mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 07:56:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

RecentActivity - Added NON-NLS tags to hardcoded strings not needing National Language Support.

Browse Source
This commit is contained in:
Nick Davis 2014-04-22 15:52:40 -04:00
parent 33236d6065
commit 85083eeaac
10 changed files with 307 additions and 307 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
View File

@ -55,12 +55,12 @@ import org.sleuthkit.datamodel.TskData;
*/ */
class Chrome extends Extract { class Chrome extends Extract {
private static final String historyQuery = "SELECT urls.url, urls.title, urls.visit_count, urls.typed_count, " private static final String historyQuery = "SELECT urls.url, urls.title, urls.visit_count, urls.typed_count, " //NON-NLS
+ "last_visit_time, urls.hidden, visits.visit_time, (SELECT urls.url FROM urls WHERE urls.id=visits.url) as from_visit, visits.transition FROM urls, visits WHERE urls.id = visits.url"; + "last_visit_time, urls.hidden, visits.visit_time, (SELECT urls.url FROM urls WHERE urls.id=visits.url) as from_visit, visits.transition FROM urls, visits WHERE urls.id = visits.url"; //NON-NLS
private static final String cookieQuery = "select name, value, host_key, expires_utc,last_access_utc, creation_utc from cookies"; private static final String cookieQuery = "select name, value, host_key, expires_utc,last_access_utc, creation_utc from cookies"; //NON-NLS
private static final String downloadQuery = "select full_path, url, start_time, received_bytes from downloads"; private static final String downloadQuery = "select full_path, url, start_time, received_bytes from downloads"; //NON-NLS
private static final String downloadQueryVersion30 = "SELECT current_path as full_path, url, start_time, received_bytes FROM downloads, downloads_url_chains WHERE downloads.id=downloads_url_chains.id"; private static final String downloadQueryVersion30 = "SELECT current_path as full_path, url, start_time, received_bytes FROM downloads, downloads_url_chains WHERE downloads.id=downloads_url_chains.id"; //NON-NLS
private static final String loginQuery = "select origin_url, username_value, signon_realm from logins"; private static final String loginQuery = "select origin_url, username_value, signon_realm from logins"; //NON-NLS
private final Logger logger = Logger.getLogger(this.getClass().getName()); private final Logger logger = Logger.getLogger(this.getClass().getName());
private Content dataSource; private Content dataSource;
private IngestJobContext context; private IngestJobContext context;
@ -88,7 +88,7 @@ class Chrome extends Extract {
FileManager fileManager = currentCase.getServices().getFileManager(); FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> historyFiles; List<AbstractFile> historyFiles;
try { try {
historyFiles = fileManager.findFiles(dataSource, "History", "Chrome"); historyFiles = fileManager.findFiles(dataSource, "History", "Chrome"); //NON-NLS
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
String msg = NbBundle.getMessage(this.getClass(), "Chrome.getHistory.errMsg.errGettingFiles"); String msg = NbBundle.getMessage(this.getClass(), "Chrome.getHistory.errMsg.errGettingFiles");
logger.log(Level.SEVERE, msg, ex); logger.log(Level.SEVERE, msg, ex);
@ -114,7 +114,7 @@ class Chrome extends Extract {
dataFound = true; dataFound = true;
int j = 0; int j = 0;
while (j < historyFiles.size()) { while (j < historyFiles.size()) {
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + historyFiles.get(j).getName().toString() + j + ".db"; String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + historyFiles.get(j).getName().toString() + j + ".db"; //NON-NLS
final AbstractFile historyFile = historyFiles.get(j++); final AbstractFile historyFile = historyFiles.get(j++);
if (historyFile.getSize() == 0) { if (historyFile.getSize() == 0) {
continue; continue;
@ -122,7 +122,7 @@ class Chrome extends Extract {
try { try {
ContentUtils.writeToFile(historyFile, new File(temps)); ContentUtils.writeToFile(historyFile, new File(temps));
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome web history artifacts.{0}", ex); logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome web history artifacts.{0}", ex); //NON-NLS
this.addErrorMessage(NbBundle.getMessage(this.getClass(), "Chrome.getHistory.errMsg.errAnalyzingFile", this.addErrorMessage(NbBundle.getMessage(this.getClass(), "Chrome.getHistory.errMsg.errAnalyzingFile",
this.getName(), historyFile.getName())); this.getName(), historyFile.getName()));
continue; continue;
@ -134,27 +134,27 @@ class Chrome extends Extract {
} }
List<HashMap<String, Object>> tempList; List<HashMap<String, Object>> tempList;
tempList = this.dbConnect(temps, historyQuery); tempList = this.dbConnect(temps, historyQuery);
logger.log(Level.INFO, "{0}- Now getting history from {1} with {2}artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); logger.log(Level.INFO, "{0}- Now getting history from {1} with {2}artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) { for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("url").toString() != null) ? result.get("url").toString() : ""))); ((result.get("url").toString() != null) ? result.get("url").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((Long.valueOf(result.get("last_visit_time").toString())) / 10000000))); ((Long.valueOf(result.get("last_visit_time").toString())) / 10000000))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("from_visit").toString() != null) ? result.get("from_visit").toString() : ""))); ((result.get("from_visit").toString() != null) ? result.get("from_visit").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TITLE.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TITLE.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("title").toString() != null) ? result.get("title").toString() : ""))); ((result.get("title").toString() != null) ? result.get("title").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
NbBundle.getMessage(this.getClass(), "Chrome.moduleName"))); NbBundle.getMessage(this.getClass(), "Chrome.moduleName")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
(Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "")))); (Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "")))); //NON-NLS
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, historyFile, bbattributes); this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, historyFile, bbattributes);
} }
dbFile.delete(); dbFile.delete();
@ -171,7 +171,7 @@ class Chrome extends Extract {
FileManager fileManager = currentCase.getServices().getFileManager(); FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> bookmarkFiles = null; List<AbstractFile> bookmarkFiles = null;
try { try {
bookmarkFiles = fileManager.findFiles(dataSource, "Bookmarks", "Chrome"); bookmarkFiles = fileManager.findFiles(dataSource, "Bookmarks", "Chrome"); //NON-NLS
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
String msg = NbBundle.getMessage(this.getClass(), "Chrome.getBookmark.errMsg.errGettingFiles"); String msg = NbBundle.getMessage(this.getClass(), "Chrome.getBookmark.errMsg.errGettingFiles");
logger.log(Level.SEVERE, msg, ex); logger.log(Level.SEVERE, msg, ex);
@ -180,7 +180,7 @@ class Chrome extends Extract {
} }
if (bookmarkFiles.isEmpty()) { if (bookmarkFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any Chrome bookmark files."); logger.log(Level.INFO, "Didn't find any Chrome bookmark files."); //NON-NLS
return; return;
} }
@ -192,17 +192,17 @@ class Chrome extends Extract {
if (bookmarkFile.getSize() == 0) { if (bookmarkFile.getSize() == 0) {
continue; continue;
} }
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + bookmarkFile.getName().toString() + j + ".db"; String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + bookmarkFile.getName().toString() + j + ".db"; //NON-NLS
try { try {
ContentUtils.writeToFile(bookmarkFile, new File(temps)); ContentUtils.writeToFile(bookmarkFile, new File(temps));
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome bookmark artifacts.{0}", ex); logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome bookmark artifacts.{0}", ex); //NON-NLS
this.addErrorMessage(NbBundle.getMessage(this.getClass(), "Chrome.getBookmark.errMsg.errAnalyzingFile", this.addErrorMessage(NbBundle.getMessage(this.getClass(), "Chrome.getBookmark.errMsg.errAnalyzingFile",
this.getName(), bookmarkFile.getName())); this.getName(), bookmarkFile.getName()));
continue; continue;
} }
logger.log(Level.INFO, "{0}- Now getting Bookmarks from {1}", new Object[]{moduleName, temps}); logger.log(Level.INFO, "{0}- Now getting Bookmarks from {1}", new Object[]{moduleName, temps}); //NON-NLS
File dbFile = new File(temps); File dbFile = new File(temps);
if (context.isJobCancelled()) { if (context.isJobCancelled()) {
dbFile.delete(); dbFile.delete();
@ -213,7 +213,7 @@ class Chrome extends Extract {
try { try {
tempReader = new FileReader(temps); tempReader = new FileReader(temps);
} catch (FileNotFoundException ex) { } catch (FileNotFoundException ex) {
logger.log(Level.SEVERE, "Error while trying to read into the Bookmarks for Chrome.", ex); logger.log(Level.SEVERE, "Error while trying to read into the Bookmarks for Chrome.", ex); //NON-NLS
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "Chrome.getBookmark.errMsg.errAnalyzeFile", this.getName(), NbBundle.getMessage(this.getClass(), "Chrome.getBookmark.errMsg.errAnalyzeFile", this.getName(),
bookmarkFile.getName())); bookmarkFile.getName()));
@ -228,11 +228,11 @@ class Chrome extends Extract {
try { try {
jsonElement = parser.parse(tempReader); jsonElement = parser.parse(tempReader);
jElement = jsonElement.getAsJsonObject(); jElement = jsonElement.getAsJsonObject();
jRoot = jElement.get("roots").getAsJsonObject(); jRoot = jElement.get("roots").getAsJsonObject(); //NON-NLS
jBookmark = jRoot.get("bookmark_bar").getAsJsonObject(); jBookmark = jRoot.get("bookmark_bar").getAsJsonObject(); //NON-NLS
jBookmarkArray = jBookmark.getAsJsonArray("children"); jBookmarkArray = jBookmark.getAsJsonArray("children"); //NON-NLS
} catch (JsonIOException | JsonSyntaxException | IllegalStateException ex) { } catch (JsonIOException | JsonSyntaxException | IllegalStateException ex) {
logger.log(Level.WARNING, "Error parsing Json from Chrome Bookmark.", ex); logger.log(Level.WARNING, "Error parsing Json from Chrome Bookmark.", ex); //NON-NLS
this.addErrorMessage(NbBundle.getMessage(this.getClass(), "Chrome.getBookmark.errMsg.errAnalyzingFile3", this.addErrorMessage(NbBundle.getMessage(this.getClass(), "Chrome.getBookmark.errMsg.errAnalyzingFile3",
this.getName(), bookmarkFile.getName())); this.getName(), bookmarkFile.getName()));
continue; continue;
@ -243,7 +243,7 @@ class Chrome extends Extract {
if (address == null) { if (address == null) {
continue; continue;
} }
JsonElement urlEl = address.get("url"); JsonElement urlEl = address.get("url"); //NON-NLS
String url; String url;
if (urlEl != null) { if (urlEl != null) {
url = urlEl.getAsString(); url = urlEl.getAsString();
@ -252,7 +252,7 @@ class Chrome extends Extract {
url = ""; url = "";
} }
String name; String name;
JsonElement nameEl = address.get("name"); JsonElement nameEl = address.get("name"); //NON-NLS
if (nameEl != null) { if (nameEl != null) {
name = nameEl.getAsString(); name = nameEl.getAsString();
} }
@ -260,7 +260,7 @@ class Chrome extends Extract {
name = ""; name = "";
} }
Long date; Long date;
JsonElement dateEl = address.get("date_added"); JsonElement dateEl = address.get("date_added"); //NON-NLS
if (dateEl != null) { if (dateEl != null) {
date = dateEl.getAsLong(); date = dateEl.getAsLong();
} }
@ -291,7 +291,7 @@ class Chrome extends Extract {
"Chrome.parentModuleName"), domain)); "Chrome.parentModuleName"), domain));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error while trying to insert Chrome bookmark artifact{0}", ex); logger.log(Level.SEVERE, "Error while trying to insert Chrome bookmark artifact{0}", ex); //NON-NLS
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "Chrome.getBookmark.errMsg.errAnalyzingFile4", NbBundle.getMessage(this.getClass(), "Chrome.getBookmark.errMsg.errAnalyzingFile4",
this.getName(), bookmarkFile.getName())); this.getName(), bookmarkFile.getName()));
@ -311,7 +311,7 @@ class Chrome extends Extract {
FileManager fileManager = currentCase.getServices().getFileManager(); FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> cookiesFiles; List<AbstractFile> cookiesFiles;
try { try {
cookiesFiles = fileManager.findFiles(dataSource, "Cookies", "Chrome"); cookiesFiles = fileManager.findFiles(dataSource, "Cookies", "Chrome"); //NON-NLS
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
String msg = NbBundle.getMessage(this.getClass(), "Chrome.getCookie.errMsg.errGettingFiles"); String msg = NbBundle.getMessage(this.getClass(), "Chrome.getCookie.errMsg.errGettingFiles");
logger.log(Level.SEVERE, msg, ex); logger.log(Level.SEVERE, msg, ex);
@ -320,7 +320,7 @@ class Chrome extends Extract {
} }
if (cookiesFiles.isEmpty()) { if (cookiesFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any Chrome cookies files."); logger.log(Level.INFO, "Didn't find any Chrome cookies files."); //NON-NLS
return; return;
} }
@ -331,11 +331,11 @@ class Chrome extends Extract {
if (cookiesFile.getSize() == 0) { if (cookiesFile.getSize() == 0) {
continue; continue;
} }
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + cookiesFile.getName().toString() + j + ".db"; String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + cookiesFile.getName().toString() + j + ".db"; //NON-NLS
try { try {
ContentUtils.writeToFile(cookiesFile, new File(temps)); ContentUtils.writeToFile(cookiesFile, new File(temps));
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome cookie artifacts.{0}", ex); logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome cookie artifacts.{0}", ex); //NON-NLS
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "Chrome.getCookie.errMsg.errAnalyzeFile", this.getName(), NbBundle.getMessage(this.getClass(), "Chrome.getCookie.errMsg.errAnalyzeFile", this.getName(),
cookiesFile.getName())); cookiesFile.getName()));
@ -348,25 +348,25 @@ class Chrome extends Extract {
} }
List<HashMap<String, Object>> tempList = this.dbConnect(temps, cookieQuery); List<HashMap<String, Object>> tempList = this.dbConnect(temps, cookieQuery);
logger.log(Level.INFO, "{0}- Now getting cookies from {1} with {2}artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); logger.log(Level.INFO, "{0}- Now getting cookies from {1} with {2}artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) { for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("host_key").toString() != null) ? result.get("host_key").toString() : ""))); ((result.get("host_key").toString() != null) ? result.get("host_key").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((Long.valueOf(result.get("last_access_utc").toString())) / 10000000))); ((Long.valueOf(result.get("last_access_utc").toString())) / 10000000))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("name").toString() != null) ? result.get("name").toString() : ""))); ((result.get("name").toString() != null) ? result.get("name").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("value").toString() != null) ? result.get("value").toString() : ""))); ((result.get("value").toString() != null) ? result.get("value").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
NbBundle.getMessage(this.getClass(), "Chrome.moduleName"))); NbBundle.getMessage(this.getClass(), "Chrome.moduleName")));
String domain = result.get("host_key").toString(); String domain = result.get("host_key").toString(); //NON-NLS
domain = domain.replaceFirst("^\\.+(?!$)", ""); domain = domain.replaceFirst("^\\.+(?!$)", "");
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), domain)); NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), domain));
@ -386,7 +386,7 @@ class Chrome extends Extract {
FileManager fileManager = currentCase.getServices().getFileManager(); FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> downloadFiles = null; List<AbstractFile> downloadFiles = null;
try { try {
downloadFiles = fileManager.findFiles(dataSource, "History", "Chrome"); downloadFiles = fileManager.findFiles(dataSource, "History", "Chrome"); //NON-NLS
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
String msg = NbBundle.getMessage(this.getClass(), "Chrome.getDownload.errMsg.errGettingFiles"); String msg = NbBundle.getMessage(this.getClass(), "Chrome.getDownload.errMsg.errGettingFiles");
logger.log(Level.SEVERE, msg, ex); logger.log(Level.SEVERE, msg, ex);
@ -395,7 +395,7 @@ class Chrome extends Extract {
} }
if (downloadFiles.isEmpty()) { if (downloadFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any Chrome download files."); logger.log(Level.INFO, "Didn't find any Chrome download files."); //NON-NLS
return; return;
} }
@ -406,11 +406,11 @@ class Chrome extends Extract {
if (downloadFile.getSize() == 0) { if (downloadFile.getSize() == 0) {
continue; continue;
} }
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + downloadFile.getName().toString() + j + ".db"; String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + downloadFile.getName().toString() + j + ".db"; //NON-NLS
try { try {
ContentUtils.writeToFile(downloadFile, new File(temps)); ContentUtils.writeToFile(downloadFile, new File(temps));
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome download artifacts.{0}", ex); logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome download artifacts.{0}", ex); //NON-NLS
this.addErrorMessage(NbBundle.getMessage(this.getClass(), "Chrome.getDownload.errMsg.errAnalyzeFiles1", this.addErrorMessage(NbBundle.getMessage(this.getClass(), "Chrome.getDownload.errMsg.errAnalyzeFiles1",
this.getName(), downloadFile.getName())); this.getName(), downloadFile.getName()));
continue; continue;
@ -429,12 +429,12 @@ class Chrome extends Extract {
tempList = this.dbConnect(temps, downloadQueryVersion30); tempList = this.dbConnect(temps, downloadQueryVersion30);
} }
logger.log(Level.INFO, "{0}- Now getting downloads from {1} with {2}artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); logger.log(Level.INFO, "{0}- Now getting downloads from {1} with {2}artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) { for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), (result.get("full_path").toString()))); NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), (result.get("full_path").toString()))); //NON-NLS
long pathID = Util.findID(dataSource, (result.get("full_path").toString())); long pathID = Util.findID(dataSource, (result.get("full_path").toString())); //NON-NLS
if (pathID != -1) { if (pathID != -1) {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
@ -442,16 +442,16 @@ class Chrome extends Extract {
} }
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("url").toString() != null) ? result.get("url").toString() : ""))); ((result.get("url").toString() != null) ? result.get("url").toString() : ""))); //NON-NLS
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "Recent Activity", ((result.get("url").toString() != null) ? EscapeUtil.decodeURL(result.get("url").toString()) : ""))); //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "Recent Activity", ((result.get("url").toString() != null) ? EscapeUtil.decodeURL(result.get("url").toString()) : "")));
Long time = (Long.valueOf(result.get("start_time").toString())); Long time = (Long.valueOf(result.get("start_time").toString())); //NON-NLS
String Tempdate = time.toString(); String Tempdate = time.toString();
time = Long.valueOf(Tempdate) / 10000000; time = Long.valueOf(Tempdate) / 10000000;
//TODO Revisit usage of deprecated constructor as per TSK-583 //TODO Revisit usage of deprecated constructor as per TSK-583
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "Recent Activity", "Last Visited", time)); //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "Recent Activity", "Last Visited", time));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), time)); NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), time));
String domain = Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : ""); String domain = Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : ""); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), domain)); NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), domain));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
@ -474,7 +474,7 @@ class Chrome extends Extract {
FileManager fileManager = currentCase.getServices().getFileManager(); FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> signonFiles; List<AbstractFile> signonFiles;
try { try {
signonFiles = fileManager.findFiles(dataSource, "signons.sqlite", "Chrome"); signonFiles = fileManager.findFiles(dataSource, "signons.sqlite", "Chrome"); //NON-NLS
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
String msg = NbBundle.getMessage(this.getClass(), "Chrome.getLogin.errMsg.errGettingFiles"); String msg = NbBundle.getMessage(this.getClass(), "Chrome.getLogin.errMsg.errGettingFiles");
logger.log(Level.SEVERE, msg, ex); logger.log(Level.SEVERE, msg, ex);
@ -483,7 +483,7 @@ class Chrome extends Extract {
} }
if (signonFiles.isEmpty()) { if (signonFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any Chrome signon files."); logger.log(Level.INFO, "Didn't find any Chrome signon files."); //NON-NLS
return; return;
} }
@ -494,11 +494,11 @@ class Chrome extends Extract {
if (signonFile.getSize() == 0) { if (signonFile.getSize() == 0) {
continue; continue;
} }
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + signonFile.getName().toString() + j + ".db"; String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + signonFile.getName().toString() + j + ".db"; //NON-NLS
try { try {
ContentUtils.writeToFile(signonFile, new File(temps)); ContentUtils.writeToFile(signonFile, new File(temps));
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome login artifacts.{0}", ex); logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome login artifacts.{0}", ex); //NON-NLS
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "Chrome.getLogin.errMsg.errAnalyzingFiles", this.getName(), NbBundle.getMessage(this.getClass(), "Chrome.getLogin.errMsg.errAnalyzingFiles", this.getName(),
signonFile.getName())); signonFile.getName()));
@ -510,36 +510,36 @@ class Chrome extends Extract {
break; break;
} }
List<HashMap<String, Object>> tempList = this.dbConnect(temps, loginQuery); List<HashMap<String, Object>> tempList = this.dbConnect(temps, loginQuery);
logger.log(Level.INFO, "{0}- Now getting login information from {1} with {2}artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); logger.log(Level.INFO, "{0}- Now getting login information from {1} with {2}artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) { for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("origin_url").toString() != null) ? result.get("origin_url").toString() : ""))); ((result.get("origin_url").toString() != null) ? result.get("origin_url").toString() : ""))); //NON-NLS
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "Recent Activity", ((result.get("origin_url").toString() != null) ? EscapeUtil.decodeURL(result.get("origin_url").toString()) : ""))); //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "Recent Activity", ((result.get("origin_url").toString() != null) ? EscapeUtil.decodeURL(result.get("origin_url").toString()) : "")));
//TODO Revisit usage of deprecated constructor as per TSK-583 //TODO Revisit usage of deprecated constructor as per TSK-583
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), "Recent Activity", "Last Visited", ((Long.valueOf(result.get("last_visit_time").toString())) / 1000000))); //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), "Recent Activity", "Last Visited", ((Long.valueOf(result.get("last_visit_time").toString())) / 1000000)));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((Long.valueOf(result.get("last_visit_time").toString())) / 1000000))); ((Long.valueOf(result.get("last_visit_time").toString())) / 1000000))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("from_visit").toString() != null) ? result.get("from_visit").toString() : ""))); ((result.get("from_visit").toString() != null) ? result.get("from_visit").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("title").toString() != null) ? result.get("title").toString() : ""))); ((result.get("title").toString() != null) ? result.get("title").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
NbBundle.getMessage(this.getClass(), "Chrome.moduleName"))); NbBundle.getMessage(this.getClass(), "Chrome.moduleName")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
(Util.extractDomain((result.get("origin_url").toString() != null) ? result.get("url").toString() : "")))); (Util.extractDomain((result.get("origin_url").toString() != null) ? result.get("url").toString() : "")))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USER_NAME.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USER_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("username_value").toString() != null) ? result.get("username_value").toString().replaceAll("'", "''") : ""))); ((result.get("username_value").toString() != null) ? result.get("username_value").toString().replaceAll("'", "''") : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
result.get("signon_realm").toString())); result.get("signon_realm").toString())); //NON-NLS
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, signonFile, bbattributes); this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, signonFile, bbattributes);
} }
@ -550,10 +550,10 @@ class Chrome extends Extract {
} }
private boolean isChromePreVersion30(String temps) { private boolean isChromePreVersion30(String temps) {
String query = "PRAGMA table_info(downloads)"; String query = "PRAGMA table_info(downloads)"; //NON-NLS
List<HashMap<String, Object>> columns = this.dbConnect(temps, query); List<HashMap<String, Object>> columns = this.dbConnect(temps, query);
for (HashMap<String, Object> col : columns) { for (HashMap<String, Object> col : columns) {
if (col.get("name").equals("url")) { if (col.get("name").equals("url")) { //NON-NLS
return true; return true;
} }
} }

8
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Extract.java
View File

@ -92,7 +92,7 @@ abstract class Extract {
BlackboardArtifact bbart = content.newArtifact(type); BlackboardArtifact bbart = content.newArtifact(type);
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} catch (TskException ex) { } catch (TskException ex) {
logger.log(Level.SEVERE, "Error while trying to add an artifact: {0}", ex); logger.log(Level.SEVERE, "Error while trying to add an artifact: {0}", ex); //NON-NLS
} }
} }
@ -109,14 +109,14 @@ abstract class Extract {
protected List<HashMap<String, Object>> dbConnect(String path, String query) { protected List<HashMap<String, Object>> dbConnect(String path, String query) {
ResultSet temprs; ResultSet temprs;
List<HashMap<String, Object>> list; List<HashMap<String, Object>> list;
String connectionString = "jdbc:sqlite:" + path; String connectionString = "jdbc:sqlite:" + path; //NON-NLS
try { try {
SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", connectionString); SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", connectionString); //NON-NLS
temprs = tempdbconnect.executeQry(query); temprs = tempdbconnect.executeQry(query);
list = this.resultSetToArrayList(temprs); list = this.resultSetToArrayList(temprs);
tempdbconnect.closeConnection(); tempdbconnect.closeConnection();
} catch (SQLException ex) { } catch (SQLException ex) {
logger.log(Level.SEVERE, "Error while trying to read into a sqlite db." + connectionString, ex); logger.log(Level.SEVERE, "Error while trying to read into a sqlite db." + connectionString, ex); //NON-NLS
errorMessages.add(NbBundle.getMessage(this.getClass(), "Extract.dbConn.errMsg.failedToQueryDb", getName())); errorMessages.add(NbBundle.getMessage(this.getClass(), "Extract.dbConn.errMsg.failedToQueryDb", getName()));
return Collections.<HashMap<String,Object>>emptyList(); return Collections.<HashMap<String,Object>>emptyList();
} }

84
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -71,7 +71,7 @@ class ExtractIE extends Extract {
ExtractIE() { ExtractIE() {
moduleName = NbBundle.getMessage(ExtractIE.class, "ExtractIE.moduleName.text"); moduleName = NbBundle.getMessage(ExtractIE.class, "ExtractIE.moduleName.text");
moduleTempResultsDir = RAImageIngestModule.getRATempPath(Case.getCurrentCase(), "IE") + File.separator + "results"; moduleTempResultsDir = RAImageIngestModule.getRATempPath(Case.getCurrentCase(), "IE") + File.separator + "results"; //NON-NLS
JAVA_PATH = PlatformUtil.getJavaPath(); JAVA_PATH = PlatformUtil.getJavaPath();
} }
@ -92,9 +92,9 @@ class ExtractIE extends Extract {
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager(); org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> favoritesFiles; List<AbstractFile> favoritesFiles;
try { try {
favoritesFiles = fileManager.findFiles(dataSource, "%.url", "Favorites"); favoritesFiles = fileManager.findFiles(dataSource, "%.url", "Favorites"); //NON-NLS
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching 'url' files for Internet Explorer bookmarks.", ex); logger.log(Level.WARNING, "Error fetching 'url' files for Internet Explorer bookmarks.", ex); //NON-NLS
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractIE.getBookmark.errMsg.errGettingBookmarks", NbBundle.getMessage(this.getClass(), "ExtractIE.getBookmark.errMsg.errGettingBookmarks",
this.getName())); this.getName()));
@ -102,7 +102,7 @@ class ExtractIE extends Extract {
} }
if (favoritesFiles.isEmpty()) { if (favoritesFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any IE bookmark files."); logger.log(Level.INFO, "Didn't find any IE bookmark files."); //NON-NLS
return; return;
} }
@ -154,18 +154,18 @@ class ExtractIE extends Extract {
while ((line = reader.readLine()) != null) { while ((line = reader.readLine()) != null) {
// The actual shortcut line we are interested in is of the // The actual shortcut line we are interested in is of the
// form URL=http://path/to/website // form URL=http://path/to/website
if (line.startsWith("URL")) { if (line.startsWith("URL")) { //NON-NLS
url = line.substring(line.indexOf("=") + 1); url = line.substring(line.indexOf("=") + 1);
break; break;
} }
} }
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.WARNING, "Failed to read from content: " + fav.getName(), ex); logger.log(Level.WARNING, "Failed to read from content: " + fav.getName(), ex); //NON-NLS
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractIE.getURLFromIEBmkFile.errMsg", this.getName(), NbBundle.getMessage(this.getClass(), "ExtractIE.getURLFromIEBmkFile.errMsg", this.getName(),
fav.getName())); fav.getName()));
} catch (IndexOutOfBoundsException ex) { } catch (IndexOutOfBoundsException ex) {
logger.log(Level.WARNING, "Failed while getting URL of IE bookmark. Unexpected format of the bookmark file: " + fav.getName(), ex); logger.log(Level.WARNING, "Failed while getting URL of IE bookmark. Unexpected format of the bookmark file: " + fav.getName(), ex); //NON-NLS
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractIE.getURLFromIEBmkFile.errMsg2", this.getName(), NbBundle.getMessage(this.getClass(), "ExtractIE.getURLFromIEBmkFile.errMsg2", this.getName(),
fav.getName())); fav.getName()));
@ -173,7 +173,7 @@ class ExtractIE extends Extract {
try { try {
reader.close(); reader.close();
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.WARNING, "Failed to close reader.", ex); logger.log(Level.WARNING, "Failed to close reader.", ex); //NON-NLS
} }
} }
@ -187,16 +187,16 @@ class ExtractIE extends Extract {
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager(); org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> cookiesFiles; List<AbstractFile> cookiesFiles;
try { try {
cookiesFiles = fileManager.findFiles(dataSource, "%.txt", "Cookies"); cookiesFiles = fileManager.findFiles(dataSource, "%.txt", "Cookies"); //NON-NLS
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error getting cookie files for IE"); logger.log(Level.WARNING, "Error getting cookie files for IE"); //NON-NLS
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractIE.getCookie.errMsg.errGettingFile", this.getName())); NbBundle.getMessage(this.getClass(), "ExtractIE.getCookie.errMsg.errGettingFile", this.getName()));
return; return;
} }
if (cookiesFiles.isEmpty()) { if (cookiesFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any IE cookies files."); logger.log(Level.INFO, "Didn't find any IE cookies files."); //NON-NLS
return; return;
} }
@ -213,7 +213,7 @@ class ExtractIE extends Extract {
try { try {
final int bytesRead = cookiesFile.read(t, 0, cookiesFile.getSize()); final int bytesRead = cookiesFile.read(t, 0, cookiesFile.getSize());
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error reading bytes of Internet Explorer cookie.", ex); logger.log(Level.SEVERE, "Error reading bytes of Internet Explorer cookie.", ex); //NON-NLS
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractIE.getCookie.errMsg.errReadingIECookie", NbBundle.getMessage(this.getClass(), "ExtractIE.getCookie.errMsg.errReadingIECookie",
this.getName(), cookiesFile.getName())); this.getName(), cookiesFile.getName()));
@ -259,21 +259,21 @@ class ExtractIE extends Extract {
* Locates index.dat files, runs Pasco on them, and creates artifacts. * Locates index.dat files, runs Pasco on them, and creates artifacts.
*/ */
private void getHistory() { private void getHistory() {
logger.log(Level.INFO, "Pasco results path: {0}", moduleTempResultsDir); logger.log(Level.INFO, "Pasco results path: {0}", moduleTempResultsDir); //NON-NLS
boolean foundHistory = false; boolean foundHistory = false;
final File pascoRoot = InstalledFileLocator.getDefault().locate("pasco2", ExtractIE.class.getPackage().getName(), false); final File pascoRoot = InstalledFileLocator.getDefault().locate("pasco2", ExtractIE.class.getPackage().getName(), false); //NON-NLS
if (pascoRoot == null) { if (pascoRoot == null) {
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractIE.getHistory.errMsg.unableToGetHist", this.getName())); NbBundle.getMessage(this.getClass(), "ExtractIE.getHistory.errMsg.unableToGetHist", this.getName()));
logger.log(Level.SEVERE, "Error finding pasco program "); logger.log(Level.SEVERE, "Error finding pasco program "); //NON-NLS
return; return;
} }
final String pascoHome = pascoRoot.getAbsolutePath(); final String pascoHome = pascoRoot.getAbsolutePath();
logger.log(Level.INFO, "Pasco2 home: {0}", pascoHome); logger.log(Level.INFO, "Pasco2 home: {0}", pascoHome); //NON-NLS
PASCO_LIB_PATH = pascoHome + File.separator + "pasco2.jar" + File.pathSeparator PASCO_LIB_PATH = pascoHome + File.separator + "pasco2.jar" + File.pathSeparator //NON-NLS
+ pascoHome + File.separator + "*"; + pascoHome + File.separator + "*";
File resultsDir = new File(moduleTempResultsDir); File resultsDir = new File(moduleTempResultsDir);
@ -283,11 +283,11 @@ class ExtractIE extends Extract {
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager(); org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> indexFiles; List<AbstractFile> indexFiles;
try { try {
indexFiles = fileManager.findFiles(dataSource, "index.dat"); indexFiles = fileManager.findFiles(dataSource, "index.dat"); //NON-NLS
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
this.addErrorMessage(NbBundle.getMessage(this.getClass(), "ExtractIE.getHistory.errMsg.errGettingHistFiles", this.addErrorMessage(NbBundle.getMessage(this.getClass(), "ExtractIE.getHistory.errMsg.errGettingHistFiles",
this.getName())); this.getName()));
logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history."); logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history."); //NON-NLS
return; return;
} }
@ -306,9 +306,9 @@ class ExtractIE extends Extract {
// index<Number>.dat (i.e. index0.dat, index1.dat,..., indexN.dat) // index<Number>.dat (i.e. index0.dat, index1.dat,..., indexN.dat)
// Write each index.dat file to a temp directory. // Write each index.dat file to a temp directory.
//BlackboardArtifact bbart = fsc.newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); //BlackboardArtifact bbart = fsc.newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY);
indexFileName = "index" + Integer.toString((int) indexFile.getId()) + ".dat"; indexFileName = "index" + Integer.toString((int) indexFile.getId()) + ".dat"; //NON-NLS
//indexFileName = "index" + Long.toString(bbart.getArtifactID()) + ".dat"; //indexFileName = "index" + Long.toString(bbart.getArtifactID()) + ".dat";
temps = RAImageIngestModule.getRATempPath(currentCase, "IE") + File.separator + indexFileName; temps = RAImageIngestModule.getRATempPath(currentCase, "IE") + File.separator + indexFileName; //NON-NLS
File datFile = new File(temps); File datFile = new File(temps);
if (context.isJobCancelled()) { if (context.isJobCancelled()) {
break; break;
@ -316,14 +316,14 @@ class ExtractIE extends Extract {
try { try {
ContentUtils.writeToFile(indexFile, datFile); ContentUtils.writeToFile(indexFile, datFile);
} catch (IOException e) { } catch (IOException e) {
logger.log(Level.SEVERE, "Error while trying to write index.dat file " + datFile.getAbsolutePath(), e); logger.log(Level.SEVERE, "Error while trying to write index.dat file " + datFile.getAbsolutePath(), e); //NON-NLS
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractIE.getHistory.errMsg.errWriteFile", this.getName(), NbBundle.getMessage(this.getClass(), "ExtractIE.getHistory.errMsg.errWriteFile", this.getName(),
datFile.getAbsolutePath())); datFile.getAbsolutePath()));
continue; continue;
} }
String filename = "pasco2Result." + indexFile.getId() + ".txt"; String filename = "pasco2Result." + indexFile.getId() + ".txt"; //NON-NLS
boolean bPascProcSuccess = executePasco(temps, filename); boolean bPascProcSuccess = executePasco(temps, filename);
//At this point pasco2 proccessed the index files. //At this point pasco2 proccessed the index files.
@ -335,7 +335,7 @@ class ExtractIE extends Extract {
//Delete index<n>.dat file since it was succcessfully by Pasco //Delete index<n>.dat file since it was succcessfully by Pasco
datFile.delete(); datFile.delete();
} else { } else {
logger.log(Level.WARNING, "pasco execution failed on: {0}", this.getName()); logger.log(Level.WARNING, "pasco execution failed on: {0}", this.getName()); //NON-NLS
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractIE.getHistory.errMsg.errProcHist", this.getName())); NbBundle.getMessage(this.getClass(), "ExtractIE.getHistory.errMsg.errProcHist", this.getName()));
} }
@ -359,19 +359,19 @@ class ExtractIE extends Extract {
Writer writer = null; Writer writer = null;
try { try {
final String outputFileFullPath = moduleTempResultsDir + File.separator + outputFileName; final String outputFileFullPath = moduleTempResultsDir + File.separator + outputFileName;
logger.log(Level.INFO, "Writing pasco results to: {0}", outputFileFullPath); logger.log(Level.INFO, "Writing pasco results to: {0}", outputFileFullPath); //NON-NLS
writer = new FileWriter(outputFileFullPath); writer = new FileWriter(outputFileFullPath);
execPasco = new ExecUtil(); execPasco = new ExecUtil();
execPasco.execute(writer, JAVA_PATH, execPasco.execute(writer, JAVA_PATH,
"-cp", PASCO_LIB_PATH, "-cp", PASCO_LIB_PATH, //NON-NLS
"isi.pasco2.Main", "-T", "history", indexFilePath ); "isi.pasco2.Main", "-T", "history", indexFilePath ); //NON-NLS
// @@@ Investigate use of history versus cache as type. // @@@ Investigate use of history versus cache as type.
} catch (IOException ex) { } catch (IOException ex) {
success = false; success = false;
logger.log(Level.SEVERE, "Unable to execute Pasco to process Internet Explorer web history.", ex); logger.log(Level.SEVERE, "Unable to execute Pasco to process Internet Explorer web history.", ex); //NON-NLS
} catch (InterruptedException ex) { } catch (InterruptedException ex) {
success = false; success = false;
logger.log(Level.SEVERE, "Pasco has been interrupted, failed to extract some web history from Internet Explorer.", ex); logger.log(Level.SEVERE, "Pasco has been interrupted, failed to extract some web history from Internet Explorer.", ex); //NON-NLS
} }
finally { finally {
if (writer != null) { if (writer != null) {
@ -379,7 +379,7 @@ class ExtractIE extends Extract {
writer.flush(); writer.flush();
writer.close(); writer.close();
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.WARNING, "Error closing writer stream after for Pasco result", ex); logger.log(Level.WARNING, "Error closing writer stream after for Pasco result", ex); //NON-NLS
} }
} }
} }
@ -400,7 +400,7 @@ class ExtractIE extends Extract {
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractIE.parsePascoOutput.errMsg.notFound", this.getName(), NbBundle.getMessage(this.getClass(), "ExtractIE.parsePascoOutput.errMsg.notFound", this.getName(),
file.getName())); file.getName()));
logger.log(Level.WARNING, "Pasco Output not found: {0}", file.getPath()); logger.log(Level.WARNING, "Pasco Output not found: {0}", file.getPath()); //NON-NLS
return; return;
} }
@ -417,20 +417,20 @@ class ExtractIE extends Extract {
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractIE.parsePascoOutput.errMsg.errParsing", this.getName(), NbBundle.getMessage(this.getClass(), "ExtractIE.parsePascoOutput.errMsg.errParsing", this.getName(),
file.getName())); file.getName()));
logger.log(Level.WARNING, "Unable to find the Pasco file at " + file.getPath(), ex); logger.log(Level.WARNING, "Unable to find the Pasco file at " + file.getPath(), ex); //NON-NLS
return; return;
} }
while (fileScanner.hasNext()) { while (fileScanner.hasNext()) {
String line = fileScanner.nextLine(); String line = fileScanner.nextLine();
if (!line.startsWith("URL")) { if (!line.startsWith("URL")) { //NON-NLS
continue; continue;
} }
String[] lineBuff = line.split("\\t"); String[] lineBuff = line.split("\\t"); //NON-NLS
if (lineBuff.length < 4) { if (lineBuff.length < 4) {
logger.log(Level.INFO, "Found unrecognized IE history format."); logger.log(Level.INFO, "Found unrecognized IE history format."); //NON-NLS
continue; continue;
} }
@ -448,14 +448,14 @@ class ExtractIE extends Extract {
if (lineBuff[1].contains("@")) { if (lineBuff[1].contains("@")) {
String url[] = lineBuff[1].split("@", 2); String url[] = lineBuff[1].split("@", 2);
user = url[0]; user = url[0];
user = user.replace("Visited:", ""); user = user.replace("Visited:", ""); //NON-NLS
user = user.replace(":Host:", ""); user = user.replace(":Host:", ""); //NON-NLS
user = user.replaceAll("(:)(.*?)(:)", ""); user = user.replaceAll("(:)(.*?)(:)", "");
user = user.trim(); user = user.trim();
realurl = url[1]; realurl = url[1];
realurl = realurl.replace("Visited:", ""); realurl = realurl.replace("Visited:", ""); //NON-NLS
realurl = realurl.replaceAll(":(.*?):", ""); realurl = realurl.replaceAll(":(.*?):", "");
realurl = realurl.replace(":Host:", ""); realurl = realurl.replace(":Host:", ""); //NON-NLS
realurl = realurl.trim(); realurl = realurl.trim();
} else { } else {
user = ""; user = "";
@ -465,7 +465,7 @@ class ExtractIE extends Extract {
domain = Util.extractDomain(realurl); domain = Util.extractDomain(realurl);
if (!ddtime.isEmpty()) { if (!ddtime.isEmpty()) {
ddtime = ddtime.replace("T", " "); ddtime = ddtime.replace("T", " "); //NON-NLS
ddtime = ddtime.substring(ddtime.length() - 5); ddtime = ddtime.substring(ddtime.length() - 5);
} }
@ -478,7 +478,7 @@ class ExtractIE extends Extract {
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractIE.parsePascoOutput.errMsg.errParsingEntry", NbBundle.getMessage(this.getClass(), "ExtractIE.parsePascoOutput.errMsg.errParsingEntry",
this.getName())); this.getName()));
logger.log(Level.SEVERE, "Error parsing Pasco results.", e); logger.log(Level.SEVERE, "Error parsing Pasco results.", e); //NON-NLS
} }
} }
@ -510,7 +510,7 @@ class ExtractIE extends Extract {
"ExtractIE.parentModuleName.noSpace"), user)); "ExtractIE.parentModuleName.noSpace"), user));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error writing Internet Explorer web history artifact to the blackboard.", ex); logger.log(Level.SEVERE, "Error writing Internet Explorer web history artifact to the blackboard.", ex); //NON-NLS
} }
} }
fileScanner.close(); fileScanner.close();

156
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -69,9 +69,9 @@ class ExtractRegistry extends Extract {
//hide public constructor to prevent from instantiation by ingest module loader //hide public constructor to prevent from instantiation by ingest module loader
ExtractRegistry() { ExtractRegistry() {
final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false); final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false); //NON-NLS
if (rrRoot == null) { if (rrRoot == null) {
logger.log(Level.SEVERE, "RegRipper not found"); logger.log(Level.SEVERE, "RegRipper not found"); //NON-NLS
rrFound = false; rrFound = false;
return; return;
} else { } else {
@ -79,29 +79,29 @@ class ExtractRegistry extends Extract {
} }
final String rrHome = rrRoot.getAbsolutePath(); final String rrHome = rrRoot.getAbsolutePath();
logger.log(Level.INFO, "RegRipper home: {0}", rrHome); logger.log(Level.INFO, "RegRipper home: {0}", rrHome); //NON-NLS
if (PlatformUtil.isWindowsOS()) { if (PlatformUtil.isWindowsOS()) {
RR_PATH = rrHome + File.separator + "rip.exe"; RR_PATH = rrHome + File.separator + "rip.exe"; //NON-NLS
} else { } else {
RR_PATH = "perl " + rrHome + File.separator + "rip.pl"; RR_PATH = "perl " + rrHome + File.separator + "rip.pl"; //NON-NLS
} }
final File rrFullRoot = InstalledFileLocator.getDefault().locate("rr-full", ExtractRegistry.class.getPackage().getName(), false); final File rrFullRoot = InstalledFileLocator.getDefault().locate("rr-full", ExtractRegistry.class.getPackage().getName(), false); //NON-NLS
if (rrFullRoot == null) { if (rrFullRoot == null) {
logger.log(Level.SEVERE, "RegRipper Full not found"); logger.log(Level.SEVERE, "RegRipper Full not found"); //NON-NLS
rrFullFound = false; rrFullFound = false;
} else { } else {
rrFullFound = true; rrFullFound = true;
} }
final String rrFullHome = rrFullRoot.getAbsolutePath(); final String rrFullHome = rrFullRoot.getAbsolutePath();
logger.log(Level.INFO, "RegRipper Full home: {0}", rrFullHome); logger.log(Level.INFO, "RegRipper Full home: {0}", rrFullHome); //NON-NLS
if (PlatformUtil.isWindowsOS()) { if (PlatformUtil.isWindowsOS()) {
RR_FULL_PATH = rrFullHome + File.separator + "rip.exe"; RR_FULL_PATH = rrFullHome + File.separator + "rip.exe"; //NON-NLS
} else { } else {
RR_FULL_PATH = "perl " + rrFullHome + File.separator + "rip.pl"; RR_FULL_PATH = "perl " + rrFullHome + File.separator + "rip.pl"; //NON-NLS
} }
} }
@ -114,17 +114,17 @@ class ExtractRegistry extends Extract {
// find the user-specific ntuser-dat files // find the user-specific ntuser-dat files
try { try {
allRegistryFiles.addAll(fileManager.findFiles(dataSource, "ntuser.dat")); allRegistryFiles.addAll(fileManager.findFiles(dataSource, "ntuser.dat")); //NON-NLS
} }
catch (TskCoreException ex) { catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching 'ntuser.dat' file."); logger.log(Level.WARNING, "Error fetching 'ntuser.dat' file."); //NON-NLS
} }
// find the system hives' // find the system hives'
String[] regFileNames = new String[] {"system", "software", "security", "sam"}; String[] regFileNames = new String[] {"system", "software", "security", "sam"}; //NON-NLS
for (String regFileName : regFileNames) { for (String regFileName : regFileNames) {
try { try {
allRegistryFiles.addAll(fileManager.findFiles(dataSource, regFileName, "/system32/config")); allRegistryFiles.addAll(fileManager.findFiles(dataSource, regFileName, "/system32/config")); //NON-NLS
} }
catch (TskCoreException ex) { catch (TskCoreException ex) {
String msg = NbBundle.getMessage(this.getClass(), String msg = NbBundle.getMessage(this.getClass(),
@ -145,7 +145,7 @@ class ExtractRegistry extends Extract {
// open the log file // open the log file
FileWriter logFile = null; FileWriter logFile = null;
try { try {
logFile = new FileWriter(RAImageIngestModule.getRAOutputPath(currentCase, "reg") + File.separator + "regripper-info.txt"); logFile = new FileWriter(RAImageIngestModule.getRAOutputPath(currentCase, "reg") + File.separator + "regripper-info.txt"); //NON-NLS
} catch (IOException ex) { } catch (IOException ex) {
java.util.logging.Logger.getLogger(ExtractRegistry.class.getName()).log(Level.SEVERE, null, ex); java.util.logging.Logger.getLogger(ExtractRegistry.class.getName()).log(Level.SEVERE, null, ex);
} }
@ -156,12 +156,12 @@ class ExtractRegistry extends Extract {
for (AbstractFile regFile : allRegistryFiles) { for (AbstractFile regFile : allRegistryFiles) {
String regFileName = regFile.getName(); String regFileName = regFile.getName();
String regFileNameLocal = RAImageIngestModule.getRATempPath(currentCase, "reg") + File.separator + regFileName; String regFileNameLocal = RAImageIngestModule.getRATempPath(currentCase, "reg") + File.separator + regFileName;
String outputPathBase = RAImageIngestModule.getRAOutputPath(currentCase, "reg") + File.separator + regFileName + "-regripper-" + Integer.toString(j++); String outputPathBase = RAImageIngestModule.getRAOutputPath(currentCase, "reg") + File.separator + regFileName + "-regripper-" + Integer.toString(j++); //NON-NLS
File regFileNameLocalFile = new File(regFileNameLocal); File regFileNameLocalFile = new File(regFileNameLocal);
try { try {
ContentUtils.writeToFile(regFile, regFileNameLocalFile); ContentUtils.writeToFile(regFile, regFileNameLocalFile);
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing the temp registry file. {0}", ex); logger.log(Level.SEVERE, "Error writing the temp registry file. {0}", ex); //NON-NLS
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractRegistry.analyzeRegFiles.errMsg.errWritingTemp", NbBundle.getMessage(this.getClass(), "ExtractRegistry.analyzeRegFiles.errMsg.errWritingTemp",
this.getName(), regFileName)); this.getName(), regFileName));
@ -181,7 +181,7 @@ class ExtractRegistry extends Extract {
java.util.logging.Logger.getLogger(ExtractRegistry.class.getName()).log(Level.SEVERE, null, ex); java.util.logging.Logger.getLogger(ExtractRegistry.class.getName()).log(Level.SEVERE, null, ex);
} }
logger.log(Level.INFO, moduleName + "- Now getting registry information from " + regFileNameLocal); logger.log(Level.INFO, moduleName + "- Now getting registry information from " + regFileNameLocal); //NON-NLS
RegOutputFiles regOutputFiles = executeRegRip(regFileNameLocal, outputPathBase); RegOutputFiles regOutputFiles = executeRegRip(regFileNameLocal, outputPathBase);
if (context.isJobCancelled()) { if (context.isJobCancelled()) {
@ -226,7 +226,7 @@ class ExtractRegistry extends Extract {
try { try {
input.close(); input.close();
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.WARNING, "Failed to close reader.", ex); logger.log(Level.WARNING, "Failed to close reader.", ex); //NON-NLS
} }
} }
att = new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(), att = new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(),
@ -273,23 +273,23 @@ class ExtractRegistry extends Extract {
RegOutputFiles regOutputFiles = new RegOutputFiles(); RegOutputFiles regOutputFiles = new RegOutputFiles();
if (regFilePath.toLowerCase().contains("system")) { if (regFilePath.toLowerCase().contains("system")) { //NON-NLS
autopsyType = "autopsysystem"; autopsyType = "autopsysystem"; //NON-NLS
fullType = "system"; fullType = "system"; //NON-NLS
} }
else if (regFilePath.toLowerCase().contains("software")) { else if (regFilePath.toLowerCase().contains("software")) { //NON-NLS
autopsyType = "autopsysoftware"; autopsyType = "autopsysoftware"; //NON-NLS
fullType = "software"; fullType = "software"; //NON-NLS
} }
else if (regFilePath.toLowerCase().contains("ntuser")) { else if (regFilePath.toLowerCase().contains("ntuser")) { //NON-NLS
autopsyType = "autopsyntuser"; autopsyType = "autopsyntuser"; //NON-NLS
fullType = "ntuser"; fullType = "ntuser"; //NON-NLS
} }
else if (regFilePath.toLowerCase().contains("sam")) { else if (regFilePath.toLowerCase().contains("sam")) { //NON-NLS
fullType = "sam"; fullType = "sam"; //NON-NLS
} }
else if (regFilePath.toLowerCase().contains("security")) { else if (regFilePath.toLowerCase().contains("security")) { //NON-NLS
fullType = "security"; fullType = "security"; //NON-NLS
} }
else { else {
return regOutputFiles; return regOutputFiles;
@ -300,19 +300,19 @@ class ExtractRegistry extends Extract {
// TODO - add error messages // TODO - add error messages
Writer writer = null; Writer writer = null;
try { try {
regOutputFiles.autopsyPlugins = outFilePathBase + "-autopsy.txt"; regOutputFiles.autopsyPlugins = outFilePathBase + "-autopsy.txt"; //NON-NLS
logger.log(Level.INFO, "Writing RegRipper results to: " + regOutputFiles.autopsyPlugins); logger.log(Level.INFO, "Writing RegRipper results to: " + regOutputFiles.autopsyPlugins); //NON-NLS
writer = new FileWriter(regOutputFiles.autopsyPlugins); writer = new FileWriter(regOutputFiles.autopsyPlugins);
execRR = new ExecUtil(); execRR = new ExecUtil();
execRR.execute(writer, RR_PATH, execRR.execute(writer, RR_PATH,
"-r", regFilePath, "-f", autopsyType); "-r", regFilePath, "-f", autopsyType); //NON-NLS
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.SEVERE, "Unable to RegRipper and process parse some registry files.", ex); logger.log(Level.SEVERE, "Unable to RegRipper and process parse some registry files.", ex); //NON-NLS
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractRegistry.execRegRip.errMsg.failedAnalyzeRegFile", NbBundle.getMessage(this.getClass(), "ExtractRegistry.execRegRip.errMsg.failedAnalyzeRegFile",
this.getName())); this.getName()));
} catch (InterruptedException ex) { } catch (InterruptedException ex) {
logger.log(Level.SEVERE, "RegRipper has been interrupted, failed to parse registry.", ex); logger.log(Level.SEVERE, "RegRipper has been interrupted, failed to parse registry.", ex); //NON-NLS
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractRegistry.execRegRip.errMsg.failedAnalyzeRegFile2", NbBundle.getMessage(this.getClass(), "ExtractRegistry.execRegRip.errMsg.failedAnalyzeRegFile2",
this.getName())); this.getName()));
@ -321,7 +321,7 @@ class ExtractRegistry extends Extract {
try { try {
writer.close(); writer.close();
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.SEVERE, "Error closing output writer after running RegRipper", ex); logger.log(Level.SEVERE, "Error closing output writer after running RegRipper", ex); //NON-NLS
} }
} }
} }
@ -331,19 +331,19 @@ class ExtractRegistry extends Extract {
if (!fullType.isEmpty() && rrFullFound) { if (!fullType.isEmpty() && rrFullFound) {
Writer writer = null; Writer writer = null;
try { try {
regOutputFiles.fullPlugins = outFilePathBase + "-full.txt"; regOutputFiles.fullPlugins = outFilePathBase + "-full.txt"; //NON-NLS
logger.log(Level.INFO, "Writing Full RegRipper results to: " + regOutputFiles.fullPlugins); logger.log(Level.INFO, "Writing Full RegRipper results to: " + regOutputFiles.fullPlugins); //NON-NLS
writer = new FileWriter(regOutputFiles.fullPlugins); writer = new FileWriter(regOutputFiles.fullPlugins);
execRR = new ExecUtil(); execRR = new ExecUtil();
execRR.execute(writer, RR_FULL_PATH, execRR.execute(writer, RR_FULL_PATH,
"-r", regFilePath, "-f", fullType); "-r", regFilePath, "-f", fullType); //NON-NLS
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.SEVERE, "Unable to run full RegRipper and process parse some registry files.", ex); logger.log(Level.SEVERE, "Unable to run full RegRipper and process parse some registry files.", ex); //NON-NLS
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractRegistry.execRegRip.errMsg.failedAnalyzeRegFile3", NbBundle.getMessage(this.getClass(), "ExtractRegistry.execRegRip.errMsg.failedAnalyzeRegFile3",
this.getName())); this.getName()));
} catch (InterruptedException ex) { } catch (InterruptedException ex) {
logger.log(Level.SEVERE, "RegRipper full has been interrupted, failed to parse registry.", ex); logger.log(Level.SEVERE, "RegRipper full has been interrupted, failed to parse registry.", ex); //NON-NLS
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractRegistry.execRegRip.errMsg.failedAnalyzeRegFile4", NbBundle.getMessage(this.getClass(), "ExtractRegistry.execRegRip.errMsg.failedAnalyzeRegFile4",
this.getName())); this.getName()));
@ -352,7 +352,7 @@ class ExtractRegistry extends Extract {
try { try {
writer.close(); writer.close();
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.SEVERE, "Error closing output writer after running RegRipper full", ex); logger.log(Level.SEVERE, "Error closing output writer after running RegRipper full", ex); //NON-NLS
} }
} }
} }
@ -371,14 +371,14 @@ class ExtractRegistry extends Extract {
File regfile = new File(regRecord); File regfile = new File(regRecord);
fstream = new FileInputStream(regfile); fstream = new FileInputStream(regfile);
String regString = new Scanner(fstream, "UTF-8").useDelimiter("\\Z").next(); String regString = new Scanner(fstream, "UTF-8").useDelimiter("\\Z").next(); //NON-NLS
String startdoc = "<?xml version=\"1.0\"?><document>"; String startdoc = "<?xml version=\"1.0\"?><document>"; //NON-NLS
String result = regString.replaceAll("----------------------------------------", ""); String result = regString.replaceAll("----------------------------------------", "");
result = result.replaceAll("\\n", ""); result = result.replaceAll("\\n", ""); //NON-NLS
result = result.replaceAll("\\r", ""); result = result.replaceAll("\\r", ""); //NON-NLS
result = result.replaceAll("'", "&apos;"); result = result.replaceAll("'", "&apos;"); //NON-NLS
result = result.replaceAll("&", "&amp;"); result = result.replaceAll("&", "&amp;"); //NON-NLS
String enddoc = "</document>"; String enddoc = "</document>"; //NON-NLS
String stringdoc = startdoc + result + enddoc; String stringdoc = startdoc + result + enddoc;
DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
Document doc = builder.parse(new InputSource(new StringReader(stringdoc))); Document doc = builder.parse(new InputSource(new StringReader(stringdoc)));
@ -392,7 +392,7 @@ class ExtractRegistry extends Extract {
String dataType = tempnode.getNodeName(); String dataType = tempnode.getNodeName();
NodeList timenodes = tempnode.getElementsByTagName("mtime"); NodeList timenodes = tempnode.getElementsByTagName("mtime"); //NON-NLS
Long mtime = null; Long mtime = null;
if (timenodes.getLength() > 0) { if (timenodes.getLength() > 0) {
Element timenode = (Element) timenodes.item(0); Element timenode = (Element) timenodes.item(0);
@ -403,11 +403,11 @@ class ExtractRegistry extends Extract {
String Tempdate = mtime.toString(); String Tempdate = mtime.toString();
mtime = Long.valueOf(Tempdate) / 1000; mtime = Long.valueOf(Tempdate) / 1000;
} catch (ParseException ex) { } catch (ParseException ex) {
logger.log(Level.WARNING, "Failed to parse epoch time when parsing the registry."); logger.log(Level.WARNING, "Failed to parse epoch time when parsing the registry."); //NON-NLS
} }
} }
NodeList artroots = tempnode.getElementsByTagName("artifacts"); NodeList artroots = tempnode.getElementsByTagName("artifacts"); //NON-NLS
if (artroots.getLength() == 0) { if (artroots.getLength() == 0) {
// If there isn't an artifact node, skip this entry // If there isn't an artifact node, skip this entry
continue; continue;
@ -425,7 +425,7 @@ class ExtractRegistry extends Extract {
String value = artnode.getTextContent().trim(); String value = artnode.getTextContent().trim();
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
if ("recentdocs".equals(dataType)) { if ("recentdocs".equals(dataType)) { //NON-NLS
// BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT); // BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT);
// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", dataType, mtime)); // bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", dataType, mtime));
// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", dataType, mtimeItem)); // bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", dataType, mtimeItem));
@ -433,18 +433,18 @@ class ExtractRegistry extends Extract {
// bbart.addAttributes(bbattributes); // bbart.addAttributes(bbattributes);
// @@@ BC: Why are we ignoring this... // @@@ BC: Why are we ignoring this...
} }
else if ("usb".equals(dataType)) { else if ("usb".equals(dataType)) { //NON-NLS
try { try {
Long usbMtime = Long.parseLong(artnode.getAttribute("mtime")); Long usbMtime = Long.parseLong(artnode.getAttribute("mtime")); //NON-NLS
usbMtime = Long.valueOf(usbMtime.toString()); usbMtime = Long.valueOf(usbMtime.toString());
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_DEVICE_ATTACHED); BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_DEVICE_ATTACHED);
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"ExtractRegistry.parentModuleName.noSpace"), usbMtime)); "ExtractRegistry.parentModuleName.noSpace"), usbMtime));
String dev = artnode.getAttribute("dev"); String dev = artnode.getAttribute("dev"); //NON-NLS
String model = dev; String model = dev;
if (dev.toLowerCase().contains("vid")) { if (dev.toLowerCase().contains("vid")) { //NON-NLS
USBInfo info = extrctr.parseAndLookup(dev); USBInfo info = extrctr.parseAndLookup(dev);
if(info.getVendor()!=null) if(info.getVendor()!=null)
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MAKE.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MAKE.getTypeID(),
@ -461,17 +461,17 @@ class ExtractRegistry extends Extract {
"ExtractRegistry.parentModuleName.noSpace"), value)); "ExtractRegistry.parentModuleName.noSpace"), value));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error adding device attached artifact to blackboard."); logger.log(Level.SEVERE, "Error adding device attached artifact to blackboard."); //NON-NLS
} }
} }
else if ("uninstall".equals(dataType)) { else if ("uninstall".equals(dataType)) { //NON-NLS
Long itemMtime = null; Long itemMtime = null;
try { try {
Long epochtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(artnode.getAttribute("mtime")).getTime(); Long epochtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(artnode.getAttribute("mtime")).getTime(); //NON-NLS
itemMtime = epochtime.longValue(); itemMtime = epochtime.longValue();
itemMtime = itemMtime / 1000; itemMtime = itemMtime / 1000;
} catch (ParseException e) { } catch (ParseException e) {
logger.log(Level.WARNING, "Failed to parse epoch time for installed program artifact."); logger.log(Level.WARNING, "Failed to parse epoch time for installed program artifact."); //NON-NLS
} }
try { try {
@ -484,19 +484,19 @@ class ExtractRegistry extends Extract {
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG); BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG);
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error adding installed program artifact to blackboard."); logger.log(Level.SEVERE, "Error adding installed program artifact to blackboard."); //NON-NLS
} }
} }
else if ("WinVersion".equals(dataType)) { else if ("WinVersion".equals(dataType)) { //NON-NLS
String name = artnode.getAttribute("name"); String name = artnode.getAttribute("name"); //NON-NLS
if (name.contains("ProductName")) { if (name.contains("ProductName")) { //NON-NLS
winver = value; winver = value;
} }
if (name.contains("CSDVersion")) { if (name.contains("CSDVersion")) { //NON-NLS
winver = winver + " " + value; winver = winver + " " + value;
} }
if (name.contains("InstallDate")) { if (name.contains("InstallDate")) { //NON-NLS
Long installtime = null; Long installtime = null;
try { try {
Long epochtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(value).getTime(); Long epochtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(value).getTime();
@ -504,7 +504,7 @@ class ExtractRegistry extends Extract {
String Tempdate = installtime.toString(); String Tempdate = installtime.toString();
installtime = Long.valueOf(Tempdate) / 1000; installtime = Long.valueOf(Tempdate) / 1000;
} catch (ParseException e) { } catch (ParseException e) {
logger.log(Level.SEVERE, "RegRipper::Conversion on DateTime -> ", e); logger.log(Level.SEVERE, "RegRipper::Conversion on DateTime -> ", e); //NON-NLS
} }
try { try {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
@ -516,12 +516,12 @@ class ExtractRegistry extends Extract {
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG); BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG);
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error adding installed program artifact to blackboard."); logger.log(Level.SEVERE, "Error adding installed program artifact to blackboard."); //NON-NLS
} }
} }
} }
else if ("office".equals(dataType)) { else if ("office".equals(dataType)) { //NON-NLS
String name = artnode.getAttribute("name"); String name = artnode.getAttribute("name"); //NON-NLS
try { try {
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT); BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT);
@ -542,7 +542,7 @@ class ExtractRegistry extends Extract {
"ExtractRegistry.parentModuleName.noSpace"), artnode.getNodeName())); "ExtractRegistry.parentModuleName.noSpace"), artnode.getNodeName()));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error adding recent object artifact to blackboard."); logger.log(Level.SEVERE, "Error adding recent object artifact to blackboard."); //NON-NLS
} }
} }
} }
@ -550,13 +550,13 @@ class ExtractRegistry extends Extract {
} }
return true; return true;
} catch (FileNotFoundException ex) { } catch (FileNotFoundException ex) {
logger.log(Level.SEVERE, "Error finding the registry file."); logger.log(Level.SEVERE, "Error finding the registry file."); //NON-NLS
} catch (SAXException ex) { } catch (SAXException ex) {
logger.log(Level.SEVERE, "Error parsing the registry XML: {0}", ex); logger.log(Level.SEVERE, "Error parsing the registry XML: {0}", ex); //NON-NLS
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.SEVERE, "Error building the document parser: {0}", ex); logger.log(Level.SEVERE, "Error building the document parser: {0}", ex); //NON-NLS
} catch (ParserConfigurationException ex) { } catch (ParserConfigurationException ex) {
logger.log(Level.SEVERE, "Error configuring the registry parser: {0}", ex); logger.log(Level.SEVERE, "Error configuring the registry parser: {0}", ex); //NON-NLS
} finally { } finally {
try { try {
if (fstream != null) { if (fstream != null) {

118
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -53,12 +53,12 @@ import org.sleuthkit.datamodel.TskCoreException;
class Firefox extends Extract { class Firefox extends Extract {
private static final Logger logger = Logger.getLogger(Firefox.class.getName()); private static final Logger logger = Logger.getLogger(Firefox.class.getName());
private static final String historyQuery = "SELECT moz_historyvisits.id,url,title,visit_count,(visit_date/1000000) as visit_date,from_visit,(SELECT url FROM moz_places WHERE id=moz_historyvisits.from_visit) as ref FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND hidden = 0"; private static final String historyQuery = "SELECT moz_historyvisits.id,url,title,visit_count,(visit_date/1000000) as visit_date,from_visit,(SELECT url FROM moz_places WHERE id=moz_historyvisits.from_visit) as ref FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND hidden = 0"; //NON-NLS
private static final String cookieQuery = "SELECT name,value,host,expiry,(lastAccessed/1000000) as lastAccessed,(creationTime/1000000) as creationTime FROM moz_cookies"; private static final String cookieQuery = "SELECT name,value,host,expiry,(lastAccessed/1000000) as lastAccessed,(creationTime/1000000) as creationTime FROM moz_cookies"; //NON-NLS
private static final String cookieQueryV3 = "SELECT name,value,host,expiry,(lastAccessed/1000000) as lastAccessed FROM moz_cookies"; private static final String cookieQueryV3 = "SELECT name,value,host,expiry,(lastAccessed/1000000) as lastAccessed FROM moz_cookies"; //NON-NLS
private static final String bookmarkQuery = "SELECT fk, moz_bookmarks.title, url, (moz_bookmarks.dateAdded/1000000) as dateAdded FROM moz_bookmarks INNER JOIN moz_places ON moz_bookmarks.fk=moz_places.id"; private static final String bookmarkQuery = "SELECT fk, moz_bookmarks.title, url, (moz_bookmarks.dateAdded/1000000) as dateAdded FROM moz_bookmarks INNER JOIN moz_places ON moz_bookmarks.fk=moz_places.id"; //NON-NLS
private static final String downloadQuery = "SELECT target, source,(startTime/1000000) as startTime, maxBytes FROM moz_downloads"; private static final String downloadQuery = "SELECT target, source,(startTime/1000000) as startTime, maxBytes FROM moz_downloads"; //NON-NLS
private static final String downloadQueryVersion24 = "SELECT url, content as target, (lastModified/1000000) as lastModified FROM moz_places, moz_annos WHERE moz_places.id = moz_annos.place_id AND moz_annos.anno_attribute_id = 3"; private static final String downloadQueryVersion24 = "SELECT url, content as target, (lastModified/1000000) as lastModified FROM moz_places, moz_annos WHERE moz_places.id = moz_annos.place_id AND moz_annos.anno_attribute_id = 3"; //NON-NLS
private final IngestServices services = IngestServices.getInstance(); private final IngestServices services = IngestServices.getInstance();
private Content dataSource; private Content dataSource;
private IngestJobContext context; private IngestJobContext context;
@ -82,7 +82,7 @@ class Firefox extends Extract {
FileManager fileManager = currentCase.getServices().getFileManager(); FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> historyFiles; List<AbstractFile> historyFiles;
try { try {
historyFiles = fileManager.findFiles(dataSource, "places.sqlite", "Firefox"); historyFiles = fileManager.findFiles(dataSource, "places.sqlite", "Firefox"); //NON-NLS
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
String msg = NbBundle.getMessage(this.getClass(), "Firefox.getHistory.errMsg.errFetchingFiles"); String msg = NbBundle.getMessage(this.getClass(), "Firefox.getHistory.errMsg.errFetchingFiles");
logger.log(Level.WARNING, msg); logger.log(Level.WARNING, msg);
@ -105,11 +105,11 @@ class Firefox extends Extract {
} }
String fileName = historyFile.getName(); String fileName = historyFile.getName();
String temps = RAImageIngestModule.getRATempPath(currentCase, "firefox") + File.separator + fileName + j + ".db"; String temps = RAImageIngestModule.getRATempPath(currentCase, "firefox") + File.separator + fileName + j + ".db"; //NON-NLS
try { try {
ContentUtils.writeToFile(historyFile, new File(temps)); ContentUtils.writeToFile(historyFile, new File(temps));
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing the sqlite db for firefox web history artifacts.{0}", ex); logger.log(Level.SEVERE, "Error writing the sqlite db for firefox web history artifacts.{0}", ex); //NON-NLS
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "Firefox.getHistory.errMsg.errAnalyzeFile", this.getName(), NbBundle.getMessage(this.getClass(), "Firefox.getHistory.errMsg.errAnalyzeFile", this.getName(),
fileName)); fileName));
@ -121,33 +121,33 @@ class Firefox extends Extract {
break; break;
} }
List<HashMap<String, Object>> tempList = this.dbConnect(temps, historyQuery); List<HashMap<String, Object>> tempList = this.dbConnect(temps, historyQuery);
logger.log(Level.INFO, "{0} - Now getting history from {1} with {2} artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); logger.log(Level.INFO, "{0} - Now getting history from {1} with {2} artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) { for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
((result.get("url").toString() != null) ? result.get("url").toString() : ""))); ((result.get("url").toString() != null) ? result.get("url").toString() : ""))); //NON-NLS
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "RecentActivity", ((result.get("url").toString() != null) ? EscapeUtil.decodeURL(result.get("url").toString()) : ""))); //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "RecentActivity", ((result.get("url").toString() != null) ? EscapeUtil.decodeURL(result.get("url").toString()) : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
(Long.valueOf(result.get("visit_date").toString())))); (Long.valueOf(result.get("visit_date").toString())))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
((result.get("ref").toString() != null) ? result.get("ref").toString() : ""))); ((result.get("ref").toString() != null) ? result.get("ref").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TITLE.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TITLE.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
((result.get("title").toString() != null) ? result.get("title").toString() : ""))); ((result.get("title").toString() != null) ? result.get("title").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
NbBundle.getMessage(this.getClass(), "Firefox.moduleName"))); NbBundle.getMessage(this.getClass(), "Firefox.moduleName")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), (Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "")))); "Firefox.parentModuleName.noSpace"), (Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "")))); //NON-NLS
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, historyFile, bbattributes); this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, historyFile, bbattributes);
} }
++j; ++j;
@ -166,7 +166,7 @@ class Firefox extends Extract {
FileManager fileManager = currentCase.getServices().getFileManager(); FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> bookmarkFiles; List<AbstractFile> bookmarkFiles;
try { try {
bookmarkFiles = fileManager.findFiles(dataSource, "places.sqlite", "Firefox"); bookmarkFiles = fileManager.findFiles(dataSource, "places.sqlite", "Firefox"); //NON-NLS
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
String msg = NbBundle.getMessage(this.getClass(), "Firefox.getBookmark.errMsg.errFetchFiles"); String msg = NbBundle.getMessage(this.getClass(), "Firefox.getBookmark.errMsg.errFetchFiles");
logger.log(Level.WARNING, msg); logger.log(Level.WARNING, msg);
@ -175,7 +175,7 @@ class Firefox extends Extract {
} }
if (bookmarkFiles.isEmpty()) { if (bookmarkFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any firefox bookmark files."); logger.log(Level.INFO, "Didn't find any firefox bookmark files."); //NON-NLS
return; return;
} }
@ -187,11 +187,11 @@ class Firefox extends Extract {
continue; continue;
} }
String fileName = bookmarkFile.getName(); String fileName = bookmarkFile.getName();
String temps = RAImageIngestModule.getRATempPath(currentCase, "firefox") + File.separator + fileName + j + ".db"; String temps = RAImageIngestModule.getRATempPath(currentCase, "firefox") + File.separator + fileName + j + ".db"; //NON-NLS
try { try {
ContentUtils.writeToFile(bookmarkFile, new File(temps)); ContentUtils.writeToFile(bookmarkFile, new File(temps));
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing the sqlite db for firefox bookmark artifacts.{0}", ex); logger.log(Level.SEVERE, "Error writing the sqlite db for firefox bookmark artifacts.{0}", ex); //NON-NLS
this.addErrorMessage(NbBundle.getMessage(this.getClass(), "Firefox.getBookmark.errMsg.errAnalyzeFile", this.addErrorMessage(NbBundle.getMessage(this.getClass(), "Firefox.getBookmark.errMsg.errAnalyzeFile",
this.getName(), fileName)); this.getName(), fileName));
continue; continue;
@ -202,23 +202,23 @@ class Firefox extends Extract {
break; break;
} }
List<HashMap<String, Object>> tempList = this.dbConnect(temps, bookmarkQuery); List<HashMap<String, Object>> tempList = this.dbConnect(temps, bookmarkQuery);
logger.log(Level.INFO, "{0} - Now getting bookmarks from {1} with {2} artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); logger.log(Level.INFO, "{0} - Now getting bookmarks from {1} with {2} artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) { for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
((result.get("url").toString() != null) ? result.get("url").toString() : ""))); ((result.get("url").toString() != null) ? result.get("url").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TITLE.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TITLE.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
((result.get("title").toString() != null) ? result.get("title").toString() : ""))); ((result.get("title").toString() != null) ? result.get("title").toString() : ""))); //NON-NLS
if (Long.valueOf(result.get("dateAdded").toString()) > 0) { if (Long.valueOf(result.get("dateAdded").toString()) > 0) { //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_CREATED.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_CREATED.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
(Long.valueOf(result.get("dateAdded").toString())))); (Long.valueOf(result.get("dateAdded").toString())))); //NON-NLS
} }
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
@ -227,7 +227,7 @@ class Firefox extends Extract {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
(Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "")))); (Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "")))); //NON-NLS
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, bookmarkFile, bbattributes); this.addArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, bookmarkFile, bbattributes);
} }
@ -246,7 +246,7 @@ class Firefox extends Extract {
FileManager fileManager = currentCase.getServices().getFileManager(); FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> cookiesFiles; List<AbstractFile> cookiesFiles;
try { try {
cookiesFiles = fileManager.findFiles(dataSource, "cookies.sqlite", "Firefox"); cookiesFiles = fileManager.findFiles(dataSource, "cookies.sqlite", "Firefox"); //NON-NLS
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
String msg = NbBundle.getMessage(this.getClass(), "Firefox.getCookie.errMsg.errFetchFile"); String msg = NbBundle.getMessage(this.getClass(), "Firefox.getCookie.errMsg.errFetchFile");
logger.log(Level.WARNING, msg); logger.log(Level.WARNING, msg);
@ -255,7 +255,7 @@ class Firefox extends Extract {
} }
if (cookiesFiles.isEmpty()) { if (cookiesFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any Firefox cookie files."); logger.log(Level.INFO, "Didn't find any Firefox cookie files."); //NON-NLS
return; return;
} }
@ -266,11 +266,11 @@ class Firefox extends Extract {
continue; continue;
} }
String fileName = cookiesFile.getName(); String fileName = cookiesFile.getName();
String temps = RAImageIngestModule.getRATempPath(currentCase, "firefox") + File.separator + fileName + j + ".db"; String temps = RAImageIngestModule.getRATempPath(currentCase, "firefox") + File.separator + fileName + j + ".db"; //NON-NLS
try { try {
ContentUtils.writeToFile(cookiesFile, new File(temps)); ContentUtils.writeToFile(cookiesFile, new File(temps));
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing the sqlite db for firefox cookie artifacts.{0}", ex); logger.log(Level.SEVERE, "Error writing the sqlite db for firefox cookie artifacts.{0}", ex); //NON-NLS
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "Firefox.getCookie.errMsg.errAnalyzeFile", this.getName(), NbBundle.getMessage(this.getClass(), "Firefox.getCookie.errMsg.errAnalyzeFile", this.getName(),
fileName)); fileName));
@ -281,7 +281,7 @@ class Firefox extends Extract {
dbFile.delete(); dbFile.delete();
break; break;
} }
boolean checkColumn = Util.checkColumn("creationTime", "moz_cookies", temps); boolean checkColumn = Util.checkColumn("creationTime", "moz_cookies", temps); //NON-NLS
String query; String query;
if (checkColumn) { if (checkColumn) {
query = cookieQuery; query = cookieQuery;
@ -290,26 +290,26 @@ class Firefox extends Extract {
} }
List<HashMap<String, Object>> tempList = this.dbConnect(temps, query); List<HashMap<String, Object>> tempList = this.dbConnect(temps, query);
logger.log(Level.INFO, "{0} - Now getting cookies from {1} with {2} artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); logger.log(Level.INFO, "{0} - Now getting cookies from {1} with {2} artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) { for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
((result.get("host").toString() != null) ? result.get("host").toString() : ""))); ((result.get("host").toString() != null) ? result.get("host").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
(Long.valueOf(result.get("lastAccessed").toString())))); (Long.valueOf(result.get("lastAccessed").toString())))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
((result.get("name").toString() != null) ? result.get("name").toString() : ""))); ((result.get("name").toString() != null) ? result.get("name").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
((result.get("value").toString() != null) ? result.get("value").toString() : ""))); ((result.get("value").toString() != null) ? result.get("value").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
@ -319,9 +319,9 @@ class Firefox extends Extract {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_CREATED.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_CREATED.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
(Long.valueOf(result.get("creationTime").toString())))); (Long.valueOf(result.get("creationTime").toString())))); //NON-NLS
} }
String domain = Util.extractDomain(result.get("host").toString()); String domain = Util.extractDomain(result.get("host").toString()); //NON-NLS
domain = domain.replaceFirst("^\\.+(?!$)", ""); domain = domain.replaceFirst("^\\.+(?!$)", "");
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
@ -354,7 +354,7 @@ class Firefox extends Extract {
FileManager fileManager = currentCase.getServices().getFileManager(); FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> downloadsFiles; List<AbstractFile> downloadsFiles;
try { try {
downloadsFiles = fileManager.findFiles(dataSource, "downloads.sqlite", "Firefox"); downloadsFiles = fileManager.findFiles(dataSource, "downloads.sqlite", "Firefox"); //NON-NLS
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
String msg = NbBundle.getMessage(this.getClass(), "Firefox.getDlPre24.errMsg.errFetchFiles"); String msg = NbBundle.getMessage(this.getClass(), "Firefox.getDlPre24.errMsg.errFetchFiles");
logger.log(Level.WARNING, msg); logger.log(Level.WARNING, msg);
@ -363,7 +363,7 @@ class Firefox extends Extract {
} }
if (downloadsFiles.isEmpty()) { if (downloadsFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any pre-version-24.0 Firefox download files."); logger.log(Level.INFO, "Didn't find any pre-version-24.0 Firefox download files."); //NON-NLS
return; return;
} }
@ -374,12 +374,12 @@ class Firefox extends Extract {
continue; continue;
} }
String fileName = downloadsFile.getName(); String fileName = downloadsFile.getName();
String temps = RAImageIngestModule.getRATempPath(currentCase, "firefox") + File.separator + fileName + j + ".db"; String temps = RAImageIngestModule.getRATempPath(currentCase, "firefox") + File.separator + fileName + j + ".db"; //NON-NLS
int errors = 0; int errors = 0;
try { try {
ContentUtils.writeToFile(downloadsFile, new File(temps)); ContentUtils.writeToFile(downloadsFile, new File(temps));
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing the sqlite db for firefox download artifacts.{0}", ex); logger.log(Level.SEVERE, "Error writing the sqlite db for firefox download artifacts.{0}", ex); //NON-NLS
this.addErrorMessage(NbBundle.getMessage(this.getClass(), "Firefox.getDlPre24.errMsg.errAnalyzeFiles", this.addErrorMessage(NbBundle.getMessage(this.getClass(), "Firefox.getDlPre24.errMsg.errAnalyzeFiles",
this.getName(), fileName)); this.getName(), fileName));
continue; continue;
@ -391,7 +391,7 @@ class Firefox extends Extract {
} }
List<HashMap<String, Object>> tempList = this.dbConnect(temps, downloadQuery); List<HashMap<String, Object>> tempList = this.dbConnect(temps, downloadQuery);
logger.log(Level.INFO, moduleName + "- Now getting downloads from " + temps + " with " + tempList.size() + "artifacts identified."); logger.log(Level.INFO, moduleName + "- Now getting downloads from " + temps + " with " + tempList.size() + "artifacts identified."); //NON-NLS
for (HashMap<String, Object> result : tempList) { for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
@ -399,18 +399,18 @@ class Firefox extends Extract {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
((result.get("source").toString() != null) ? result.get("source").toString() : ""))); ((result.get("source").toString() != null) ? result.get("source").toString() : ""))); //NON-NLS
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "RecentActivity", ((result.get("source").toString() != null) ? EscapeUtil.decodeURL(result.get("source").toString()) : ""))); //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "RecentActivity", ((result.get("source").toString() != null) ? EscapeUtil.decodeURL(result.get("source").toString()) : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
(Long.valueOf(result.get("startTime").toString())))); (Long.valueOf(result.get("startTime").toString())))); //NON-NLS
String target = result.get("target").toString(); String target = result.get("target").toString(); //NON-NLS
if (target != null) { if (target != null) {
try { try {
String decodedTarget = URLDecoder.decode(target.toString().replaceAll("file:///", ""), "UTF-8"); String decodedTarget = URLDecoder.decode(target.toString().replaceAll("file:///", ""), "UTF-8"); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
@ -423,7 +423,7 @@ class Firefox extends Extract {
pathID)); pathID));
} }
} catch (UnsupportedEncodingException ex) { } catch (UnsupportedEncodingException ex) {
logger.log(Level.SEVERE, "Error decoding Firefox download URL in " + temps, ex); logger.log(Level.SEVERE, "Error decoding Firefox download URL in " + temps, ex); //NON-NLS
errors++; errors++;
} }
} }
@ -435,7 +435,7 @@ class Firefox extends Extract {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
(Util.extractDomain((result.get("source").toString() != null) ? result.get("source").toString() : "")))); (Util.extractDomain((result.get("source").toString() != null) ? result.get("source").toString() : "")))); //NON-NLS
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes); this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes);
} }
@ -462,7 +462,7 @@ class Firefox extends Extract {
FileManager fileManager = currentCase.getServices().getFileManager(); FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> downloadsFiles; List<AbstractFile> downloadsFiles;
try { try {
downloadsFiles = fileManager.findFiles(dataSource, "places.sqlite", "Firefox"); downloadsFiles = fileManager.findFiles(dataSource, "places.sqlite", "Firefox"); //NON-NLS
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
String msg = NbBundle.getMessage(this.getClass(), "Firefox.getDlV24.errMsg.errFetchFiles"); String msg = NbBundle.getMessage(this.getClass(), "Firefox.getDlV24.errMsg.errFetchFiles");
logger.log(Level.WARNING, msg); logger.log(Level.WARNING, msg);
@ -471,7 +471,7 @@ class Firefox extends Extract {
} }
if (downloadsFiles.isEmpty()) { if (downloadsFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any version-24.0 Firefox download files."); logger.log(Level.INFO, "Didn't find any version-24.0 Firefox download files."); //NON-NLS
return; return;
} }
@ -482,12 +482,12 @@ class Firefox extends Extract {
continue; continue;
} }
String fileName = downloadsFile.getName(); String fileName = downloadsFile.getName();
String temps = RAImageIngestModule.getRATempPath(currentCase, "firefox") + File.separator + fileName + "-downloads" + j + ".db"; String temps = RAImageIngestModule.getRATempPath(currentCase, "firefox") + File.separator + fileName + "-downloads" + j + ".db"; //NON-NLS
int errors = 0; int errors = 0;
try { try {
ContentUtils.writeToFile(downloadsFile, new File(temps)); ContentUtils.writeToFile(downloadsFile, new File(temps));
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing the sqlite db for firefox download artifacts.{0}", ex); logger.log(Level.SEVERE, "Error writing the sqlite db for firefox download artifacts.{0}", ex); //NON-NLS
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "Firefox.getDlV24.errMsg.errAnalyzeFile", this.getName(), NbBundle.getMessage(this.getClass(), "Firefox.getDlV24.errMsg.errAnalyzeFile", this.getName(),
fileName)); fileName));
@ -501,7 +501,7 @@ class Firefox extends Extract {
List<HashMap<String, Object>> tempList = this.dbConnect(temps, downloadQueryVersion24); List<HashMap<String, Object>> tempList = this.dbConnect(temps, downloadQueryVersion24);
logger.log(Level.INFO, "{0} - Now getting downloads from {1} with {2} artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); logger.log(Level.INFO, "{0} - Now getting downloads from {1} with {2} artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) { for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
@ -509,15 +509,15 @@ class Firefox extends Extract {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
((result.get("url").toString() != null) ? result.get("url").toString() : ""))); ((result.get("url").toString() != null) ? result.get("url").toString() : ""))); //NON-NLS
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "RecentActivity", ((result.get("source").toString() != null) ? EscapeUtil.decodeURL(result.get("source").toString()) : ""))); //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "RecentActivity", ((result.get("source").toString() != null) ? EscapeUtil.decodeURL(result.get("source").toString()) : "")));
//TODO Revisit usage of deprecated constructor as per TSK-583 //TODO Revisit usage of deprecated constructor as per TSK-583
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", (Long.valueOf(result.get("startTime").toString())))); //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", (Long.valueOf(result.get("startTime").toString()))));
String target = result.get("target").toString(); String target = result.get("target").toString(); //NON-NLS
if (target != null) { if (target != null) {
try { try {
String decodedTarget = URLDecoder.decode(target.toString().replaceAll("file:///", ""), "UTF-8"); String decodedTarget = URLDecoder.decode(target.toString().replaceAll("file:///", ""), "UTF-8"); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
@ -530,14 +530,14 @@ class Firefox extends Extract {
pathID)); pathID));
} }
} catch (UnsupportedEncodingException ex) { } catch (UnsupportedEncodingException ex) {
logger.log(Level.SEVERE, "Error decoding Firefox download URL in " + temps, ex); logger.log(Level.SEVERE, "Error decoding Firefox download URL in " + temps, ex); //NON-NLS
errors++; errors++;
} }
} }
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
Long.valueOf(result.get("lastModified").toString()))); Long.valueOf(result.get("lastModified").toString()))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
@ -545,7 +545,7 @@ class Firefox extends Extract {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
(Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "")))); (Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "")))); //NON-NLS
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes); this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes);
} }

24
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java
View File

@ -95,14 +95,14 @@ public final class RAImageIngestModule extends IngestModuleAdapter implements Da
for (int i = 0; i < extracters.size(); i++) { for (int i = 0; i < extracters.size(); i++) {
Extract extracter = extracters.get(i); Extract extracter = extracters.get(i);
if (context.isJobCancelled()) { if (context.isJobCancelled()) {
logger.log(Level.INFO, "Recent Activity has been canceled, quitting before {0}", extracter.getName()); logger.log(Level.INFO, "Recent Activity has been canceled, quitting before {0}", extracter.getName()); //NON-NLS
break; break;
} }
try { try {
extracter.process(dataSource, context); extracter.process(dataSource, context);
} catch (Exception ex) { } catch (Exception ex) {
logger.log(Level.SEVERE, "Exception occurred in " + extracter.getName(), ex); logger.log(Level.SEVERE, "Exception occurred in " + extracter.getName(), ex); //NON-NLS
subCompleted.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errModFailed", subCompleted.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errModFailed",
extracter.getName())); extracter.getName()));
errors.add( errors.add(
@ -121,9 +121,9 @@ public final class RAImageIngestModule extends IngestModuleAdapter implements Da
errorMessage.append( errorMessage.append(
NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsg.errsEncountered")); NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsg.errsEncountered"));
for (String msg : errors) { for (String msg : errors) {
errorMessage.append("<li>").append(msg).append("</li>\n"); errorMessage.append("<li>").append(msg).append("</li>\n"); //NON-NLS
} }
errorMessage.append("</ul>\n"); errorMessage.append("</ul>\n"); //NON-NLS
if (errors.size() == 1) { if (errors.size() == 1) {
errorMsgSubject = NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsgSub.oneErr"); errorMsgSubject = NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsgSub.oneErr");
@ -146,13 +146,13 @@ public final class RAImageIngestModule extends IngestModuleAdapter implements Da
historyMsg.append( historyMsg.append(
NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.title", dataSource.getName())); NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.title", dataSource.getName()));
for (Extract module : browserExtracters) { for (Extract module : browserExtracters) {
historyMsg.append("<li>").append(module.getName()); historyMsg.append("<li>").append(module.getName()); //NON-NLS
historyMsg.append(": ").append((module.foundData()) ? NbBundle historyMsg.append(": ").append((module.foundData()) ? NbBundle
.getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.found") : NbBundle .getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.found") : NbBundle
.getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.notFnd")); .getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.notFnd"));
historyMsg.append("</li>"); historyMsg.append("</li>"); //NON-NLS
} }
historyMsg.append("</ul>"); historyMsg.append("</ul>"); //NON-NLS
final IngestMessage inboxMsg = IngestMessage.createMessage(MessageType.INFO, RecentActivityExtracterModuleFactory.getModuleName(), final IngestMessage inboxMsg = IngestMessage.createMessage(MessageType.INFO, RecentActivityExtracterModuleFactory.getModuleName(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"RAImageIngestModule.process.ingestMsg.results", "RAImageIngestModule.process.ingestMsg.results",
@ -175,7 +175,7 @@ public final class RAImageIngestModule extends IngestModuleAdapter implements Da
try { try {
extracter.complete(); extracter.complete();
} catch (Exception ex) { } catch (Exception ex) {
logger.log(Level.SEVERE, "Exception occurred when completing " + extracter.getName(), ex); logger.log(Level.SEVERE, "Exception occurred when completing " + extracter.getName(), ex); //NON-NLS
subCompleted.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.complete.errMsg.failed", subCompleted.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.complete.errMsg.failed",
extracter.getName())); extracter.getName()));
} }
@ -187,10 +187,10 @@ public final class RAImageIngestModule extends IngestModuleAdapter implements Da
try { try {
extracter.stop(); extracter.stop();
} catch (Exception ex) { } catch (Exception ex) {
logger.log(Level.SEVERE, "Exception during stop() of " + extracter.getName(), ex); logger.log(Level.SEVERE, "Exception during stop() of " + extracter.getName(), ex); //NON-NLS
} }
} }
logger.log(Level.INFO, "Recent Activity processes has been shutdown."); logger.log(Level.INFO, "Recent Activity processes has been shutdown."); //NON-NLS
} }
/** /**
@ -203,7 +203,7 @@ public final class RAImageIngestModule extends IngestModuleAdapter implements Da
* @return Path to directory * @return Path to directory
*/ */
protected static String getRATempPath(Case a_case, String mod) { protected static String getRATempPath(Case a_case, String mod) {
String tmpDir = a_case.getTempDirectory() + File.separator + "RecentActivity" + File.separator + mod; String tmpDir = a_case.getTempDirectory() + File.separator + "RecentActivity" + File.separator + mod; //NON-NLS
File dir = new File(tmpDir); File dir = new File(tmpDir);
if (dir.exists() == false) { if (dir.exists() == false) {
dir.mkdirs(); dir.mkdirs();
@ -221,7 +221,7 @@ public final class RAImageIngestModule extends IngestModuleAdapter implements Da
* @return Path to directory * @return Path to directory
*/ */
protected static String getRAOutputPath(Case a_case, String mod) { protected static String getRAOutputPath(Case a_case, String mod) {
String tmpDir = a_case.getModulesOutputDirAbsPath() + File.separator + "RecentActivity" + File.separator + mod; String tmpDir = a_case.getModulesOutputDirAbsPath() + File.separator + "RecentActivity" + File.separator + mod; //NON-NLS
File dir = new File(tmpDir); File dir = new File(tmpDir);
if (dir.exists() == false) { if (dir.exists() == false) {
dir.mkdirs(); dir.mkdirs();

8
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RecentDocumentsByLnk.java
View File

@ -63,9 +63,9 @@ class RecentDocumentsByLnk extends Extract {
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager(); org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> recentFiles; List<AbstractFile> recentFiles;
try { try {
recentFiles = fileManager.findFiles(dataSource, "%.lnk", "Recent"); recentFiles = fileManager.findFiles(dataSource, "%.lnk", "Recent"); //NON-NLS
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error searching for .lnk files."); logger.log(Level.WARNING, "Error searching for .lnk files."); //NON-NLS
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "RecentDocumentsByLnk.getRecDoc.errMsg.errGetLnkFiles", NbBundle.getMessage(this.getClass(), "RecentDocumentsByLnk.getRecDoc.errMsg.errGetLnkFiles",
this.getName())); this.getName()));
@ -73,7 +73,7 @@ class RecentDocumentsByLnk extends Extract {
} }
if (recentFiles.isEmpty()) { if (recentFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any recent files."); logger.log(Level.INFO, "Didn't find any recent files."); //NON-NLS
return; return;
} }
@ -95,7 +95,7 @@ class RecentDocumentsByLnk extends Extract {
boolean unalloc = recentFile.isMetaFlagSet(TskData.TSK_FS_META_FLAG_ENUM.UNALLOC) boolean unalloc = recentFile.isMetaFlagSet(TskData.TSK_FS_META_FLAG_ENUM.UNALLOC)
|| recentFile.isDirNameFlagSet(TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC); || recentFile.isDirNameFlagSet(TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC);
if (unalloc == false) { if (unalloc == false) {
logger.log(Level.SEVERE, "Error lnk parsing the file to get recent files" + recentFile, e); logger.log(Level.SEVERE, "Error lnk parsing the file to get recent files" + recentFile, e); //NON-NLS
this.addErrorMessage( this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "RecentDocumentsByLnk.getRecDoc.errParsingFile", NbBundle.getMessage(this.getClass(), "RecentDocumentsByLnk.getRecDoc.errParsingFile",
this.getName(), recentFile.getName())); this.getName(), recentFile.getName()));

58
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/SearchEngineURLQueryAnalyzer.java
View File

@ -63,8 +63,8 @@ import org.xml.sax.SAXException;
class SearchEngineURLQueryAnalyzer extends Extract { class SearchEngineURLQueryAnalyzer extends Extract {
private static final Logger logger = Logger.getLogger(SearchEngineURLQueryAnalyzer.class.getName()); private static final Logger logger = Logger.getLogger(SearchEngineURLQueryAnalyzer.class.getName());
private static final String XMLFILE = "SEUQAMappings.xml"; private static final String XMLFILE = "SEUQAMappings.xml"; //NON-NLS
private static final String XSDFILE = "SearchEngineSchema.xsd"; private static final String XSDFILE = "SearchEngineSchema.xsd"; //NON-NLS
private static String[] searchEngineNames; private static String[] searchEngineNames;
private static SearchEngineURLQueryAnalyzer.SearchEngine[] engines; private static SearchEngineURLQueryAnalyzer.SearchEngine[] engines;
private static Document xmlinput; private static Document xmlinput;
@ -124,19 +124,19 @@ class SearchEngineURLQueryAnalyzer extends Extract {
} }
private void createEngines() { private void createEngines() {
NodeList nlist = xmlinput.getElementsByTagName("SearchEngine"); NodeList nlist = xmlinput.getElementsByTagName("SearchEngine"); //NON-NLS
SearchEngineURLQueryAnalyzer.SearchEngine[] listEngines = new SearchEngineURLQueryAnalyzer.SearchEngine[nlist.getLength()]; SearchEngineURLQueryAnalyzer.SearchEngine[] listEngines = new SearchEngineURLQueryAnalyzer.SearchEngine[nlist.getLength()];
for (int i = 0; i < nlist.getLength(); i++) { for (int i = 0; i < nlist.getLength(); i++) {
NamedNodeMap nnm = nlist.item(i).getAttributes(); NamedNodeMap nnm = nlist.item(i).getAttributes();
String EngineName = nnm.getNamedItem("engine").getNodeValue(); String EngineName = nnm.getNamedItem("engine").getNodeValue(); //NON-NLS
String EnginedomainSubstring = nnm.getNamedItem("domainSubstring").getNodeValue(); String EnginedomainSubstring = nnm.getNamedItem("domainSubstring").getNodeValue(); //NON-NLS
Map<String, String> splits = new HashMap<>(); Map<String, String> splits = new HashMap<>();
NodeList listSplits = xmlinput.getElementsByTagName("splitToken"); NodeList listSplits = xmlinput.getElementsByTagName("splitToken"); //NON-NLS
for (int k = 0; k < listSplits.getLength(); k++) { for (int k = 0; k < listSplits.getLength(); k++) {
if (listSplits.item(k).getParentNode().getAttributes().getNamedItem("engine").getNodeValue().equals(EngineName)) { if (listSplits.item(k).getParentNode().getAttributes().getNamedItem("engine").getNodeValue().equals(EngineName)) { //NON-NLS
splits.put(listSplits.item(k).getAttributes().getNamedItem("plainToken").getNodeValue(), listSplits.item(k).getAttributes().getNamedItem("regexToken").getNodeValue()); splits.put(listSplits.item(k).getAttributes().getNamedItem("plainToken").getNodeValue(), listSplits.item(k).getAttributes().getNamedItem("regexToken").getNodeValue()); //NON-NLS
} }
} }
@ -182,7 +182,7 @@ class SearchEngineURLQueryAnalyzer extends Extract {
* @return The extracted search query. * @return The extracted search query.
*/ */
private String extractSearchEngineQuery(String url) { private String extractSearchEngineQuery(String url) {
String x = "NoQuery"; String x = "NoQuery"; //NON-NLS
SearchEngineURLQueryAnalyzer.SearchEngine eng = getSearchEngine(url); SearchEngineURLQueryAnalyzer.SearchEngine eng = getSearchEngine(url);
for (Map.Entry<String, String> kvp : eng.getSplits()) { for (Map.Entry<String, String> kvp : eng.getSplits()) {
if (url.contains(kvp.getKey())) { if (url.contains(kvp.getKey())) {
@ -191,10 +191,10 @@ class SearchEngineURLQueryAnalyzer extends Extract {
} }
} }
try { //try to decode the url try { //try to decode the url
String decoded = URLDecoder.decode(x, "UTF-8"); String decoded = URLDecoder.decode(x, "UTF-8"); //NON-NLS
return decoded; return decoded;
} catch (UnsupportedEncodingException uee) { //if it fails, return the encoded string } catch (UnsupportedEncodingException uee) { //if it fails, return the encoded string
logger.log(Level.FINE, "Error during URL decoding ", uee); logger.log(Level.FINE, "Error during URL decoding ", uee); //NON-NLS
return x; return x;
} }
} }
@ -209,7 +209,7 @@ class SearchEngineURLQueryAnalyzer extends Extract {
* *
*/ */
private String split2(String url, String value) { private String split2(String url, String value) {
String basereturn = "NoQuery"; String basereturn = "NoQuery"; //NON-NLS
String v = value; String v = value;
//Want to determine if string contains a string based on splitkey, but we want to split the string on splitKeyConverted due to regex //Want to determine if string contains a string based on splitkey, but we want to split the string on splitKeyConverted due to regex
if (value.contains("\\?")) { if (value.contains("\\?")) {
@ -230,9 +230,9 @@ class SearchEngineURLQueryAnalyzer extends Extract {
int totalQueries = 0; int totalQueries = 0;
try { try {
//from blackboard_artifacts //from blackboard_artifacts
Collection<BlackboardArtifact> listArtifacts = currentCase.getSleuthkitCase().getMatchingArtifacts("WHERE (`artifact_type_id` = '" + ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID() Collection<BlackboardArtifact> listArtifacts = currentCase.getSleuthkitCase().getMatchingArtifacts("WHERE (`artifact_type_id` = '" + ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID() //NON-NLS
+ "' OR `artifact_type_id` = '" + ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID() + "') "); //List of every 'web_history' and 'bookmark' artifact + "' OR `artifact_type_id` = '" + ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID() + "') "); //List of every 'web_history' and 'bookmark' artifact NON-NLS
logger.log(Level.INFO, "Processing {0} blackboard artifacts.", listArtifacts.size()); logger.log(Level.INFO, "Processing {0} blackboard artifacts.", listArtifacts.size()); //NON-NLS
getAll: getAll:
for (BlackboardArtifact artifact : listArtifacts) { for (BlackboardArtifact artifact : listArtifacts) {
//initializing default attributes //initializing default attributes
@ -255,7 +255,7 @@ class SearchEngineURLQueryAnalyzer extends Extract {
SearchEngineURLQueryAnalyzer.SearchEngine se = NullEngine; SearchEngineURLQueryAnalyzer.SearchEngine se = NullEngine;
//from blackboard_attributes //from blackboard_attributes
Collection<BlackboardAttribute> listAttributes = currentCase.getSleuthkitCase().getMatchingAttributes("Where `artifact_id` = " + artifact.getArtifactID()); Collection<BlackboardAttribute> listAttributes = currentCase.getSleuthkitCase().getMatchingAttributes("Where `artifact_id` = " + artifact.getArtifactID()); //NON-NLS
getAttributes: getAttributes:
for (BlackboardAttribute attribute : listAttributes) { for (BlackboardAttribute attribute : listAttributes) {
if (context.isJobCancelled()) { if (context.isJobCancelled()) {
@ -266,7 +266,7 @@ class SearchEngineURLQueryAnalyzer extends Extract {
se = getSearchEngine(urlString); se = getSearchEngine(urlString);
if (!se.equals(NullEngine)) { if (!se.equals(NullEngine)) {
query = extractSearchEngineQuery(attribute.getValueString()); query = extractSearchEngineQuery(attribute.getValueString());
if (query.equals("NoQuery") || query.equals("")) { //False positive match, artifact was not a query. if (query.equals("NoQuery") || query.equals("")) { //False positive match, artifact was not a query. NON-NLS
break getAttributes; break getAttributes;
} }
} else if (se.equals(NullEngine)) { } else if (se.equals(NullEngine)) {
@ -281,7 +281,7 @@ class SearchEngineURLQueryAnalyzer extends Extract {
} }
} }
if (!se.equals(NullEngine) && !query.equals("NoQuery") && !query.equals("")) { if (!se.equals(NullEngine) && !query.equals("NoQuery") && !query.equals("")) { //NON-NLS
Collection<BlackboardAttribute> bbattributes = new ArrayList<>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
@ -301,15 +301,15 @@ class SearchEngineURLQueryAnalyzer extends Extract {
} }
} }
} catch (TskException e) { } catch (TskException e) {
logger.log(Level.SEVERE, "Encountered error retrieving artifacts for search engine queries", e); logger.log(Level.SEVERE, "Encountered error retrieving artifacts for search engine queries", e); //NON-NLS
} finally { } finally {
if (context.isJobCancelled()) { if (context.isJobCancelled()) {
logger.info("Operation terminated by user."); logger.info("Operation terminated by user."); //NON-NLS
} }
IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent( IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(
NbBundle.getMessage(this.getClass(), "SearchEngineURLQueryAnalyzer.parentModuleName.noSpace"), NbBundle.getMessage(this.getClass(), "SearchEngineURLQueryAnalyzer.parentModuleName.noSpace"),
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY)); BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY));
logger.log(Level.INFO, "Extracted {0} queries from the blackboard", totalQueries); logger.log(Level.INFO, "Extracted {0} queries from the blackboard", totalQueries); //NON-NLS
} }
} }
@ -329,7 +329,7 @@ class SearchEngineURLQueryAnalyzer extends Extract {
this.dataSource = dataSource; this.dataSource = dataSource;
this.context = context; this.context = context;
this.getURLs(); this.getURLs();
logger.log(Level.INFO, "Search Engine stats: \n{0}", getTotals()); logger.log(Level.INFO, "Search Engine stats: \n{0}", getTotals()); //NON-NLS
} }
@Override @Override
@ -348,33 +348,33 @@ class SearchEngineURLQueryAnalyzer extends Extract {
try { try {
String path = PlatformUtil.getUserConfigDirectory() + File.separator + XMLFILE; String path = PlatformUtil.getUserConfigDirectory() + File.separator + XMLFILE;
File f = new File(path); File f = new File(path);
logger.log(Level.INFO, "Load successful"); logger.log(Level.INFO, "Load successful"); //NON-NLS
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
DocumentBuilder db = dbf.newDocumentBuilder(); DocumentBuilder db = dbf.newDocumentBuilder();
Document xml = db.parse(f); Document xml = db.parse(f);
xmlinput = xml; xmlinput = xml;
if (!XMLUtil.xmlIsValid(xml, SearchEngineURLQueryAnalyzer.class, XSDFILE)) { if (!XMLUtil.xmlIsValid(xml, SearchEngineURLQueryAnalyzer.class, XSDFILE)) {
logger.log(Level.WARNING, "Error loading Search Engines: could not validate against [" + XSDFILE + "], results may not be accurate."); logger.log(Level.WARNING, "Error loading Search Engines: could not validate against [" + XSDFILE + "], results may not be accurate."); //NON-NLS
} }
createEngines(); createEngines();
getSearchEngineNames(); getSearchEngineNames();
} catch (IOException e) { } catch (IOException e) {
logger.log(Level.SEVERE, "Was not able to load SEUQAMappings.xml", e); logger.log(Level.SEVERE, "Was not able to load SEUQAMappings.xml", e); //NON-NLS
} catch (ParserConfigurationException pce) { } catch (ParserConfigurationException pce) {
logger.log(Level.SEVERE, "Unable to build XML parser", pce); logger.log(Level.SEVERE, "Unable to build XML parser", pce); //NON-NLS
} catch (SAXException sxe) { } catch (SAXException sxe) {
logger.log(Level.SEVERE, "Unable to parse XML file", sxe); logger.log(Level.SEVERE, "Unable to parse XML file", sxe); //NON-NLS
} }
} }
@Override @Override
public void complete() { public void complete() {
logger.info("Search Engine URL Query Analyzer has completed."); logger.info("Search Engine URL Query Analyzer has completed."); //NON-NLS
} }
@Override @Override
public void stop() { public void stop() {
logger.info("Attempted to stop Search Engine URL Query Analyzer, but operation is not supported; skipping..."); logger.info("Attempted to stop Search Engine URL Query Analyzer, but operation is not supported; skipping..."); //NON-NLS
} }
} }

12
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/UsbDeviceIdMapper.java
View File

@ -42,16 +42,16 @@ import org.sleuthkit.autopsy.coreutils.PlatformUtil;
class UsbDeviceIdMapper { class UsbDeviceIdMapper {
private static final Logger logger = Logger.getLogger(UsbDeviceIdMapper.class.getName()); private static final Logger logger = Logger.getLogger(UsbDeviceIdMapper.class.getName());
private HashMap<String, USBInfo> devices; private HashMap<String, USBInfo> devices;
private static final String DataFile = "USB_DATA.txt"; private static final String DataFile = "USB_DATA.txt"; //NON-NLS
public UsbDeviceIdMapper() { public UsbDeviceIdMapper() {
try { try {
loadDeviceMap(); loadDeviceMap();
} catch (FileNotFoundException ex) { } catch (FileNotFoundException ex) {
logger.log(Level.SEVERE, "Could not find file " + DataFile + ".", ex); logger.log(Level.SEVERE, "Could not find file " + DataFile + ".", ex); //NON-NLS
devices = null; devices = null;
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.SEVERE, "Unknown IO error occurred in method devices.", ex); logger.log(Level.SEVERE, "Unknown IO error occurred in method devices.", ex); //NON-NLS
} }
} }
@ -105,12 +105,12 @@ class UsbDeviceIdMapper {
} }
// stop once we've hitten the part of the file that starts to talk about class types // stop once we've hitten the part of the file that starts to talk about class types
if (line.startsWith("C 00")) { if (line.startsWith("C 00")) { //NON-NLS
return; return;
} }
String dvc = ""; String dvc = "";
String[] tokens = line.split("[\\t\\s]+"); String[] tokens = line.split("[\\t\\s]+"); //NON-NLS
String vID = tokens[0]; String vID = tokens[0];
for (int n = 1; n < tokens.length; n++) { for (int n = 1; n < tokens.length; n++) {
dvc += tokens[n] + " "; dvc += tokens[n] + " ";
@ -126,7 +126,7 @@ class UsbDeviceIdMapper {
line = dat.nextLine(); line = dat.nextLine();
if (line.startsWith("\t")) { if (line.startsWith("\t")) {
while (dat.hasNext() && line.startsWith("\t")) { while (dat.hasNext() && line.startsWith("\t")) {
tokens = line.split("[\\t\\s]+"); tokens = line.split("[\\t\\s]+"); //NON-NLS
// make key based on upper case version of vendor and product IDs // make key based on upper case version of vendor and product IDs
pID = vID + tokens[1]; pID = vID + tokens[1];

20
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Util.java
View File

@ -151,7 +151,7 @@ class Util {
public static String getFileName(String value) { public static String getFileName(String value) {
String filename = ""; String filename = "";
String filematch = "^([a-zA-Z]\\:)(\\\\[^\\\\/:*?<>\"|]*(?<!\\[ \\]))*(\\.[a-zA-Z]{2,6})$"; String filematch = "^([a-zA-Z]\\:)(\\\\[^\\\\/:*?<>\"|]*(?<!\\[ \\]))*(\\.[a-zA-Z]{2,6})$"; //NON-NLS
Pattern p = Pattern.compile(filematch, Pattern.CASE_INSENSITIVE | Pattern.DOTALL | Pattern.COMMENTS); Pattern p = Pattern.compile(filematch, Pattern.CASE_INSENSITIVE | Pattern.DOTALL | Pattern.COMMENTS);
Matcher m = p.matcher(value); Matcher m = p.matcher(value);
@ -168,7 +168,7 @@ class Util {
String path = ""; String path = "";
//String drive ="([a-z]:\\\\(?:[-\\w\\.\\d]+\\\\)*(?:[-\\w\\.\\d]+)?)"; // Windows drive //String drive ="([a-z]:\\\\(?:[-\\w\\.\\d]+\\\\)*(?:[-\\w\\.\\d]+)?)"; // Windows drive
String drive = "([a-z]:\\\\\\S.+)"; String drive = "([a-z]:\\\\\\S.+)"; //NON-NLS
Pattern p = Pattern.compile(drive, Pattern.CASE_INSENSITIVE | Pattern.COMMENTS); Pattern p = Pattern.compile(drive, Pattern.CASE_INSENSITIVE | Pattern.COMMENTS);
Matcher m = p.matcher(txt); Matcher m = p.matcher(txt);
if (m.find()) { if (m.find()) {
@ -176,7 +176,7 @@ class Util {
} else { } else {
String network = "(\\\\(?:\\\\[^:\\s?*\"<>|]+)+)"; // Windows network String network = "(\\\\(?:\\\\[^:\\s?*\"<>|]+)+)"; // Windows network NON-NLS
Pattern p2 = Pattern.compile(network, Pattern.CASE_INSENSITIVE | Pattern.DOTALL); Pattern p2 = Pattern.compile(network, Pattern.CASE_INSENSITIVE | Pattern.DOTALL);
Matcher m2 = p2.matcher(txt); Matcher m2 = p2.matcher(txt);
@ -202,7 +202,7 @@ class Util {
try { try {
files = fileManager.findFiles(dataSource, name, parent_path); files = fileManager.findFiles(dataSource, name, parent_path);
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history."); logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history."); //NON-NLS
} }
if (files == null || files.isEmpty()) { if (files == null || files.isEmpty()) {
@ -212,19 +212,19 @@ class Util {
} }
public static boolean checkColumn(String column, String tablename, String connection) { public static boolean checkColumn(String column, String tablename, String connection) {
String query = "PRAGMA table_info(" + tablename + ")"; String query = "PRAGMA table_info(" + tablename + ")"; //NON-NLS
boolean found = false; boolean found = false;
ResultSet temprs; ResultSet temprs;
try { try {
SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", "jdbc:sqlite:" + connection); SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", "jdbc:sqlite:" + connection); //NON-NLS
temprs = tempdbconnect.executeQry(query); temprs = tempdbconnect.executeQry(query);
while (temprs.next()) { while (temprs.next()) {
if (temprs.getString("name") == null ? column == null : temprs.getString("name").equals(column)) { if (temprs.getString("name") == null ? column == null : temprs.getString("name").equals(column)) { //NON-NLS
found = true; found = true;
} }
} }
} catch (Exception ex) { } catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to get columns from sqlite db." + connection, ex); logger.log(Level.WARNING, "Error while trying to get columns from sqlite db." + connection, ex); //NON-NLS
} }
return found; return found;
} }
@ -232,11 +232,11 @@ class Util {
public static ResultSet runQuery(String query, String connection) { public static ResultSet runQuery(String query, String connection) {
ResultSet results = null; ResultSet results = null;
try { try {
SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", "jdbc:sqlite:" + connection); SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", "jdbc:sqlite:" + connection); //NON-NLS
results = tempdbconnect.executeQry(query); results = tempdbconnect.executeQry(query);
tempdbconnect.closeConnection(); tempdbconnect.closeConnection();
} catch (Exception ex) { } catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to run sql query: " + query + " : " + connection, ex); logger.log(Level.WARNING, "Error while trying to run sql query: " + query + " : " + connection, ex); //NON-NLS
} }
return results; return results;
} }