mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 07:56:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

RecentActivity - Added NON-NLS tags to hardcoded strings not needing National Language Support.

Browse Source
This commit is contained in:
Nick Davis 2014-04-22 15:52:40 -04:00
parent 33236d6065
commit 85083eeaac
10 changed files with 307 additions and 307 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
View File

@ -55,12 +55,12 @@ import org.sleuthkit.datamodel.TskData;
*/
class Chrome extends Extract {
private static final String historyQuery = "SELECT urls.url, urls.title, urls.visit_count, urls.typed_count, "
+ "last_visit_time, urls.hidden, visits.visit_time, (SELECT urls.url FROM urls WHERE urls.id=visits.url) as from_visit, visits.transition FROM urls, visits WHERE urls.id = visits.url";
private static final String cookieQuery = "select name, value, host_key, expires_utc,last_access_utc, creation_utc from cookies";
private static final String downloadQuery = "select full_path, url, start_time, received_bytes from downloads";
private static final String downloadQueryVersion30 = "SELECT current_path as full_path, url, start_time, received_bytes FROM downloads, downloads_url_chains WHERE downloads.id=downloads_url_chains.id";
private static final String loginQuery = "select origin_url, username_value, signon_realm from logins";
private static final String historyQuery = "SELECT urls.url, urls.title, urls.visit_count, urls.typed_count, " //NON-NLS
+ "last_visit_time, urls.hidden, visits.visit_time, (SELECT urls.url FROM urls WHERE urls.id=visits.url) as from_visit, visits.transition FROM urls, visits WHERE urls.id = visits.url"; //NON-NLS
private static final String cookieQuery = "select name, value, host_key, expires_utc,last_access_utc, creation_utc from cookies"; //NON-NLS
private static final String downloadQuery = "select full_path, url, start_time, received_bytes from downloads"; //NON-NLS
private static final String downloadQueryVersion30 = "SELECT current_path as full_path, url, start_time, received_bytes FROM downloads, downloads_url_chains WHERE downloads.id=downloads_url_chains.id"; //NON-NLS
private static final String loginQuery = "select origin_url, username_value, signon_realm from logins"; //NON-NLS
private final Logger logger = Logger.getLogger(this.getClass().getName());
private Content dataSource;
private IngestJobContext context;
@ -88,7 +88,7 @@ class Chrome extends Extract {
FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> historyFiles;
try {
historyFiles = fileManager.findFiles(dataSource, "History", "Chrome");
historyFiles = fileManager.findFiles(dataSource, "History", "Chrome"); //NON-NLS
} catch (TskCoreException ex) {
String msg = NbBundle.getMessage(this.getClass(), "Chrome.getHistory.errMsg.errGettingFiles");
logger.log(Level.SEVERE, msg, ex);
@ -114,7 +114,7 @@ class Chrome extends Extract {
dataFound = true;
int j = 0;
while (j < historyFiles.size()) {
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + historyFiles.get(j).getName().toString() + j + ".db";
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + historyFiles.get(j).getName().toString() + j + ".db"; //NON-NLS
final AbstractFile historyFile = historyFiles.get(j++);
if (historyFile.getSize() == 0) {
continue;
@ -122,7 +122,7 @@ class Chrome extends Extract {
try {
ContentUtils.writeToFile(historyFile, new File(temps));
} catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome web history artifacts.{0}", ex);
logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome web history artifacts.{0}", ex); //NON-NLS
this.addErrorMessage(NbBundle.getMessage(this.getClass(), "Chrome.getHistory.errMsg.errAnalyzingFile",
this.getName(), historyFile.getName()));
continue;
@ -134,27 +134,27 @@ class Chrome extends Extract {
}
List<HashMap<String, Object>> tempList;
tempList = this.dbConnect(temps, historyQuery);
logger.log(Level.INFO, "{0}- Now getting history from {1} with {2}artifacts identified.", new Object[]{moduleName, temps, tempList.size()});
logger.log(Level.INFO, "{0}- Now getting history from {1} with {2}artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("url").toString() != null) ? result.get("url").toString() : "")));
((result.get("url").toString() != null) ? result.get("url").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((Long.valueOf(result.get("last_visit_time").toString())) / 10000000)));
((Long.valueOf(result.get("last_visit_time").toString())) / 10000000))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("from_visit").toString() != null) ? result.get("from_visit").toString() : "")));
((result.get("from_visit").toString() != null) ? result.get("from_visit").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TITLE.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("title").toString() != null) ? result.get("title").toString() : "")));
((result.get("title").toString() != null) ? result.get("title").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
NbBundle.getMessage(this.getClass(), "Chrome.moduleName")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
(Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : ""))));
(Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "")))); //NON-NLS
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, historyFile, bbattributes);
}
dbFile.delete();
@ -171,7 +171,7 @@ class Chrome extends Extract {
FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> bookmarkFiles = null;
try {
bookmarkFiles = fileManager.findFiles(dataSource, "Bookmarks", "Chrome");
bookmarkFiles = fileManager.findFiles(dataSource, "Bookmarks", "Chrome"); //NON-NLS
} catch (TskCoreException ex) {
String msg = NbBundle.getMessage(this.getClass(), "Chrome.getBookmark.errMsg.errGettingFiles");
logger.log(Level.SEVERE, msg, ex);
@ -180,7 +180,7 @@ class Chrome extends Extract {
}
if (bookmarkFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any Chrome bookmark files.");
logger.log(Level.INFO, "Didn't find any Chrome bookmark files."); //NON-NLS
return;
}
@ -192,17 +192,17 @@ class Chrome extends Extract {
if (bookmarkFile.getSize() == 0) {
continue;
}
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + bookmarkFile.getName().toString() + j + ".db";
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + bookmarkFile.getName().toString() + j + ".db"; //NON-NLS
try {
ContentUtils.writeToFile(bookmarkFile, new File(temps));
} catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome bookmark artifacts.{0}", ex);
logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome bookmark artifacts.{0}", ex); //NON-NLS
this.addErrorMessage(NbBundle.getMessage(this.getClass(), "Chrome.getBookmark.errMsg.errAnalyzingFile",
this.getName(), bookmarkFile.getName()));
continue;
}
logger.log(Level.INFO, "{0}- Now getting Bookmarks from {1}", new Object[]{moduleName, temps});
logger.log(Level.INFO, "{0}- Now getting Bookmarks from {1}", new Object[]{moduleName, temps}); //NON-NLS
File dbFile = new File(temps);
if (context.isJobCancelled()) {
dbFile.delete();
@ -213,7 +213,7 @@ class Chrome extends Extract {
try {
tempReader = new FileReader(temps);
} catch (FileNotFoundException ex) {
logger.log(Level.SEVERE, "Error while trying to read into the Bookmarks for Chrome.", ex);
logger.log(Level.SEVERE, "Error while trying to read into the Bookmarks for Chrome.", ex); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "Chrome.getBookmark.errMsg.errAnalyzeFile", this.getName(),
bookmarkFile.getName()));
@ -228,11 +228,11 @@ class Chrome extends Extract {
try {
jsonElement = parser.parse(tempReader);
jElement = jsonElement.getAsJsonObject();
jRoot = jElement.get("roots").getAsJsonObject();
jBookmark = jRoot.get("bookmark_bar").getAsJsonObject();
jBookmarkArray = jBookmark.getAsJsonArray("children");
jRoot = jElement.get("roots").getAsJsonObject(); //NON-NLS
jBookmark = jRoot.get("bookmark_bar").getAsJsonObject(); //NON-NLS
jBookmarkArray = jBookmark.getAsJsonArray("children"); //NON-NLS
} catch (JsonIOException | JsonSyntaxException | IllegalStateException ex) {
logger.log(Level.WARNING, "Error parsing Json from Chrome Bookmark.", ex);
logger.log(Level.WARNING, "Error parsing Json from Chrome Bookmark.", ex); //NON-NLS
this.addErrorMessage(NbBundle.getMessage(this.getClass(), "Chrome.getBookmark.errMsg.errAnalyzingFile3",
this.getName(), bookmarkFile.getName()));
continue;
@ -243,7 +243,7 @@ class Chrome extends Extract {
if (address == null) {
continue;
}
JsonElement urlEl = address.get("url");
JsonElement urlEl = address.get("url"); //NON-NLS
String url;
if (urlEl != null) {
url = urlEl.getAsString();
@ -252,7 +252,7 @@ class Chrome extends Extract {
url = "";
}
String name;
JsonElement nameEl = address.get("name");
JsonElement nameEl = address.get("name"); //NON-NLS
if (nameEl != null) {
name = nameEl.getAsString();
}
@ -260,7 +260,7 @@ class Chrome extends Extract {
name = "";
}
Long date;
JsonElement dateEl = address.get("date_added");
JsonElement dateEl = address.get("date_added"); //NON-NLS
if (dateEl != null) {
date = dateEl.getAsLong();
}
@ -291,7 +291,7 @@ class Chrome extends Extract {
"Chrome.parentModuleName"), domain));
bbart.addAttributes(bbattributes);
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error while trying to insert Chrome bookmark artifact{0}", ex);
logger.log(Level.SEVERE, "Error while trying to insert Chrome bookmark artifact{0}", ex); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "Chrome.getBookmark.errMsg.errAnalyzingFile4",
this.getName(), bookmarkFile.getName()));
@ -311,7 +311,7 @@ class Chrome extends Extract {
FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> cookiesFiles;
try {
cookiesFiles = fileManager.findFiles(dataSource, "Cookies", "Chrome");
cookiesFiles = fileManager.findFiles(dataSource, "Cookies", "Chrome"); //NON-NLS
} catch (TskCoreException ex) {
String msg = NbBundle.getMessage(this.getClass(), "Chrome.getCookie.errMsg.errGettingFiles");
logger.log(Level.SEVERE, msg, ex);
@ -320,7 +320,7 @@ class Chrome extends Extract {
}
if (cookiesFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any Chrome cookies files.");
logger.log(Level.INFO, "Didn't find any Chrome cookies files."); //NON-NLS
return;
}
@ -331,11 +331,11 @@ class Chrome extends Extract {
if (cookiesFile.getSize() == 0) {
continue;
}
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + cookiesFile.getName().toString() + j + ".db";
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + cookiesFile.getName().toString() + j + ".db"; //NON-NLS
try {
ContentUtils.writeToFile(cookiesFile, new File(temps));
} catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome cookie artifacts.{0}", ex);
logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome cookie artifacts.{0}", ex); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "Chrome.getCookie.errMsg.errAnalyzeFile", this.getName(),
cookiesFile.getName()));
@ -348,25 +348,25 @@ class Chrome extends Extract {
}
List<HashMap<String, Object>> tempList = this.dbConnect(temps, cookieQuery);
logger.log(Level.INFO, "{0}- Now getting cookies from {1} with {2}artifacts identified.", new Object[]{moduleName, temps, tempList.size()});
logger.log(Level.INFO, "{0}- Now getting cookies from {1} with {2}artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("host_key").toString() != null) ? result.get("host_key").toString() : "")));
((result.get("host_key").toString() != null) ? result.get("host_key").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((Long.valueOf(result.get("last_access_utc").toString())) / 10000000)));
((Long.valueOf(result.get("last_access_utc").toString())) / 10000000))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("name").toString() != null) ? result.get("name").toString() : "")));
((result.get("name").toString() != null) ? result.get("name").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("value").toString() != null) ? result.get("value").toString() : "")));
((result.get("value").toString() != null) ? result.get("value").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
NbBundle.getMessage(this.getClass(), "Chrome.moduleName")));
String domain = result.get("host_key").toString();
String domain = result.get("host_key").toString(); //NON-NLS
domain = domain.replaceFirst("^\\.+(?!$)", "");
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), domain));
@ -386,7 +386,7 @@ class Chrome extends Extract {
FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> downloadFiles = null;
try {
downloadFiles = fileManager.findFiles(dataSource, "History", "Chrome");
downloadFiles = fileManager.findFiles(dataSource, "History", "Chrome"); //NON-NLS
} catch (TskCoreException ex) {
String msg = NbBundle.getMessage(this.getClass(), "Chrome.getDownload.errMsg.errGettingFiles");
logger.log(Level.SEVERE, msg, ex);
@ -395,7 +395,7 @@ class Chrome extends Extract {
}
if (downloadFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any Chrome download files.");
logger.log(Level.INFO, "Didn't find any Chrome download files."); //NON-NLS
return;
}
@ -406,11 +406,11 @@ class Chrome extends Extract {
if (downloadFile.getSize() == 0) {
continue;
}
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + downloadFile.getName().toString() + j + ".db";
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + downloadFile.getName().toString() + j + ".db"; //NON-NLS
try {
ContentUtils.writeToFile(downloadFile, new File(temps));
} catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome download artifacts.{0}", ex);
logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome download artifacts.{0}", ex); //NON-NLS
this.addErrorMessage(NbBundle.getMessage(this.getClass(), "Chrome.getDownload.errMsg.errAnalyzeFiles1",
this.getName(), downloadFile.getName()));
continue;
@ -429,12 +429,12 @@ class Chrome extends Extract {
tempList = this.dbConnect(temps, downloadQueryVersion30);
}
logger.log(Level.INFO, "{0}- Now getting downloads from {1} with {2}artifacts identified.", new Object[]{moduleName, temps, tempList.size()});
logger.log(Level.INFO, "{0}- Now getting downloads from {1} with {2}artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), (result.get("full_path").toString())));
long pathID = Util.findID(dataSource, (result.get("full_path").toString()));
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), (result.get("full_path").toString()))); //NON-NLS
long pathID = Util.findID(dataSource, (result.get("full_path").toString())); //NON-NLS
if (pathID != -1) {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(),
NbBundle.getMessage(this.getClass(),
@ -442,16 +442,16 @@ class Chrome extends Extract {
}
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("url").toString() != null) ? result.get("url").toString() : "")));
((result.get("url").toString() != null) ? result.get("url").toString() : ""))); //NON-NLS
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "Recent Activity", ((result.get("url").toString() != null) ? EscapeUtil.decodeURL(result.get("url").toString()) : "")));
Long time = (Long.valueOf(result.get("start_time").toString()));
Long time = (Long.valueOf(result.get("start_time").toString())); //NON-NLS
String Tempdate = time.toString();
time = Long.valueOf(Tempdate) / 10000000;
//TODO Revisit usage of deprecated constructor as per TSK-583
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "Recent Activity", "Last Visited", time));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), time));
String domain = Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "");
String domain = Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : ""); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), domain));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
@ -474,7 +474,7 @@ class Chrome extends Extract {
FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> signonFiles;
try {
signonFiles = fileManager.findFiles(dataSource, "signons.sqlite", "Chrome");
signonFiles = fileManager.findFiles(dataSource, "signons.sqlite", "Chrome"); //NON-NLS
} catch (TskCoreException ex) {
String msg = NbBundle.getMessage(this.getClass(), "Chrome.getLogin.errMsg.errGettingFiles");
logger.log(Level.SEVERE, msg, ex);
@ -483,7 +483,7 @@ class Chrome extends Extract {
}
if (signonFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any Chrome signon files.");
logger.log(Level.INFO, "Didn't find any Chrome signon files."); //NON-NLS
return;
}
@ -494,11 +494,11 @@ class Chrome extends Extract {
if (signonFile.getSize() == 0) {
continue;
}
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + signonFile.getName().toString() + j + ".db";
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + signonFile.getName().toString() + j + ".db"; //NON-NLS
try {
ContentUtils.writeToFile(signonFile, new File(temps));
} catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome login artifacts.{0}", ex);
logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome login artifacts.{0}", ex); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "Chrome.getLogin.errMsg.errAnalyzingFiles", this.getName(),
signonFile.getName()));
@ -510,36 +510,36 @@ class Chrome extends Extract {
break;
}
List<HashMap<String, Object>> tempList = this.dbConnect(temps, loginQuery);
logger.log(Level.INFO, "{0}- Now getting login information from {1} with {2}artifacts identified.", new Object[]{moduleName, temps, tempList.size()});
logger.log(Level.INFO, "{0}- Now getting login information from {1} with {2}artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("origin_url").toString() != null) ? result.get("origin_url").toString() : "")));
((result.get("origin_url").toString() != null) ? result.get("origin_url").toString() : ""))); //NON-NLS
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "Recent Activity", ((result.get("origin_url").toString() != null) ? EscapeUtil.decodeURL(result.get("origin_url").toString()) : "")));
//TODO Revisit usage of deprecated constructor as per TSK-583
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), "Recent Activity", "Last Visited", ((Long.valueOf(result.get("last_visit_time").toString())) / 1000000)));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((Long.valueOf(result.get("last_visit_time").toString())) / 1000000)));
((Long.valueOf(result.get("last_visit_time").toString())) / 1000000))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("from_visit").toString() != null) ? result.get("from_visit").toString() : "")));
((result.get("from_visit").toString() != null) ? result.get("from_visit").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("title").toString() != null) ? result.get("title").toString() : "")));
((result.get("title").toString() != null) ? result.get("title").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
NbBundle.getMessage(this.getClass(), "Chrome.moduleName")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
(Util.extractDomain((result.get("origin_url").toString() != null) ? result.get("url").toString() : ""))));
(Util.extractDomain((result.get("origin_url").toString() != null) ? result.get("url").toString() : "")))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USER_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
((result.get("username_value").toString() != null) ? result.get("username_value").toString().replaceAll("'", "''") : "")));
((result.get("username_value").toString() != null) ? result.get("username_value").toString().replaceAll("'", "''") : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
result.get("signon_realm").toString()));
result.get("signon_realm").toString())); //NON-NLS
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, signonFile, bbattributes);
}
@ -550,10 +550,10 @@ class Chrome extends Extract {
}
private boolean isChromePreVersion30(String temps) {
String query = "PRAGMA table_info(downloads)";
String query = "PRAGMA table_info(downloads)"; //NON-NLS
List<HashMap<String, Object>> columns = this.dbConnect(temps, query);
for (HashMap<String, Object> col : columns) {
if (col.get("name").equals("url")) {
if (col.get("name").equals("url")) { //NON-NLS
return true;
}
}

8
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Extract.java
View File

@ -92,7 +92,7 @@ abstract class Extract {
BlackboardArtifact bbart = content.newArtifact(type);
bbart.addAttributes(bbattributes);
} catch (TskException ex) {
logger.log(Level.SEVERE, "Error while trying to add an artifact: {0}", ex);
logger.log(Level.SEVERE, "Error while trying to add an artifact: {0}", ex); //NON-NLS
}
}
@ -109,14 +109,14 @@ abstract class Extract {
protected List<HashMap<String, Object>> dbConnect(String path, String query) {
ResultSet temprs;
List<HashMap<String, Object>> list;
String connectionString = "jdbc:sqlite:" + path;
String connectionString = "jdbc:sqlite:" + path; //NON-NLS
try {
SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", connectionString);
SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", connectionString); //NON-NLS
temprs = tempdbconnect.executeQry(query);
list = this.resultSetToArrayList(temprs);
tempdbconnect.closeConnection();
} catch (SQLException ex) {
logger.log(Level.SEVERE, "Error while trying to read into a sqlite db." + connectionString, ex);
logger.log(Level.SEVERE, "Error while trying to read into a sqlite db." + connectionString, ex); //NON-NLS
errorMessages.add(NbBundle.getMessage(this.getClass(), "Extract.dbConn.errMsg.failedToQueryDb", getName()));
return Collections.<HashMap<String,Object>>emptyList();
}

84
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -71,7 +71,7 @@ class ExtractIE extends Extract {
ExtractIE() {
moduleName = NbBundle.getMessage(ExtractIE.class, "ExtractIE.moduleName.text");
moduleTempResultsDir = RAImageIngestModule.getRATempPath(Case.getCurrentCase(), "IE") + File.separator + "results";
moduleTempResultsDir = RAImageIngestModule.getRATempPath(Case.getCurrentCase(), "IE") + File.separator + "results"; //NON-NLS
JAVA_PATH = PlatformUtil.getJavaPath();
}
@ -92,9 +92,9 @@ class ExtractIE extends Extract {
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> favoritesFiles;
try {
favoritesFiles = fileManager.findFiles(dataSource, "%.url", "Favorites");
favoritesFiles = fileManager.findFiles(dataSource, "%.url", "Favorites"); //NON-NLS
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching 'url' files for Internet Explorer bookmarks.", ex);
logger.log(Level.WARNING, "Error fetching 'url' files for Internet Explorer bookmarks.", ex); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractIE.getBookmark.errMsg.errGettingBookmarks",
this.getName()));
@ -102,7 +102,7 @@ class ExtractIE extends Extract {
}
if (favoritesFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any IE bookmark files.");
logger.log(Level.INFO, "Didn't find any IE bookmark files."); //NON-NLS
return;
}
@ -154,18 +154,18 @@ class ExtractIE extends Extract {
while ((line = reader.readLine()) != null) {
// The actual shortcut line we are interested in is of the
// form URL=http://path/to/website
if (line.startsWith("URL")) {
if (line.startsWith("URL")) { //NON-NLS
url = line.substring(line.indexOf("=") + 1);
break;
}
}
} catch (IOException ex) {
logger.log(Level.WARNING, "Failed to read from content: " + fav.getName(), ex);
logger.log(Level.WARNING, "Failed to read from content: " + fav.getName(), ex); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractIE.getURLFromIEBmkFile.errMsg", this.getName(),
fav.getName()));
} catch (IndexOutOfBoundsException ex) {
logger.log(Level.WARNING, "Failed while getting URL of IE bookmark. Unexpected format of the bookmark file: " + fav.getName(), ex);
logger.log(Level.WARNING, "Failed while getting URL of IE bookmark. Unexpected format of the bookmark file: " + fav.getName(), ex); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractIE.getURLFromIEBmkFile.errMsg2", this.getName(),
fav.getName()));
@ -173,7 +173,7 @@ class ExtractIE extends Extract {
try {
reader.close();
} catch (IOException ex) {
logger.log(Level.WARNING, "Failed to close reader.", ex);
logger.log(Level.WARNING, "Failed to close reader.", ex); //NON-NLS
}
}
@ -187,16 +187,16 @@ class ExtractIE extends Extract {
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> cookiesFiles;
try {
cookiesFiles = fileManager.findFiles(dataSource, "%.txt", "Cookies");
cookiesFiles = fileManager.findFiles(dataSource, "%.txt", "Cookies"); //NON-NLS
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error getting cookie files for IE");
logger.log(Level.WARNING, "Error getting cookie files for IE"); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractIE.getCookie.errMsg.errGettingFile", this.getName()));
return;
}
if (cookiesFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any IE cookies files.");
logger.log(Level.INFO, "Didn't find any IE cookies files."); //NON-NLS
return;
}
@ -213,7 +213,7 @@ class ExtractIE extends Extract {
try {
final int bytesRead = cookiesFile.read(t, 0, cookiesFile.getSize());
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error reading bytes of Internet Explorer cookie.", ex);
logger.log(Level.SEVERE, "Error reading bytes of Internet Explorer cookie.", ex); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractIE.getCookie.errMsg.errReadingIECookie",
this.getName(), cookiesFile.getName()));
@ -259,21 +259,21 @@ class ExtractIE extends Extract {
* Locates index.dat files, runs Pasco on them, and creates artifacts.
*/
private void getHistory() {
logger.log(Level.INFO, "Pasco results path: {0}", moduleTempResultsDir);
logger.log(Level.INFO, "Pasco results path: {0}", moduleTempResultsDir); //NON-NLS
boolean foundHistory = false;
final File pascoRoot = InstalledFileLocator.getDefault().locate("pasco2", ExtractIE.class.getPackage().getName(), false);
final File pascoRoot = InstalledFileLocator.getDefault().locate("pasco2", ExtractIE.class.getPackage().getName(), false); //NON-NLS
if (pascoRoot == null) {
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractIE.getHistory.errMsg.unableToGetHist", this.getName()));
logger.log(Level.SEVERE, "Error finding pasco program ");
logger.log(Level.SEVERE, "Error finding pasco program "); //NON-NLS
return;
}
final String pascoHome = pascoRoot.getAbsolutePath();
logger.log(Level.INFO, "Pasco2 home: {0}", pascoHome);
logger.log(Level.INFO, "Pasco2 home: {0}", pascoHome); //NON-NLS
PASCO_LIB_PATH = pascoHome + File.separator + "pasco2.jar" + File.pathSeparator
PASCO_LIB_PATH = pascoHome + File.separator + "pasco2.jar" + File.pathSeparator //NON-NLS
+ pascoHome + File.separator + "*";
File resultsDir = new File(moduleTempResultsDir);
@ -283,11 +283,11 @@ class ExtractIE extends Extract {
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> indexFiles;
try {
indexFiles = fileManager.findFiles(dataSource, "index.dat");
indexFiles = fileManager.findFiles(dataSource, "index.dat"); //NON-NLS
} catch (TskCoreException ex) {
this.addErrorMessage(NbBundle.getMessage(this.getClass(), "ExtractIE.getHistory.errMsg.errGettingHistFiles",
this.getName()));
logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history.");
logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history."); //NON-NLS
return;
}
@ -306,9 +306,9 @@ class ExtractIE extends Extract {
// index<Number>.dat (i.e. index0.dat, index1.dat,..., indexN.dat)
// Write each index.dat file to a temp directory.
//BlackboardArtifact bbart = fsc.newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY);
indexFileName = "index" + Integer.toString((int) indexFile.getId()) + ".dat";
indexFileName = "index" + Integer.toString((int) indexFile.getId()) + ".dat"; //NON-NLS
//indexFileName = "index" + Long.toString(bbart.getArtifactID()) + ".dat";
temps = RAImageIngestModule.getRATempPath(currentCase, "IE") + File.separator + indexFileName;
temps = RAImageIngestModule.getRATempPath(currentCase, "IE") + File.separator + indexFileName; //NON-NLS
File datFile = new File(temps);
if (context.isJobCancelled()) {
break;
@ -316,14 +316,14 @@ class ExtractIE extends Extract {
try {
ContentUtils.writeToFile(indexFile, datFile);
} catch (IOException e) {
logger.log(Level.SEVERE, "Error while trying to write index.dat file " + datFile.getAbsolutePath(), e);
logger.log(Level.SEVERE, "Error while trying to write index.dat file " + datFile.getAbsolutePath(), e); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractIE.getHistory.errMsg.errWriteFile", this.getName(),
datFile.getAbsolutePath()));
continue;
}
String filename = "pasco2Result." + indexFile.getId() + ".txt";
String filename = "pasco2Result." + indexFile.getId() + ".txt"; //NON-NLS
boolean bPascProcSuccess = executePasco(temps, filename);
//At this point pasco2 proccessed the index files.
@ -335,7 +335,7 @@ class ExtractIE extends Extract {
//Delete index<n>.dat file since it was succcessfully by Pasco
datFile.delete();
} else {
logger.log(Level.WARNING, "pasco execution failed on: {0}", this.getName());
logger.log(Level.WARNING, "pasco execution failed on: {0}", this.getName()); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractIE.getHistory.errMsg.errProcHist", this.getName()));
}
@ -359,19 +359,19 @@ class ExtractIE extends Extract {
Writer writer = null;
try {
final String outputFileFullPath = moduleTempResultsDir + File.separator + outputFileName;
logger.log(Level.INFO, "Writing pasco results to: {0}", outputFileFullPath);
logger.log(Level.INFO, "Writing pasco results to: {0}", outputFileFullPath); //NON-NLS
writer = new FileWriter(outputFileFullPath);
execPasco = new ExecUtil();
execPasco.execute(writer, JAVA_PATH,
"-cp", PASCO_LIB_PATH,
"isi.pasco2.Main", "-T", "history", indexFilePath );
"-cp", PASCO_LIB_PATH, //NON-NLS
"isi.pasco2.Main", "-T", "history", indexFilePath ); //NON-NLS
// @@@ Investigate use of history versus cache as type.
} catch (IOException ex) {
success = false;
logger.log(Level.SEVERE, "Unable to execute Pasco to process Internet Explorer web history.", ex);
logger.log(Level.SEVERE, "Unable to execute Pasco to process Internet Explorer web history.", ex); //NON-NLS
} catch (InterruptedException ex) {
success = false;
logger.log(Level.SEVERE, "Pasco has been interrupted, failed to extract some web history from Internet Explorer.", ex);
logger.log(Level.SEVERE, "Pasco has been interrupted, failed to extract some web history from Internet Explorer.", ex); //NON-NLS
}
finally {
if (writer != null) {
@ -379,7 +379,7 @@ class ExtractIE extends Extract {
writer.flush();
writer.close();
} catch (IOException ex) {
logger.log(Level.WARNING, "Error closing writer stream after for Pasco result", ex);
logger.log(Level.WARNING, "Error closing writer stream after for Pasco result", ex); //NON-NLS
}
}
}
@ -400,7 +400,7 @@ class ExtractIE extends Extract {
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractIE.parsePascoOutput.errMsg.notFound", this.getName(),
file.getName()));
logger.log(Level.WARNING, "Pasco Output not found: {0}", file.getPath());
logger.log(Level.WARNING, "Pasco Output not found: {0}", file.getPath()); //NON-NLS
return;
}
@ -417,20 +417,20 @@ class ExtractIE extends Extract {
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractIE.parsePascoOutput.errMsg.errParsing", this.getName(),
file.getName()));
logger.log(Level.WARNING, "Unable to find the Pasco file at " + file.getPath(), ex);
logger.log(Level.WARNING, "Unable to find the Pasco file at " + file.getPath(), ex); //NON-NLS
return;
}
while (fileScanner.hasNext()) {
String line = fileScanner.nextLine();
if (!line.startsWith("URL")) {
if (!line.startsWith("URL")) { //NON-NLS
continue;
}
String[] lineBuff = line.split("\\t");
String[] lineBuff = line.split("\\t"); //NON-NLS
if (lineBuff.length < 4) {
logger.log(Level.INFO, "Found unrecognized IE history format.");
logger.log(Level.INFO, "Found unrecognized IE history format."); //NON-NLS
continue;
}
@ -448,14 +448,14 @@ class ExtractIE extends Extract {
if (lineBuff[1].contains("@")) {
String url[] = lineBuff[1].split("@", 2);
user = url[0];
user = user.replace("Visited:", "");
user = user.replace(":Host:", "");
user = user.replace("Visited:", ""); //NON-NLS
user = user.replace(":Host:", ""); //NON-NLS
user = user.replaceAll("(:)(.*?)(:)", "");
user = user.trim();
realurl = url[1];
realurl = realurl.replace("Visited:", "");
realurl = realurl.replace("Visited:", ""); //NON-NLS
realurl = realurl.replaceAll(":(.*?):", "");
realurl = realurl.replace(":Host:", "");
realurl = realurl.replace(":Host:", ""); //NON-NLS
realurl = realurl.trim();
} else {
user = "";
@ -465,7 +465,7 @@ class ExtractIE extends Extract {
domain = Util.extractDomain(realurl);
if (!ddtime.isEmpty()) {
ddtime = ddtime.replace("T", " ");
ddtime = ddtime.replace("T", " "); //NON-NLS
ddtime = ddtime.substring(ddtime.length() - 5);
}
@ -478,7 +478,7 @@ class ExtractIE extends Extract {
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractIE.parsePascoOutput.errMsg.errParsingEntry",
this.getName()));
logger.log(Level.SEVERE, "Error parsing Pasco results.", e);
logger.log(Level.SEVERE, "Error parsing Pasco results.", e); //NON-NLS
}
}
@ -510,7 +510,7 @@ class ExtractIE extends Extract {
"ExtractIE.parentModuleName.noSpace"), user));
bbart.addAttributes(bbattributes);
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error writing Internet Explorer web history artifact to the blackboard.", ex);
logger.log(Level.SEVERE, "Error writing Internet Explorer web history artifact to the blackboard.", ex); //NON-NLS
}
}
fileScanner.close();

156
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -69,9 +69,9 @@ class ExtractRegistry extends Extract {
//hide public constructor to prevent from instantiation by ingest module loader
ExtractRegistry() {
final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false);
final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false); //NON-NLS
if (rrRoot == null) {
logger.log(Level.SEVERE, "RegRipper not found");
logger.log(Level.SEVERE, "RegRipper not found"); //NON-NLS
rrFound = false;
return;
} else {
@ -79,29 +79,29 @@ class ExtractRegistry extends Extract {
}
final String rrHome = rrRoot.getAbsolutePath();
logger.log(Level.INFO, "RegRipper home: {0}", rrHome);
logger.log(Level.INFO, "RegRipper home: {0}", rrHome); //NON-NLS
if (PlatformUtil.isWindowsOS()) {
RR_PATH = rrHome + File.separator + "rip.exe";
RR_PATH = rrHome + File.separator + "rip.exe"; //NON-NLS
} else {
RR_PATH = "perl " + rrHome + File.separator + "rip.pl";
RR_PATH = "perl " + rrHome + File.separator + "rip.pl"; //NON-NLS
}
final File rrFullRoot = InstalledFileLocator.getDefault().locate("rr-full", ExtractRegistry.class.getPackage().getName(), false);
final File rrFullRoot = InstalledFileLocator.getDefault().locate("rr-full", ExtractRegistry.class.getPackage().getName(), false); //NON-NLS
if (rrFullRoot == null) {
logger.log(Level.SEVERE, "RegRipper Full not found");
logger.log(Level.SEVERE, "RegRipper Full not found"); //NON-NLS
rrFullFound = false;
} else {
rrFullFound = true;
}
final String rrFullHome = rrFullRoot.getAbsolutePath();
logger.log(Level.INFO, "RegRipper Full home: {0}", rrFullHome);
logger.log(Level.INFO, "RegRipper Full home: {0}", rrFullHome); //NON-NLS
if (PlatformUtil.isWindowsOS()) {
RR_FULL_PATH = rrFullHome + File.separator + "rip.exe";
RR_FULL_PATH = rrFullHome + File.separator + "rip.exe"; //NON-NLS
} else {
RR_FULL_PATH = "perl " + rrFullHome + File.separator + "rip.pl";
RR_FULL_PATH = "perl " + rrFullHome + File.separator + "rip.pl"; //NON-NLS
}
}
@ -114,17 +114,17 @@ class ExtractRegistry extends Extract {
// find the user-specific ntuser-dat files
try {
allRegistryFiles.addAll(fileManager.findFiles(dataSource, "ntuser.dat"));
allRegistryFiles.addAll(fileManager.findFiles(dataSource, "ntuser.dat")); //NON-NLS
}
catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching 'ntuser.dat' file.");
logger.log(Level.WARNING, "Error fetching 'ntuser.dat' file."); //NON-NLS
}
// find the system hives'
String[] regFileNames = new String[] {"system", "software", "security", "sam"};
String[] regFileNames = new String[] {"system", "software", "security", "sam"}; //NON-NLS
for (String regFileName : regFileNames) {
try {
allRegistryFiles.addAll(fileManager.findFiles(dataSource, regFileName, "/system32/config"));
allRegistryFiles.addAll(fileManager.findFiles(dataSource, regFileName, "/system32/config")); //NON-NLS
}
catch (TskCoreException ex) {
String msg = NbBundle.getMessage(this.getClass(),
@ -145,7 +145,7 @@ class ExtractRegistry extends Extract {
// open the log file
FileWriter logFile = null;
try {
logFile = new FileWriter(RAImageIngestModule.getRAOutputPath(currentCase, "reg") + File.separator + "regripper-info.txt");
logFile = new FileWriter(RAImageIngestModule.getRAOutputPath(currentCase, "reg") + File.separator + "regripper-info.txt"); //NON-NLS
} catch (IOException ex) {
java.util.logging.Logger.getLogger(ExtractRegistry.class.getName()).log(Level.SEVERE, null, ex);
}
@ -156,12 +156,12 @@ class ExtractRegistry extends Extract {
for (AbstractFile regFile : allRegistryFiles) {
String regFileName = regFile.getName();
String regFileNameLocal = RAImageIngestModule.getRATempPath(currentCase, "reg") + File.separator + regFileName;
String outputPathBase = RAImageIngestModule.getRAOutputPath(currentCase, "reg") + File.separator + regFileName + "-regripper-" + Integer.toString(j++);
String outputPathBase = RAImageIngestModule.getRAOutputPath(currentCase, "reg") + File.separator + regFileName + "-regripper-" + Integer.toString(j++); //NON-NLS
File regFileNameLocalFile = new File(regFileNameLocal);
try {
ContentUtils.writeToFile(regFile, regFileNameLocalFile);
} catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing the temp registry file. {0}", ex);
logger.log(Level.SEVERE, "Error writing the temp registry file. {0}", ex); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractRegistry.analyzeRegFiles.errMsg.errWritingTemp",
this.getName(), regFileName));
@ -181,7 +181,7 @@ class ExtractRegistry extends Extract {
java.util.logging.Logger.getLogger(ExtractRegistry.class.getName()).log(Level.SEVERE, null, ex);
}
logger.log(Level.INFO, moduleName + "- Now getting registry information from " + regFileNameLocal);
logger.log(Level.INFO, moduleName + "- Now getting registry information from " + regFileNameLocal); //NON-NLS
RegOutputFiles regOutputFiles = executeRegRip(regFileNameLocal, outputPathBase);
if (context.isJobCancelled()) {
@ -226,7 +226,7 @@ class ExtractRegistry extends Extract {
try {
input.close();
} catch (IOException ex) {
logger.log(Level.WARNING, "Failed to close reader.", ex);
logger.log(Level.WARNING, "Failed to close reader.", ex); //NON-NLS
}
}
att = new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(),
@ -273,23 +273,23 @@ class ExtractRegistry extends Extract {
RegOutputFiles regOutputFiles = new RegOutputFiles();
if (regFilePath.toLowerCase().contains("system")) {
autopsyType = "autopsysystem";
fullType = "system";
if (regFilePath.toLowerCase().contains("system")) { //NON-NLS
autopsyType = "autopsysystem"; //NON-NLS
fullType = "system"; //NON-NLS
}
else if (regFilePath.toLowerCase().contains("software")) {
autopsyType = "autopsysoftware";
fullType = "software";
else if (regFilePath.toLowerCase().contains("software")) { //NON-NLS
autopsyType = "autopsysoftware"; //NON-NLS
fullType = "software"; //NON-NLS
}
else if (regFilePath.toLowerCase().contains("ntuser")) {
autopsyType = "autopsyntuser";
fullType = "ntuser";
else if (regFilePath.toLowerCase().contains("ntuser")) { //NON-NLS
autopsyType = "autopsyntuser"; //NON-NLS
fullType = "ntuser"; //NON-NLS
}
else if (regFilePath.toLowerCase().contains("sam")) {
fullType = "sam";
else if (regFilePath.toLowerCase().contains("sam")) { //NON-NLS
fullType = "sam"; //NON-NLS
}
else if (regFilePath.toLowerCase().contains("security")) {
fullType = "security";
else if (regFilePath.toLowerCase().contains("security")) { //NON-NLS
fullType = "security"; //NON-NLS
}
else {
return regOutputFiles;
@ -300,19 +300,19 @@ class ExtractRegistry extends Extract {
// TODO - add error messages
Writer writer = null;
try {
regOutputFiles.autopsyPlugins = outFilePathBase + "-autopsy.txt";
logger.log(Level.INFO, "Writing RegRipper results to: " + regOutputFiles.autopsyPlugins);
regOutputFiles.autopsyPlugins = outFilePathBase + "-autopsy.txt"; //NON-NLS
logger.log(Level.INFO, "Writing RegRipper results to: " + regOutputFiles.autopsyPlugins); //NON-NLS
writer = new FileWriter(regOutputFiles.autopsyPlugins);
execRR = new ExecUtil();
execRR.execute(writer, RR_PATH,
"-r", regFilePath, "-f", autopsyType);
"-r", regFilePath, "-f", autopsyType); //NON-NLS
} catch (IOException ex) {
logger.log(Level.SEVERE, "Unable to RegRipper and process parse some registry files.", ex);
logger.log(Level.SEVERE, "Unable to RegRipper and process parse some registry files.", ex); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractRegistry.execRegRip.errMsg.failedAnalyzeRegFile",
this.getName()));
} catch (InterruptedException ex) {
logger.log(Level.SEVERE, "RegRipper has been interrupted, failed to parse registry.", ex);
logger.log(Level.SEVERE, "RegRipper has been interrupted, failed to parse registry.", ex); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractRegistry.execRegRip.errMsg.failedAnalyzeRegFile2",
this.getName()));
@ -321,7 +321,7 @@ class ExtractRegistry extends Extract {
try {
writer.close();
} catch (IOException ex) {
logger.log(Level.SEVERE, "Error closing output writer after running RegRipper", ex);
logger.log(Level.SEVERE, "Error closing output writer after running RegRipper", ex); //NON-NLS
}
}
}
@ -331,19 +331,19 @@ class ExtractRegistry extends Extract {
if (!fullType.isEmpty() && rrFullFound) {
Writer writer = null;
try {
regOutputFiles.fullPlugins = outFilePathBase + "-full.txt";
logger.log(Level.INFO, "Writing Full RegRipper results to: " + regOutputFiles.fullPlugins);
regOutputFiles.fullPlugins = outFilePathBase + "-full.txt"; //NON-NLS
logger.log(Level.INFO, "Writing Full RegRipper results to: " + regOutputFiles.fullPlugins); //NON-NLS
writer = new FileWriter(regOutputFiles.fullPlugins);
execRR = new ExecUtil();
execRR.execute(writer, RR_FULL_PATH,
"-r", regFilePath, "-f", fullType);
"-r", regFilePath, "-f", fullType); //NON-NLS
} catch (IOException ex) {
logger.log(Level.SEVERE, "Unable to run full RegRipper and process parse some registry files.", ex);
logger.log(Level.SEVERE, "Unable to run full RegRipper and process parse some registry files.", ex); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractRegistry.execRegRip.errMsg.failedAnalyzeRegFile3",
this.getName()));
} catch (InterruptedException ex) {
logger.log(Level.SEVERE, "RegRipper full has been interrupted, failed to parse registry.", ex);
logger.log(Level.SEVERE, "RegRipper full has been interrupted, failed to parse registry.", ex); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractRegistry.execRegRip.errMsg.failedAnalyzeRegFile4",
this.getName()));
@ -352,7 +352,7 @@ class ExtractRegistry extends Extract {
try {
writer.close();
} catch (IOException ex) {
logger.log(Level.SEVERE, "Error closing output writer after running RegRipper full", ex);
logger.log(Level.SEVERE, "Error closing output writer after running RegRipper full", ex); //NON-NLS
}
}
}
@ -371,14 +371,14 @@ class ExtractRegistry extends Extract {
File regfile = new File(regRecord);
fstream = new FileInputStream(regfile);
String regString = new Scanner(fstream, "UTF-8").useDelimiter("\\Z").next();
String startdoc = "<?xml version=\"1.0\"?><document>";
String regString = new Scanner(fstream, "UTF-8").useDelimiter("\\Z").next(); //NON-NLS
String startdoc = "<?xml version=\"1.0\"?><document>"; //NON-NLS
String result = regString.replaceAll("----------------------------------------", "");
result = result.replaceAll("\\n", "");
result = result.replaceAll("\\r", "");
result = result.replaceAll("'", "&apos;");
result = result.replaceAll("&", "&amp;");
String enddoc = "</document>";
result = result.replaceAll("\\n", ""); //NON-NLS
result = result.replaceAll("\\r", ""); //NON-NLS
result = result.replaceAll("'", "&apos;"); //NON-NLS
result = result.replaceAll("&", "&amp;"); //NON-NLS
String enddoc = "</document>"; //NON-NLS
String stringdoc = startdoc + result + enddoc;
DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
Document doc = builder.parse(new InputSource(new StringReader(stringdoc)));
@ -392,7 +392,7 @@ class ExtractRegistry extends Extract {
String dataType = tempnode.getNodeName();
NodeList timenodes = tempnode.getElementsByTagName("mtime");
NodeList timenodes = tempnode.getElementsByTagName("mtime"); //NON-NLS
Long mtime = null;
if (timenodes.getLength() > 0) {
Element timenode = (Element) timenodes.item(0);
@ -403,11 +403,11 @@ class ExtractRegistry extends Extract {
String Tempdate = mtime.toString();
mtime = Long.valueOf(Tempdate) / 1000;
} catch (ParseException ex) {
logger.log(Level.WARNING, "Failed to parse epoch time when parsing the registry.");
logger.log(Level.WARNING, "Failed to parse epoch time when parsing the registry."); //NON-NLS
}
}
NodeList artroots = tempnode.getElementsByTagName("artifacts");
NodeList artroots = tempnode.getElementsByTagName("artifacts"); //NON-NLS
if (artroots.getLength() == 0) {
// If there isn't an artifact node, skip this entry
continue;
@ -425,7 +425,7 @@ class ExtractRegistry extends Extract {
String value = artnode.getTextContent().trim();
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
if ("recentdocs".equals(dataType)) {
if ("recentdocs".equals(dataType)) { //NON-NLS
// BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT);
// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", dataType, mtime));
// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", dataType, mtimeItem));
@ -433,18 +433,18 @@ class ExtractRegistry extends Extract {
// bbart.addAttributes(bbattributes);
// @@@ BC: Why are we ignoring this...
}
else if ("usb".equals(dataType)) {
else if ("usb".equals(dataType)) { //NON-NLS
try {
Long usbMtime = Long.parseLong(artnode.getAttribute("mtime"));
Long usbMtime = Long.parseLong(artnode.getAttribute("mtime")); //NON-NLS
usbMtime = Long.valueOf(usbMtime.toString());
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_DEVICE_ATTACHED);
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(),
NbBundle.getMessage(this.getClass(),
"ExtractRegistry.parentModuleName.noSpace"), usbMtime));
String dev = artnode.getAttribute("dev");
String dev = artnode.getAttribute("dev"); //NON-NLS
String model = dev;
if (dev.toLowerCase().contains("vid")) {
if (dev.toLowerCase().contains("vid")) { //NON-NLS
USBInfo info = extrctr.parseAndLookup(dev);
if(info.getVendor()!=null)
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MAKE.getTypeID(),
@ -461,17 +461,17 @@ class ExtractRegistry extends Extract {
"ExtractRegistry.parentModuleName.noSpace"), value));
bbart.addAttributes(bbattributes);
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error adding device attached artifact to blackboard.");
logger.log(Level.SEVERE, "Error adding device attached artifact to blackboard."); //NON-NLS
}
}
else if ("uninstall".equals(dataType)) {
else if ("uninstall".equals(dataType)) { //NON-NLS
Long itemMtime = null;
try {
Long epochtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(artnode.getAttribute("mtime")).getTime();
Long epochtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(artnode.getAttribute("mtime")).getTime(); //NON-NLS
itemMtime = epochtime.longValue();
itemMtime = itemMtime / 1000;
} catch (ParseException e) {
logger.log(Level.WARNING, "Failed to parse epoch time for installed program artifact.");
logger.log(Level.WARNING, "Failed to parse epoch time for installed program artifact."); //NON-NLS
}
try {
@ -484,19 +484,19 @@ class ExtractRegistry extends Extract {
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG);
bbart.addAttributes(bbattributes);
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error adding installed program artifact to blackboard.");
logger.log(Level.SEVERE, "Error adding installed program artifact to blackboard."); //NON-NLS
}
}
else if ("WinVersion".equals(dataType)) {
String name = artnode.getAttribute("name");
else if ("WinVersion".equals(dataType)) { //NON-NLS
String name = artnode.getAttribute("name"); //NON-NLS
if (name.contains("ProductName")) {
if (name.contains("ProductName")) { //NON-NLS
winver = value;
}
if (name.contains("CSDVersion")) {
if (name.contains("CSDVersion")) { //NON-NLS
winver = winver + " " + value;
}
if (name.contains("InstallDate")) {
if (name.contains("InstallDate")) { //NON-NLS
Long installtime = null;
try {
Long epochtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(value).getTime();
@ -504,7 +504,7 @@ class ExtractRegistry extends Extract {
String Tempdate = installtime.toString();
installtime = Long.valueOf(Tempdate) / 1000;
} catch (ParseException e) {
logger.log(Level.SEVERE, "RegRipper::Conversion on DateTime -> ", e);
logger.log(Level.SEVERE, "RegRipper::Conversion on DateTime -> ", e); //NON-NLS
}
try {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
@ -516,12 +516,12 @@ class ExtractRegistry extends Extract {
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG);
bbart.addAttributes(bbattributes);
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error adding installed program artifact to blackboard.");
logger.log(Level.SEVERE, "Error adding installed program artifact to blackboard."); //NON-NLS
}
}
}
else if ("office".equals(dataType)) {
String name = artnode.getAttribute("name");
else if ("office".equals(dataType)) { //NON-NLS
String name = artnode.getAttribute("name"); //NON-NLS
try {
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT);
@ -542,7 +542,7 @@ class ExtractRegistry extends Extract {
"ExtractRegistry.parentModuleName.noSpace"), artnode.getNodeName()));
bbart.addAttributes(bbattributes);
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error adding recent object artifact to blackboard.");
logger.log(Level.SEVERE, "Error adding recent object artifact to blackboard."); //NON-NLS
}
}
}
@ -550,13 +550,13 @@ class ExtractRegistry extends Extract {
}
return true;
} catch (FileNotFoundException ex) {
logger.log(Level.SEVERE, "Error finding the registry file.");
logger.log(Level.SEVERE, "Error finding the registry file."); //NON-NLS
} catch (SAXException ex) {
logger.log(Level.SEVERE, "Error parsing the registry XML: {0}", ex);
logger.log(Level.SEVERE, "Error parsing the registry XML: {0}", ex); //NON-NLS
} catch (IOException ex) {
logger.log(Level.SEVERE, "Error building the document parser: {0}", ex);
logger.log(Level.SEVERE, "Error building the document parser: {0}", ex); //NON-NLS
} catch (ParserConfigurationException ex) {
logger.log(Level.SEVERE, "Error configuring the registry parser: {0}", ex);
logger.log(Level.SEVERE, "Error configuring the registry parser: {0}", ex); //NON-NLS
} finally {
try {
if (fstream != null) {

118
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -53,12 +53,12 @@ import org.sleuthkit.datamodel.TskCoreException;
class Firefox extends Extract {
private static final Logger logger = Logger.getLogger(Firefox.class.getName());
private static final String historyQuery = "SELECT moz_historyvisits.id,url,title,visit_count,(visit_date/1000000) as visit_date,from_visit,(SELECT url FROM moz_places WHERE id=moz_historyvisits.from_visit) as ref FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND hidden = 0";
private static final String cookieQuery = "SELECT name,value,host,expiry,(lastAccessed/1000000) as lastAccessed,(creationTime/1000000) as creationTime FROM moz_cookies";
private static final String cookieQueryV3 = "SELECT name,value,host,expiry,(lastAccessed/1000000) as lastAccessed FROM moz_cookies";
private static final String bookmarkQuery = "SELECT fk, moz_bookmarks.title, url, (moz_bookmarks.dateAdded/1000000) as dateAdded FROM moz_bookmarks INNER JOIN moz_places ON moz_bookmarks.fk=moz_places.id";
private static final String downloadQuery = "SELECT target, source,(startTime/1000000) as startTime, maxBytes FROM moz_downloads";
private static final String downloadQueryVersion24 = "SELECT url, content as target, (lastModified/1000000) as lastModified FROM moz_places, moz_annos WHERE moz_places.id = moz_annos.place_id AND moz_annos.anno_attribute_id = 3";
private static final String historyQuery = "SELECT moz_historyvisits.id,url,title,visit_count,(visit_date/1000000) as visit_date,from_visit,(SELECT url FROM moz_places WHERE id=moz_historyvisits.from_visit) as ref FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND hidden = 0"; //NON-NLS
private static final String cookieQuery = "SELECT name,value,host,expiry,(lastAccessed/1000000) as lastAccessed,(creationTime/1000000) as creationTime FROM moz_cookies"; //NON-NLS
private static final String cookieQueryV3 = "SELECT name,value,host,expiry,(lastAccessed/1000000) as lastAccessed FROM moz_cookies"; //NON-NLS
private static final String bookmarkQuery = "SELECT fk, moz_bookmarks.title, url, (moz_bookmarks.dateAdded/1000000) as dateAdded FROM moz_bookmarks INNER JOIN moz_places ON moz_bookmarks.fk=moz_places.id"; //NON-NLS
private static final String downloadQuery = "SELECT target, source,(startTime/1000000) as startTime, maxBytes FROM moz_downloads"; //NON-NLS
private static final String downloadQueryVersion24 = "SELECT url, content as target, (lastModified/1000000) as lastModified FROM moz_places, moz_annos WHERE moz_places.id = moz_annos.place_id AND moz_annos.anno_attribute_id = 3"; //NON-NLS
private final IngestServices services = IngestServices.getInstance();
private Content dataSource;
private IngestJobContext context;
@ -82,7 +82,7 @@ class Firefox extends Extract {
FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> historyFiles;
try {
historyFiles = fileManager.findFiles(dataSource, "places.sqlite", "Firefox");
historyFiles = fileManager.findFiles(dataSource, "places.sqlite", "Firefox"); //NON-NLS
} catch (TskCoreException ex) {
String msg = NbBundle.getMessage(this.getClass(), "Firefox.getHistory.errMsg.errFetchingFiles");
logger.log(Level.WARNING, msg);
@ -105,11 +105,11 @@ class Firefox extends Extract {
}
String fileName = historyFile.getName();
String temps = RAImageIngestModule.getRATempPath(currentCase, "firefox") + File.separator + fileName + j + ".db";
String temps = RAImageIngestModule.getRATempPath(currentCase, "firefox") + File.separator + fileName + j + ".db"; //NON-NLS
try {
ContentUtils.writeToFile(historyFile, new File(temps));
} catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing the sqlite db for firefox web history artifacts.{0}", ex);
logger.log(Level.SEVERE, "Error writing the sqlite db for firefox web history artifacts.{0}", ex); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "Firefox.getHistory.errMsg.errAnalyzeFile", this.getName(),
fileName));
@ -121,33 +121,33 @@ class Firefox extends Extract {
break;
}
List<HashMap<String, Object>> tempList = this.dbConnect(temps, historyQuery);
logger.log(Level.INFO, "{0} - Now getting history from {1} with {2} artifacts identified.", new Object[]{moduleName, temps, tempList.size()});
logger.log(Level.INFO, "{0} - Now getting history from {1} with {2} artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
((result.get("url").toString() != null) ? result.get("url").toString() : "")));
((result.get("url").toString() != null) ? result.get("url").toString() : ""))); //NON-NLS
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "RecentActivity", ((result.get("url").toString() != null) ? EscapeUtil.decodeURL(result.get("url").toString()) : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
(Long.valueOf(result.get("visit_date").toString()))));
(Long.valueOf(result.get("visit_date").toString())))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
((result.get("ref").toString() != null) ? result.get("ref").toString() : "")));
((result.get("ref").toString() != null) ? result.get("ref").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TITLE.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
((result.get("title").toString() != null) ? result.get("title").toString() : "")));
((result.get("title").toString() != null) ? result.get("title").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
NbBundle.getMessage(this.getClass(), "Firefox.moduleName")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), (Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : ""))));
"Firefox.parentModuleName.noSpace"), (Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "")))); //NON-NLS
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, historyFile, bbattributes);
}
++j;
@ -166,7 +166,7 @@ class Firefox extends Extract {
FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> bookmarkFiles;
try {
bookmarkFiles = fileManager.findFiles(dataSource, "places.sqlite", "Firefox");
bookmarkFiles = fileManager.findFiles(dataSource, "places.sqlite", "Firefox"); //NON-NLS
} catch (TskCoreException ex) {
String msg = NbBundle.getMessage(this.getClass(), "Firefox.getBookmark.errMsg.errFetchFiles");
logger.log(Level.WARNING, msg);
@ -175,7 +175,7 @@ class Firefox extends Extract {
}
if (bookmarkFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any firefox bookmark files.");
logger.log(Level.INFO, "Didn't find any firefox bookmark files."); //NON-NLS
return;
}
@ -187,11 +187,11 @@ class Firefox extends Extract {
continue;
}
String fileName = bookmarkFile.getName();
String temps = RAImageIngestModule.getRATempPath(currentCase, "firefox") + File.separator + fileName + j + ".db";
String temps = RAImageIngestModule.getRATempPath(currentCase, "firefox") + File.separator + fileName + j + ".db"; //NON-NLS
try {
ContentUtils.writeToFile(bookmarkFile, new File(temps));
} catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing the sqlite db for firefox bookmark artifacts.{0}", ex);
logger.log(Level.SEVERE, "Error writing the sqlite db for firefox bookmark artifacts.{0}", ex); //NON-NLS
this.addErrorMessage(NbBundle.getMessage(this.getClass(), "Firefox.getBookmark.errMsg.errAnalyzeFile",
this.getName(), fileName));
continue;
@ -202,23 +202,23 @@ class Firefox extends Extract {
break;
}
List<HashMap<String, Object>> tempList = this.dbConnect(temps, bookmarkQuery);
logger.log(Level.INFO, "{0} - Now getting bookmarks from {1} with {2} artifacts identified.", new Object[]{moduleName, temps, tempList.size()});
logger.log(Level.INFO, "{0} - Now getting bookmarks from {1} with {2} artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
((result.get("url").toString() != null) ? result.get("url").toString() : "")));
((result.get("url").toString() != null) ? result.get("url").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TITLE.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
((result.get("title").toString() != null) ? result.get("title").toString() : "")));
if (Long.valueOf(result.get("dateAdded").toString()) > 0) {
((result.get("title").toString() != null) ? result.get("title").toString() : ""))); //NON-NLS
if (Long.valueOf(result.get("dateAdded").toString()) > 0) { //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_CREATED.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
(Long.valueOf(result.get("dateAdded").toString()))));
(Long.valueOf(result.get("dateAdded").toString())))); //NON-NLS
}
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(),
@ -227,7 +227,7 @@ class Firefox extends Extract {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
(Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : ""))));
(Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "")))); //NON-NLS
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, bookmarkFile, bbattributes);
}
@ -246,7 +246,7 @@ class Firefox extends Extract {
FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> cookiesFiles;
try {
cookiesFiles = fileManager.findFiles(dataSource, "cookies.sqlite", "Firefox");
cookiesFiles = fileManager.findFiles(dataSource, "cookies.sqlite", "Firefox"); //NON-NLS
} catch (TskCoreException ex) {
String msg = NbBundle.getMessage(this.getClass(), "Firefox.getCookie.errMsg.errFetchFile");
logger.log(Level.WARNING, msg);
@ -255,7 +255,7 @@ class Firefox extends Extract {
}
if (cookiesFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any Firefox cookie files.");
logger.log(Level.INFO, "Didn't find any Firefox cookie files."); //NON-NLS
return;
}
@ -266,11 +266,11 @@ class Firefox extends Extract {
continue;
}
String fileName = cookiesFile.getName();
String temps = RAImageIngestModule.getRATempPath(currentCase, "firefox") + File.separator + fileName + j + ".db";
String temps = RAImageIngestModule.getRATempPath(currentCase, "firefox") + File.separator + fileName + j + ".db"; //NON-NLS
try {
ContentUtils.writeToFile(cookiesFile, new File(temps));
} catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing the sqlite db for firefox cookie artifacts.{0}", ex);
logger.log(Level.SEVERE, "Error writing the sqlite db for firefox cookie artifacts.{0}", ex); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "Firefox.getCookie.errMsg.errAnalyzeFile", this.getName(),
fileName));
@ -281,7 +281,7 @@ class Firefox extends Extract {
dbFile.delete();
break;
}
boolean checkColumn = Util.checkColumn("creationTime", "moz_cookies", temps);
boolean checkColumn = Util.checkColumn("creationTime", "moz_cookies", temps); //NON-NLS
String query;
if (checkColumn) {
query = cookieQuery;
@ -290,26 +290,26 @@ class Firefox extends Extract {
}
List<HashMap<String, Object>> tempList = this.dbConnect(temps, query);
logger.log(Level.INFO, "{0} - Now getting cookies from {1} with {2} artifacts identified.", new Object[]{moduleName, temps, tempList.size()});
logger.log(Level.INFO, "{0} - Now getting cookies from {1} with {2} artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
((result.get("host").toString() != null) ? result.get("host").toString() : "")));
((result.get("host").toString() != null) ? result.get("host").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
(Long.valueOf(result.get("lastAccessed").toString()))));
(Long.valueOf(result.get("lastAccessed").toString())))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
((result.get("name").toString() != null) ? result.get("name").toString() : "")));
((result.get("name").toString() != null) ? result.get("name").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
((result.get("value").toString() != null) ? result.get("value").toString() : "")));
((result.get("value").toString() != null) ? result.get("value").toString() : ""))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
@ -319,9 +319,9 @@ class Firefox extends Extract {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_CREATED.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
(Long.valueOf(result.get("creationTime").toString()))));
(Long.valueOf(result.get("creationTime").toString())))); //NON-NLS
}
String domain = Util.extractDomain(result.get("host").toString());
String domain = Util.extractDomain(result.get("host").toString()); //NON-NLS
domain = domain.replaceFirst("^\\.+(?!$)", "");
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
NbBundle.getMessage(this.getClass(),
@ -354,7 +354,7 @@ class Firefox extends Extract {
FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> downloadsFiles;
try {
downloadsFiles = fileManager.findFiles(dataSource, "downloads.sqlite", "Firefox");
downloadsFiles = fileManager.findFiles(dataSource, "downloads.sqlite", "Firefox"); //NON-NLS
} catch (TskCoreException ex) {
String msg = NbBundle.getMessage(this.getClass(), "Firefox.getDlPre24.errMsg.errFetchFiles");
logger.log(Level.WARNING, msg);
@ -363,7 +363,7 @@ class Firefox extends Extract {
}
if (downloadsFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any pre-version-24.0 Firefox download files.");
logger.log(Level.INFO, "Didn't find any pre-version-24.0 Firefox download files."); //NON-NLS
return;
}
@ -374,12 +374,12 @@ class Firefox extends Extract {
continue;
}
String fileName = downloadsFile.getName();
String temps = RAImageIngestModule.getRATempPath(currentCase, "firefox") + File.separator + fileName + j + ".db";
String temps = RAImageIngestModule.getRATempPath(currentCase, "firefox") + File.separator + fileName + j + ".db"; //NON-NLS
int errors = 0;
try {
ContentUtils.writeToFile(downloadsFile, new File(temps));
} catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing the sqlite db for firefox download artifacts.{0}", ex);
logger.log(Level.SEVERE, "Error writing the sqlite db for firefox download artifacts.{0}", ex); //NON-NLS
this.addErrorMessage(NbBundle.getMessage(this.getClass(), "Firefox.getDlPre24.errMsg.errAnalyzeFiles",
this.getName(), fileName));
continue;
@ -391,7 +391,7 @@ class Firefox extends Extract {
}
List<HashMap<String, Object>> tempList = this.dbConnect(temps, downloadQuery);
logger.log(Level.INFO, moduleName + "- Now getting downloads from " + temps + " with " + tempList.size() + "artifacts identified.");
logger.log(Level.INFO, moduleName + "- Now getting downloads from " + temps + " with " + tempList.size() + "artifacts identified."); //NON-NLS
for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
@ -399,18 +399,18 @@ class Firefox extends Extract {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
((result.get("source").toString() != null) ? result.get("source").toString() : "")));
((result.get("source").toString() != null) ? result.get("source").toString() : ""))); //NON-NLS
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "RecentActivity", ((result.get("source").toString() != null) ? EscapeUtil.decodeURL(result.get("source").toString()) : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
(Long.valueOf(result.get("startTime").toString()))));
(Long.valueOf(result.get("startTime").toString())))); //NON-NLS
String target = result.get("target").toString();
String target = result.get("target").toString(); //NON-NLS
if (target != null) {
try {
String decodedTarget = URLDecoder.decode(target.toString().replaceAll("file:///", ""), "UTF-8");
String decodedTarget = URLDecoder.decode(target.toString().replaceAll("file:///", ""), "UTF-8"); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
@ -423,7 +423,7 @@ class Firefox extends Extract {
pathID));
}
} catch (UnsupportedEncodingException ex) {
logger.log(Level.SEVERE, "Error decoding Firefox download URL in " + temps, ex);
logger.log(Level.SEVERE, "Error decoding Firefox download URL in " + temps, ex); //NON-NLS
errors++;
}
}
@ -435,7 +435,7 @@ class Firefox extends Extract {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
(Util.extractDomain((result.get("source").toString() != null) ? result.get("source").toString() : ""))));
(Util.extractDomain((result.get("source").toString() != null) ? result.get("source").toString() : "")))); //NON-NLS
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes);
}
@ -462,7 +462,7 @@ class Firefox extends Extract {
FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> downloadsFiles;
try {
downloadsFiles = fileManager.findFiles(dataSource, "places.sqlite", "Firefox");
downloadsFiles = fileManager.findFiles(dataSource, "places.sqlite", "Firefox"); //NON-NLS
} catch (TskCoreException ex) {
String msg = NbBundle.getMessage(this.getClass(), "Firefox.getDlV24.errMsg.errFetchFiles");
logger.log(Level.WARNING, msg);
@ -471,7 +471,7 @@ class Firefox extends Extract {
}
if (downloadsFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any version-24.0 Firefox download files.");
logger.log(Level.INFO, "Didn't find any version-24.0 Firefox download files."); //NON-NLS
return;
}
@ -482,12 +482,12 @@ class Firefox extends Extract {
continue;
}
String fileName = downloadsFile.getName();
String temps = RAImageIngestModule.getRATempPath(currentCase, "firefox") + File.separator + fileName + "-downloads" + j + ".db";
String temps = RAImageIngestModule.getRATempPath(currentCase, "firefox") + File.separator + fileName + "-downloads" + j + ".db"; //NON-NLS
int errors = 0;
try {
ContentUtils.writeToFile(downloadsFile, new File(temps));
} catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing the sqlite db for firefox download artifacts.{0}", ex);
logger.log(Level.SEVERE, "Error writing the sqlite db for firefox download artifacts.{0}", ex); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "Firefox.getDlV24.errMsg.errAnalyzeFile", this.getName(),
fileName));
@ -501,7 +501,7 @@ class Firefox extends Extract {
List<HashMap<String, Object>> tempList = this.dbConnect(temps, downloadQueryVersion24);
logger.log(Level.INFO, "{0} - Now getting downloads from {1} with {2} artifacts identified.", new Object[]{moduleName, temps, tempList.size()});
logger.log(Level.INFO, "{0} - Now getting downloads from {1} with {2} artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
@ -509,15 +509,15 @@ class Firefox extends Extract {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
((result.get("url").toString() != null) ? result.get("url").toString() : "")));
((result.get("url").toString() != null) ? result.get("url").toString() : ""))); //NON-NLS
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "RecentActivity", ((result.get("source").toString() != null) ? EscapeUtil.decodeURL(result.get("source").toString()) : "")));
//TODO Revisit usage of deprecated constructor as per TSK-583
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", (Long.valueOf(result.get("startTime").toString()))));
String target = result.get("target").toString();
String target = result.get("target").toString(); //NON-NLS
if (target != null) {
try {
String decodedTarget = URLDecoder.decode(target.toString().replaceAll("file:///", ""), "UTF-8");
String decodedTarget = URLDecoder.decode(target.toString().replaceAll("file:///", ""), "UTF-8"); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
@ -530,14 +530,14 @@ class Firefox extends Extract {
pathID));
}
} catch (UnsupportedEncodingException ex) {
logger.log(Level.SEVERE, "Error decoding Firefox download URL in " + temps, ex);
logger.log(Level.SEVERE, "Error decoding Firefox download URL in " + temps, ex); //NON-NLS
errors++;
}
}
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
Long.valueOf(result.get("lastModified").toString())));
Long.valueOf(result.get("lastModified").toString()))); //NON-NLS
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
@ -545,7 +545,7 @@ class Firefox extends Extract {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
(Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : ""))));
(Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "")))); //NON-NLS
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes);
}

24
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java
View File

@ -95,14 +95,14 @@ public final class RAImageIngestModule extends IngestModuleAdapter implements Da
for (int i = 0; i < extracters.size(); i++) {
Extract extracter = extracters.get(i);
if (context.isJobCancelled()) {
logger.log(Level.INFO, "Recent Activity has been canceled, quitting before {0}", extracter.getName());
logger.log(Level.INFO, "Recent Activity has been canceled, quitting before {0}", extracter.getName()); //NON-NLS
break;
}
try {
extracter.process(dataSource, context);
} catch (Exception ex) {
logger.log(Level.SEVERE, "Exception occurred in " + extracter.getName(), ex);
logger.log(Level.SEVERE, "Exception occurred in " + extracter.getName(), ex); //NON-NLS
subCompleted.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errModFailed",
extracter.getName()));
errors.add(
@ -121,9 +121,9 @@ public final class RAImageIngestModule extends IngestModuleAdapter implements Da
errorMessage.append(
NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsg.errsEncountered"));
for (String msg : errors) {
errorMessage.append("<li>").append(msg).append("</li>\n");
errorMessage.append("<li>").append(msg).append("</li>\n"); //NON-NLS
}
errorMessage.append("</ul>\n");
errorMessage.append("</ul>\n"); //NON-NLS
if (errors.size() == 1) {
errorMsgSubject = NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsgSub.oneErr");
@ -146,13 +146,13 @@ public final class RAImageIngestModule extends IngestModuleAdapter implements Da
historyMsg.append(
NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.title", dataSource.getName()));
for (Extract module : browserExtracters) {
historyMsg.append("<li>").append(module.getName());
historyMsg.append("<li>").append(module.getName()); //NON-NLS
historyMsg.append(": ").append((module.foundData()) ? NbBundle
.getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.found") : NbBundle
.getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.notFnd"));
historyMsg.append("</li>");
historyMsg.append("</li>"); //NON-NLS
}
historyMsg.append("</ul>");
historyMsg.append("</ul>"); //NON-NLS
final IngestMessage inboxMsg = IngestMessage.createMessage(MessageType.INFO, RecentActivityExtracterModuleFactory.getModuleName(),
NbBundle.getMessage(this.getClass(),
"RAImageIngestModule.process.ingestMsg.results",
@ -175,7 +175,7 @@ public final class RAImageIngestModule extends IngestModuleAdapter implements Da
try {
extracter.complete();
} catch (Exception ex) {
logger.log(Level.SEVERE, "Exception occurred when completing " + extracter.getName(), ex);
logger.log(Level.SEVERE, "Exception occurred when completing " + extracter.getName(), ex); //NON-NLS
subCompleted.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.complete.errMsg.failed",
extracter.getName()));
}
@ -187,10 +187,10 @@ public final class RAImageIngestModule extends IngestModuleAdapter implements Da
try {
extracter.stop();
} catch (Exception ex) {
logger.log(Level.SEVERE, "Exception during stop() of " + extracter.getName(), ex);
logger.log(Level.SEVERE, "Exception during stop() of " + extracter.getName(), ex); //NON-NLS
}
}
logger.log(Level.INFO, "Recent Activity processes has been shutdown.");
logger.log(Level.INFO, "Recent Activity processes has been shutdown."); //NON-NLS
}
/**
@ -203,7 +203,7 @@ public final class RAImageIngestModule extends IngestModuleAdapter implements Da
* @return Path to directory
*/
protected static String getRATempPath(Case a_case, String mod) {
String tmpDir = a_case.getTempDirectory() + File.separator + "RecentActivity" + File.separator + mod;
String tmpDir = a_case.getTempDirectory() + File.separator + "RecentActivity" + File.separator + mod; //NON-NLS
File dir = new File(tmpDir);
if (dir.exists() == false) {
dir.mkdirs();
@ -221,7 +221,7 @@ public final class RAImageIngestModule extends IngestModuleAdapter implements Da
* @return Path to directory
*/
protected static String getRAOutputPath(Case a_case, String mod) {
String tmpDir = a_case.getModulesOutputDirAbsPath() + File.separator + "RecentActivity" + File.separator + mod;
String tmpDir = a_case.getModulesOutputDirAbsPath() + File.separator + "RecentActivity" + File.separator + mod; //NON-NLS
File dir = new File(tmpDir);
if (dir.exists() == false) {
dir.mkdirs();

8
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RecentDocumentsByLnk.java
View File

@ -63,9 +63,9 @@ class RecentDocumentsByLnk extends Extract {
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> recentFiles;
try {
recentFiles = fileManager.findFiles(dataSource, "%.lnk", "Recent");
recentFiles = fileManager.findFiles(dataSource, "%.lnk", "Recent"); //NON-NLS
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error searching for .lnk files.");
logger.log(Level.WARNING, "Error searching for .lnk files."); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "RecentDocumentsByLnk.getRecDoc.errMsg.errGetLnkFiles",
this.getName()));
@ -73,7 +73,7 @@ class RecentDocumentsByLnk extends Extract {
}
if (recentFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any recent files.");
logger.log(Level.INFO, "Didn't find any recent files."); //NON-NLS
return;
}
@ -95,7 +95,7 @@ class RecentDocumentsByLnk extends Extract {
boolean unalloc = recentFile.isMetaFlagSet(TskData.TSK_FS_META_FLAG_ENUM.UNALLOC)
|| recentFile.isDirNameFlagSet(TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC);
if (unalloc == false) {
logger.log(Level.SEVERE, "Error lnk parsing the file to get recent files" + recentFile, e);
logger.log(Level.SEVERE, "Error lnk parsing the file to get recent files" + recentFile, e); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "RecentDocumentsByLnk.getRecDoc.errParsingFile",
this.getName(), recentFile.getName()));

58
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/SearchEngineURLQueryAnalyzer.java
View File

@ -63,8 +63,8 @@ import org.xml.sax.SAXException;
class SearchEngineURLQueryAnalyzer extends Extract {
private static final Logger logger = Logger.getLogger(SearchEngineURLQueryAnalyzer.class.getName());
private static final String XMLFILE = "SEUQAMappings.xml";
private static final String XSDFILE = "SearchEngineSchema.xsd";
private static final String XMLFILE = "SEUQAMappings.xml"; //NON-NLS
private static final String XSDFILE = "SearchEngineSchema.xsd"; //NON-NLS
private static String[] searchEngineNames;
private static SearchEngineURLQueryAnalyzer.SearchEngine[] engines;
private static Document xmlinput;
@ -124,19 +124,19 @@ class SearchEngineURLQueryAnalyzer extends Extract {
}
private void createEngines() {
NodeList nlist = xmlinput.getElementsByTagName("SearchEngine");
NodeList nlist = xmlinput.getElementsByTagName("SearchEngine"); //NON-NLS
SearchEngineURLQueryAnalyzer.SearchEngine[] listEngines = new SearchEngineURLQueryAnalyzer.SearchEngine[nlist.getLength()];
for (int i = 0; i < nlist.getLength(); i++) {
NamedNodeMap nnm = nlist.item(i).getAttributes();
String EngineName = nnm.getNamedItem("engine").getNodeValue();
String EnginedomainSubstring = nnm.getNamedItem("domainSubstring").getNodeValue();
String EngineName = nnm.getNamedItem("engine").getNodeValue(); //NON-NLS
String EnginedomainSubstring = nnm.getNamedItem("domainSubstring").getNodeValue(); //NON-NLS
Map<String, String> splits = new HashMap<>();
NodeList listSplits = xmlinput.getElementsByTagName("splitToken");
NodeList listSplits = xmlinput.getElementsByTagName("splitToken"); //NON-NLS
for (int k = 0; k < listSplits.getLength(); k++) {
if (listSplits.item(k).getParentNode().getAttributes().getNamedItem("engine").getNodeValue().equals(EngineName)) {
splits.put(listSplits.item(k).getAttributes().getNamedItem("plainToken").getNodeValue(), listSplits.item(k).getAttributes().getNamedItem("regexToken").getNodeValue());
if (listSplits.item(k).getParentNode().getAttributes().getNamedItem("engine").getNodeValue().equals(EngineName)) { //NON-NLS
splits.put(listSplits.item(k).getAttributes().getNamedItem("plainToken").getNodeValue(), listSplits.item(k).getAttributes().getNamedItem("regexToken").getNodeValue()); //NON-NLS
}
}
@ -182,7 +182,7 @@ class SearchEngineURLQueryAnalyzer extends Extract {
* @return The extracted search query.
*/
private String extractSearchEngineQuery(String url) {
String x = "NoQuery";
String x = "NoQuery"; //NON-NLS
SearchEngineURLQueryAnalyzer.SearchEngine eng = getSearchEngine(url);
for (Map.Entry<String, String> kvp : eng.getSplits()) {
if (url.contains(kvp.getKey())) {
@ -191,10 +191,10 @@ class SearchEngineURLQueryAnalyzer extends Extract {
}
}
try { //try to decode the url
String decoded = URLDecoder.decode(x, "UTF-8");
String decoded = URLDecoder.decode(x, "UTF-8"); //NON-NLS
return decoded;
} catch (UnsupportedEncodingException uee) { //if it fails, return the encoded string
logger.log(Level.FINE, "Error during URL decoding ", uee);
logger.log(Level.FINE, "Error during URL decoding ", uee); //NON-NLS
return x;
}
}
@ -209,7 +209,7 @@ class SearchEngineURLQueryAnalyzer extends Extract {
*
*/
private String split2(String url, String value) {
String basereturn = "NoQuery";
String basereturn = "NoQuery"; //NON-NLS
String v = value;
//Want to determine if string contains a string based on splitkey, but we want to split the string on splitKeyConverted due to regex
if (value.contains("\\?")) {
@ -230,9 +230,9 @@ class SearchEngineURLQueryAnalyzer extends Extract {
int totalQueries = 0;
try {
//from blackboard_artifacts
Collection<BlackboardArtifact> listArtifacts = currentCase.getSleuthkitCase().getMatchingArtifacts("WHERE (`artifact_type_id` = '" + ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()
+ "' OR `artifact_type_id` = '" + ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID() + "') "); //List of every 'web_history' and 'bookmark' artifact
logger.log(Level.INFO, "Processing {0} blackboard artifacts.", listArtifacts.size());
Collection<BlackboardArtifact> listArtifacts = currentCase.getSleuthkitCase().getMatchingArtifacts("WHERE (`artifact_type_id` = '" + ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID() //NON-NLS
+ "' OR `artifact_type_id` = '" + ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID() + "') "); //List of every 'web_history' and 'bookmark' artifact NON-NLS
logger.log(Level.INFO, "Processing {0} blackboard artifacts.", listArtifacts.size()); //NON-NLS
getAll:
for (BlackboardArtifact artifact : listArtifacts) {
//initializing default attributes
@ -255,7 +255,7 @@ class SearchEngineURLQueryAnalyzer extends Extract {
SearchEngineURLQueryAnalyzer.SearchEngine se = NullEngine;
//from blackboard_attributes
Collection<BlackboardAttribute> listAttributes = currentCase.getSleuthkitCase().getMatchingAttributes("Where `artifact_id` = " + artifact.getArtifactID());
Collection<BlackboardAttribute> listAttributes = currentCase.getSleuthkitCase().getMatchingAttributes("Where `artifact_id` = " + artifact.getArtifactID()); //NON-NLS
getAttributes:
for (BlackboardAttribute attribute : listAttributes) {
if (context.isJobCancelled()) {
@ -266,7 +266,7 @@ class SearchEngineURLQueryAnalyzer extends Extract {
se = getSearchEngine(urlString);
if (!se.equals(NullEngine)) {
query = extractSearchEngineQuery(attribute.getValueString());
if (query.equals("NoQuery") || query.equals("")) { //False positive match, artifact was not a query.
if (query.equals("NoQuery") || query.equals("")) { //False positive match, artifact was not a query. NON-NLS
break getAttributes;
}
} else if (se.equals(NullEngine)) {
@ -281,7 +281,7 @@ class SearchEngineURLQueryAnalyzer extends Extract {
}
}
if (!se.equals(NullEngine) && !query.equals("NoQuery") && !query.equals("")) {
if (!se.equals(NullEngine) && !query.equals("NoQuery") && !query.equals("")) { //NON-NLS
Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
NbBundle.getMessage(this.getClass(),
@ -301,15 +301,15 @@ class SearchEngineURLQueryAnalyzer extends Extract {
}
}
} catch (TskException e) {
logger.log(Level.SEVERE, "Encountered error retrieving artifacts for search engine queries", e);
logger.log(Level.SEVERE, "Encountered error retrieving artifacts for search engine queries", e); //NON-NLS
} finally {
if (context.isJobCancelled()) {
logger.info("Operation terminated by user.");
logger.info("Operation terminated by user."); //NON-NLS
}
IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(
NbBundle.getMessage(this.getClass(), "SearchEngineURLQueryAnalyzer.parentModuleName.noSpace"),
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY));
logger.log(Level.INFO, "Extracted {0} queries from the blackboard", totalQueries);
logger.log(Level.INFO, "Extracted {0} queries from the blackboard", totalQueries); //NON-NLS
}
}
@ -329,7 +329,7 @@ class SearchEngineURLQueryAnalyzer extends Extract {
this.dataSource = dataSource;
this.context = context;
this.getURLs();
logger.log(Level.INFO, "Search Engine stats: \n{0}", getTotals());
logger.log(Level.INFO, "Search Engine stats: \n{0}", getTotals()); //NON-NLS
}
@Override
@ -348,33 +348,33 @@ class SearchEngineURLQueryAnalyzer extends Extract {
try {
String path = PlatformUtil.getUserConfigDirectory() + File.separator + XMLFILE;
File f = new File(path);
logger.log(Level.INFO, "Load successful");
logger.log(Level.INFO, "Load successful"); //NON-NLS
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
DocumentBuilder db = dbf.newDocumentBuilder();
Document xml = db.parse(f);
xmlinput = xml;
if (!XMLUtil.xmlIsValid(xml, SearchEngineURLQueryAnalyzer.class, XSDFILE)) {
logger.log(Level.WARNING, "Error loading Search Engines: could not validate against [" + XSDFILE + "], results may not be accurate.");
logger.log(Level.WARNING, "Error loading Search Engines: could not validate against [" + XSDFILE + "], results may not be accurate."); //NON-NLS
}
createEngines();
getSearchEngineNames();
} catch (IOException e) {
logger.log(Level.SEVERE, "Was not able to load SEUQAMappings.xml", e);
logger.log(Level.SEVERE, "Was not able to load SEUQAMappings.xml", e); //NON-NLS
} catch (ParserConfigurationException pce) {
logger.log(Level.SEVERE, "Unable to build XML parser", pce);
logger.log(Level.SEVERE, "Unable to build XML parser", pce); //NON-NLS
} catch (SAXException sxe) {
logger.log(Level.SEVERE, "Unable to parse XML file", sxe);
logger.log(Level.SEVERE, "Unable to parse XML file", sxe); //NON-NLS
}
}
@Override
public void complete() {
logger.info("Search Engine URL Query Analyzer has completed.");
logger.info("Search Engine URL Query Analyzer has completed."); //NON-NLS
}
@Override
public void stop() {
logger.info("Attempted to stop Search Engine URL Query Analyzer, but operation is not supported; skipping...");
logger.info("Attempted to stop Search Engine URL Query Analyzer, but operation is not supported; skipping..."); //NON-NLS
}
}

12
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/UsbDeviceIdMapper.java
View File

@ -42,16 +42,16 @@ import org.sleuthkit.autopsy.coreutils.PlatformUtil;
class UsbDeviceIdMapper {
private static final Logger logger = Logger.getLogger(UsbDeviceIdMapper.class.getName());
private HashMap<String, USBInfo> devices;
private static final String DataFile = "USB_DATA.txt";
private static final String DataFile = "USB_DATA.txt"; //NON-NLS
public UsbDeviceIdMapper() {
try {
loadDeviceMap();
} catch (FileNotFoundException ex) {
logger.log(Level.SEVERE, "Could not find file " + DataFile + ".", ex);
logger.log(Level.SEVERE, "Could not find file " + DataFile + ".", ex); //NON-NLS
devices = null;
} catch (IOException ex) {
logger.log(Level.SEVERE, "Unknown IO error occurred in method devices.", ex);
logger.log(Level.SEVERE, "Unknown IO error occurred in method devices.", ex); //NON-NLS
}
}
@ -105,12 +105,12 @@ class UsbDeviceIdMapper {
}
// stop once we've hitten the part of the file that starts to talk about class types
if (line.startsWith("C 00")) {
if (line.startsWith("C 00")) { //NON-NLS
return;
}
String dvc = "";
String[] tokens = line.split("[\\t\\s]+");
String[] tokens = line.split("[\\t\\s]+"); //NON-NLS
String vID = tokens[0];
for (int n = 1; n < tokens.length; n++) {
dvc += tokens[n] + " ";
@ -126,7 +126,7 @@ class UsbDeviceIdMapper {
line = dat.nextLine();
if (line.startsWith("\t")) {
while (dat.hasNext() && line.startsWith("\t")) {
tokens = line.split("[\\t\\s]+");
tokens = line.split("[\\t\\s]+"); //NON-NLS
// make key based on upper case version of vendor and product IDs
pID = vID + tokens[1];

20
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Util.java
View File

@ -151,7 +151,7 @@ class Util {
public static String getFileName(String value) {
String filename = "";
String filematch = "^([a-zA-Z]\\:)(\\\\[^\\\\/:*?<>\"|]*(?<!\\[ \\]))*(\\.[a-zA-Z]{2,6})$";
String filematch = "^([a-zA-Z]\\:)(\\\\[^\\\\/:*?<>\"|]*(?<!\\[ \\]))*(\\.[a-zA-Z]{2,6})$"; //NON-NLS
Pattern p = Pattern.compile(filematch, Pattern.CASE_INSENSITIVE | Pattern.DOTALL | Pattern.COMMENTS);
Matcher m = p.matcher(value);
@ -168,7 +168,7 @@ class Util {
String path = "";
//String drive ="([a-z]:\\\\(?:[-\\w\\.\\d]+\\\\)*(?:[-\\w\\.\\d]+)?)"; // Windows drive
String drive = "([a-z]:\\\\\\S.+)";
String drive = "([a-z]:\\\\\\S.+)"; //NON-NLS
Pattern p = Pattern.compile(drive, Pattern.CASE_INSENSITIVE | Pattern.COMMENTS);
Matcher m = p.matcher(txt);
if (m.find()) {
@ -176,7 +176,7 @@ class Util {
} else {
String network = "(\\\\(?:\\\\[^:\\s?*\"<>|]+)+)"; // Windows network
String network = "(\\\\(?:\\\\[^:\\s?*\"<>|]+)+)"; // Windows network NON-NLS
Pattern p2 = Pattern.compile(network, Pattern.CASE_INSENSITIVE | Pattern.DOTALL);
Matcher m2 = p2.matcher(txt);
@ -202,7 +202,7 @@ class Util {
try {
files = fileManager.findFiles(dataSource, name, parent_path);
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history.");
logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history."); //NON-NLS
}
if (files == null || files.isEmpty()) {
@ -212,19 +212,19 @@ class Util {
}
public static boolean checkColumn(String column, String tablename, String connection) {
String query = "PRAGMA table_info(" + tablename + ")";
String query = "PRAGMA table_info(" + tablename + ")"; //NON-NLS
boolean found = false;
ResultSet temprs;
try {
SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", "jdbc:sqlite:" + connection);
SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", "jdbc:sqlite:" + connection); //NON-NLS
temprs = tempdbconnect.executeQry(query);
while (temprs.next()) {
if (temprs.getString("name") == null ? column == null : temprs.getString("name").equals(column)) {
if (temprs.getString("name") == null ? column == null : temprs.getString("name").equals(column)) { //NON-NLS
found = true;
}
}
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to get columns from sqlite db." + connection, ex);
logger.log(Level.WARNING, "Error while trying to get columns from sqlite db." + connection, ex); //NON-NLS
}
return found;
}
@ -232,11 +232,11 @@ class Util {
public static ResultSet runQuery(String query, String connection) {
ResultSet results = null;
try {
SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", "jdbc:sqlite:" + connection);
SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", "jdbc:sqlite:" + connection); //NON-NLS
results = tempdbconnect.executeQry(query);
tempdbconnect.closeConnection();
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to run sql query: " + query + " : " + connection, ex);
logger.log(Level.WARNING, "Error while trying to run sql query: " + query + " : " + connection, ex); //NON-NLS
}
return results;
}