From 7dbb635ba0c4109a4863531ad2c5b653e7cf6368 Mon Sep 17 00:00:00 2001 From: adam-m Date: Mon, 26 Mar 2012 10:56:54 -0400 Subject: [PATCH 1/6] Override preferredID method for tc --- .../autopsy/ingest/IngestMessageTopComponent.java | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Ingest/src/org/sleuthkit/autopsy/ingest/IngestMessageTopComponent.java b/Ingest/src/org/sleuthkit/autopsy/ingest/IngestMessageTopComponent.java index 192ecdcf6d..fb2a27ec84 100644 --- a/Ingest/src/org/sleuthkit/autopsy/ingest/IngestMessageTopComponent.java +++ b/Ingest/src/org/sleuthkit/autopsy/ingest/IngestMessageTopComponent.java @@ -75,6 +75,13 @@ public final class IngestMessageTopComponent extends TopComponent implements Ing return getDefault(); } + @Override + protected String preferredID() { + return PREFERRED_ID; + } + + + /** This method is called from within the constructor to * initialize the form. * WARNING: Do NOT modify this code. The content of this method is From abff5dce99d9c71b4cfdf29d74601442efd93791 Mon Sep 17 00:00:00 2001 From: adam-m Date: Mon, 26 Mar 2012 11:04:24 -0400 Subject: [PATCH 2/6] Use proper regex for URLs --- .../autopsy/keywordsearch/KeywordSearchListsXML.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchListsXML.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchListsXML.java index 4030d2c12e..05afd0e93e 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchListsXML.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchListsXML.java @@ -113,10 +113,10 @@ public class KeywordSearchListsXML { emails.add(new Keyword("[A-Z0-9._%-]+@[A-Z0-9.-]+\\.[A-Z]{2,4}", false, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL)); //URL List urls = new ArrayList(); - urls.add(new Keyword("http://|https://|^www\\.", false, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL)); - //urls.add(new Keyword("((((ht|f)tp(s?))\\://)|www\\.)[a-zA-Z0-9\\-\\.]+\\.([a-zA-Z]{2,5})(\\:[0-9]+)*(/($|[a-zA-Z0-9\\.\\,\\;\\?\\'\\\\+&%\\$#\\=~_\\-]+))*", false, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL)); + //urls.add(new Keyword("http://|https://|^www\\.", false, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL)); + urls.add(new Keyword("((((ht|f)tp(s?))\\://)|www\\.)[a-zA-Z0-9\\-\\.]+\\.([a-zA-Z]{2,5})(\\:[0-9]+)*(/($|[a-zA-Z0-9\\.\\,\\;\\?\\'\\\\+&%\\$#\\=~_\\-]+))*", false, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL)); - urls.add(new Keyword("ssh://", false, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL)); + //urls.add(new Keyword("ssh://", false, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL)); addList("Phone Numbers", phones, true, true); addList("IP Addresses", ips, true, true); From 6e491f31491f283cb9115cfe94f88242df2ee42b Mon Sep 17 00:00:00 2001 From: adam-m Date: Mon, 26 Mar 2012 11:26:39 -0400 Subject: [PATCH 3/6] change URL regex --- .../autopsy/keywordsearch/KeywordSearchListsXML.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchListsXML.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchListsXML.java index 05afd0e93e..81b12ae098 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchListsXML.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchListsXML.java @@ -113,8 +113,8 @@ public class KeywordSearchListsXML { emails.add(new Keyword("[A-Z0-9._%-]+@[A-Z0-9.-]+\\.[A-Z]{2,4}", false, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL)); //URL List urls = new ArrayList(); - //urls.add(new Keyword("http://|https://|^www\\.", false, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL)); - urls.add(new Keyword("((((ht|f)tp(s?))\\://)|www\\.)[a-zA-Z0-9\\-\\.]+\\.([a-zA-Z]{2,5})(\\:[0-9]+)*(/($|[a-zA-Z0-9\\.\\,\\;\\?\\'\\\\+&%\\$#\\=~_\\-]+))*", false, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL)); + urls.add(new Keyword("http://|https://|^www\\.", false, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL)); + //urls.add(new Keyword("((((ht|f)tp(s?))\\://)|www\\.)[a-zA-Z0-9\\-\\.]+\\.([a-zA-Z]{2,5})(\\:[0-9]+)*(/($|[a-zA-Z0-9\\.\\,\\;\\?\\'\\\\+&%\\$#\\=~_\\-]+))*", false, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL)); //urls.add(new Keyword("ssh://", false, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL)); From 84d383ee5f6b5c9bccca29b65ee2f257eed2d54d Mon Sep 17 00:00:00 2001 From: dickfickling Date: Mon, 26 Mar 2012 13:05:34 -0300 Subject: [PATCH 4/6] Update README.txt --- README.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.txt b/README.txt index d60b385dea..d3095b61a4 100644 --- a/README.txt +++ b/README.txt @@ -20,6 +20,10 @@ Autopsy requires the Java Runtime Environment (JRE) to be installed. A 32-bit ve You can download Java from here: http://java.com/en/download/index.jsp +Before running Autopsy, you will have to install GStreamer and add the GStreamer 'lib' folder to the PATH environment variable +GStreamer builds for Windows are available at http://code.google.com/p/ossbuild/downloads/list + + You should be able to simply open the Autopsy ZIP file and run the autopsy.exe program located in the 'bin' folder. @@ -29,6 +33,8 @@ The primary development of Autopsy 3 has been done at Basis Technology. The foll * Anthony Lawrence * James Antonius * Peter Martel +* Adam Malinowski +* Dick Fickling FEEDBACK From c488275bc44af15db6f0956dbc9ba772b2ce641f Mon Sep 17 00:00:00 2001 From: adam-m Date: Mon, 26 Mar 2012 12:27:05 -0400 Subject: [PATCH 5/6] Quietly handle exception when closing case and solr core and some viewer is attemtping to get content --- .../sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java index a7a557990c..4a40113b91 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java @@ -199,7 +199,7 @@ public class ExtractedContentViewer implements DataContentViewer { try { solrCore = KeywordSearch.getServer().getCore(); } catch (RuntimeException e) { - logger.log(Level.INFO, "Could not get Solr Core", e); + logger.log(Level.INFO, "Could not get Solr Core"); } if (solrCore == null) { return false; From ae4731f3a65d18f417050728c502a6ffbd3bd013 Mon Sep 17 00:00:00 2001 From: adam-m Date: Mon, 26 Mar 2012 12:36:11 -0400 Subject: [PATCH 6/6] handle no solr code exception in extracted content --- .../autopsy/keywordsearch/ExtractedContentViewer.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java index 4a40113b91..7b9668c1a9 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java @@ -199,7 +199,10 @@ public class ExtractedContentViewer implements DataContentViewer { try { solrCore = KeywordSearch.getServer().getCore(); } catch (RuntimeException e) { - logger.log(Level.INFO, "Could not get Solr Core"); + logger.log(Level.INFO, "Could not get Solr Core", e); + } + catch (Exception e) { + logger.log(Level.INFO, "Could not get Solr Core", e); } if (solrCore == null) { return false;