Merge pull request #4666 from millmanorama/1220-turn-off-parsers

1220 turn off parsers
This commit is contained in:
Richard Cordovano 2019-04-16 15:10:52 -04:00 committed by GitHub
commit 779e9fdcbb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
27 changed files with 524 additions and 223 deletions

View File

@ -220,15 +220,10 @@ AddImageWizardIngestConfigPanel.dsProcDone.errs.text=*Errors encountered in addi
AddImageWizardIngestConfigVisual.getName.text=Configure Ingest Modules
AddImageWizardIterator.stepXofN=Step {0} of {1}
AddLocalFilesTask.localFileAdd.progress.text=Adding: {0}/{1}
Case.getCurCase.exception.noneOpen=Cannot get the current case; there is no case open\!
Case.getCurCase.exception.noneOpen=Cannot get the current case; there is no case open!
Case.open.msgDlg.updated.msg=Updated case database schema.\nA backup copy of the database with the following path has been made:\n {0}
Case.open.msgDlg.updated.title=Case Database Schema Update
Case.checkImgExist.confDlg.doesntExist.msg=One of the images associated with \n\
this case are missing. Would you like to search for them now?\n\
Previously, the image was located at:\n\
{0}\n\
Please note that you will still be able to browse directories and generate reports\n\
if you choose No, but you will not be able to view file content or run the ingest process.
Case.checkImgExist.confDlg.doesntExist.msg=One of the images associated with \nthis case are missing. Would you like to search for them now?\nPreviously, the image was located at:\n{0}\nPlease note that you will still be able to browse directories and generate reports\nif you choose No, but you will not be able to view file content or run the ingest process.
Case.checkImgExist.confDlg.doesntExist.title=Missing Image
Case.addImg.exception.msg=Error adding image to the case
Case.updateCaseName.exception.msg=Error while trying to update the case name.
@ -247,12 +242,9 @@ Case.GetCaseTypeGivenPath.Failure=Unable to get case type
Case.metaDataFileCorrupt.exception.msg=The case metadata file (.aut) is corrupted.
Case.deleteReports.deleteFromDiskException.log.msg=Unable to delete the report from the disk.
Case.deleteReports.deleteFromDiskException.msg=Unable to delete the report {0} from the disk.\nYou may manually delete it from {1}
CaseDeleteAction.closeConfMsg.text=Are you sure want to close and delete this case? \n\
Case Name: {0}\n\
Case Directory: {1}
CaseDeleteAction.closeConfMsg.text=Are you sure want to close and delete this case? \nCase Name: {0}\nCase Directory: {1}
CaseDeleteAction.closeConfMsg.title=Warning: Closing the Current Case
CaseDeleteAction.msgDlg.fileInUse.msg=The delete action cannot be fully completed because the folder or file in it is open by another program.\n\n\
Close the folder and file and try again or you can delete the case manually.
CaseDeleteAction.msgDlg.fileInUse.msg=The delete action cannot be fully completed because the folder or file in it is open by another program.\n\nClose the folder and file and try again or you can delete the case manually.
CaseDeleteAction.msgDlg.fileInUse.title=Error: Folder In Use
CaseDeleteAction.msgDlg.caseDelete.msg=Case {0} has been deleted.
CaseOpenAction.autFilter.title={0} Case File ( {1})
@ -284,8 +276,7 @@ NewCaseWizardAction.databaseProblem1.text=Cannot open database. Cancelling case
NewCaseWizardAction.databaseProblem2.text=Error
NewCaseWizardPanel1.validate.errMsg.invalidSymbols=The Case Name cannot contain any of the following symbols: \\ / : * ? " < > |
NewCaseWizardPanel1.validate.errMsg.dirExists=Case directory ''{0}'' already exists.
NewCaseWizardPanel1.validate.confMsg.createDir.msg=The base directory "{0}" does not exist. \n\n\
Do you want to create that directory?
NewCaseWizardPanel1.validate.confMsg.createDir.msg=The base directory "{0}" does not exist. \n\nDo you want to create that directory?
NewCaseWizardPanel1.validate.confMsg.createDir.title=Create directory
NewCaseWizardPanel1.validate.errMsg.cantCreateParDir.msg=Error: Could not create case parent directory {0}
NewCaseWizardPanel1.validate.errMsg.prevCreateBaseDir.msg=Prevented from creating base directory {0}
@ -321,15 +312,15 @@ StartupWindow.title.text=Welcome
UpdateRecentCases.menuItem.clearRecentCases.text=Clear Recent Cases
UpdateRecentCases.menuItem.empty=-Empty-
AddImageWizardIngestConfigPanel.CANCEL_BUTTON.text=Cancel
NewCaseVisualPanel1.CaseFolderOnCDriveError.text=Warning: Path to multi-user case folder is on \"C:\" drive
NewCaseVisualPanel1.CaseFolderOnInternalDriveWindowsError.text=Warning: Path to case folder is on \"C:\" drive. Case folder is created on the target system
NewCaseVisualPanel1.CaseFolderOnCDriveError.text=Warning: Path to multi-user case folder is on "C:" drive
NewCaseVisualPanel1.CaseFolderOnInternalDriveWindowsError.text=Warning: Path to case folder is on "C:" drive. Case folder is created on the target system
NewCaseVisualPanel1.CaseFolderOnInternalDriveLinuxError.text=Warning: Path to case folder is on the target system. Create case folder in mounted drive.
CollaborationMonitor.addingDataSourceStatus.msg={0} adding data source
CollaborationMonitor.analyzingDataSourceStatus.msg={0} analyzing {1}
MissingImageDialog.lbWarning.text=
MissingImageDialog.lbWarning.toolTipText=
NewCaseVisualPanel1.caseParentDirWarningLabel.text=
NewCaseVisualPanel1.multiUserCaseRadioButton.text=Multi-user
NewCaseVisualPanel1.multiUserCaseRadioButton.text=Multi-user\t\t
NewCaseVisualPanel1.singleUserCaseRadioButton.text=Single-user
NewCaseVisualPanel1.caseTypeLabel.text=Case Type:
SingleUserCaseConverter.BadDatabaseFileName=Database file does not exist!

View File

@ -5,10 +5,7 @@ CentralRepoCommentDialog.title.addEditCentralRepoComment=Add/Edit Central Reposi
OpenIDE-Module-Name=Central Repository
OpenIDE-Module-Display-Category=Ingest Module
OpenIDE-Module-Short-Description=Correlation Engine Ingest Module
OpenIDE-Module-Long-Description=\
Correlation Engine ingest module and central database. \n\n\
The Correlation Engine ingest module stores attributes of artifacts matching selected correlation types into a central database.\n\
Stored attributes are used in future cases to correlate and analyzes files and artifacts during ingest.
OpenIDE-Module-Long-Description=Correlation Engine ingest module and central database. \n\nThe Correlation Engine ingest module stores attributes of artifacts matching selected correlation types into a central database.\nStored attributes are used in future cases to correlate and analyzes files and artifacts during ingest.
CentralRepoCommentDialog.commentLabel.text=Comment:
CentralRepoCommentDialog.okButton.text=&OK
CentralRepoCommentDialog.cancelButton.text=C&ancel

View File

@ -3,13 +3,7 @@ Installer.closing.confirmationDialog.title=Ingest is Running
# {0} - exception message
Installer.closing.messageBox.caseCloseExceptionMessage=Error closing case: {0}
OpenIDE-Module-Display-Category=Infrastructure
OpenIDE-Module-Long-Description=\
This is the core Autopsy module.\n\n\
The module contains the core components needed for the bare application to run; the RCP platform, windowing GUI, sleuthkit bindings, datamodel / storage, explorer, result viewers, content viewers, ingest framework, reporting, and core tools, such as the file search.\n\n\
The framework included in the module contains APIs for developing modules for ingest, viewers and reporting. \
The modules can be deployed as Plugins using the Autopsy plugin installer.\n\
This module should not be uninstalled - without it, Autopsy will not run.\n\n\
For more information, see http://www.sleuthkit.org/autopsy/
OpenIDE-Module-Long-Description=This is the core Autopsy module.\n\nThe module contains the core components needed for the bare application to run; the RCP platform, windowing GUI, sleuthkit bindings, datamodel / storage, explorer, result viewers, content viewers, ingest framework, reporting, and core tools, such as the file search.\n\nThe framework included in the module contains APIs for developing modules for ingest, viewers and reporting. The modules can be deployed as Plugins using the Autopsy plugin installer.\nThis module should not be uninstalled - without it, Autopsy will not run.\n\nFor more information, see http://www.sleuthkit.org/autopsy/
OpenIDE-Module-Name=Autopsy-Core
OpenIDE-Module-Short-Description=Autopsy Core Module
org_sleuthkit_autopsy_core_update_center=http://sleuthkit.org/autopsy/updates.xml

View File

@ -63,9 +63,9 @@ DataContentViewerHex.pageLabel2.text=Page
DataContentViewerString.pageLabel2.text=Page
# Product Information panel
LBL_Description=<div style=\"font-size: 12pt; font-family: Verdana, 'Verdana CE', Arial, 'Arial CE', 'Lucida Grande CE', lucida, 'Helvetica CE', sans-serif;\">\n <b>Product Version:</b> {0} ({9}) <br><b>Sleuth Kit Version:</b> {7} <br><b>Netbeans RCP Build:</b> {8} <br> <b>Java:</b> {1}; {2}<br> <b>System:</b> {3}; {4}; {5}<br><b>Userdir:</b> {6}</div>
LBL_Description=<div style="font-size: 12pt; font-family: Verdana, 'Verdana CE', Arial, 'Arial CE', 'Lucida Grande CE', lucida, 'Helvetica CE', sans-serif;">\n <b>Product Version:</b> {0} ({9}) <br><b>Sleuth Kit Version:</b> {7} <br><b>Netbeans RCP Build:</b> {8} <br> <b>Java:</b> {1}; {2}<br> <b>System:</b> {3}; {4}; {5}<br><b>Userdir:</b> {6}</div>
Format_OperatingSystem_Value={0} version {1} running on {2}
LBL_Copyright=<div style\="font-size: 12pt; font-family: Verdana, 'Verdana CE', Arial, 'Arial CE', 'Lucida Grande CE', lucida, 'Helvetica CE', sans-serif; ">Autopsy&trade; is a digital forensics platform based on The Sleuth Kit&trade; and other tools. <br><ul><li>General Information: <a style\="color: \#1E2A60;" href\="http://www.sleuthkit.org">http://www.sleuthkit.org</a>.</li><li>Training: <a style\="color: \#1E2A60;" href\="http://www.basistech.com/autopsy-training">http://www.basistech.com/autopsy-training</a></li><li>Commercial Support: <a style\="color: \#1E2A60;" href\="http://www.basistech.com/digital-forensics/autopsy/support/">http://www.basistech.com/digital-forensics/autopsy/support/</a></li></ul>Copyright &copy; 2003-2018. </div>
LBL_Copyright=<div style="font-size: 12pt; font-family: Verdana, 'Verdana CE', Arial, 'Arial CE', 'Lucida Grande CE', lucida, 'Helvetica CE', sans-serif; ">Autopsy&trade; is a digital forensics platform based on The Sleuth Kit&trade; and other tools. <br><ul><li>General Information: <a style="color: #1E2A60;" href="http://www.sleuthkit.org">http://www.sleuthkit.org</a>.</li><li>Training: <a style="color: #1E2A60;" href="http://www.basistech.com/autopsy-training">http://www.basistech.com/autopsy-training</a></li><li>Commercial Support: <a style="color: #1E2A60;" href="http://www.basistech.com/digital-forensics/autopsy/support/">http://www.basistech.com/digital-forensics/autopsy/support/</a></li></ul>Copyright &copy; 2003-2018. </div>
SortChooser.dialogTitle=Choose Sort Criteria
ThumbnailViewChildren.progress.cancelling=(Cancelling)
# {0} - file name
@ -102,7 +102,7 @@ DataResultViewerThumbnail.pageNextButton.text=
DataResultViewerThumbnail.imagesLabel.text=Images:
DataResultViewerThumbnail.imagesRangeLabel.text=-
DataResultViewerThumbnail.pageNumLabel.text=-
DataResultViewerThumbnail.filePathLabel.text=\ \ \
DataResultViewerThumbnail.filePathLabel.text=\
DataResultViewerThumbnail.goToPageLabel.text=Go to Page:
DataResultViewerThumbnail.goToPageField.text=
AdvancedConfigurationDialog.cancelButton.text=Cancel

View File

@ -23,9 +23,7 @@ PlatformUtil.getProcVmUsed.sigarNotInit.msg=Cannot get virt mem used, sigar not
PlatformUtil.getProcVmUsed.gen.msg=Cannot get virt mem used, {0}
PlatformUtil.getJvmMemInfo.usageText=JVM heap usage: {0}, JVM non-heap usage: {1}
PlatformUtil.getPhysicalMemInfo.usageText=Physical memory usage (max, total, free): {0}, {1}, {2}
PlatformUtil.getAllMemUsageInfo.usageText={0}\n\
{1}\n\
Process Virtual Memory: {2}
PlatformUtil.getAllMemUsageInfo.usageText={0}\n{1}\nProcess Virtual Memory: {2}
# {0} - file name
ReadImageTask.mesageText=Reading image: {0}
StringExtract.illegalStateException.cannotInit.msg=Unicode table not properly initialized, cannot instantiate StringExtract

View File

@ -258,10 +258,10 @@ ImageNode.getActions.viewInNewWin.text=View in New Window
ImageNode.createSheet.name.name=Name
ImageNode.createSheet.name.displayName=Name
ImageNode.createSheet.name.desc=no description
Installer.exception.tskVerStringNull.msg=Sleuth Kit JNI test call returned without error, but version string was null\!
Installer.exception.taskVerStringBang.msg=Sleuth Kit JNI test call returned without error, but version string was ""\!
Installer.tskLibErr.msg=Problem with Sleuth Kit JNI. Test call failed\!\n\nDetails: {0}
Installer.tskLibErr.err=Fatal Error\!
Installer.exception.tskVerStringNull.msg=Sleuth Kit JNI test call returned without error, but version string was null!
Installer.exception.taskVerStringBang.msg=Sleuth Kit JNI test call returned without error, but version string was ""!
Installer.tskLibErr.msg=Problem with Sleuth Kit JNI. Test call failed!\n\nDetails: {0}
Installer.tskLibErr.err=Fatal Error!
InterestingHits.interestingItems.text=INTERESTING ITEMS
InterestingHits.displayName.text=Interesting Items
InterestingHits.createSheet.name.name=Name

View File

@ -46,7 +46,6 @@ import org.openide.util.lookup.Lookups;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.CasePreferences;
import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
import org.sleuthkit.autopsy.core.UserPreferences;
import org.sleuthkit.autopsy.coreutils.Logger;
import static org.sleuthkit.autopsy.datamodel.Bundle.*;
import org.sleuthkit.autopsy.ingest.IngestManager;

View File

@ -14,7 +14,7 @@ KnownStatusSearchPanel.knownCheckBox.text=Known Status:
KnownStatusSearchPanel.knownBadOptionCheckBox.text=Notable
KnownStatusSearchPanel.knownOptionCheckBox.text=Known (NSRL or other)
KnownStatusSearchPanel.unknownOptionCheckBox.text=Unknown
DateSearchFilter.noneSelectedMsg.text=At least one date type must be selected\!
DateSearchFilter.noneSelectedMsg.text=At least one date type must be selected!
DateSearchPanel.dateCheckBox.text=Date:
DateSearchPanel.jLabel4.text=Timezone:
DateSearchPanel.jLabel3.text=*The date format is mm/dd/yyyy
@ -56,7 +56,7 @@ FileSearchPanel.search.results.details=Large number of matches may impact perfor
FileSearchPanel.search.exception.noFilterSelected.msg=At least one filter must be selected.
FileSearchPanel.search.validationErr.msg=Validation Error: {0}
FileSearchPanel.emptyWhereClause.text=Invalid options, nothing to show.
KnownStatusSearchFilter.noneSelectedMsg.text=At least one known status must be selected\!
KnownStatusSearchFilter.noneSelectedMsg.text=At least one known status must be selected!
NameSearchFilter.emptyNameMsg.text=Must enter something for name search.
SearchNode.getName.text=Search Result
SizeSearchPanel.sizeCompareComboBox.equalTo=equal to

View File

@ -140,7 +140,7 @@ IngestJob.cancelReason.outOfDiskSpace.text=Out of disk space
IngestJob.cancelReason.servicesDown.text=Services Down
IngestJob.cancelReason.caseClosed.text=Case closed
IngestJobSettingsPanel.globalSettingsButton.text=Global Settings
gest
gest=
IngestJobSettingsPanel.globalSettingsButton.actionCommand=Advanced
IngestJobSettingsPanel.globalSettingsButton.text=Global Settings
IngestJobSettingsPanel.pastJobsButton.text=History

View File

@ -11,12 +11,7 @@ ExtractArchiveWithPasswordAction.progress.text=Unpacking contents of archive: {0
ExtractArchiveWithPasswordAction.prompt.text=Enter Password
ExtractArchiveWithPasswordAction.prompt.title=Enter Password
OpenIDE-Module-Display-Category=Ingest Module
OpenIDE-Module-Long-Description=\
Embedded File Extraction Ingest Module\n\nThe Embedded File Extraction Ingest Module processes document files (such as doc, docx, ppt, pptx, xls, xlsx) and archive files (such as zip and others archive types supported by the 7zip extractor).\n\
Contents of these files are extracted and the derived files are added back to the current ingest to be processed by the configured ingest modules.\n\
If the derived file happens to be an archive file, it will be re-processed by the 7zip extractor - the extractor will process archive files N-levels deep.\n\n\
The extracted files are navigable in the directory tree.\n\n\
The module is supported on Windows, Linux and Mac operating systems.
OpenIDE-Module-Long-Description=Embedded File Extraction Ingest Module\n\nThe Embedded File Extraction Ingest Module processes document files (such as doc, docx, ppt, pptx, xls, xlsx) and archive files (such as zip and others archive types supported by the 7zip extractor).\nContents of these files are extracted and the derived files are added back to the current ingest to be processed by the configured ingest modules.\nIf the derived file happens to be an archive file, it will be re-processed by the 7zip extractor - the extractor will process archive files N-levels deep.\n\nThe extracted files are navigable in the directory tree.\n\nThe module is supported on Windows, Linux and Mac operating systems.
OpenIDE-Module-Name=Embedded File Extraction
OpenIDE-Module-Short-Description=Embedded File Extraction Ingest Module
EmbeddedFileExtractorIngestModule.SevenZipContentReadStream.seek.exception.invalidOrigin=Invalid seek origin: {0}

View File

@ -1,9 +1,7 @@
CannotRunFileTypeDetection=Cannot run file type detection.
ExifParserFileIngestModule.indexError.message=Failed to post EXIF Metadata artifact(s).
OpenIDE-Module-Display-Category=Ingest Module
OpenIDE-Module-Long-Description=\
Exif metadata ingest module. \n\n\
The ingest module analyzes image files, extracts Exif information and posts the Exif data as results.
OpenIDE-Module-Long-Description=Exif metadata ingest module. \n\nThe ingest module analyzes image files, extracts Exif information and posts the Exif data as results.
OpenIDE-Module-Name=ExifParser
OpenIDE-Module-Short-Description=Exif metadata ingest module
ExifParserFileIngestModule.moduleName.text=Exif Parser

View File

@ -36,27 +36,27 @@ FileExtMismatchSettingsPanel.jLabel1.text=File Types:
FileExtMismatchSettingsPanel.newExtButton.text=New Extension
FileExtMismatchSettingsPanel.newMimePrompt.message=Add a new MIME file type:
FileExtMismatchSettingsPanel.newMimePrompt.title=New MIME
FileExtMismatchSettingsPanel.newMimePrompt.emptyMime.message=MIME type text is empty\!
FileExtMismatchSettingsPanel.newMimePrompt.emptyMime.message=MIME type text is empty!
FileExtMismatchSettingsPanel.newMimePrompt.emptyMime.title=Empty type
FileExtMismatchSettingsPanel.newMimePrompt.mimeTypeNotSupported.message=MIME type not supported\!
FileExtMismatchSettingsPanel.newMimePrompt.mimeTypeNotSupported.message=MIME type not supported!
FileExtMismatchSettingsPanel.newMimePrompt.mimeTypeNotSupported.title=Type not supported
FileExtMismatchSettingsPanel.newMimePrompt.mimeTypeExists.message=MIME type already exists\!
FileExtMismatchSettingsPanel.newMimePrompt.mimeTypeExists.message=MIME type already exists!
FileExtMismatchSettingsPanel.newMimePrompt.mimeTypeExists.title=Type already exists
FileExtMismatchSettingsPanel.newMimePrompt.mimeTypeNotDetectable.message=MIME type is not detectable by this module.
FileExtMismatchSettingsPanel.newMimePrompt.mimeTypeNotDetectable.title=Type not detectable
FileExtMismatchSettingsPanel.removeTypeButton.noneSelected.message=No MIME type selected\!
FileExtMismatchSettingsPanel.removeTypeButton.noneSelected.message=No MIME type selected!
FileExtMismatchSettingsPanel.removeTypeButton.noneSelected.title=No type selected
FileExtMismatchSettingsPanel.newExtPrompt.message=Add an allowed extension:
FileExtMismatchSettingsPanel.newExtPrompt.title=New allowed extension
FileExtMismatchSettingsPanel.newExtPrompt.empty.message=Extension text is empty\!
FileExtMismatchSettingsPanel.newExtPrompt.empty.message=Extension text is empty!
FileExtMismatchSettingsPanel.newExtPrompt.empty.title=Extension text empty
FileExtMismatchSettingsPanel.newExtPrompt.noMimeType.message=No MIME type selected\!
FileExtMismatchSettingsPanel.newExtPrompt.noMimeType.message=No MIME type selected!
FileExtMismatchSettingsPanel.newExtPrompt.noMimeType.title=No MIME type selected
FileExtMismatchSettingsPanel.newExtPrompt.extExists.message=Extension already exists\!
FileExtMismatchSettingsPanel.newExtPrompt.extExists.message=Extension already exists!
FileExtMismatchSettingsPanel.newExtPrompt.extExists.title=Extension already exists
FileExtMismatchSettingsPanel.removeExtButton.noneSelected.message=No extension selected\!
FileExtMismatchSettingsPanel.removeExtButton.noneSelected.message=No extension selected!
FileExtMismatchSettingsPanel.removeExtButton.noneSelected.title=No extension selected
FileExtMismatchSettingsPanel.removeExtButton.noMimeTypeSelected.message=No MIME type selected\!
FileExtMismatchSettingsPanel.removeExtButton.noMimeTypeSelected.message=No MIME type selected!
FileExtMismatchSettingsPanel.removeExtButton.noMimeTypeSelected.title=No MIME type selected
FileExtMismatchSettingsPanel.removeTypeButton.toolTipText=
FileExtMismatchModuleSettingsPanel.checkAllRadioButton.text=Check all file types

View File

@ -40,10 +40,7 @@ ImportCentralRepoDbProgressDialog.errorParsingFile.message=Error parsing hash se
ImportCentralRepoDbProgressDialog.linesProcessed.message=\ hashes processed
ImportCentralRepoDbProgressDialog.title.text=Central Repository Import Progress
OpenIDE-Module-Display-Category=Ingest Module
OpenIDE-Module-Long-Description=\
Hash Set ingest module. \n\n\
The ingest module analyzes files in the disk image and marks them as "known" (based on NSRL hashset lookup for "known" files) and "bad / interesting" (based on one or more hash sets supplied by the user).\n\n\
The module also contains additional non-ingest tools that are integrated in the GUI, such as file lookup by hash and hash set configuration.
OpenIDE-Module-Long-Description=Hash Set ingest module. \n\nThe ingest module analyzes files in the disk image and marks them as "known" (based on NSRL hashset lookup for "known" files) and "bad / interesting" (based on one or more hash sets supplied by the user).\n\nThe module also contains additional non-ingest tools that are integrated in the GUI, such as file lookup by hash and hash set configuration.
OpenIDE-Module-Name=HashDatabases
OptionsCategory_Name_HashDatabase=Hash Sets
OptionsCategory_Keywords_HashDatabase=Hash Sets
@ -172,10 +169,7 @@ HashDbSearchThread.name.searching=Searching
HashDbSearchThread.noMoreFilesWithMD5Msg=No other files with the same MD5 hash were found.
ModalNoButtons.indexingDbsTitle=Indexing hash sets
ModalNoButtons.indexingDbTitle=Indexing hash set
ModalNoButtons.exitHashDbIndexingMsg=You are about to exit out of indexing your hash sets. \n\
The generated index will be left unusable. If you choose to continue,\n\
please delete the corresponding -md5.idx file in the hash folder.\n\
Exit indexing?
ModalNoButtons.exitHashDbIndexingMsg=You are about to exit out of indexing your hash sets. \nThe generated index will be left unusable. If you choose to continue,\nplease delete the corresponding -md5.idx file in the hash folder.\nExit indexing?
ModalNoButtons.dlgTitle.unfinishedIndexing=Unfinished Indexing
ModalNoButtons.indexThis.currentlyIndexing1Db=Currently indexing 1 hash set
ModalNoButtons.indexThese.currentlyIndexing1OfNDbs=Currently indexing 1 of {0}

View File

@ -81,8 +81,8 @@ FilesSetRulePanel.nameTextField.text=
FilesSetRulePanel.ruleNameLabel.text=Rule Name (Optional):
FilesSetRulePanel.messages.emptyNameCondition=You must specify a name pattern for this rule.
FilesSetRulePanel.messages.invalidNameRegex=The name regular expression is not valid:\n\n{0}
FilesSetRulePanel.messages.invalidCharInName=The name cannot contain \\, /, :, *, ?, \", <, or > unless it is a regular expression.
FilesSetRulePanel.messages.invalidCharInPath=The path cannot contain \\, :, *, ?, \", <, or > unless it is a regular expression.
FilesSetRulePanel.messages.invalidCharInName=The name cannot contain \\, /, :, *, ?, ", <, or > unless it is a regular expression.
FilesSetRulePanel.messages.invalidCharInPath=The path cannot contain \\, :, *, ?, ", <, or > unless it is a regular expression.
FilesSetRulePanel.messages.invalidPathRegex=The path regular expression is not valid:\n\n{0}
FilesSetDefsPanel.doFileSetsDialog.duplicateRuleSet.text=Rule set with name {0} already exists.
FilesSetRulePanel.pathSeparatorInfoLabel.text=Use / as path separator

View File

@ -21,7 +21,7 @@ PhotoRecIngestModule.complete.totalParsetime=Total Parsing Time:
PhotoRecIngestModule.complete.photoRecResults=PhotoRec Results
PhotoRecIngestModule.NotEnoughDiskSpace.detail.msg=PhotoRec error processing {0} with {1} Not enough space on primary disk to save unallocated space.
PhotoRecIngestModule.cancelledByUser=PhotoRec cancelled by user.
PhotoRecIngestModule.error.exitValue=PhotoRec carver returned error exit value \= {0} when scanning {1}
PhotoRecIngestModule.error.exitValue=PhotoRec carver returned error exit value = {0} when scanning {1}
PhotoRecIngestModule.error.msg=Error processing {0} with PhotoRec carver.
PhotoRecIngestModule.complete.numberOfErrors=Number of Errors while Carving:
PhotoRecCarverIngestJobSettingsPanel.detectionSettingsLabel.text=PhotoRec Settings

View File

@ -0,0 +1,3 @@
PlasoModuleSettingsPanel.winRegCheckBox.text=winreg: Parser for Windows NT Registry (REGF) files.
PlasoModuleSettingsPanel.peCheckBox.text=pe: Parser for Portable Executable (PE) files.
PlasoModuleSettingsPanel.plasoParserInfoTextArea.text=All plaso parsers except chrome_cache and the ones listed below are run. chrome_cache duplicates data collected by the RecentActivity module. The parsers below add significantly to the processing time and should only be enabled if the events they produce are needed.

View File

@ -1,26 +1,29 @@
# {0} - file that events are from
PlasoIngestModule_artifact_progress=Adding events to case: {0}
PlasoIngestModule_bad_imageFile=Cannot find image file name and path
PlasoIngestModule_completed=Plaso Processing Completed
PlasoIngestModule_create_artifacts_cancelled=Cancelled Plaso Artifact Creation
PlasoIngestModule_dataSource_not_an_image=Datasource is not an Image.
PlasoIngestModule_error_posting_artifact=Error Posting Artifact
PlasoIngestModule_error_running=Error running Plaso, see log file.
PlasoIngestModule_error_running_log2timeline=Error running log2timeline, see log file.
PlasoIngestModule_error_running_psort=Error running Psort, see log file.
PlasoIngestModule_event_datetime=Event Date Time
PlasoIngestModule_event_description=Event Description
PlasoIngestModule_exception_adding_artifact=Exception Adding Artifact
PlasoIngestModule_exception_database_error=Error while trying to read into a sqlite db.
PlasoIngestModule.artifact.progress=Adding events to case: {0}
PlasoIngestModule.bad.imageFile=Cannot find image file name and path
PlasoIngestModule.completed=Plaso Processing Completed
PlasoIngestModule.create.artifacts.cancelled=Cancelled Plaso Artifact Creation
PlasoIngestModule.dataSource.not.an.image=Datasource is not an Image.
PlasoIngestModule.error.creating.output.dir=Error creating Plaso module output directory.
PlasoIngestModule.error.posting.artifact=Error Posting Artifact
PlasoIngestModule.error.running.log2timeline=Error running log2timeline, see log file.
PlasoIngestModule.error.running.psort=Error running Psort, see log file.
PlasoIngestModule.event.datetime=Event Date Time
PlasoIngestModule.event.description=Event Description
PlasoIngestModule.exception.adding.artifact=Exception Adding Artifact
PlasoIngestModule.exception.database.error=Error while trying to read into a sqlite db.
PlasoIngestModule.exception.posting.artifact=Exception Posting artifact.
PlasoIngestModule.executable.not.found=Plaso Executable Not Found.
PlasoIngestModule.has.run=Plaso Plugin has been run.
PlasoIngestModule.log2timeline.cancelled=Log2timeline run was canceled
PlasoIngestModule.psort.cancelled=psort run was canceled
PlasoIngestModule.requires.windows=Plaso module requires windows.
PlasoIngestModule.running.psort=Running Psort
PlasoIngestModule.starting.log2timeline=Starting Log2timeline
PlasoIngestModule_exception_find_file=Exception finding file.
PlasoIngestModule_exception_posting_artifact=Exception Posting artifact.
PlasoIngestModule_has_run=Plaso Plugin has been run.
PlasoIngestModule_log2timeline_cancelled=Log2timeline run was canceled
PlasoIngestModule_log2timeline_executable_not_found=Log2timeline Executable Not Found
PlasoIngestModule_psort_cancelled=psort run was canceled
PlasoIngestModule_psort_executable_not_found=psort Executable Not Found
PlasoIngestModule_running_log2timeline=Running Log2timeline
PlasoIngestModule_running_psort=Running Psort
PlasoIngestModule_startUp_message=Starting Plaso Run.
PlasoModuleFactory.ingestJobSettings.exception.msg=Expected settings argument to be instanceof PlasoModuleSettings
PlasoModuleFactory_moduleDesc=Runs Plaso against a Data Source.
PlasoModuleFactory_moduleName=Plaso
PlasoModuleSettingsPanel.winRegCheckBox.text=winreg: Parser for Windows NT Registry (REGF) files.
PlasoModuleSettingsPanel.peCheckBox.text=pe: Parser for Portable Executable (PE) files.
PlasoModuleSettingsPanel.plasoParserInfoTextArea.text=All plaso parsers except chrome_cache and the ones listed below are run. chrome_cache duplicates data collected by the RecentActivity module. The parsers below add significantly to the processing time and should only be enabled if the events they produce are needed.

View File

@ -21,6 +21,7 @@ package org.sleuthkit.autopsy.modules.plaso;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.file.Files;
@ -28,10 +29,14 @@ import java.nio.file.Path;
import java.nio.file.Paths;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Locale;
import static java.util.Objects.nonNull;
import java.util.logging.Level;
import java.util.stream.Collectors;
import org.openide.modules.InstalledFileLocator;
import org.openide.util.Cancellable;
import org.openide.util.NbBundle;
@ -39,7 +44,6 @@ import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.services.FileManager;
import org.sleuthkit.autopsy.coreutils.ExecUtil;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
import org.sleuthkit.autopsy.coreutils.PlatformUtil;
import org.sleuthkit.autopsy.coreutils.SQLiteDBConnect;
import org.sleuthkit.autopsy.ingest.DataSourceIngestModule;
@ -59,119 +63,114 @@ import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DES
import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TL_EVENT_TYPE;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.TimeUtilities;
import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.timeline.EventType;
/**
* Data source ingest module that runs plaso against the image
* Data source ingest module that runs Plaso against the image.
*/
public class PlasoIngestModule implements DataSourceIngestModule {
private static final Logger logger = Logger.getLogger(PlasoIngestModule.class.getName());
private static final String MODULE_NAME = PlasoModuleFactory.getModuleName();
private static final String PLASO = "plaso";
private static final String PLASO64 = "plaso//plaso-20180818-amd64";
private static final String PLASO32 = "plaso//plaso-20180818-win32";
private static final String LOG2TIMELINE_EXECUTABLE = "Log2timeline.exe";
private static final String PSORT_EXECUTABLE = "psort.exe";
private static final String PLASO = "plaso"; //NON-NLS
private static final String PLASO64 = "plaso-20180818-amd64";//NON-NLS
private static final String PLASO32 = "plaso-20180818-win32";//NON-NLS
private static final String LOG2TIMELINE_EXECUTABLE = "Log2timeline.exe";//NON-NLS
private static final String PSORT_EXECUTABLE = "psort.exe";//NON-NLS
private static final String COOKIE = "cookie";//NON-NLS
private static final int LOG2TIMELINE_WORKERS = 2;
private File log2TimeLineExecutable;
private File psortExecutable;
private final PlasoModuleSettings settings;
private IngestJobContext context;
private Image image;
private AbstractFile previousFile = null; // cache used when looking up files in Autopsy DB
private Case currentCase;
private FileManager fileManager;
PlasoIngestModule() {
private Image image;
private AbstractFile previousFile = null; // cache used when looking up files in Autopsy DB
PlasoIngestModule(PlasoModuleSettings settings) {
this.settings = settings;
}
@NbBundle.Messages({
"PlasoIngestModule_error_running=Error running Plaso, see log file.",
"PlasoIngestModule_log2timeline_executable_not_found=Log2timeline Executable Not Found",
"PlasoIngestModule_psort_executable_not_found=psort Executable Not Found"})
"PlasoIngestModule.executable.not.found=Plaso Executable Not Found.",
"PlasoIngestModule.requires.windows=Plaso module requires windows.",
"PlasoIngestModule.dataSource.not.an.image=Datasource is not an Image."})
@Override
public void startUp(IngestJobContext context) throws IngestModuleException {
this.context = context;
log2TimeLineExecutable = locateExecutable(LOG2TIMELINE_EXECUTABLE);
if (this.log2TimeLineExecutable == null) {
logger.log(Level.SEVERE, Bundle.PlasoIngestModule_log2timeline_executable_not_found());
MessageNotifyUtil.Message.info(Bundle.PlasoIngestModule_error_running());
throw new IngestModuleException(Bundle.PlasoIngestModule_log2timeline_executable_not_found());
if (false == PlatformUtil.isWindowsOS()) {
throw new IngestModuleException(Bundle.PlasoIngestModule_requires_windows());
}
psortExecutable = locateExecutable(PSORT_EXECUTABLE);
if (psortExecutable == null) {
logger.log(Level.SEVERE, Bundle.PlasoIngestModule_psort_executable_not_found());
MessageNotifyUtil.Message.info(Bundle.PlasoIngestModule_error_running());
throw new IngestModuleException(Bundle.PlasoIngestModule_psort_executable_not_found());
try {
log2TimeLineExecutable = locateExecutable(LOG2TIMELINE_EXECUTABLE);
psortExecutable = locateExecutable(PSORT_EXECUTABLE);
} catch (FileNotFoundException exception) {
logger.log(Level.WARNING, "Plaso executable not found.", exception); //NON-NLS
throw new IngestModuleException(Bundle.PlasoIngestModule_executable_not_found(), exception);
}
Content dataSource = context.getDataSource();
if (!(dataSource instanceof Image)) {
throw new IngestModuleException(Bundle.PlasoIngestModule_dataSource_not_an_image());
}
image = (Image) dataSource;
}
@NbBundle.Messages({
"PlasoIngestModule_startUp_message=Starting Plaso Run.",
"PlasoIngestModule_error_running_log2timeline=Error running log2timeline, see log file.",
"PlasoIngestModule_error_running_psort=Error running Psort, see log file.",
"PlasoIngestModule_log2timeline_cancelled=Log2timeline run was canceled",
"PlasoIngestModule_psort_cancelled=psort run was canceled",
"PlasoIngestModule_bad_imageFile=Cannot find image file name and path",
"PlasoIngestModule_dataSource_not_an_image=Datasource is not an Image.",
"PlasoIngestModule_running_log2timeline=Running Log2timeline",
"PlasoIngestModule_running_psort=Running Psort",
"PlasoIngestModule_completed=Plaso Processing Completed",
"PlasoIngestModule_has_run=Plaso Plugin has been run."})
"PlasoIngestModule.error.running.log2timeline=Error running log2timeline, see log file.",
"PlasoIngestModule.error.running.psort=Error running Psort, see log file.",
"PlasoIngestModule.error.creating.output.dir=Error creating Plaso module output directory.",
"PlasoIngestModule.starting.log2timeline=Starting Log2timeline",
"PlasoIngestModule.running.psort=Running Psort",
"PlasoIngestModule.log2timeline.cancelled=Log2timeline run was canceled",
"PlasoIngestModule.psort.cancelled=psort run was canceled",
"PlasoIngestModule.bad.imageFile=Cannot find image file name and path",
"PlasoIngestModule.completed=Plaso Processing Completed",
"PlasoIngestModule.has.run=Plaso Plugin has been run."})
@Override
public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress statusHelper) {
assert dataSource.equals(image);
statusHelper.switchToDeterminate(100);
currentCase = Case.getCurrentCase();
fileManager = currentCase.getServices().getFileManager();
//we should do this check at startup...
if (!(dataSource instanceof Image)) {
logger.log(Level.SEVERE, Bundle.PlasoIngestModule_dataSource_not_an_image());
MessageNotifyUtil.Message.info(Bundle.PlasoIngestModule_error_running());
return ProcessResult.OK;
}
image = (Image) dataSource;
String currentTime = TimeUtilities.epochToTime(System.currentTimeMillis() / 1000);
currentTime = currentTime.replaceAll(":", "-"); //NON-NLS
String currentTime = new SimpleDateFormat("yyyy-MM-dd HH-mm-ss z", Locale.US).format(System.currentTimeMillis());//NON-NLS
Path moduleOutputPath = Paths.get(currentCase.getModuleDirectory(), PLASO, currentTime);
File directory = moduleOutputPath.toFile();
if (!directory.exists()) {
directory.mkdirs();
try {
Files.createDirectories(moduleOutputPath);
} catch (IOException ex) {
logger.log(Level.SEVERE, "Error creating Plaso module output directory.", ex); //NON-NLS
return ProcessResult.ERROR;
}
logger.log(Level.INFO, Bundle.PlasoIngestModule_startUp_message());
statusHelper.progress(Bundle.PlasoIngestModule_running_log2timeline(), 0);
// Run log2timeline
logger.log(Level.INFO, "Starting Plaso Run.");//NON-NLS
statusHelper.progress(Bundle.PlasoIngestModule_starting_log2timeline(), 0);
ProcessBuilder log2TimeLineCommand = buildLog2TimeLineCommand(moduleOutputPath, image);
try {
// Run log2timeline
Process log2TimeLine = log2TimeLineCommand.start();
try (BufferedReader log2TimeLineOutpout = new BufferedReader(new InputStreamReader(log2TimeLine.getInputStream()))) {
Process log2TimeLineProcess = log2TimeLineCommand.start();
try (BufferedReader log2TimeLineOutpout = new BufferedReader(new InputStreamReader(log2TimeLineProcess.getInputStream()))) {
L2TStatusProcessor statusReader = new L2TStatusProcessor(log2TimeLineOutpout, statusHelper, moduleOutputPath);
new Thread(statusReader, "log2timeline status reader").start(); //NON-NLS
ExecUtil.waitForTermination(LOG2TIMELINE_EXECUTABLE, log2TimeLine, new DataSourceIngestModuleProcessTerminator(context));
ExecUtil.waitForTermination(LOG2TIMELINE_EXECUTABLE, log2TimeLineProcess, new DataSourceIngestModuleProcessTerminator(context));
statusReader.cancel();
}
if (context.dataSourceIngestIsCancelled()) {
logger.log(Level.INFO, Bundle.PlasoIngestModule_log2timeline_cancelled()); //NON-NLS
MessageNotifyUtil.Message.info(Bundle.PlasoIngestModule_log2timeline_cancelled());
logger.log(Level.INFO, "Log2timeline run was canceled"); //NON-NLS
return ProcessResult.OK;
}
if (Files.notExists(moduleOutputPath.resolve(PLASO))) {
logger.log(Level.INFO, Bundle.PlasoIngestModule_error_running_log2timeline()); //NON-NLS
MessageNotifyUtil.Message.info(Bundle.PlasoIngestModule_error_running_log2timeline());
logger.log(Level.WARNING, "Error running log2timeline: there was no storage file."); //NON-NLS
return ProcessResult.ERROR;
}
@ -181,14 +180,12 @@ public class PlasoIngestModule implements DataSourceIngestModule {
ExecUtil.execute(psortCommand, new DataSourceIngestModuleProcessTerminator(context));
if (context.dataSourceIngestIsCancelled()) {
logger.log(Level.INFO, Bundle.PlasoIngestModule_psort_cancelled()); //NON-NLS
MessageNotifyUtil.Message.info(Bundle.PlasoIngestModule_psort_cancelled());
logger.log(Level.INFO, "psort run was canceled"); //NON-NLS
return ProcessResult.OK;
}
Path plasoFile = moduleOutputPath.resolve("plasodb.db3"); //NON-NLS
if (Files.notExists(plasoFile)) {
logger.log(Level.INFO, Bundle.PlasoIngestModule_error_running_psort());
MessageNotifyUtil.Message.info(Bundle.PlasoIngestModule_error_running_psort());
logger.log(Level.SEVERE, "Error running Psort: there was no sqlite db file."); //NON-NLS
return ProcessResult.ERROR;
}
@ -196,24 +193,32 @@ public class PlasoIngestModule implements DataSourceIngestModule {
createPlasoArtifacts(plasoFile.toString(), statusHelper);
} catch (IOException ex) {
logger.log(Level.SEVERE, Bundle.PlasoIngestModule_error_running(), ex);
MessageNotifyUtil.Message.info(Bundle.PlasoIngestModule_error_running());
logger.log(Level.SEVERE, "Error running Plaso.", ex);//NON-NLS
return ProcessResult.ERROR;
}
IngestMessage message = IngestMessage.createMessage(IngestMessage.MessageType.DATA,
Bundle.PlasoIngestModule_has_run(), Bundle.PlasoIngestModule_completed());
Bundle.PlasoIngestModule_has_run(),
Bundle.PlasoIngestModule_completed());
IngestServices.getInstance().postMessage(message);
return ProcessResult.OK;
}
private ProcessBuilder buildLog2TimeLineCommand(Path moduleOutputPath, Image image) {
ProcessBuilder processBuilder = buildProcessWithRunAsInvoker("\"" + log2TimeLineExecutable + "\"", //NON-NLS
//make a csv list of disabled parsers.
String parsersString = settings.getParsers().entrySet().stream()
.filter(entry -> entry.getValue() == false)
.map(entry -> "!" + entry.getKey()) // '!' prepended to parsername disables it. //NON-NLS
.collect(Collectors.joining(","));//NON-NLS
ProcessBuilder processBuilder = buildProcessWithRunAsInvoker(
"\"" + log2TimeLineExecutable + "\"", //NON-NLS
"--vss-stores", "all", //NON-NLS
"-z", image.getTimeZone(), //NON-NLS
"--partitions", "all", //NON-NLS
"--hasher_file_size_limit", "1", //NON-NLS
"--hashers", "none", //NON-NLS
"--parsers", "\"" + parsersString + "\"",//NON-NLS
"--no_dependencies_check", //NON-NLS
"--workers", String.valueOf(LOG2TIMELINE_WORKERS),//NON-NLS
moduleOutputPath.resolve(PLASO).toString(),
@ -235,8 +240,7 @@ public class PlasoIngestModule implements DataSourceIngestModule {
ProcessBuilder processBuilder = buildProcessWithRunAsInvoker(
"\"" + psortExecutable + "\"", //NON-NLS
"-o", "4n6time_sqlite", //NON-NLS
"-w",//NON-NLS
moduleOutputPath.resolve("plasodb.db3").toString(), //NON-NLS
"-w", moduleOutputPath.resolve("plasodb.db3").toString(), //NON-NLS
moduleOutputPath.resolve(PLASO).toString()
);
@ -245,35 +249,27 @@ public class PlasoIngestModule implements DataSourceIngestModule {
return processBuilder;
}
private static File locateExecutable(String executableName) {
if (!PlatformUtil.isWindowsOS()) {
return null;
}
String executableToFindName = Paths.get(PlatformUtil.is64BitOS() ? PLASO64 : PLASO32, executableName).toString();
private static File locateExecutable(String executableName) throws FileNotFoundException {
String architectureFolder = PlatformUtil.is64BitOS() ? PLASO64 : PLASO32;
String executableToFindName = Paths.get(PLASO, architectureFolder, executableName).toString();
File exeFile = InstalledFileLocator.getDefault().locate(executableToFindName, PlasoIngestModule.class.getPackage().getName(), false);
if (null != exeFile && exeFile.canExecute()) {
return exeFile;
if (null == exeFile || exeFile.canExecute() == false) {
throw new FileNotFoundException(executableName + " executable not found.");
}
return null;
return exeFile;
}
@NbBundle.Messages({
"PlasoIngestModule_exception_posting_artifact=Exception Posting artifact.",
"PlasoIngestModule_event_datetime=Event Date Time",
"PlasoIngestModule_event_description=Event Description",
"PlasoIngestModule_exception_adding_artifact=Exception Adding Artifact",
"PlasoIngestModule_exception_database_error=Error while trying to read into a sqlite db.",
"PlasoIngestModule_error_posting_artifact=Error Posting Artifact ",
"PlasoIngestModule_create_artifacts_cancelled=Cancelled Plaso Artifact Creation ",
"PlasoIngestModule.exception.posting.artifact=Exception Posting artifact.",
"PlasoIngestModule.event.datetime=Event Date Time",
"PlasoIngestModule.event.description=Event Description",
"PlasoIngestModule.create.artifacts.cancelled=Cancelled Plaso Artifact Creation ",
"# {0} - file that events are from",
"PlasoIngestModule_artifact_progress=Adding events to case: {0}"
})
"PlasoIngestModule.artifact.progress=Adding events to case: {0}"})
private void createPlasoArtifacts(String plasoDb, DataSourceIngestModuleProgress statusHelper) {
Blackboard blackboard = currentCase.getSleuthkitCase().getBlackboard();
//NON-NLS
String sqlStatement = "SELECT substr(filename,1) AS filename, "
+ " strftime('%s', datetime) AS epoch_date, "
+ " description, "
@ -290,8 +286,7 @@ public class PlasoIngestModule implements DataSourceIngestModule {
ResultSet resultSet = tempdbconnect.executeQry(sqlStatement)) {
while (resultSet.next()) {
if (context.dataSourceIngestIsCancelled()) {
logger.log(Level.INFO, Bundle.PlasoIngestModule_create_artifacts_cancelled());
MessageNotifyUtil.Message.info(Bundle.PlasoIngestModule_create_artifacts_cancelled());
logger.log(Level.INFO, "Cancelled Plaso Artifact Creation."); //NON-NLS
return;
}
@ -299,11 +294,10 @@ public class PlasoIngestModule implements DataSourceIngestModule {
statusHelper.progress(Bundle.PlasoIngestModule_artifact_progress(currentFileName), 66);
Content resolvedFile = getAbstractFile(currentFileName);
if (resolvedFile == null) {
logger.log(Level.INFO, "File from Plaso output not found. Associating with data source instead: {0}", currentFileName); //NON-NLS
logger.log(Level.INFO, "File {0} from Plaso output not found in case. Associating it with the data source instead.", currentFileName);//NON-NLS
resolvedFile = image;
}
long eventType = findEventSubtype(currentFileName, resultSet);
Collection<BlackboardAttribute> bbattributes = Arrays.asList(
new BlackboardAttribute(
TSK_DATETIME, MODULE_NAME,
@ -313,7 +307,7 @@ public class PlasoIngestModule implements DataSourceIngestModule {
resultSet.getString("description")),//NON-NLS
new BlackboardAttribute(
TSK_TL_EVENT_TYPE, MODULE_NAME,
eventType));
findEventSubtype(currentFileName, resultSet)));
try {
BlackboardArtifact bbart = resolvedFile.newArtifact(TSK_TL_EVENT);
@ -324,28 +318,28 @@ public class PlasoIngestModule implements DataSourceIngestModule {
* this new artifact */
blackboard.postArtifact(bbart, MODULE_NAME);
} catch (BlackboardException ex) {
logger.log(Level.SEVERE, Bundle.PlasoIngestModule_exception_posting_artifact(), ex);
logger.log(Level.SEVERE, "Error Posting Artifact.", ex);//NON-NLS
}
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, Bundle.PlasoIngestModule_exception_adding_artifact(), ex);
logger.log(Level.SEVERE, "Exception Adding Artifact.", ex);//NON-NLS
}
}
} catch (SQLException ex) {
logger.log(Level.SEVERE, Bundle.PlasoIngestModule_exception_database_error(), ex);
logger.log(Level.SEVERE, "Error while trying to read into a sqlite db.", ex);//NON-NLS
}
}
@NbBundle.Messages({"PlasoIngestModule_exception_find_file=Exception finding file."})
private AbstractFile getAbstractFile(String file) {
Path path = Paths.get(file);
String fileName = path.getFileName().toString();
String filePath = path.getParent().toString().replaceAll("\\\\", "/"); //NON-NLS
if (filePath.endsWith("/") == false) { //NON-NLS
filePath += "/"; //NON-NLS
String filePath = path.getParent().toString().replaceAll("\\\\", "/");//NON-NLS
if (filePath.endsWith("/") == false) {//NON-NLS
filePath += "/";//NON-NLS
}
// check the cached file
//TODO: would we reduce 'cache misses' if we retrieved the events sorted by file? Is that overhead worth it?
if (previousFile != null
&& previousFile.getName().equalsIgnoreCase(fileName)
&& previousFile.getParentPath().equalsIgnoreCase(filePath)) {
@ -354,7 +348,7 @@ public class PlasoIngestModule implements DataSourceIngestModule {
}
try {
List<AbstractFile> abstractFiles = fileManager.findFiles(fileName, filePath);
if (abstractFiles.size() == 1) {
if (abstractFiles.size() == 1) {// TODO: why do we bother with this check. also we don't cache the file...
return abstractFiles.get(0);
}
for (AbstractFile resolvedFile : abstractFiles) {
@ -366,7 +360,7 @@ public class PlasoIngestModule implements DataSourceIngestModule {
}
}
} catch (TskCoreException ex) {
logger.log(Level.WARNING, Bundle.PlasoIngestModule_exception_find_file(), ex);
logger.log(Level.SEVERE, "Exception finding file.", ex);
}
return null;
}
@ -384,10 +378,9 @@ public class PlasoIngestModule implements DataSourceIngestModule {
*/
private long findEventSubtype(String fileName, ResultSet row) throws SQLException {
switch (row.getString("source")) {
case "WEBHIST":
if (fileName.toLowerCase().contains("cookie")//NON-NLS
|| row.getString("type").toLowerCase().contains("cookie")//NON-NLS
) {//NON-NLS
case "WEBHIST": //These shouldn't actually be present, but keeping the logic just in case...
if (fileName.toLowerCase().contains(COOKIE)
|| row.getString("type").toLowerCase().contains(COOKIE)) {//NON-NLS
return EventType.WEB_COOKIE.getTypeID();
} else {
return EventType.WEB_HISTORY.getTypeID();
@ -417,7 +410,7 @@ public class PlasoIngestModule implements DataSourceIngestModule {
private final BufferedReader log2TimeLineOutpout;
private final DataSourceIngestModuleProgress statusHelper;
private boolean cancelled = false;
volatile private boolean cancelled = false;
private final Path outputPath;
private L2TStatusProcessor(BufferedReader log2TimeLineOutpout, DataSourceIngestModuleProgress statusHelper, Path outputPath) throws IOException {
@ -429,12 +422,12 @@ public class PlasoIngestModule implements DataSourceIngestModule {
@Override
public void run() {
try (BufferedWriter writer = Files.newBufferedWriter(outputPath.resolve("log2timeline_output.txt"));) {//NON-NLS
String line;
while (null != (line = log2TimeLineOutpout.readLine())
&& cancelled == false) {
String line = log2TimeLineOutpout.readLine();
while (cancelled == false && nonNull(line)) {
statusHelper.progress(line);
writer.write(line);
writer.newLine();
line = log2TimeLineOutpout.readLine();
}
writer.flush();
} catch (IOException ex) {

View File

@ -22,17 +22,19 @@ import org.openide.util.NbBundle;
import org.openide.util.lookup.ServiceProvider;
import org.sleuthkit.autopsy.coreutils.Version;
import org.sleuthkit.autopsy.ingest.DataSourceIngestModule;
import org.sleuthkit.autopsy.ingest.FileIngestModule;
import org.sleuthkit.autopsy.ingest.IngestModuleFactory;
import org.sleuthkit.autopsy.ingest.IngestModuleFactoryAdapter;
import org.sleuthkit.autopsy.ingest.IngestModuleGlobalSettingsPanel;
import org.sleuthkit.autopsy.ingest.IngestModuleIngestJobSettings;
import org.sleuthkit.autopsy.ingest.IngestModuleIngestJobSettingsPanel;
/**
* A factory that creates data source ingest modules that run plaso against an
* A factory that creates data source ingest modules that run Plaso against an
* image and saves the storage file to module output.
*/
@ServiceProvider(service = IngestModuleFactory.class)
public class PlasoModuleFactory extends IngestModuleFactoryAdapter {
@NbBundle.Messages({"PlasoModuleFactory.ingestJobSettings.exception.msg=Expected settings argument to be instanceof PlasoModuleSettings"})
public class PlasoModuleFactory implements IngestModuleFactory {
@NbBundle.Messages({"PlasoModuleFactory_moduleName=Plaso"})
static String getModuleName() {
@ -61,12 +63,21 @@ public class PlasoModuleFactory extends IngestModuleFactoryAdapter {
}
@Override
public DataSourceIngestModule createDataSourceIngestModule(IngestModuleIngestJobSettings ingestOptions) {
return new PlasoIngestModule();
public DataSourceIngestModule createDataSourceIngestModule(IngestModuleIngestJobSettings settings) {
assert settings instanceof PlasoModuleSettings;
if (settings instanceof PlasoModuleSettings) {
return new PlasoIngestModule((PlasoModuleSettings) settings);
}
throw new IllegalArgumentException(Bundle.PlasoModuleFactory_ingestJobSettings_exception_msg());
}
@Override
public boolean hasGlobalSettingsPanel() {
return false;
}
/**
* This module typically takes a very long time and is there for not enabled
* This module typically takes a very long time and is therefore not enabled
* by default.
*
* @return False.
@ -75,4 +86,38 @@ public class PlasoModuleFactory extends IngestModuleFactoryAdapter {
public boolean isEnabledByDefault() {
return false;
}
@Override
public IngestModuleGlobalSettingsPanel getGlobalSettingsPanel() {
throw new UnsupportedOperationException();
}
@Override
public IngestModuleIngestJobSettings getDefaultIngestJobSettings() {
return new PlasoModuleSettings();
}
@Override
public boolean hasIngestJobSettingsPanel() {
return true;
}
@Override
public IngestModuleIngestJobSettingsPanel getIngestJobSettingsPanel(IngestModuleIngestJobSettings settings) {
assert settings instanceof PlasoModuleSettings;
if (settings instanceof PlasoModuleSettings) {
return new PlasoModuleSettingsPanel((PlasoModuleSettings) settings);
}
throw new IllegalArgumentException(Bundle.PlasoModuleFactory_ingestJobSettings_exception_msg());
}
@Override
public boolean isFileIngestModuleFactory() {
return false;
}
@Override
public FileIngestModule createFileIngestModule(IngestModuleIngestJobSettings settings) {
throw new UnsupportedOperationException();
}
}

View File

@ -0,0 +1,92 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2019 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.modules.plaso;
import com.google.common.collect.ImmutableMap;
import java.util.HashMap;
import java.util.Map;
import org.sleuthkit.autopsy.ingest.IngestModuleIngestJobSettings;
/**
* Settings for the Plaso Ingest Module.
*/
public class PlasoModuleSettings implements IngestModuleIngestJobSettings {
private static final long serialVersionUID = 1L;
/** Map from parser name (or match pattern) to its enabled state. */
final Map<String, Boolean> parsers = new HashMap<>();
/**
* Get an immutable map from parser name to its enabled state. Parsers
* mapped to true or with no entry will be enabled. Parsers mapped to false,
* will be disabled.
*/
Map<String, Boolean> getParsers() {
return ImmutableMap.copyOf(parsers);
}
/**
* Constructor. The PlasoModuleSettings will have the default parsers
* (winreg, pe, chrome, firefox, internet explorer) disabled.
*/
public PlasoModuleSettings() {
parsers.put("winreg", false);
parsers.put("pe", false);
//chrome
parsers.put("chrome_preferences", false);
parsers.put("chrome_cache", false);
parsers.put("chrome_27_history", false);
parsers.put("chrome_8_history", false);
parsers.put("chrome_cookies", false);
parsers.put("chrome_extension_activity", false);
//firefox
parsers.put("firefox_cache", false);
parsers.put("firefox_cache2", false);
parsers.put("firefox_cookies", false);
parsers.put("firefox_downloads", false);
parsers.put("firefox_history", false);
//Internet Explorer
parsers.put("msiecf", false);
parsers.put("msie_webcache", false);
}
/**
* Gets the serialization version number.
*
* @return A serialization version number.
*/
@Override
public long getVersionNumber() {
return serialVersionUID;
}
/**
* Set the given parser enabled/disabled
*
* @param parserName The name of the parser to enable/disable
* @param selected The new state (enabled/disabled) for the given parser.
*/
void setParserEnabled(String parserName, boolean selected) {
parsers.put(parserName, selected);
}
}

View File

@ -0,0 +1,84 @@
<?xml version="1.0" encoding="UTF-8" ?>
<Form version="1.5" maxVersion="1.9" type="org.netbeans.modules.form.forminfo.JPanelFormInfo">
<AuxValues>
<AuxValue name="FormSettings_autoResourcing" type="java.lang.Integer" value="1"/>
<AuxValue name="FormSettings_autoSetComponentName" type="java.lang.Boolean" value="false"/>
<AuxValue name="FormSettings_generateFQN" type="java.lang.Boolean" value="true"/>
<AuxValue name="FormSettings_generateMnemonicsCode" type="java.lang.Boolean" value="true"/>
<AuxValue name="FormSettings_i18nAutoMode" type="java.lang.Boolean" value="true"/>
<AuxValue name="FormSettings_layoutCodeTarget" type="java.lang.Integer" value="1"/>
<AuxValue name="FormSettings_listenerGenerationStyle" type="java.lang.Integer" value="0"/>
<AuxValue name="FormSettings_variablesLocal" type="java.lang.Boolean" value="false"/>
<AuxValue name="FormSettings_variablesModifier" type="java.lang.Integer" value="2"/>
</AuxValues>
<Layout>
<DimensionLayout dim="0">
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0">
<EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Component id="plasoParserInfoTextArea" max="32767" attributes="0"/>
<Component id="peCheckBox" min="-2" max="-2" attributes="0"/>
<Component id="winRegCheckBox" min="-2" max="-2" attributes="0"/>
</Group>
<EmptySpace max="-2" attributes="0"/>
</Group>
</Group>
</DimensionLayout>
<DimensionLayout dim="1">
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0">
<EmptySpace min="-2" max="-2" attributes="0"/>
<Component id="plasoParserInfoTextArea" pref="188" max="32767" attributes="0"/>
<EmptySpace type="separate" max="-2" attributes="0"/>
<Component id="winRegCheckBox" min="-2" max="-2" attributes="0"/>
<EmptySpace type="unrelated" min="-2" max="-2" attributes="0"/>
<Component id="peCheckBox" min="-2" max="-2" attributes="0"/>
<EmptySpace min="-2" max="-2" attributes="0"/>
</Group>
</Group>
</DimensionLayout>
</Layout>
<SubComponents>
<Component class="javax.swing.JCheckBox" name="winRegCheckBox">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/modules/plaso/Bundle.properties" key="PlasoModuleSettingsPanel.winRegCheckBox.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
<Events>
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="winRegCheckBoxActionPerformed"/>
</Events>
</Component>
<Component class="javax.swing.JCheckBox" name="peCheckBox">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/modules/plaso/Bundle.properties" key="PlasoModuleSettingsPanel.peCheckBox.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
<Events>
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="peCheckBoxActionPerformed"/>
</Events>
</Component>
<Component class="javax.swing.JTextArea" name="plasoParserInfoTextArea">
<Properties>
<Property name="editable" type="boolean" value="false"/>
<Property name="background" type="java.awt.Color" editor="org.netbeans.beaninfo.editors.ColorEditor">
<Color blue="f0" green="f0" id="Panel.background" palette="3" red="f0" type="palette"/>
</Property>
<Property name="columns" type="int" value="20"/>
<Property name="lineWrap" type="boolean" value="true"/>
<Property name="rows" type="int" value="5"/>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/modules/plaso/Bundle.properties" key="PlasoModuleSettingsPanel.plasoParserInfoTextArea.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="wrapStyleWord" type="boolean" value="true"/>
<Property name="border" type="javax.swing.border.Border" editor="org.netbeans.modules.form.editors2.BorderEditor">
<Border info="null"/>
</Property>
</Properties>
</Component>
</SubComponents>
</Form>

View File

@ -0,0 +1,115 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2019 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.modules.plaso;
import org.sleuthkit.autopsy.ingest.IngestModuleIngestJobSettings;
import org.sleuthkit.autopsy.ingest.IngestModuleIngestJobSettingsPanel;
/**
* Settings panel for the PlasoIngestModule.
*/
public class PlasoModuleSettingsPanel extends IngestModuleIngestJobSettingsPanel {
private final PlasoModuleSettings settings;
public PlasoModuleSettingsPanel(PlasoModuleSettings settings) {
this.settings = settings;
initComponents();
}
/** This method is called from within the constructor to initialize the
* form. WARNING: Do NOT modify this code. The content of this method is
* always regenerated by the Form Editor.
*/
@SuppressWarnings("unchecked")
// <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents
private void initComponents() {
winRegCheckBox = new javax.swing.JCheckBox();
peCheckBox = new javax.swing.JCheckBox();
plasoParserInfoTextArea = new javax.swing.JTextArea();
org.openide.awt.Mnemonics.setLocalizedText(winRegCheckBox, org.openide.util.NbBundle.getMessage(PlasoModuleSettingsPanel.class, "PlasoModuleSettingsPanel.winRegCheckBox.text")); // NOI18N
winRegCheckBox.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
winRegCheckBoxActionPerformed(evt);
}
});
org.openide.awt.Mnemonics.setLocalizedText(peCheckBox, org.openide.util.NbBundle.getMessage(PlasoModuleSettingsPanel.class, "PlasoModuleSettingsPanel.peCheckBox.text")); // NOI18N
peCheckBox.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
peCheckBoxActionPerformed(evt);
}
});
plasoParserInfoTextArea.setEditable(false);
plasoParserInfoTextArea.setBackground(javax.swing.UIManager.getDefaults().getColor("Panel.background"));
plasoParserInfoTextArea.setColumns(20);
plasoParserInfoTextArea.setLineWrap(true);
plasoParserInfoTextArea.setRows(5);
plasoParserInfoTextArea.setText(org.openide.util.NbBundle.getMessage(PlasoModuleSettingsPanel.class, "PlasoModuleSettingsPanel.plasoParserInfoTextArea.text")); // NOI18N
plasoParserInfoTextArea.setWrapStyleWord(true);
plasoParserInfoTextArea.setBorder(null);
javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
this.setLayout(layout);
layout.setHorizontalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addContainerGap()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(plasoParserInfoTextArea)
.addComponent(peCheckBox)
.addComponent(winRegCheckBox))
.addContainerGap())
);
layout.setVerticalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addContainerGap()
.addComponent(plasoParserInfoTextArea, javax.swing.GroupLayout.DEFAULT_SIZE, 188, Short.MAX_VALUE)
.addGap(18, 18, 18)
.addComponent(winRegCheckBox)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addComponent(peCheckBox)
.addContainerGap())
);
}// </editor-fold>//GEN-END:initComponents
private void winRegCheckBoxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_winRegCheckBoxActionPerformed
settings.setParserEnabled("winreg", winRegCheckBox.isSelected());
}//GEN-LAST:event_winRegCheckBoxActionPerformed
private void peCheckBoxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_peCheckBoxActionPerformed
settings.setParserEnabled("pe", peCheckBox.isSelected());
}//GEN-LAST:event_peCheckBoxActionPerformed
@Override
public IngestModuleIngestJobSettings getSettings() {
return settings;
}
// Variables declaration - do not modify//GEN-BEGIN:variables
private javax.swing.JCheckBox peCheckBox;
private javax.swing.JTextArea plasoParserInfoTextArea;
private javax.swing.JCheckBox winRegCheckBox;
// End of variables declaration//GEN-END:variables
}

View File

@ -87,7 +87,7 @@ FileReportDataTypes.path.text=Full Path
FileReportText.getName.text=Files - Text
FileReportText.getDesc.text=A tab delimited text file containing information about individual files in the case.
ReportBodyFile.progress.querying=Querying files...
ReportBodyFile.ingestWarning.text=Warning, this report was run before ingest services completed\!
ReportBodyFile.ingestWarning.text=Warning, this report was run before ingest services completed!
ReportBodyFile.progress.loading=Loading files...
ReportBodyFile.progress.processing=Now processing {0}...
ReportBodyFile.getName.text=TSK Body File
@ -229,13 +229,13 @@ ReportHTML.getName.text=HTML Report
ReportHTML.getDesc.text=A report about results and tagged items in HTML format.
ReportHTML.writeIndex.title=for case {0}
ReportHTML.writeIndex.noFrames.msg=Your browser is not compatible with our frame setup.
ReportHTML.writeIndex.noFrames.seeNav=Please see <a href\="content\nav.html">the navigation page</a> for artifact links,
ReportHTML.writeIndex.seeSum=and <a href\="content\summary.html">the summary page</a> for a case summary.
ReportHTML.writeIndex.noFrames.seeNav=Please see <a href="content\nav.html">the navigation page</a> for artifact links,
ReportHTML.writeIndex.seeSum=and <a href="contentsummary.html">the summary page</a> for a case summary.
ReportHTML.writeNav.title=Report Navigation
ReportHTML.writeNav.h1=Report Navigation
ReportHTML.writeNav.summary=Case Summary
ReportHTML.writeSum.title=Case Summary
ReportHTML.writeSum.warningMsg=<span>Warning, this report was run before ingest services completed\!</span>
ReportHTML.writeSum.warningMsg=<span>Warning, this report was run before ingest services completed!</span>
#
# autopsy/test/scripts/regression.py._html_report_diff() uses reportGenOn.text, caseName, caseNum,
# examiner as a regex signature to skip report.html and summary.html

View File

@ -123,7 +123,7 @@ KeywordSearchEditListPanel.exportButtonActionPerformed.kwListExportedMsg=Keyword
KeywordSearchEditListPanel.kwColName=Keyword
KeywordSearchEditListPanel.addKeyword.message=Add a new word to the keyword search list:
KeywordSearchEditListPanel.addKeyword.title=New Keyword
KeywordSearchFilterNode.getFileActions.openExternViewActLbl=Open in External Viewer
KeywordSearchFilterNode.getFileActions.openExternViewActLbl=Open in External Viewer Ctrl+E
KeywordSearchFilterNode.getFileActions.searchSameMd5=Search for files with the same MD5 hash
KeywordSearchFilterNode.getFileActions.viewInNewWinActionLbl=View in New Window
KeywordSearchIngestModule.init.noKwInLstMsg=No keywords in keyword list.

View File

@ -21,7 +21,7 @@ ExtractIE.getBookmark.errMsg.errPostingBookmarks=Error posting Internet Explorer
ExtractIE.getCookie.errMsg.errPostingCookies=Error posting Internet Explorer Cookie artifacts.
ExtractIE.getCookie.errMsg.errPostingCookiess=Error posting Internet Explorer Cookie artifacts.
ExtractIE.getHistory.errMsg.errPostingHistory=Error posting Internet Explorer History artifacts.
ExtractIE.parentModuleName.noSpace=RecentActivity
# {0} - the module name
Extractor.errPostingArtifacts=Error posting {0} artifacts to the blackboard.
ExtractOs.androidOs.label=Android

View File

@ -1,5 +1,5 @@
#Updated by build script
#Fri, 22 Mar 2019 09:08:00 +0100
#Mon, 15 Apr 2019 17:38:29 +0200
LBL_splash_window_title=Starting Autopsy
SPLASH_HEIGHT=314
SPLASH_WIDTH=538

View File

@ -1,4 +1,4 @@
#Updated by build script
#Fri, 22 Mar 2019 09:08:00 +0100
#Mon, 15 Apr 2019 17:38:29 +0200
CTL_MainWindow_Title=Autopsy 4.10.0
CTL_MainWindow_Title_No_Project=Autopsy 4.10.0