mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-09 06:39:33 +00:00
Merge branch 'develop' of github.com:sleuthkit/autopsy into solr-8-upgrade
This commit is contained in:
Eugene Livis
commit
8c25657d4d
@ -60,6 +60,7 @@ import org.sleuthkit.autopsy.coreutils.FileTypeUtils.FileTypeCategory;
|
||||
import org.sleuthkit.autopsy.report.ReportProgressPanel;
|
||||
import org.sleuthkit.caseuco.CaseUcoExporter;
|
||||
import org.sleuthkit.datamodel.AbstractFile;
|
||||
import org.sleuthkit.datamodel.Blackboard.BlackboardException;
|
||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||
import org.sleuthkit.datamodel.BlackboardArtifactTag;
|
||||
import org.sleuthkit.datamodel.BlackboardAttribute;
|
||||
@ -983,10 +984,10 @@ public class PortableCaseReportModule implements ReportModule {
|
||||
|
||||
BlackboardArtifact.Type oldCustomType = currentCase.getSleuthkitCase().getArtifactType(oldArtifact.getArtifactTypeName());
|
||||
try {
|
||||
BlackboardArtifact.Type newCustomType = portableSkCase.addBlackboardArtifactType(oldCustomType.getTypeName(), oldCustomType.getDisplayName());
|
||||
BlackboardArtifact.Type newCustomType = portableSkCase.getBlackboard().getOrAddArtifactType(oldCustomType.getTypeName(), oldCustomType.getDisplayName());
|
||||
oldArtTypeIdToNewArtTypeId.put(oldArtifact.getArtifactTypeID(), newCustomType.getTypeID());
|
||||
return newCustomType.getTypeID();
|
||||
} catch (TskDataException ex) {
|
||||
} catch (BlackboardException ex) {
|
||||
throw new TskCoreException("Error creating new artifact type " + oldCustomType.getTypeName(), ex); // NON-NLS
|
||||
}
|
||||
}
|
||||
@ -1007,11 +1008,11 @@ public class PortableCaseReportModule implements ReportModule {
|
||||
}
|
||||
|
||||
try {
|
||||
BlackboardAttribute.Type newCustomType = portableSkCase.addArtifactAttributeType(oldAttrType.getTypeName(),
|
||||
BlackboardAttribute.Type newCustomType = portableSkCase.getBlackboard().getOrAddAttributeType(oldAttrType.getTypeName(),
|
||||
oldAttrType.getValueType(), oldAttrType.getDisplayName());
|
||||
oldAttrTypeIdToNewAttrType.put(oldAttribute.getAttributeType().getTypeID(), newCustomType);
|
||||
return newCustomType;
|
||||
} catch (TskDataException ex) {
|
||||
} catch (BlackboardException ex) {
|
||||
throw new TskCoreException("Error creating new attribute type " + oldAttrType.getTypeName(), ex); // NON-NLS
|
||||
}
|
||||
}
|
||||
|
||||
@ -61,6 +61,7 @@ ExtractOS_progressMessage=Checking for OS
|
||||
ExtractPrefetch_errMsg_prefetchParsingFailed={0}: Error analyzing prefetch files
|
||||
ExtractPrefetch_module_name=Windows Prefetch Extractor
|
||||
ExtractRecycleBin_module_name=Recycle Bin
|
||||
ExtractRecycleBin_Recyle_Bin_Display_Name=Recycle Bin
|
||||
ExtractSafari_Error_Getting_History=An error occurred while processing Safari history files.
|
||||
ExtractSafari_Error_Parsing_Bookmark=An error occured while processing Safari Bookmark files
|
||||
ExtractSafari_Error_Parsing_Cookies=An error occured while processing Safari Cookies files
|
||||
@ -84,16 +85,9 @@ ExtractZone_progress_Msg=Extracting :Zone.Identifer files
|
||||
ExtractZone_Restricted=Restricted Sites Zone
|
||||
ExtractZone_Trusted=Trusted Sites Zone
|
||||
OpenIDE-Module-Display-Category=Ingest Module
|
||||
OpenIDE-Module-Long-Description=Recent Activity ingest module.\n\nThe module extracts useful information about the recent user activity on the disk image being ingested, such as:\n\n- Recently open documents,\n- Web activity (sites visited, stored cookies, book marked sites, search engine queries, file downloads),\n- Recently attached devices,\n- Installed programs.\n\nThe module currently supports Windows only disk images.\nThe plugin is also fully functional when deployed on Windows version of Autopsy.
|
||||
OpenIDE-Module-Long-Description=Recent Activity ingest module.\n\n\The module extracts useful information about the recent user activity on the disk image being ingested, such as:\n\n- Recently open documents,\n- Web activity (sites visited, stored cookies, book marked sites, search engine queries, file downloads),\n- Recently attached devices,\n- Installed programs.\n\nThe module currently supports Windows only disk images.\nThe plugin is also fully functional when deployed on Windows version of Autopsy.
|
||||
OpenIDE-Module-Name=RecentActivity
|
||||
OpenIDE-Module-Short-Description=Recent Activity finder ingest module
|
||||
Browser.name.Microsoft.Edge=Microsoft Edge
|
||||
Browser.name.Yandex=Yandex
|
||||
Browser.name.Opera=Opera
|
||||
Browser.name.SalamWeb=SalamWeb
|
||||
Browser.name.UC.Browser=UC Browser
|
||||
Browser.name.Brave=Brave
|
||||
Browser.name.Google.Chrome=Google Chrome
|
||||
Chrome.moduleName=Chromium
|
||||
Chrome.getHistory.errMsg.errGettingFiles=Error when trying to get Chrome history files.
|
||||
Chrome.getHistory.errMsg.couldntFindAnyFiles=Could not find any allocated Chrome history files.
|
||||
|
||||
@ -45,6 +45,7 @@ import org.sleuthkit.autopsy.datamodel.ContentUtils;
|
||||
import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
|
||||
import org.sleuthkit.autopsy.ingest.IngestJobContext;
|
||||
import org.sleuthkit.datamodel.AbstractFile;
|
||||
import org.sleuthkit.datamodel.Blackboard.BlackboardException;
|
||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_OS_ACCOUNT;
|
||||
import org.sleuthkit.datamodel.BlackboardAttribute;
|
||||
@ -415,6 +416,9 @@ final class ExtractRecycleBin extends Extract {
|
||||
return artifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.fromID(type.getTypeID())));
|
||||
}
|
||||
|
||||
@Messages({
|
||||
"ExtractRecycleBin_Recyle_Bin_Display_Name=Recycle Bin"
|
||||
})
|
||||
/**
|
||||
* Create TSK_RECYCLE_BIN artifact type.
|
||||
*
|
||||
@ -422,9 +426,9 @@ final class ExtractRecycleBin extends Extract {
|
||||
*/
|
||||
private void createRecycleBinArtifactType() throws TskCoreException {
|
||||
try {
|
||||
tskCase.addBlackboardArtifactType(RECYCLE_BIN_ARTIFACT_NAME, "Recycle Bin"); //NON-NLS
|
||||
} catch (TskDataException ex) {
|
||||
logger.log(Level.INFO, String.format("%s may have already been defined for this case", RECYCLE_BIN_ARTIFACT_NAME));
|
||||
tskCase.getBlackboard().getOrAddArtifactType(RECYCLE_BIN_ARTIFACT_NAME, Bundle.ExtractRecycleBin_Recyle_Bin_Display_Name()); //NON-NLS
|
||||
} catch (BlackboardException ex) {
|
||||
throw new TskCoreException(String.format("An exception was thrown while defining artifact type %s", RECYCLE_BIN_ARTIFACT_NAME), ex);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -68,6 +68,7 @@ import java.util.Set;
|
||||
import java.util.HashSet;
|
||||
import static java.util.Locale.US;
|
||||
import static java.util.TimeZone.getTimeZone;
|
||||
import org.openide.util.Exceptions;
|
||||
import org.openide.util.Lookup;
|
||||
import org.sleuthkit.autopsy.casemodule.Case;
|
||||
import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
|
||||
@ -77,6 +78,7 @@ import org.sleuthkit.autopsy.keywordsearchservice.KeywordSearchService;
|
||||
import org.sleuthkit.autopsy.recentactivity.ShellBagParser.ShellBag;
|
||||
import org.sleuthkit.datamodel.AbstractFile;
|
||||
import org.sleuthkit.datamodel.Account;
|
||||
import org.sleuthkit.datamodel.Blackboard.BlackboardException;
|
||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT;
|
||||
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_OS_ACCOUNT;
|
||||
@ -1960,18 +1962,11 @@ class ExtractRegistry extends Extract {
|
||||
* @throws TskCoreException
|
||||
*/
|
||||
private BlackboardArtifact.Type getShellBagArtifact() throws TskCoreException {
|
||||
if (shellBagArtifactType == null) {
|
||||
shellBagArtifactType = tskCase.getArtifactType(SHELLBAG_ARTIFACT_NAME);
|
||||
|
||||
if (shellBagArtifactType == null) {
|
||||
try {
|
||||
tskCase.addBlackboardArtifactType(SHELLBAG_ARTIFACT_NAME, Bundle.Shellbag_Artifact_Display_Name()); //NON-NLS
|
||||
} catch (TskDataException ex) {
|
||||
// Artifact already exists
|
||||
logger.log(Level.INFO, String.format("%s may have already been defined for this case", SHELLBAG_ARTIFACT_NAME));
|
||||
}
|
||||
|
||||
shellBagArtifactType = tskCase.getArtifactType(SHELLBAG_ARTIFACT_NAME);
|
||||
shellBagArtifactType = tskCase.getBlackboard().getOrAddArtifactType(SHELLBAG_ARTIFACT_NAME, Bundle.Shellbag_Artifact_Display_Name());
|
||||
} catch (BlackboardException ex) {
|
||||
throw new TskCoreException(String.format("Failed to get shell bag artifact type", SHELLBAG_ARTIFACT_NAME), ex);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1989,12 +1984,12 @@ class ExtractRegistry extends Extract {
|
||||
private BlackboardAttribute.Type getLastWriteAttribute() throws TskCoreException {
|
||||
if (shellBagLastWriteAttributeType == null) {
|
||||
try {
|
||||
shellBagLastWriteAttributeType = tskCase.addArtifactAttributeType(SHELLBAG_ATTRIBUTE_LAST_WRITE,
|
||||
shellBagLastWriteAttributeType = tskCase.getBlackboard().getOrAddAttributeType(SHELLBAG_ATTRIBUTE_LAST_WRITE,
|
||||
BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.DATETIME,
|
||||
Bundle.Shellbag_Last_Write_Attribute_Display_Name());
|
||||
} catch (TskDataException ex) {
|
||||
} catch (BlackboardException ex) {
|
||||
// Attribute already exists get it from the case
|
||||
shellBagLastWriteAttributeType = tskCase.getAttributeType(SHELLBAG_ATTRIBUTE_LAST_WRITE);
|
||||
throw new TskCoreException(String.format("Failed to get custom attribute %s", SHELLBAG_ATTRIBUTE_LAST_WRITE), ex);
|
||||
}
|
||||
}
|
||||
return shellBagLastWriteAttributeType;
|
||||
@ -2011,12 +2006,11 @@ class ExtractRegistry extends Extract {
|
||||
private BlackboardAttribute.Type getKeyAttribute() throws TskCoreException {
|
||||
if (shellBagKeyAttributeType == null) {
|
||||
try {
|
||||
shellBagKeyAttributeType = tskCase.addArtifactAttributeType(SHELLBAG_ATTRIBUTE_KEY,
|
||||
shellBagKeyAttributeType = tskCase.getBlackboard().getOrAddAttributeType(SHELLBAG_ATTRIBUTE_KEY,
|
||||
BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING,
|
||||
Bundle.Shellbag_Key_Attribute_Display_Name());
|
||||
} catch (TskDataException ex) {
|
||||
// The attribute already exists get it from the case
|
||||
shellBagKeyAttributeType = tskCase.getAttributeType(SHELLBAG_ATTRIBUTE_KEY);
|
||||
} catch (BlackboardException ex) {
|
||||
throw new TskCoreException(String.format("Failed to get key attribute %s", SHELLBAG_ATTRIBUTE_KEY), ex);
|
||||
}
|
||||
}
|
||||
return shellBagKeyAttributeType;
|
||||
|
||||
@ -53,6 +53,7 @@ import org.sleuthkit.datamodel.AbstractFile;
|
||||
import org.sleuthkit.datamodel.Account;
|
||||
import org.sleuthkit.datamodel.AccountFileInstance;
|
||||
import org.sleuthkit.datamodel.Blackboard;
|
||||
import org.sleuthkit.datamodel.Blackboard.BlackboardException;
|
||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||
import org.sleuthkit.datamodel.BlackboardAttribute;
|
||||
import org.sleuthkit.datamodel.Content;
|
||||
@ -421,14 +422,16 @@ final class VcardParser {
|
||||
if (attributeType == null) {
|
||||
try{
|
||||
// Add this attribute type to the case database.
|
||||
attributeType = tskCase.addArtifactAttributeType(attributeTypeName,
|
||||
attributeType = tskCase.getBlackboard().getOrAddAttributeType(attributeTypeName,
|
||||
BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING,
|
||||
String.format("Phone Number (%s)", StringUtils.capitalize(splitType.toLowerCase())));
|
||||
}catch (TskDataException ex) {
|
||||
attributeType = tskCase.getAttributeType(attributeTypeName);
|
||||
}
|
||||
}
|
||||
|
||||
ThunderbirdMboxFileIngestModule.addArtifactAttribute(telephoneText, attributeType, attributes);
|
||||
}catch (BlackboardException ex) {
|
||||
logger.log(Level.WARNING, String.format("Unable to retrieve attribute type '%s' for file '%s' (id=%d).", attributeTypeName, abstractFile.getName(), abstractFile.getId()), ex);
|
||||
}
|
||||
}
|
||||
|
||||
} catch (TskCoreException ex) {
|
||||
logger.log(Level.WARNING, String.format("Unable to retrieve attribute type '%s' for file '%s' (id=%d).", attributeTypeName, abstractFile.getName(), abstractFile.getId()), ex);
|
||||
}
|
||||
@ -474,14 +477,14 @@ final class VcardParser {
|
||||
BlackboardAttribute.Type attributeType = tskCase.getAttributeType(attributeTypeName);
|
||||
if (attributeType == null) {
|
||||
// Add this attribute type to the case database.
|
||||
attributeType = tskCase.addArtifactAttributeType(attributeTypeName,
|
||||
attributeType = tskCase.getBlackboard().getOrAddAttributeType(attributeTypeName,
|
||||
BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING,
|
||||
String.format("Email (%s)", StringUtils.capitalize(splitType.toLowerCase())));
|
||||
}
|
||||
ThunderbirdMboxFileIngestModule.addArtifactAttribute(email.getValue(), attributeType, attributes);
|
||||
} catch (TskCoreException ex) {
|
||||
logger.log(Level.SEVERE, String.format("Unable to retrieve attribute type '%s' for file '%s' (id=%d).", attributeTypeName, abstractFile.getName(), abstractFile.getId()), ex);
|
||||
} catch (TskDataException ex) {
|
||||
} catch (BlackboardException ex) {
|
||||
logger.log(Level.SEVERE, String.format("Unable to add custom attribute type '%s' for file '%s' (id=%d).", attributeTypeName, abstractFile.getName(), abstractFile.getId()), ex);
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user