mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'sleuthkit:develop' into develop

Browse Source
This commit is contained in:
Seb2lyon 2021-08-12 17:54:32 +02:00 committed by GitHub
commit aa9d2031fb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 330 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Core/src/org/sleuthkit/autopsy/communications/relationships/Bundle.properties-MERGED
View File

@ -17,6 +17,8 @@ ContactsViewer_columnHeader_Phone=Phone
ContactsViewer_noContacts_message=<No contacts found for selected account>
ContactsViewer_tabTitle=Contacts
MediaViewer_Name=Media Attachments
MediaViewer_selection_failure_msg=Failed to get media attachments for selected accounts.
MediaViewer_selection_failure_title=Selection Failed
MessageNode_Node_Property_Attms=Attachment Count
MessageNode_Node_Property_Date=Date
MessageNode_Node_Property_From=From

81
Core/src/org/sleuthkit/autopsy/communications/relationships/MediaViewer.java
View File

@ -19,14 +19,19 @@
package org.sleuthkit.autopsy.communications.relationships;
import java.awt.Component;
import java.awt.Cursor;
import java.awt.KeyboardFocusManager;
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.logging.Level;
import java.util.stream.Collectors;
import javax.swing.JOptionPane;
import javax.swing.JPanel;
import static javax.swing.SwingUtilities.isDescendingFrom;
import javax.swing.SwingWorker;
import org.openide.explorer.ExplorerManager;
import static org.openide.explorer.ExplorerUtils.createLookup;
import org.openide.nodes.AbstractNode;
@ -39,6 +44,7 @@ import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.datamodel.BlackboardArtifactNode;
import org.sleuthkit.autopsy.directorytree.DataResultFilterNode;
import org.sleuthkit.datamodel.AbstractContent;
import org.sleuthkit.datamodel.Account;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.TskCoreException;
@ -58,6 +64,8 @@ final class MediaViewer extends JPanel implements RelationshipsViewer, ExplorerM
private final MessageDataContent contentViewer;
private MediaViewerWorker worker;
@Messages({
"MediaViewer_Name=Media Attachments"
})
@ -97,24 +105,17 @@ final class MediaViewer extends JPanel implements RelationshipsViewer, ExplorerM
@Override
public void setSelectionInfo(SelectionInfo info) {
Set<Content> relationshipSources;
Set<BlackboardArtifact> artifactList = new HashSet<>();
contentViewer.setNode(null);
if (info != null) {
try {
relationshipSources = info.getRelationshipSources();
relationshipSources.stream().filter((content) -> (content instanceof BlackboardArtifact)).forEachOrdered((content) -> {
artifactList.add((BlackboardArtifact) content);
});
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Unable to update selection.", ex);
}
}
thumbnailViewer.resetComponent();
thumbnailViewer.setNode(new TableFilterNode(new DataResultFilterNode(new AbstractNode(new AttachmentThumbnailsChildren(artifactList)), tableEM), true, this.getClass().getName()));
if (worker != null) {
worker.cancel(true);
}
worker = new MediaViewerWorker(info);
setCursor(Cursor.getPredefinedCursor(Cursor.WAIT_CURSOR));
worker.execute();
}
@Override
@ -198,6 +199,56 @@ final class MediaViewer extends JPanel implements RelationshipsViewer, ExplorerM
}
}
/**
* Swing worker for gathering the data needed to populate the media viewer.
*/
private class MediaViewerWorker extends SwingWorker<TableFilterNode, Void> {
private final SelectionInfo selectionInfo;
MediaViewerWorker(SelectionInfo info) {
selectionInfo = info;
}
@Override
protected TableFilterNode doInBackground() throws Exception {
Set<Content> relationshipSources;
Set<BlackboardArtifact> artifactList = new HashSet<>();
if (selectionInfo != null) {
relationshipSources = selectionInfo.getRelationshipSources();
relationshipSources.stream().filter((content) -> (content instanceof BlackboardArtifact)).forEachOrdered((content) -> {
artifactList.add((BlackboardArtifact) content);
});
}
return new TableFilterNode(new DataResultFilterNode(new AbstractNode(new AttachmentThumbnailsChildren(artifactList)), tableEM), true, this.getClass().getName());
}
@Messages({
"MediaViewer_selection_failure_msg=Failed to get media attachments for selected accounts.",
"MediaViewer_selection_failure_title=Selection Failed"
})
@Override
protected void done() {
try {
if (isCancelled()) {
return;
}
thumbnailViewer.setNode(get());
} catch (ExecutionException | InterruptedException ex) {
String accounts = selectionInfo.getAccounts().stream().map(Account::getTypeSpecificID).collect(Collectors.joining(","));
logger.log(Level.WARNING, "Unable to update cvt media viewer for " + accounts, ex);
JOptionPane.showMessageDialog(MediaViewer.this, Bundle.MediaViewer_selection_failure_msg(), Bundle.MediaViewer_selection_failure_title(), JOptionPane.ERROR_MESSAGE);
} finally {
setCursor(Cursor.getPredefinedCursor(Cursor.DEFAULT_CURSOR));
}
}
}
/**
* This method is called from within the constructor to initialize the form.
* WARNING: Do NOT modify this code. The content of this method is always

14
Core/src/org/sleuthkit/autopsy/directorytree/ExplorerNodeActionVisitor.java
View File

@ -23,14 +23,12 @@ import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.logging.Level;
import javax.swing.AbstractAction;
import javax.swing.Action;
import org.openide.util.NbBundle;
import org.openide.util.Utilities;
import org.sleuthkit.autopsy.actions.AddContentTagAction;
import org.sleuthkit.autopsy.actions.DeleteFileContentTagAction;
import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
import org.sleuthkit.autopsy.coreutils.ContextMenuExtensionPoint;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Content;
@ -43,11 +41,10 @@ import org.sleuthkit.datamodel.LocalFile;
import org.sleuthkit.datamodel.LocalDirectory;
import org.sleuthkit.datamodel.VirtualDirectory;
import org.sleuthkit.datamodel.Volume;
import org.sleuthkit.autopsy.coreutils.Logger;
public class ExplorerNodeActionVisitor extends ContentVisitor.Default<List<? extends Action>> {
private static ExplorerNodeActionVisitor instance = new ExplorerNodeActionVisitor();
private final static ExplorerNodeActionVisitor instance = new ExplorerNodeActionVisitor();
public static List<Action> getActions(Content c) {
List<Action> actions = new ArrayList<>();
@ -73,13 +70,8 @@ public class ExplorerNodeActionVisitor extends ContentVisitor.Default<List<? ext
@Override
public List<? extends Action> visit(final Image img) {
List<Action> lst = new ArrayList<>();
//TODO lst.add(new ExtractAction("Extract Image", img));
try {
lst.add(new ExtractUnallocAction(
NbBundle.getMessage(this.getClass(), "ExplorerNodeActionVisitor.action.extUnallocToSingleFiles"), img));
} catch (NoCurrentCaseException ex) {
Logger.getLogger(ExplorerNodeActionVisitor.class.getName()).log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS
}
lst.add(new ExtractUnallocAction(
NbBundle.getMessage(this.getClass(), "ExplorerNodeActionVisitor.action.extUnallocToSingleFiles"), img));
return lst;
}

428
Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
View File

@ -25,6 +25,7 @@ import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
@ -32,10 +33,15 @@ import java.util.List;
import java.util.Set;
import java.util.HashSet;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.FutureTask;
import java.util.logging.Level;
import javax.swing.AbstractAction;
import javax.swing.JFileChooser;
import static javax.swing.JFileChooser.SAVE_DIALOG;
import javax.swing.JOptionPane;
import javax.swing.SwingUtilities;
import javax.swing.SwingWorker;
import org.netbeans.api.progress.ProgressHandle;
import org.openide.util.Cancellable;
@ -63,53 +69,50 @@ import org.sleuthkit.datamodel.VolumeSystem;
final class ExtractUnallocAction extends AbstractAction {
private static final Logger logger = Logger.getLogger(ExtractUnallocAction.class.getName());
private static final long serialVersionUID = 1L;
private final List<OutputFileData> filesToExtract = new ArrayList<>();
private static final Set<String> volumesInProgress = new HashSet<>();
private static final Set<Long> imagesInProgress = new HashSet<>();
private static String userDefinedExportPath;
private long currentImage = 0L;
private final boolean isImage;
private final Volume volume;
private final Image image;
private final FutureTask<JFileChooser> futureFileChooser = new FutureTask<>(CustomFileChooser::new);
private JFileChooser fileChooser = null;
/**
* Create an instance of ExtractUnallocAction with a volume.
*
* @param title The title
* @param title The title
* @param volume The volume set for extraction.
*/
public ExtractUnallocAction(String title, Volume volume) {
super(title);
isImage = false;
try {
OutputFileData outputFileData = new OutputFileData(volume);
filesToExtract.add(outputFileData);
} catch (NoCurrentCaseException ex) {
logger.log(Level.SEVERE, "Exception while getting open case.", ex);
setEnabled(false);
}
ExtractUnallocAction(String title, Volume volume) {
this(title, null, volume);
}
/**
* Create an instance of ExtractUnallocAction with an image.
*
*
* @param title The title.
* @param image The image set for extraction.
*
* @throws NoCurrentCaseException If no case is open.
*/
public ExtractUnallocAction(String title, Image image) throws NoCurrentCaseException {
ExtractUnallocAction(String title, Image image) {
this(title, image, null);
}
ExtractUnallocAction(String title, Image image, Volume volume) {
super(title);
isImage = true;
currentImage = image.getId();
if (hasVolumeSystem(image)) {
for (Volume v : getVolumes(image)) {
OutputFileData outputFileData = new OutputFileData(v);
filesToExtract.add(outputFileData);
}
} else {
OutputFileData outputFileData = new OutputFileData(image);
filesToExtract.add(outputFileData);
}
this.volume = null;
this.image = image;
ExecutorService executor = Executors.newSingleThreadExecutor();
executor.execute(futureFileChooser);
}
/**
@ -126,114 +129,41 @@ final class ExtractUnallocAction extends AbstractAction {
"ExtractUnallocAction.noOpenCase.errMsg=No open case available."})
@Override
public void actionPerformed(ActionEvent event) {
if (filesToExtract != null && filesToExtract.isEmpty() == false) {
// This check doesn't absolutely guarantee that the image won't be in progress when we make the worker,
// but in general it will suffice.
if (isImage && isImageInProgress(currentImage)) {
MessageNotifyUtil.Message.info(NbBundle.getMessage(this.getClass(), "ExtractUnallocAction.notifyMsg.unallocAlreadyBeingExtr.msg"));
//JOptionPane.showMessageDialog(new Frame(), "Unallocated Space is already being extracted on this Image. Please select a different Image.");
return;
}
Case openCase;
Case openCase;
try {
openCase = Case.getCurrentCaseThrows();
} catch (NoCurrentCaseException ex) {
MessageNotifyUtil.Message.info(Bundle.ExtractUnallocAction_noOpenCase_errMsg());
return;
}
if (fileChooser == null) {
try {
openCase = Case.getCurrentCaseThrows();
} catch (NoCurrentCaseException ex) {
MessageNotifyUtil.Message.info(Bundle.ExtractUnallocAction_noOpenCase_errMsg());
return;
}
List<OutputFileData> copyList = new ArrayList<OutputFileData>() {
{
addAll(filesToExtract);
}
};
JFileChooser fileChooser = new JFileChooser() {
@Override
public void approveSelection() {
File f = getSelectedFile();
if (!f.exists() && getDialogType() == SAVE_DIALOG || !f.canWrite()) {
JOptionPane.showMessageDialog(this, NbBundle.getMessage(this.getClass(),
"ExtractUnallocAction.msgDlg.folderDoesntExist.msg"));
return;
}
super.approveSelection();
}
};
fileChooser.setCurrentDirectory(new File(getExportDirectory(openCase)));
fileChooser.setDialogTitle(
NbBundle.getMessage(this.getClass(), "ExtractUnallocAction.dlgTitle.selectDirToSaveTo.msg"));
fileChooser.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY);
fileChooser.setAcceptAllFileFilterUsed(false);
int returnValue = fileChooser.showSaveDialog((Component) event.getSource());
if (returnValue == JFileChooser.APPROVE_OPTION) {
String destination = fileChooser.getSelectedFile().getPath();
updateExportDirectory(destination, openCase);
for (OutputFileData outputFileData : filesToExtract) {
outputFileData.setPath(destination);
if (outputFileData.layoutFiles != null && outputFileData.layoutFiles.size() > 0 && (!isVolumeInProgress(outputFileData.getFileName()))) {
//Format for single Unalloc File is ImgName-Unalloc-ImgObjectID-VolumeID.dat
// Check if there is already a file with this name
if (outputFileData.fileInstance.exists()) {
int res = JOptionPane.showConfirmDialog(new Frame(), NbBundle.getMessage(this.getClass(),
"ExtractUnallocAction.confDlg.unallocFileAlreadyExist.msg",
outputFileData.getFileName()));
if (res == JOptionPane.YES_OPTION) {
// If the user wants to overwrite, delete the exising output file
outputFileData.fileInstance.delete();
} else {
// Otherwise remove it from the list of output files
copyList.remove(outputFileData);
}
}
if (!isImage & !copyList.isEmpty()) {
try {
ExtractUnallocWorker worker = new ExtractUnallocWorker(outputFileData);
worker.execute();
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Already extracting unallocated space into {0}", outputFileData.getFileName());
MessageNotifyUtil.Message.info(NbBundle.getMessage(this.getClass(), "ExtractUnallocAction.volumeInProgress", outputFileData.getFileName()));
}
}
} else {
// The output file for this volume could not be created for one of the following reasons
if (outputFileData.layoutFiles == null) {
MessageNotifyUtil.Message.info(NbBundle.getMessage(this.getClass(), "ExtractUnallocAction.volumeError"));
logger.log(Level.SEVERE, "Tried to get unallocated content but the list of unallocated files was null"); //NON-NLS
} else if (outputFileData.layoutFiles.isEmpty()) {
MessageNotifyUtil.Message.info(NbBundle.getMessage(this.getClass(), "ExtractUnallocAction.noFiles"));
logger.log(Level.WARNING, "No unallocated files found in volume"); //NON-NLS
copyList.remove(outputFileData);
} else {
MessageNotifyUtil.Message.info(NbBundle.getMessage(this.getClass(), "ExtractUnallocAction.volumeInProgress", outputFileData.getFileName()));
logger.log(Level.WARNING, "Tried to get unallocated content but the volume is locked"); // NON_NLS
copyList.remove(outputFileData);
}
}
}
// This needs refactoring. The idea seems to be that we'll take advantage of the loop above to
// check whether each output file exists but wait until this point to make a worker
// to extract everything (the worker in the above loop doesn't get created because isImage is true)
// It's also unclear to me why we need the two separate worker types.
if (isImage && !copyList.isEmpty()) {
try {
ExtractUnallocWorker worker = new ExtractUnallocWorker(copyList);
worker.execute();
} catch (Exception ex) {
logger.log(Level.WARNING, "Error creating ExtractUnallocWorker", ex);
MessageNotifyUtil.Message.info(NbBundle.getMessage(this.getClass(), "ExtractUnallocAction.imageError"));
}
}
fileChooser = futureFileChooser.get();
} catch (InterruptedException | ExecutionException ex) {
fileChooser = new CustomFileChooser();
}
}
fileChooser.setCurrentDirectory(new File(getExportDirectory(openCase)));
if (JFileChooser.APPROVE_OPTION != fileChooser.showSaveDialog((Component) event.getSource())) {
return;
}
String destination = fileChooser.getSelectedFile().getPath();
updateExportDirectory(destination, openCase);
if (image != null && isImageInProgress(image.getId())) {
MessageNotifyUtil.Message.info(NbBundle.getMessage(this.getClass(), "ExtractUnallocAction.notifyMsg.unallocAlreadyBeingExtr.msg"));
JOptionPane.showMessageDialog(new Frame(), "Unallocated Space is already being extracted on this Image. Please select a different Image.");
return;
}
ExtractUnallocWorker worker = new ExtractUnallocWorker(openCase, destination);
worker.execute();
}
/**
* Get the export directory path.
*
@ -333,38 +263,14 @@ final class ExtractUnallocAction extends AbstractAction {
private boolean canceled = false;
private final List<OutputFileData> outputFileDataList = new ArrayList<>();
private File currentlyProcessing;
private final int totalSizeinMegs;
private int totalSizeinMegs;
long totalBytes = 0;
private final String destination;
private Case openCase;
ExtractUnallocWorker(OutputFileData outputFileData) throws TskCoreException {
//Getting the total megs this worker is going to be doing
addVolumeInProgress(outputFileData.getFileName());
outputFileDataList.add(outputFileData);
totalBytes = outputFileData.getSizeInBytes();
totalSizeinMegs = toMb(totalBytes);
}
ExtractUnallocWorker(List<OutputFileData> outputFileDataList) throws TskCoreException {
addImageInProgress(currentImage);
//Getting the total megs this worker is going to be doing
for (OutputFileData outputFileData : outputFileDataList) {
try {
// If a volume is locked, skip it but continue trying to process any other requested volumes
addVolumeInProgress(outputFileData.getFileName());
totalBytes += outputFileData.getSizeInBytes();
this.outputFileDataList.add(outputFileData);
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Already extracting data into {0}", outputFileData.getFileName());
}
}
// If we don't have anything to output (because of locking), throw an exception
if (this.outputFileDataList.isEmpty()) {
throw new TskCoreException("No unallocated files can be extracted");
}
totalSizeinMegs = toMb(totalBytes);
ExtractUnallocWorker(Case openCase, String destination) {
this.destination = destination;
this.openCase = openCase;
}
private int toMb(long bytes) {
@ -380,6 +286,7 @@ final class ExtractUnallocAction extends AbstractAction {
@Override
protected Integer doInBackground() {
try {
initalizeFilesToExtract();
progress = ProgressHandle.createHandle(
NbBundle.getMessage(this.getClass(), "ExtractUnallocAction.progress.extractUnalloc.title"), new Cancellable() {
@Override
@ -403,29 +310,29 @@ final class ExtractUnallocAction extends AbstractAction {
for (OutputFileData outputFileData : this.outputFileDataList) {
currentlyProcessing = outputFileData.getFile();
logger.log(Level.INFO, "Writing Unalloc file to {0}", currentlyProcessing.getPath()); //NON-NLS
OutputStream outputStream = new FileOutputStream(currentlyProcessing);
long bytes = 0;
int i = 0;
while (i < outputFileData.getLayouts().size() && bytes != outputFileData.getSizeInBytes()) {
LayoutFile layoutFile = outputFileData.getLayouts().get(i);
long offsetPerFile = 0L;
int bytesRead;
while (offsetPerFile != layoutFile.getSize() && !canceled) {
if (++kbs % 128 == 0) {
mbs++;
progress.progress(NbBundle.getMessage(this.getClass(),
"ExtractUnallocAction.processing.counter.msg",
mbs, totalSizeinMegs), mbs - 1);
try (OutputStream outputStream = new FileOutputStream(currentlyProcessing)) {
long bytes = 0;
int i = 0;
while (i < outputFileData.getLayouts().size() && bytes != outputFileData.getSizeInBytes()) {
LayoutFile layoutFile = outputFileData.getLayouts().get(i);
long offsetPerFile = 0L;
int bytesRead;
while (offsetPerFile != layoutFile.getSize() && !canceled) {
if (++kbs % 128 == 0) {
mbs++;
progress.progress(NbBundle.getMessage(this.getClass(),
"ExtractUnallocAction.processing.counter.msg",
mbs, totalSizeinMegs), mbs - 1);
}
bytesRead = layoutFile.read(buf, offsetPerFile, MAX_BYTES);
offsetPerFile += bytesRead;
outputStream.write(buf, 0, bytesRead);
}
bytesRead = layoutFile.read(buf, offsetPerFile, MAX_BYTES);
offsetPerFile += bytesRead;
outputStream.write(buf, 0, bytesRead);
bytes += layoutFile.getSize();
i++;
}
bytes += layoutFile.getSize();
i++;
outputStream.flush();
}
outputStream.flush();
outputStream.close();
if (canceled) {
outputFileData.getFile().delete();
@ -448,8 +355,8 @@ final class ExtractUnallocAction extends AbstractAction {
@Override
protected void done() {
if (isImage) {
removeImageInProgress(currentImage);
if (image != null) {
removeImageInProgress(image.getId());
}
for (OutputFileData u : outputFileDataList) {
removeVolumeInProgress(u.getFileName());
@ -468,10 +375,115 @@ final class ExtractUnallocAction extends AbstractAction {
MessageNotifyUtil.Notify.error(
NbBundle.getMessage(this.getClass(), "ExtractUnallocAction.done.errMsg.title"),
NbBundle.getMessage(this.getClass(), "ExtractUnallocAction.done.errMsg.msg", ex.getMessage()));
logger.log(Level.SEVERE, "Failed to extract unallocated space", ex);
} // catch and ignore if we were cancelled
catch (java.util.concurrent.CancellationException ex) {
}
}
private void initalizeFilesToExtract() throws TskCoreException {
List<OutputFileData> filesToExtract = new ArrayList<>();
if (volume != null) {
OutputFileData outputFileData = new OutputFileData(volume, openCase);
filesToExtract.add(outputFileData);
} else {
if (hasVolumeSystem(image)) {
for (Volume v : getVolumes(image)) {
OutputFileData outputFileData = new OutputFileData(v, openCase);
filesToExtract.add(outputFileData);
}
} else {
OutputFileData outputFileData = new OutputFileData(image, openCase);
filesToExtract.add(outputFileData);
}
}
if (filesToExtract.isEmpty() == false) {
List<OutputFileData> copyList = new ArrayList<OutputFileData>() {
{
addAll(filesToExtract);
}
};
for (OutputFileData outputFileData : filesToExtract) {
outputFileData.setPath(destination);
if (outputFileData.getLayouts() != null && !outputFileData.getLayouts().isEmpty() && (!isVolumeInProgress(outputFileData.getFileName()))) {
//Format for single Unalloc File is ImgName-Unalloc-ImgObjectID-VolumeID.dat
// Check if there is already a file with this name
if (outputFileData.getFile().exists()) {
final Result dialogResult = new Result();
try {
SwingUtilities.invokeAndWait(new Runnable() {
@Override
public void run() {
dialogResult.set(JOptionPane.showConfirmDialog(new Frame(), NbBundle.getMessage(this.getClass(),
"ExtractUnallocAction.confDlg.unallocFileAlreadyExist.msg",
outputFileData.getFileName())));
}
});
} catch (InterruptedException | InvocationTargetException ex) {
logger.log(Level.SEVERE, "An error occured launching confirmation dialog for extract unalloc actions", ex);
}
if (dialogResult.value == JOptionPane.YES_OPTION) {
// If the user wants to overwrite, delete the exising output file
outputFileData.getFile().delete();
} else {
// Otherwise remove it from the list of output files
copyList.remove(outputFileData);
}
}
} else {
// The output file for this volume could not be created for one of the following reasons
if (outputFileData.getLayouts() == null) {
logger.log(Level.SEVERE, "Tried to get unallocated content but the list of unallocated files was null"); //NON-NLS
} else if (outputFileData.getLayouts().isEmpty()) {
logger.log(Level.WARNING, "No unallocated files found in volume"); //NON-NLS
copyList.remove(outputFileData);
} else {
logger.log(Level.WARNING, "Tried to get unallocated content but the volume is locked"); // NON_NLS
copyList.remove(outputFileData);
}
}
}
if (!copyList.isEmpty()) {
setDataFileList(copyList);
}
}
}
private void setDataFileList(List<OutputFileData> outputFileDataList) throws TskCoreException {
if (image != null) {
addImageInProgress(image.getId());
}
//Getting the total megs this worker is going to be doing
for (OutputFileData outputFileData : outputFileDataList) {
try {
// If a volume is locked, skip it but continue trying to process any other requested volumes
addVolumeInProgress(outputFileData.getFileName());
totalBytes += outputFileData.getSizeInBytes();
this.outputFileDataList.add(outputFileData);
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Already extracting data into {0}", outputFileData.getFileName());
}
}
// If we don't have anything to output (because of locking), throw an exception
if (this.outputFileDataList.isEmpty()) {
throw new TskCoreException("No unallocated files can be extracted");
}
totalSizeinMegs = toMb(totalBytes);
}
}
/**
@ -659,14 +671,14 @@ final class ExtractUnallocAction extends AbstractAction {
*
* @throws NoCurrentCaseException if there is no open case.
*/
OutputFileData(Image img) throws NoCurrentCaseException {
OutputFileData(Image img, Case openCase) {
this.layoutFiles = getUnallocFiles(img);
Collections.sort(layoutFiles, new SortObjId());
this.volumeId = 0;
this.imageId = img.getId();
this.imageName = img.getName();
this.fileName = this.imageName + "-Unalloc-" + this.imageId + "-" + 0 + ".dat"; //NON-NLS
this.fileInstance = new File(Case.getCurrentCaseThrows().getExportDirectory() + File.separator + this.fileName);
this.fileInstance = new File(openCase.getExportDirectory() + File.separator + this.fileName);
this.sizeInBytes = calcSizeInBytes();
}
@ -677,7 +689,7 @@ final class ExtractUnallocAction extends AbstractAction {
*
* @throws NoCurrentCaseException if there is no open case.
*/
OutputFileData(Volume volume) throws NoCurrentCaseException {
OutputFileData(Volume volume, Case openCase) {
try {
this.imageName = volume.getDataSource().getName();
this.imageId = volume.getDataSource().getId();
@ -688,7 +700,7 @@ final class ExtractUnallocAction extends AbstractAction {
this.imageId = 0;
}
this.fileName = this.imageName + "-Unalloc-" + this.imageId + "-" + volumeId + ".dat"; //NON-NLS
this.fileInstance = new File(Case.getCurrentCaseThrows().getExportDirectory() + File.separator + this.fileName);
this.fileInstance = new File(openCase.getExportDirectory() + File.separator + this.fileName);
this.layoutFiles = getUnallocFiles(volume);
Collections.sort(layoutFiles, new SortObjId());
this.sizeInBytes = calcSizeInBytes();
@ -739,4 +751,46 @@ final class ExtractUnallocAction extends AbstractAction {
this.fileInstance = new File(path + File.separator + this.fileName);
}
}
// A Custome JFileChooser for this Action Class.
private class CustomFileChooser extends JFileChooser {
private static final long serialVersionUID = 1L;
CustomFileChooser() {
initalize();
}
private void initalize() {
setDialogTitle(
NbBundle.getMessage(this.getClass(), "ExtractUnallocAction.dlgTitle.selectDirToSaveTo.msg"));
setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY);
setAcceptAllFileFilterUsed(false);
}
@Override
public void approveSelection() {
File f = getSelectedFile();
if (!f.exists() && getDialogType() == SAVE_DIALOG || !f.canWrite()) {
JOptionPane.showMessageDialog(this, NbBundle.getMessage(this.getClass(),
"ExtractUnallocAction.msgDlg.folderDoesntExist.msg"));
return;
}
super.approveSelection();
}
}
// Small helper class for use with SwingUtilities involkAndWait to get
// the result from the launching of the JOptionPane.
private class Result {
private int value;
void set(int value) {
this.value = value;
}
int value() {
return value;
}
}
}

25
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractJumpLists.java
View File

@ -27,10 +27,12 @@ import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level;
import org.apache.poi.EmptyFileException;
import org.apache.poi.poifs.filesystem.DirectoryEntry;
import org.apache.poi.poifs.filesystem.DocumentEntry;
import org.apache.poi.poifs.filesystem.DocumentInputStream;
import org.apache.poi.poifs.filesystem.Entry;
import org.apache.poi.poifs.filesystem.NotOLE2FileException;
import org.apache.poi.poifs.filesystem.POIFSFileSystem;
import org.openide.util.NbBundle.Messages;
import org.sleuthkit.autopsy.casemodule.Case;
@ -62,7 +64,6 @@ final class ExtractJumpLists extends Extract {
private static final String JUMPLIST_TSK_COMMENT = "Jumplist File";
private static final String RA_DIR_NAME = "RecentActivity"; //NON-NLS
private static final String MODULE_OUTPUT_DIR = "ModuleOutput"; //NON-NLS
private static final String AUTOMATIC_DESTINATIONS_FILE_DIRECTORY = "%/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations/";
private static final String JUMPLIST_DIR_NAME = "jumplists"; //NON-NLS
private static final String VERSION_NUMBER = "1.0.0"; //NON-NLS
@ -86,7 +87,8 @@ final class ExtractJumpLists extends Extract {
fileManager = currentCase.getServices().getFileManager();
long ingestJobId = context.getJobId();
List<AbstractFile> jumpListFiles = extractJumplistFiles(dataSource, ingestJobId);
String baseRaTempPath = RAImageIngestModule.getRATempPath(Case.getCurrentCase(), JUMPLIST_DIR_NAME , ingestJobId);
List<AbstractFile> jumpListFiles = extractJumplistFiles(dataSource, ingestJobId, baseRaTempPath);
if (jumpListFiles.isEmpty()) {
return;
@ -98,13 +100,13 @@ final class ExtractJumpLists extends Extract {
List<AbstractFile> derivedFiles = new ArrayList<>();
String derivedPath = null;
String baseRaTempPath = RAImageIngestModule.getRATempPath(Case.getCurrentCase(), JUMPLIST_DIR_NAME + "_" + dataSource.getId(), ingestJobId);
String baseRaModPath = RAImageIngestModule.getRAOutputPath(Case.getCurrentCase(), JUMPLIST_DIR_NAME, ingestJobId);
for (AbstractFile jumplistFile : jumpListFiles) {
if (!jumplistFile.getName().toLowerCase().contains("-slack") && !jumplistFile.getName().equals("..") &&
!jumplistFile.getName().equals(".") && jumplistFile.getSize() > 0) {
String jlFile = Paths.get(baseRaTempPath, jumplistFile.getName() + "_" + jumplistFile.getId()).toString();
String moduleOutPath = Case.getCurrentCase().getModuleDirectory() + File.separator + RA_DIR_NAME + File.separator + JUMPLIST_DIR_NAME + "_" + dataSource.getId() + File.separator + jumplistFile.getName() + "_" + jumplistFile.getId();
derivedPath = RA_DIR_NAME + File.separator + JUMPLIST_DIR_NAME + "_" + dataSource.getId() + File.separator + jumplistFile.getName() + "_" + jumplistFile.getId();
String moduleOutPath = baseRaModPath + File.separator + jumplistFile.getName() + "_" + jumplistFile.getId();
derivedPath = RA_DIR_NAME + File.separator + JUMPLIST_DIR_NAME + "_" + ingestJobId + File.separator + jumplistFile.getName() + "_" + jumplistFile.getId();
File jlDir = new File(moduleOutPath);
if (jlDir.exists() == false) {
boolean dirMade = jlDir.mkdirs();
@ -129,7 +131,7 @@ final class ExtractJumpLists extends Extract {
*
* @return - list of jumplist abstractfiles or empty list
*/
private List<AbstractFile> extractJumplistFiles(Content dataSource, Long ingestJobId) {
private List<AbstractFile> extractJumplistFiles(Content dataSource, Long ingestJobId, String baseRaTempPath) {
List<AbstractFile> jumpListFiles = new ArrayList<>();;
List<AbstractFile> tempJumpListFiles = new ArrayList<>();;
@ -150,11 +152,10 @@ final class ExtractJumpLists extends Extract {
if (context.dataSourceIngestIsCancelled()) {
return jumpListFiles;
}
if (!jumpListFile.getName().toLowerCase().contains("-slack") && !jumpListFile.getName().equals("..") &&
!jumpListFile.getName().equals(".") && jumpListFile.getSize() > 0) {
String fileName = jumpListFile.getName() + "_" + jumpListFile.getId();
String baseRaTempPath = RAImageIngestModule.getRATempPath(Case.getCurrentCase(), JUMPLIST_DIR_NAME+ "_" + dataSource.getId(), ingestJobId);
String jlFile = Paths.get(baseRaTempPath, fileName).toString();
try {
ContentUtils.writeToFile(jumpListFile, new File(jlFile));
@ -176,7 +177,7 @@ final class ExtractJumpLists extends Extract {
List<DerivedFile> derivedFiles = new ArrayList<>();
DerivedFile derivedFile;
String lnkFileName = "";
try (POIFSFileSystem fs = new POIFSFileSystem(new File(jumpListFile))) {
DirectoryEntry root = fs.getRoot();
for (Entry entry : root) {
@ -196,7 +197,8 @@ final class ExtractJumpLists extends Extract {
JLNK lnk = lnkParser.parse();
lnkFileName = lnk.getBestName() + ".lnk";
File targetFile = new File(moduleOutPath + File.separator + entry.getName() + "-" + lnkFileName);
String derivedFileName = MODULE_OUTPUT_DIR + File.separator + derivedPath + File.separator + entry.getName() + "-" + lnkFileName;
String relativePath = Case.getCurrentCase().getModuleOutputDirectoryRelativePath();
String derivedFileName = Case.getCurrentCase().getModuleOutputDirectoryRelativePath() + File.separator + derivedPath + File.separator + entry.getName() + "-" + lnkFileName;
OutputStream outStream = new FileOutputStream(targetFile);
outStream.write(buffer);
outStream.close();
@ -226,6 +228,8 @@ final class ExtractJumpLists extends Extract {
continue;
}
}
} catch (NotOLE2FileException | EmptyFileException ex1) {
logger.log(Level.WARNING, String.format("Error file not a valid OLE2 Document $s", jumpListFile)); //NON-NLS
} catch (IOException | TskCoreException ex) {
logger.log(Level.WARNING, String.format("Error lnk parsing the file to get recent files $s", jumpListFile), ex); //NON-NLS
}
@ -235,3 +239,4 @@ final class ExtractJumpLists extends Extract {
}
}

3
docs/doxygen-user/main.dox
View File

@ -8,6 +8,9 @@ This is the User's Guide for the <a href="http://www.sleuthkit.org/autopsy/">ope
Note: For those users running Autopsy on Mac devices, the functionality available through the "Tools" -> "Options" dialog as described in this documentation can be accessed through the system menu bar under "Preferences" or through the Cmd + , (command-comma) shortcut.
Translated versions of this guide:
- <a href="https://sleuthkit.org/autopsy/docs/user-docs_fr/4.19.0/">Français (4.19.0)</a>
Help Topics
-------
The following topics are available here: