mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-08 22:29:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

quick pasco 2 fix to locate jars and setup results dirs without needing manual setup.

Browse Source 
TODO: need to push building of release/ jars into ant and remove from repo
This commit is contained in:
adam-m 2012-02-02 10:49:31 -05:00
parent 3bc6445ecf
commit 8f89a3969b
9 changed files with 194 additions and 172 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
RecentActivity/release/pasco2/commons-cli-1.0.jar Normal file
View File

Binary file not shown.

BIN
RecentActivity/release/pasco2/commons-collections-3.1.jar Normal file
View File

Binary file not shown.

BIN
RecentActivity/release/pasco2/ctypes4j.dll Normal file
View File

Binary file not shown.

BIN
RecentActivity/release/pasco2/ctypes4j.jar Normal file
View File

Binary file not shown.

BIN
RecentActivity/release/pasco2/ctypes4j.zip Normal file
View File

Binary file not shown.

BIN
RecentActivity/release/pasco2/pasco2.jar Normal file
View File

Binary file not shown.

BIN
RecentActivity/release/pasco2/trove-1.0.2.jar Normal file
View File

Binary file not shown.

BIN
RecentActivity/release/pasco2/trove-3.0.2.jar Normal file
View File

Binary file not shown.

340
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -1,6 +1,25 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.recentactivity; package org.sleuthkit.autopsy.recentactivity;
//IO imports //IO imports
import com.sun.corba.se.spi.activation.Server;
import java.io.File; import java.io.File;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.io.IOException; import java.io.IOException;
@ -21,6 +40,7 @@ import java.util.regex.Matcher;
import java.util.regex.Pattern; import java.util.regex.Pattern;
// TSK Imports // TSK Imports
import org.openide.modules.InstalledFileLocator;
import org.openide.util.Exceptions; import org.openide.util.Exceptions;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.datamodel.ContentUtils;
@ -32,97 +52,111 @@ import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskException; import org.sleuthkit.datamodel.TskException;
public class ExtractIE { // implements BrowserActivity { public class ExtractIE { // implements BrowserActivity {
//Constants region private static final Logger logger = Logger.getLogger(ExtractIE.class.getName());
private final String indexDatQueryStr = "select * from tsk_files where name LIKE '%index.dat%'"; private final String indexDatQueryStr = "select * from tsk_files where name LIKE '%index.dat%'";
private final String PASCO_HOME = System.getenv("PASCO_HOME"); //sleauthkit db handle
private final String PASCO_RESULTS_PATH = PASCO_HOME + "\\results"; SleuthkitCase tempDb;
private final String PASCO_LIB_PATH = PASCO_HOME + "\\pasco2.jar;"
+ PASCO_HOME + "\\lib\\*";
//Results List to be referenced/used outside the class //paths set in init()
public ArrayList<HashMap<String,Object>> PASCO_RESULTS_LIST = new ArrayList<HashMap<String,Object>>(); private String PASCO_RESULTS_PATH;
//Look Up Table that holds Pasco2 results private String PASCO_LIB_PATH;
private HashMap<String, Object> PASCO_RESULTS_LUT ;
private KeyValueThing IE_PASCO_LUT = new KeyValueThing(BrowserType.IE.name(), BrowserType.IE.getType()); //Results List to be referenced/used outside the class
public ArrayList<HashMap<String, Object>> PASCO_RESULTS_LIST = new ArrayList<HashMap<String, Object>>();
//Look Up Table that holds Pasco2 results
private HashMap<String, Object> PASCO_RESULTS_LUT;
private KeyValueThing IE_PASCO_LUT = new KeyValueThing(BrowserType.IE.name(), BrowserType.IE.getType());
public LinkedHashMap<String, Object> IE_OBJ;
public LinkedHashMap<String, Object> IE_OBJ;
//Get this case boolean pascoFound = false;
private Case currentCase = Case.getCurrentCase();
private SleuthkitCase tempDb = currentCase.getSleuthkitCase();
//Singleton logger object. public ExtractIE() {
private final Logger logger = Logger.getLogger(this.getClass().getName()); init();
}
public ExtractIE(){ //@Override
init(); public KeyValueThing getRecentActivity() {
} return IE_PASCO_LUT;
}
//@Override private void init() {
public KeyValueThing getRecentActivity() final Case currentCase = Case.getCurrentCase();
{ final String caseDir = Case.getCurrentCase().getCaseDirectory();
return IE_PASCO_LUT; PASCO_RESULTS_PATH = caseDir + File.separator + "recentactivity" + File.separator + "results";
}
void init() logger.log(Level.INFO, "Pasco results path: " + PASCO_RESULTS_PATH);
{
try
{
Collection<FsContent> FsContentCollection;
ResultSet rs = tempDb.runQuery(indexDatQueryStr);
FsContentCollection = tempDb.resultSetToFsContents(rs);
String temps; final File pascoRoot = InstalledFileLocator.getDefault().locate("pasco2", ExtractIE.class.getPackage().getName(), false);
String indexFileName; if (pascoRoot == null) {
int index = 0; logger.log(Level.SEVERE, "Pasco2 not found");
pascoFound = false;
for(FsContent fsc : FsContentCollection) return;
{ }
// Since each result represent an index.dat file, else {
// just create these files with the following notation: pascoFound = true;
// index<Number>.dat (i.e. index0.dat, index1.dat,..., indexN.dat)
// Write each index.dat file to a temp directory.
BlackboardArtifact bbart = fsc.newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY);
//indexFileName = "index" + Integer.toString(index) + ".dat";
indexFileName = "index" + Long.toString(bbart.getArtifactID()) + ".dat";
temps = currentCase.getTempDirectory() + "\\" + indexFileName;
File datFile = new File(temps);
ContentUtils.writeToFile(fsc, datFile);
boolean bPascProcSuccess = executePasco(temps, index, bbart.getArtifactID());
//At this point pasco2 proccessed the index files.
//Now fetch the results, parse them and the delete the files.
if(bPascProcSuccess)
{
//Delete index<n>.dat file since it was succcessfully by Pasco
datFile.delete();
}
++index;
} }
}
catch(Exception ioex)
{
logger.log(Level.SEVERE, "Error while trying to write index.dat files.", ioex);
}
}
final String pascoHome = pascoRoot.getAbsolutePath();
logger.log(Level.INFO, "Pasco2 home: " + pascoHome);
PASCO_LIB_PATH = pascoHome + File.separator + "pasco2.jar" + File.pathSeparator
+ pascoHome + File.separator + "*";
try {
File resultsDir = new File(PASCO_RESULTS_PATH);
resultsDir.mkdirs();
Collection<FsContent> FsContentCollection;
tempDb = currentCase.getSleuthkitCase();
ResultSet rs = tempDb.runQuery(indexDatQueryStr);
FsContentCollection = tempDb.resultSetToFsContents(rs);
String temps;
String indexFileName;
int index = 0;
for (FsContent fsc : FsContentCollection) {
// Since each result represent an index.dat file,
// just create these files with the following notation:
// index<Number>.dat (i.e. index0.dat, index1.dat,..., indexN.dat)
// Write each index.dat file to a temp directory.
BlackboardArtifact bbart = fsc.newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY);
//indexFileName = "index" + Integer.toString(index) + ".dat";
indexFileName = "index" + Long.toString(bbart.getArtifactID()) + ".dat";
temps = currentCase.getTempDirectory() + File.separator + indexFileName;
File datFile = new File(temps);
ContentUtils.writeToFile(fsc, datFile);
boolean bPascProcSuccess = executePasco(temps, index, bbart.getArtifactID());
//At this point pasco2 proccessed the index files.
//Now fetch the results, parse them and the delete the files.
if (bPascProcSuccess) {
//Delete index<n>.dat file since it was succcessfully by Pasco
datFile.delete();
}
++index;
}
} catch (Exception ioex) {
logger.log(Level.SEVERE, "Error while trying to write index.dat files.", ioex);
}
}
//Simple wrapper to JavaSystemCaller.Exec() to execute pasco2 jar //Simple wrapper to JavaSystemCaller.Exec() to execute pasco2 jar
// TODO: Hardcoded command args/path needs to be removed. Maybe set some constants and set env variables for classpath // TODO: Hardcoded command args/path needs to be removed. Maybe set some constants and set env variables for classpath
// I'm not happy with this code. Can't stand making a system call, is not an acceptable solution but is a hack for now. // I'm not happy with this code. Can't stand making a system call, is not an acceptable solution but is a hack for now.
private boolean executePasco(String indexFilePath, int fileIndex, long bbId) private boolean executePasco(String indexFilePath, int fileIndex, long bbId) {
{ if (pascoFound == false)
boolean success = true; return false;
boolean success = true;
try try {
{
List<String> command = new ArrayList<String>(); List<String> command = new ArrayList<String>();
command.add("-cp"); command.add("-cp");
@ -131,115 +165,103 @@ public class ExtractIE { // implements BrowserActivity {
command.add(" -T history"); command.add(" -T history");
command.add(indexFilePath); command.add(indexFilePath);
//command.add(" > " + PASCO_RESULTS_PATH + "\\pasco2Result" + Integer.toString(fileIndex) + ".txt"); //command.add(" > " + PASCO_RESULTS_PATH + "\\pasco2Result" + Integer.toString(fileIndex) + ".txt");
command.add(" > " + PASCO_RESULTS_PATH + "\\" + Long.toString(bbId)); command.add(" > " + PASCO_RESULTS_PATH + File.separator + Long.toString(bbId));
String[] cmd = command.toArray(new String[0]); String[] cmd = command.toArray(new String[0]);
JavaSystemCaller.Exec.execute("java", cmd); JavaSystemCaller.Exec.execute("java", cmd);
} } catch (Exception e) {
catch(Exception e) success = false;
{ logger.log(Level.SEVERE, "ExtractIE::executePasco() -> ", e.getMessage());
success = false; }
logger.log(Level.SEVERE, "ExtractIE::executePasco() -> " ,e.getMessage() );
}
return success; return success;
} }
public void parsePascoResults() public void parsePascoResults() {
{ if (pascoFound == false)
// First thing we want to do is check to make sure the results directory return;
// is not empty. // First thing we want to do is check to make sure the results directory
File rFile = new File(PASCO_RESULTS_PATH); // is not empty.
File rFile = new File(PASCO_RESULTS_PATH);
//Let's make sure our list and lut are empty. //Let's make sure our list and lut are empty.
//PASCO_RESULTS_LIST.clear(); //PASCO_RESULTS_LIST.clear();
if(rFile.exists()) if (rFile.exists()) {
{ //Give me a list of pasco results in that directory
//Give me a list of pasco results in that directory File[] pascoFiles = rFile.listFiles();
File[] pascoFiles = rFile.listFiles();
if(pascoFiles.length > 0) if (pascoFiles.length > 0) {
{ try {
try for (File file : pascoFiles) {
{ String bbartname = file.getName();
for (File file : pascoFiles) //bbartname = bbartname.substring(0, 4);
{ long bbartId = Long.parseLong(bbartname);
String bbartname = file.getName();
//bbartname = bbartname.substring(0, 4);
long bbartId = Long.parseLong(bbartname);
// Make sure the file the is not empty or the Scanner will // Make sure the file the is not empty or the Scanner will
// throw a "No Line found" Exception // throw a "No Line found" Exception
if (file != null && file.length() > 0 ) if (file != null && file.length() > 0) {
{ Scanner fileScanner = new Scanner(new FileInputStream(file.toString()));
Scanner fileScanner = new Scanner(new FileInputStream(file.toString())); //Skip the first three lines
//Skip the first three lines fileScanner.nextLine();
fileScanner.nextLine(); fileScanner.nextLine();
fileScanner.nextLine(); fileScanner.nextLine();
fileScanner.nextLine();
while (fileScanner.hasNext()) while (fileScanner.hasNext()) {
{
String line = fileScanner.nextLine(); String line = fileScanner.nextLine();
//Need to change this pattern a bit because there might //Need to change this pattern a bit because there might
//be instances were "V" might not apply. //be instances were "V" might not apply.
String pattern = "(?)URL(\\s)(V|\\:)"; String pattern = "(?)URL(\\s)(V|\\:)";
Pattern p = Pattern.compile(pattern); Pattern p = Pattern.compile(pattern);
Matcher m = p.matcher(line); Matcher m = p.matcher(line);
if(m.find()) if (m.find()) {
{ try {
try { String[] lineBuff = line.split("\\t");
String[] lineBuff = line.split("\\t"); PASCO_RESULTS_LUT = new HashMap<String, Object>();
PASCO_RESULTS_LUT = new HashMap<String,Object>(); PASCO_RESULTS_LUT.put(BrowserActivityType.Url.name(), lineBuff[1]);
PASCO_RESULTS_LUT.put(BrowserActivityType.Url.name(), lineBuff[1]); PASCO_RESULTS_LUT.put("Title", lineBuff[2]);
PASCO_RESULTS_LUT.put("Title", lineBuff[2]); PASCO_RESULTS_LUT.put("Count", lineBuff[0]);
PASCO_RESULTS_LUT.put("Count", lineBuff[0]); PASCO_RESULTS_LUT.put("Last Accessed", lineBuff[3]);
PASCO_RESULTS_LUT.put("Last Accessed", lineBuff[3]); PASCO_RESULTS_LUT.put("Reference", "None");
PASCO_RESULTS_LUT.put("Reference", "None");
BlackboardArtifact bbart = tempDb.getBlackboardArtifact(bbartId); BlackboardArtifact bbart = tempDb.getBlackboardArtifact(bbartId);
BlackboardAttribute bbatturl = new BlackboardAttribute(1,"RecentActivity","Internet Explorer",lineBuff[1]); BlackboardAttribute bbatturl = new BlackboardAttribute(1, "RecentActivity", "Internet Explorer", lineBuff[1]);
bbart.addAttribute(bbatturl); bbart.addAttribute(bbatturl);
BlackboardAttribute bbattdate = new BlackboardAttribute(31,"RecentActivity","Internet Explorer",lineBuff[3]); BlackboardAttribute bbattdate = new BlackboardAttribute(31, "RecentActivity", "Internet Explorer", lineBuff[3]);
bbart.addAttribute(bbattdate); bbart.addAttribute(bbattdate);
BlackboardAttribute bbattref = new BlackboardAttribute(32,"RecentActivity","Internet Explorer","No Ref"); BlackboardAttribute bbattref = new BlackboardAttribute(32, "RecentActivity", "Internet Explorer", "No Ref");
bbart.addAttribute(bbattref); bbart.addAttribute(bbattref);
BlackboardAttribute bbatttitle = new BlackboardAttribute(3,"RecentActivity","Internet Explorer",lineBuff[2]); BlackboardAttribute bbatttitle = new BlackboardAttribute(3, "RecentActivity", "Internet Explorer", lineBuff[2]);
bbart.addAttribute(bbatttitle); bbart.addAttribute(bbatttitle);
//KeyValueThing //KeyValueThing
//This will be redundant in terms IE.name() because of //This will be redundant in terms IE.name() because of
//the way they implemented KeyValueThing //the way they implemented KeyValueThing
IE_OBJ = new LinkedHashMap<String,Object>(); IE_OBJ = new LinkedHashMap<String, Object>();
IE_OBJ.put(BrowserType.IE.name(), PASCO_RESULTS_LUT); IE_OBJ.put(BrowserType.IE.name(), PASCO_RESULTS_LUT);
IE_PASCO_LUT.addMap(IE_OBJ); IE_PASCO_LUT.addMap(IE_OBJ);
PASCO_RESULTS_LIST.add(PASCO_RESULTS_LUT);
} catch (TskException ex) {
Exceptions.printStackTrace(ex);
}
}
PASCO_RESULTS_LIST.add(PASCO_RESULTS_LUT);
} }
catch (TskException ex) {
Exceptions.printStackTrace(ex);
} }
} //TODO: Fix Delete issue
boolean bDelete = file.delete();
} }
} } catch (IOException ioex) {
//TODO: Fix Delete issue logger.log(Level.SEVERE, "ExtractIE::parsePascosResults() -> ", ioex.getMessage());
boolean bDelete = file.delete();
} }
}
catch(IOException ioex)
{
logger.log(Level.SEVERE, "ExtractIE::parsePascosResults() -> " ,ioex.getMessage() );
}
} }
} }
} }
} }