From ab75f7e046feab5a2689186bd2916557c658865c Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dsmyda" Date: Thu, 15 Aug 2019 16:01:03 -0400 Subject: [PATCH] Tags working, laid out code for artifacts --- .../report/caseuco/CaseUcoFormatExporter.java | 357 ++++++++++-------- 1 file changed, 200 insertions(+), 157 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java b/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java index 54fb2a2b01..8631c27565 100755 --- a/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java +++ b/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java @@ -34,6 +34,7 @@ import java.util.List; import java.util.SimpleTimeZone; import java.util.logging.Level; import org.apache.commons.io.FileUtils; +import org.openide.util.Exceptions; import org.openide.util.NbBundle; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; @@ -90,108 +91,119 @@ public final class CaseUcoFormatExporter { @SuppressWarnings("deprecation") public static void generateReport(Long selectedDataSourceId, String reportOutputPath, ReportProgressPanel progressPanel) { - // Start the progress bar and setup the report - progressPanel.setIndeterminate(false); - progressPanel.start(); - progressPanel.updateStatusLabel(Bundle.ReportCaseUco_initializing()); - - // Create the JSON generator - JsonFactory jsonGeneratorFactory = new JsonFactory(); - java.io.File reportFile = Paths.get(reportOutputPath).toFile(); + // // Start the progress bar and setup the report +// progressPanel.setIndeterminate(false); +// progressPanel.start(); +// progressPanel.updateStatusLabel(Bundle.ReportCaseUco_initializing()); +// +// // Create the JSON generator +// JsonFactory jsonGeneratorFactory = new JsonFactory(); +// java.io.File reportFile = Paths.get(reportOutputPath).toFile(); +// try { +// Files.createDirectories(Paths.get(reportFile.getParent())); +// } catch (IOException ex) { +// logger.log(Level.SEVERE, "Unable to create directory for CASE-UCO report", ex); //NON-NLS +// MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_unableToCreateDirectories()); +// progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); +// return; +// } +// +// // Check if ingest has finished +// if (IngestManager.getInstance().isIngestRunning()) { +// MessageNotifyUtil.Message.warn(Bundle.ReportCaseUco_ingestWarning()); +// } +// +// JsonGenerator jsonGenerator = null; +// SimpleTimeZone timeZone = new SimpleTimeZone(0, "GMT"); +// try { +// jsonGenerator = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8); +// // instert \n after each field for more readable formatting +// jsonGenerator.setPrettyPrinter(new DefaultPrettyPrinter().withObjectIndenter(new DefaultIndenter(" ", "\n"))); +// +// SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase(); +// +// progressPanel.updateStatusLabel(Bundle.ReportCaseUco_querying()); +// +// // create the required CASE-UCO entries at the beginning of the output file +// initializeJsonOutputFile(jsonGenerator); +// +// // create CASE-UCO entry for the Autopsy case +// String caseTraceId = saveCaseInfo(skCase, jsonGenerator); +// +// // create CASE-UCO data source entry +// String dataSourceTraceId = saveDataSourceInfo(selectedDataSourceId, caseTraceId, skCase, jsonGenerator); +// +// // Run getAllFilesQuery to get all files, exclude directories +// final String getAllFilesQuery = "select obj_id, name, size, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where " +// + "data_source_obj_id = " + Long.toString(selectedDataSourceId) +// + " AND ((meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF.getValue() +// + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue() +// + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT.getValue() + "))"; //NON-NLS +// +// try (SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getAllFilesQuery)) { +// ResultSet resultSet = queryResult.getResultSet(); +// +// progressPanel.updateStatusLabel(Bundle.ReportCaseUco_processing()); +// +// // Loop files and write info to CASE-UCO report +// while (resultSet.next()) { +// +// if (progressPanel.getStatus() == ReportProgressPanel.ReportStatus.CANCELED) { +// break; +// } +// +// Long objectId = resultSet.getLong(1); +// String fileName = resultSet.getString(2); +// long size = resultSet.getLong("size"); +// String crtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("crtime"), timeZone); +// String atime = ContentUtils.getStringTimeISO8601(resultSet.getLong("atime"), timeZone); +// String mtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("mtime"), timeZone); +// String md5Hash = resultSet.getString("md5"); +// String parent_path = resultSet.getString("parent_path"); +// String mime_type = resultSet.getString("mime_type"); +// String extension = resultSet.getString("extension"); +// +// saveFileInCaseUcoFormat(objectId, fileName, parent_path, md5Hash, mime_type, size, crtime, atime, mtime, extension, jsonGenerator, dataSourceTraceId); +// } +// } +// +// // create the required CASE-UCO entries at the end of the output file +// finilizeJsonOutputFile(jsonGenerator); +// +// Case.getCurrentCaseThrows().addReport(reportOutputPath, Bundle.ReportCaseUco_srcModuleName_text(), ""); +// +// progressPanel.complete(ReportProgressPanel.ReportStatus.COMPLETE); +// } catch (TskCoreException ex) { +// logger.log(Level.SEVERE, "Failed to get list of files from case database", ex); //NON-NLS +// progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); +// } catch (IOException ex) { +// logger.log(Level.SEVERE, "Failed to create JSON output for the CASE-UCO report", ex); //NON-NLS +// progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); +// } catch (SQLException ex) { +// logger.log(Level.WARNING, "Unable to read result set", ex); //NON-NLS +// progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); +// } catch (NoCurrentCaseException ex) { +// logger.log(Level.SEVERE, "No current case open", ex); //NON-NLS +// progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); +// } finally { +// if (jsonGenerator != null) { +// try { +// jsonGenerator.close(); +// } catch (IOException ex) { +// logger.log(Level.WARNING, "Failed to close JSON output file", ex); //NON-NLS +// } +// } +// } try { - Files.createDirectories(Paths.get(reportFile.getParent())); + export(null, null, Paths.get("C:", "Users", "dsmyda", "Desktop").toFile(), progressPanel); } catch (IOException ex) { - logger.log(Level.SEVERE, "Unable to create directory for CASE-UCO report", ex); //NON-NLS - MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_unableToCreateDirectories()); - progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); - return; - } - - // Check if ingest has finished - if (IngestManager.getInstance().isIngestRunning()) { - MessageNotifyUtil.Message.warn(Bundle.ReportCaseUco_ingestWarning()); - } - - JsonGenerator jsonGenerator = null; - SimpleTimeZone timeZone = new SimpleTimeZone(0, "GMT"); - try { - jsonGenerator = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8); - // instert \n after each field for more readable formatting - jsonGenerator.setPrettyPrinter(new DefaultPrettyPrinter().withObjectIndenter(new DefaultIndenter(" ", "\n"))); - - SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase(); - - progressPanel.updateStatusLabel(Bundle.ReportCaseUco_querying()); - - // create the required CASE-UCO entries at the beginning of the output file - initializeJsonOutputFile(jsonGenerator); - - // create CASE-UCO entry for the Autopsy case - String caseTraceId = saveCaseInfo(skCase, jsonGenerator); - - // create CASE-UCO data source entry - String dataSourceTraceId = saveDataSourceInfo(selectedDataSourceId, caseTraceId, skCase, jsonGenerator); - - // Run getAllFilesQuery to get all files, exclude directories - final String getAllFilesQuery = "select obj_id, name, size, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where " - + "data_source_obj_id = " + Long.toString(selectedDataSourceId) - + " AND ((meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF.getValue() - + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue() - + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT.getValue() + "))"; //NON-NLS - - try (SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getAllFilesQuery)) { - ResultSet resultSet = queryResult.getResultSet(); - - progressPanel.updateStatusLabel(Bundle.ReportCaseUco_processing()); - - // Loop files and write info to CASE-UCO report - while (resultSet.next()) { - - if (progressPanel.getStatus() == ReportProgressPanel.ReportStatus.CANCELED) { - break; - } - - Long objectId = resultSet.getLong(1); - String fileName = resultSet.getString(2); - long size = resultSet.getLong("size"); - String crtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("crtime"), timeZone); - String atime = ContentUtils.getStringTimeISO8601(resultSet.getLong("atime"), timeZone); - String mtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("mtime"), timeZone); - String md5Hash = resultSet.getString("md5"); - String parent_path = resultSet.getString("parent_path"); - String mime_type = resultSet.getString("mime_type"); - String extension = resultSet.getString("extension"); - - saveFileInCaseUcoFormat(objectId, fileName, parent_path, md5Hash, mime_type, size, crtime, atime, mtime, extension, jsonGenerator, dataSourceTraceId); - } - } - - // create the required CASE-UCO entries at the end of the output file - finilizeJsonOutputFile(jsonGenerator); - - Case.getCurrentCaseThrows().addReport(reportOutputPath, Bundle.ReportCaseUco_srcModuleName_text(), ""); - - progressPanel.complete(ReportProgressPanel.ReportStatus.COMPLETE); - } catch (TskCoreException ex) { - logger.log(Level.SEVERE, "Failed to get list of files from case database", ex); //NON-NLS - progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); - } catch (IOException ex) { - logger.log(Level.SEVERE, "Failed to create JSON output for the CASE-UCO report", ex); //NON-NLS - progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); + Exceptions.printStackTrace(ex); } catch (SQLException ex) { - logger.log(Level.WARNING, "Unable to read result set", ex); //NON-NLS - progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); + Exceptions.printStackTrace(ex); } catch (NoCurrentCaseException ex) { - logger.log(Level.SEVERE, "No current case open", ex); //NON-NLS - progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); - } finally { - if (jsonGenerator != null) { - try { - jsonGenerator.close(); - } catch (IOException ex) { - logger.log(Level.WARNING, "Failed to close JSON output file", ex); //NON-NLS - } - } + Exceptions.printStackTrace(ex); + } catch (TskCoreException ex) { + Exceptions.printStackTrace(ex); } } @@ -208,84 +220,115 @@ public final class CaseUcoFormatExporter { File caseReportFolder, ReportProgressPanel progressPanel) throws IOException, SQLException, NoCurrentCaseException, TskCoreException { + progressPanel.start(); //Acquire references for file discovery Case currentCase = Case.getCurrentCaseThrows(); String caseTempDirectory = currentCase.getTempDirectory(); SleuthkitCase skCase = currentCase.getSleuthkitCase(); TagsManager tagsManager = currentCase.getServices().getTagsManager(); + + tagTypes = tagsManager.getAllTagNames(); //Create temp directory to filter out duplicate files. Path tmpDir = Paths.get(caseTempDirectory, TEMP_DIR_NAME); FileUtils.deleteDirectory(tmpDir.toFile()); tmpDir.toFile().mkdir(); - //Create the case-uco generator - String reportFileName = ReportCaseUco.getReportFileName(); - File reportFile = Paths.get(caseReportFolder.toString(), reportFileName).toFile(); - JsonGenerator jsonGenerator = createJsonGenerator(reportFile); - initializeJsonOutputFile(jsonGenerator); - - //Make the case the first entity in the report file. - String caseTraceId = saveCaseInfo(skCase, jsonGenerator); - - SimpleTimeZone timeZone = new SimpleTimeZone(0, "GMT"); - - //Process by data source so that data source entities in the report file - //appear before any files from that data source. - for(DataSource ds : skCase.getDataSources()) { - String dataSourceTraceId = saveDataSourceInfo(ds.getId(), caseTraceId, skCase, jsonGenerator); - for(TagName tn : tagTypes) { - for(ContentTag ct : tagsManager.getContentTagsByTagName(tn, ds.getId())) { - Content content = ct.getContent(); - if (content instanceof AbstractFile) { - AbstractFile absFile = (AbstractFile) content; - Path filePath = tmpDir.resolve(absFile.getMd5Hash()); - if(!Files.exists(filePath)) { - saveFileInCaseUcoFormat( - absFile.getId(), - absFile.getName(), - absFile.getParentPath(), - absFile.getMd5Hash(), - absFile.getMIMEType(), - absFile.getSize(), - ContentUtils.getStringTimeISO8601(absFile.getCtime(), timeZone), - ContentUtils.getStringTimeISO8601(absFile.getAtime(), timeZone), - ContentUtils.getStringTimeISO8601(absFile.getMtime(), timeZone), - absFile.getNameExtension(), - jsonGenerator, - dataSourceTraceId - ); - filePath.toFile().createNewFile(); + JsonGenerator jsonGenerator = null; + try { + //Create the case-uco generator + String reportFileName = ReportCaseUco.getReportFileName(); + File reportFile = Paths.get(caseReportFolder.toString(), reportFileName).toFile(); + jsonGenerator = createJsonGenerator(reportFile); + initializeJsonOutputFile(jsonGenerator); + + //Make the case the first entity in the report file. + String caseTraceId = saveCaseInfo(skCase, jsonGenerator); + + SimpleTimeZone timeZone = new SimpleTimeZone(0, "GMT"); + + //Process by data source so that data source entities in the report file + //appear before any files from that data source. + for(DataSource ds : skCase.getDataSources()) { + String dataSourceTraceId = saveDataSourceInfo(ds.getId(), caseTraceId, skCase, jsonGenerator); + for(TagName tn : tagTypes) { + for(ContentTag ct : tagsManager.getContentTagsByTagName(tn, ds.getId())) { + Content content = ct.getContent(); + if (content instanceof AbstractFile) { + AbstractFile absFile = (AbstractFile) content; + Path filePath = tmpDir.resolve(Long.toString(absFile.getId())); + if(!Files.exists(filePath)) { + saveFileInCaseUcoFormat( + absFile.getId(), + absFile.getName(), + absFile.getParentPath(), + absFile.getMd5Hash(), + absFile.getMIMEType(), + absFile.getSize(), + ContentUtils.getStringTimeISO8601(absFile.getCtime(), timeZone), + ContentUtils.getStringTimeISO8601(absFile.getAtime(), timeZone), + ContentUtils.getStringTimeISO8601(absFile.getMtime(), timeZone), + absFile.getNameExtension(), + jsonGenerator, + dataSourceTraceId + ); + filePath.toFile().createNewFile(); + } + } + } + + for(BlackboardArtifactTag bat : tagsManager.getBlackboardArtifactTagsByTagName(tn, ds.getId())) { + Content content = bat.getContent(); + if (content instanceof AbstractFile) { + AbstractFile absFile = (AbstractFile) content; + Path filePath = tmpDir.resolve(Long.toString(absFile.getId())); + if(!Files.exists(filePath)) { + saveFileInCaseUcoFormat( + absFile.getId(), + absFile.getName(), + absFile.getParentPath(), + absFile.getMd5Hash(), + absFile.getMIMEType(), + absFile.getSize(), + ContentUtils.getStringTimeISO8601(absFile.getCtime(), timeZone), + ContentUtils.getStringTimeISO8601(absFile.getAtime(), timeZone), + ContentUtils.getStringTimeISO8601(absFile.getMtime(), timeZone), + absFile.getNameExtension(), + jsonGenerator, + dataSourceTraceId + ); + filePath.toFile().createNewFile(); + } } } } - - for(BlackboardArtifactTag bat : tagsManager.getBlackboardArtifactTagsByTagName(tn, ds.getId())) { - //copy content - //copy associated content - } + + // if(!interestingItemSets.isEmpty()) { + // for(BlackboardArtifact bArt : skCase.getBlackboardArtifacts(INTERESTING_FILE_HIT, ds.getId())) { + // BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); + // if (interestingItemSets.contains(setAttr.getValueString())) { + // + // } + // } + // + // for(BlackboardArtifact bArt : skCase.getBlackboardArtifacts(INTERESTING_ARTIFACT_HIT, ds.getId())) { + // BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); + // if (interestingItemSets.contains(setAttr.getValueString())) { + // + // } + // } + // } } - - if(!interestingItemSets.isEmpty()) { - for(BlackboardArtifact bArt : skCase.getBlackboardArtifacts(INTERESTING_FILE_HIT, ds.getId())) { - BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); - if (interestingItemSets.contains(setAttr.getValueString())) { - } - } - - for(BlackboardArtifact bArt : skCase.getBlackboardArtifacts(INTERESTING_ARTIFACT_HIT, ds.getId())) { - BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); - if (interestingItemSets.contains(setAttr.getValueString())) { - - } - } + finilizeJsonOutputFile(jsonGenerator); + } finally { + if (jsonGenerator != null) { + jsonGenerator.close(); } } - - finilizeJsonOutputFile(jsonGenerator); + progressPanel.complete(ReportProgressPanel.ReportStatus.COMPLETE); } - + private static JsonGenerator createJsonGenerator(File reportFile) throws IOException { JsonFactory jsonGeneratorFactory = new JsonFactory(); JsonGenerator jsonGenerator = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8);