mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added dump commands to Volatility list

Browse Source
This commit is contained in:
Brian Carrier 2018-04-22 23:18:33 -04:00
parent b4df569d41
commit 7b2e19aa55
2 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/MemoryDSInputPanel.java
View File

@ -75,7 +75,7 @@ final class MemoryDSInputPanel extends JPanel implements DocumentListener {
* Creates new MemoryDSInputPanel panel for user input
*/
private MemoryDSInputPanel(String context) {
this.pluginList = new String[]{"amcache", "cmdline", "cmdscan", "consoles", "malfind", "netscan", "notepad", "pslist", "psxview", "shellbags", "shimcache", "shutdown", "userassist", "apihooks", "connscan", "devicetree", "dlllist", "envars", "filescan", "gahti", "getservicesids", "getsids", "handles", "hashdump", "hivelist", "hivescan", "impscan", "ldrmodules", "lsadump", "modules", "mutantscan", "privs", "psscan", "pstree", "sockets", "svcscan", "shimcache", "timeliner", "unloadedmodules", "userhandles", "vadinfo", "verinfo"};
this.pluginList = new String[]{"amcache", "cmdline", "cmdscan", "consoles", "malfind", "netscan", "notepad", "pslist", "psxview", "shellbags", "shimcache", "shutdown", "userassist", "apihooks", "connscan", "devicetree", "dlllist", "envars", "filescan", "gahti", "getservicesids", "getsids", "handles", "hashdump", "hivelist", "hivescan", "impscan", "ldrmodules", "lsadump", "modules", "mutantscan", "privs", "psscan", "pstree", "sockets", "svcscan", "shimcache", "timeliner", "unloadedmodules", "userhandles", "vadinfo", "verinfo", "dlldump", "moddump", "procdump", "dumpfiles", "dumpregistry"};
Arrays.sort(this.pluginList);
initComponents();

26
Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java
View File

@ -134,8 +134,7 @@ class VolatilityProcessor {
moduleOutputPath = Paths.get(currentCase.getModuleDirectory(), VOLATILITY, dataSourceId.toString()).toString();
File directory = new File(String.valueOf(moduleOutputPath));
if (!directory.exists()) {
directory.mkdirs();
directory.mkdirs();
}
// if they did not specify a profile, then run imageinfo to get one
@ -198,7 +197,24 @@ class VolatilityProcessor {
}
commandLine.add(pluginToRun);
String outputFileAsString = moduleOutputPath + "\\" + pluginToRun + ".txt"; //NON-NLS
switch (pluginToRun) {
case "dlldump":
case "moddump":
case "procdump":
case "dumpregistry":
case "dumpfiles":
String outputDir = moduleOutputPath + File.separator + pluginToRun;
File directory = new File(outputDir);
if (!directory.exists()) {
directory.mkdirs();
}
commandLine.add("--dump-dir=" + outputDir); //NON-NLS
break;
default:
break;
}
String outputFileAsString = moduleOutputPath + File.separator + pluginToRun + ".txt"; //NON-NLS
ProcessBuilder processBuilder = new ProcessBuilder(commandLine);
/*
* Add an environment variable to force Volatility to run with the same
@ -207,7 +223,7 @@ class VolatilityProcessor {
processBuilder.environment().put("__COMPAT_LAYER", "RunAsInvoker"); //NON-NLS
File outputFile = new File(outputFileAsString);
processBuilder.redirectOutput(outputFile);
processBuilder.redirectError(new File(moduleOutputPath + "\\Volatility_Run.err")); //NON-NLS
processBuilder.redirectError(new File(moduleOutputPath + File.separator + "Volatility_err.txt")); //NON-NLS
processBuilder.directory(new File(memoryImage.getParent()));
try {
@ -262,7 +278,7 @@ class VolatilityProcessor {
"VolatilityProcessor_exceptionMessage_failedToParseImageInfo=Could not parse image info"
})
private String getProfileFromImageInfoOutput() throws VolatilityProcessorException {
File imageOutputFile = new File(moduleOutputPath + "\\imageinfo.txt"); //NON-NLS
File imageOutputFile = new File(moduleOutputPath + File.separator + "imageinfo.txt"); //NON-NLS
try (BufferedReader br = new BufferedReader(new FileReader(imageOutputFile))) {
String fileRead = br.readLine();
if (fileRead != null) {