mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-19 19:14:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix resolving bug and always go lower case. Progress update

Browse Source
This commit is contained in:
Brian Carrier 2018-09-19 00:29:06 -04:00
parent e1932d4357
commit 772cba097c
6 changed files with 21 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
Core/src/org/sleuthkit/autopsy/modules/plaso/PlasoIngestModule.java
View File

@ -118,7 +118,7 @@ public class PlasoIngestModule implements DataSourceIngestModule {
"PlasoIngestModule_has_run=Plaso Plugin has been run."})
@Override
public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress statusHelper) {
statusHelper.switchToIndeterminate();
statusHelper.switchToDeterminate(100);
if (!(dataSource instanceof Image)) {
logger.log(Level.SEVERE, Bundle.PlasoIngestModule_dataSource_not_an_image());
@ -142,7 +142,8 @@ public class PlasoIngestModule implements DataSourceIngestModule {
logger.log(Level.INFO, Bundle.PlasoIngestModule_startUp_message()); //NON-NLS
try {
statusHelper.progress(Bundle.PlasoIngestModule_running_log2timeline());
// Run log2timeline
statusHelper.progress(Bundle.PlasoIngestModule_running_log2timeline(), 0);
ExecUtil.execute(log2TimeLineCommand, new DataSourceIngestModuleProcessTerminator(context));
if (context.dataSourceIngestIsCancelled()) {
logger.log(Level.INFO, Bundle.PlasoIngestModule_log2timeline_cancelled()); //NON-NLS
@ -155,7 +156,9 @@ public class PlasoIngestModule implements DataSourceIngestModule {
MessageNotifyUtil.Message.info(Bundle.PlasoIngestModule_error_running_log2timeline());
return ProcessResult.OK;
}
statusHelper.progress(Bundle.PlasoIngestModule_running_psort());
// sort the output
statusHelper.progress(Bundle.PlasoIngestModule_running_psort(), 33);
ExecUtil.execute(psortCommand, new DataSourceIngestModuleProcessTerminator(context));
if (context.dataSourceIngestIsCancelled()) {
logger.log(Level.INFO, Bundle.PlasoIngestModule_psort_cancelled()); //NON-NLS
@ -168,8 +171,9 @@ public class PlasoIngestModule implements DataSourceIngestModule {
MessageNotifyUtil.Message.info(Bundle.PlasoIngestModule_error_running_psort());
return ProcessResult.OK;
}
String plasoDb = moduleOutputPath + File.separator + "plasodb.db3";
createPlasoArtifacts(plasoDb, statusHelper);
// parse the output and make artifacts
createPlasoArtifacts(plasoFile.getAbsolutePath(), statusHelper);
} catch (IOException ex) {
logger.log(Level.SEVERE, Bundle.PlasoIngestModule_error_running(), ex);
@ -275,6 +279,7 @@ public class PlasoIngestModule implements DataSourceIngestModule {
try (SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", connectionString); //NON-NLS
ResultSet resultSet = tempdbconnect.executeQry(sqlStatement)) {
while (resultSet.next()) {
if (context.dataSourceIngestIsCancelled()) {
logger.log(Level.INFO, Bundle.PlasoIngestModule_create_artifacts_cancelled()); //NON-NLS
@ -291,13 +296,15 @@ public class PlasoIngestModule implements DataSourceIngestModule {
continue;
}
statusHelper.progress(resultSet.getString("filename"));
String currentFile = resultSet.getString("filename");
statusHelper.progress("Adding events to case: " + currentFile, 66);
Content resolvedFile = getAbstractFile(resultSet.getString("filename"));
Content resolvedFile = getAbstractFile(currentFile);
if (resolvedFile == null) {
logger.log(Level.INFO, "File from Plaso output not found. Associating with data source instead: {0}", resultSet.getString("filename"));
resolvedFile = image;
}
long eventType = findEventSubtype(resultSet.getString("source"), resultSet.getString("filename"), resultSet.getString("type"), resultSet.getString("description"), resultSet.getString("sourcetype"));
Collection<BlackboardAttribute> bbattributes = Arrays.asList(
new BlackboardAttribute(
@ -356,7 +363,8 @@ public class PlasoIngestModule implements DataSourceIngestModule {
return abstractFiles.get(0);
}
for (AbstractFile resolvedFile : abstractFiles) {
if (filePath.matches(resolvedFile.getParentPath().toLowerCase())) {
// double check its an exact match
if (filePath.toLowerCase().matches(resolvedFile.getParentPath().toLowerCase())) {
// cache it for next time
previousFile = resolvedFile;
return resolvedFile;

2
Core/src/org/sleuthkit/autopsy/timeline/FilteredEventsModel.java
View File

@ -367,7 +367,7 @@ public final class FilteredEventsModel {
tagsFilter,
hashHitsFilter,
new TextFilter(),
new TypeFilter(EventType.ROOT_EVEN_TYPE),
new TypeFilter(EventType.ROOT_EVENT_TYPE),
dataSourcesFilter,
Collections.emptySet()));
}

2
Core/src/org/sleuthkit/autopsy/timeline/ui/EventTypeUtils.java
View File

@ -93,7 +93,7 @@ final public class EventTypeUtils {
}
public static Color getColor(EventType type) {
if (type.equals(EventType.ROOT_EVEN_TYPE)) {
if (type.equals(EventType.ROOT_EVENT_TYPE)) {
return Color.hsb(359, .9, .9, 0);
}

2
Core/src/org/sleuthkit/autopsy/timeline/ui/countsview/EventCountsChart.java
View File

@ -317,7 +317,7 @@ final class EventCountsChart extends StackedBarChart<String, Number> implements
super(Bundle.Timeline_ui_countsview_menuItem_selectTimeRange());
setEventHandler(action -> {
try {
controller.selectTimeAndType(interval, EventType.ROOT_EVEN_TYPE);
controller.selectTimeAndType(interval, EventType.ROOT_EVENT_TYPE);
} catch (TskCoreException ex) {
Notifications.create().owner(getScene().getWindow())

2
branding/core/core.jar/org/netbeans/core/startup/Bundle.properties
View File

@ -1,5 +1,5 @@
#Updated by build script
#Mon, 03 Sep 2018 17:29:44 +0200
#Tue, 18 Sep 2018 23:44:53 -0400
LBL_splash_window_title=Starting Autopsy
SPLASH_HEIGHT=314
SPLASH_WIDTH=538

2
branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties
View File

@ -1,4 +1,4 @@
#Updated by build script
#Mon, 03 Sep 2018 17:29:44 +0200
#Tue, 18 Sep 2018 23:44:53 -0400
CTL_MainWindow_Title=Autopsy 4.8.0
CTL_MainWindow_Title_No_Project=Autopsy 4.8.0