report.append("</tbody></table><br />");
String tableHeader = "<table><thead><tr>"; String tableHeader = "<table><thead><tr>";
StringBuilder nodeGen = new StringBuilder("<h3>General Information (").append(countGen).append(")</h3>").append(tableHeader).append("<th>Attribute</th><th>Value</th></tr></thead><tbody>"); StringBuilder nodeGen = new StringBuilder("<h3>General Information (").append(countGen).append(")</h3>").append(tableHeader).append("<th>Attribute</th><th>Value</th></tr></thead><tbody>");
StringBuilder nodeWebBookmark = new StringBuilder("<h3>Web Bookmarks (").append(countWebBookmark).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Title</th><th>Program</th></tr></thead><tbody>"); StringBuilder nodeWebBookmark = new StringBuilder("<h3><a name=\"bookmark\">Web Bookmarks</a> (").append(countWebBookmark).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Title</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeWebCookie = new StringBuilder("<h3>Web Cookies (").append(countWebCookie).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Name</th><th>Value</th><th>Program</th></tr></thead><tbody>"); StringBuilder nodeWebCookie = new StringBuilder("<h3><a name=\"cookie\">Web Cookies</a> (").append(countWebCookie).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Name</th><th>Value</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeWebHistory = new StringBuilder("<h3>Web History (").append(countWebHistory).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Referrer</th><th>Title</th><th>Program</th></tr></thead><tbody>"); StringBuilder nodeWebHistory = new StringBuilder("<h3><a name=\"history\">Web History</a> (").append(countWebHistory).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Referrer</th><th>Title</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeWebDownload = new StringBuilder("<h3>Web Downloads (").append(countWebDownload).append(")</h3>").append(tableHeader).append("<th>File</th><th>Source</th><th>Time</th><th>Program</th></tr></thead><tbody>"); StringBuilder nodeWebDownload = new StringBuilder("<h3><a name=\"download\">Web Downloads</a> (").append(countWebDownload).append(")</h3>").append(tableHeader).append("<th>File</th><th>Source</th><th>Time</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeRecentObjects = new StringBuilder("<h3>Recent Documents (").append(countRecentObjects).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Path</th><th>Size</th></tr></thead><tbody>"); StringBuilder nodeRecentObjects = new StringBuilder("<h3><a name=\"recent\">Recent Documents</a> (").append(countRecentObjects).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Path</th><th>Size</th></tr></thead><tbody>");
StringBuilder nodeTrackPoint = new StringBuilder("<h3>Track Points (").append(countTrackPoint).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Attribute</th><th>Value</th></tr></thead><tbody>"); StringBuilder nodeTrackPoint = new StringBuilder("<h3><a name=\"track\">Track Points</a> (").append(countTrackPoint).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Attribute</th><th>Value</th></tr></thead><tbody>");
StringBuilder nodeInstalled = new StringBuilder("<h3>Installed Programs (").append(countInstalled).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Attribute</th><th>Value</th></tr></thead><tbody>"); StringBuilder nodeInstalled = new StringBuilder("<h3><a name=\"installed\">Installed Programs</a> (").append(countInstalled).append(")</h3>").append(tableHeader).append("<th>Program Name</th><th>Install Date/Time</th></tr></thead><tbody>");
StringBuilder nodeKeyword = new StringBuilder("<h3>Keyword Search Hits (").append(countKeyword).append(")</h3>"); StringBuilder nodeKeyword = new StringBuilder("<h3><a name=\"keyword\">Keyword Search Hits</a> (").append(countKeyword).append(")</h3>");
StringBuilder nodeHash = new StringBuilder("<h3>Hashset Hits (").append(countHash).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Hashset Name</th></tr></thead><tbody>"); StringBuilder nodeHash = new StringBuilder("<h3><a name=\"hash\">Hashset Hit</a> (").append(countHash).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Size</th><th>Hashset Name</th></tr></thead><tbody>");
int alt = 0;
String altRow = "";
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) { for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(reportFilter.cancel == true){ if(reportFilter.cancel == true){
break; break;
} }
int cc = 0; int cc = 0;
if(alt > 0)
{
altRow = " class=\"alt\"";
alt = 0;
}
else{
altRow="";
alt++;
}
StringBuilder artifact = new StringBuilder(""); StringBuilder artifact = new StringBuilder("");
Long objId = entry.getKey().getObjectID(); Long objId = entry.getKey().getObjectID();
//Content file = skCase.getContentById(objId); //Content file = skCase.getContentById(objId);
@ -172,15 +198,27 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
TreeMap<Integer, String> attributes = new TreeMap<Integer,String>(); TreeMap<Integer, String> attributes = new TreeMap<Integer,String>();
// Get all the attributes, line them up to be added. // Get all the attributes, line them up to be added. Place empty string placeholders for each attribute type
int n;
for(n=1;n<=35;n++)
{
attributes.put(n, "");
}
for (BlackboardAttribute tempatt : entry.getValue()) for (BlackboardAttribute tempatt : entry.getValue())
{ {
if(reportFilter.cancel == true){ if(reportFilter.cancel == true){
break; break;
} }
String value = "";
int type = tempatt.getAttributeTypeID(); int type = tempatt.getAttributeTypeID();
String value = tempatt.getValueString(); if(tempatt.getValueString() == null || tempatt.getValueString() == "null"){
}
else
{
value = tempatt.getValueString();
}
value = reportUtils.insertPeriodically(value, "<br>", 30); value = reportUtils.insertPeriodically(value, "<br>", 30);
attributes.put(type, value); attributes.put(type, value);
cc++; cc++;
@ -193,14 +231,14 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
nodeGen.append(artifact); nodeGen.append(artifact);
} }
if(entry.getKey().getArtifactTypeID() == 2){ if(entry.getKey().getArtifactTypeID() == 2){
artifact.append("<tr><td>").append(attributes.get(1)).append("</td>"); artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(3)).append("</td>"); artifact.append("<td>").append(attributes.get(3)).append("</td>");
artifact.append("<td>").append(attributes.get(4)).append("</td>"); artifact.append("<td>").append(attributes.get(4)).append("</td>");
artifact.append("</tr>"); artifact.append("</tr>");
nodeWebBookmark.append(artifact); nodeWebBookmark.append(artifact);
} }
if(entry.getKey().getArtifactTypeID() == 3){ if(entry.getKey().getArtifactTypeID() == 3){
artifact.append("<tr><td>").append(attributes.get(1)).append("</td>"); artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(2)).append("</td>"); artifact.append("<td>").append(attributes.get(2)).append("</td>");
artifact.append("<td>").append(attributes.get(3)).append("</td>"); artifact.append("<td>").append(attributes.get(3)).append("</td>");
artifact.append("<td>").append(attributes.get(6)).append("</td>"); artifact.append("<td>").append(attributes.get(6)).append("</td>");
@ -209,8 +247,8 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
nodeWebCookie.append(artifact); nodeWebCookie.append(artifact);
} }
if(entry.getKey().getArtifactTypeID() == 4){ if(entry.getKey().getArtifactTypeID() == 4){
artifact.append("<tr><td>").append(attributes.get(1)).append("</td>"); artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(2)).append("</td>"); artifact.append("<td>").append(attributes.get(33)).append("</td>");
artifact.append("<td>").append(attributes.get(32)).append("</td>"); artifact.append("<td>").append(attributes.get(32)).append("</td>");
artifact.append("<td>").append(attributes.get(3)).append("</td>"); artifact.append("<td>").append(attributes.get(3)).append("</td>");
artifact.append("<td>").append(attributes.get(4)).append("</td>"); artifact.append("<td>").append(attributes.get(4)).append("</td>");
@ -218,31 +256,31 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
nodeWebHistory.append(artifact); nodeWebHistory.append(artifact);
} }
if(entry.getKey().getArtifactTypeID() == 5){ if(entry.getKey().getArtifactTypeID() == 5){
artifact.append("<tr><td>").append(attributes.get(8)).append("</td>"); artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(8)).append("</td>");
artifact.append("<td>").append(attributes.get(1)).append("</td>"); artifact.append("<td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(2)).append("</td>"); artifact.append("<td>").append(attributes.get(33)).append("</td>");
artifact.append("<td>").append(attributes.get(4)).append("</td>"); artifact.append("<td>").append(attributes.get(4)).append("</td>");
artifact.append("</tr>"); artifact.append("</tr>");
nodeWebDownload.append(artifact); nodeWebDownload.append(artifact);
} }
if(entry.getKey().getArtifactTypeID() == 6){ if(entry.getKey().getArtifactTypeID() == 6){
artifact.append("<tr><td>").append(objId.toString()); //artifact.append("<tr><td>").append(objId.toString());
artifact.append("</td><td><strong>").append(file.getName().toString()).append("</strong></td>"); artifact.append("<tr").append(altRow).append("><td><strong>").append(attributes.get(6)).append("</strong></td>");
artifact.append("<td>").append(attributes.get(5)).append("</td>");
artifact.append("<td>").append(filesize.toString()).append("</td>"); artifact.append("<td>").append(filesize.toString()).append("</td>");
artifact.append("</tr>"); artifact.append("</tr>");
nodeRecentObjects.append(artifact); nodeRecentObjects.append(artifact);
} }
if(entry.getKey().getArtifactTypeID() == 7){ if(entry.getKey().getArtifactTypeID() == 7){
artifact.append("<tr><td>").append(objId.toString()); artifact.append("<tr").append(altRow).append("><td>").append(objId.toString());
artifact.append("</td><td><strong>").append(file.getName().toString()).append("</strong></td>"); artifact.append("</td><td><strong>").append(file.getName().toString()).append("</strong></td>");
artifact.append("<td>").append(filesize.toString()).append("</td>"); artifact.append("<td>").append(filesize.toString()).append("</td>");
artifact.append("</tr>"); artifact.append("</tr>");
nodeTrackPoint.append(artifact); nodeTrackPoint.append(artifact);
} }
if(entry.getKey().getArtifactTypeID() == 8){ if(entry.getKey().getArtifactTypeID() == 8){
artifact.append("<tr><td>").append(objId.toString()); artifact.append("<tr").append(altRow).append("><td><strong>").append(attributes.get(4)).append("</strong></td>");
artifact.append("</td><td><strong>").append(file.getName().toString()).append("</strong></td>"); artifact.append("<td>").append(attributes.get(2)).append("</td>");
artifact.append("<td>").append(filesize.toString()).append("</td>");
artifact.append("</tr>"); artifact.append("</tr>");
nodeInstalled.append(artifact); nodeInstalled.append(artifact);
} }
@ -254,8 +292,8 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
// nodeKeyword.append(artifact); // nodeKeyword.append(artifact);
} }
if(entry.getKey().getArtifactTypeID() == 10){ if(entry.getKey().getArtifactTypeID() == 10){
artifact.append("<tr><td>").append(objId.toString()); // artifact.append("<tr><td>").append(objId.toString());
artifact.append("</td><td><strong>").append(file.getName().toString()).append("</strong></td>"); artifact.append("<tr").append(altRow).append("><td><strong>").append(file.getName().toString()).append("</strong></td>");
artifact.append("<td>").append(filesize.toString()).append("</td>"); artifact.append("<td>").append(filesize.toString()).append("</td>");
//artifact.append("<td>").append(attributes.get(31)).append("</td>"); //artifact.append("<td>").append(attributes.get(31)).append("</td>");
artifact.append("<td>").append(attributes.get(30)).append("</td>"); artifact.append("<td>").append(attributes.get(30)).append("</td>");
@ -268,6 +306,7 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
//Add them back in order //Add them back in order
//formatted_Report.append(nodeGen); //formatted_Report.append(nodeGen);
// formatted_Report.append("</tbody></table>"); // formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeWebBookmark); formatted_Report.append(nodeWebBookmark);
formatted_Report.append("</tbody></table>"); formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeWebCookie); formatted_Report.append(nodeWebCookie);

1
Report/src/org/sleuthkit/autopsy/report/reportInterface.java
View File

@ -22,5 +22,6 @@ public interface reportInterface{
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getRecentObject(); public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getRecentObject();
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getHashHit(); public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getHashHit();
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getKeywordHit(); public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getKeywordHit();
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getInstalledProg();
public String getGroupedKeywordHit(); public String getGroupedKeywordHit();
} }

4
Report/src/org/sleuthkit/autopsy/report/reportPanelAction.java
View File

@ -42,7 +42,7 @@ public class reportPanelAction {
if(reportlist.contains(5)){Results.putAll(bbreport.getWebDownload());} if(reportlist.contains(5)){Results.putAll(bbreport.getWebDownload());}
if(reportlist.contains(6)){Results.putAll(bbreport.getRecentObject());} if(reportlist.contains(6)){Results.putAll(bbreport.getRecentObject());}
// if(reportlist.contains(7)){Results.putAll(bbreport.getGenInfo());} // if(reportlist.contains(7)){Results.putAll(bbreport.getGenInfo());}
// if(reportlist.contains(7)){Results.putAll(bbreport.getGenInfo());} if(reportlist.contains(8)){Results.putAll(bbreport.getInstalledProg());}
if(reportlist.contains(9)){Results.putAll(bbreport.getKeywordHit());} if(reportlist.contains(9)){Results.putAll(bbreport.getKeywordHit());}
if(reportlist.contains(10)){Results.putAll(bbreport.getHashHit());} if(reportlist.contains(10)){Results.putAll(bbreport.getHashHit());}
SwingUtilities.invokeLater(new Runnable() { SwingUtilities.invokeLater(new Runnable() {
@ -97,7 +97,7 @@ public class reportPanelAction {
// add the panel to the popup window // add the panel to the popup window
popUpWindow.add(panel); popUpWindow.add(panel);
popUpWindow.setResizable(false); popUpWindow.setResizable(true);
popUpWindow.pack(); popUpWindow.pack();
// set the location of the popUp Window on the center of the screen // set the location of the popUp Window on the center of the screen
Dimension screenDimension = Toolkit.getDefaultToolkit().getScreenSize(); Dimension screenDimension = Toolkit.getDefaultToolkit().getScreenSize();