mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 18:17:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '3144_encaseHashes' into 3140b_importKdb

Browse Source 
Conflicts:
	Core/src/org/sleuthkit/autopsy/modules/hashdatabase/ImportCentralRepoDbProgressDialog.java
This commit is contained in:
Ann Priestman 2017-11-22 08:10:12 -05:00
commit 7a4fd008c3
5 changed files with 236 additions and 210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/EncaseHashSetParser.java
View File

@ -31,6 +31,7 @@ import org.sleuthkit.datamodel.TskCoreException;
* Parser for Encase format hash sets (*.hash) * Parser for Encase format hash sets (*.hash)
*/ */
class EncaseHashSetParser implements HashSetParser { class EncaseHashSetParser implements HashSetParser {
private final byte[] encaseHeader = {(byte) 0x48, (byte) 0x41, (byte) 0x53, (byte) 0x48, (byte) 0x0d, (byte) 0x0a, (byte) 0xff, (byte) 0x00, private final byte[] encaseHeader = {(byte) 0x48, (byte) 0x41, (byte) 0x53, (byte) 0x48, (byte) 0x0d, (byte) 0x0a, (byte) 0xff, (byte) 0x00,
(byte) 0x02, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01, (byte) 0x00, (byte) 0x00, (byte) 0x00}; (byte) 0x02, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01, (byte) 0x00, (byte) 0x00, (byte) 0x00};
private final String filename; // Name of the input file (saved for logging) private final String filename; // Name of the input file (saved for logging)
@ -39,11 +40,12 @@ class EncaseHashSetParser implements HashSetParser {
private int totalHashesRead = 0; // Number of hashes that have been read private int totalHashesRead = 0; // Number of hashes that have been read
/** /**
* Opens the import file and parses the header. * Opens the import file and parses the header. If this is successful, the
* If this is successful, the file will be set up to call getNextHash() to * file will be set up to call getNextHash() to read the hash values.
* read the hash values. *
* @param filename The Encase hash set * @param filename The Encase hash set
* @throws TskCoreException There was an error opening/reading the file or it is not the correct format * @throws TskCoreException There was an error opening/reading the file or
* it is not the correct format
*/ */
EncaseHashSetParser(String filename) throws TskCoreException { EncaseHashSetParser(String filename) throws TskCoreException {
try { try {
@ -77,7 +79,6 @@ class EncaseHashSetParser implements HashSetParser {
readBuffer(typeBuffer, 0x28); readBuffer(typeBuffer, 0x28);
// At this point we're past the header and ready to read in the hashes // At this point we're past the header and ready to read in the hashes
} catch (IOException ex) { } catch (IOException ex) {
close(); close();
throw new TskCoreException("Error reading " + filename, ex); throw new TskCoreException("Error reading " + filename, ex);
@ -88,8 +89,9 @@ class EncaseHashSetParser implements HashSetParser {
} }
/** /**
* Get the expected number of hashes in the file. * Get the expected number of hashes in the file. This number can be an
* This number can be an estimate. * estimate.
*
* @return The expected hash count * @return The expected hash count
*/ */
@Override @Override
@ -99,6 +101,7 @@ class EncaseHashSetParser implements HashSetParser {
/** /**
* Check if there are more hashes to read * Check if there are more hashes to read
*
* @return true if we've read all expected hash values, false otherwise * @return true if we've read all expected hash values, false otherwise
*/ */
@Override @Override
@ -108,7 +111,9 @@ class EncaseHashSetParser implements HashSetParser {
/** /**
* Get the next hash to import * Get the next hash to import
* @return The hash as a string, or null if the end of file was reached without error *
* @return The hash as a string, or null if the end of file was reached
* without error
* @throws TskCoreException * @throws TskCoreException
*/ */
@Override @Override

6
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettingsPanel.java
View File

@ -128,7 +128,6 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan
hashDbReadOnlyLabel.setText(NO_SELECTION_TEXT); hashDbReadOnlyLabel.setText(NO_SELECTION_TEXT);
indexPathLabel.setText(NO_SELECTION_TEXT); indexPathLabel.setText(NO_SELECTION_TEXT);
// Update indexing components. // Update indexing components.
hashDbIndexStatusLabel.setText(NO_SELECTION_TEXT); hashDbIndexStatusLabel.setText(NO_SELECTION_TEXT);
hashDbIndexStatusLabel.setForeground(Color.black); hashDbIndexStatusLabel.setForeground(Color.black);
@ -303,6 +302,10 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan
@Messages({"HashLookupSettingsPanel.saveFail.message=Couldn't save hash db settings.", @Messages({"HashLookupSettingsPanel.saveFail.message=Couldn't save hash db settings.",
"HashLookupSettingsPanel.saveFail.title=Save Fail"}) "HashLookupSettingsPanel.saveFail.title=Save Fail"})
public void saveSettings() { public void saveSettings() {
// Clear out the list of unsaved hashes
newReferenceSetIDs.clear();
//Checking for for any unindexed databases //Checking for for any unindexed databases
List<SleuthkitHashSet> unindexed = new ArrayList<>(); List<SleuthkitHashSet> unindexed = new ArrayList<>();
for (HashDb db : hashSetManager.getAllHashSets()) { for (HashDb db : hashSetManager.getAllHashSets()) {
@ -335,7 +338,6 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan
} else { } else {
try { try {
hashSetManager.save(); hashSetManager.save();
newReferenceSetIDs.clear();
} catch (HashDbManager.HashDbManagerException ex) { } catch (HashDbManager.HashDbManagerException ex) {
SwingUtilities.invokeLater(() -> { SwingUtilities.invokeLater(() -> {
JOptionPane.showMessageDialog(null, Bundle.HashLookupSettingsPanel_saveFail_message(), Bundle.HashLookupSettingsPanel_saveFail_title(), JOptionPane.ERROR_MESSAGE); JOptionPane.showMessageDialog(null, Bundle.HashLookupSettingsPanel_saveFail_message(), Bundle.HashLookupSettingsPanel_saveFail_title(), JOptionPane.ERROR_MESSAGE);

10
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashSetParser.java
View File

@ -24,20 +24,24 @@ interface HashSetParser {
/** /**
* Get the next hash to import * Get the next hash to import
* @return The hash as a string, or null if the end of file was reached without error *
* @return The hash as a string, or null if the end of file was reached
* without error
* @throws TskCoreException * @throws TskCoreException
*/ */
String getNextHash() throws TskCoreException; String getNextHash() throws TskCoreException;
/** /**
* Check if there are more hashes to read * Check if there are more hashes to read
*
* @return true if we've read all expected hash values, false otherwise * @return true if we've read all expected hash values, false otherwise
*/ */
boolean doneReading(); boolean doneReading();
/** /**
* Get the expected number of hashes in the file. * Get the expected number of hashes in the file. This number can be an
* This number can be an estimate. * estimate.
*
* @return The expected hash count * @return The expected hash count
*/ */
long getExpectedHashCount(); long getExpectedHashCount();

11
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/IdxHashSetParser.java
View File

@ -31,6 +31,7 @@ import org.sleuthkit.datamodel.TskCoreException;
* Parser for idx files (*.idx) * Parser for idx files (*.idx)
*/ */
class IdxHashSetParser implements HashSetParser { class IdxHashSetParser implements HashSetParser {
private final String filename; // Name of the input file (saved for logging) private final String filename; // Name of the input file (saved for logging)
private BufferedReader reader; // Input file private BufferedReader reader; // Input file
private final long totalHashes; // Estimated number of hashes private final long totalHashes; // Estimated number of hashes
@ -52,7 +53,9 @@ class IdxHashSetParser implements HashSetParser {
/** /**
* Get the next hash to import * Get the next hash to import
* @return The hash as a string, or null if the end of file was reached without error *
* @return The hash as a string, or null if the end of file was reached
* without error
* @throws TskCoreException * @throws TskCoreException
*/ */
@Override @Override
@ -82,6 +85,7 @@ class IdxHashSetParser implements HashSetParser {
/** /**
* Check if there are more hashes to read * Check if there are more hashes to read
*
* @return true if we've read all expected hash values, false otherwise * @return true if we've read all expected hash values, false otherwise
*/ */
@Override @Override
@ -90,8 +94,9 @@ class IdxHashSetParser implements HashSetParser {
} }
/** /**
* Get the expected number of hashes in the file. * Get the expected number of hashes in the file. This number can be an
* This number can be an estimate. * estimate.
*
* @return The expected hash count * @return The expected hash count
*/ */
@Override @Override

34
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/ImportCentralRepoDbProgressDialog.java
View File

@ -49,8 +49,7 @@ class ImportCentralRepoDbProgressDialog extends javax.swing.JDialog implements P
private CentralRepoImportWorker worker; // Swing worker that will import the file and send updates to the dialog private CentralRepoImportWorker worker; // Swing worker that will import the file and send updates to the dialog
@NbBundle.Messages({"ImportCentralRepoDbProgressDialog.title.text=Central Repository Import Progress", @NbBundle.Messages({"ImportCentralRepoDbProgressDialog.title.text=Central Repository Import Progress",})
})
ImportCentralRepoDbProgressDialog() { ImportCentralRepoDbProgressDialog() {
super((JFrame) WindowManager.getDefault().getMainWindow(), super((JFrame) WindowManager.getDefault().getMainWindow(),
Bundle.ImportCentralRepoDbProgressDialog_title_text(), Bundle.ImportCentralRepoDbProgressDialog_title_text(),
@ -68,8 +67,9 @@ class ImportCentralRepoDbProgressDialog extends javax.swing.JDialog implements P
} }
/** /**
* Import the selected hash set into the central repository. * Import the selected hash set into the central repository. Will bring up a
* Will bring up a progress dialog while the import is in progress. * progress dialog while the import is in progress.
*
* @param hashSetName * @param hashSetName
* @param version * @param version
* @param orgId * @param orgId
@ -93,8 +93,9 @@ class ImportCentralRepoDbProgressDialog extends javax.swing.JDialog implements P
} }
/** /**
* Get the HashDb object for the newly imported data. * Get the HashDb object for the newly imported data. Should be called after
* Should be called after importFile completes. * importFile completes.
*
* @return The new HashDb object or null if the import failed/was canceled * @return The new HashDb object or null if the import failed/was canceled
*/ */
HashDbManager.HashDb getDatabase() { HashDbManager.HashDb getDatabase() {
@ -104,11 +105,10 @@ class ImportCentralRepoDbProgressDialog extends javax.swing.JDialog implements P
return null; return null;
} }
/** /**
* Updates the dialog from events from the worker. * Updates the dialog from events from the worker. The two events we handle
* The two events we handle are progress updates and * are progress updates and the done event.
* the done event. *
* @param evt * @param evt
*/ */
@NbBundle.Messages({"ImportCentralRepoDbProgressDialog.errorParsingFile.message=Error parsing hash set file"}) @NbBundle.Messages({"ImportCentralRepoDbProgressDialog.errorParsingFile.message=Error parsing hash set file"})
@ -147,6 +147,7 @@ class ImportCentralRepoDbProgressDialog extends javax.swing.JDialog implements P
} }
private class CentralRepoImportWorker extends SwingWorker<Void, Void> { private class CentralRepoImportWorker extends SwingWorker<Void, Void> {
private final int HASH_IMPORT_THRESHOLD = 10000; private final int HASH_IMPORT_THRESHOLD = 10000;
private final String hashSetName; private final String hashSetName;
private final String version; private final String version;
@ -180,7 +181,9 @@ class ImportCentralRepoDbProgressDialog extends javax.swing.JDialog implements P
/** /**
* Get the newly created database * Get the newly created database
* @return the imported database. May be null if an error occurred or the user canceled *
* @return the imported database. May be null if an error occurred or
* the user canceled
*/ */
synchronized HashDbManager.CentralRepoHashSet getDatabase() { synchronized HashDbManager.CentralRepoHashSet getDatabase() {
return newHashDb; return newHashDb;
@ -188,6 +191,7 @@ class ImportCentralRepoDbProgressDialog extends javax.swing.JDialog implements P
/** /**
* Get the number of hashes that have been read in so far * Get the number of hashes that have been read in so far
*
* @return current hash count * @return current hash count
*/ */
long getNumHashesProcessed() { long getNumHashesProcessed() {
@ -196,7 +200,9 @@ class ImportCentralRepoDbProgressDialog extends javax.swing.JDialog implements P
/** /**
* Check if the import was successful or if there was an error. * Check if the import was successful or if there was an error.
* @return true if the import process completed without error, false otherwise *
* @return true if the import process completed without error, false
* otherwise
*/ */
boolean getImportSuccess() { boolean getImportSuccess() {
return importSuccess.get(); return importSuccess.get();
@ -213,10 +219,14 @@ class ImportCentralRepoDbProgressDialog extends javax.swing.JDialog implements P
hashSetParser = new EncaseHashSetParser(importFileName); hashSetParser = new EncaseHashSetParser(importFileName);
} else if(importFileName.toLowerCase().endsWith(".kdb")){ } else if(importFileName.toLowerCase().endsWith(".kdb")){
hashSetParser = new KdbHashSetParser(importFileName); hashSetParser = new KdbHashSetParser(importFileName);
} else {
if (importFileName.toLowerCase().endsWith(".hash")) {
hashSetParser = new EncaseHashSetParser(importFileName);
} else { } else {
// We've gotten here with a format that can't be processed // We've gotten here with a format that can't be processed
throw new TskCoreException("Hash set to import is an unknown format : " + importFileName); throw new TskCoreException("Hash set to import is an unknown format : " + importFileName);
} }
}
try { try {
// Conver to the FileKnown enum used by EamGlobalSet // Conver to the FileKnown enum used by EamGlobalSet