From 4eb5a6ba2de141e82a1146c6f6732765c9ad88d1 Mon Sep 17 00:00:00 2001 From: Tim McIver Date: Mon, 11 Mar 2013 11:00:16 -0400 Subject: [PATCH 1/9] Removed log message when more than one Chrome history file is found as this is an expected case (on mulit-user systems). Also updated copyright years. --- .../sleuthkit/autopsy/recentactivity/Chrome.java | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java index 9ee57c7d61..5aeca7d834 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java @@ -2,9 +2,9 @@ * * Autopsy Forensic Browser * - * Copyright 2012 Basis Technology Corp. + * Copyright 2013 Basis Technology Corp. * - * Copyright 2012 42six Solutions. + * Copyright 2013 42six Solutions. * Contact: aebadirad 42six com * Project Contact/Architect: carrier sleuthkit org * @@ -117,12 +117,9 @@ public class Chrome extends Extract implements IngestModuleImage { } } - // we should have only one allocated history file. Log a warning if we - // have more, but process them all - if (allocatedHistoryFiles.size() > 1) { - logger.log(Level.INFO, "Found more than one allocated Chrome history file. Processing them all."); - } else if (allocatedHistoryFiles.size() == 0) { - logger.log(Level.INFO, "Could not find an allocated Chrome history file."); + // log a message if we don't have any allocated history files + if (allocatedHistoryFiles.size() == 0) { + logger.log(Level.INFO, "Could not find any allocated Chrome history files."); return; } From 41e98c417153ffb038cc39873e1ee6f34131be18 Mon Sep 17 00:00:00 2001 From: Tim McIver Date: Mon, 11 Mar 2013 11:08:04 -0400 Subject: [PATCH 2/9] Removed contact info for Autopsy developer no longer working on the project. --- .../src/org/sleuthkit/autopsy/recentactivity/Chrome.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java index 5aeca7d834..3e33570d5f 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java @@ -4,8 +4,6 @@ * * Copyright 2013 Basis Technology Corp. * - * Copyright 2013 42six Solutions. - * Contact: aebadirad 42six com * Project Contact/Architect: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); From 44c70e33b48d180d8e68db541b4f881a12ebd98d Mon Sep 17 00:00:00 2001 From: Sean-M Date: Mon, 11 Mar 2013 12:32:37 -0400 Subject: [PATCH 3/9] fixed regression.py --- .../KeywordSearchListsAbstract.java | 32 +++++++++---------- Testing/script/regression.py | 4 ++- 2 files changed, 19 insertions(+), 17 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchListsAbstract.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchListsAbstract.java index ba613c0a6a..840b675377 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchListsAbstract.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchListsAbstract.java @@ -150,7 +150,7 @@ public abstract class KeywordSearchListsAbstract { } - List getListsL() { + public List getListsL() { List ret = new ArrayList(); for (KeywordSearchList list : theLists.values()) { ret.add(list); @@ -158,7 +158,7 @@ public abstract class KeywordSearchListsAbstract { return ret; } - List getListsL(boolean locked) { + public List getListsL(boolean locked) { List ret = new ArrayList(); for (KeywordSearchList list : theLists.values()) { if (list.isLocked().equals(locked)) { @@ -173,7 +173,7 @@ public abstract class KeywordSearchListsAbstract { * * @return List of keyword list names */ - List getListNames() { + public List getListNames() { return new ArrayList(theLists.keySet()); } @@ -183,7 +183,7 @@ public abstract class KeywordSearchListsAbstract { * @param locked true if look for locked lists, false otherwise * @return List of keyword list names */ - List getListNames(boolean locked) { + public List getListNames(boolean locked) { ArrayList lists = new ArrayList(); for (String listName : theLists.keySet()) { KeywordSearchList list = theLists.get(listName); @@ -201,7 +201,7 @@ public abstract class KeywordSearchListsAbstract { * @param keyword * @return found list or null */ - KeywordSearchList getListWithKeyword(Keyword keyword) { + public KeywordSearchList getListWithKeyword(Keyword keyword) { KeywordSearchList found = null; for (KeywordSearchList list : theLists.values()) { if (list.hasKeyword(keyword)) { @@ -218,7 +218,7 @@ public abstract class KeywordSearchListsAbstract { * @param keyword * @return found list or null */ - KeywordSearchList getListWithKeyword(String keyword) { + public KeywordSearchList getListWithKeyword(String keyword) { KeywordSearchList found = null; for (KeywordSearchList list : theLists.values()) { if (list.hasKeyword(keyword)) { @@ -244,7 +244,7 @@ public abstract class KeywordSearchListsAbstract { * @param locked true if look for locked lists, false otherwise * @return number of unlocked lists currently stored */ - int getNumberLists(boolean locked) { + public int getNumberLists(boolean locked) { int numLists = 0; for (String listName : theLists.keySet()) { KeywordSearchList list = theLists.get(listName); @@ -261,7 +261,7 @@ public abstract class KeywordSearchListsAbstract { * @param name id of the list * @return keyword list representation */ - KeywordSearchList getList(String name) { + public KeywordSearchList getList(String name) { return theLists.get(name); } @@ -477,19 +477,19 @@ public abstract class KeywordSearchListsAbstract { return hash; } - String getName() { + public String getName() { return name; } - Date getDateCreated() { + public Date getDateCreated() { return created; } - Date getDateModified() { + public Date getDateModified() { return modified; } - Boolean getUseForIngest() { + public Boolean getUseForIngest() { return useForIngest; } @@ -497,7 +497,7 @@ public abstract class KeywordSearchListsAbstract { this.useForIngest = use; } - Boolean getIngestMessages() { + public Boolean getIngestMessages() { return ingestMessages; } @@ -505,7 +505,7 @@ public abstract class KeywordSearchListsAbstract { this.ingestMessages = ingestMessages; } - List getKeywords() { + public List getKeywords() { return keywords; } @@ -513,7 +513,7 @@ public abstract class KeywordSearchListsAbstract { return keywords.contains(keyword); } - boolean hasKeyword(String keyword) { + public boolean hasKeyword(String keyword) { //note, this ignores isLiteral for (Keyword k : keywords) { if (k.getQuery().equals(keyword)) { @@ -523,7 +523,7 @@ public abstract class KeywordSearchListsAbstract { return false; } - Boolean isLocked() { + public Boolean isLocked() { return locked; } } diff --git a/Testing/script/regression.py b/Testing/script/regression.py index cbf17ef8ed..10f1792b50 100644 --- a/Testing/script/regression.py +++ b/Testing/script/regression.py @@ -851,8 +851,10 @@ def compare_errors(): common_dat = common_log.read() patrn = re.compile("\d") if (re.sub(patrn, 'd', gold_dat) != re.sub(patrn, 'd', common_dat)): + print(re.sub(patrn, 'd', gold_dat)) + print(re.sub(patrn, 'd', common_dat)) diff_dir = make_local_path(case.output_dir, case.image_name, "ErrorDiff.txt") - diff_file = open(diff_dir, "w") + diff_file = open(diff_dir, "w") dffcmdlst = ["diff", case.sorted_log, gold_dir] subprocess.call(dffcmdlst, stdout = diff_file) global attachl From e3581df5d96f76d1e5a25c47d47c8d12561dd1ac Mon Sep 17 00:00:00 2001 From: Tim McIver Date: Mon, 11 Mar 2013 13:07:17 -0400 Subject: [PATCH 4/9] Reinstated copyright that was mistakenly deleted from Chrome.java. --- .../src/org/sleuthkit/autopsy/recentactivity/Chrome.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java index 3e33570d5f..85fdb56483 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java @@ -2,7 +2,9 @@ * * Autopsy Forensic Browser * - * Copyright 2013 Basis Technology Corp. + * Copyright 2012-2013 Basis Technology Corp. + * + * Copyright 2012 42six Solutions. * * Project Contact/Architect: carrier sleuthkit org * From abdfeb4dd827ae24409e01613f1cc1c6fcba0156 Mon Sep 17 00:00:00 2001 From: adam-m Date: Mon, 11 Mar 2013 16:56:28 -0400 Subject: [PATCH 5/9] log memory usage when changing case --- Core/src/org/sleuthkit/autopsy/casemodule/Case.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java index 059958082d..2c3d0d5e4a 100644 --- a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java +++ b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011 Basis Technology Corp. + * Copyright 2011-2013 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -46,6 +46,7 @@ import org.sleuthkit.autopsy.corecomponentinterfaces.CoreComponentControl; import org.sleuthkit.autopsy.coreutils.FileUtil; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil; +import org.sleuthkit.autopsy.coreutils.PlatformUtil; import org.sleuthkit.autopsy.coreutils.Version; import org.sleuthkit.datamodel.*; import org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess; @@ -877,6 +878,7 @@ public class Case { //case change helper private static void doCaseChange(Case toChangeTo) { + logger.log(Level.INFO, "Chaning case to: " + toChangeTo); if (toChangeTo != null) { // new case is open // clear the temp folder when the case is created / opened @@ -916,6 +918,9 @@ public class Case { f.setTitle(Case.getAppName()); // set the window name to just application name } + //log memory usage after case changed + logger.log(Level.INFO, PlatformUtil.getAllMemUsageInfo()); + } From 4d65533e225ff79891b7903329d210dfade0ae01 Mon Sep 17 00:00:00 2001 From: adam-m Date: Mon, 11 Mar 2013 16:59:25 -0400 Subject: [PATCH 6/9] fix log typo --- Core/src/org/sleuthkit/autopsy/casemodule/Case.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java index 2c3d0d5e4a..e1c7dcbeca 100644 --- a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java +++ b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java @@ -878,7 +878,7 @@ public class Case { //case change helper private static void doCaseChange(Case toChangeTo) { - logger.log(Level.INFO, "Chaning case to: " + toChangeTo); + logger.log(Level.INFO, "Changing Case to: " + toChangeTo); if (toChangeTo != null) { // new case is open // clear the temp folder when the case is created / opened From 2bb6e07df6f11df73c3c5567f6a5ae44d984f2b2 Mon Sep 17 00:00:00 2001 From: Sean-M Date: Mon, 11 Mar 2013 18:02:03 -0400 Subject: [PATCH 7/9] fixed regression.py --- Testing/script/regression.py | 44 +++++++++++++++++------------------- 1 file changed, 21 insertions(+), 23 deletions(-) diff --git a/Testing/script/regression.py b/Testing/script/regression.py index 10f1792b50..b545eb0704 100644 --- a/Testing/script/regression.py +++ b/Testing/script/regression.py @@ -1,5 +1,5 @@ -#!/usr/bin/python -#en_US.latin-1 +#!/usr/bin/python +# -*- coding: utf_8 -*- import codecs import datetime import logging @@ -372,15 +372,15 @@ def run_config_test(config_file): parsed = parse(config_file) counts = {} if parsed.getElementsByTagName("indir"): - case.input_dir = parsed.getElementsByTagName("indir")[0].getAttribute("value").encode().decode("utf-8") + case.input_dir = parsed.getElementsByTagName("indir")[0].getAttribute("value").encode().decode("utf_8") if parsed.getElementsByTagName("global_csv"): - case.global_csv = parsed.getElementsByTagName("global_csv")[0].getAttribute("value").encode().decode("utf-8") + case.global_csv = parsed.getElementsByTagName("global_csv")[0].getAttribute("value").encode().decode("utf_8") # Generate the top navbar of the HTML for easy access to all images case.global_csv = make_local_path(case.global_csv) values = [] for element in parsed.getElementsByTagName("image"): - value = element.getAttribute("value").encode().decode("utf-8") + value = element.getAttribute("value").encode().decode("utf_8") if file_exists(value): values.append(value) html_add_images(values) @@ -390,7 +390,7 @@ def run_config_test(config_file): if(args.contin): #set all times an image has been processed to 0 for element in parsed.getElementsByTagName("image"): - value = element.getAttribute("value").encode().decode("utf-8") + value = element.getAttribute("value").encode().decode("utf_8") images.append(value) #Begin infiniloop if(newDay()): @@ -812,14 +812,14 @@ def compare_tsk_objects(): def generate_common_log(): try: logs_path = make_local_path(case.output_dir, case.image_name, "logs") - common_log = codecs.open(case.common_log_path, "w", "latin-1") + common_log = codecs.open(case.common_log_path, "w", "utf_8") print(case.common_log_path) - warning_log = codecs.open(case.warning_log, "w", "latin_1") + warning_log = codecs.open(case.warning_log, "w", "utf_8") common_log.write("--------------------------------------------------\n") common_log.write(case.image_name + "\n") common_log.write("--------------------------------------------------\n") for file in os.listdir(logs_path): - log = codecs.open(make_path(logs_path, file), "r", "latin-1") + log = codecs.open(make_path(logs_path, file), "r", "utf_8") for line in log: if line.startswith("Exception"): common_log.write("From " + file +":\n" + line + "\n") @@ -845,14 +845,12 @@ def generate_common_log(): def compare_errors(): gold_dir = make_local_path(case.gold, case.image_name, case.image_name + "SortedErrors.txt") - common_log = codecs.open(case.sorted_log, "r", "latin-1") - gold_log = codecs.open(gold_dir, "r", "latin-1") + common_log = codecs.open(case.sorted_log, "r", "utf_8") + gold_log = codecs.open(gold_dir, "r", "utf_8") gold_dat = gold_log.read() common_dat = common_log.read() patrn = re.compile("\d") - if (re.sub(patrn, 'd', gold_dat) != re.sub(patrn, 'd', common_dat)): - print(re.sub(patrn, 'd', gold_dat)) - print(re.sub(patrn, 'd', common_dat)) + if (not((re.sub(patrn, 'd', gold_dat)) == (re.sub(patrn, 'd', common_dat)))): diff_dir = make_local_path(case.output_dir, case.image_name, "ErrorDiff.txt") diff_file = open(diff_dir, "w") dffcmdlst = ["diff", case.sorted_log, gold_dir] @@ -1036,7 +1034,7 @@ def get_exceptions(): results = [] for file in os.listdir(logs_path): if "autopsy.log" in file: - log = codecs.open(make_path(logs_path, file), "r", "latin-1") + log = codecs.open(make_path(logs_path, file), "r", "utf_8") ex = re.compile("\SException") er = re.compile("\SError") for line in log: @@ -1048,7 +1046,7 @@ def get_exceptions(): # Returns a list of all the warnings listed in the common log def get_warnings(): warnings = [] - common_log = codecs.open(case.warning_log, "r", "latin-1") + common_log = codecs.open(case.warning_log, "r", "utf_8") for line in common_log: if "warning" in line.lower(): warnings.append(line) @@ -1070,7 +1068,7 @@ def regex_search_logs(regex): logs_path = make_local_path(case.output_dir, case.image_name, "logs") results = [] for file in os.listdir(logs_path): - log = codecs.open(make_path(logs_path, file), "r", "latin-1") + log = codecs.open(make_path(logs_path, file), "r", "utf_8") for line in log: if regex.search(line): results.append(line) @@ -1084,7 +1082,7 @@ def search_logs(string): logs_path = make_local_path(case.output_dir, case.image_name, "logs") results = [] for file in os.listdir(logs_path): - log = codecs.open(make_path(logs_path, file), "r", "latin-1") + log = codecs.open(make_path(logs_path, file), "r", "utf_8") for line in log: if string in line: results.append(line) @@ -1094,7 +1092,7 @@ def search_logs(string): # Searches the common log for any instances of a specific string. def search_common_log(string): results = [] - log = codecs.open(case.common_log_path, "r", "latin-1") + log = codecs.open(case.common_log_path, "r", "utf_8") for line in log: if string in line: results.append(line) @@ -1107,7 +1105,7 @@ def search_log(log, string): logs_path = make_local_path(case.output_dir, case.image_name, "logs", log) try: results = [] - log = codecs.open(logs_path, "r", "latin-1") + log = codecs.open(logs_path, "r", "utf_8") for line in log: if string in line: results.append(line) @@ -1124,7 +1122,7 @@ def search_log_set(type, string): results = [] for file in os.listdir(logs_path): if type in file: - log = codecs.open(make_path(logs_path, file), "r", "latin-1") + log = codecs.open(make_path(logs_path, file), "r", "utf_8") for line in log: if string in line: results.append(line) @@ -1733,11 +1731,11 @@ def send_email(): if(len(element)<=0): return element = element[0] - toval = element.getAttribute("value").encode().decode("utf-8") + toval = element.getAttribute("value").encode().decode("utf_8") if(toval==None): return element = parsed.getElementsByTagName("mail_server")[0] - serverval = element.getAttribute("value").encode().decode("utf-8") + serverval = element.getAttribute("value").encode().decode("utf_8") # Create the container (outer) email message. msg = MIMEMultipart() msg['Subject'] = 'Email Test' From 59ee1274925bdd140a47318261c236818c7f73e2 Mon Sep 17 00:00:00 2001 From: adam-m Date: Tue, 12 Mar 2013 11:12:10 -0400 Subject: [PATCH 8/9] fixes #165 Activate media tab for deleted files and attempt to read / display them. --- .../autopsy/corecomponents/DataContentViewerMedia.java | 7 ++++--- NEWS.txt | 1 + 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerMedia.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerMedia.java index a67f187fed..200215a703 100644 --- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerMedia.java +++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerMedia.java @@ -360,9 +360,10 @@ public class DataContentViewerMedia extends javax.swing.JPanel implements DataCo return false; } - if (file.isDirNameFlagSet(TSK_FS_NAME_FLAG_ENUM.UNALLOC)) { - return false; - } + //try displaying deleted files if we can read them + //if (file.isDirNameFlagSet(TSK_FS_NAME_FLAG_ENUM.UNALLOC)) { + // return false; + //} if (file.getSize() == 0) { return false; diff --git a/NEWS.txt b/NEWS.txt index d55db86783..d67b6cbaf4 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -13,6 +13,7 @@ Bugfixes: - file search actions not always enabled when new case is open. - fixed directory tree history being reset when tree is refreshed. - exif module better jpeg detection using signature and not only file extension. +- The "media view" tab is inactive for deleted files (#165) ---------------- VERSION 3.0.4 -------------- From 8c8fcee96bdefe4700cb56e42db545e6218f4ba0 Mon Sep 17 00:00:00 2001 From: adam-m Date: Tue, 12 Mar 2013 11:14:12 -0400 Subject: [PATCH 9/9] more updated news --- NEWS.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/NEWS.txt b/NEWS.txt index d67b6cbaf4..bc41caccee 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -9,6 +9,7 @@ Improvements: - show children counts in directory tree Bugfixes: +- fixed memory leaks in "Add Image" - show error message in hex and string viewer if specific offset of a file could not be read. - file search actions not always enabled when new case is open. - fixed directory tree history being reset when tree is refreshed.