Added ingest messages summarizing browser data found on the image.

RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java

@@ -82,6 +82,7 @@ public class Chrome extends Extract {
 
     @Override
     public void process(PipelineContext<IngestModuleDataSource>pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) {
+        historyFound = true;
         this.getHistory(dataSource, controller);
         this.getBookmark(dataSource, controller);
         this.getCookie(dataSource, controller);
@@ -104,6 +105,7 @@ public class Chrome extends Extract {
             String msg = "Error when trying to get Chrome history files.";
             logger.log(Level.SEVERE, msg, ex);
             this.addErrorMessage(this.getName() + ": " + msg);
+            historyFound = false;
             return;
         }
         
@@ -117,7 +119,10 @@ public class Chrome extends Extract {
         
         // log a message if we don't have any allocated history files
         if (allocatedHistoryFiles.isEmpty()) {
-            logger.log(Level.INFO, "Could not find any allocated Chrome history files.");
+            String msg = "Could not find any allocated Chrome history files.";
+            logger.log(Level.INFO, msg);
+            addErrorMessage(getName() + ": " + msg);
+            historyFound = false;
             return;
         }
 
@@ -380,9 +385,11 @@ public class Chrome extends Extract {
                 break;
             }
 
-            List<HashMap<String, Object>> tempList = this.dbConnect(temps, downloadQuery);
+            List<HashMap<String, Object>> tempList = null;
             
-            if (tempList.isEmpty()) {
+            if (isChromePreVersion30(temps)) {
+                tempList = this.dbConnect(temps, downloadQuery);
+            } else {
                 tempList = this.dbConnect(temps, downloadQueryVersion30);
             }
             
@@ -495,4 +502,16 @@ public class Chrome extends Extract {
     public boolean hasBackgroundJobsRunning() {
         return false;
     }
+
+    private boolean isChromePreVersion30(String temps) {
+        String query = "PRAGMA table_info(downloads)";
+        List<HashMap<String, Object>> columns = this.dbConnect(temps, query);
+        for (HashMap<String, Object> col : columns) {
+            if (col.get("name").equals("url")) {
+                return true;
+            }
+        }
+        
+        return false;
+    }
 }

RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Extract.java

@@ -40,10 +40,11 @@ abstract public class Extract extends IngestModuleDataSource{
     public final Logger logger = Logger.getLogger(this.getClass().getName());
     protected final ArrayList<String> errorMessages = new ArrayList<>();
     protected String moduleName = "";
+    protected boolean historyFound = false;
     
     //hide public constructor to prevent from instantiation by ingest module loader
     Extract() {
-        
+        historyFound = true;
     }
     
     /**
@@ -103,6 +104,7 @@ abstract public class Extract extends IngestModuleDataSource{
             tempdbconnect.closeConnection();
         } catch (SQLException ex) {
             logger.log(Level.SEVERE, "Error while trying to read into a sqlite db." + connectionString, ex);
+            errorMessages.add(getName() + ": Failed to query database.");
             return Collections.<HashMap<String,Object>>emptyList();
         }
         return list;
@@ -142,4 +144,8 @@ abstract public class Extract extends IngestModuleDataSource{
     public String getName() {
         return moduleName;
     }
+    
+    public boolean foundHistory() {
+        return historyFound;
+    }
 }

RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java

@@ -93,6 +93,7 @@ public class ExtractIE extends Extract {
 
     @Override
     public void process(PipelineContext<IngestModuleDataSource>pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) {
+        historyFound = true;
         this.getBookmark(dataSource, controller);
         this.getCookie(dataSource, controller);
         this.getRecentDocuments(dataSource, controller);
@@ -299,6 +300,14 @@ public class ExtractIE extends Extract {
             return;
         }
 
+        if (indexFiles.isEmpty()) {
+            String msg = "No InternetExplorer history files found.";
+            logger.log(Level.INFO, msg);
+            addErrorMessage(getName() + ": " + msg);
+            historyFound = false;
+            return;
+        }
+        
         String temps;
         String indexFileName;
         for (AbstractFile indexFile : indexFiles) {

RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java

@@ -74,7 +74,8 @@ public class Firefox extends Extract {
     }
 
     @Override
-    public void process(PipelineContext<IngestModuleDataSource>pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) {
+    public void process(PipelineContext<IngestModuleDataSource> pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) {
+        historyFound = true;
         this.getHistory(dataSource, controller);
         this.getBookmark(dataSource, controller);
         this.getDownload(dataSource, controller);
@@ -94,6 +95,16 @@ public class Firefox extends Extract {
             String msg = "Error fetching internet history files for Firefox.";
             logger.log(Level.WARNING, msg);
             this.addErrorMessage(this.getName() + ": " + msg);
+            historyFound = false;
+            return;
+        }
+        
+        if (historyFiles.isEmpty()) {
+            String msg = "No FireFox history files found.";
+            logger.log(Level.INFO, msg);
+            addErrorMessage(getName() + ": " + msg);
+            historyFound = false;
+            return;
         }
 
         int j = 0;
@@ -266,29 +277,8 @@ public class Firefox extends Extract {
         services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE));
     }
 
-    /**
-     * Queries for downloads files and adds artifacts
-     * @param dataSource
-     * @param controller 
-     */
-    private void getDownload(Content dataSource, IngestDataSourceWorkerController controller) {
-
-        FileManager fileManager = currentCase.getServices().getFileManager();
-        List<AbstractFile> downloadsFiles = null;
-        try {
-            downloadsFiles = fileManager.findFiles(dataSource, "downloads.sqlite", "Firefox");
-        } catch (TskCoreException ex) {
-            String msg = "Error fetching 'downloads' files for Firefox.";
-            logger.log(Level.WARNING, msg);
-            this.addErrorMessage(this.getName() + ": " + msg);
-            return;
-        }
-        
-        if (downloadsFiles.isEmpty()) {
-            getDownloadVersion24(dataSource, controller);
-            return;
-        }
     
+    private void getDownloadPreVersion24(Content dataSource, IngestDataSourceWorkerController controller, List<AbstractFile> downloadsFiles) {
         int j = 0;
         for (AbstractFile downloadsFile : downloadsFiles) {
             if (downloadsFile.getSize() == 0) {
@@ -311,10 +301,6 @@ public class Firefox extends Extract {
             }
 
             List<HashMap<String, Object>> tempList = this.dbConnect(temps, downloadQuery);
-            if (tempList.isEmpty()) {
-                getDownloadVersion24(dataSource, controller);
-                return;
-            }
             logger.log(Level.INFO, moduleName + "- Now getting downloads from " + temps + " with " + tempList.size() + "artifacts identified.");
             for (HashMap<String, Object> result : tempList) {
                 
@@ -350,6 +336,28 @@ public class Firefox extends Extract {
         
         services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD));
     }
+    /**
+     * Queries for downloads files and adds artifacts
+     * @param dataSource
+     * @param controller 
+     */
+    private void getDownload(Content dataSource, IngestDataSourceWorkerController controller) {
+        FileManager fileManager = currentCase.getServices().getFileManager();
+        List<AbstractFile> downloadsFiles = null;
+        List<AbstractFile> placesFiles = null;
+        try {
+            downloadsFiles = fileManager.findFiles(dataSource, "downloads.sqlite", "Firefox");
+            placesFiles = fileManager.findFiles(dataSource, "places.sqlite", "Firefox");
+        } catch (TskCoreException ex) {
+            String msg = "Error fetching 'downloads' files for Firefox.";
+            logger.log(Level.WARNING, msg);
+            this.addErrorMessage(this.getName() + ": " + msg);
+            return;
+        }
+        
+        getDownloadPreVersion24(dataSource, controller, downloadsFiles);
+        getDownloadVersion24(dataSource, controller, placesFiles);
+    }
 
     @Override
     public void init(IngestModuleInit initContext) {
@@ -374,18 +382,7 @@ public class Firefox extends Extract {
         return false;
     }
 
-    private void getDownloadVersion24(Content dataSource, IngestDataSourceWorkerController controller) {
+    private void getDownloadVersion24(Content dataSource, IngestDataSourceWorkerController controller, List<AbstractFile> downloadsFiles) {
-        FileManager fileManager = currentCase.getServices().getFileManager();
-        List<AbstractFile> downloadsFiles = null;
-        try {
-            downloadsFiles = fileManager.findFiles(dataSource, "places.sqlite", "Firefox");
-        } catch (TskCoreException ex) {
-            String msg = "Error fetching 'places' files for Firefox.";
-            logger.log(Level.WARNING, msg);
-            this.addErrorMessage(this.getName() + ": " + msg);
-            return;
-        }
-
         int j = 0;
         for (AbstractFile downloadsFile : downloadsFiles) {
             if (downloadsFile.getSize() == 0) {
@@ -408,6 +405,7 @@ public class Firefox extends Extract {
             }
             
             List<HashMap<String, Object>> tempList = this.dbConnect(temps, downloadQueryVersion24);
+            
             logger.log(Level.INFO, moduleName + "- Now getting downloads from " + temps + " with " + tempList.size() + "artifacts identified.");
             for (HashMap<String, Object> result : tempList) {
                 

RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java

@@ -23,8 +23,8 @@
 package org.sleuthkit.autopsy.recentactivity;
 
 import java.io.File;
-import java.nio.file.Path;
 import java.util.ArrayList;
+import java.util.List;
 import java.util.logging.Level;
 import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.coreutils.Logger;
@@ -49,6 +49,7 @@ public final class RAImageIngestModule extends IngestModuleDataSource {
     private static int messageId = 0;
     private StringBuilder subCompleted = new StringBuilder();
     private ArrayList<Extract> modules;
+    private List<Extract> browserModules;
     final public static String MODULE_VERSION = "1.0";
 
     //public constructor is required
@@ -106,6 +107,17 @@ public final class RAImageIngestModule extends IngestModuleDataSource {
         }
         final IngestMessage msg = IngestMessage.createMessage(++messageId, msgLevel, this, "Finished " + dataSource.getName()+ " - " + errorMsgSubject, errorMessage.toString());
         services.postMessage(msg);
+        
+        StringBuilder historyMsg = new StringBuilder();
+        historyMsg.append("<p>Browser Data on ").append(dataSource.getName()).append(":<ul>\n");
+        for (Extract module : browserModules) {
+            historyMsg.append("<li>").append(module.getName());
+            historyMsg.append(": ").append((module.foundHistory()) ? " Found." : " Not Found.");
+            historyMsg.append("</li>");
+        }
+        historyMsg.append("</ul>");
+        final IngestMessage inboxMsg = IngestMessage.createMessage(++messageId, MessageType.INFO, this, dataSource.getName() + " - Browser Results", historyMsg.toString());
+        services.postMessage(inboxMsg);
     }
 
     @Override
@@ -139,17 +151,28 @@ public final class RAImageIngestModule extends IngestModuleDataSource {
     @Override
     public void init(IngestModuleInit initContext) {
         modules = new ArrayList<>();
+        browserModules = new ArrayList();
         logger.log(Level.INFO, "init() {0}", this.toString());
         services = IngestServices.getDefault();
 
-        modules.add(new Chrome());
+        final Extract registry = new ExtractRegistry();
-        modules.add(new Firefox());
+        final Extract iexplore = new ExtractIE();
-        modules.add(new ExtractIE());
+        final Extract chrome = new Chrome();
+        final Extract firefox = new Firefox();
+        final Extract SEUQA = new SearchEngineURLQueryAnalyzer();
+
+        modules.add(chrome);
+        modules.add(firefox);
+        modules.add(iexplore);
         // this needs to run after the web browser modules
-        modules.add(new SearchEngineURLQueryAnalyzer());
+        modules.add(SEUQA);
         
         // this runs last because it is slowest
-        modules.add(new ExtractRegistry());
+        modules.add(registry);
+        
+        browserModules.add(chrome);
+        browserModules.add(firefox);
+        browserModules.add(iexplore);
 
         for (Extract module : modules) {
             try {