mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7709 from markmckinnon/Update-iLeapp-aLeapp

Browse Source 
Update iLeapp aLeapp
This commit is contained in:
eugene7646 2023-06-13 11:10:45 -04:00 committed by GitHub
commit 7bc97568ee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 170 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ALeappAnalyzerIngestModule.java
View File

@ -71,7 +71,7 @@ public class ALeappAnalyzerIngestModule implements DataSourceIngestModule {
private static final String ALEAPP_EXECUTABLE = "aleapp.exe";//NON-NLS
private static final String ALEAPP_PATHS_FILE = "aLeapp_paths.txt"; //NON-NLS
private static final String XMLFILE = "aleap-artifact-attribute-reference.xml"; //NON-NLS
private static final String XMLFILE = "aleapp-artifact-attribute-reference.xml"; //NON-NLS
private File aLeappExecutable;
@ -86,7 +86,7 @@ public class ALeappAnalyzerIngestModule implements DataSourceIngestModule {
@NbBundle.Messages({
"ALeappAnalyzerIngestModule.executable.not.found=aLeapp Executable Not Found.",
"ALeappAnalyzerIngestModule.requires.windows=aLeapp module requires windows.",
"ALeappAnalyzerIngestModule.error.ileapp.file.processor.init=Failure to initialize aLeappProcessFile"})
"ALeappAnalyzerIngestModule.error.aleapp.file.processor.init=Failure to initialize aLeappProcessFile"})
@Override
public void startUp(IngestJobContext context) throws IngestModuleException {
this.context = context;
@ -100,9 +100,9 @@ public class ALeappAnalyzerIngestModule implements DataSourceIngestModule {
}
try {
aLeappFileProcessor = new LeappFileProcessor(XMLFILE, ALeappAnalyzerModuleFactory.getModuleName(), context);
aLeappFileProcessor = new LeappFileProcessor(XMLFILE, ALeappAnalyzerModuleFactory.getModuleName(), ALEAPP, context);
} catch (IOException | IngestModuleException | NoCurrentCaseException ex) {
throw new IngestModuleException(Bundle.ALeappAnalyzerIngestModule_error_ileapp_file_processor_init(), ex);
throw new IngestModuleException(Bundle.ALeappAnalyzerIngestModule_error_aleapp_file_processor_init(), ex);
}
try {
@ -148,7 +148,7 @@ public class ALeappAnalyzerIngestModule implements DataSourceIngestModule {
writeErrorMsgToIngestInbox();
return ProcessResult.ERROR;
}
aLeappPathsToProcess = loadIleappPathFile(tempOutputPath);
aLeappPathsToProcess = loadAleappPathFile(tempOutputPath);
if (aLeappPathsToProcess.isEmpty()) {
logger.log(Level.SEVERE, String.format("Error getting file paths to search, list is empty"));
writeErrorMsgToIngestInbox();
@ -178,7 +178,7 @@ public class ALeappAnalyzerIngestModule implements DataSourceIngestModule {
}
statusHelper.switchToIndeterminate();
statusHelper.progress(Bundle.ILeappAnalyzerIngestModule_processing_iLeapp_results());
statusHelper.progress(Bundle.ALeappAnalyzerIngestModule_processing_aLeapp_results());
extractFilesFromDataSource(dataSource, aLeappPathsToProcess, tempOutputPath);
processALeappFs(dataSource, currentCase, statusHelper, tempOutputPath.toString());
@ -219,7 +219,7 @@ public class ALeappAnalyzerIngestModule implements DataSourceIngestModule {
return;
}
addILeappReportToReports(moduleOutputPath, currentCase);
addALeappReportToReports(moduleOutputPath, currentCase);
} catch (IOException ex) {
logger.log(Level.SEVERE, String.format("Error when trying to execute aLeapp program against file %s", aLeappFile.getLocalAbsPath()), ex);
@ -227,7 +227,7 @@ public class ALeappAnalyzerIngestModule implements DataSourceIngestModule {
}
if (context.dataSourceIngestIsCancelled()) {
logger.log(Level.INFO, "ILeapp Analyser ingest module run was canceled"); //NON-NLS
logger.log(Level.INFO, "aLeapp Analyser ingest module run was canceled"); //NON-NLS
return;
}
@ -262,7 +262,7 @@ public class ALeappAnalyzerIngestModule implements DataSourceIngestModule {
return;
}
addILeappReportToReports(moduleOutputPath, currentCase);
addALeappReportToReports(moduleOutputPath, currentCase);
} catch (IOException ex) {
logger.log(Level.SEVERE, String.format("Error when trying to execute aLeapp program against file system"), ex);
@ -270,7 +270,7 @@ public class ALeappAnalyzerIngestModule implements DataSourceIngestModule {
}
if (context.dataSourceIngestIsCancelled()) {
logger.log(Level.INFO, "ILeapp Analyser ingest module run was canceled"); //NON-NLS
logger.log(Level.INFO, "aLeapp Analyser ingest module run was canceled"); //NON-NLS
return;
}
@ -335,7 +335,7 @@ public class ALeappAnalyzerIngestModule implements DataSourceIngestModule {
* Find the index.html file in the aLeapp output directory so it can be
* added to reports
*/
private void addILeappReportToReports(Path aLeappOutputDir, Case currentCase) {
private void addALeappReportToReports(Path aLeappOutputDir, Case currentCase) {
List<String> allIndexFiles = new ArrayList<>();
try (Stream<Path> walk = Files.walk(aLeappOutputDir)) {
@ -363,7 +363,7 @@ public class ALeappAnalyzerIngestModule implements DataSourceIngestModule {
* Reads the aLeapp paths file to get the paths that we want to extract
*
*/
private List<String> loadIleappPathFile(Path moduleOutputPath) throws FileNotFoundException, IOException {
private List<String> loadAleappPathFile(Path moduleOutputPath) throws FileNotFoundException, IOException {
List<String> aLeappPathsToProcess = new ArrayList<>();
Path filePath = Paths.get(moduleOutputPath.toString(), ALEAPP_PATHS_FILE);

2
Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/Bundle.properties-MERGED
View File

@ -1,7 +1,7 @@
ALeappAnalyzerIngestModule.aLeapp.cancelled=aLeapp run was canceled
ALeappAnalyzerIngestModule.completed=aLeapp Processing Completed
ALeappAnalyzerIngestModule.error.aleapp.file.processor.init=Failure to initialize aLeappProcessFile
ALeappAnalyzerIngestModule.error.creating.output.dir=Error creating aLeapp module output directory.
ALeappAnalyzerIngestModule.error.ileapp.file.processor.init=Failure to initialize aLeappProcessFile
ALeappAnalyzerIngestModule.error.running.aLeapp=Error running aLeapp, see log file.
ALeappAnalyzerIngestModule.executable.not.found=aLeapp Executable Not Found.
ALeappAnalyzerIngestModule.has.run=aLeapp

4
Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ILeappAnalyzerIngestModule.java
View File

@ -71,7 +71,7 @@ public class ILeappAnalyzerIngestModule implements DataSourceIngestModule {
private static final String ILEAPP_EXECUTABLE = "ileapp.exe";//NON-NLS
private static final String ILEAPP_PATHS_FILE = "iLeapp_paths.txt"; //NON-NLS
private static final String XMLFILE = "ileap-artifact-attribute-reference.xml"; //NON-NLS
private static final String XMLFILE = "ileapp-artifact-attribute-reference.xml"; //NON-NLS
private File iLeappExecutable;
@ -100,7 +100,7 @@ public class ILeappAnalyzerIngestModule implements DataSourceIngestModule {
}
try {
iLeappFileProcessor = new LeappFileProcessor(XMLFILE, ILeappAnalyzerModuleFactory.getModuleName(), context);
iLeappFileProcessor = new LeappFileProcessor(XMLFILE, ILeappAnalyzerModuleFactory.getModuleName(), ILEAPP, context);
} catch (IOException | IngestModuleException | NoCurrentCaseException ex) {
throw new IngestModuleException(Bundle.ILeappAnalyzerIngestModule_error_ileapp_file_processor_init(), ex);
}

130
Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java
View File

@ -145,7 +145,11 @@ public final class LeappFileProcessor {
}
private static final Logger logger = Logger.getLogger(LeappFileProcessor.class.getName());
private final String CUSTOM_ARTIFACTS_ATTRIBUTES_FILE = "custom-artifact-attribute-list.csv";
private final String ARTIFACT_ATTRIBUTE_REFERENCE_USER = "artifact-attribute-reference-user.xml";
private final String xmlFile; //NON-NLS
private final String leapModule;
private final String moduleName;
private final IngestJobContext context;
@ -198,7 +202,7 @@ public final class LeappFileProcessor {
private final Blackboard blkBoard;
public LeappFileProcessor(String xmlFile, String moduleName, IngestJobContext context) throws IOException, IngestModuleException, NoCurrentCaseException {
public LeappFileProcessor(String xmlFile, String moduleName, String leapModule, IngestJobContext context) throws IOException, IngestModuleException, NoCurrentCaseException {
this.tsvFiles = new HashMap<>();
this.tsvFileArtifacts = new HashMap<>();
this.tsvFileArtifactComments = new HashMap<>();
@ -206,9 +210,11 @@ public final class LeappFileProcessor {
this.xmlFile = xmlFile;
this.moduleName = moduleName;
this.context = context;
this.leapModule = leapModule;
blkBoard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard();
loadCustomArtifactsAttributes(blkBoard, leapModule);
createCustomArtifacts(blkBoard);
configExtractor();
loadConfigFile();
@ -1065,6 +1071,18 @@ public final class LeappFileProcessor {
}
}
/**
* Read the XML config file and load the mappings into maps
*/
private void loadConfigFile() throws IngestModuleException {
String path = PlatformUtil.getUserConfigDirectory() + File.separator + xmlFile;
loadIndividualConfigFile(path);
String userPath = PlatformUtil.getUserConfigDirectory() + File.separator + leapModule + "-" + ARTIFACT_ATTRIBUTE_REFERENCE_USER;
if (new File(userPath).exists()) {
loadIndividualConfigFile(userPath);
}
}
/**
* Read the XML config file and load the mappings into maps
*/
@ -1075,10 +1093,9 @@ public final class LeappFileProcessor {
"LeappFileProcessor.postartifacts_error=Error posting Blackboard Artifact",
"LeappFileProcessor.error.creating.new.artifacts=Error creating new artifacts."
})
private void loadConfigFile() throws IngestModuleException {
private void loadIndividualConfigFile(String path) throws IngestModuleException {
Document xmlinput;
try {
String path = PlatformUtil.getUserConfigDirectory() + File.separator + xmlFile;
File f = new File(path);
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
DocumentBuilder db = dbf.newDocumentBuilder();
@ -1270,7 +1287,7 @@ public final class LeappFileProcessor {
private static final Set<String> ALLOWED_EXTENSIONS = new HashSet<>(Arrays.asList("zip", "tar", "tgz"));
/**
* Find the files that will be processed by the iLeapp program
* Find the files that will be processed by the Leapp program
*
* @param dataSource
*
@ -1303,6 +1320,111 @@ public final class LeappFileProcessor {
return leappFilesToProcess;
}
/**
* Create custom artifacts that are defined in the xLeapp xml file(s).
*
*/
private void loadCustomArtifactsAttributes(Blackboard blkBoard, String leapModule) {
for (Map.Entry<String, String> customArtifact : CUSTOM_ARTIFACT_MAP.entrySet()) {
String artifactName = customArtifact.getKey();
String artifactDescription = customArtifact.getValue();
createCustomAttributesArtifacts(blkBoard, "artifact", artifactName, artifactDescription, null);
}
File customFilePath = new File(PlatformUtil.getUserConfigDirectory() + File.separator + leapModule + '-' + CUSTOM_ARTIFACTS_ATTRIBUTES_FILE);
if (customFilePath.exists()) {
try (MappingIterator<List<String>> iterator = new CsvMapper()
.enable(CsvParser.Feature.WRAP_AS_ARRAY)
.readerFor(List.class)
.with(CsvSchema.emptySchema().withColumnSeparator(','))
.readValues(customFilePath)) {
if (iterator.hasNext()) {
// Header line we can skip
List<String> headerItems = iterator.next();
int lineNum = 2;
while (iterator.hasNext()) {
List<String> columnItems = iterator.next();
if (columnItems.size() > 3) {
createCustomAttributesArtifacts(blkBoard, columnItems.get(0), columnItems.get(1), columnItems.get(2), columnItems.get(3));
} else {
createCustomAttributesArtifacts(blkBoard, columnItems.get(0), columnItems.get(1), columnItems.get(2), null);
}
}
}
} catch (IOException ex) {
logger.log(Level.WARNING, String.format("Failed to read/open file %s.", customFilePath), ex);
}
}
}
/**
* Create custom attributes that are defined in the xLeapp xml file(s).
*
*/
private void createCustomAttributesArtifacts(Blackboard blkBoard, String atType, String atName, String atDescription, String attrType) {
if (atType.toLowerCase().equals("artifact")) {
try {
BlackboardArtifact.Type customArtifactType = blkBoard.getOrAddArtifactType(atName.toUpperCase(), atDescription);
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.WARNING, String.format("Failed to create custom artifact type %s.", atName), ex);
}
return;
}
switch (attrType.toLowerCase()) {
case "json":
case "string":
try {
BlackboardAttribute.Type customAttrbiuteType = blkBoard.getOrAddAttributeType(atName.toUpperCase(), BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, atDescription);
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.WARNING, String.format("Failed to create custom attribute type %s.", atName), ex);
}
return;
case "integer":
try {
BlackboardAttribute.Type customAttrbiuteType = blkBoard.getOrAddAttributeType(atName.toUpperCase(), BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, atDescription);
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.WARNING, String.format("Failed to create custom attribute type %s.", atName), ex);
}
return;
case "long":
try {
BlackboardAttribute.Type customAttrbiuteType = blkBoard.getOrAddAttributeType(atName.toUpperCase(), BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, atDescription);
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.WARNING, String.format("Failed to create custom attribute type %s.", atName), ex);
}
return;
case "double":
try {
BlackboardAttribute.Type customAttrbiuteType = blkBoard.getOrAddAttributeType(atName.toUpperCase(), BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, atDescription);
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.WARNING, String.format("Failed to create custom attribute type %s.", atName), ex);
}
return;
case "byte":
try {
BlackboardAttribute.Type customAttrbiuteType = blkBoard.getOrAddAttributeType(atName.toUpperCase(), BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.BYTE, atDescription);
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.WARNING, String.format("Failed to create custom attribute type %s.", atName), ex);
}
return;
case "datetime":
try {
BlackboardAttribute.Type customAttrbiuteType = blkBoard.getOrAddAttributeType(atName.toUpperCase(), BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.DATETIME, atDescription);
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.WARNING, String.format("Failed to create custom attribute type %s.", atName), ex);
}
return;
default:
logger.log(Level.WARNING, String.format("Attribute Type %s for file %s not defined.", attrType, atName)); //NON-NLS
return;
}
}
/**
* Create custom artifacts that are defined in the xLeapp xml file(s).
*

44
Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/aleap-artifact-attribute-reference.xml → Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/aleapp-artifact-attribute-reference.xml
View File

@ -54,7 +54,7 @@
</ArtifactName>
</FileName>
<FileName filename="Browser Bookmarks.tsv" description="Browser Bookmarks">
<FileName filename="Browser - Bookmarks.tsv" description="Browser Bookmarks">
<ArtifactName artifactname="TSK_WEB_BOOKMARK" comment="Browser Bookmarks">
<AttributeName attributename="TSK_DATETIME_CREATED" columnName="Added Date" required="yes" />
<AttributeName attributename="TSK_URL" columnName="URL" required="yes" />
@ -64,7 +64,7 @@
</ArtifactName>
</FileName>
<FileName filename="Browser cookies.tsv" description="Browser Cookies">
<FileName filename="Browser - Cookies.tsv" description="Browser Cookies">
<ArtifactName artifactname="TSK_WEB_COOKIE" comment="Browser Cookies">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Access Date" required="yes" />
<AttributeName attributename="TSK_URL" columnName="Host" required="yes" />
@ -76,7 +76,7 @@
</ArtifactName>
</FileName>
<FileName filename="Browser History.tsv" description="Browser History">
<FileName filename="Browser - Web History.tsv" description="Browser History">
<ArtifactName artifactname="TSK_WEB_HISTORY" comment="Browser History">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Visit Time" required="yes"/>
<AttributeName attributename="TSK_URL" columnName="URL" required="yes"/>
@ -86,7 +86,7 @@
</ArtifactName>
</FileName>
<FileName filename="Browser keyword search terms.tsv" description="Browser keyword Search Terms">
<FileName filename="Browser - Keyword Search Terms.tsv" description="Browser keyword Search Terms">
<ArtifactName artifactname="TSK_WEB_SEARCH_QUERY" comment="Browser Keyword Search Terms">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Visit Time" required="yes"/>
<AttributeName attributename="TSK_TEXT" columnName="Term" required="yes"/>
@ -94,7 +94,7 @@
</ArtifactName>
</FileName>
<FileName filename="Browser login data.tsv" description="Browser Login Data">
<FileName filename="Browser - Login Data.tsv" description="Browser Login Data">
<ArtifactName artifactname="TSK_SERVICE_ACCOUNT" comment="Browser Login">
<AttributeName attributename="TSK_DATETIME_CREATED" columnName="Created Time" required="yes" />
<AttributeName attributename="TSK_USER_ID" columnName="Username" required="yes" />
@ -104,7 +104,7 @@
</ArtifactName>
</FileName>
<FileName filename="Browser offline pages.tsv" description="Browser Offline Pages">
<FileName filename="Browser - Offline Pages.tsv" description="Browser Offline Pages">
<ArtifactName artifactname="TSK_WEB_HISTORY" comment="Browser Offline Pages">
<AttributeName attributename="TSK_DATETIME_CREATED" columnName="Creation Time" required="yes" />
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Access Time" required="yes" />
@ -116,7 +116,7 @@
</ArtifactName>
</FileName>
<FileName filename="Browser search terms.tsv" description="Browser Search Terms">
<FileName filename="Browser - Search Terms.tsv" description="Browser Search Terms">
<ArtifactName artifactname="TSK_WEB_SEARCH_QUERY" comment="Browser Search Terms">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Visit Time" required="yes"/>
<AttributeName attributename="TSK_TEXT" columnName="Search Term" required="yes"/>
@ -126,7 +126,7 @@
</ArtifactName>
</FileName>
<FileName filename="Browser top sites.tsv" description="Browser Top Sites">
<FileName filename="Browser - Top Sites.tsv" description="Browser Top Sites">
<ArtifactName artifactname="TSK_WEB_HISTORY" comment="Browser Top Sites">
<AttributeName attributename="TSK_URL" columnName="URL" required="yes" />
<AttributeName attributename="null" columnName="Rank" required="no" />
@ -151,7 +151,7 @@
</ArtifactName>
</FileName>
<FileName filename="Chrome Bookmarks.tsv" description="Chrome Bookmarks">
<FileName filename="Chrome - Bookmarks.tsv" description="Chrome Bookmarks">
<ArtifactName artifactname="TSK_WEB_BOOKMARK" comment="Chrome Bookmarks">
<AttributeName attributename="TSK_DATETIME_CREATED" columnName="Added Date" required="yes" />
<AttributeName attributename="TSK_URL" columnName="URL" required="yes" />
@ -161,7 +161,7 @@
</ArtifactName>
</FileName>
<FileName filename="Chrome cookies.tsv" description="Chrome Cookies">
<FileName filename="Chrome - cookies.tsv" description="Chrome Cookies">
<ArtifactName artifactname="TSK_WEB_COOKIE" comment="Chrome Cookies">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Access Date" required="yes" />
<AttributeName attributename="TSK_URL" columnName="Host" required="yes" />
@ -173,7 +173,7 @@
</ArtifactName>
</FileName>
<FileName filename="Chrome History.tsv" description="Chrome History">
<FileName filename="Chrome - History.tsv" description="Chrome History">
<ArtifactName artifactname="TSK_WEB_HISTORY" comment="Chrome History">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Visit Time" required="yes"/>
<AttributeName attributename="TSK_URL" columnName="URL" required="yes"/>
@ -183,7 +183,7 @@
</ArtifactName>
</FileName>
<FileName filename="Chrome login data.tsv" description="Chrome Login Data">
<FileName filename="Chrome - login data.tsv" description="Chrome Login Data">
<ArtifactName artifactname="TSK_SERVICE_ACCOUNT" comment="Chrome Login">
<AttributeName attributename="TSK_DATETIME_CREATED" columnName="Created Time" required="yes" />
<AttributeName attributename="TSK_USER_ID" columnName="Username" required="yes" />
@ -193,7 +193,7 @@
</ArtifactName>
</FileName>
<FileName filename="Chrome offline pages.tsv" description="Chrome Offline Pages">
<FileName filename="Chrome - offline pages.tsv" description="Chrome Offline Pages">
<ArtifactName artifactname="TSK_WEB_HISTORY" comment="Chrome Offline Pages">
<AttributeName attributename="TSK_DATETIME_CREATED" columnName="Creation Time" required="yes" />
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Access Time" required="yes" />
@ -205,7 +205,7 @@
</ArtifactName>
</FileName>
<FileName filename="Chrome search terms.tsv" description="Chrome Search Terms">
<FileName filename="Chrome - search terms.tsv" description="Chrome Search Terms">
<ArtifactName artifactname="TSK_WEB_SEARCH_QUERY" comment="Chrome Search Terms">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Visit Time" required="yes"/>
<AttributeName attributename="TSK_TEXT" columnName="Search Term" required="yes"/>
@ -215,7 +215,7 @@
</ArtifactName>
</FileName>
<FileName filename="Chrome top sites.tsv" description="Chrome Top Sites">
<FileName filename="Chrome - top sites.tsv" description="Chrome Top Sites">
<ArtifactName artifactname="TSK_WEB_HISTORY" comment="Chrome Top Sites">
<AttributeName attributename="TSK_URL" columnName="URL" required="yes" />
<AttributeName attributename="null" columnName="Rank" required="no" />
@ -224,7 +224,7 @@
</ArtifactName>
</FileName>
<FileName filename="Edge Bookmarks.tsv" description="Edge Bookmarks">
<FileName filename="Edge - Bookmarks.tsv" description="Edge Bookmarks">
<ArtifactName artifactname="TSK_WEB_BOOKMARK" comment="Edge Bookmarks">
<AttributeName attributename="TSK_DATETIME_CREATED" columnName="Added Date" required="yes" />
<AttributeName attributename="TSK_URL" columnName="URL" required="yes" />
@ -234,7 +234,7 @@
</ArtifactName>
</FileName>
<FileName filename="Edge cookies.tsv" description="Edge Cookies">
<FileName filename="Edge - cookies.tsv" description="Edge Cookies">
<ArtifactName artifactname="TSK_WEB_COOKIE" comment="Edge Cookies">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Access Date" required="yes" />
<AttributeName attributename="TSK_URL" columnName="Host" required="yes" />
@ -246,7 +246,7 @@
</ArtifactName>
</FileName>
<FileName filename="Edge History.tsv" description="Edge History">
<FileName filename="Edge - History.tsv" description="Edge History">
<ArtifactName artifactname="TSK_WEB_HISTORY" comment="Edge History">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Visit Time" required="yes"/>
<AttributeName attributename="TSK_URL" columnName="URL" required="yes"/>
@ -256,7 +256,7 @@
</ArtifactName>
</FileName>
<FileName filename="Edge login data.tsv" description="Edge Login Data">
<FileName filename="Edge - login data.tsv" description="Edge Login Data">
<ArtifactName artifactname="TSK_SERVICE_ACCOUNT" comment="Edge Login">
<AttributeName attributename="TSK_DATETIME_CREATED" columnName="Created Time" required="yes" />
<AttributeName attributename="TSK_USER_ID" columnName="Username" required="yes" />
@ -266,7 +266,7 @@
</ArtifactName>
</FileName>
<FileName filename="Edge offline pages.tsv" description="Edge Offline Pages">
<FileName filename="Edge - offline pages.tsv" description="Edge Offline Pages">
<ArtifactName artifactname="TSK_WEB_HISTORY" comment="Edge Offline Pages">
<AttributeName attributename="TSK_DATETIME_CREATED" columnName="Creation Time" required="yes" />
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Access Time" required="yes" />
@ -278,7 +278,7 @@
</ArtifactName>
</FileName>
<FileName filename="Edge search terms.tsv" description="Edge Search Terms">
<FileName filename="Edge - search terms.tsv" description="Edge Search Terms">
<ArtifactName artifactname="TSK_WEB_SEARCH_QUERY" comment="Chrome Search Terms">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Visit Time" required="yes"/>
<AttributeName attributename="TSK_TEXT" columnName="Search Term" required="yes"/>
@ -288,7 +288,7 @@
</ArtifactName>
</FileName>
<FileName filename="Edge top sites.tsv" description="Edge Top Sites">
<FileName filename="Edge - top sites.tsv" description="Edge Top Sites">
<ArtifactName artifactname="TSK_WEB_HISTORY" comment="Edge Top Sites">
<AttributeName attributename="TSK_URL" columnName="URL" required="yes" />
<AttributeName attributename="null" columnName="Rank" required="no" />

10
Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ileap-artifact-attribute-reference.xml → Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ileapp-artifact-attribute-reference.xml
View File

@ -93,15 +93,15 @@
<FileName filename="Call History.tsv" description="Call Logs">
<ArtifactName artifactname="TSK_CALLLOG" comment="Call Logs">
<AttributeName attributename="TSK_DATETIME_START" columnName="Timestamp" required="yes" />
<AttributeName attributename="TSK_PHONE_NUMBER_FROM" columnName="Address" required="yes" />
<AttributeName attributename="null" columnName="Was Answered" required="no" />
<AttributeName attributename="TSK_PHONE_NUMBER_FROM" columnName="Phone Number" required="yes" />
<AttributeName attributename="null" columnName="Name" required="no" />
<AttributeName attributename="null" columnName="Answered" required="no" />
<AttributeName attributename="null" columnName="Call Type" required="no" />
<AttributeName attributename="null" columnName="Originated" required="no" />
<AttributeName attributename="null" columnName="Duration in Secs" required="no" />
<AttributeName attributename="null" columnName="Call Direction" required="no" />
<AttributeName attributename="null" columnName="Call Duration" required="no" />
<AttributeName attributename="null" columnName="ISO County Code" required="no" />
<AttributeName attributename="null" columnName="Location" required="no" />
<AttributeName attributename="null" columnName="Service Provider" required="no" />
<AttributeName attributename="TSK_TEXT_FILE" columnName="source file" required="yes"/>
</ArtifactName>
</FileName>

1
thirdparty/aLeapp/Version.txt vendored Normal file
View File

@ -0,0 +1 @@
ALEAPP v3.1.6: Android Logs, Events, and Protobuf Parser

BIN
thirdparty/aLeapp/aleapp.exe vendored
View File

Binary file not shown.

1
thirdparty/iLeapp/Version.txt vendored Normal file
View File

@ -0,0 +1 @@
iLEAPP v1.18.6: iLEAPP Logs, Events, and Properties Parser

BIN
thirdparty/iLeapp/ileapp.exe vendored
View File

Binary file not shown.