mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 10:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' into 5395-Problems-re-adding-logical-imager-results-after-cancellation-

Browse Source
This commit is contained in:
Joe Ho 2019-09-03 14:44:43 -04:00
commit 7d88ae9788
31 changed files with 276 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
Core/src/org/sleuthkit/autopsy/casemodule/CaseOpenAction.java
View File

@ -24,7 +24,6 @@ import java.awt.event.ActionListener;
import java.io.File;
import java.util.concurrent.ExecutionException;
import java.util.logging.Level;
import javax.swing.JDialog;
import javax.swing.JFileChooser;
import javax.swing.JOptionPane;
import javax.swing.SwingWorker;
@ -62,8 +61,6 @@ public final class CaseOpenAction extends CallableSystemAction implements Action
private static final String DISPLAY_NAME = Bundle.CTL_CaseOpenAction();
private static final String PROP_BASECASE = "LBL_BaseCase_PATH"; //NON-NLS
private static final Logger LOGGER = Logger.getLogger(CaseOpenAction.class.getName());
private static JDialog multiUserCaseWindow;
private final JFileChooser fileChooser = new JFileChooser();
private final FileFilter caseMetadataFileFilter;
/**
@ -74,13 +71,6 @@ public final class CaseOpenAction extends CallableSystemAction implements Action
*/
public CaseOpenAction() {
caseMetadataFileFilter = new FileNameExtensionFilter(NbBundle.getMessage(CaseOpenAction.class, "CaseOpenAction.autFilter.title", Version.getName(), CaseMetadata.getFileExtension()), CaseMetadata.getFileExtension().substring(1));
fileChooser.setDragEnabled(false);
fileChooser.setFileSelectionMode(JFileChooser.FILES_ONLY);
fileChooser.setMultiSelectionEnabled(false);
fileChooser.setFileFilter(caseMetadataFileFilter);
if (null != ModuleSettings.getConfigSetting(ModuleSettings.MAIN_SETTINGS, PROP_BASECASE)) {
fileChooser.setCurrentDirectory(new File(ModuleSettings.getConfigSetting("Case", PROP_BASECASE))); //NON-NLS
}
}
/**
@ -88,7 +78,16 @@ public final class CaseOpenAction extends CallableSystemAction implements Action
* metadata file (.aut file). Upon confirming the selection, it will attempt
* to open the case described by the file.
*/
void openCaseSelectionWindow() {
void openCaseSelectionWindow() {
JFileChooser fileChooser = new JFileChooser();
fileChooser.setDragEnabled(false);
fileChooser.setFileSelectionMode(JFileChooser.FILES_ONLY);
fileChooser.setMultiSelectionEnabled(false);
fileChooser.setFileFilter(caseMetadataFileFilter);
if (null != ModuleSettings.getConfigSetting(ModuleSettings.MAIN_SETTINGS, PROP_BASECASE)) {
fileChooser.setCurrentDirectory(new File(ModuleSettings.getConfigSetting("Case", PROP_BASECASE))); //NON-NLS
}
String optionsDlgTitle = NbBundle.getMessage(Case.class, "CloseCaseWhileIngesting.Warning.title");
String optionsDlgMessage = NbBundle.getMessage(Case.class, "CloseCaseWhileIngesting.Warning");
if (IngestRunningCheck.checkAndConfirmProceed(optionsDlgTitle, optionsDlgMessage)) {
@ -106,9 +105,7 @@ public final class CaseOpenAction extends CallableSystemAction implements Action
/*
* Close the Open Multi-User Case window, if it is open.
*/
if (multiUserCaseWindow != null) {
multiUserCaseWindow.setVisible(false);
}
OpenMultiUserCaseDialog.getInstance().setVisible(false);
/*
* Try to open the case associated with the case metadata file
@ -160,9 +157,7 @@ public final class CaseOpenAction extends CallableSystemAction implements Action
if (UserPreferences.getIsMultiUserModeEnabled()) {
WindowManager.getDefault().getMainWindow().setCursor(Cursor.getPredefinedCursor(Cursor.WAIT_CURSOR));
if (multiUserCaseWindow == null) {
multiUserCaseWindow = OpenMultiUserCaseDialog.getInstance();
}
OpenMultiUserCaseDialog multiUserCaseWindow = OpenMultiUserCaseDialog.getInstance();
multiUserCaseWindow.setLocationRelativeTo(WindowManager.getDefault().getMainWindow());
multiUserCaseWindow.setVisible(true);

5
Core/src/org/sleuthkit/autopsy/casemodule/OptionalCasePropertiesPanel.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011-2018 Basis Technology Corp.
* Copyright 2011-2019 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -21,7 +21,6 @@ package org.sleuthkit.autopsy.casemodule;
import java.awt.Cursor;
import java.util.logging.Level;
import javax.swing.JComboBox;
import org.openide.util.Exceptions;
import org.openide.util.NbBundle.Messages;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationCase;
import org.sleuthkit.autopsy.centralrepository.datamodel.EamDb;
@ -573,7 +572,7 @@ final class OptionalCasePropertiesPanel extends javax.swing.JPanel {
examinerTextField.getText(), tfExaminerPhoneText.getText(),
tfExaminerEmailText.getText(), taNotesText.getText()));
} catch (CaseActionException ex) {
Exceptions.printStackTrace(ex);
logger.log(Level.WARNING, "Error updating case details", ex);
}
}
}

3
Core/src/org/sleuthkit/autopsy/casemodule/StartupWindowProvider.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2013 Basis Technology Corp.
* Copyright 2013-2019 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -62,7 +62,6 @@ public class StartupWindowProvider implements StartupWindowInterface {
if (isRunningFromCommandLine()) {
// Autopsy is running from command line
logger.log(Level.INFO, "Running from command line"); //NON-NLS
System.out.println("Running from command line");
startupWindowToUse = new CommandLineStartupWindow();
// kick off command line processing
new CommandLineIngestManager().start();

5
Core/src/org/sleuthkit/autopsy/centralrepository/optionspanel/ManageCorrelationPropertiesDialog.java
View File

@ -1,7 +1,7 @@
/*
* Central Repository
*
* Copyright 2015-2018 Basis Technology Corp.
* Copyright 2015-2019 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -26,7 +26,6 @@ import javax.swing.event.TableModelEvent;
import javax.swing.event.TableModelListener;
import javax.swing.table.DefaultTableModel;
import javax.swing.table.TableModel;
import org.openide.util.Exceptions;
import org.openide.util.NbBundle.Messages;
import org.openide.windows.WindowManager;
import org.sleuthkit.autopsy.coreutils.Logger;
@ -74,7 +73,7 @@ final class ManageCorrelationPropertiesDialog extends javax.swing.JDialog {
correlationTypes.clear();
correlationTypes.addAll(dbManager.getDefinedCorrelationTypes());
} catch (EamDbException ex) {
Exceptions.printStackTrace(ex);
LOGGER.log(Level.WARNING, "Error loading data", ex);
}
correlationTypes.forEach((aType) -> {

5
Core/src/org/sleuthkit/autopsy/centralrepository/optionspanel/ManageOrganizationsDialog.java
View File

@ -1,7 +1,7 @@
/*
* Central Repository
*
* Copyright 2015-2018 Basis Technology Corp.
* Copyright 2015-2019 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -28,7 +28,6 @@ import javax.swing.JFrame;
import javax.swing.JOptionPane;
import javax.swing.event.ListSelectionEvent;
import javax.swing.event.ListSelectionListener;
import org.openide.util.Exceptions;
import org.openide.util.NbBundle.Messages;
import org.openide.windows.WindowManager;
import org.sleuthkit.autopsy.centralrepository.datamodel.EamDb;
@ -78,7 +77,7 @@ public final class ManageOrganizationsDialog extends JDialog {
setButtonsEnabled(organizationList.getSelectedValue());
newOrg = null;
} catch (EamDbException ex) {
Exceptions.printStackTrace(ex);
logger.log(Level.WARNING, "Error getting Central Repo for Organizations dialog", ex);
}
display();
}

6
Core/src/org/sleuthkit/autopsy/commonpropertiessearch/InterCasePanel.java
View File

@ -27,10 +27,11 @@ import java.util.Map;
import java.util.Map.Entry;
import java.util.Observable;
import java.util.Observer;
import java.util.logging.Level;
import javax.swing.ComboBoxModel;
import org.openide.util.Exceptions;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance;
import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException;
import org.sleuthkit.autopsy.coreutils.Logger;
/**
* UI controls for Common Files Search scenario where the user intends to find
@ -38,6 +39,7 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException;
*/
public final class InterCasePanel extends javax.swing.JPanel {
private final static Logger logger = Logger.getLogger(InterCasePanel.class.getName());
private static final long serialVersionUID = 1L;
private final Observable fileTypeFilterObservable;
static final int NO_CASE_SELECTED = -1;
@ -121,7 +123,7 @@ public final class InterCasePanel extends javax.swing.JPanel {
this.correlationTypeComboBox.addItem(type.getDisplayName());
}
} catch (EamDbException ex) {
Exceptions.printStackTrace(ex);
logger.log(Level.WARNING, "Error getting correlation types", ex);
}
this.correlationTypeComboBox.setSelectedIndex(0);
}

3
Core/src/org/sleuthkit/autopsy/communications/relationships/MessageViewer.java
View File

@ -47,7 +47,6 @@ import org.openide.nodes.Children;
import org.openide.nodes.Node;
import org.openide.nodes.Node.Property;
import org.openide.nodes.Node.PropertySet;
import org.openide.util.Exceptions;
import org.openide.util.Lookup;
import org.openide.util.NbBundle.Messages;
import org.sleuthkit.autopsy.communications.ModifiableProxyLookup;
@ -397,7 +396,7 @@ public class MessageViewer extends JPanel implements RelationshipsViewer {
try {
rootTablePane.getExplorerManager().setSelectedNodes(new Node[0]);
} catch (PropertyVetoException ex) {
Exceptions.printStackTrace(ex);
logger.log(Level.WARNING, "Error setting selected nodes", ex);
}
showThreadsPane();
}//GEN-LAST:event_backButtonActionPerformed

2
Core/src/org/sleuthkit/autopsy/corecomponents/SortChooser.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011-2018 Basis Technology Corp.
* Copyright 2011-2019 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");

5
Core/src/org/sleuthkit/autopsy/corecomponents/ThumbnailViewChildren.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011-18 Basis Technology Corp.
* Copyright 2011-19 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -47,7 +47,6 @@ import org.openide.nodes.AbstractNode;
import org.openide.nodes.Children;
import org.openide.nodes.FilterNode;
import org.openide.nodes.Node;
import org.openide.util.Exceptions;
import org.openide.util.NbBundle;
import org.openide.util.lookup.Lookups;
import org.sleuthkit.autopsy.corecomponents.ResultViewerPersistence.SortCriterion;
@ -197,7 +196,7 @@ class ThumbnailViewChildren extends Children.Keys<Integer> {
}
} catch (IllegalAccessException | InvocationTargetException ex) {
Exceptions.printStackTrace(ex);
logger.log(Level.WARNING, "Error getting value for thumbnail children", ex);
}
}
}

18
Core/src/org/sleuthkit/autopsy/coreutils/PlatformUtil.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2012-2018 Basis Technology Corp.
* Copyright 2012-2019 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -119,19 +119,19 @@ public class PlatformUtil {
public static String getUserPythonModulesPath() {
return getUserDirectory().getAbsolutePath() + File.separator + PYTHON_MODULES_SUBDIRECTORY;
}
/**
* Get root path where the user's Ocr language packs are stored.
*
*
* @return Absolute path to the Ocr language packs root directory.
*/
public static String getOcrLanguagePacksPath() {
return getUserDirectory().getAbsolutePath() + File.separator + OCR_LANGUAGE_SUBDIRECTORY;
}
/**
* Get the names of the language packs installed at the user directory.
*
*
* @return List of language packs base names
*/
public static List<String> getOcrLanguagePacks() {
@ -139,20 +139,20 @@ public class PlatformUtil {
List<String> languagePacks = new ArrayList<>();
for (File languagePack : languagePackRootDir.listFiles()) {
String fileExt = FilenameUtils.getExtension(languagePack.getName());
String fileExt = FilenameUtils.getExtension(languagePack.getName());
if (!languagePack.isDirectory() && OCR_LANGUAGE_PACK_EXT.equals(fileExt)) {
String packageName = FilenameUtils.getBaseName(languagePack.getName());
languagePacks.add(packageName);
}
}
return languagePacks;
}
/**
* Get root path where the user's object detection classifiers are stored.
*
* @return Absolute path to the object detection classifiers root directory.
*
* @return Absolute path to the object detection classifiers root directory.
*/
public static String getObjectDetectionClassifierPath() {
return getUserDirectory().getAbsolutePath() + File.separator + CLASSIFIERS_SUBDIRECTORY;

9
Core/src/org/sleuthkit/autopsy/ingest/IngestProfiles.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011-2017 Basis Technology Corp.
* Copyright 2011-2019 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -24,9 +24,10 @@ import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.FilenameUtils;
import org.openide.util.Exceptions;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.ModuleSettings;
import org.sleuthkit.autopsy.coreutils.PlatformUtil;
@ -40,7 +41,7 @@ public final class IngestProfiles {
private static final String PROFILE_DESC_KEY = "Profile_Description";
private static final String PROFILE_FILTER_KEY = "Profile_Filter";
private static final String PROFILE_FILE_EXT = ".properties";
private static final Logger logger = Logger.getLogger(IngestProfiles.class.getName());
/**
* Gets the collection of profiles which currently exist.
*
@ -143,7 +144,7 @@ public final class IngestProfiles {
Files.deleteIfExists(Paths.get(PlatformUtil.getUserConfigDirectory(), selectedProfile.getName() + PROFILE_FILE_EXT));
FileUtils.deleteDirectory(IngestJobSettings.getSavedModuleSettingsFolder(selectedProfile.getName() + File.separator).toFile());
} catch (IOException ex) {
Exceptions.printStackTrace(ex);
logger.log(Level.WARNING, "Error deleting directory for profile " + selectedProfile.getName(), ex);
}
}

8
Core/src/org/sleuthkit/autopsy/ingest/RunIngestSubMenu.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011-2018 Basis Technology Corp.
* Copyright 2011-2019 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -22,12 +22,14 @@ import org.sleuthkit.autopsy.ingest.runIngestModuleWizard.RunIngestModulesAction
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.logging.Level;
import javax.swing.JComponent;
import javax.swing.JMenuItem;
import org.openide.awt.DynamicMenuContent;
import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.TskCoreException;
@ -37,6 +39,8 @@ import org.sleuthkit.datamodel.TskCoreException;
*/
final class RunIngestSubMenu extends JMenuItem implements DynamicMenuContent {
private static final Logger logger = Logger.getLogger(RunIngestSubMenu.class.getName());
/**
* Creates main menu/popup menu items. It's called each time a popup menu is
* constructed and just once for the main menu. Main menu updates happen
@ -54,7 +58,7 @@ final class RunIngestSubMenu extends JMenuItem implements DynamicMenuContent {
// No open Cases, create a disabled empty menu
return getEmpty();
} catch (TskCoreException | NoCurrentCaseException e) {
System.out.println("Exception getting images: " + e.getMessage()); //NON-NLS
logger.log(Level.INFO, "Exception getting images: " + e.getMessage());
}
JComponent[] comps = new JComponent[dataSources.size()];

7
Core/src/org/sleuthkit/autopsy/modules/iOS/ContactAnalyzer.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2014-2018 Basis Technology Corp.
* Copyright 2014-2019 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -216,7 +216,6 @@ final class ContactAnalyzer {
try {
while ((length = is.read(buffer)) != -1) {
os.write(buffer, 0, length);
System.out.println(length);
os.flush();
}
@ -239,13 +238,13 @@ final class ContactAnalyzer {
ostream.write(c);
}
} catch (IOException e) {
System.out.println("Error: " + e.getMessage()); //NON-NLS
logger.log(Level.WARNING, "Error copying file", e);
} finally {
try {
istream.close();
ostream.close();
} catch (IOException e) {
System.out.println("File did not close"); //NON-NLS
logger.log(Level.WARNING, "File did not close", e);
}
}
}

10
Core/src/org/sleuthkit/autopsy/modules/stix/StixArtifactData.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2013-2018 Basis Technology Corp.
*
* Copyright 2013-2019 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -70,7 +70,7 @@ class StixArtifactData {
@Messages({"StixArtifactData.indexError.message=Failed to index STIX interesting file hit artifact for keyword search.",
"StixArtifactData.noOpenCase.errMsg=No open case available."})
public void createArtifact(String a_title) throws TskCoreException {
void createArtifact(String a_title) throws TskCoreException {
Blackboard blackboard;
try {
blackboard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard();
@ -104,8 +104,4 @@ class StixArtifactData {
}
}
}
public void print() {
System.out.println(" " + observableId + " " + file.getName());
}
}

14
Core/src/org/sleuthkit/autopsy/report/PortableCaseReportModule.java
View File

@ -42,6 +42,7 @@ import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
import org.sleuthkit.autopsy.coreutils.PlatformUtil;
import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.autopsy.coreutils.FileTypeUtils.FileTypeCategory;
import org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifactTag;
@ -355,6 +356,19 @@ class PortableCaseReportModule implements ReportModule {
return;
}
File reportsFolder = Paths.get(caseFolder.toString(), "Reports").toFile();
if(!reportsFolder.mkdir()) {
handleError("Could not make report folder", "Could not make report folder", null, progressPanel); // NON-NLS
return;
}
try {
CaseUcoFormatExporter.export(tagNames, setNames, reportsFolder, progressPanel);
} catch (IOException | SQLException | NoCurrentCaseException | TskCoreException ex) {
handleError("Problem while generating CASE-UCO report",
"Problem while generating CASE-UCO report", ex, progressPanel); // NON-NLS
}
// Compress the case (if desired)
if (options.shouldCompress()) {
progressPanel.updateStatusLabel(Bundle.PortableCaseReportModule_generateReport_compressingCase());

3
Core/src/org/sleuthkit/autopsy/report/caseuco/Bundle.properties-MERGED
View File

@ -1,3 +1,6 @@
CaseUcoFormatExporter.datasourceMsg=Generating CASE-UCO Report for %s
CaseUcoFormatExporter.finishMsg=Finished generating CASE-UCO Report
CaseUcoFormatExporter.startMsg=Generating CASE-UCO Report
OpenIDE-Module-Name=CaseUcoModule
ReportCaseUco.getName.text=CASE-UCO
ReportCaseUco.getDesc.text=CASE-UCO format report with basic property fields for every file.

150
Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java
View File

@ -23,24 +23,39 @@ import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.core.util.DefaultIndenter;
import com.fasterxml.jackson.core.util.DefaultPrettyPrinter;
import com.google.common.collect.Lists;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.List;
import java.util.SimpleTimeZone;
import java.util.TimeZone;
import java.util.logging.Level;
import org.apache.commons.io.FileUtils;
import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
import org.sleuthkit.autopsy.casemodule.services.TagsManager;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.autopsy.report.ReportProgressPanel;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifactTag;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.ContentTag;
import org.sleuthkit.datamodel.DataSource;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.TskData;
import org.sleuthkit.datamodel.TagName;
/**
* Generates CASE-UCO report file for a data source
@ -49,6 +64,11 @@ public final class CaseUcoFormatExporter {
private static final Logger logger = Logger.getLogger(CaseUcoFormatExporter.class.getName());
private static final BlackboardAttribute.Type SET_NAME = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME);
private static final BlackboardArtifact.ARTIFACT_TYPE INTERESTING_FILE_HIT = BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT;
private static final BlackboardArtifact.ARTIFACT_TYPE INTERESTING_ARTIFACT_HIT = BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT;
private static final String TEMP_DIR_NAME = "case_uco_tmp";
private CaseUcoFormatExporter() {
}
@ -177,6 +197,136 @@ public final class CaseUcoFormatExporter {
}
}
/**
* Exports files that are tagged w/ the following TagNames and that belong to
* the following interesting file sets (set name attributes of TSK_INTERSTING_FILE_HIT
* and TSK_INTERESTING_ARTIFACT_HIT). Artifacts that are tagged with
* the following TagNames also have their associated source files included.
*
* Duplicate files are excluded.
*
* @param tagTypes Collection of TagNames to match
* @param interestingItemSets Collection of SET_NAMEs to match on in TSK_INTERESTING_FILE_HITs
* and TSK_INTERESTING_ARTIFACT_HITs.
* @param outputFilePath Path to the folder that the CASE-UCO report should be written into
* @param progressPanel UI Component to be updated with current processing status
*/
@NbBundle.Messages({
"CaseUcoFormatExporter.startMsg=Generating CASE-UCO Report",
"CaseUcoFormatExporter.datasourceMsg=Generating CASE-UCO Report for %s",
"CaseUcoFormatExporter.finishMsg=Finished generating CASE-UCO Report"
})
public static void export(List<TagName> tagTypes, List<String> interestingItemSets,
File caseReportFolder, ReportProgressPanel progressPanel) throws IOException, SQLException,
NoCurrentCaseException, TskCoreException {
progressPanel.updateStatusLabel(Bundle.CaseUcoFormatExporter_startMsg());
//Acquire references for file discovery
Case currentCase = Case.getCurrentCaseThrows();
String caseTempDirectory = currentCase.getTempDirectory();
SleuthkitCase skCase = currentCase.getSleuthkitCase();
TagsManager tagsManager = currentCase.getServices().getTagsManager();
//Create temp directory to filter out duplicate files.
Path tmpDir = Paths.get(caseTempDirectory, TEMP_DIR_NAME);
FileUtils.deleteDirectory(tmpDir.toFile());
Files.createDirectory(tmpDir);
//Create our report file
Path reportFile = Paths.get(caseReportFolder.toString(),
ReportCaseUco.getReportFileName());
//Timezone for formatting file creation, modification, and accessed times
SimpleTimeZone timeZone = new SimpleTimeZone(0, "GMT");
try (JsonGenerator jsonGenerator = createJsonGenerator(reportFile.toFile())) {
initializeJsonOutputFile(jsonGenerator);
//Make the case the first entity in the report file.
String caseTraceId = saveCaseInfo(skCase, jsonGenerator);
for (DataSource ds : skCase.getDataSources()) {
progressPanel.updateStatusLabel(String.format(
Bundle.CaseUcoFormatExporter_datasourceMsg(), ds.getName()));
String dataSourceTraceId = saveDataSourceInfo(ds.getId(),
caseTraceId, skCase, jsonGenerator);
for (TagName tn : tagTypes) {
for (ContentTag ct : tagsManager.getContentTagsByTagName(tn, ds.getId())) {
saveUniqueFilesToCaseUcoFormat(ct.getContent(), tmpDir,
jsonGenerator, timeZone, dataSourceTraceId);
}
for (BlackboardArtifactTag bat : tagsManager.getBlackboardArtifactTagsByTagName(tn, ds.getId())) {
saveUniqueFilesToCaseUcoFormat(bat.getContent(), tmpDir,
jsonGenerator, timeZone, dataSourceTraceId);
}
}
if(!interestingItemSets.isEmpty()) {
List<BlackboardArtifact.ARTIFACT_TYPE> typesToQuery = Lists.newArrayList(
INTERESTING_FILE_HIT, INTERESTING_ARTIFACT_HIT);
for(BlackboardArtifact.ARTIFACT_TYPE artType : typesToQuery) {
for(BlackboardArtifact bArt : skCase.getBlackboardArtifacts(artType)) {
if(bArt.getDataSource().getId() != ds.getId()) {
continue;
}
BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME);
if (interestingItemSets.contains(setAttr.getValueString())) {
Content content = skCase.getContentById(bArt.getObjectID());
saveUniqueFilesToCaseUcoFormat(content, tmpDir,
jsonGenerator, timeZone, dataSourceTraceId);
}
}
}
}
}
finilizeJsonOutputFile(jsonGenerator);
progressPanel.updateStatusLabel(Bundle.CaseUcoFormatExporter_finishMsg());
}
}
/**
* Saves only unique abstract files to the report. Uniqueness is
* determined by object id. The tmpDir Path is used to stored object
* ids that have already been visited.
*
* @param content Abstractfile isntance
* @param tmpDir Directory to write object ids
* @param jsonGenerator Report generator
* @param timeZone Time zore for ctime, atime, and mtime formatting
* @param dataSourceTraceId TraceID number for the parent data source
* @throws IOException
*/
private static void saveUniqueFilesToCaseUcoFormat(Content content, Path tmpDir, JsonGenerator jsonGenerator,
TimeZone timeZone, String dataSourceTraceId) throws IOException {
if (content instanceof AbstractFile && !(content instanceof DataSource)) {
AbstractFile absFile = (AbstractFile) content;
Path filePath = tmpDir.resolve(Long.toString(absFile.getId()));
if (!Files.exists(filePath) && !absFile.isDir()) {
saveFileInCaseUcoFormat(
absFile.getId(),
absFile.getName(),
absFile.getParentPath(),
absFile.getMd5Hash(),
absFile.getMIMEType(),
absFile.getSize(),
ContentUtils.getStringTimeISO8601(absFile.getCtime(), timeZone),
ContentUtils.getStringTimeISO8601(absFile.getAtime(), timeZone),
ContentUtils.getStringTimeISO8601(absFile.getMtime(), timeZone),
absFile.getNameExtension(),
jsonGenerator,
dataSourceTraceId
);
filePath.toFile().createNewFile();
}
}
}
private static JsonGenerator createJsonGenerator(File reportFile) throws IOException {
JsonFactory jsonGeneratorFactory = new JsonFactory();
JsonGenerator jsonGenerator = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8);
// instert \n after each field for more readable formatting
jsonGenerator.setPrettyPrinter(new DefaultPrettyPrinter().withObjectIndenter(new DefaultIndenter(" ", "\n")));
return jsonGenerator;
}
private static void initializeJsonOutputFile(JsonGenerator catalog) throws IOException {
catalog.writeStartObject();
catalog.writeFieldName("@graph");

6
Core/src/org/sleuthkit/autopsy/test/InterestingArtifactCreatorIngestModule.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011-2018 Basis Technology Corp.
* Copyright 2011-2019 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -21,8 +21,6 @@ package org.sleuthkit.autopsy.test;
import java.util.ArrayList;
import java.util.Collection;
import java.util.logging.Level;
import org.openide.util.Exceptions;
import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
@ -128,7 +126,7 @@ final class InterestingArtifactCreatorIngestModule extends FileIngestModuleAdapt
logger.log(Level.SEVERE, String.format("Failed to process file (obj_id = %d)", file.getId()), ex);
return ProcessResult.ERROR;
} catch (Blackboard.BlackboardException ex) {
Exceptions.printStackTrace(ex);
logger.log(Level.WARNING, "Blackboard Exception processing file with obj_id = " + file.getId(), ex);
}
return ProcessResult.OK;
}

3
Core/src/org/sleuthkit/autopsy/textextractors/StringsTextExtractor.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011-2018 Basis Technology Corp.
* Copyright 2011-2019 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -454,7 +454,6 @@ final class StringsTextExtractor implements TextExtractor {
convertBuffRemain = bytesInConvertBuff - convertBuffOffset;
}
} catch (TskCoreException ex) {
//Exceptions.printStackTrace(ex);
fileEOF = true;
}
}

12
Core/test/qa-functional/src/org/sleuthkit/autopsy/commonpropertiessearch/InterCaseTestUtils.java
View File

@ -2,7 +2,7 @@
*
* Autopsy Forensic Browser
*
* Copyright 2018 Basis Technology Corp.
* Copyright 2018-2019 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -46,19 +46,11 @@ import org.sleuthkit.autopsy.testutils.CaseUtils;
import org.sleuthkit.autopsy.testutils.IngestUtils;
import org.sleuthkit.datamodel.TskCoreException;
import junit.framework.Assert;
import org.sleuthkit.autopsy.casemodule.CaseActionException;
import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationCase;
import org.sleuthkit.autopsy.centralrepository.datamodel.EamDb;
import org.sleuthkit.autopsy.commonpropertiessearch.AbstractCommonAttributeInstance;
import org.sleuthkit.autopsy.commonpropertiessearch.CaseDBCommonAttributeInstanceNode;
import org.sleuthkit.autopsy.commonpropertiessearch.CentralRepoCommonAttributeInstance;
import org.sleuthkit.autopsy.commonpropertiessearch.CentralRepoCommonAttributeInstanceNode;
import org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeCountSearchResults;
import org.sleuthkit.autopsy.datamodel.utils.DataSourceLoader;
import org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeValue;
import org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeValueList;
import org.sleuthkit.autopsy.coreutils.TimeStampUtils;
import org.sleuthkit.autopsy.datamodel.DisplayableItemNode;
import org.sleuthkit.autopsy.modules.dataSourceIntegrity.DataSourceIntegrityModuleFactory;
@ -279,10 +271,8 @@ class InterCaseTestUtils {
for (CorrelationCase correlationCase : EamDb.getInstance().getCases()) {
mapOfCaseIdsToCase.put(correlationCase.getDisplayName(), correlationCase.getID());
}
System.out.println("EAM IS ENABLED");
return mapOfCaseIdsToCase;
} else {
System.out.println("EAMDB NOT ENABLED");
//it is reasonable that this might happen...
// for example when we test the feature in the absence of an enabled eamdb
return new HashMap<>(0);

3
Core/test/unit/src/org/sleuthkit/autopsy/texttranslation/translators/BingTranslatorTest.java
View File

@ -85,8 +85,7 @@ public class BingTranslatorTest {
// /*
// //It's unrealistic to expect the same answer every time, but sometimes
// //it's helpful to have this in your debug process.
// System.out.println(translation);
// assertEquals(expectedTranslation, translation);
// assertEquals("Result did not match expected result", expectedTranslation, translation);
// */
// }
}

7
Core/test/unit/src/org/sleuthkit/autopsy/texttranslation/translators/GoogleTranslatorTest.java
View File

@ -37,8 +37,8 @@ public class GoogleTranslatorTest {
// //It's unrealistic to expect the same answer every time, but sometimes
// //it's helpful to have this in your debug process.
//
// String expResult = "translate"; assertEquals(expResult, result);
// System.out.println(result);
// String expResult = "translate"; assertEquals(expResult, result);
// assertEquals("Result did not match expected result" expResult, result);
}
//Commented out because using TranslateOption with the current version of Guava is not supported JIRA-5063
@ -63,7 +63,6 @@ public class GoogleTranslatorTest {
// //It's unrealistic to expect the same answer every time, but sometimes
// //it's helpful to have this in your debug process.
// String expResult = "¡Hola Mundo!";
// assertEquals(expResult, result);
// System.out.println(result);
// assertEquals("Result did not match expected result", expResult, result);
// }
}

5
ImageGallery/src/org/sleuthkit/autopsy/imagegallery/datamodel/grouping/GroupManager.java
View File

@ -64,7 +64,6 @@ import static org.apache.commons.collections4.CollectionUtils.isNotEmpty;
import static org.apache.commons.lang3.ObjectUtils.notEqual;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.concurrent.BasicThreadFactory;
import org.openide.util.Exceptions;
import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.events.ContentTagAddedEvent;
@ -658,7 +657,7 @@ public class GroupManager {
updateCurrentPathGroup(pathGroupKey);
} catch (TskCoreException | TskDataException ex) {
Exceptions.printStackTrace(ex);
logger.log(Level.WARNING, "Error getting drawabledb for fileId " + fileId, ex);
}
// Update all the groups that this file belongs to
@ -986,7 +985,7 @@ public class GroupManager {
.findAny().ifPresent(obj_id -> types.add(mimeType));
}
} catch (SQLException | TskCoreException ex) {
Exceptions.printStackTrace(ex);
logger.log(Level.WARNING, "Error getting group by MIME type", ex);
}
results.putAll(null, types);

1
ImageGallery/src/org/sleuthkit/autopsy/imagegallery/gui/SortChooser.java
View File

@ -174,7 +174,6 @@ public class SortChooser<X, Y extends Comparator<X>> extends HBox {
Image icon = (Image) item.getClass().getMethod("getIcon").invoke(item);
setGraphic(new ImageView(icon));
} catch (NoSuchMethodException | SecurityException | IllegalAccessException | IllegalArgumentException | InvocationTargetException ex) {
// Exceptions.printStackTrace(ex);
setText(item.toString());
setGraphic(null);
}

9
KeywordSearch/solr/solr/configsets/AutopsyConfig/conf/schema.xml
View File

@ -561,10 +561,13 @@
leading wildcard queries. -->
<!--<field name="text_rev" type="text_general_rev" indexed="true" stored="false" multiValued="true"/>-->
<!-- field with white-space tokenized words for TermsComponent regex search (useful for fast search of IP addresses, URLs, certain phone numbers)
also be useful for Lucene based queries containing special characters-->
<!-- populated via copyField -->
<!-- field with white-space tokenized words for TermsComponent regex search.
No longer being populated by Autopsy, but remains for backward compatability.
content_str is used instead to better deal with regex that have white space. -->
<field name="content_ws" type="text_ws" indexed="true" stored="false" multiValued="true" />
<!-- field that contains the raw string form of the chunk. Used for regular expression
matching. Populated by Autopsy using lower-case text and a copyField for file name. -->
<field name="content_str" type="string" indexed="true" stored="true" multiValued="true" />
<!-- Uncommenting the following will create a "timestamp" field using

14
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java
View File

@ -101,25 +101,29 @@ public class Server {
return "image_id"; //NON-NLS
}
},
// This is not stored or index . it is copied to Text and Content_Ws
// This is not stored or indexed. it is copied to text by the schema
CONTENT {
@Override
public String toString() {
return "content"; //NON-NLS
}
},
// String representation for regular expression searching
CONTENT_STR {
@Override
public String toString() {
return "content_str"; //NON-NLS
}
},
// default search field. Populated by schema
TEXT {
@Override
public String toString() {
return "text"; //NON-NLS
}
},
// no longer populated. Was used for regular expression searching.
// Should not be used.
CONTENT_WS {
@Override
public String toString() {
@ -132,28 +136,28 @@ public class Server {
return "file_name"; //NON-NLS
}
},
// note that we no longer index this field
// note that we no longer store or index this field
CTIME {
@Override
public String toString() {
return "ctime"; //NON-NLS
}
},
// note that we no longer index this field
// note that we no longer store or index this field
ATIME {
@Override
public String toString() {
return "atime"; //NON-NLS
}
},
// note that we no longer index this field
// note that we no longer store or index this field
MTIME {
@Override
public String toString() {
return "mtime"; //NON-NLS
}
},
// note that we no longer index this field
// note that we no longer store or index this field
CRTIME {
@Override
public String toString() {

19
KeywordSearch/test/unit/src/org/sleuthkit/autopsy/keywordsearch/CreditCardValidatorTest.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011-2017 Basis Technology Corp.
* Copyright 2011-2019 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -48,8 +48,6 @@ public class CreditCardValidatorTest {
@Test
public void testLengthMatchesBin() {
System.out.println("lengthMatchesBin");
//amex must be 15
assertEquals(true, CreditCardValidator.isValidCCN("3431 136294 58529"));
assertEquals(false, CreditCardValidator.isValidCCN("3431-136294-5850")); //too short
@ -95,8 +93,6 @@ public class CreditCardValidatorTest {
*/
@Test
public void testIsValidCCN16() {
System.out.println("isValidCCN");
//rules for separators and grouping for 16 digits
assertEquals(true, CreditCardValidator.isValidCCN("1234567890318342"));// dashes
assertEquals(true, CreditCardValidator.isValidCCN("1234-5678-9031-8342"));// dashes
@ -111,8 +107,6 @@ public class CreditCardValidatorTest {
@Test
public void testIsValidCCN15() {
System.out.println("isValidCCN");
//amex are fifteen digits, and grouped 4 6 5
//amex cards that strart with 34
assertEquals(true, CreditCardValidator.isValidCCN("3431 136294 58529"));
@ -143,7 +137,6 @@ public class CreditCardValidatorTest {
@Test
public void testIsValidCCN19() {
System.out.println("isValidCCN");
//nineteen digit (visa) cards 4-4-4-4-3
assertEquals(true, CreditCardValidator.isValidCCN("4539747947839518654"));
assertEquals(true, CreditCardValidator.isValidCCN("4539-7479-4783-9518-654"));
@ -168,8 +161,6 @@ public class CreditCardValidatorTest {
@Test
public void testIsValidCCN18() {
System.out.println("isValidCCN");
assertEquals(true, CreditCardValidator.isValidCCN("123456789031834267"));
assertEquals(true, CreditCardValidator.isValidCCN("1234 5678 9031 8342 67"));
assertEquals(true, CreditCardValidator.isValidCCN("1234-56789031834-267"));
@ -181,8 +172,6 @@ public class CreditCardValidatorTest {
@Test
public void testIsValidCCN17() {
System.out.println("isValidCCN");
assertEquals(true, CreditCardValidator.isValidCCN("12345678903183426"));
assertEquals(true, CreditCardValidator.isValidCCN("1234 5678 9031 8342 6"));
assertEquals(true, CreditCardValidator.isValidCCN("1234-56789031834-26"));
@ -194,8 +183,6 @@ public class CreditCardValidatorTest {
@Test
public void testIsValidCCN14() {
System.out.println("isValidCCN");
assertEquals(true, CreditCardValidator.isValidCCN("12345678903183"));
assertEquals(true, CreditCardValidator.isValidCCN("1234 5678 9031 83"));
assertEquals(true, CreditCardValidator.isValidCCN("1234-5678903183"));
@ -207,8 +194,6 @@ public class CreditCardValidatorTest {
@Test
public void testIsValidCCN13() {
System.out.println("isValidCCN");
assertEquals(true, CreditCardValidator.isValidCCN("1234567890318"));
assertEquals(true, CreditCardValidator.isValidCCN("1234 5678 9031 8"));
assertEquals(true, CreditCardValidator.isValidCCN("1234-567890318"));
@ -220,8 +205,6 @@ public class CreditCardValidatorTest {
@Test
public void testIsValidCCN12() {
System.out.println("isValidCCN");
assertEquals(true, CreditCardValidator.isValidCCN("123456789031"));
assertEquals(true, CreditCardValidator.isValidCCN("1234 5678 9031"));
assertEquals(true, CreditCardValidator.isValidCCN("1234-56789031"));

8
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties-MERGED
View File

@ -2,14 +2,9 @@ cannotBuildXmlParser=Unable to build XML parser:
cannotLoadSEUQA=Unable to load Search Engine URL Query Analyzer settings file, SEUQAMappings.xml:
cannotParseXml=Unable to parse XML file:
ChromeCacheExtractor.moduleName=ChromeCacheExtractor
# {0} - module name
# {1} - row number
# {2} - table length
# {3} - cache path
ChromeCacheExtractor.progressMsg={0}: Extracting cache entry {1} of {2} entries from {3}
DataSourceUsage_AndroidMedia=Android Media Card
DataSourceUsage_FlashDrive=Flash Drive
# {0} - OS name
DataSourceUsageAnalyzer.customVolume.label=OS Drive ({0})
DataSourceUsageAnalyzer.parentModuleName=Recent Activity
Extract.indexError.message=Failed to index artifact for keyword search.
@ -64,7 +59,7 @@ ExtractZone_progress_Msg=Extracting :Zone.Identifer files
ExtractZone_Restricted=Restricted Sites Zone
ExtractZone_Trusted=Trusted Sites Zone
OpenIDE-Module-Display-Category=Ingest Module
OpenIDE-Module-Long-Description=Recent Activity ingest module.\n\n\The module extracts useful information about the recent user activity on the disk image being ingested, such as:\n\n- Recently open documents,\n- Web activity (sites visited, stored cookies, book marked sites, search engine queries, file downloads),\n- Recently attached devices,\n- Installed programs.\n\nThe module currently supports Windows only disk images.\nThe plugin is also fully functional when deployed on Windows version of Autopsy.
OpenIDE-Module-Long-Description=Recent Activity ingest module.\n\nThe module extracts useful information about the recent user activity on the disk image being ingested, such as:\n\n- Recently open documents,\n- Web activity (sites visited, stored cookies, book marked sites, search engine queries, file downloads),\n- Recently attached devices,\n- Installed programs.\n\nThe module currently supports Windows only disk images.\nThe plugin is also fully functional when deployed on Windows version of Autopsy.
OpenIDE-Module-Name=RecentActivity
OpenIDE-Module-Short-Description=Recent Activity finder ingest module
Chrome.moduleName=Chrome
@ -187,7 +182,6 @@ RecentDocumentsByLnk.parentModuleName.noSpace=RecentActivity
RecentDocumentsByLnk.parentModuleName=Recent Activity
RegRipperFullNotFound=Full version RegRipper executable not found.
RegRipperNotFound=Autopsy RegRipper executable not found.
# {0} - file name
SearchEngineURLQueryAnalyzer.init.exception.msg=Unable to find {0}.
SearchEngineURLQueryAnalyzer.moduleName.text=Search Engine
SearchEngineURLQueryAnalyzer.engineName.none=NONE

28
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -390,12 +390,6 @@ class ExtractRegistry extends Extract {
Element oroot = doc.getDocumentElement();
NodeList children = oroot.getChildNodes();
int len = children.getLength();
// Add all "usb" dataType nodes to collection of BlackboardArtifacts
// that we will submit in a ModuleDataEvent for additional processing.
Collection<BlackboardArtifact> usbBBartifacts = new ArrayList<>();
// Add all "ssid" dataType nodes to collection of BlackboardArtifacts
// that we will submit in a ModuleDataEvent for additional processing.
Collection<BlackboardArtifact> wifiBBartifacts = new ArrayList<>();
for (int i = 0; i < len; i++) {
if (context.dataSourceIngestIsCancelled()) {
@ -652,10 +646,8 @@ class ExtractRegistry extends Extract {
// index the artifact for keyword search
postArtifact(bbart);
// add to collection for ModuleDataEvent
usbBBartifacts.add(bbart);
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error adding device attached artifact to blackboard."); //NON-NLS
logger.log(Level.SEVERE, "Error adding device attached artifact to blackboard.", ex); //NON-NLS
}
break;
case "uninstall": //NON-NLS
@ -666,8 +658,8 @@ class ExtractRegistry extends Extract {
itemMtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(mTimeAttr).getTime(); //NON-NLS
itemMtime /= MS_IN_SEC;
}
} catch (ParseException e) {
logger.log(Level.WARNING, "Failed to parse epoch time for installed program artifact."); //NON-NLS
} catch (ParseException ex) {
logger.log(Level.WARNING, "Failed to parse epoch time for installed program artifact.", ex); //NON-NLS
}
try {
@ -679,7 +671,7 @@ class ExtractRegistry extends Extract {
// index the artifact for keyword search
postArtifact(bbart);
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error adding installed program artifact to blackboard."); //NON-NLS
logger.log(Level.SEVERE, "Error adding installed program artifact to blackboard.", ex); //NON-NLS
}
break;
case "office": //NON-NLS
@ -699,7 +691,7 @@ class ExtractRegistry extends Extract {
// index the artifact for keyword search
postArtifact(bbart);
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error adding recent object artifact to blackboard."); //NON-NLS
logger.log(Level.SEVERE, "Error adding recent object artifact to blackboard.", ex); //NON-NLS
}
break;
@ -766,7 +758,7 @@ class ExtractRegistry extends Extract {
// index the artifact for keyword search
postArtifact(bbart);
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error adding account artifact to blackboard."); //NON-NLS
logger.log(Level.SEVERE, "Error adding account artifact to blackboard.", ex); //NON-NLS
}
break;
@ -783,7 +775,7 @@ class ExtractRegistry extends Extract {
// index the artifact for keyword search
postArtifact(bbart);
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error adding network artifact to blackboard."); //NON-NLS
logger.log(Level.SEVERE, "Error adding network artifact to blackboard.", ex); //NON-NLS
}
break;
case "SSID": // NON-NLS
@ -798,9 +790,8 @@ class ExtractRegistry extends Extract {
bbart.addAttributes(bbattributes);
// index the artifact for keyword search
postArtifact(bbart);
wifiBBartifacts.add(bbart);
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error adding SSID artifact to blackboard."); //NON-NLS
logger.log(Level.SEVERE, "Error adding SSID artifact to blackboard.", ex); //NON-NLS
}
break;
case "shellfolders": // NON-NLS
@ -818,9 +809,6 @@ class ExtractRegistry extends Extract {
break;
}
} // for
postArtifacts(usbBBartifacts);
postArtifacts(wifiBBartifacts);
return true;
} catch (FileNotFoundException ex) {
logger.log(Level.SEVERE, "Error finding the registry file.", ex); //NON-NLS

4
ScalpelCarver/src/org/sleuthkit/autopsy/scalpel/jni/ScalpelCarver.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2013 Basis Technology Corp.
* Copyright 2013-2019 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -79,11 +79,9 @@ public class ScalpelCarver {
success = true;
} catch (UnsatisfiedLinkError ex) {
String msg = NbBundle.getMessage(ScalpelCarver.class, "ScalpelCarver.loadLib.errMsg.cannotLoadLib", id);
System.out.println(msg + ex.toString());
logger.log(Level.SEVERE, msg, ex);
} catch (Exception ex) {
String msg = NbBundle.getMessage(ScalpelCarver.class, "ScalpelCarver.loadLib.errMsg.cannotLoadLib2", id);
System.out.println(msg + ex.toString());
logger.log(Level.SEVERE, msg, ex);
}

21
test/script/tskdbdiff.py
View File

@ -437,7 +437,26 @@ def normalize_db_entry(line, files_table, vs_parts_table, vs_info_table, fs_info
ig_groups_seen_index = line.find('INSERT INTO "image_gallery_groups_seen"') > -1 or line.find('INSERT INTO image_gallery_groups_seen ') > -1
parens = line[line.find('(') + 1 : line.rfind(')')]
fields_list = list(csv.reader([parens.replace(" ", "")], quotechar="'"))[0]
no_space_parens = parens.replace(" ", "")
fields_list = list(csv.reader([no_space_parens], quotechar="'"))[0]
#Add back in the quotechar for values that were originally wrapped (csv reader consumes this character)
fields_list_with_quotes = []
ptr = 0
for field in fields_list:
if(len(field) == 0):
field = "'" + field + "'"
else:
start = no_space_parens.find(field, ptr)
if((start - 1) >= 0 and no_space_parens[start - 1] == '\''):
if((start + len(field)) < len(no_space_parens) and no_space_parens[start + len(field)] == '\''):
field = "'" + field + "'"
fields_list_with_quotes.append(field)
if(ptr > 0):
#Add one for each comma that is used to separate values in the original string
ptr+=1
ptr += len(field)
fields_list = fields_list_with_quotes
# remove object ID
if files_index: