Merge branch 'develop' of github.com:sleuthkit/autopsy into marks_bitlocker

2025-07-06 21:00:22 +00:00 · 2024-12-16 09:34:16 -05:00 · 2024-12-16 09:34:16 -05:00 · 8a05142720
commit 8a05142720
parent 471c99a661 36160312b1
23 changed files with 40 additions and 51 deletions
--- a/Core/build.xml
+++ b/Core/build.xml
@ -134,8 +134,8 @@
        <property environment="env"/>
        <copy file="${env.TSK_HOME}/bindings/java/dist/sleuthkit-${TSK_VERSION}.jar" 
              tofile="${ext.dir}/sleuthkit-${TSK_VERSION}.jar"/>
-        <copy file="${env.TSK_HOME}/bindings/java/lib/sqlite-jdbc-3.46.0.0.jar"
+        <copy file="${env.TSK_HOME}/bindings/java/lib/sqlite-jdbc-3.47.1.0.jar"
-              tofile="${ext.dir}/sqlite-jdbc-3.46.0.0.jar"/>
+              tofile="${ext.dir}/sqlite-jdbc-3.47.1.0.jar"/>
 		<copy file="${env.TSK_HOME}/bindings/java/lib/postgresql-42.7.3.jar" 
              tofile="${ext.dir}/postgresql-42.7.3.jar"/>
        <copy file="${env.TSK_HOME}/bindings/java/lib/c3p0-0.9.5.5.jar"
--- a/Core/nbproject/project.properties
+++ b/Core/nbproject/project.properties
@ -91,7 +91,7 @@ file.reference.slf4j-api-1.7.36.jar=release/modules/ext/slf4j-api-1.7.36.jar
 file.reference.snakeyaml-2.0.jar=release/modules/ext/snakeyaml-2.0.jar
 file.reference.SparseBitSet-1.1.jar=release/modules/ext/SparseBitSet-1.1.jar
 file.reference.spotbugs-annotations-4.6.0.jar=release/modules/ext/spotbugs-annotations-4.6.0.jar
-file.reference.sqlite-jdbc-3.46.0.0.jar=release/modules/ext/sqlite-jdbc-3.46.0.0.jar
+file.reference.sqlite-jdbc-3.47.1.0.jar=release/modules/ext/sqlite-jdbc-3.47.1.0.jar
 file.reference.txw2-2.3.3.jar=release/modules/ext/txw2-2.3.3.jar
 file.reference.xalan-2.7.2.jar=release/modules/ext/xalan-2.7.2.jar
 file.reference.xml-apis-1.4.01.jar=release/modules/ext/xml-apis-1.4.01.jar
--- a/Core/nbproject/project.xml
+++ b/Core/nbproject/project.xml
@ -742,8 +742,8 @@
                <binary-origin>release/modules/ext/spotbugs-annotations-4.6.0.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/sqlite-jdbc-3.46.0.0.jar</runtime-relative-path>
+                <runtime-relative-path>ext/sqlite-jdbc-3.47.1.0.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/sqlite-jdbc-3.46.0.0.jar</binary-origin>
+                <binary-origin>release/modules/ext/sqlite-jdbc-3.47.1.0.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/txw2-2.3.3.jar</runtime-relative-path>
--- a/CoreLibs/ivy.xml
+++ b/CoreLibs/ivy.xml
@ -62,7 +62,7 @@
        <!-- for viewers -->
        <dependency conf="autopsy_core->default" org="org.freedesktop.gstreamer" name="gst1-java-core" rev="1.4.0"/>
-        <dependency conf="autopsy_core->default" org="net.java.dev.jna" name="jna-platform" rev="5.14.0"/>
+        <dependency conf="autopsy_core->default" org="net.java.dev.jna" name="jna-platform" rev="5.15.0"/>
        <!-- for file search -->
        <dependency conf="autopsy_core->default" org="com.github.lgooddatepicker" name="LGoodDatePicker" rev="11.2.1"/>
--- a/CoreLibs/nbproject/project.properties
+++ b/CoreLibs/nbproject/project.properties
@ -118,8 +118,8 @@ file.reference.jericho-html-3.4.jar=release/modules/ext/jericho-html-3.4.jar
 file.reference.jfxtras-common-17-r1.jar=release/modules/ext/jfxtras-common-17-r1.jar
 file.reference.jfxtras-controls-17-r1.jar=release/modules/ext/jfxtras-controls-17-r1.jar
 file.reference.jfxtras-fxml-17-r1.jar=release/modules/ext/jfxtras-fxml-17-r1.jar
-file.reference.jna-5.14.0.jar=release/modules/ext/jna-5.14.0.jar
+file.reference.jna-5.15.0.jar=release/modules/ext/jna-5.15.0.jar
-file.reference.jna-platform-5.14.0.jar=release/modules/ext/jna-platform-5.14.0.jar
+file.reference.jna-platform-5.15.0.jar=release/modules/ext/jna-platform-5.15.0.jar
 file.reference.joda-time-2.10.14.jar=release/modules/ext/joda-time-2.10.14.jar
 file.reference.jsr305-3.0.2.jar=release/modules/ext/jsr305-3.0.2.jar
 file.reference.LGoodDatePicker-11.2.1.jar=release/modules/ext/LGoodDatePicker-11.2.1.jar
--- a/CoreLibs/nbproject/project.xml
+++ b/CoreLibs/nbproject/project.xml
@ -1041,12 +1041,12 @@
                <binary-origin>release/modules/ext/jfxtras-fxml-17-r1.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/jna-5.14.0.jar</runtime-relative-path>
+                <runtime-relative-path>ext/jna-5.15.0.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/jna-5.14.0.jar</binary-origin>
+                <binary-origin>release/modules/ext/jna-5.15.0.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/jna-platform-5.14.0.jar</runtime-relative-path>
+                <runtime-relative-path>ext/jna-platform-5.15.0.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/jna-platform-5.14.0.jar</binary-origin>
+                <binary-origin>release/modules/ext/jna-platform-5.15.0.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/joda-time-2.10.14.jar</runtime-relative-path>
--- a/ImageGallery/nbproject/project.properties
+++ b/ImageGallery/nbproject/project.properties
@ -1,4 +1,4 @@
-file.reference.sqlite-jdbc-3.46.0.0.jar=release/modules/ext/sqlite-jdbc-3.46.0.0.jar
+file.reference.sqlite-jdbc-3.47.1.0.jar=release/modules/ext/sqlite-jdbc-3.47.1.0.jar
 javac.source=17
 javac.compilerargs=-Xlint -Xlint:-serial
 license.file=LICENSE-2.0.txt
--- a/ImageGallery/nbproject/project.xml
+++ b/ImageGallery/nbproject/project.xml
@ -142,8 +142,8 @@
            </module-dependencies>
            <public-packages/>
            <class-path-extension>
-                <runtime-relative-path>ext/sqlite-jdbc-3.46.0.0.jar</runtime-relative-path>
+                <runtime-relative-path>ext/sqlite-jdbc-3.47.1.0.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/sqlite-jdbc-3.46.0.0.jar</binary-origin>
+                <binary-origin>release/modules/ext/sqlite-jdbc-3.47.1.0.jar</binary-origin>
            </class-path-extension>
        </data>
    </configuration>
--- a/RecentActivity/nbproject/project.properties
+++ b/RecentActivity/nbproject/project.properties
@ -1,6 +1,6 @@
 javac.source=17
 file.reference.Rejistry-1.1-SNAPSHOT.jar=release/modules/ext/Rejistry-1.1-SNAPSHOT.jar
-file.reference.sqlite-jdbc-3.46.0.0.jar=release/modules/ext/sqlite-jdbc-3.46.0.0.jar
+file.reference.sqlite-jdbc-3.47.1.0.jar=release/modules/ext/sqlite-jdbc-3.47.1.0.jar
 javac.compilerargs=-Xlint -Xlint:-serial
 license.file=../LICENSE-2.0.txt
 nbm.homepage=http://www.sleuthkit.org/autopsy/
--- a/RecentActivity/nbproject/project.xml
+++ b/RecentActivity/nbproject/project.xml
@ -88,8 +88,8 @@
                <binary-origin>release/modules/ext/Rejistry-1.1-SNAPSHOT.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/sqlite-jdbc-3.46.0.0.jar</runtime-relative-path>
+                <runtime-relative-path>ext/sqlite-jdbc-3.47.1.0.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/sqlite-jdbc-3.46.0.0.jar</binary-origin>
+                <binary-origin>release/modules/ext/sqlite-jdbc-3.47.1.0.jar</binary-origin>
            </class-path-extension>
        </data>
    </configuration>
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractPrefetch.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractPrefetch.java
@ -69,9 +69,7 @@ final class ExtractPrefetch extends Extract {
    private static final String PREFETCH_TSK_COMMENT = "Prefetch File";
    private static final String PREFETCH_FILE_LOCATION = "/windows/prefetch";
    private static final String PREFETCH_TOOL_FOLDER = "markmckinnon"; //NON-NLS
-    private static final String PREFETCH_TOOL_NAME_WINDOWS_64 = "parse_prefetch_x64.exe"; //NON-NLS
+    private static final String PREFETCH_TOOL_NAME_WINDOWS = "parse_prefetch.exe"; //NON-NLS
    private static final String PREFETCH_TOOL_NAME_WINDOWS_32 = "parse_prefetch_x32.exe"; //NON-NLS
    private static final String PREFETCH_TOOL_NAME_MACOS = "parse_prefetch_macos"; //NON-NLS
    private static final String PREFETCH_TOOL_NAME_LINUX = "parse_prefetch_linux"; //NON-NLS
    private static final String PREFETCH_OUTPUT_FILE_NAME = "Output.txt"; //NON-NLS
    private static final String PREFETCH_ERROR_FILE_NAME = "Error.txt"; //NON-NLS
@ -178,7 +176,6 @@ final class ExtractPrefetch extends Extract {
                }
            }
        }
    }
    /**
@ -219,16 +216,10 @@ final class ExtractPrefetch extends Extract {
    private String getPathForPrefetchDumper() {
        Path path = null;
        if (PlatformUtil.isWindowsOS()) {
-            if (PlatformUtil.is64BitOS()) {
+            path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_WINDOWS);
                path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_WINDOWS_64);
            } else {
                path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_WINDOWS_32);
            }
        } else {
            if ("Linux".equals(PlatformUtil.getOSName())) {
                path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_LINUX);
            } else {
                path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_MACOS);
            }
        }
        File prefetchToolFile = InstalledFileLocator.getDefault().locate(path.toString(),
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractSru.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractSru.java
@ -62,10 +62,8 @@ final class ExtractSru extends Extract {
    private static final String APPLICATION_USAGE_SOURCE_NAME = "System Resource Usage - Application Usage"; //NON-NLS
    private static final String NETWORK_USAGE_SOURCE_NAME = "System Resource Usage - Network Usage";
    private static final String SRU_TOOL_FOLDER = "markmckinnon"; //NON-NLS
-    private static final String SRU_TOOL_NAME_WINDOWS_32 = "Export_Srudb_32.exe"; //NON-NLS
+    private static final String SRU_TOOL_NAME_WINDOWS = "Export_Srudb.exe"; //NON-NLS
    private static final String SRU_TOOL_NAME_WINDOWS_64 = "Export_Srudb_64.exe"; //NON-NLS
    private static final String SRU_TOOL_NAME_LINUX = "Export_Srudb_Linux.exe"; //NON-NLS
    private static final String SRU_TOOL_NAME_MAC = "Export_srudb_macos"; //NON-NLS
    private static final String SRU_OUTPUT_FILE_NAME = "Output.txt"; //NON-NLS
    private static final String SRU_ERROR_FILE_NAME = "Error.txt"; //NON-NLS
@ -239,8 +237,11 @@ final class ExtractSru extends Extract {
        List<String> commandLine = new ArrayList<>();
        commandLine.add(sruExePath);
        commandLine.add("-sr");
        commandLine.add(sruFile);  //NON-NLS
        commandLine.add("-s");
        commandLine.add(softwareHiveFile);
        commandLine.add("-db");
        commandLine.add(tempOutFile);
        ProcessBuilder processBuilder = new ProcessBuilder(commandLine);
@ -253,16 +254,10 @@ final class ExtractSru extends Extract {
    private String getPathForSruDumper() {
        Path path = null;
        if (PlatformUtil.isWindowsOS()) {
-            if (PlatformUtil.is64BitOS()) {
+            path = Paths.get(SRU_TOOL_FOLDER, SRU_TOOL_NAME_WINDOWS);
                path = Paths.get(SRU_TOOL_FOLDER, SRU_TOOL_NAME_WINDOWS_64);
            } else {
                path = Paths.get(SRU_TOOL_FOLDER, SRU_TOOL_NAME_WINDOWS_32);
            }
        } else {
            if ("Linux".equals(PlatformUtil.getOSName())) {
                path = Paths.get(SRU_TOOL_FOLDER, SRU_TOOL_NAME_LINUX);
            } else {
                path = Paths.get(SRU_TOOL_FOLDER, SRU_TOOL_NAME_MAC);
            }
        }
        File sruToolFile = InstalledFileLocator.getDefault().locate(path.toString(),
@ -320,11 +315,13 @@ final class ExtractSru extends Extract {
    }
    private void createNetUsageArtifacts(String sruDb, AbstractFile sruAbstractFile) {
-        List<BlackboardArtifact> bba = new ArrayList<>();
+         List<BlackboardArtifact> bba = new ArrayList<>();
-        String sqlStatement = "SELECT STRFTIME('%s', timestamp) ExecutionTime, a.application_name, b.Application_Name formatted_application_name, User_Name, "
+        String sqlStatement = "SELECT STRFTIME('%s', timestamp) ExecutionTime, b.application_name, b.Application_Name formatted_application_name, username User_Name, \n" +
-                + " bytesSent, BytesRecvd FROM network_Usage a, SruDbIdMapTable, exe_to_app b "
+                              "       bytesSent, BytesRecvd \n" +
-                + " where appId = IdIndex and IdType = 0 and a.application_name = b.source_name order by ExecutionTime;"; //NON-NLS
+                              "  FROM network_Usage a, SruDbIdMapTable s, exe_to_app b, userNames u\n" +
                              " WHERE s.idType = 0 and s.idIndex = appId and idblob = b.source_name and u.idindex = userid \n" +
                              " order by ExecutionTime;"; //NON-NLS
        try (SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", "jdbc:sqlite:" + sruDb); //NON-NLS
                ResultSet resultSet = tempdbconnect.executeQry(sqlStatement)) {
@ -384,9 +381,11 @@ final class ExtractSru extends Extract {
    private void createAppUsageArtifacts(String sruDb, AbstractFile sruAbstractFile) {
        List<BlackboardArtifact> bba = new ArrayList<>();
-        String sqlStatement = "SELECT STRFTIME('%s', timestamp) ExecutionTime, a.application_name, b.Application_Name formatted_application_name, User_Name "
+        String sqlStatement = "SELECT STRFTIME('%s', timestamp) ExecutionTime, b.Application_Name \n" +
-                + " FROM Application_Resource_Usage a, SruDbIdMapTable, exe_to_app b WHERE "
+                              "       formatted_application_name, username User_Name \n" +
-                + " idType = 0 and idIndex = appId and a.application_name = b.source_name order by ExecutionTime;"; //NON-NLS
+                              "  FROM Application_Resource_Usage a, SruDbIdMapTable s, exe_to_app b, userNames u \n" +
                              " WHERE s.idType = 0 and s.idIndex = appId and idblob = b.source_name and u.idindex = userid \n" +
                              " order by ExecutionTime;"; //NON-NLS
        try (SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", "jdbc:sqlite:" + sruDb); //NON-NLS
                ResultSet resultSet = tempdbconnect.executeQry(sqlStatement)) {
@ -398,7 +397,6 @@ final class ExtractSru extends Extract {
                    return;
                }
                String applicationName = resultSet.getString("Application_Name"); //NON-NLS
                String formattedApplicationName = resultSet.getString("formatted_application_name");
                Long executionTime = Long.valueOf(resultSet.getInt("ExecutionTime")); //NON-NLS
                String userName = resultSet.getString("User_Name");
@ -419,7 +417,7 @@ final class ExtractSru extends Extract {
                try {
                    BlackboardArtifact bbart = createArtifactWithAttributes(BlackboardArtifact.Type.TSK_PROG_RUN, sruAbstractFile, bbattributes);
                    bba.add(bbart);
-                    BlackboardArtifact associateBbArtifact = createAssociatedArtifact(applicationName.toLowerCase(), bbart);
+                    BlackboardArtifact associateBbArtifact = createAssociatedArtifact(formattedApplicationName.toLowerCase(), bbart);
                    if (associateBbArtifact != null) {
                        bba.add(associateBbArtifact);
                    }
--- a/Tika/nbproject/project.properties
+++ b/Tika/nbproject/project.properties
@ -64,7 +64,7 @@ file.reference.jdom2-2.0.6.1.jar=release/modules/ext/jdom2-2.0.6.1.jar
 file.reference.jempbox-1.8.16.jar=release/modules/ext/jempbox-1.8.16.jar
 file.reference.jhighlight-1.0.3.jar=release/modules/ext/jhighlight-1.0.3.jar
 file.reference.jmatio-1.5.jar=release/modules/ext/jmatio-1.5.jar
-file.reference.jna-5.10.0.jar=release/modules/ext/jna-5.10.0.jar
+file.reference.jna-5.15.0.jar=release/modules/ext/jna-5.15.0.jar
 file.reference.joda-time-2.2.jar=release/modules/ext/joda-time-2.2.jar
 file.reference.json-simple-1.1.1.jar=release/modules/ext/json-simple-1.1.1.jar
 file.reference.jsr305-3.0.2.jar=release/modules/ext/jsr305-3.0.2.jar
--- a/Tika/nbproject/project.xml
+++ b/Tika/nbproject/project.xml
@ -620,8 +620,8 @@
                <binary-origin>release/modules/ext/jmatio-1.5.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/jna-5.10.0.jar</runtime-relative-path>
+                <runtime-relative-path>ext/jna-5.15.0.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/jna-5.10.0.jar</binary-origin>
+                <binary-origin>release/modules/ext/jna-5.15.0.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/joda-time-2.2.jar</runtime-relative-path>
--- a/thirdparty/markmckinnon/Export_Srudb_Linux
+++ b/thirdparty/markmckinnon/Export_Srudb_Linux
--- a/thirdparty/markmckinnon/Export_srudb_macos
+++ b/thirdparty/markmckinnon/Export_srudb_macos
--- a/thirdparty/markmckinnon/parse_prefetch_x64.exe
+++ b/thirdparty/markmckinnon/parse_prefetch_x64.exe
--- a/thirdparty/markmckinnon/export_srudb_32.exe
+++ b/thirdparty/markmckinnon/export_srudb_32.exe
--- a/thirdparty/markmckinnon/export_srudb_64.exe
+++ b/thirdparty/markmckinnon/export_srudb_64.exe
--- a/thirdparty/markmckinnon/parse_prefetch.exe
+++ b/thirdparty/markmckinnon/parse_prefetch.exe
--- a/thirdparty/markmckinnon/parse_prefetch_linux
+++ b/thirdparty/markmckinnon/parse_prefetch_linux
--- a/thirdparty/markmckinnon/parse_prefetch_macos
+++ b/thirdparty/markmckinnon/parse_prefetch_macos
--- a/thirdparty/markmckinnon/parse_prefetch_x86.exe
+++ b/thirdparty/markmckinnon/parse_prefetch_x86.exe