From 78b6a06e58734db398eb3913a8caf1e4d6578d03 Mon Sep 17 00:00:00 2001 From: Brian Carrier Date: Thu, 12 Apr 2018 23:48:59 -0400 Subject: [PATCH] Fix the remembering selection and add outputs as files instead of eport --- .../volatilityDSP/MemoryDSInputPanel.java | 12 ++--- .../volatilityDSP/VolatilityProcessor.java | 50 ++++++++----------- 2 files changed, 28 insertions(+), 34 deletions(-) diff --git a/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/MemoryDSInputPanel.java b/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/MemoryDSInputPanel.java index f96a9cc801..f006687c3e 100644 --- a/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/MemoryDSInputPanel.java +++ b/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/MemoryDSInputPanel.java @@ -53,7 +53,6 @@ final class MemoryDSInputPanel extends JPanel implements DocumentListener { private final PluginListTableModel tableModel = new PluginListTableModel(); private final List PluginListNames = new ArrayList<>(); private final Map pluginListStates = new HashMap<>(); // is set by listeners when users select and deselect items - private final Boolean isEnabled = true; /** * Creates new MemoryDSInputPanel panel for user input @@ -157,8 +156,10 @@ final class MemoryDSInputPanel extends JPanel implements DocumentListener { PluginListNames.add(plugin); if (allEnabled) { pluginListStates.put(plugin, true); + } else if ((pluginMap.containsKey(plugin) && pluginMap.get(plugin).equals("false"))) { + pluginListStates.put(plugin, false); } else { - pluginListStates.put(plugin, pluginMap.containsKey(plugin)); + pluginListStates.put(plugin, true); } } tableModel.fireTableDataChanged(); @@ -327,15 +328,14 @@ final class MemoryDSInputPanel extends JPanel implements DocumentListener { List getPluginsToRun() { List enabledPlugins = new ArrayList<>(); - Map pluginMap = new HashMap<>(); + Map pluginSettingsToSave = new HashMap<>(); for (String plugin : PluginListNames) { if (pluginListStates.get(plugin)) { enabledPlugins.add(plugin); - pluginMap.put(plugin, ""); } + pluginSettingsToSave.put(plugin, pluginListStates.get(plugin).toString()); } - - ModuleSettings.setConfigSettings(this.contextName, pluginMap); + ModuleSettings.setConfigSettings(this.contextName, pluginSettingsToSave); // @@ Could return keys of set return enabledPlugins; } diff --git a/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java b/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java index 50246f5255..59293de566 100644 --- a/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java +++ b/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java @@ -29,7 +29,7 @@ import java.util.List; import java.util.Set; import java.util.logging.Level; import org.openide.modules.InstalledFileLocator; -import org.openide.util.Lookup; +import org.openide.util.Exceptions; import org.openide.util.NbBundle; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; @@ -41,13 +41,13 @@ import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.PlatformUtil; import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.ModuleDataEvent; -import org.sleuthkit.autopsy.keywordsearchservice.KeywordSearchService; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardAttribute; +import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.Image; -import org.sleuthkit.datamodel.Report; import org.sleuthkit.datamodel.TskCoreException; +import org.sleuthkit.datamodel.TskData.EncodingType; import org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM; /** @@ -70,6 +70,7 @@ class VolatilityProcessor { private String moduleOutputPath; private FileManager fileManager; private volatile boolean isCancelled; + private Content outputVirtDir; /** * Constructs a processor that runs Volatility on a given memory image file @@ -117,6 +118,13 @@ class VolatilityProcessor { fileManager = currentCase.getServices().getFileManager(); + try { + // make a virtual directory to store the reports + outputVirtDir = currentCase.getSleuthkitCase().addVirtualDirectory(dataSource.getId(), "ModuleOutput"); + } catch (TskCoreException ex) { + throw new VolatilityProcessorException("Error creating virtual directory", ex); + } + /* * Make an output folder unique to this data source. */ @@ -129,6 +137,7 @@ class VolatilityProcessor { runVolatilityPlugin("imageinfo"); //NON-NLS } + progressMonitor.setIndeterminate(false); progressMonitor.setProgressMax(pluginsToRun.size()); for (int i = 0; i < pluginsToRun.size(); i++) { @@ -186,14 +195,15 @@ class VolatilityProcessor { commandLine.add(pluginToRun); - String outputFile = moduleOutputPath + "\\" + pluginToRun + ".txt"; //NON-NLS + String outputFileAsString = moduleOutputPath + "\\" + pluginToRun + ".txt"; //NON-NLS ProcessBuilder processBuilder = new ProcessBuilder(commandLine); /* * Add an environment variable to force Volatility to run with the same * permissions Autopsy uses. */ processBuilder.environment().put("__COMPAT_LAYER", "RunAsInvoker"); //NON-NLS - processBuilder.redirectOutput(new File(outputFile)); + File outputFile = new File(outputFileAsString); + processBuilder.redirectOutput(outputFile); processBuilder.redirectError(new File(moduleOutputPath + "\\Volatility_Run.err")); //NON-NLS processBuilder.directory(new File(memoryImage.getParent())); @@ -210,32 +220,16 @@ class VolatilityProcessor { if (isCancelled) { return; } - - /* - * Add the plugin output file to the case as a report. - */ + try { - Report report = currentCase.getSleuthkitCase().addReport(outputFile, VOLATILITY, VOLATILITY + " " + pluginToRun + " Plugin"); //NON-NLS - try { - KeywordSearchService searchService = Lookup.getDefault().lookup(KeywordSearchService.class); - if (searchService != null) { - searchService.index(report); - } else { - errorMsgs.add(Bundle.VolatilityProcessor_exceptionMessage_searchServiceNotFound(pluginToRun)); - /* - * Log the exception as well as add it to the error - * messages, to ensure that the stack trace is not lost. - */ - logger.log(Level.WARNING, Bundle.VolatilityProcessor_exceptionMessage_errorIndexingOutput(pluginToRun)); - } - } catch (TskCoreException ex) { - throw new VolatilityProcessorException(Bundle.VolatilityProcessor_exceptionMessage_errorIndexingOutput(pluginToRun), ex); - } + String relativePath = new File(currentCase.getCaseDirectory()).toURI().relativize(new File(outputFileAsString).toURI()).getPath(); + fileManager.addDerivedFile(pluginToRun, relativePath, outputFile.length(), 0, 0, 0, 0, true, outputVirtDir, null, null, null, null, EncodingType.NONE); } catch (TskCoreException ex) { - throw new VolatilityProcessorException(Bundle.VolatilityProcessor_exceptionMessage_errorAddingOutput(pluginToRun), ex); + errorMsgs.add("Error adding " + pluginToRun + " volatility report as a file"); + logger.log(Level.WARNING, "Error adding report as derived file", ex); } - - createArtifactsFromPluginOutput(pluginToRun, new File(outputFile)); + + createArtifactsFromPluginOutput(pluginToRun, new File(outputFileAsString)); } /**