mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 18:17:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' of https://github.com/sleuthkit/autopsy into 3202-TagsMessagingOnStatusChange

Browse Source
This commit is contained in:
William Schaefer 2017-11-22 12:22:36 -05:00
commit 84181a922c
11 changed files with 766 additions and 255 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamDb.java
View File

@ -95,14 +95,6 @@ public interface EamDb {
&& EamDbPlatformEnum.getSelectedPlatform() != EamDbPlatformEnum.DISABLED; && EamDbPlatformEnum.getSelectedPlatform() != EamDbPlatformEnum.DISABLED;
} }
/**
* Placeholder version to use for non-read only databases
* @return The version that will be stored in the database
*/
static String getDefaultVersion() {
return "";
}
/** /**
* Add a new name/value pair in the db_info table. * Add a new name/value pair in the db_info table.
* *

168
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/EncaseHashSetParser.java Normal file
View File

@ -0,0 +1,168 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011 - 2017 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.modules.hashdatabase;
import java.io.InputStream;
import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Arrays;
import java.util.logging.Level;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.datamodel.TskCoreException;
/**
* Parser for Encase format hash sets (*.hash)
*/
class EncaseHashSetParser implements HashSetParser {
private final byte[] encaseHeader = {(byte) 0x48, (byte) 0x41, (byte) 0x53, (byte) 0x48, (byte) 0x0d, (byte) 0x0a, (byte) 0xff, (byte) 0x00,
(byte) 0x02, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01, (byte) 0x00, (byte) 0x00, (byte) 0x00};
private final String filename; // Name of the input file (saved for logging)
private InputStream inputStream; // File stream for file being imported
private final long expectedHashCount; // Number of hashes we expect to read from the file
private int totalHashesRead = 0; // Number of hashes that have been read
/**
* Opens the import file and parses the header. If this is successful, the
* file will be set up to call getNextHash() to read the hash values.
*
* @param filename The Encase hash set
* @throws TskCoreException There was an error opening/reading the file or
* it is not the correct format
*/
EncaseHashSetParser(String filename) throws TskCoreException {
try {
this.filename = filename;
inputStream = new BufferedInputStream(new FileInputStream(filename));
// Read in and test the 16 byte header
byte[] header = new byte[16];
readBuffer(header, 16);
if (!Arrays.equals(header, encaseHeader)) {
close();
throw new TskCoreException("File " + filename + " does not have an Encase header");
}
// Read in the expected number of hashes (little endian)
byte[] sizeBuffer = new byte[4];
readBuffer(sizeBuffer, 4);
expectedHashCount = ((sizeBuffer[3] & 0xff) << 24) | ((sizeBuffer[2] & 0xff) << 16)
| ((sizeBuffer[1] & 0xff) << 8) | (sizeBuffer[0] & 0xff);
// Read in a bunch of nulls
byte[] filler = new byte[0x3f4];
readBuffer(filler, 0x3f4);
// Read in the hash set name
byte[] nameBuffer = new byte[0x50];
readBuffer(nameBuffer, 0x50);
// Read in the hash set type
byte[] typeBuffer = new byte[0x28];
readBuffer(typeBuffer, 0x28);
// At this point we're past the header and ready to read in the hashes
} catch (IOException ex) {
close();
throw new TskCoreException("Error reading " + filename, ex);
} catch (TskCoreException ex) {
close();
throw ex;
}
}
/**
* Get the expected number of hashes in the file. This number can be an
* estimate.
*
* @return The expected hash count
*/
@Override
public long getExpectedHashCount() {
return expectedHashCount;
}
/**
* Check if there are more hashes to read
*
* @return true if we've read all expected hash values, false otherwise
*/
@Override
public boolean doneReading() {
return (totalHashesRead >= expectedHashCount);
}
/**
* Get the next hash to import
*
* @return The hash as a string, or null if the end of file was reached
* without error
* @throws TskCoreException
*/
@Override
public String getNextHash() throws TskCoreException {
if (inputStream == null) {
throw new TskCoreException("Attempting to read from null inputStream");
}
byte[] hashBytes = new byte[16];
byte[] divider = new byte[2];
try {
readBuffer(hashBytes, 16);
readBuffer(divider, 2);
StringBuilder sb = new StringBuilder();
for (byte b : hashBytes) {
sb.append(String.format("%02x", b));
}
totalHashesRead++;
return sb.toString();
} catch (IOException ex) {
throw new TskCoreException("Ran out of data while reading Encase hash set " + filename, ex);
}
}
/**
* Closes the import file
*/
@Override
public final void close() {
if (inputStream != null) {
try {
inputStream.close();
} catch (IOException ex) {
Logger.getLogger(EncaseHashSetParser.class.getName()).log(Level.SEVERE, "Error closing Encase hash set " + filename, ex);
} finally {
inputStream = null;
}
}
}
private void readBuffer(byte[] buffer, int length) throws TskCoreException, IOException {
if (inputStream == null) {
throw new TskCoreException("readBuffer called on null inputStream");
}
if (length != inputStream.read(buffer)) {
throw new TskCoreException("Ran out of data unexpectedly while parsing Encase file " + filename);
}
}
}

8
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbCreateDatabaseDialog.java
View File

@ -423,7 +423,7 @@ final class HashDbCreateDatabaseDialog extends javax.swing.JDialog {
}//GEN-LAST:event_saveAsButtonActionPerformed }//GEN-LAST:event_saveAsButtonActionPerformed
@NbBundle.Messages({"HashDbCreateDatabaseDialog.missingOrg=An organization must be selected", @NbBundle.Messages({"HashDbCreateDatabaseDialog.missingOrg=An organization must be selected",
"HashDbCreateDatabaseDialog.duplicateName=A hashset with this name and version already exists", "HashDbCreateDatabaseDialog.duplicateName=A hashset with this name already exists",
"HashDbCreateDatabaseDialog.databaseLookupError=Error accessing central repository", "HashDbCreateDatabaseDialog.databaseLookupError=Error accessing central repository",
"HashDbCreateDatabaseDialog.databaseCreationError=Error creating new hash set" "HashDbCreateDatabaseDialog.databaseCreationError=Error creating new hash set"
}) })
@ -500,7 +500,7 @@ final class HashDbCreateDatabaseDialog extends javax.swing.JDialog {
} else { } else {
// Check if a hash set with the same name/version already exists // Check if a hash set with the same name/version already exists
try{ try{
if(EamDb.getInstance().referenceSetExists(hashSetNameTextField.getText(), EamDb.getDefaultVersion())){ if(EamDb.getInstance().referenceSetExists(hashSetNameTextField.getText(), "")){
JOptionPane.showMessageDialog(this, JOptionPane.showMessageDialog(this,
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"HashDbCreateDatabaseDialog.duplicateName"), "HashDbCreateDatabaseDialog.duplicateName"),
@ -522,9 +522,9 @@ final class HashDbCreateDatabaseDialog extends javax.swing.JDialog {
try{ try{
int referenceSetID = EamDb.getInstance().newReferenceSet(new EamGlobalSet(selectedOrg.getOrgID(), hashSetNameTextField.getText(), int referenceSetID = EamDb.getInstance().newReferenceSet(new EamGlobalSet(selectedOrg.getOrgID(), hashSetNameTextField.getText(),
EamDb.getDefaultVersion(), fileKnown, false)); "", fileKnown, false));
newHashDb = HashDbManager.getInstance().addExistingCentralRepoHashSet(hashSetNameTextField.getText(), newHashDb = HashDbManager.getInstance().addExistingCentralRepoHashSet(hashSetNameTextField.getText(),
EamDb.getDefaultVersion(), referenceSetID, "", referenceSetID,
true, sendIngestMessagesCheckbox.isSelected(), type, false); true, sendIngestMessagesCheckbox.isSelected(), type, false);
} catch (EamDbException | TskCoreException ex){ } catch (EamDbException | TskCoreException ex){
Logger.getLogger(HashDbImportDatabaseDialog.class.getName()).log(Level.SEVERE, "Error creating new reference set", ex); Logger.getLogger(HashDbImportDatabaseDialog.class.getName()).log(Level.SEVERE, "Error creating new reference set", ex);

13
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbImportDatabaseDialog.java
View File

@ -88,11 +88,11 @@ final class HashDbImportDatabaseDialog extends javax.swing.JDialog {
fileChooser.setMultiSelectionEnabled(false); fileChooser.setMultiSelectionEnabled(false);
} }
@NbBundle.Messages({"HashDbImportDatabaseDialog.centralRepoExtFilter.text=Hash Database File (.idx only)"}) @NbBundle.Messages({"HashDbImportDatabaseDialog.centralRepoExtFilter.text=Hash Database File (.kdb, .idx or .hash)"})
private void updateFileChooserFilter() { private void updateFileChooserFilter() {
fileChooser.resetChoosableFileFilters(); fileChooser.resetChoosableFileFilters();
if(centralRepoRadioButton.isSelected()){ if(centralRepoRadioButton.isSelected()){
String[] EXTENSION = new String[]{"idx"}; //NON-NLS String[] EXTENSION = new String[]{"kdb", "idx", "hash", "Hash"}; //NON-NLS
FileNameExtensionFilter filter = new FileNameExtensionFilter( FileNameExtensionFilter filter = new FileNameExtensionFilter(
NbBundle.getMessage(this.getClass(), "HashDbImportDatabaseDialog.centralRepoExtFilter.text"), EXTENSION); NbBundle.getMessage(this.getClass(), "HashDbImportDatabaseDialog.centralRepoExtFilter.text"), EXTENSION);
fileChooser.setFileFilter(filter); fileChooser.setFileFilter(filter);
@ -447,7 +447,8 @@ final class HashDbImportDatabaseDialog extends javax.swing.JDialog {
@NbBundle.Messages({"HashDbImportDatabaseDialog.missingVersion=A version must be entered", @NbBundle.Messages({"HashDbImportDatabaseDialog.missingVersion=A version must be entered",
"HashDbImportDatabaseDialog.missingOrg=An organization must be selected", "HashDbImportDatabaseDialog.missingOrg=An organization must be selected",
"HashDbImportDatabaseDialog.duplicateName=A hashset with this name and version already exists", "HashDbImportDatabaseDialog.duplicateName=A hashset with this name and version already exists",
"HashDbImportDatabaseDialog.databaseLookupError=Error accessing central repository" "HashDbImportDatabaseDialog.databaseLookupError=Error accessing central repository",
"HashDbImportDatabaseDialog.mustEnterHashSetNameMsg=A hash set name must be entered."
}) })
private void okButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_okButtonActionPerformed private void okButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_okButtonActionPerformed
// Note that the error handlers in this method call return without disposing of the // Note that the error handlers in this method call return without disposing of the
@ -456,7 +457,7 @@ final class HashDbImportDatabaseDialog extends javax.swing.JDialog {
if (hashSetNameTextField.getText().isEmpty()) { if (hashSetNameTextField.getText().isEmpty()) {
JOptionPane.showMessageDialog(this, JOptionPane.showMessageDialog(this,
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"HashDbCreateDatabaseDialog.mustEnterHashSetNameMsg"), "HashDbImportDatabaseDialog.mustEnterHashSetNameMsg"),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"HashDbImportDatabaseDialog.importHashDbErr"), "HashDbImportDatabaseDialog.importHashDbErr"),
JOptionPane.ERROR_MESSAGE); JOptionPane.ERROR_MESSAGE);
@ -464,7 +465,7 @@ final class HashDbImportDatabaseDialog extends javax.swing.JDialog {
} }
if(centralRepoRadioButton.isSelected()){ if(centralRepoRadioButton.isSelected()){
if(versionTextField.getText().isEmpty()){ if(readOnlyCheckbox.isSelected() && versionTextField.getText().isEmpty()){
JOptionPane.showMessageDialog(this, JOptionPane.showMessageDialog(this,
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"HashDbImportDatabaseDialog.missingVersion"), "HashDbImportDatabaseDialog.missingVersion"),
@ -557,7 +558,7 @@ final class HashDbImportDatabaseDialog extends javax.swing.JDialog {
version = versionTextField.getText(); version = versionTextField.getText();
} else { } else {
// Editable databases don't have a version // Editable databases don't have a version
version = EamDb.getDefaultVersion(); version = "";
} }
ImportCentralRepoDbProgressDialog progressDialog = new ImportCentralRepoDbProgressDialog(); ImportCentralRepoDbProgressDialog progressDialog = new ImportCentralRepoDbProgressDialog();
progressDialog.importFile(hashSetNameTextField.getText(), version, progressDialog.importFile(hashSetNameTextField.getText(), version,

14
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbManager.java
View File

@ -729,8 +729,6 @@ public class HashDbManager implements PropertyChangeListener {
public abstract boolean getSearchDuringIngest(); public abstract boolean getSearchDuringIngest();
abstract boolean getDefaultSearchDuringIngest();
abstract void setSearchDuringIngest(boolean useForIngest); abstract void setSearchDuringIngest(boolean useForIngest);
public abstract boolean getSendIngestMessages(); public abstract boolean getSendIngestMessages();
@ -870,12 +868,6 @@ public class HashDbManager implements PropertyChangeListener {
return searchDuringIngest; return searchDuringIngest;
} }
@Override
boolean getDefaultSearchDuringIngest(){
// File type hash sets are on by default
return true;
}
@Override @Override
void setSearchDuringIngest(boolean useForIngest) { void setSearchDuringIngest(boolean useForIngest) {
this.searchDuringIngest = useForIngest; this.searchDuringIngest = useForIngest;
@ -1177,12 +1169,6 @@ public class HashDbManager implements PropertyChangeListener {
return searchDuringIngest; return searchDuringIngest;
} }
@Override
boolean getDefaultSearchDuringIngest(){
// Central repo hash sets are off by default
return false;
}
@Override @Override
void setSearchDuringIngest(boolean useForIngest) { void setSearchDuringIngest(boolean useForIngest) {
this.searchDuringIngest = useForIngest; this.searchDuringIngest = useForIngest;

4
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupModuleSettings.java
View File

@ -135,8 +135,8 @@ final class HashLookupModuleSettings implements IngestModuleIngestJobSettings {
} }
} }
// We didn't find it, so use the default value // We didn't find it, so use the value in the HashDb object
return db.getDefaultSearchDuringIngest(); return db.getSearchDuringIngest();
} }
/** /**

80
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettingsPanel.java
View File

@ -128,7 +128,6 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan
hashDbReadOnlyLabel.setText(NO_SELECTION_TEXT); hashDbReadOnlyLabel.setText(NO_SELECTION_TEXT);
indexPathLabel.setText(NO_SELECTION_TEXT); indexPathLabel.setText(NO_SELECTION_TEXT);
// Update indexing components. // Update indexing components.
hashDbIndexStatusLabel.setText(NO_SELECTION_TEXT); hashDbIndexStatusLabel.setText(NO_SELECTION_TEXT);
hashDbIndexStatusLabel.setForeground(Color.black); hashDbIndexStatusLabel.setForeground(Color.black);
@ -163,13 +162,13 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan
// Update descriptive labels. // Update descriptive labels.
hashDbNameLabel.setText(db.getHashSetName()); hashDbNameLabel.setText(db.getHashSetName());
hashDbTypeLabel.setText(db.getKnownFilesType().getDisplayName()); hashDbTypeLabel.setText(db.getKnownFilesType().getDisplayName());
try{ try {
if(db.isUpdateable()){ if (db.isUpdateable()) {
hashDbReadOnlyLabel.setText(Bundle.HashLookupSettingsPanel_editable()); hashDbReadOnlyLabel.setText(Bundle.HashLookupSettingsPanel_editable());
} else { } else {
hashDbReadOnlyLabel.setText(Bundle.HashLookupSettingsPanel_readOnly()); hashDbReadOnlyLabel.setText(Bundle.HashLookupSettingsPanel_readOnly());
} }
} catch (TskCoreException ex){ } catch (TskCoreException ex) {
hashDbReadOnlyLabel.setText(Bundle.HashLookupSettingsPanel_updateStatusError()); hashDbReadOnlyLabel.setText(Bundle.HashLookupSettingsPanel_updateStatusError());
} }
@ -180,8 +179,8 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan
addHashesToDatabaseButton.setEnabled(false); addHashesToDatabaseButton.setEnabled(false);
} }
if(db instanceof SleuthkitHashSet){ if (db instanceof SleuthkitHashSet) {
SleuthkitHashSet hashDb = (SleuthkitHashSet)db; SleuthkitHashSet hashDb = (SleuthkitHashSet) db;
// Disable the central repo fields // Disable the central repo fields
hashDbVersionLabel.setText(Bundle.HashLookupSettingsPanel_notApplicable()); hashDbVersionLabel.setText(Bundle.HashLookupSettingsPanel_notApplicable());
@ -253,7 +252,7 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan
indexButton.setEnabled(false); indexButton.setEnabled(false);
deleteDatabaseButton.setEnabled(false); deleteDatabaseButton.setEnabled(false);
CentralRepoHashSet crDb = (CentralRepoHashSet)db; CentralRepoHashSet crDb = (CentralRepoHashSet) db;
hashDbVersionLabel.setText(crDb.getVersion()); hashDbVersionLabel.setText(crDb.getVersion());
hashDbOrgLabel.setText(crDb.getOrgName()); hashDbOrgLabel.setText(crDb.getOrgName());
@ -303,12 +302,16 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan
@Messages({"HashLookupSettingsPanel.saveFail.message=Couldn't save hash db settings.", @Messages({"HashLookupSettingsPanel.saveFail.message=Couldn't save hash db settings.",
"HashLookupSettingsPanel.saveFail.title=Save Fail"}) "HashLookupSettingsPanel.saveFail.title=Save Fail"})
public void saveSettings() { public void saveSettings() {
// Clear out the list of new central repo hash sets. They don't need to be
// indexed so will all be saved on both code paths.
newReferenceSetIDs.clear();
//Checking for for any unindexed databases //Checking for for any unindexed databases
List<SleuthkitHashSet> unindexed = new ArrayList<>(); List<SleuthkitHashSet> unindexed = new ArrayList<>();
for (HashDb db : hashSetManager.getAllHashSets()) { for (HashDb db : hashSetManager.getAllHashSets()) {
if(db instanceof SleuthkitHashSet){ if (db instanceof SleuthkitHashSet) {
try { try {
SleuthkitHashSet hashDatabase = (SleuthkitHashSet)db; SleuthkitHashSet hashDatabase = (SleuthkitHashSet) db;
if (!hashDatabase.hasIndex()) { if (!hashDatabase.hasIndex()) {
unindexed.add(hashDatabase); unindexed.add(hashDatabase);
} }
@ -320,10 +323,10 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan
// If there are unindexed databases, give the user the option to index them now. This // If there are unindexed databases, give the user the option to index them now. This
// needs to be on the EDT, and will save the hash settings after completing // needs to be on the EDT, and will save the hash settings after completing
if(! unindexed.isEmpty()){ if (!unindexed.isEmpty()) {
SwingUtilities.invokeLater(new Runnable(){ SwingUtilities.invokeLater(new Runnable() {
@Override @Override
public void run(){ public void run() {
//If unindexed ones are found, show a popup box that will either index them, or remove them. //If unindexed ones are found, show a popup box that will either index them, or remove them.
if (unindexed.size() == 1) { if (unindexed.size() == 1) {
showInvalidIndex(false, unindexed); showInvalidIndex(false, unindexed);
@ -362,20 +365,19 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan
*/ */
if (IngestManager.getInstance().isIngestRunning() == false) { if (IngestManager.getInstance().isIngestRunning() == false) {
// Remove any new central repo hash sets from the database // Remove any new central repo hash sets from the database
for(int refID:newReferenceSetIDs){ for (int refID : newReferenceSetIDs) {
try{ try {
if(EamDb.isEnabled()){ if (EamDb.isEnabled()) {
EamDb.getInstance().deleteReferenceSet(refID); EamDb.getInstance().deleteReferenceSet(refID);
} else { } else {
// This is the case where the user imported a database, then switched over to the central // This is the case where the user imported a database, then switched over to the central
// repo panel and disabled it before cancelling. We can't delete the database at this point. // repo panel and disabled it before cancelling. We can't delete the database at this point.
Logger.getLogger(HashLookupSettingsPanel.class.getName()).log(Level.WARNING, "Error reverting central repository hash sets"); //NON-NLS Logger.getLogger(HashLookupSettingsPanel.class.getName()).log(Level.WARNING, "Error reverting central repository hash sets"); //NON-NLS
} }
} catch (EamDbException ex){ } catch (EamDbException ex) {
Logger.getLogger(HashLookupSettingsPanel.class.getName()).log(Level.SEVERE, "Error reverting central repository hash sets", ex); //NON-NLS Logger.getLogger(HashLookupSettingsPanel.class.getName()).log(Level.SEVERE, "Error reverting central repository hash sets", ex); //NON-NLS
} }
} }
HashDbManager.getInstance().loadLastSavedConfiguration(); HashDbManager.getInstance().loadLastSavedConfiguration();
} }
} }
@ -397,7 +399,7 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan
* unindexed, along with solutions. This method is related to * unindexed, along with solutions. This method is related to
* ModalNoButtons, to be removed at a later date. * ModalNoButtons, to be removed at a later date.
* *
* @param plural Whether or not there are multiple unindexed databases * @param plural Whether or not there are multiple unindexed databases
* @param unindexed The list of unindexed databases. Can be of size 1. * @param unindexed The list of unindexed databases. Can be of size 1.
*/ */
private void showInvalidIndex(boolean plural, List<SleuthkitHashSet> unindexed) { private void showInvalidIndex(boolean plural, List<SleuthkitHashSet> unindexed) {
@ -471,7 +473,7 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan
} }
} }
public void selectRowByDatabase(HashDb db){ public void selectRowByDatabase(HashDb db) {
setSelection(hashSetTableModel.getIndexByDatabase(db)); setSelection(hashSetTableModel.getIndexByDatabase(db));
} }
@ -542,7 +544,7 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan
} }
} }
int getIndexByDatabase(HashDb db){ int getIndexByDatabase(HashDb db) {
for (int i = 0; i < hashSets.size(); ++i) { for (int i = 0; i < hashSets.size(); ++i) {
if (hashSets.get(i).equals(db)) { if (hashSets.get(i).equals(db)) {
return i; return i;
@ -933,8 +935,8 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan
private void createDatabaseButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_createDatabaseButtonActionPerformed private void createDatabaseButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_createDatabaseButtonActionPerformed
HashDb hashDb = new HashDbCreateDatabaseDialog().getHashDatabase(); HashDb hashDb = new HashDbCreateDatabaseDialog().getHashDatabase();
if (null != hashDb) { if (null != hashDb) {
if(hashDb instanceof CentralRepoHashSet){ if (hashDb instanceof CentralRepoHashSet) {
int newDbIndex = ((CentralRepoHashSet)hashDb).getReferenceSetID(); int newDbIndex = ((CentralRepoHashSet) hashDb).getReferenceSetID();
newReferenceSetIDs.add(newDbIndex); newReferenceSetIDs.add(newDbIndex);
} }
@ -959,7 +961,7 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan
// Add a listener for the INDEXING_DONE event. This listener will update // Add a listener for the INDEXING_DONE event. This listener will update
// the UI. // the UI.
SleuthkitHashSet hashDb = (SleuthkitHashSet)hashDatabase; SleuthkitHashSet hashDb = (SleuthkitHashSet) hashDatabase;
hashDb.addPropertyChangeListener(new PropertyChangeListener() { hashDb.addPropertyChangeListener(new PropertyChangeListener() {
@Override @Override
public void propertyChange(PropertyChangeEvent evt) { public void propertyChange(PropertyChangeEvent evt) {
@ -987,8 +989,8 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan
private void importDatabaseButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_importDatabaseButtonActionPerformed private void importDatabaseButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_importDatabaseButtonActionPerformed
HashDb hashDb = new HashDbImportDatabaseDialog().getHashDatabase(); HashDb hashDb = new HashDbImportDatabaseDialog().getHashDatabase();
if (null != hashDb) { if (null != hashDb) {
if(hashDb instanceof CentralRepoHashSet){ if (hashDb instanceof CentralRepoHashSet) {
int newReferenceSetID = ((CentralRepoHashSet)hashDb).getReferenceSetID(); int newReferenceSetID = ((CentralRepoHashSet) hashDb).getReferenceSetID();
newReferenceSetIDs.add(newReferenceSetID); newReferenceSetIDs.add(newReferenceSetID);
} }
@ -1001,21 +1003,21 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan
@Messages({}) @Messages({})
private void deleteDatabaseButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_deleteDatabaseButtonActionPerformed private void deleteDatabaseButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_deleteDatabaseButtonActionPerformed
if (JOptionPane.showConfirmDialog(null, if (JOptionPane.showConfirmDialog(null,
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"HashDbConfigPanel.deleteDbActionConfirmMsg"), "HashDbConfigPanel.deleteDbActionConfirmMsg"),
NbBundle.getMessage(this.getClass(), "HashDbConfigPanel.deleteDbActionMsg"), NbBundle.getMessage(this.getClass(), "HashDbConfigPanel.deleteDbActionMsg"),
JOptionPane.YES_NO_OPTION, JOptionPane.YES_NO_OPTION,
JOptionPane.WARNING_MESSAGE) == JOptionPane.YES_OPTION) { JOptionPane.WARNING_MESSAGE) == JOptionPane.YES_OPTION) {
HashDb hashDb = ((HashSetTable) hashSetTable).getSelection(); HashDb hashDb = ((HashSetTable) hashSetTable).getSelection();
if (hashDb != null) { if (hashDb != null) {
try { try {
hashSetManager.removeHashDatabaseNoSave(hashDb); hashSetManager.removeHashDatabaseNoSave(hashDb);
} catch (HashDbManager.HashDbManagerException ex) { } catch (HashDbManager.HashDbManagerException ex) {
JOptionPane.showMessageDialog(null, Bundle.HashLookupSettingsPanel_removeDatabaseFailure_message(hashDb.getHashSetName())); JOptionPane.showMessageDialog(null, Bundle.HashLookupSettingsPanel_removeDatabaseFailure_message(hashDb.getHashSetName()));
}
hashSetTableModel.refreshModel();
firePropertyChange(OptionsPanelController.PROP_CHANGED, null, null);
} }
hashSetTableModel.refreshModel();
firePropertyChange(OptionsPanelController.PROP_CHANGED, null, null);
}
} }
}//GEN-LAST:event_deleteDatabaseButtonActionPerformed }//GEN-LAST:event_deleteDatabaseButtonActionPerformed

53
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashSetParser.java Normal file
View File

@ -0,0 +1,53 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011 - 2017 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.modules.hashdatabase;
import org.sleuthkit.datamodel.TskCoreException;
interface HashSetParser {
/**
* Get the next hash to import
*
* @return The hash as a string, or null if the end of file was reached
* without error
* @throws TskCoreException
*/
String getNextHash() throws TskCoreException;
/**
* Check if there are more hashes to read
*
* @return true if we've read all expected hash values, false otherwise
*/
boolean doneReading();
/**
* Get the expected number of hashes in the file. This number can be an
* estimate.
*
* @return The expected hash count
*/
long getExpectedHashCount();
/**
* Closes the import file
*/
void close();
}

118
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/IdxHashSetParser.java Normal file
View File

@ -0,0 +1,118 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011 - 2017 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.modules.hashdatabase;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.logging.Level;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.datamodel.TskCoreException;
/**
* Parser for idx files (*.idx)
*/
class IdxHashSetParser implements HashSetParser {
private final String filename; // Name of the input file (saved for logging)
private BufferedReader reader; // Input file
private final long totalHashes; // Estimated number of hashes
private boolean doneReading = false; // Flag for if we've hit the end of the file
IdxHashSetParser(String filename) throws TskCoreException {
this.filename = filename;
try {
reader = new BufferedReader(new FileReader(filename));
} catch (FileNotFoundException ex) {
throw new TskCoreException("Error opening file " + filename, ex);
}
// Estimate the total number of hashes in the file since counting them all can be slow
File importFile = new File(filename);
long fileSize = importFile.length();
totalHashes = fileSize / 0x33 + 1; // IDX file lines are generally 0x33 bytes long. We add one to prevent this from being zero
}
/**
* Get the next hash to import
*
* @return The hash as a string, or null if the end of file was reached
* without error
* @throws TskCoreException
*/
@Override
public String getNextHash() throws TskCoreException {
String line;
try {
while ((line = reader.readLine()) != null) {
String[] parts = line.split("\\|");
// Header lines start with a 41 character dummy hash, 1 character longer than a SHA-1 hash
if (parts.length != 2 || parts[0].length() == 41) {
continue;
}
return parts[0].toLowerCase();
}
} catch (IOException ex) {
throw new TskCoreException("Error reading file " + filename, ex);
}
// We've run out of data
doneReading = true;
return null;
}
/**
* Check if there are more hashes to read
*
* @return true if we've read all expected hash values, false otherwise
*/
@Override
public boolean doneReading() {
return doneReading;
}
/**
* Get the expected number of hashes in the file. This number can be an
* estimate.
*
* @return The expected hash count
*/
@Override
public long getExpectedHashCount() {
return totalHashes;
}
/**
* Closes the import file
*/
@Override
public void close() {
try {
reader.close();
} catch (IOException ex) {
Logger.getLogger(IdxHashSetParser.class.getName()).log(Level.SEVERE, "Error closing file " + filename, ex);
}
}
}

305
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/ImportCentralRepoDbProgressDialog.java
View File

@ -18,12 +18,9 @@
*/ */
package org.sleuthkit.autopsy.modules.hashdatabase; package org.sleuthkit.autopsy.modules.hashdatabase;
import java.awt.Cursor; import java.awt.Color;
import java.beans.PropertyChangeListener; import java.beans.PropertyChangeListener;
import java.beans.PropertyChangeEvent; import java.beans.PropertyChangeEvent;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.util.HashSet; import java.util.HashSet;
import java.util.Set; import java.util.Set;
import java.util.logging.Level; import java.util.logging.Level;
@ -31,8 +28,9 @@ import javax.swing.JFrame;
import javax.swing.SwingWorker; import javax.swing.SwingWorker;
import javax.swing.WindowConstants; import javax.swing.WindowConstants;
import java.util.concurrent.atomic.AtomicLong; import java.util.concurrent.atomic.AtomicLong;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.Executors; import java.util.concurrent.Executors;
import javax.swing.JOptionPane;
import org.openide.util.NbBundle; import org.openide.util.NbBundle;
import org.openide.windows.WindowManager; import org.openide.windows.WindowManager;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttribute; import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttribute;
@ -45,24 +43,13 @@ import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.TskData; import org.sleuthkit.datamodel.TskData;
/** /**
* * Imports a hash set into the central repository and updates a progress dialog
*/ */
class ImportCentralRepoDbProgressDialog extends javax.swing.JDialog implements PropertyChangeListener{ class ImportCentralRepoDbProgressDialog extends javax.swing.JDialog implements PropertyChangeListener {
private CentralRepoImportWorker worker; private CentralRepoImportWorker worker; // Swing worker that will import the file and send updates to the dialog
/** @NbBundle.Messages({"ImportCentralRepoDbProgressDialog.title.text=Central Repository Import Progress",})
*
* @param hashSetName
* @param version
* @param orgId
* @param searchDuringIngest
* @param sendIngestMessages
* @param knownFilesType
* @param importFile
*/
@NbBundle.Messages({"ImportCentralRepoDbProgressDialog.title.text=Central Repository Import Progress",
})
ImportCentralRepoDbProgressDialog() { ImportCentralRepoDbProgressDialog() {
super((JFrame) WindowManager.getDefault().getMainWindow(), super((JFrame) WindowManager.getDefault().getMainWindow(),
Bundle.ImportCentralRepoDbProgressDialog_title_text(), Bundle.ImportCentralRepoDbProgressDialog_title_text(),
@ -72,67 +59,94 @@ class ImportCentralRepoDbProgressDialog extends javax.swing.JDialog implements P
customizeComponents(); customizeComponents();
} }
private void customizeComponents(){ private void customizeComponents() {
// This is preventing the user from closing the dialog using the X
setDefaultCloseOperation(WindowConstants.DO_NOTHING_ON_CLOSE); setDefaultCloseOperation(WindowConstants.DO_NOTHING_ON_CLOSE);
bnOk.setEnabled(false); bnOk.setEnabled(false);
} }
/**
* Import the selected hash set into the central repository. Will bring up a
* progress dialog while the import is in progress.
*
* @param hashSetName
* @param version
* @param orgId
* @param searchDuringIngest
* @param sendIngestMessages
* @param knownFilesType
* @param readOnly
* @param importFileName
*/
void importFile(String hashSetName, String version, int orgId, void importFile(String hashSetName, String version, int orgId,
boolean searchDuringIngest, boolean sendIngestMessages, HashDbManager.HashDb.KnownFilesType knownFilesType, boolean searchDuringIngest, boolean sendIngestMessages, HashDbManager.HashDb.KnownFilesType knownFilesType,
boolean readOnly, String importFileName){ boolean readOnly, String importFileName) {
setCursor(Cursor.getPredefinedCursor(Cursor.WAIT_CURSOR));
File importFile = new File(importFileName); worker = new CentralRepoImportWorker(hashSetName, version, orgId, searchDuringIngest, sendIngestMessages,
worker = new ImportIDXWorker(hashSetName, version, orgId, searchDuringIngest, sendIngestMessages, knownFilesType, readOnly, importFileName);
knownFilesType, readOnly, importFile);
worker.addPropertyChangeListener(this); worker.addPropertyChangeListener(this);
worker.execute(); worker.execute();
setLocationRelativeTo((JFrame) WindowManager.getDefault().getMainWindow()); setLocationRelativeTo((JFrame) WindowManager.getDefault().getMainWindow());
setCursor(Cursor.getPredefinedCursor(Cursor.DEFAULT_CURSOR));
this.setVisible(true); this.setVisible(true);
} }
HashDbManager.HashDb getDatabase(){ /**
if(worker != null){ * Get the HashDb object for the newly imported data. Should be called after
* importFile completes.
*
* @return The new HashDb object or null if the import failed/was canceled
*/
HashDbManager.HashDb getDatabase() {
if (worker != null) {
return worker.getDatabase(); return worker.getDatabase();
} }
return null; return null;
} }
@NbBundle.Messages({"ImportCentralRepoDbProgressDialog.linesProcessed= lines processed"}) /**
* Updates the dialog from events from the worker. The two events we handle
* are progress updates and the done event.
*
* @param evt
*/
@NbBundle.Messages({"ImportCentralRepoDbProgressDialog.errorParsingFile.message=Error parsing hash set file"})
@Override @Override
public void propertyChange(PropertyChangeEvent evt) { public void propertyChange(PropertyChangeEvent evt) {
if("progress".equals(evt.getPropertyName())){ if ("progress".equals(evt.getPropertyName())) {
progressBar.setValue(worker.getProgressPercentage()); // The progress has been updated. Update the progress bar and text
progressBar.setValue(worker.getProgress());
lbProgress.setText(getProgressString()); lbProgress.setText(getProgressString());
} else if ("state".equals(evt.getPropertyName()) } else if ("state".equals(evt.getPropertyName())
&& (SwingWorker.StateValue.DONE.equals(evt.getNewValue()))) { && (SwingWorker.StateValue.DONE.equals(evt.getNewValue()))) {
// Disable cancel and enable ok
// The worker is done processing
// Disable cancel button and enable ok
bnCancel.setEnabled(false); bnCancel.setEnabled(false);
bnOk.setEnabled(true); bnOk.setEnabled(true);
progressBar.setValue(progressBar.getMaximum()); if (worker.getImportSuccess()) {
lbProgress.setText(getProgressString()); // If the import succeeded, finish the progress bar and display the
// total number of imported hashes
progressBar.setValue(progressBar.getMaximum());
lbProgress.setText(getProgressString());
} else {
// If there was an error, reset the progress bar and display an error message
progressBar.setValue(0);
lbProgress.setForeground(Color.red);
lbProgress.setText(Bundle.ImportCentralRepoDbProgressDialog_errorParsingFile_message());
}
} }
} }
private String getProgressString(){ @NbBundle.Messages({"ImportCentralRepoDbProgressDialog.linesProcessed.message= hashes processed"})
return worker.getLinesProcessed() + Bundle.ImportCentralRepoDbProgressDialog_linesProcessed(); private String getProgressString() {
return worker.getNumHashesProcessed() + Bundle.ImportCentralRepoDbProgressDialog_linesProcessed_message();
} }
private interface CentralRepoImportWorker{ private class CentralRepoImportWorker extends SwingWorker<Void, Void> {
void execute();
boolean cancel(boolean mayInterruptIfRunning);
void addPropertyChangeListener(PropertyChangeListener dialog);
int getProgressPercentage();
long getLinesProcessed();
HashDbManager.HashDb getDatabase();
}
class ImportIDXWorker extends SwingWorker<Void,Void> implements CentralRepoImportWorker{
private final int HASH_IMPORT_THRESHOLD = 10000; private final int HASH_IMPORT_THRESHOLD = 10000;
private final String hashSetName; private final String hashSetName;
@ -142,15 +156,15 @@ class ImportCentralRepoDbProgressDialog extends javax.swing.JDialog implements P
private final boolean sendIngestMessages; private final boolean sendIngestMessages;
private final HashDbManager.HashDb.KnownFilesType knownFilesType; private final HashDbManager.HashDb.KnownFilesType knownFilesType;
private final boolean readOnly; private final boolean readOnly;
private final File importFile; private final String importFileName;
private final long totalLines;
private int referenceSetID = -1;
private HashDbManager.CentralRepoHashSet newHashDb = null; private HashDbManager.CentralRepoHashSet newHashDb = null;
private final AtomicLong numLines = new AtomicLong(); private final AtomicInteger referenceSetID = new AtomicInteger();
private final AtomicLong hashCount = new AtomicLong();
private final AtomicBoolean importSuccess = new AtomicBoolean();
ImportIDXWorker(String hashSetName, String version, int orgId, CentralRepoImportWorker(String hashSetName, String version, int orgId,
boolean searchDuringIngest, boolean sendIngestMessages, HashDbManager.HashDb.KnownFilesType knownFilesType, boolean searchDuringIngest, boolean sendIngestMessages, HashDbManager.HashDb.KnownFilesType knownFilesType,
boolean readOnly, File importFile){ boolean readOnly, String importFileName) {
this.hashSetName = hashSetName; this.hashSetName = hashSetName;
this.version = version; this.version = version;
@ -159,107 +173,128 @@ class ImportCentralRepoDbProgressDialog extends javax.swing.JDialog implements P
this.sendIngestMessages = sendIngestMessages; this.sendIngestMessages = sendIngestMessages;
this.knownFilesType = knownFilesType; this.knownFilesType = knownFilesType;
this.readOnly = readOnly; this.readOnly = readOnly;
this.importFile = importFile; this.importFileName = importFileName;
this.numLines.set(0); this.hashCount.set(0);
this.importSuccess.set(false);
this.totalLines = getEstimatedTotalHashes(); this.referenceSetID.set(-1);
} }
/** /**
* Doing an actual count of the number of lines in a large idx file (such * Get the newly created database
* as the nsrl) is slow, so just get something in the general area for the *
* progress bar. * @return the imported database. May be null if an error occurred or
* @return Approximate number of hashes in the file * the user canceled
*/ */
final long getEstimatedTotalHashes(){ synchronized HashDbManager.CentralRepoHashSet getDatabase() {
long fileSize = importFile.length();
return (fileSize / 0x33 + 1); // IDX file lines are generally 0x33 bytes long, and we don't want this to be zero
}
@Override
public HashDbManager.HashDb getDatabase(){
return newHashDb; return newHashDb;
} }
@Override /**
public long getLinesProcessed(){ * Get the number of hashes that have been read in so far
return numLines.get(); *
* @return current hash count
*/
long getNumHashesProcessed() {
return hashCount.get();
} }
@Override /**
public int getProgressPercentage(){ * Check if the import was successful or if there was an error.
return this.getProgress(); *
* @return true if the import process completed without error, false
* otherwise
*/
boolean getImportSuccess() {
return importSuccess.get();
} }
@Override @Override
protected Void doInBackground() throws Exception { protected Void doInBackground() throws Exception {
TskData.FileKnown knownStatus; // Create the hash set parser
if (knownFilesType.equals(HashDbManager.HashDb.KnownFilesType.KNOWN)) { HashSetParser hashSetParser;
knownStatus = TskData.FileKnown.KNOWN; if (importFileName.toLowerCase().endsWith(".idx")) {
hashSetParser = new IdxHashSetParser(importFileName);
} else if(importFileName.toLowerCase().endsWith(".hash")){
hashSetParser = new EncaseHashSetParser(importFileName);
} else if(importFileName.toLowerCase().endsWith(".kdb")){
hashSetParser = new KdbHashSetParser(importFileName);
} else { } else {
knownStatus = TskData.FileKnown.BAD; // We've gotten here with a format that can't be processed
throw new TskCoreException("Hash set to import is an unknown format : " + importFileName);
} }
// Create an empty hashset in the central repository try {
referenceSetID = EamDb.getInstance().newReferenceSet(new EamGlobalSet(orgId, hashSetName, version, knownStatus, readOnly)); // Conver to the FileKnown enum used by EamGlobalSet
TskData.FileKnown knownStatus;
EamDb dbManager = EamDb.getInstance(); if (knownFilesType.equals(HashDbManager.HashDb.KnownFilesType.KNOWN)) {
CorrelationAttribute.Type contentType = dbManager.getCorrelationTypeById(CorrelationAttribute.FILES_TYPE_ID); // get "FILES" type knownStatus = TskData.FileKnown.KNOWN;
BufferedReader reader = new BufferedReader(new FileReader(importFile)); } else {
String line; knownStatus = TskData.FileKnown.BAD;
Set<EamGlobalFileInstance> globalInstances = new HashSet<>();
while ((line = reader.readLine()) != null) {
if(isCancelled()){
return null;
} }
String[] parts = line.split("\\|"); // Create an empty hashset in the central repository
EamDb dbManager = EamDb.getInstance();
referenceSetID.set(dbManager.newReferenceSet(new EamGlobalSet(orgId, hashSetName, version, knownStatus, readOnly)));
// Header lines start with a 41 character dummy hash, 1 character longer than a SHA-1 hash // Get the "FILES" content type. This is a database lookup so we
if (parts.length != 2 || parts[0].length() == 41) { // only want to do it once.
continue; CorrelationAttribute.Type contentType = dbManager.getCorrelationTypeById(CorrelationAttribute.FILES_TYPE_ID);
}
EamGlobalFileInstance eamGlobalFileInstance = new EamGlobalFileInstance( // Holds the current batch of hashes that need to be written to the central repo
referenceSetID, Set<EamGlobalFileInstance> globalInstances = new HashSet<>();
parts[0].toLowerCase(),
knownStatus,
"");
globalInstances.add(eamGlobalFileInstance); while (!hashSetParser.doneReading()) {
numLines.incrementAndGet(); if (isCancelled()) {
return null;
}
if(numLines.get() % HASH_IMPORT_THRESHOLD == 0){ String newHash = hashSetParser.getNextHash();
dbManager.bulkInsertReferenceTypeEntries(globalInstances, contentType);
globalInstances.clear();
int progress = (int)(numLines.get() * 100 / totalLines); if (newHash != null) {
if(progress < 100){ EamGlobalFileInstance eamGlobalFileInstance = new EamGlobalFileInstance(
this.setProgress(progress); referenceSetID.get(),
} else { newHash,
this.setProgress(99); knownStatus,
"");
globalInstances.add(eamGlobalFileInstance);
// If we've hit the threshold for writing the hashes, write them
// all to the central repo
if (hashCount.incrementAndGet() % HASH_IMPORT_THRESHOLD == 0) {
dbManager.bulkInsertReferenceTypeEntries(globalInstances, contentType);
globalInstances.clear();
int progress = (int) (hashCount.get() * 100 / hashSetParser.getExpectedHashCount());
if (progress < 100) {
this.setProgress(progress);
} else {
this.setProgress(99);
}
}
} }
} }
// Add any remaining hashes to the central repo
dbManager.bulkInsertReferenceTypeEntries(globalInstances, contentType);
this.setProgress(100);
return null;
} finally {
hashSetParser.close();
} }
dbManager.bulkInsertReferenceTypeEntries(globalInstances, contentType);
this.setProgress(100);
return null;
} }
private void deleteIncompleteSet(int idToDelete){ private void deleteIncompleteSet() {
if(idToDelete >= 0){ if (referenceSetID.get() >= 0) {
// This can be slow on large reference sets // This can be slow on large reference sets
Executors.newSingleThreadExecutor().execute(new Runnable() { Executors.newSingleThreadExecutor().execute(new Runnable() {
@Override @Override
public void run() { public void run() {
try{ try {
EamDb.getInstance().deleteReferenceSet(idToDelete); EamDb.getInstance().deleteReferenceSet(referenceSetID.get());
} catch (EamDbException ex2){ } catch (EamDbException ex2) {
Logger.getLogger(ImportCentralRepoDbProgressDialog.class.getName()).log(Level.SEVERE, "Error deleting incomplete hash set from central repository", ex2); Logger.getLogger(ImportCentralRepoDbProgressDialog.class.getName()).log(Level.SEVERE, "Error deleting incomplete hash set from central repository", ex2);
} }
} }
@ -267,36 +302,32 @@ class ImportCentralRepoDbProgressDialog extends javax.swing.JDialog implements P
} }
} }
@NbBundle.Messages({"ImportCentralRepoDbProgressDialog.addDbError.message=Error adding new hash set"})
@Override @Override
protected void done() { synchronized protected void done() {
if(isCancelled()){
if (isCancelled()) {
// If the user hit cancel, delete this incomplete hash set from the central repo // If the user hit cancel, delete this incomplete hash set from the central repo
deleteIncompleteSet(referenceSetID); deleteIncompleteSet();
return; return;
} }
try { try {
get(); get();
try{ try {
newHashDb = HashDbManager.getInstance().addExistingCentralRepoHashSet(hashSetName, version, newHashDb = HashDbManager.getInstance().addExistingCentralRepoHashSet(hashSetName, version,
referenceSetID, referenceSetID.get(),
searchDuringIngest, sendIngestMessages, knownFilesType, readOnly); searchDuringIngest, sendIngestMessages, knownFilesType, readOnly);
} catch (TskCoreException ex){ importSuccess.set(true);
JOptionPane.showMessageDialog(null, Bundle.ImportCentralRepoDbProgressDialog_addDbError_message()); } catch (TskCoreException ex) {
Logger.getLogger(ImportCentralRepoDbProgressDialog.class.getName()).log(Level.SEVERE, "Error adding imported hash set", ex); Logger.getLogger(ImportCentralRepoDbProgressDialog.class.getName()).log(Level.SEVERE, "Error adding imported hash set", ex);
} }
} catch (Exception ex) { } catch (Exception ex) {
// Delete this incomplete hash set from the central repo // Delete this incomplete hash set from the central repo
if(referenceSetID >= 0){ deleteIncompleteSet();
try{ Logger.getLogger(ImportCentralRepoDbProgressDialog.class.getName()).log(Level.SEVERE, "Error importing hash set", ex);
EamDb.getInstance().deleteReferenceSet(referenceSetID);
} catch (EamDbException ex2){
Logger.getLogger(ImportCentralRepoDbProgressDialog.class.getName()).log(Level.SEVERE, "Error deleting incomplete hash set from central repository", ex);
}
}
} }
} }
} }
/** /**

160
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/KdbHashSetParser.java Normal file
View File

@ -0,0 +1,160 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011 - 2017 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.modules.hashdatabase;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.logging.Level;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.datamodel.TskCoreException;
/**
* Parser for Autopsy/TSK-created databases (*.kdb)
*/
public class KdbHashSetParser implements HashSetParser {
private final String JDBC_DRIVER = "org.sqlite.JDBC"; // NON-NLS
private final String JDBC_BASE_URI = "jdbc:sqlite:"; // NON-NLS
private final String filename; // Name of the input file (saved for logging)
private final long totalHashes; // Estimated number of hashes
private int totalHashesRead = 0; // Number of hashes that have been read
private Connection conn;
private Statement statement;
private ResultSet resultSet;
KdbHashSetParser(String filename) throws TskCoreException {
this.filename = filename;
conn = null;
statement = null;
resultSet = null;
try {
// Open the database
StringBuilder connectionURL = new StringBuilder();
connectionURL.append(JDBC_BASE_URI);
connectionURL.append(filename);
Class.forName(JDBC_DRIVER);
conn = DriverManager.getConnection(connectionURL.toString());
// Get the number of hashes in the table
statement = conn.createStatement();
resultSet = statement.executeQuery("SELECT count(*) AS count FROM hashes");
if (resultSet.next()) {
totalHashes = resultSet.getLong("count");
} else {
close();
throw new TskCoreException("Error getting hash count from database " + filename);
}
// Get the hashes
resultSet = statement.executeQuery("SELECT md5 FROM hashes");
// At this point, getNextHash can read each hash from the result set
} catch (ClassNotFoundException | SQLException ex) {
throw new TskCoreException("Error opening/reading database " + filename, ex);
}
}
/**
* Get the next hash to import
*
* @return The hash as a string
* @throws TskCoreException
*/
@Override
public String getNextHash() throws TskCoreException {
try {
if (resultSet.next()) {
byte[] hashBytes = resultSet.getBytes("md5");
StringBuilder sb = new StringBuilder();
for (byte b : hashBytes) {
sb.append(String.format("%02x", b));
}
if (sb.toString().length() != 32) {
throw new TskCoreException("Hash has incorrect length: " + sb.toString());
}
totalHashesRead++;
return sb.toString();
} else {
throw new TskCoreException("Could not read expected number of hashes from database " + filename);
}
} catch (SQLException ex) {
throw new TskCoreException("Error reading hash from result set for database " + filename, ex);
}
}
/**
* Check if there are more hashes to read
*
* @return true if we've read all expected hash values, false otherwise
*/
@Override
public boolean doneReading() {
return (totalHashesRead >= totalHashes);
}
/**
* Get the expected number of hashes in the file.
*
* @return The expected hash count
*/
@Override
public long getExpectedHashCount() {
return totalHashes;
}
/**
* Closes the import file
*/
@Override
public final void close() {
if (statement != null) {
try {
statement.close();
} catch (SQLException ex) {
Logger.getLogger(KdbHashSetParser.class.getName()).log(Level.SEVERE, "Error closing prepared statement.", ex);
}
}
if (resultSet != null) {
try {
resultSet.close();
} catch (SQLException ex) {
Logger.getLogger(KdbHashSetParser.class.getName()).log(Level.SEVERE, "Error closing result set.", ex);
}
}
if (conn != null) {
try {
conn.close();
} catch (SQLException ex) {
Logger.getLogger(KdbHashSetParser.class.getName()).log(Level.SEVERE, "Error closing connection.", ex);
}
}
}
}