mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-15 09:17:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #941 from rcordovano/recent_activity_cancellable

Browse Source 
Recent activity cancellable
This commit is contained in:
Richard Cordovano 2014-11-06 22:05:11 -05:00
commit 88677f30a9
12 changed files with 101 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Core/src/org/sleuthkit/autopsy/coreutils/ExecUtil.java
View File

@ -149,7 +149,10 @@ public final class ExecUtil {
logger.log(Level.WARNING, "Error occurred when attempting to kill process: {0}", ex.getMessage()); // NON-NLS logger.log(Level.WARNING, "Error occurred when attempting to kill process: {0}", ex.getMessage()); // NON-NLS
} }
} }
/**
* EVERYTHING FOLLOWING THIS LINE IS DEPRECATED AND SLATED FOR REMOVAL
*/
private static final Logger logger = Logger.getLogger(ExecUtil.class.getName()); private static final Logger logger = Logger.getLogger(ExecUtil.class.getName());
private Process proc = null; private Process proc = null;
private ExecUtil.StreamToStringRedirect errorStringRedirect = null; private ExecUtil.StreamToStringRedirect errorStringRedirect = null;

27
Core/src/org/sleuthkit/autopsy/examples/SampleExecutableDataSourceIngestModule.java
View File

@ -52,6 +52,7 @@ import org.sleuthkit.autopsy.externalresults.ExternalResults;
import org.sleuthkit.autopsy.externalresults.ExternalResultsImporter; import org.sleuthkit.autopsy.externalresults.ExternalResultsImporter;
import org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser; import org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser;
import org.sleuthkit.autopsy.ingest.DataSourceIngestModule; import org.sleuthkit.autopsy.ingest.DataSourceIngestModule;
import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProcessTerminator;
import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress; import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
import org.sleuthkit.autopsy.ingest.IngestJobContext; import org.sleuthkit.autopsy.ingest.IngestJobContext;
import org.sleuthkit.autopsy.ingest.IngestMessage; import org.sleuthkit.autopsy.ingest.IngestMessage;
@ -73,15 +74,15 @@ public class SampleExecutableDataSourceIngestModule implements DataSourceIngestM
private static final IngestModuleReferenceCounter refCounter = new IngestModuleReferenceCounter(); private static final IngestModuleReferenceCounter refCounter = new IngestModuleReferenceCounter();
private static final String moduleName = SampleExecutableIngestModuleFactory.getModuleName(); private static final String moduleName = SampleExecutableIngestModuleFactory.getModuleName();
private final String fileInCaseDatabase = "/WINDOWS/system32/ntmsapi.dll"; // Probably private final String fileInCaseDatabase = "/WINDOWS/system32/ntmsapi.dll"; // Probably
private long jobId; private IngestJobContext context;
private String outputDirPath; private String outputDirPath;
private String derivedFileInCaseDatabase; private String derivedFileInCaseDatabase;
@Override @Override
public void startUp(IngestJobContext context) throws IngestModuleException { public void startUp(IngestJobContext context) throws IngestModuleException {
jobId = context.getJobId(); this.context = context;
if (refCounter.incrementAndGet(jobId) == 1) { if (refCounter.incrementAndGet(context.getJobId()) == 1) {
// Create an output directory for this job. // Create an output directory for this job.
outputDirPath = Case.getCurrentCase().getModulesOutputDirAbsPath() + File.separator + moduleName; //NON-NLS outputDirPath = Case.getCurrentCase().getModulesOutputDirAbsPath() + File.separator + moduleName; //NON-NLS
File outputDir = new File(outputDirPath); File outputDir = new File(outputDirPath);
@ -93,7 +94,7 @@ public class SampleExecutableDataSourceIngestModule implements DataSourceIngestM
@Override @Override
public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar) { public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar) {
if (refCounter.get(jobId) == 1) { if (refCounter.get(context.getJobId()) == 1) {
try { try {
// There will be two tasks: data source analysis and import of // There will be two tasks: data source analysis and import of
// the results of the analysis. // the results of the analysis.
@ -108,14 +109,18 @@ public class SampleExecutableDataSourceIngestModule implements DataSourceIngestM
// derived files, and reports generated by the analysis. In this // derived files, and reports generated by the analysis. In this
// sample ingest module, the generation of the analysis results is // sample ingest module, the generation of the analysis results is
// simulated. // simulated.
String resultsFilePath = outputDirPath + File.separator + String.format("job_%d_results.xml", jobId); String resultsFilePath = outputDirPath + File.separator + String.format("job_%d_results.xml", context.getJobId());
boolean haveRealExecutable = false; boolean haveRealExecutable = false;
if (haveRealExecutable) { if (haveRealExecutable) {
if (dataSource instanceof Image) { if (dataSource instanceof Image) {
Image image = (Image)dataSource; Image image = (Image)dataSource;
String dataSourcePath = image.getPaths()[0]; String dataSourcePath = image.getPaths()[0];
ExecUtil executor = new ExecUtil(); List<String> commandLine = new ArrayList<>();
executor.execute("some.exe", dataSourcePath, resultsFilePath); commandLine.add("some.exe");
commandLine.add(dataSourcePath);
commandLine.add(resultsFilePath);
ProcessBuilder processBuilder = new ProcessBuilder(commandLine);
ExecUtil.execute(processBuilder, new DataSourceIngestModuleProcessTerminator(context));
} }
// not a disk image // not a disk image
else { else {
@ -136,7 +141,7 @@ public class SampleExecutableDataSourceIngestModule implements DataSourceIngestM
IngestServices.getInstance().postMessage(IngestMessage.createErrorMessage(moduleName, "External Results Import Error", errorInfo.getMessage())); IngestServices.getInstance().postMessage(IngestMessage.createErrorMessage(moduleName, "External Results Import Error", errorInfo.getMessage()));
} }
progressBar.progress(2); progressBar.progress(2);
} catch (InterruptedException | ParserConfigurationException | TransformerException | IOException ex) { } catch (ParserConfigurationException | TransformerException | IOException ex) {
Logger logger = IngestServices.getInstance().getLogger(moduleName); Logger logger = IngestServices.getInstance().getLogger(moduleName);
logger.log(Level.SEVERE, "Failed to simulate analysis and results import", ex); //NON-NLS logger.log(Level.SEVERE, "Failed to simulate analysis and results import", ex); //NON-NLS
return ProcessResult.ERROR; return ProcessResult.ERROR;
@ -155,7 +160,7 @@ public class SampleExecutableDataSourceIngestModule implements DataSourceIngestM
List<String> filePaths = new ArrayList<>(); List<String> filePaths = new ArrayList<>();
String fileContents = "This is a simulated derived file."; String fileContents = "This is a simulated derived file.";
for (int i = 0; i < 2; ++i) { for (int i = 0; i < 2; ++i) {
String fileName = String.format("job_%d_derived_file_%d.txt", jobId, i); String fileName = String.format("job_%d_derived_file_%d.txt", context.getJobId(), i);
filePaths.add(generateFile(fileName, fileContents.getBytes())); filePaths.add(generateFile(fileName, fileContents.getBytes()));
if (i == 0) { if (i == 0) {
this.derivedFileInCaseDatabase = this.fileInCaseDatabase + "/" + fileName; this.derivedFileInCaseDatabase = this.fileInCaseDatabase + "/" + fileName;
@ -168,7 +173,7 @@ public class SampleExecutableDataSourceIngestModule implements DataSourceIngestM
List<String> filePaths = new ArrayList<>(); List<String> filePaths = new ArrayList<>();
String fileContents = "This is a simulated report."; String fileContents = "This is a simulated report.";
for (int i = 0; i < 2; ++i) { for (int i = 0; i < 2; ++i) {
String fileName = String.format("job_%d_report_%d.txt", jobId, i); String fileName = String.format("job_%d_report_%d.txt", context.getJobId(), i);
filePaths.add(generateFile(fileName, fileContents.getBytes())); filePaths.add(generateFile(fileName, fileContents.getBytes()));
} }
return filePaths; return filePaths;

2
Core/src/org/sleuthkit/autopsy/modules/photoreccarver/PhotoRecCarverFileIngestModule.java
View File

@ -216,7 +216,7 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {
PhotoRecCarverOutputParser parser = new PhotoRecCarverOutputParser(outputDirPath); PhotoRecCarverOutputParser parser = new PhotoRecCarverOutputParser(outputDirPath);
List<LayoutFile> theList = parser.parse(newAuditFile, id, file); List<LayoutFile> theList = parser.parse(newAuditFile, id, file);
if (theList != null) { // if there were any results from carving, add the unallocated carving event to the reports list. if (theList != null) { // if there were any results from carving, add the unallocated carving event to the reports list.
context.scheduleFiles(new ArrayList<>(theList)); context.addFilesToJob(new ArrayList<>(theList));
} }
} }
catch (IOException ex) { catch (IOException ex) {

2
Core/src/org/sleuthkit/autopsy/modules/sevenzip/SevenZipIngestModule.java
View File

@ -181,7 +181,7 @@ public final class SevenZipIngestModule implements FileIngestModule {
//currently sending a single event for all new files //currently sending a single event for all new files
services.fireModuleContentEvent(new ModuleContentEvent(abstractFile)); services.fireModuleContentEvent(new ModuleContentEvent(abstractFile));
context.scheduleFiles(unpackedFiles); context.addFilesToJob(unpackedFiles);
} }
return ProcessResult.OK; return ProcessResult.OK;

3
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java
View File

@ -247,8 +247,7 @@ public final class KeywordSearchIngestModule implements FileIngestModule {
return; return;
} }
if (context.isJobCancelled()) { if (context.fileIngestIsCancelled()) {
logger.log(Level.INFO, "Ingest job cancelled"); //NON-NLS
stop(); stop();
return; return;
} }

10
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
View File

@ -128,7 +128,7 @@ class Chrome extends Extract {
continue; continue;
} }
File dbFile = new File(temps); File dbFile = new File(temps);
if (context.isJobCancelled()) { if (context.dataSourceIngestIsCancelled()) {
dbFile.delete(); dbFile.delete();
break; break;
} }
@ -204,7 +204,7 @@ class Chrome extends Extract {
logger.log(Level.INFO, "{0}- Now getting Bookmarks from {1}", new Object[]{moduleName, temps}); //NON-NLS logger.log(Level.INFO, "{0}- Now getting Bookmarks from {1}", new Object[]{moduleName, temps}); //NON-NLS
File dbFile = new File(temps); File dbFile = new File(temps);
if (context.isJobCancelled()) { if (context.dataSourceIngestIsCancelled()) {
dbFile.delete(); dbFile.delete();
break; break;
} }
@ -341,7 +341,7 @@ class Chrome extends Extract {
continue; continue;
} }
File dbFile = new File(temps); File dbFile = new File(temps);
if (context.isJobCancelled()) { if (context.dataSourceIngestIsCancelled()) {
dbFile.delete(); dbFile.delete();
break; break;
} }
@ -416,7 +416,7 @@ class Chrome extends Extract {
continue; continue;
} }
File dbFile = new File(temps); File dbFile = new File(temps);
if (context.isJobCancelled()) { if (context.dataSourceIngestIsCancelled()) {
dbFile.delete(); dbFile.delete();
break; break;
} }
@ -504,7 +504,7 @@ class Chrome extends Extract {
continue; continue;
} }
File dbFile = new File(temps); File dbFile = new File(temps);
if (context.isJobCancelled()) { if (context.dataSourceIngestIsCancelled()) {
dbFile.delete(); dbFile.delete();
break; break;
} }

46
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -52,6 +52,7 @@ import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.Content;
import org.sleuthkit.autopsy.coreutils.PlatformUtil; import org.sleuthkit.autopsy.coreutils.PlatformUtil;
import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProcessTerminator;
import org.sleuthkit.autopsy.ingest.IngestJobContext; import org.sleuthkit.autopsy.ingest.IngestJobContext;
import org.sleuthkit.datamodel.*; import org.sleuthkit.datamodel.*;
@ -111,7 +112,7 @@ class ExtractIE extends Extract {
continue; continue;
} }
if (context.isJobCancelled()) { if (context.dataSourceIngestIsCancelled()) {
break; break;
} }
@ -201,7 +202,7 @@ class ExtractIE extends Extract {
dataFound = true; dataFound = true;
for (AbstractFile cookiesFile : cookiesFiles) { for (AbstractFile cookiesFile : cookiesFiles) {
if (context.isJobCancelled()) { if (context.dataSourceIngestIsCancelled()) {
break; break;
} }
if (cookiesFile.getSize() == 0) { if (cookiesFile.getSize() == 0) {
@ -309,7 +310,7 @@ class ExtractIE extends Extract {
//indexFileName = "index" + Long.toString(bbart.getArtifactID()) + ".dat"; //indexFileName = "index" + Long.toString(bbart.getArtifactID()) + ".dat";
temps = RAImageIngestModule.getRATempPath(currentCase, "IE") + File.separator + indexFileName; //NON-NLS temps = RAImageIngestModule.getRATempPath(currentCase, "IE") + File.separator + indexFileName; //NON-NLS
File datFile = new File(temps); File datFile = new File(temps);
if (context.isJobCancelled()) { if (context.dataSourceIngestIsCancelled()) {
break; break;
} }
try { try {
@ -324,6 +325,9 @@ class ExtractIE extends Extract {
String filename = "pasco2Result." + indexFile.getId() + ".txt"; //NON-NLS String filename = "pasco2Result." + indexFile.getId() + ".txt"; //NON-NLS
boolean bPascProcSuccess = executePasco(temps, filename); boolean bPascProcSuccess = executePasco(temps, filename);
if (context.dataSourceIngestIsCancelled()) {
return;
}
//At this point pasco2 proccessed the index files. //At this point pasco2 proccessed the index files.
//Now fetch the results, parse them and the delete the files. //Now fetch the results, parse them and the delete the files.
@ -354,34 +358,26 @@ class ExtractIE extends Extract {
*/ */
private boolean executePasco(String indexFilePath, String outputFileName) { private boolean executePasco(String indexFilePath, String outputFileName) {
boolean success = true; boolean success = true;
Writer writer = null;
ExecUtil execPasco = new ExecUtil();
try { try {
final String outputFileFullPath = moduleTempResultsDir + File.separator + outputFileName; final String outputFileFullPath = moduleTempResultsDir + File.separator + outputFileName;
logger.log(Level.INFO, "Writing pasco results to: {0}", outputFileFullPath); //NON-NLS final String errFileFullPath = moduleTempResultsDir + File.separator + outputFileName + ".err";
writer = new FileWriter(outputFileFullPath); logger.log(Level.INFO, "Writing pasco results to: {0}", outputFileFullPath); //NON-NLS
execPasco.execute(writer, JAVA_PATH, List<String> commandLine = new ArrayList<>();
"-cp", PASCO_LIB_PATH, //NON-NLS commandLine.add(JAVA_PATH);
"isi.pasco2.Main", "-T", "history", indexFilePath ); //NON-NLS commandLine.add("-cp"); //NON-NLS
commandLine.add(PASCO_LIB_PATH);
commandLine.add("isi.pasco2.Main"); //NON-NLS
commandLine.add("-T"); //NON-NLS
commandLine.add("history"); //NON-NLS
commandLine.add(indexFilePath);
ProcessBuilder processBuilder = new ProcessBuilder(commandLine);
processBuilder.redirectOutput(new File(outputFileFullPath));
processBuilder.redirectError(new File(errFileFullPath));
ExecUtil.execute(processBuilder, new DataSourceIngestModuleProcessTerminator(context));
// @@@ Investigate use of history versus cache as type. // @@@ Investigate use of history versus cache as type.
} catch (IOException ex) { } catch (IOException ex) {
success = false; success = false;
logger.log(Level.SEVERE, "Unable to execute Pasco to process Internet Explorer web history.", ex); //NON-NLS logger.log(Level.SEVERE, "Unable to execute Pasco to process Internet Explorer web history.", ex); //NON-NLS
} catch (InterruptedException ex) {
success = false;
logger.log(Level.SEVERE, "Pasco has been interrupted, failed to extract some web history from Internet Explorer.", ex); //NON-NLS
}
finally {
if (writer != null) {
try {
writer.flush();
writer.close();
} catch (IOException ex) {
logger.log(Level.WARNING, "Error closing writer stream after for Pasco result", ex); //NON-NLS
}
}
execPasco.stop();
} }
return success; return success;
} }

118
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -37,6 +37,7 @@ import org.sleuthkit.autopsy.coreutils.ExecUtil;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.PlatformUtil; import org.sleuthkit.autopsy.coreutils.PlatformUtil;
import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProcessTerminator;
import org.sleuthkit.autopsy.ingest.IngestJobContext; import org.sleuthkit.autopsy.ingest.IngestJobContext;
import org.sleuthkit.autopsy.recentactivity.UsbDeviceIdMapper.USBInfo; import org.sleuthkit.autopsy.recentactivity.UsbDeviceIdMapper.USBInfo;
import org.sleuthkit.datamodel.*; import org.sleuthkit.datamodel.*;
@ -61,15 +62,11 @@ class ExtractRegistry extends Extract {
private String RR_PATH; private String RR_PATH;
private String RR_FULL_PATH; private String RR_FULL_PATH;
private boolean rrFound = false; // true if we found the Autopsy-specific version of regripper private boolean rrFound = false; // true if we found the Autopsy-specific version of regripper
private boolean rrFullFound = false; // true if we found the full version of regripper private boolean rrFullFound = false; // true if we found the full version of regripper
final private static String MODULE_VERSION = "1.0";
private Content dataSource; private Content dataSource;
private IngestJobContext context; private IngestJobContext context;
final private static UsbDeviceIdMapper usbMapper = new UsbDeviceIdMapper(); final private static UsbDeviceIdMapper usbMapper = new UsbDeviceIdMapper();
//hide public constructor to prevent from instantiation by ingest module loader
ExtractRegistry() { ExtractRegistry() {
moduleName = NbBundle.getMessage(ExtractIE.class, "ExtractRegistry.moduleName.text"); moduleName = NbBundle.getMessage(ExtractIE.class, "ExtractRegistry.moduleName.text");
final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false); //NON-NLS final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false); //NON-NLS
@ -169,7 +166,7 @@ class ExtractRegistry extends Extract {
continue; continue;
} }
if (context.isJobCancelled()) { if (context.dataSourceIngestIsCancelled()) {
break; break;
} }
@ -182,10 +179,9 @@ class ExtractRegistry extends Extract {
logger.log(Level.SEVERE, null, ex); logger.log(Level.SEVERE, null, ex);
} }
logger.log(Level.INFO, moduleName + "- Now getting registry information from " + regFileNameLocal); //NON-NLS logger.log(Level.INFO, "{0}- Now getting registry information from {1}", new Object[]{moduleName, regFileNameLocal}); //NON-NLS
RegOutputFiles regOutputFiles = executeRegRip(regFileNameLocal, outputPathBase); RegOutputFiles regOutputFiles = ripRegistryFile(regFileNameLocal, outputPathBase);
if (context.dataSourceIngestIsCancelled()) {
if (context.isJobCancelled()) {
break; break;
} }
@ -268,9 +264,9 @@ class ExtractRegistry extends Extract {
* @param regFilePath Path to local copy of registry * @param regFilePath Path to local copy of registry
* @param outFilePathBase Path to location to save output file to. Base mtimeItem that will be extended on * @param outFilePathBase Path to location to save output file to. Base mtimeItem that will be extended on
*/ */
private RegOutputFiles executeRegRip(String regFilePath, String outFilePathBase) { private RegOutputFiles ripRegistryFile(String regFilePath, String outFilePathBase) {
String autopsyType = ""; // Type argument for rr for autopsy-specific modules String autopsyType = ""; // Type argument for rr for autopsy-specific modules
String fullType = ""; // Type argument for rr for full set of modules String fullType; // Type argument for rr for full set of modules
RegOutputFiles regOutputFiles = new RegOutputFiles(); RegOutputFiles regOutputFiles = new RegOutputFiles();
@ -298,78 +294,44 @@ class ExtractRegistry extends Extract {
// run the autopsy-specific set of modules // run the autopsy-specific set of modules
if (!autopsyType.isEmpty() && rrFound) { if (!autopsyType.isEmpty() && rrFound) {
// TODO - add error messages regOutputFiles.autopsyPlugins = outFilePathBase + "-autopsy.txt"; //NON-NLS
Writer writer = null; String errFilePath = outFilePathBase + "-autopsy.err.txt"; //NON-NLS
ExecUtil execRR = null; logger.log(Level.INFO, "Writing RegRipper results to: {0}", regOutputFiles.autopsyPlugins); //NON-NLS
try { executeRegRipper(regFilePath, autopsyType, regOutputFiles.autopsyPlugins, errFilePath);
regOutputFiles.autopsyPlugins = outFilePathBase + "-autopsy.txt"; //NON-NLS }
logger.log(Level.INFO, "Writing RegRipper results to: " + regOutputFiles.autopsyPlugins); //NON-NLS if (context.dataSourceIngestIsCancelled()) {
writer = new FileWriter(regOutputFiles.autopsyPlugins); return regOutputFiles;
execRR = new ExecUtil();
execRR.execute(writer, RR_PATH,
"-r", regFilePath, "-f", autopsyType); //NON-NLS
} catch (IOException ex) {
logger.log(Level.SEVERE, "Unable to RegRipper and process parse some registry files.", ex); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractRegistry.execRegRip.errMsg.failedAnalyzeRegFile",
this.getName()));
} catch (InterruptedException ex) {
logger.log(Level.SEVERE, "RegRipper has been interrupted, failed to parse registry.", ex); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractRegistry.execRegRip.errMsg.failedAnalyzeRegFile2",
this.getName()));
} finally {
if (writer != null) {
try {
writer.close();
} catch (IOException ex) {
logger.log(Level.SEVERE, "Error closing output writer after running RegRipper", ex); //NON-NLS
}
}
if (execRR != null) {
execRR.stop();
}
}
} }
// run the full set of rr modules // run the full set of rr modules
if (!fullType.isEmpty() && rrFullFound) { if (!fullType.isEmpty() && rrFullFound) {
Writer writer = null; regOutputFiles.fullPlugins = outFilePathBase + "-full.txt"; //NON-NLS
ExecUtil execRR = null; String errFilePath = outFilePathBase + "-full.err.txt"; //NON-NLS
try { logger.log(Level.INFO, "Writing Full RegRipper results to: {0}", regOutputFiles.fullPlugins); //NON-NLS
regOutputFiles.fullPlugins = outFilePathBase + "-full.txt"; //NON-NLS executeRegRipper(regFilePath, fullType, regOutputFiles.fullPlugins, errFilePath);
logger.log(Level.INFO, "Writing Full RegRipper results to: " + regOutputFiles.fullPlugins); //NON-NLS }
writer = new FileWriter(regOutputFiles.fullPlugins);
execRR = new ExecUtil();
execRR.execute(writer, RR_FULL_PATH,
"-r", regFilePath, "-f", fullType); //NON-NLS
} catch (IOException ex) {
logger.log(Level.SEVERE, "Unable to run full RegRipper and process parse some registry files.", ex); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractRegistry.execRegRip.errMsg.failedAnalyzeRegFile3",
this.getName()));
} catch (InterruptedException ex) {
logger.log(Level.SEVERE, "RegRipper full has been interrupted, failed to parse registry.", ex); //NON-NLS
this.addErrorMessage(
NbBundle.getMessage(this.getClass(), "ExtractRegistry.execRegRip.errMsg.failedAnalyzeRegFile4",
this.getName()));
} finally {
if (writer != null) {
try {
writer.close();
} catch (IOException ex) {
logger.log(Level.SEVERE, "Error closing output writer after running RegRipper full", ex); //NON-NLS
}
}
if (execRR != null) {
execRR.stop();
}
}
}
return regOutputFiles; return regOutputFiles;
} }
private void executeRegRipper(String hiveFilePath, String hiveFileType, String outputFile, String errFile) {
try {
logger.log(Level.INFO, "Writing RegRipper results to: {0}", outputFile); //NON-NLS
List<String> commandLine = new ArrayList<>();
commandLine.add(RR_PATH);
commandLine.add("-r"); //NON-NLS
commandLine.add(hiveFilePath);
commandLine.add("-f"); //NON-NLS
commandLine.add(hiveFileType);
ProcessBuilder processBuilder = new ProcessBuilder(commandLine);
processBuilder.redirectOutput(new File(outputFile));
processBuilder.redirectError(new File(errFile));
ExecUtil.execute(processBuilder, new DataSourceIngestModuleProcessTerminator(context));
} catch (IOException ex) {
logger.log(Level.SEVERE, "Unable to run RegRipper", ex); //NON-NLS
this.addErrorMessage(NbBundle.getMessage(this.getClass(), "ExtractRegistry.execRegRip.errMsg.failedAnalyzeRegFile", this.getName()));
}
}
// @@@ VERIFY that we are doing the right thing when we parse multiple NTUSER.DAT // @@@ VERIFY that we are doing the right thing when we parse multiple NTUSER.DAT
/** /**
* *
@ -558,7 +520,7 @@ class ExtractRegistry extends Extract {
} }
break; break;
default: default:
logger.log(Level.WARNING, "Unercognized node name: " + dataType); logger.log(Level.WARNING, "Unrecognized node name: {0}", dataType);
break; break;
} }
} }

14
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -116,7 +116,7 @@ class Firefox extends Extract {
continue; continue;
} }
File dbFile = new File(temps); File dbFile = new File(temps);
if (context.isJobCancelled()) { if (context.dataSourceIngestIsCancelled()) {
dbFile.delete(); dbFile.delete();
break; break;
} }
@ -197,7 +197,7 @@ class Firefox extends Extract {
continue; continue;
} }
File dbFile = new File(temps); File dbFile = new File(temps);
if (context.isJobCancelled()) { if (context.dataSourceIngestIsCancelled()) {
dbFile.delete(); dbFile.delete();
break; break;
} }
@ -277,7 +277,7 @@ class Firefox extends Extract {
continue; continue;
} }
File dbFile = new File(temps); File dbFile = new File(temps);
if (context.isJobCancelled()) { if (context.dataSourceIngestIsCancelled()) {
dbFile.delete(); dbFile.delete();
break; break;
} }
@ -385,16 +385,16 @@ class Firefox extends Extract {
continue; continue;
} }
File dbFile = new File(temps); File dbFile = new File(temps);
if (context.isJobCancelled()) { if (context.dataSourceIngestIsCancelled()) {
dbFile.delete(); dbFile.delete();
break; break;
} }
List<HashMap<String, Object>> tempList = this.dbConnect(temps, downloadQuery); List<HashMap<String, Object>> tempList = this.dbConnect(temps, downloadQuery);
logger.log(Level.INFO, moduleName + "- Now getting downloads from " + temps + " with " + tempList.size() + "artifacts identified."); //NON-NLS logger.log(Level.INFO, "{0}- Now getting downloads from {1} with {2} artifacts identified.", new Object[]{moduleName, temps, tempList.size()}); //NON-NLS
for (HashMap<String, Object> result : tempList) { for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
@ -494,7 +494,7 @@ class Firefox extends Extract {
continue; continue;
} }
File dbFile = new File(temps); File dbFile = new File(temps);
if (context.isJobCancelled()) { if (context.dataSourceIngestIsCancelled()) {
dbFile.delete(); dbFile.delete();
break; break;
} }

4
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java
View File

@ -93,7 +93,7 @@ public final class RAImageIngestModule implements DataSourceIngestModule {
for (int i = 0; i < extracters.size(); i++) { for (int i = 0; i < extracters.size(); i++) {
Extract extracter = extracters.get(i); Extract extracter = extracters.get(i);
if (context.isJobCancelled()) { if (context.dataSourceIngestIsCancelled()) {
logger.log(Level.INFO, "Recent Activity has been canceled, quitting before {0}", extracter.getName()); //NON-NLS logger.log(Level.INFO, "Recent Activity has been canceled, quitting before {0}", extracter.getName()); //NON-NLS
break; break;
} }
@ -161,7 +161,7 @@ public final class RAImageIngestModule implements DataSourceIngestModule {
historyMsg.toString()); historyMsg.toString());
services.postMessage(inboxMsg); services.postMessage(inboxMsg);
if (context.isJobCancelled()) { if (context.dataSourceIngestIsCancelled()) {
return ProcessResult.OK; return ProcessResult.OK;
} }

2
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RecentDocumentsByLnk.java
View File

@ -79,7 +79,7 @@ class RecentDocumentsByLnk extends Extract {
dataFound = true; dataFound = true;
for (AbstractFile recentFile : recentFiles) { for (AbstractFile recentFile : recentFiles) {
if (context.isJobCancelled()) { if (context.dataSourceIngestIsCancelled()) {
break; break;
} }

4
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/SearchEngineURLQueryAnalyzer.java
View File

@ -278,7 +278,7 @@ class SearchEngineURLQueryAnalyzer extends Extract {
logger.log(Level.INFO, "Processing {0} blackboard artifacts.", listArtifacts.size()); //NON-NLS logger.log(Level.INFO, "Processing {0} blackboard artifacts.", listArtifacts.size()); //NON-NLS
for (BlackboardArtifact artifact : listArtifacts) { for (BlackboardArtifact artifact : listArtifacts) {
if (context.isJobCancelled()) { if (context.dataSourceIngestIsCancelled()) {
break; //User cancled the process. break; //User cancled the process.
} }
@ -346,7 +346,7 @@ class SearchEngineURLQueryAnalyzer extends Extract {
} catch (TskCoreException e) { } catch (TskCoreException e) {
logger.log(Level.SEVERE, "Encountered error retrieving artifacts for search engine queries", e); //NON-NLS logger.log(Level.SEVERE, "Encountered error retrieving artifacts for search engine queries", e); //NON-NLS
} finally { } finally {
if (context.isJobCancelled()) { if (context.dataSourceIngestIsCancelled()) {
logger.info("Operation terminated by user."); //NON-NLS logger.info("Operation terminated by user."); //NON-NLS
} }
IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent( IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(