mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-08 22:29:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/sleuthkit/autopsy

Browse Source 
Conflicts:
	RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
This commit is contained in:
Tim McIver 2012-12-03 17:38:25 -05:00
commit 996d98af9e
14 changed files with 416 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Core/src/org/sleuthkit/autopsy/casemodule/AddImageVisualPanel2.java
View File

@ -53,6 +53,7 @@ final class AddImageVisualPanel2 extends JPanel {
infoPanel.add(progressLabel); infoPanel.add(progressLabel);
infoPanel.add(Box.createRigidArea(new Dimension(10, 10))); //spacer infoPanel.add(Box.createRigidArea(new Dimension(10, 10))); //spacer
this.jScrollPane1.setBorder(null); this.jScrollPane1.setBorder(null);
this.TextArea_CurrentDirectory.setBackground(this.getBackground());
} }
void resetInfoPanel() { void resetInfoPanel() {
@ -108,7 +109,15 @@ final class AddImageVisualPanel2 extends JPanel {
* @param dir the text to update with * @param dir the text to update with
*/ */
public void changeCurrentDir(String dir){ public void changeCurrentDir(String dir){
this.TextArea_CurrentDirectory.setText(dir.trim().isEmpty() ? "Folder Information Unavailable" : dir); this.TextArea_CurrentDirectory.setText(dir);
}
/**
* Sets the CurrentlyProcessing tag and text area to be invisible
*/
public void setProcessInvis(){
this.Label_CurrentDirectory_Static.setVisible(false);
this.TextArea_CurrentDirectory.setVisible(false);
} }

31
Core/src/org/sleuthkit/autopsy/casemodule/AddImageWizardPanel3.java
View File

@ -202,26 +202,31 @@ class AddImageWizardPanel3 implements WizardDescriptor.Panel<WizardDescriptor> {
* Class for getting the currently processing directory. * Class for getting the currently processing directory.
* *
*/ */
private class CurrentDirectoryFetcher extends SwingWorker<Integer, Integer> {
private static class CurrentDirectoryFetcher extends SwingWorker<Integer,Integer> {
AddImgTask task; AddImgTask task;
JProgressBar prog;
AddImageVisualPanel2 wiz;
AddImageProcess proc;
CurrentDirectoryFetcher(AddImgTask task) { CurrentDirectoryFetcher(JProgressBar prog, AddImageVisualPanel2 wiz, AddImageProcess proc){
this.task = task; this.wiz = wiz;
this.proc = proc;
this.prog = prog;
} }
/** /**
* @return the currently processing directory * @return the currently processing directory
*/ */
@Override @Override
protected Integer doInBackground() { protected Integer doInBackground(){
try { try{
while (task.progressBar.getValue() < 100 || task.progressBar.isIndeterminate()) { while(prog.getValue() < 100 || prog.isIndeterminate()){ //TODO Rely on state variable in AddImgTask class
EventQueue.invokeLater(new Runnable() { EventQueue.invokeLater(new Runnable() {
@Override @Override
public void run() { public void run() {
wizPanel.getComponent().changeCurrentDir(process.currentDirectory()); wiz.changeCurrentDir(proc.currentDirectory());
} }
}); });
@ -232,8 +237,18 @@ class AddImageWizardPanel3 implements WizardDescriptor.Panel<WizardDescriptor> {
return -1; return -1;
} }
} }
/**
* When done, set the Wizards processing tags to be invisible
*/
@Override
protected void done() {
wiz.setProcessInvis();
}
} }
/** /**
* Thread that will make the JNI call to ingest the image. * Thread that will make the JNI call to ingest the image.
*/ */
@ -298,7 +313,7 @@ class AddImageWizardPanel3 implements WizardDescriptor.Panel<WizardDescriptor> {
process = currentCase.makeAddImageProcess(timeZone, true, noFatOrphans); process = currentCase.makeAddImageProcess(timeZone, true, noFatOrphans);
fetcher = new CurrentDirectoryFetcher(this); fetcher = new CurrentDirectoryFetcher(this.progressBar, wizPanel.getComponent(), process);
cancelledWhileRunning.enable(); cancelledWhileRunning.enable();
try { try {
wizPanel.setStateStarted(); wizPanel.setStateStarted();

12
Core/src/org/sleuthkit/autopsy/casemodule/Case.java
View File

@ -165,11 +165,13 @@ public class Case {
String oldCaseName = oldCase != null ? oldCase.name : ""; String oldCaseName = oldCase != null ? oldCase.name : "";
doCaseChange(null); //closes windows, etc
pcs.firePropertyChange(CASE_CURRENT_CASE, oldCase, null); pcs.firePropertyChange(CASE_CURRENT_CASE, oldCase, null);
doCaseChange(null);
pcs.firePropertyChange(CASE_NAME, oldCaseName, "");
doCaseNameChange(""); doCaseNameChange("");
pcs.firePropertyChange(CASE_NAME, oldCaseName, "");
@ -827,14 +829,16 @@ public class Case {
Case.runAddImageAction(); Case.runAddImageAction();
} }
} else { // case is closed } else { // case is closed
// close all top components first
CoreComponentControl.closeCoreWindows();
// disable these menus // disable these menus
CallableSystemAction.get(AddImageAction.class).setEnabled(false); // Add Image menu CallableSystemAction.get(AddImageAction.class).setEnabled(false); // Add Image menu
CallableSystemAction.get(CaseCloseAction.class).setEnabled(false); // Case Close menu CallableSystemAction.get(CaseCloseAction.class).setEnabled(false); // Case Close menu
CallableSystemAction.get(CasePropertiesAction.class).setEnabled(false); // Case Properties menu CallableSystemAction.get(CasePropertiesAction.class).setEnabled(false); // Case Properties menu
CallableSystemAction.get(CaseDeleteAction.class).setEnabled(false); // Delete Case menu CallableSystemAction.get(CaseDeleteAction.class).setEnabled(false); // Delete Case menu
// close all top components
CoreComponentControl.closeCoreWindows();
Frame f = WindowManager.getDefault().getMainWindow(); Frame f = WindowManager.getDefault().getMainWindow();
f.setTitle(Case.getAppName()); // set the window name to just application name f.setTitle(Case.getAppName()); // set the window name to just application name

4
Core/src/org/sleuthkit/autopsy/casemodule/CaseSchema.xsd
View File

@ -6,9 +6,9 @@
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<!-- definition of simple elements --> <!-- definition of simple elements -->
<xs:element name="Name" type="xs:string"/> <xs:element name="Name" type="String"/>
<xs:element name="Number" type="Integer" nillable="true"/> <xs:element name="Number" type="String" nillable="true"/>
<xs:element name="Examiner" type="String" nillable="true"/> <xs:element name="Examiner" type="String" nillable="true"/>

2
Core/src/org/sleuthkit/autopsy/datamodel/VolumeNode.java
View File

@ -20,6 +20,7 @@ package org.sleuthkit.autopsy.datamodel;
import javax.swing.Action; import javax.swing.Action;
import org.openide.nodes.Sheet; import org.openide.nodes.Sheet;
import org.sleuthkit.autopsy.directorytree.ExtractUnallocAction;
import org.sleuthkit.datamodel.Volume; import org.sleuthkit.datamodel.Volume;
/** /**
@ -66,6 +67,7 @@ public class VolumeNode extends AbstractContentNode<Volume> {
public Action[] getActions(boolean popup) { public Action[] getActions(boolean popup) {
return new Action[]{ //new ShowDetailAction("Volume Details", this.getName(), this), return new Action[]{ //new ShowDetailAction("Volume Details", this.getName(), this),
//new ShowDetailAction("File System Details", this.getName(), this) //new ShowDetailAction("File System Details", this.getName(), this)
//new ExtractUnallocAction("Extract Unallocated Files to single Single", this)
}; };
} }

1
Core/src/org/sleuthkit/autopsy/directorytree/DataResultFilterNode.java
View File

@ -160,7 +160,6 @@ public class DataResultFilterNode extends FilterNode {
List<Action> actions = new ArrayList<Action>(); List<Action> actions = new ArrayList<Action>();
actions.add(new NewWindowViewAction("View in New Window", vol)); actions.add(new NewWindowViewAction("View in New Window", vol));
actions.addAll(ShowDetailActionVisitor.getActions(vol.getLookup().lookup(Content.class))); actions.addAll(ShowDetailActionVisitor.getActions(vol.getLookup().lookup(Content.class)));
return actions; return actions;
} }

279
Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java Normal file
View File

@ -0,0 +1,279 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.directorytree;
import java.awt.Frame;
import java.awt.event.ActionEvent;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.List;
import java.util.logging.Level;
import javax.swing.AbstractAction;
import javax.swing.JOptionPane;
import javax.swing.SwingWorker;
import org.netbeans.api.progress.ProgressHandle;
import org.netbeans.api.progress.ProgressHandleFactory;
import org.openide.util.Cancellable;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.datamodel.VolumeNode;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.ContentVisitor;
import org.sleuthkit.datamodel.Directory;
import org.sleuthkit.datamodel.FileSystem;
import org.sleuthkit.datamodel.LayoutDirectory;
import org.sleuthkit.datamodel.LayoutFile;
import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.Volume;
/**
* Extracts all the unallocated space as a single file
*/
public final class ExtractUnallocAction extends AbstractAction{
private List<LayoutFile> llf;
long VolumeId;
String ImageName;
long ImageId;
volatile static boolean running = false;
private static final Logger logger = Logger.getLogger(ExtractUnallocAction.class.getName());
public ExtractUnallocAction(String title, Volume volu){
super(title);
VolumeId = volu.getId();
try{
ImageName = volu.getImage().getName();
ImageId = volu.getImage().getId();
} catch(TskCoreException tce){
logger.log(Level.WARNING, "Unable to properly create ExtractUnallocAction, extraction may be incomplete", tce);
ImageName = "";
ImageId = 0;
}
llf = getUnallocFiles(volu);
Collections.sort(llf, new SortObjId());
}
/**
* Writes the unallocated files to $CaseDir/Export/ImgName-Unalloc-ImgObjectID-VolumeID.dat
* @param e
*/
@Override
public void actionPerformed(ActionEvent e) {
if (llf != null && llf.size() > 0) {
String UnallocName = ImageName + "-Unalloc-" + ImageId + "-" + VolumeId + ".dat";
//Format for single Unalloc File is ImgName-Unalloc-ImgObjectID-VolumeID.dat
File unalloc = new File(Case.getCurrentCase().getCaseDirectory() + File.separator + "Export" + File.separator + UnallocName);
if(running){
JOptionPane.showMessageDialog(new Frame(), "Unallocated Space is already running on this volume. Please select a different volume.");
return;
}
if (unalloc.exists()) {
int res = JOptionPane.showConfirmDialog(new Frame(), "The Unalloc File for this volume, " + UnallocName + " already exists, do you want to replace it?");
if (res == JOptionPane.YES_OPTION) {
unalloc.delete();
} else {
return;
}
}
ExtractUnallocWorker uw = new ExtractUnallocWorker(unalloc);
uw.execute();
} else {
logger.log(Level.WARNING, "Tried to get unallocated content from volume ID " + VolumeId + ", but its list of unallocated files was empty or null");
}
}
private List<LayoutFile> getUnallocFiles(Content c) {
UnallocVisitor uv = new UnallocVisitor();
logger.log(Level.INFO, "Sending out Unallocated File Visitor");
try {
return c.getChildren().get(0).accept(uv); //Launching it on the root directory
} catch (TskCoreException tce) {
logger.log(Level.WARNING, "Couldn't get a list of Unallocated Files, failed at sending out the visitor ", tce);
}
return null;
}
/**
* Private class for dispatching the file IO in a background thread.
*/
private class ExtractUnallocWorker extends SwingWorker<Integer, Integer> {
File path;
private ProgressHandle progress;
private boolean canceled = false;
ExtractUnallocWorker(File path) {
this.path = path;
running = true;
}
@Override
protected Integer doInBackground() {
try {
progress = ProgressHandleFactory.createHandle("Extracting " + path.getName(), new Cancellable() {
@Override
public boolean cancel() {
logger.log(Level.INFO, "Canceling extraction of Unalloc file " + path.getName());
canceled = true;
if (progress != null) {
progress.setDisplayName(path.getName() + " (Cancelling...)");
}
return true;
}
});
FileOutputStream fos = new FileOutputStream(path);
int MAX_BYTES = 8192;
byte[] buf = new byte[MAX_BYTES]; //read 8k at a time
logger.log(Level.INFO, "Writing Unalloc file to " + path.getPath());
progress.start(llf.size());
int count = 0;
for (LayoutFile f : llf) {
long offset = 0L;
while (offset != f.getSize() && !canceled) {
offset += f.read(buf, offset, MAX_BYTES); //Offset + Bytes read
fos.write(buf);
}
progress.progress(count++);
}
progress.finish();
fos.flush();
fos.close();
if(canceled){
path.delete();
logger.log(Level.INFO, "Canceled extraction of " + path.getName() + " and deleted file");
}
else{
logger.log(Level.INFO, "Finished writing unalloc file");
}
} catch (IOException ioe) {
logger.log(Level.WARNING, "Could not create Unalloc File; error writing file", ioe);
return -1;
} catch (TskCoreException tce) {
logger.log(Level.WARNING, "Could not create Unalloc File; error getting image info", tce);
return -1;
}finally{
running = false;
}
return 1;
}
}
private static class UnallocVisitor extends ContentVisitor.Default<List<LayoutFile>> {
/**
* If the volume has no FileSystem, then it will call this method to return the single instance of unallocated space.
* @param lf the LayoutFile the visitor encountered
* @return A list<LayoutFile> of size 1, returns null if it fails
*/
@Override
public List<LayoutFile> visit(final org.sleuthkit.datamodel.LayoutFile lf) {
return new ArrayList<LayoutFile>() {
{
add(lf);
}
};
}
/**
* If the visitor finds a FileSystem, it will filter the results for directories and return on the Root Dir.
* @param fs the FileSystem the visitor encountered
* @return A list<LayoutFile> containing the layout files from subsequent Visits(), returns null if it fails
*/
@Override
public List<LayoutFile> visit(FileSystem fs) {
try {
for (Content c : fs.getChildren()){
if(((AbstractFile)c).isRoot()){
return c.accept(this);
}
}
} catch (TskCoreException tce) {
logger.log(Level.WARNING, "Couldn't get a list of Unallocated Files, failed at visiting FileSystem " + fs.getId(), tce);
}
return null;
}
/**
* LayoutDirectory has all the Layout(Unallocated) files
* @param ld LayoutDirectory the visitor encountered
* @return A list<LayoutFile> containing all the LayoutFile in ld, returns null if it fails
*/
@Override
public List<LayoutFile> visit(LayoutDirectory ld){
try{
List<LayoutFile> lflst = new ArrayList<LayoutFile>();
for(Content layout : ld.getChildren()){
lflst.add((LayoutFile)layout);
}
return lflst;
} catch(TskCoreException tce){
logger.log(Level.WARNING, "Could not get list of Layout Files, failed at visiting Layout Directory", tce);
}
return null;
}
/**
* The only time this visitor should ever encounter a directory is when parsing over Root
* @param dir the directory this visitor encountered
* @return A list<LayoutFile> containing LayoutFiles encountered during subsequent Visits(), returns null if it fails
*/
@Override
public List<LayoutFile> visit(Directory dir) {
try {
for (Content c : dir.getChildren()) {
if(c instanceof LayoutDirectory){
return c.accept(this);
}
}
}catch (TskCoreException tce) {
logger.log(Level.WARNING, "Couldn't get a list of Unallocated Files, failed at visiting Directory " + dir.getId(), tce);
}
return null;
}
@Override
protected List<LayoutFile> defaultVisit(Content cntnt) {
return null;
}
}
private class SortObjId implements Comparator<LayoutFile>{
@Override
public int compare(LayoutFile o1, LayoutFile o2) {
if(o1.getId() == o2.getId()){
return 0;
}
if(o1.getId() > o2.getId()){
return -1;
}
else{
return 1;
}
}
}
}

42
Core/src/org/sleuthkit/autopsy/directorytree/ShowDetailActionVisitor.java
View File

@ -44,11 +44,7 @@ import org.sleuthkit.datamodel.FileSystem;
import org.sleuthkit.datamodel.Image; import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.Volume; import org.sleuthkit.datamodel.Volume;
/**
*
*
* @author jantonius
*/
class ShowDetailActionVisitor extends ContentVisitor.Default<List<? extends Action>> { class ShowDetailActionVisitor extends ContentVisitor.Default<List<? extends Action>> {
private static ShowDetailActionVisitor instance = new ShowDetailActionVisitor(); private static ShowDetailActionVisitor instance = new ShowDetailActionVisitor();
@ -231,11 +227,32 @@ class ShowDetailActionVisitor extends ContentVisitor.Default<List<? extends Acti
@Override @Override
public List<? extends Action> visit(final Volume vol) { public List<? extends Action> visit(final Volume vol) {
final String title = "Volume Details"; List<AbstractAction> lst = new ArrayList<AbstractAction>();
lst.add(new VolumeDetailsAction("Volume Details", vol));
lst.add(new ExtractUnallocAction("Extract Unallocated Space to Single File", vol));
return lst;
}
return Collections.singletonList(new AbstractAction(title) {
@Override @Override
protected List<? extends Action> defaultVisit(Content di) {
return new ArrayList<Action>();
}
}
class VolumeDetailsAction extends AbstractAction{
String title;
Volume vol;
VolumeDetailsAction(String title, Volume vol){
super(title);
this.title = title;
this.vol = vol;
}
@Override
public void actionPerformed(ActionEvent e) { public void actionPerformed(ActionEvent e) {
Logger.noteAction(ShowDetailActionVisitor.class); Logger.noteAction(ShowDetailActionVisitor.class);
@ -289,11 +306,4 @@ class ShowDetailActionVisitor extends ContentVisitor.Default<List<? extends Acti
popUpWindow.setVisible(true); popUpWindow.setVisible(true);
} }
}); }
}
@Override
protected List<? extends Action> defaultVisit(Content di) {
return new ArrayList<Action>();
}
}

6
HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java
View File

@ -70,6 +70,8 @@ public class HashDbIngestModule implements IngestModuleAbstractFile {
private Map<Integer, HashDb> knownBadSets = new HashMap<Integer, HashDb>(); private Map<Integer, HashDb> knownBadSets = new HashMap<Integer, HashDb>();
private HashDbManagementPanel panel; private HashDbManagementPanel panel;
private final Hash hasher = new Hash();
private HashDbIngestModule() { private HashDbIngestModule() {
count = 0; count = 0;
} }
@ -332,7 +334,7 @@ public class HashDbIngestModule implements IngestModuleAbstractFile {
String md5Hash = fsContent.getMd5Hash(); String md5Hash = fsContent.getMd5Hash();
if (md5Hash == null || md5Hash.isEmpty()) { if (md5Hash == null || md5Hash.isEmpty()) {
long calcstart = System.currentTimeMillis(); long calcstart = System.currentTimeMillis();
md5Hash = Hash.calculateMd5(fsContent); md5Hash = hasher.calculateMd5(fsContent);
calctime += (System.currentTimeMillis() - calcstart); calctime += (System.currentTimeMillis() - calcstart);
} }
TskData.FileKnown status = TskData.FileKnown.UKNOWN; TskData.FileKnown status = TskData.FileKnown.UKNOWN;
@ -374,7 +376,7 @@ public class HashDbIngestModule implements IngestModuleAbstractFile {
String md5Hash = fsContent.getMd5Hash(); String md5Hash = fsContent.getMd5Hash();
if (md5Hash == null || md5Hash.isEmpty()) { if (md5Hash == null || md5Hash.isEmpty()) {
long calcstart = System.currentTimeMillis(); long calcstart = System.currentTimeMillis();
Hash.calculateMd5(fsContent); hasher.calculateMd5(fsContent);
calctime += (System.currentTimeMillis() - calcstart); calctime += (System.currentTimeMillis() - calcstart);
} }
ret = ProcessResult.OK; ret = ProcessResult.OK;

27
HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbSearchAction.java
View File

@ -32,13 +32,13 @@ import org.sleuthkit.datamodel.FsContent;
/** /**
* Searches for FsContent Files with the same MD5 hash as the given Node's * Searches for FsContent Files with the same MD5 hash as the given Node's
* FsContent's MD5 hash. This action should only be available from Nodes with * FsContent's MD5 hash. This action should only be available from Nodes with
* specific Content attached; it is manually programmed into a Node's available actions. * specific Content attached; it is manually programmed into a Node's available
* actions.
*/ */
public class HashDbSearchAction extends CallableSystemAction implements HashSearchProvider { public class HashDbSearchAction extends CallableSystemAction implements HashSearchProvider {
private static final InitializeContentVisitor initializeCV = new InitializeContentVisitor(); private static final InitializeContentVisitor initializeCV = new InitializeContentVisitor();
private FsContent fsContent; private FsContent fsContent;
private static HashDbSearchAction instance = null; private static HashDbSearchAction instance = null;
HashDbSearchAction() { HashDbSearchAction() {
@ -46,7 +46,7 @@ public class HashDbSearchAction extends CallableSystemAction implements HashSear
} }
public static HashDbSearchAction getDefault() { public static HashDbSearchAction getDefault() {
if(instance == null){ if (instance == null) {
instance = new HashDbSearchAction(); instance = new HashDbSearchAction();
} }
return instance; return instance;
@ -82,25 +82,18 @@ public class HashDbSearchAction extends CallableSystemAction implements HashSear
} }
/** /**
* Find all files with the same MD5 hash as this' fsContent. fsContent should * Find all files with the same MD5 hash as this' fsContent. fsContent
* be previously set by calling the search function, which in turn calls performAction. * should be previously set by calling the search function, which in turn
* calls performAction.
*/ */
@Override @Override
public void performAction() { public void performAction() {
// Make sure all files have an md5 hash // Make sure at least 1 file has an md5 hash
if(HashDbSearcher.allFilesMd5Hashed()) { if (HashDbSearcher.countFilesMd5Hashed() > 0) {
doSearch(); doSearch();
// and if not, warn the user
} else if(HashDbSearcher.countFilesMd5Hashed() > 0) {
Object selected = JOptionPane.showConfirmDialog(null, "Not all files have MD5 hashes. "
+ "Search results will be incomplete.\n"
+ "Would you like to search anyway?", "File Search by MD5 Hash", JOptionPane.YES_NO_OPTION);
if(selected.equals(JOptionPane.YES_OPTION)) {
doSearch();
}
} else { } else {
JOptionPane.showMessageDialog(null, "No files currently have an MD5 hash.", JOptionPane.showMessageDialog(null, "No files currently have an MD5 hash calculated, run HashDB ingest first.",
"File Search by MD5 Hash", JOptionPane.ERROR_MESSAGE); "File Search by MD5 Hash", JOptionPane.ERROR_MESSAGE);
} }
} }

17
HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbSearchPanel.java
View File

@ -292,20 +292,9 @@ public class HashDbSearchPanel extends javax.swing.JPanel implements ActionListe
boolean search() { boolean search() {
// Check if any hashed have been entered // Check if any hashed have been entered
if(hashTable.getRowCount()!=0) { if(hashTable.getRowCount()!=0) {
// Make sure all files have an md5 hash // Make sure at least 1 file has an md5 hash
if(HashDbSearcher.allFilesMd5Hashed()) { if(HashDbSearcher.countFilesMd5Hashed() > 0) {
return doSearch(); return doSearch();
// and if not, warn the user
} else if(HashDbSearcher.countFilesMd5Hashed() > 0) {
errorField.setVisible(false);
Object selected = JOptionPane.showConfirmDialog(null, "Not all files have MD5 hashes. "
+ "Search results will be incomplete.\n"
+ "Would you like to search anyway?", "File Search by MD5 Hash", JOptionPane.YES_NO_OPTION);
if(selected.equals(JOptionPane.YES_OPTION)) {
return doSearch();
} else {
return false;
}
} else { } else {
JOptionPane.showMessageDialog(null, "No files currently have an MD5 hash.", JOptionPane.showMessageDialog(null, "No files currently have an MD5 hash.",
"File Search by MD5 Hash", JOptionPane.ERROR_MESSAGE); "File Search by MD5 Hash", JOptionPane.ERROR_MESSAGE);

40
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentPanel.java
View File

@ -25,6 +25,7 @@ import java.awt.event.ItemEvent;
import java.awt.event.ItemListener; import java.awt.event.ItemListener;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.logging.Level;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
import javax.swing.JMenuItem; import javax.swing.JMenuItem;
import javax.swing.SwingWorker; import javax.swing.SwingWorker;
@ -39,6 +40,7 @@ import javax.swing.text.html.HTMLEditorKit;
import javax.swing.text.html.HTMLEditorKit.HTMLFactory; import javax.swing.text.html.HTMLEditorKit.HTMLFactory;
import org.netbeans.api.progress.ProgressHandle; import org.netbeans.api.progress.ProgressHandle;
import org.netbeans.api.progress.ProgressHandleFactory; import org.netbeans.api.progress.ProgressHandleFactory;
import org.sleuthkit.autopsy.coreutils.EscapeUtil;
import org.sleuthkit.autopsy.coreutils.TextUtil; import org.sleuthkit.autopsy.coreutils.TextUtil;
/** /**
@ -320,7 +322,7 @@ class ExtractedContentPanel extends javax.swing.JPanel {
*/ */
void setSources(List<MarkupSource> sources) { void setSources(List<MarkupSource> sources) {
sourceComboBox.removeAllItems(); sourceComboBox.removeAllItems();
setPanelText(null); setPanelText(null, false);
for (MarkupSource ms : sources) { for (MarkupSource ms : sources) {
sourceComboBox.addItem(ms); sourceComboBox.addItem(ms);
@ -351,15 +353,28 @@ class ExtractedContentPanel extends javax.swing.JPanel {
return (MarkupSource) sourceComboBox.getSelectedItem(); return (MarkupSource) sourceComboBox.getSelectedItem();
} }
private void setPanelText(String text) { private void setPanelText(String text, boolean detectDirection) {
if (text == null ) { if (text == null) {
text = ""; text = "";
} }
//detect text direction using first 1024 chars and set it if (detectDirection) {
final int maxOrientChars = Math.min(text.length(), 1024); //detect text direction using first 1024 chars and set it
final String orientDetectText = text.substring(0, maxOrientChars); //get first up to 1024 chars, strip <pre> tag and unescape html to get the string on which to detect
extractedTextPane.applyComponentOrientation(TextUtil.getTextDirection(orientDetectText)); final int len = text.length();
final int prefixLen = "<pre>".length();
if (len > prefixLen) {
final int maxOrientChars = Math.min(len, 1024);
final String orientDetectText = EscapeUtil.unEscapeHtml(text.substring(prefixLen, maxOrientChars));
ComponentOrientation direction = TextUtil.getTextDirection(orientDetectText);
//logger.log(Level.INFO, "ORIENTATION LEFT TO RIGHT: " + direction.isLeftToRight());
extractedTextPane.applyComponentOrientation(direction);
} else {
extractedTextPane.applyComponentOrientation(ComponentOrientation.LEFT_TO_RIGHT);
}
} else {
extractedTextPane.applyComponentOrientation(ComponentOrientation.LEFT_TO_RIGHT);
}
extractedTextPane.setText(text); extractedTextPane.setText(text);
extractedTextPane.setCaretPosition(0); extractedTextPane.setCaretPosition(0);
@ -572,13 +587,12 @@ class ExtractedContentPanel extends javax.swing.JPanel {
} }
} }
/** /**
* Gets and sets new markup. Updates GUI in GUI thread and gets markup in background thread. * Gets and sets new markup. Updates GUI in GUI thread and gets markup in
* To be invoked from GUI thread only. * background thread. To be invoked from GUI thread only.
*/ */
private void setMarkup(MarkupSource source) { private void setMarkup(MarkupSource source) {
setPanelText("<span style='font-style:italic'>Loading text... Please wait</span>"); setPanelText("<span style='font-style:italic'>Loading text... Please wait</span>", false);
new SetMarkup(source).execute(); new SetMarkup(source).execute();
} }
@ -613,9 +627,9 @@ class ExtractedContentPanel extends javax.swing.JPanel {
//super.done(); //super.done();
progress.finish(); progress.finish();
if (markup != null) { if (markup != null) {
setPanelText(markup); setPanelText(markup, true);
} else { } else {
setPanelText(""); setPanelText("", false);
} }
updateControls(source); updateControls(source);

9
NEWS.txt
View File

@ -3,11 +3,16 @@
New features: New features:
Improvements: Improvements:
- Add Image Wizard - better work-flow, better device size reporting - File Ingest: minimized file queuing time and memory usage
- File Ingest: reduced file queuing time and memory usage - Add Image Wizard - better work-flow, better device size reporting, info on currently processed directory
- Added extraction of all unallocated blocks (from volume, image) as a single file
- Reporting improvements: reorganized columns, sorted by 1st column, added logo to html report
Bugfixes: Bugfixes:
- fixed periodic keyword search during ingest, when it'd run max. 2 times only - fixed periodic keyword search during ingest, when it'd run max. 2 times only
- fixed Downloads "target" in Recent Activity
- fixed missing hash and keyword search hits in reports
---------------- VERSION 3.0.1 -------------- ---------------- VERSION 3.0.1 --------------

7
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -282,8 +282,6 @@ public class Firefox extends Extract implements IngestModuleImage {
// This gets the downloads info // This gets the downloads info
private void getDownload(Image image, IngestImageWorkerController controller) { private void getDownload(Image image, IngestImageWorkerController controller) {
//List<FsContent> downloadsFiles = this.extractFiles(image, "select * from tsk_files where name LIKE 'downloads.sqlite' and name NOT LIKE '%journal%' and parent_path LIKE '%Firefox%'");
FileManager fileManager = currentCase.getServices().getFileManager(); FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> downloadsFiles = null; List<FsContent> downloadsFiles = null;
try { try {
@ -325,7 +323,7 @@ public class Firefox extends Extract implements IngestModuleImage {
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", (Long.valueOf(result.get("startTime").toString())))); //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", (Long.valueOf(result.get("startTime").toString()))));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), "RecentActivity", (Long.valueOf(result.get("startTime").toString())))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), "RecentActivity", (Long.valueOf(result.get("startTime").toString()))));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(), "RecentActivity", Util.findID(image, urldecodedtarget))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(), "RecentActivity", Util.findID(image, urldecodedtarget)));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "RecentActivity", urldecodedtarget)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "RecentActivity", ((result.get("target").toString() != null) ? result.get("target").toString() : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "FireFox")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "FireFox"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", (Util.extractDomain((result.get("source").toString() != null) ? result.get("source").toString() : "")))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", (Util.extractDomain((result.get("source").toString() != null) ? result.get("source").toString() : ""))));
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes); this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes);
@ -337,8 +335,9 @@ public class Firefox extends Extract implements IngestModuleImage {
if (errors > 0) { if (errors > 0) {
this.addErrorMessage(this.getName() + ": Error parsing " + errors + " Firefox web history artifacts."); this.addErrorMessage(this.getName() + ": Error parsing " + errors + " Firefox web history artifacts.");
} }
++j; j++;
dbFile.delete(); dbFile.delete();
break;
} }
services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD)); services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD));