From 7f9b87ed1aca688d8c77bbdffddf2f637609ac5c Mon Sep 17 00:00:00 2001 From: "Samuel H. Kenyon" Date: Thu, 26 Dec 2013 13:23:36 -0500 Subject: [PATCH 01/13] Add another BB attribute for each hashset hit containing a concatenation of comments. --- .../hashdatabase/HashDbIngestModule.java | 21 ++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java index f3f63ebd16..4843dedbdb 100644 --- a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java +++ b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java @@ -50,6 +50,7 @@ public class HashDbIngestModule extends IngestModuleAbstractFile { public final static String MODULE_DESCRIPTION = "Identifies known and notables files using supplied hash databases, such as a standard NSRL database."; final public static String MODULE_VERSION = Version.getVersion(); private static final Logger logger = Logger.getLogger(HashDbIngestModule.class.getName()); + private static final int MAX_COMMENT_SIZE = 500; private HashDbSimpleConfigPanel simpleConfigPanel; private HashDbConfigPanel advancedConfigPanel; private IngestServices services; @@ -227,9 +228,20 @@ public class HashDbIngestModule extends IngestModuleAbstractFile { services.postMessage(IngestMessage.createErrorMessage(++messageId, HashDbIngestModule.this, "Hash Lookup Error: " + name, "Error encountered while setting known bad state for " + name + ".")); ret = ProcessResult.ERROR; - } + } String hashSetName = db.getHashSetName(); - postHashSetHitToBlackboard(file, md5Hash, hashSetName, db.getSendIngestMessages()); + + String comment = ""; + ArrayList comments = db.lookUp(file).getComments(); + for (String c : comments) { + comment += c + ". "; + if (comment.length() > MAX_COMMENT_SIZE) { + comment = comment.substring(0, MAX_COMMENT_SIZE) + "..."; + break; + } + } + + postHashSetHitToBlackboard(file, md5Hash, hashSetName, comment, db.getSendIngestMessages()); } lookuptime += (System.currentTimeMillis() - lookupstart); } catch (TskException ex) { @@ -271,7 +283,7 @@ public class HashDbIngestModule extends IngestModuleAbstractFile { return ret; } - private void postHashSetHitToBlackboard(AbstractFile abstractFile, String md5Hash, String hashSetName, boolean showInboxMessage) { + private void postHashSetHitToBlackboard(AbstractFile abstractFile, String md5Hash, String hashSetName, String comment, boolean showInboxMessage) { try { BlackboardArtifact badFile = abstractFile.newArtifact(ARTIFACT_TYPE.TSK_HASHSET_HIT); //TODO Revisit usage of deprecated constructor as per TSK-583 @@ -280,6 +292,9 @@ public class HashDbIngestModule extends IngestModuleAbstractFile { badFile.addAttribute(att2); BlackboardAttribute att3 = new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_HASH_MD5.getTypeID(), MODULE_NAME, md5Hash); badFile.addAttribute(att3); + BlackboardAttribute att4 = new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID(), MODULE_NAME, comment); + badFile.addAttribute(att4); + if (showInboxMessage) { StringBuilder detailsSb = new StringBuilder(); //details From a94ae1eaf79ef2f97a39c7202a080411e1cf1b61 Mon Sep 17 00:00:00 2001 From: "Samuel H. Kenyon" Date: Thu, 26 Dec 2013 14:10:40 -0500 Subject: [PATCH 02/13] Only add a separator if there is more than one comment. --- .../autopsy/hashdatabase/HashDbIngestModule.java | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java index 4843dedbdb..6e8d895f06 100644 --- a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java +++ b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java @@ -231,10 +231,14 @@ public class HashDbIngestModule extends IngestModuleAbstractFile { } String hashSetName = db.getHashSetName(); - String comment = ""; + String comment = ""; ArrayList comments = db.lookUp(file).getComments(); + int i = 0; for (String c : comments) { - comment += c + ". "; + comment += c; + if (++i > 1) { + c += ". "; + } if (comment.length() > MAX_COMMENT_SIZE) { comment = comment.substring(0, MAX_COMMENT_SIZE) + "..."; break; From ceab182a5cffc707a8073d16a32c55eafcca0fbf Mon Sep 17 00:00:00 2001 From: "Samuel H. Kenyon" Date: Fri, 27 Dec 2013 16:22:32 -0500 Subject: [PATCH 03/13] If BB node wraps a mismatch artifact, then add props (columns) for extension and file type. --- .../datamodel/BlackboardArtifactNode.java | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java index 3b77c81a7e..40f7ebc0f8 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java @@ -126,6 +126,32 @@ public class BlackboardArtifactNode extends DisplayableItemNode { } final int artifactTypeId = artifact.getArtifactTypeID(); + // If mismatch, add props for extension and file type + if (artifactTypeId == BlackboardArtifact.ARTIFACT_TYPE.TSK_EXT_MISMATCH_DETECTED.getTypeID()) { + String actualExt = ""; + int i = associated.getName().lastIndexOf("."); + if ((i > -1) && ((i + 1) < associated.getName().length())) { + actualExt = associated.getName().substring(i + 1).toLowerCase(); + } + ss.put(new NodeProperty("Extension", "Extension", NO_DESCR, actualExt)); + + try { + String actualMimeType = ""; + ArrayList artList = associated.getAllArtifacts(); + for (BlackboardArtifact art : artList) { + List atrList = art.getAttributes(); + for (BlackboardAttribute att : atrList) { + if (att.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG.getTypeID()) { + actualMimeType = att.getValueString(); + } + } + } + ss.put(new NodeProperty("MIME Type", "MIME Type", NO_DESCR, actualMimeType)); + } catch (TskCoreException ex) { + logger.log(Level.WARNING, "Error while searching for TSK_FILE_TYPE_SIG attribute: ", ex); + } + } + if (Arrays.asList(SHOW_UNIQUE_PATH).contains(artifactTypeId)) { String sourcePath = ""; try { From 9a1c73819d35a0bbf0691020d2fd91161c048068 Mon Sep 17 00:00:00 2001 From: "Samuel H. Kenyon" Date: Fri, 27 Dec 2013 16:29:28 -0500 Subject: [PATCH 04/13] Added a logged warning case. --- .../sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java index 40f7ebc0f8..6166fdd4d6 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java @@ -146,7 +146,11 @@ public class BlackboardArtifactNode extends DisplayableItemNode { } } } - ss.put(new NodeProperty("MIME Type", "MIME Type", NO_DESCR, actualMimeType)); + if (actualMimeType.isEmpty()) { + logger.log(Level.WARNING, "Could not find expected TSK_FILE_TYPE_SIG attribute."); + } else { + ss.put(new NodeProperty("MIME Type", "MIME Type", NO_DESCR, actualMimeType)); + } } catch (TskCoreException ex) { logger.log(Level.WARNING, "Error while searching for TSK_FILE_TYPE_SIG attribute: ", ex); } From 6995a74af3896a92df2e2ef16479c51072c82e90 Mon Sep 17 00:00:00 2001 From: "Samuel H. Kenyon" Date: Mon, 30 Dec 2013 14:48:04 -0500 Subject: [PATCH 05/13] Added isMimeTypeDetectable() method. --- .../FileTypeDetectionInterface.java | 4 ++- .../filetypeid/FileTypeIdIngestModule.java | 10 +++++++ .../filetypeid/TikaFileTypeDetector.java | 29 +++++++++++++++++++ 3 files changed, 42 insertions(+), 1 deletion(-) diff --git a/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeDetectionInterface.java b/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeDetectionInterface.java index a05091c139..47f4feb77b 100644 --- a/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeDetectionInterface.java +++ b/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeDetectionInterface.java @@ -36,5 +36,7 @@ public interface FileTypeDetectionInterface { } // You only have one job - FileIdInfo attemptMatch(AbstractFile abstractFile); + FileIdInfo attemptMatch(AbstractFile abstractFile); + + boolean isMimeTypeDetectable(String mimeType); } diff --git a/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeIdIngestModule.java b/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeIdIngestModule.java index 81c623d9b3..cb9b6a9d3e 100644 --- a/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeIdIngestModule.java +++ b/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeIdIngestModule.java @@ -173,4 +173,14 @@ public class FileTypeIdIngestModule extends org.sleuthkit.autopsy.ingest.IngestM public static void setSkipKnown(boolean flag) { skipKnown = flag; } + + /** + * Validate if a given mime type is in the detector's registry. + * @param mimeType Full string of mime type, e.g. "text/html" + * @return true if detectable + */ + public static boolean isMimeTypeDetectable(String mimeType) { + return detector.isMimeTypeDetectable(mimeType); + } + } \ No newline at end of file diff --git a/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/TikaFileTypeDetector.java b/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/TikaFileTypeDetector.java index 365584db7f..b5dbfd511e 100644 --- a/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/TikaFileTypeDetector.java +++ b/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/TikaFileTypeDetector.java @@ -18,8 +18,11 @@ */ package org.sleuthkit.autopsy.filetypeid; +import java.util.SortedSet; import org.openide.util.Exceptions; import org.apache.tika.Tika; +import org.apache.tika.mime.MediaType; +import org.apache.tika.mime.MimeTypes; import org.sleuthkit.datamodel.AbstractFile; @@ -52,4 +55,30 @@ public class TikaFileTypeDetector implements FileTypeDetectionInterface { } } + /** + * Validate if a given mime type is in the registry. + * For Tika, we remove the string "tika" from all MIME names, + * e.g. use "application/x-msoffice" NOT "application/x-tika-msoffice" + * @param mimeType Full string of mime type, e.g. "text/html" + * @return true if detectable + */ + @Override + public boolean isMimeTypeDetectable(String mimeType) { + + // try { + SortedSet m = MimeTypes.getDefaultMimeTypes().getMediaTypeRegistry().getTypes(); + + String[] split = mimeType.split("/"); + String type = split[0]; + String subtype = split[1]; + MediaType mediaType = new MediaType(type, subtype); + boolean ret = m.contains(mediaType); + + return ret; +// } catch (MimeTypeException ex) { +// return false; +// } + + } + } From 27ae24e4c42b6d7fa0ee5b444250ffc112348146 Mon Sep 17 00:00:00 2001 From: "Samuel H. Kenyon" Date: Tue, 31 Dec 2013 17:19:08 -0500 Subject: [PATCH 06/13] Update isMimeTypeDetectable() and make it publicly available to other modules. --- FileTypeId/nbproject/project.xml | 4 ++- .../filetypeid/FileTypeIdIngestModule.java | 1 + .../filetypeid/TikaFileTypeDetector.java | 25 +++++++------------ 3 files changed, 13 insertions(+), 17 deletions(-) diff --git a/FileTypeId/nbproject/project.xml b/FileTypeId/nbproject/project.xml index bcf4cb3009..8d3ea957d3 100644 --- a/FileTypeId/nbproject/project.xml +++ b/FileTypeId/nbproject/project.xml @@ -91,7 +91,9 @@ - + + org.sleuthkit.autopsy.filetypeid + ext/tika-core-1.2.jar release/modules/ext/tika-core-1.2.jar diff --git a/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeIdIngestModule.java b/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeIdIngestModule.java index cb9b6a9d3e..0805d5b2c9 100644 --- a/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeIdIngestModule.java +++ b/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeIdIngestModule.java @@ -180,6 +180,7 @@ public class FileTypeIdIngestModule extends org.sleuthkit.autopsy.ingest.IngestM * @return true if detectable */ public static boolean isMimeTypeDetectable(String mimeType) { + FileTypeDetectionInterface detector = new TikaFileTypeDetector(); return detector.isMimeTypeDetectable(mimeType); } diff --git a/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/TikaFileTypeDetector.java b/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/TikaFileTypeDetector.java index b5dbfd511e..a919f12959 100644 --- a/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/TikaFileTypeDetector.java +++ b/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/TikaFileTypeDetector.java @@ -64,21 +64,14 @@ public class TikaFileTypeDetector implements FileTypeDetectionInterface { */ @Override public boolean isMimeTypeDetectable(String mimeType) { - - // try { - SortedSet m = MimeTypes.getDefaultMimeTypes().getMediaTypeRegistry().getTypes(); + SortedSet m = MimeTypes.getDefaultMimeTypes().getMediaTypeRegistry().getTypes(); - String[] split = mimeType.split("/"); - String type = split[0]; - String subtype = split[1]; - MediaType mediaType = new MediaType(type, subtype); - boolean ret = m.contains(mediaType); - - return ret; -// } catch (MimeTypeException ex) { -// return false; -// } - - } - + String[] split = mimeType.split("/"); + String type = split[0]; + String subtype = split[1]; + MediaType mediaType = new MediaType(type, subtype); + boolean ret = m.contains(mediaType); + + return ret; + } } From 5c421b43cef9ce49ea5e8ee3c6c76ebef6c10e97 Mon Sep 17 00:00:00 2001 From: "Samuel H. Kenyon" Date: Tue, 31 Dec 2013 17:24:16 -0500 Subject: [PATCH 07/13] Prevent exception if user provides malformed MIME string. --- .../autopsy/filetypeid/TikaFileTypeDetector.java | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/TikaFileTypeDetector.java b/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/TikaFileTypeDetector.java index a919f12959..ff24f485e5 100644 --- a/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/TikaFileTypeDetector.java +++ b/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/TikaFileTypeDetector.java @@ -64,13 +64,17 @@ public class TikaFileTypeDetector implements FileTypeDetectionInterface { */ @Override public boolean isMimeTypeDetectable(String mimeType) { - SortedSet m = MimeTypes.getDefaultMimeTypes().getMediaTypeRegistry().getTypes(); - + boolean ret = false; + + SortedSet m = MimeTypes.getDefaultMimeTypes().getMediaTypeRegistry().getTypes(); String[] split = mimeType.split("/"); - String type = split[0]; - String subtype = split[1]; - MediaType mediaType = new MediaType(type, subtype); - boolean ret = m.contains(mediaType); + + if (split.length == 2) { + String type = split[0]; + String subtype = split[1]; + MediaType mediaType = new MediaType(type, subtype); + ret = m.contains(mediaType); + } return ret; } From ca5d5398ea22075bc2263a5de9ceff6b94b710f3 Mon Sep 17 00:00:00 2001 From: "Samuel H. Kenyon" Date: Thu, 2 Jan 2014 15:18:15 -0500 Subject: [PATCH 08/13] FileId ingest module simple config checkbox ON by default. --- .../sleuthkit/autopsy/filetypeid/FileTypeIdIngestModule.java | 2 +- .../autopsy/filetypeid/FileTypeIdSimpleConfigPanel.form | 1 + .../autopsy/filetypeid/FileTypeIdSimpleConfigPanel.java | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeIdIngestModule.java b/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeIdIngestModule.java index 81c623d9b3..825c667188 100644 --- a/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeIdIngestModule.java +++ b/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeIdIngestModule.java @@ -48,7 +48,7 @@ public class FileTypeIdIngestModule extends org.sleuthkit.autopsy.ingest.IngestM private static long matchTime = 0; private static int messageId = 0; private static long numFiles = 0; - private static boolean skipKnown = false; + private static boolean skipKnown = true; private FileTypeIdSimpleConfigPanel simpleConfigPanel; private IngestServices services; diff --git a/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeIdSimpleConfigPanel.form b/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeIdSimpleConfigPanel.form index fe15876df1..29004307b5 100644 --- a/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeIdSimpleConfigPanel.form +++ b/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeIdSimpleConfigPanel.form @@ -36,6 +36,7 @@ + diff --git a/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeIdSimpleConfigPanel.java b/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeIdSimpleConfigPanel.java index 5a3f11eda9..43576d8184 100644 --- a/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeIdSimpleConfigPanel.java +++ b/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/FileTypeIdSimpleConfigPanel.java @@ -44,6 +44,7 @@ public class FileTypeIdSimpleConfigPanel extends javax.swing.JPanel { skipKnownCheckBox = new javax.swing.JCheckBox(); + skipKnownCheckBox.setSelected(true); skipKnownCheckBox.setText(org.openide.util.NbBundle.getMessage(FileTypeIdSimpleConfigPanel.class, "FileTypeIdSimpleConfigPanel.skipKnownCheckBox.text")); // NOI18N skipKnownCheckBox.setToolTipText(org.openide.util.NbBundle.getMessage(FileTypeIdSimpleConfigPanel.class, "FileTypeIdSimpleConfigPanel.skipKnownCheckBox.toolTipText")); // NOI18N skipKnownCheckBox.addActionListener(new java.awt.event.ActionListener() { From aa32aa261ace5ff41fec43bbcbb15a9167f851f3 Mon Sep 17 00:00:00 2001 From: "Samuel H. Kenyon" Date: Mon, 6 Jan 2014 21:48:30 -0500 Subject: [PATCH 09/13] Save and load from a new disabled modules list in the ingest properties config file. Loaded modules which are missing from the config file will be auto-added as enabled. --- .../ingest/GeneralIngestConfigurator.java | 47 +++++++++++++++++-- .../autopsy/ingest/IngestDialogPanel.java | 16 ++++++- 2 files changed, 58 insertions(+), 5 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/ingest/GeneralIngestConfigurator.java b/Core/src/org/sleuthkit/autopsy/ingest/GeneralIngestConfigurator.java index eaeb0eefc6..33979e58e9 100644 --- a/Core/src/org/sleuthkit/autopsy/ingest/GeneralIngestConfigurator.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/GeneralIngestConfigurator.java @@ -19,6 +19,7 @@ package org.sleuthkit.autopsy.ingest; import java.util.ArrayList; +import java.util.Arrays; import java.util.List; import javax.swing.JPanel; import org.openide.util.lookup.ServiceProvider; @@ -29,6 +30,7 @@ import org.sleuthkit.datamodel.Content; public class GeneralIngestConfigurator implements IngestConfigurator { public static final String ENABLED_INGEST_MODULES_KEY = "Enabled_Ingest_Modules"; + public static final String DISABLED_INGEST_MODULES_KEY = "Disabled_Ingest_Modules"; public static final String PARSE_UNALLOC_SPACE_KEY = "Process_Unallocated_Space"; private List contentToIngest; private IngestManager manager; @@ -51,20 +53,53 @@ public class GeneralIngestConfigurator implements IngestConfigurator { private List loadSettingsForContext() { List messages = new ArrayList<>(); + List allModules = IngestManager.getDefault().enumerateAllModules(); // If there is no enabled ingest modules setting for this user, default to enabling all // of the ingest modules the IngestManager has loaded. if (ModuleSettings.settingExists(moduleContext, ENABLED_INGEST_MODULES_KEY) == false) { - String defaultSetting = moduleListToCsv(IngestManager.getDefault().enumerateAllModules()); + String defaultSetting = moduleListToCsv(allModules); ModuleSettings.setConfigSetting(moduleContext, ENABLED_INGEST_MODULES_KEY, defaultSetting); } + String[] enabledModuleNames = ModuleSettings.getConfigSetting(moduleContext, ENABLED_INGEST_MODULES_KEY).split(", "); + ArrayList enabledList = new ArrayList<>(Arrays.asList(enabledModuleNames)); + + // Check for modules that are missing from the config file + if (ModuleSettings.settingExists(moduleContext, DISABLED_INGEST_MODULES_KEY)) { + String[] disabledModuleNames = ModuleSettings.getConfigSetting(moduleContext, DISABLED_INGEST_MODULES_KEY).split(", "); + for (IngestModuleAbstract module : allModules) { + boolean found = false; + + // Check enabled first + for (String moduleName : enabledModuleNames) { + if (module.getName().equals(moduleName)) { + found = true; + break; + } + } + + // Then check disabled + if (!found) { + for (String moduleName : disabledModuleNames) { + if (module.getName().equals(moduleName)) { + found = true; + break; + } + } + } + + if (!found) { + enabledList.add(module.getName()); + //it will get saved to file later + } + } + } + // Get the enabled ingest modules setting, check for missing modules, and pass the setting to // the UI component. - List allModules = IngestManager.getDefault().enumerateAllModules(); - String[] enabledModuleNames = ModuleSettings.getConfigSetting(moduleContext, ENABLED_INGEST_MODULES_KEY).split(", "); List enabledModules = new ArrayList<>(); - for (String moduleName : enabledModuleNames) { + for (String moduleName : enabledList) { if (moduleName.equals("Thunderbird Parser") || moduleName.equals("MBox Parser")) { moduleName = "Email Parser"; @@ -112,6 +147,10 @@ public class GeneralIngestConfigurator implements IngestConfigurator { String enabledModulesCsvList = moduleListToCsv(ingestDialogPanel.getModulesToStart()); ModuleSettings.setConfigSetting(moduleContext, ENABLED_INGEST_MODULES_KEY, enabledModulesCsvList); + // Save the user's configuration of the set of disabled ingest modules. + String disabledModulesCsvList = moduleListToCsv(ingestDialogPanel.getDisabledModules()); + ModuleSettings.setConfigSetting(moduleContext, DISABLED_INGEST_MODULES_KEY, disabledModulesCsvList); + // Save the user's setting for the process unallocated space flag. String processUnalloc = Boolean.toString(ingestDialogPanel.processUnallocSpaceEnabled()); ModuleSettings.setConfigSetting(moduleContext, PARSE_UNALLOC_SPACE_KEY, processUnalloc); diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestDialogPanel.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestDialogPanel.java index 331c727576..198f19da13 100644 --- a/Core/src/org/sleuthkit/autopsy/ingest/IngestDialogPanel.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestDialogPanel.java @@ -60,7 +60,7 @@ public class IngestDialogPanel extends javax.swing.JPanel { this.context = context; } - + public IngestModuleAbstract getCurrentIngestModule() { return currentModule; } @@ -69,6 +69,10 @@ public class IngestDialogPanel extends javax.swing.JPanel { return tableModel.getSelectedModules(); } + public List getDisabledModules() { + return tableModel.getUnSelectedModules(); + } + public boolean processUnallocSpaceEnabled() { return processUnallocCheckbox.isSelected(); } @@ -350,6 +354,16 @@ public class IngestDialogPanel extends javax.swing.JPanel { return selectedModules; } + public List getUnSelectedModules() { + List unselectedModules = new ArrayList<>(); + for (Map.Entry entry : moduleData) { + if (!entry.getValue().booleanValue()) { + unselectedModules.add(entry.getKey()); + } + } + return unselectedModules; + } + /** * Sets the given modules as selected in the modules table * @param selectedModules From 00768addd4d30078e2dbf37cebee6f60b5a49dd6 Mon Sep 17 00:00:00 2001 From: "Samuel H. Kenyon" Date: Mon, 6 Jan 2014 22:06:05 -0500 Subject: [PATCH 10/13] Older ingest props files won't have the disabled list, so don't assume it exists. --- .../ingest/GeneralIngestConfigurator.java | 48 ++++++++++--------- 1 file changed, 26 insertions(+), 22 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/ingest/GeneralIngestConfigurator.java b/Core/src/org/sleuthkit/autopsy/ingest/GeneralIngestConfigurator.java index 33979e58e9..a9769a5b5b 100644 --- a/Core/src/org/sleuthkit/autopsy/ingest/GeneralIngestConfigurator.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/GeneralIngestConfigurator.java @@ -66,35 +66,39 @@ public class GeneralIngestConfigurator implements IngestConfigurator { ArrayList enabledList = new ArrayList<>(Arrays.asList(enabledModuleNames)); // Check for modules that are missing from the config file + + String[] disabledModuleNames = null; + // Older config files won't have the disabled list, so don't assume it exists if (ModuleSettings.settingExists(moduleContext, DISABLED_INGEST_MODULES_KEY)) { - String[] disabledModuleNames = ModuleSettings.getConfigSetting(moduleContext, DISABLED_INGEST_MODULES_KEY).split(", "); - for (IngestModuleAbstract module : allModules) { - boolean found = false; + disabledModuleNames = ModuleSettings.getConfigSetting(moduleContext, DISABLED_INGEST_MODULES_KEY).split(", "); + } + + for (IngestModuleAbstract module : allModules) { + boolean found = false; - // Check enabled first - for (String moduleName : enabledModuleNames) { + // Check enabled first + for (String moduleName : enabledModuleNames) { + if (module.getName().equals(moduleName)) { + found = true; + break; + } + } + + // Then check disabled + if (!found && (disabledModuleNames != null)) { + for (String moduleName : disabledModuleNames) { if (module.getName().equals(moduleName)) { found = true; break; } - } - - // Then check disabled - if (!found) { - for (String moduleName : disabledModuleNames) { - if (module.getName().equals(moduleName)) { - found = true; - break; - } - } } - - if (!found) { - enabledList.add(module.getName()); - //it will get saved to file later - } - } - } + } + + if (!found) { + enabledList.add(module.getName()); + // It will get saved to file later + } + } // Get the enabled ingest modules setting, check for missing modules, and pass the setting to // the UI component. From c14ec91e9d50bef9075849f8db3d548b3d88e02e Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 7 Jan 2014 14:45:57 -0500 Subject: [PATCH 11/13] Add code to keep keyword search config panels in synch --- .../KeywordSearchIngestModule.java | 38 ++++++++++++------- .../KeywordSearchIngestSimplePanel.java | 4 +- 2 files changed, 27 insertions(+), 15 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java index 592e363c28..5978c64bef 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2013 Basis Technology Corp. + * Copyright 2011-2014 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,7 +22,6 @@ import java.awt.event.ActionEvent; import java.awt.event.ActionListener; import java.io.IOException; import java.io.InputStream; -import java.lang.Long; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; @@ -128,7 +127,8 @@ public final class KeywordSearchIngestModule extends IngestModuleAbstractFile { private static List textExtractors; private static AbstractFileStringExtract stringExtractor; private boolean initialized = false; - private KeywordSearchConfigurationPanel panel; + private KeywordSearchIngestSimplePanel simpleConfigPanel; + private KeywordSearchConfigurationPanel advancedConfigPanel; private Tika tikaFormatDetector; @@ -436,26 +436,36 @@ public final class KeywordSearchIngestModule extends IngestModuleAbstractFile { @Override public javax.swing.JPanel getSimpleConfiguration(String context) { KeywordSearchListsXML.getCurrent().reload(); - return new KeywordSearchIngestSimplePanel(); + + if (null == simpleConfigPanel) { + simpleConfigPanel = new KeywordSearchIngestSimplePanel(); + } + else { + simpleConfigPanel.load(); + } + + return simpleConfigPanel; } @Override public javax.swing.JPanel getAdvancedConfiguration(String context) { - //return KeywordSearchConfigurationPanel.getDefault(); - getPanel().load(); - return getPanel(); - } - - private KeywordSearchConfigurationPanel getPanel() { - if (panel == null) { - panel = new KeywordSearchConfigurationPanel(); + if (advancedConfigPanel == null) { + advancedConfigPanel = new KeywordSearchConfigurationPanel(); } - return panel; + + advancedConfigPanel.load(); + return advancedConfigPanel; } @Override public void saveAdvancedConfiguration() { - getPanel().store(); + if (advancedConfigPanel != null) { + advancedConfigPanel.store(); + } + + if (simpleConfigPanel != null) { + simpleConfigPanel.load(); + } } @Override diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestSimplePanel.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestSimplePanel.java index fb1bc964a8..7c6b8090d6 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestSimplePanel.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestSimplePanel.java @@ -70,10 +70,12 @@ public class KeywordSearchIngestSimplePanel extends javax.swing.JPanel { reloadEncodings(); } - public void load() { + public void load() { + KeywordSearchListsXML.getCurrent().reload(); reloadLists(); reloadLangs(); reloadEncodings(); + tableModel.fireTableDataChanged(); } public void store() { From 8f7db2d525d2e041f68d0a2aba2913ad5cca3a37 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Wed, 8 Jan 2014 11:01:27 -0500 Subject: [PATCH 12/13] Remove EWF verify module for v103 --- ewfVerify/nbproject/project.xml | 2 +- ewfVerify/nbproject/suite.properties | 1 - nbproject/project.properties | 2 -- 3 files changed, 1 insertion(+), 4 deletions(-) delete mode 100755 ewfVerify/nbproject/suite.properties diff --git a/ewfVerify/nbproject/project.xml b/ewfVerify/nbproject/project.xml index a3955c75fa..e2006dc385 100755 --- a/ewfVerify/nbproject/project.xml +++ b/ewfVerify/nbproject/project.xml @@ -4,7 +4,7 @@ org.sleuthkit.autopsy.ewfverify - + org.sleuthkit.autopsy.core diff --git a/ewfVerify/nbproject/suite.properties b/ewfVerify/nbproject/suite.properties deleted file mode 100755 index 29d7cc9bd6..0000000000 --- a/ewfVerify/nbproject/suite.properties +++ /dev/null @@ -1 +0,0 @@ -suite.dir=${basedir}/.. diff --git a/nbproject/project.properties b/nbproject/project.properties index 5176c4e932..59a7cb4a82 100644 --- a/nbproject/project.properties +++ b/nbproject/project.properties @@ -32,7 +32,6 @@ modules=\ ${project.org.sleuthkit.autopsy.sevenzip}:\ ${project.org.sleuthkit.autopsy.scalpel}:\ ${project.org.sleuthkit.autopsy.timeline}:\ - ${project.org.sleuthkit.autopsy.ewfverify}:\ ${project.org.sleuthkit.autopsy.filetypeid} project.org.sleuthkit.autopsy.core=Core project.org.sleuthkit.autopsy.corelibs=CoreLibs @@ -46,5 +45,4 @@ project.org.sleuthkit.autopsy.sevenzip=SevenZip project.org.sleuthkit.autopsy.scalpel=ScalpelCarver project.org.sleuthkit.autopsy.timeline=Timeline project.org.sleuthkit.autopsy.filetypeid=FileTypeId -project.org.sleuthkit.autopsy.ewfverify=ewfVerify From 847f14bbc191a6edc6dfef99baf12a40cd4dec85 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Wed, 8 Jan 2014 12:43:22 -0500 Subject: [PATCH 13/13] Restore EWF verify module --- ewfVerify/nbproject/project.xml | 2 +- ewfVerify/nbproject/suite.properties | 1 + nbproject/project.properties | 4 +++- 3 files changed, 5 insertions(+), 2 deletions(-) create mode 100755 ewfVerify/nbproject/suite.properties diff --git a/ewfVerify/nbproject/project.xml b/ewfVerify/nbproject/project.xml index e2006dc385..a3955c75fa 100755 --- a/ewfVerify/nbproject/project.xml +++ b/ewfVerify/nbproject/project.xml @@ -4,7 +4,7 @@ org.sleuthkit.autopsy.ewfverify - + org.sleuthkit.autopsy.core diff --git a/ewfVerify/nbproject/suite.properties b/ewfVerify/nbproject/suite.properties new file mode 100755 index 0000000000..29d7cc9bd6 --- /dev/null +++ b/ewfVerify/nbproject/suite.properties @@ -0,0 +1 @@ +suite.dir=${basedir}/.. diff --git a/nbproject/project.properties b/nbproject/project.properties index 59a7cb4a82..aea6502156 100644 --- a/nbproject/project.properties +++ b/nbproject/project.properties @@ -8,6 +8,7 @@ app.version=3.0.8 ### Build type isn't used at this point, but it may be useful ### Must be one of: DEVELOPMENT, RELEASE build.type=RELEASE +project.org.sleuthkit.autopsy.ewfverify=ewfVerify #build.type=DEVELOPMENT update_versions=false #custom JVM options @@ -32,7 +33,8 @@ modules=\ ${project.org.sleuthkit.autopsy.sevenzip}:\ ${project.org.sleuthkit.autopsy.scalpel}:\ ${project.org.sleuthkit.autopsy.timeline}:\ - ${project.org.sleuthkit.autopsy.filetypeid} + ${project.org.sleuthkit.autopsy.filetypeid}:\ + ${project.org.sleuthkit.autopsy.ewfverify} project.org.sleuthkit.autopsy.core=Core project.org.sleuthkit.autopsy.corelibs=CoreLibs project.org.sleuthkit.autopsy.hashdatabase=HashDatabase