mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-08 14:19:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

quick pasco 2 fix to locate jars and setup results dirs without needing manual setup.

Browse Source 
TODO: need to push building of release/ jars into ant and remove from repo
This commit is contained in:
adam-m 2012-02-02 10:49:31 -05:00
parent 3bc6445ecf
commit 8f89a3969b
9 changed files with 194 additions and 172 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
RecentActivity/release/pasco2/commons-cli-1.0.jar Normal file
View File

Binary file not shown.

BIN
RecentActivity/release/pasco2/commons-collections-3.1.jar Normal file
View File

Binary file not shown.

BIN
RecentActivity/release/pasco2/ctypes4j.dll Normal file
View File

Binary file not shown.

BIN
RecentActivity/release/pasco2/ctypes4j.jar Normal file
View File

Binary file not shown.

BIN
RecentActivity/release/pasco2/ctypes4j.zip Normal file
View File

Binary file not shown.

BIN
RecentActivity/release/pasco2/pasco2.jar Normal file
View File

Binary file not shown.

BIN
RecentActivity/release/pasco2/trove-1.0.2.jar Normal file
View File

Binary file not shown.

BIN
RecentActivity/release/pasco2/trove-3.0.2.jar Normal file
View File

Binary file not shown.

138
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -1,6 +1,25 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.recentactivity;
//IO imports
import com.sun.corba.se.spi.activation.Server;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
@ -21,6 +40,7 @@ import java.util.regex.Matcher;
import java.util.regex.Pattern;
// TSK Imports
import org.openide.modules.InstalledFileLocator;
import org.openide.util.Exceptions;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.datamodel.ContentUtils;
@ -32,48 +52,67 @@ import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskException;
public class ExtractIE { // implements BrowserActivity {
//Constants region
private static final Logger logger = Logger.getLogger(ExtractIE.class.getName());
private final String indexDatQueryStr = "select * from tsk_files where name LIKE '%index.dat%'";
private final String PASCO_HOME = System.getenv("PASCO_HOME");
private final String PASCO_RESULTS_PATH = PASCO_HOME + "\\results";
private final String PASCO_LIB_PATH = PASCO_HOME + "\\pasco2.jar;"
+ PASCO_HOME + "\\lib\\*";
//sleauthkit db handle
SleuthkitCase tempDb;
//paths set in init()
private String PASCO_RESULTS_PATH;
private String PASCO_LIB_PATH;
//Results List to be referenced/used outside the class
public ArrayList<HashMap<String, Object>> PASCO_RESULTS_LIST = new ArrayList<HashMap<String, Object>>();
//Look Up Table that holds Pasco2 results
private HashMap<String, Object> PASCO_RESULTS_LUT;
private KeyValueThing IE_PASCO_LUT = new KeyValueThing(BrowserType.IE.name(), BrowserType.IE.getType());
public LinkedHashMap<String, Object> IE_OBJ;
//Get this case
private Case currentCase = Case.getCurrentCase();
private SleuthkitCase tempDb = currentCase.getSleuthkitCase();
//Singleton logger object.
private final Logger logger = Logger.getLogger(this.getClass().getName());
boolean pascoFound = false;
public ExtractIE() {
init();
}
//@Override
public KeyValueThing getRecentActivity()
{
public KeyValueThing getRecentActivity() {
return IE_PASCO_LUT;
}
void init()
{
try
{
private void init() {
final Case currentCase = Case.getCurrentCase();
final String caseDir = Case.getCurrentCase().getCaseDirectory();
PASCO_RESULTS_PATH = caseDir + File.separator + "recentactivity" + File.separator + "results";
logger.log(Level.INFO, "Pasco results path: " + PASCO_RESULTS_PATH);
final File pascoRoot = InstalledFileLocator.getDefault().locate("pasco2", ExtractIE.class.getPackage().getName(), false);
if (pascoRoot == null) {
logger.log(Level.SEVERE, "Pasco2 not found");
pascoFound = false;
return;
}
else {
pascoFound = true;
}
final String pascoHome = pascoRoot.getAbsolutePath();
logger.log(Level.INFO, "Pasco2 home: " + pascoHome);
PASCO_LIB_PATH = pascoHome + File.separator + "pasco2.jar" + File.pathSeparator
+ pascoHome + File.separator + "*";
try {
File resultsDir = new File(PASCO_RESULTS_PATH);
resultsDir.mkdirs();
Collection<FsContent> FsContentCollection;
tempDb = currentCase.getSleuthkitCase();
ResultSet rs = tempDb.runQuery(indexDatQueryStr);
FsContentCollection = tempDb.resultSetToFsContents(rs);
@ -81,8 +120,7 @@ public class ExtractIE { // implements BrowserActivity {
String indexFileName;
int index = 0;
for(FsContent fsc : FsContentCollection)
{
for (FsContent fsc : FsContentCollection) {
// Since each result represent an index.dat file,
// just create these files with the following notation:
// index<Number>.dat (i.e. index0.dat, index1.dat,..., indexN.dat)
@ -90,7 +128,7 @@ public class ExtractIE { // implements BrowserActivity {
BlackboardArtifact bbart = fsc.newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY);
//indexFileName = "index" + Integer.toString(index) + ".dat";
indexFileName = "index" + Long.toString(bbart.getArtifactID()) + ".dat";
temps = currentCase.getTempDirectory() + "\\" + indexFileName;
temps = currentCase.getTempDirectory() + File.separator + indexFileName;
File datFile = new File(temps);
ContentUtils.writeToFile(fsc, datFile);
@ -98,31 +136,27 @@ public class ExtractIE { // implements BrowserActivity {
//At this point pasco2 proccessed the index files.
//Now fetch the results, parse them and the delete the files.
if(bPascProcSuccess)
{
if (bPascProcSuccess) {
//Delete index<n>.dat file since it was succcessfully by Pasco
datFile.delete();
}
++index;
}
}
catch(Exception ioex)
{
} catch (Exception ioex) {
logger.log(Level.SEVERE, "Error while trying to write index.dat files.", ioex);
}
}
//Simple wrapper to JavaSystemCaller.Exec() to execute pasco2 jar
// TODO: Hardcoded command args/path needs to be removed. Maybe set some constants and set env variables for classpath
// I'm not happy with this code. Can't stand making a system call, is not an acceptable solution but is a hack for now.
private boolean executePasco(String indexFilePath, int fileIndex, long bbId)
{
private boolean executePasco(String indexFilePath, int fileIndex, long bbId) {
if (pascoFound == false)
return false;
boolean success = true;
try
{
try {
List<String> command = new ArrayList<String>();
command.add("-cp");
@ -131,14 +165,12 @@ public class ExtractIE { // implements BrowserActivity {
command.add(" -T history");
command.add(indexFilePath);
//command.add(" > " + PASCO_RESULTS_PATH + "\\pasco2Result" + Integer.toString(fileIndex) + ".txt");
command.add(" > " + PASCO_RESULTS_PATH + "\\" + Long.toString(bbId));
command.add(" > " + PASCO_RESULTS_PATH + File.separator + Long.toString(bbId));
String[] cmd = command.toArray(new String[0]);
JavaSystemCaller.Exec.execute("java", cmd);
}
catch(Exception e)
{
} catch (Exception e) {
success = false;
logger.log(Level.SEVERE, "ExtractIE::executePasco() -> ", e.getMessage());
}
@ -146,8 +178,9 @@ public class ExtractIE { // implements BrowserActivity {
return success;
}
public void parsePascoResults()
{
public void parsePascoResults() {
if (pascoFound == false)
return;
// First thing we want to do is check to make sure the results directory
// is not empty.
File rFile = new File(PASCO_RESULTS_PATH);
@ -156,33 +189,27 @@ public class ExtractIE { // implements BrowserActivity {
//Let's make sure our list and lut are empty.
//PASCO_RESULTS_LIST.clear();
if(rFile.exists())
{
if (rFile.exists()) {
//Give me a list of pasco results in that directory
File[] pascoFiles = rFile.listFiles();
if(pascoFiles.length > 0)
{
try
{
for (File file : pascoFiles)
{
if (pascoFiles.length > 0) {
try {
for (File file : pascoFiles) {
String bbartname = file.getName();
//bbartname = bbartname.substring(0, 4);
long bbartId = Long.parseLong(bbartname);
// Make sure the file the is not empty or the Scanner will
// throw a "No Line found" Exception
if (file != null && file.length() > 0 )
{
if (file != null && file.length() > 0) {
Scanner fileScanner = new Scanner(new FileInputStream(file.toString()));
//Skip the first three lines
fileScanner.nextLine();
fileScanner.nextLine();
fileScanner.nextLine();
while (fileScanner.hasNext())
{
while (fileScanner.hasNext()) {
String line = fileScanner.nextLine();
@ -192,8 +219,7 @@ public class ExtractIE { // implements BrowserActivity {
String pattern = "(?)URL(\\s)(V|\\:)";
Pattern p = Pattern.compile(pattern);
Matcher m = p.matcher(line);
if(m.find())
{
if (m.find()) {
try {
String[] lineBuff = line.split("\\t");
PASCO_RESULTS_LUT = new HashMap<String, Object>();
@ -221,8 +247,7 @@ public class ExtractIE { // implements BrowserActivity {
IE_PASCO_LUT.addMap(IE_OBJ);
PASCO_RESULTS_LIST.add(PASCO_RESULTS_LUT);
}
catch (TskException ex) {
} catch (TskException ex) {
Exceptions.printStackTrace(ex);
}
}
@ -232,14 +257,11 @@ public class ExtractIE { // implements BrowserActivity {
//TODO: Fix Delete issue
boolean bDelete = file.delete();
}
}
catch(IOException ioex)
{
} catch (IOException ioex) {
logger.log(Level.SEVERE, "ExtractIE::parsePascosResults() -> ", ioex.getMessage());
}
}
}
}
}