mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-14 17:06:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Tags working, laid out code for artifacts

Browse Source
This commit is contained in:
U-BASIS\dsmyda 2019-08-15 16:01:03 -04:00
parent 80b1be07fe
commit ab75f7e046
1 changed files with 200 additions and 157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

277
Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java
View File

@ -34,6 +34,7 @@ import java.util.List;
import java.util.SimpleTimeZone;
import java.util.logging.Level;
import org.apache.commons.io.FileUtils;
import org.openide.util.Exceptions;
import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
@ -90,108 +91,119 @@ public final class CaseUcoFormatExporter {
@SuppressWarnings("deprecation")
public static void generateReport(Long selectedDataSourceId, String reportOutputPath, ReportProgressPanel progressPanel) {
// Start the progress bar and setup the report
progressPanel.setIndeterminate(false);
progressPanel.start();
progressPanel.updateStatusLabel(Bundle.ReportCaseUco_initializing());
// Create the JSON generator
JsonFactory jsonGeneratorFactory = new JsonFactory();
java.io.File reportFile = Paths.get(reportOutputPath).toFile();
// // Start the progress bar and setup the report
// progressPanel.setIndeterminate(false);
// progressPanel.start();
// progressPanel.updateStatusLabel(Bundle.ReportCaseUco_initializing());
//
// // Create the JSON generator
// JsonFactory jsonGeneratorFactory = new JsonFactory();
// java.io.File reportFile = Paths.get(reportOutputPath).toFile();
// try {
// Files.createDirectories(Paths.get(reportFile.getParent()));
// } catch (IOException ex) {
// logger.log(Level.SEVERE, "Unable to create directory for CASE-UCO report", ex); //NON-NLS
// MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_unableToCreateDirectories());
// progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR);
// return;
// }
//
// // Check if ingest has finished
// if (IngestManager.getInstance().isIngestRunning()) {
// MessageNotifyUtil.Message.warn(Bundle.ReportCaseUco_ingestWarning());
// }
//
// JsonGenerator jsonGenerator = null;
// SimpleTimeZone timeZone = new SimpleTimeZone(0, "GMT");
// try {
// jsonGenerator = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8);
// // instert \n after each field for more readable formatting
// jsonGenerator.setPrettyPrinter(new DefaultPrettyPrinter().withObjectIndenter(new DefaultIndenter(" ", "\n")));
//
// SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase();
//
// progressPanel.updateStatusLabel(Bundle.ReportCaseUco_querying());
//
// // create the required CASE-UCO entries at the beginning of the output file
// initializeJsonOutputFile(jsonGenerator);
//
// // create CASE-UCO entry for the Autopsy case
// String caseTraceId = saveCaseInfo(skCase, jsonGenerator);
//
// // create CASE-UCO data source entry
// String dataSourceTraceId = saveDataSourceInfo(selectedDataSourceId, caseTraceId, skCase, jsonGenerator);
//
// // Run getAllFilesQuery to get all files, exclude directories
// final String getAllFilesQuery = "select obj_id, name, size, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where "
// + "data_source_obj_id = " + Long.toString(selectedDataSourceId)
// + " AND ((meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF.getValue()
// + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue()
// + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT.getValue() + "))"; //NON-NLS
//
// try (SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getAllFilesQuery)) {
// ResultSet resultSet = queryResult.getResultSet();
//
// progressPanel.updateStatusLabel(Bundle.ReportCaseUco_processing());
//
// // Loop files and write info to CASE-UCO report
// while (resultSet.next()) {
//
// if (progressPanel.getStatus() == ReportProgressPanel.ReportStatus.CANCELED) {
// break;
// }
//
// Long objectId = resultSet.getLong(1);
// String fileName = resultSet.getString(2);
// long size = resultSet.getLong("size");
// String crtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("crtime"), timeZone);
// String atime = ContentUtils.getStringTimeISO8601(resultSet.getLong("atime"), timeZone);
// String mtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("mtime"), timeZone);
// String md5Hash = resultSet.getString("md5");
// String parent_path = resultSet.getString("parent_path");
// String mime_type = resultSet.getString("mime_type");
// String extension = resultSet.getString("extension");
//
// saveFileInCaseUcoFormat(objectId, fileName, parent_path, md5Hash, mime_type, size, crtime, atime, mtime, extension, jsonGenerator, dataSourceTraceId);
// }
// }
//
// // create the required CASE-UCO entries at the end of the output file
// finilizeJsonOutputFile(jsonGenerator);
//
// Case.getCurrentCaseThrows().addReport(reportOutputPath, Bundle.ReportCaseUco_srcModuleName_text(), "");
//
// progressPanel.complete(ReportProgressPanel.ReportStatus.COMPLETE);
// } catch (TskCoreException ex) {
// logger.log(Level.SEVERE, "Failed to get list of files from case database", ex); //NON-NLS
// progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR);
// } catch (IOException ex) {
// logger.log(Level.SEVERE, "Failed to create JSON output for the CASE-UCO report", ex); //NON-NLS
// progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR);
// } catch (SQLException ex) {
// logger.log(Level.WARNING, "Unable to read result set", ex); //NON-NLS
// progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR);
// } catch (NoCurrentCaseException ex) {
// logger.log(Level.SEVERE, "No current case open", ex); //NON-NLS
// progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR);
// } finally {
// if (jsonGenerator != null) {
// try {
// jsonGenerator.close();
// } catch (IOException ex) {
// logger.log(Level.WARNING, "Failed to close JSON output file", ex); //NON-NLS
// }
// }
// }
try {
Files.createDirectories(Paths.get(reportFile.getParent()));
export(null, null, Paths.get("C:", "Users", "dsmyda", "Desktop").toFile(), progressPanel);
} catch (IOException ex) {
logger.log(Level.SEVERE, "Unable to create directory for CASE-UCO report", ex); //NON-NLS
MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_unableToCreateDirectories());
progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR);
return;
}
// Check if ingest has finished
if (IngestManager.getInstance().isIngestRunning()) {
MessageNotifyUtil.Message.warn(Bundle.ReportCaseUco_ingestWarning());
}
JsonGenerator jsonGenerator = null;
SimpleTimeZone timeZone = new SimpleTimeZone(0, "GMT");
try {
jsonGenerator = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8);
// instert \n after each field for more readable formatting
jsonGenerator.setPrettyPrinter(new DefaultPrettyPrinter().withObjectIndenter(new DefaultIndenter(" ", "\n")));
SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase();
progressPanel.updateStatusLabel(Bundle.ReportCaseUco_querying());
// create the required CASE-UCO entries at the beginning of the output file
initializeJsonOutputFile(jsonGenerator);
// create CASE-UCO entry for the Autopsy case
String caseTraceId = saveCaseInfo(skCase, jsonGenerator);
// create CASE-UCO data source entry
String dataSourceTraceId = saveDataSourceInfo(selectedDataSourceId, caseTraceId, skCase, jsonGenerator);
// Run getAllFilesQuery to get all files, exclude directories
final String getAllFilesQuery = "select obj_id, name, size, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where "
+ "data_source_obj_id = " + Long.toString(selectedDataSourceId)
+ " AND ((meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF.getValue()
+ ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue()
+ ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT.getValue() + "))"; //NON-NLS
try (SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getAllFilesQuery)) {
ResultSet resultSet = queryResult.getResultSet();
progressPanel.updateStatusLabel(Bundle.ReportCaseUco_processing());
// Loop files and write info to CASE-UCO report
while (resultSet.next()) {
if (progressPanel.getStatus() == ReportProgressPanel.ReportStatus.CANCELED) {
break;
}
Long objectId = resultSet.getLong(1);
String fileName = resultSet.getString(2);
long size = resultSet.getLong("size");
String crtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("crtime"), timeZone);
String atime = ContentUtils.getStringTimeISO8601(resultSet.getLong("atime"), timeZone);
String mtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("mtime"), timeZone);
String md5Hash = resultSet.getString("md5");
String parent_path = resultSet.getString("parent_path");
String mime_type = resultSet.getString("mime_type");
String extension = resultSet.getString("extension");
saveFileInCaseUcoFormat(objectId, fileName, parent_path, md5Hash, mime_type, size, crtime, atime, mtime, extension, jsonGenerator, dataSourceTraceId);
}
}
// create the required CASE-UCO entries at the end of the output file
finilizeJsonOutputFile(jsonGenerator);
Case.getCurrentCaseThrows().addReport(reportOutputPath, Bundle.ReportCaseUco_srcModuleName_text(), "");
progressPanel.complete(ReportProgressPanel.ReportStatus.COMPLETE);
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Failed to get list of files from case database", ex); //NON-NLS
progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR);
} catch (IOException ex) {
logger.log(Level.SEVERE, "Failed to create JSON output for the CASE-UCO report", ex); //NON-NLS
progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR);
Exceptions.printStackTrace(ex);
} catch (SQLException ex) {
logger.log(Level.WARNING, "Unable to read result set", ex); //NON-NLS
progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR);
Exceptions.printStackTrace(ex);
} catch (NoCurrentCaseException ex) {
logger.log(Level.SEVERE, "No current case open", ex); //NON-NLS
progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR);
} finally {
if (jsonGenerator != null) {
try {
jsonGenerator.close();
} catch (IOException ex) {
logger.log(Level.WARNING, "Failed to close JSON output file", ex); //NON-NLS
}
}
Exceptions.printStackTrace(ex);
} catch (TskCoreException ex) {
Exceptions.printStackTrace(ex);
}
}
@ -208,21 +220,26 @@ public final class CaseUcoFormatExporter {
File caseReportFolder, ReportProgressPanel progressPanel) throws IOException, SQLException,
NoCurrentCaseException, TskCoreException {
progressPanel.start();
//Acquire references for file discovery
Case currentCase = Case.getCurrentCaseThrows();
String caseTempDirectory = currentCase.getTempDirectory();
SleuthkitCase skCase = currentCase.getSleuthkitCase();
TagsManager tagsManager = currentCase.getServices().getTagsManager();
tagTypes = tagsManager.getAllTagNames();
//Create temp directory to filter out duplicate files.
Path tmpDir = Paths.get(caseTempDirectory, TEMP_DIR_NAME);
FileUtils.deleteDirectory(tmpDir.toFile());
tmpDir.toFile().mkdir();
JsonGenerator jsonGenerator = null;
try {
//Create the case-uco generator
String reportFileName = ReportCaseUco.getReportFileName();
File reportFile = Paths.get(caseReportFolder.toString(), reportFileName).toFile();
JsonGenerator jsonGenerator = createJsonGenerator(reportFile);
jsonGenerator = createJsonGenerator(reportFile);
initializeJsonOutputFile(jsonGenerator);
//Make the case the first entity in the report file.
@ -239,7 +256,7 @@ public final class CaseUcoFormatExporter {
Content content = ct.getContent();
if (content instanceof AbstractFile) {
AbstractFile absFile = (AbstractFile) content;
Path filePath = tmpDir.resolve(absFile.getMd5Hash());
Path filePath = tmpDir.resolve(Long.toString(absFile.getId()));
if(!Files.exists(filePath)) {
saveFileInCaseUcoFormat(
absFile.getId(),
@ -261,29 +278,55 @@ public final class CaseUcoFormatExporter {
}
for(BlackboardArtifactTag bat : tagsManager.getBlackboardArtifactTagsByTagName(tn, ds.getId())) {
//copy content
//copy associated content
Content content = bat.getContent();
if (content instanceof AbstractFile) {
AbstractFile absFile = (AbstractFile) content;
Path filePath = tmpDir.resolve(Long.toString(absFile.getId()));
if(!Files.exists(filePath)) {
saveFileInCaseUcoFormat(
absFile.getId(),
absFile.getName(),
absFile.getParentPath(),
absFile.getMd5Hash(),
absFile.getMIMEType(),
absFile.getSize(),
ContentUtils.getStringTimeISO8601(absFile.getCtime(), timeZone),
ContentUtils.getStringTimeISO8601(absFile.getAtime(), timeZone),
ContentUtils.getStringTimeISO8601(absFile.getMtime(), timeZone),
absFile.getNameExtension(),
jsonGenerator,
dataSourceTraceId
);
filePath.toFile().createNewFile();
}
}
}
}
if(!interestingItemSets.isEmpty()) {
for(BlackboardArtifact bArt : skCase.getBlackboardArtifacts(INTERESTING_FILE_HIT, ds.getId())) {
BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME);
if (interestingItemSets.contains(setAttr.getValueString())) {
}
}
for(BlackboardArtifact bArt : skCase.getBlackboardArtifacts(INTERESTING_ARTIFACT_HIT, ds.getId())) {
BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME);
if (interestingItemSets.contains(setAttr.getValueString())) {
}
}
}
// if(!interestingItemSets.isEmpty()) {
// for(BlackboardArtifact bArt : skCase.getBlackboardArtifacts(INTERESTING_FILE_HIT, ds.getId())) {
// BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME);
// if (interestingItemSets.contains(setAttr.getValueString())) {
//
// }
// }
//
// for(BlackboardArtifact bArt : skCase.getBlackboardArtifacts(INTERESTING_ARTIFACT_HIT, ds.getId())) {
// BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME);
// if (interestingItemSets.contains(setAttr.getValueString())) {
//
// }
// }
// }
}
finilizeJsonOutputFile(jsonGenerator);
} finally {
if (jsonGenerator != null) {
jsonGenerator.close();
}
}
progressPanel.complete(ReportProgressPanel.ReportStatus.COMPLETE);
}
private static JsonGenerator createJsonGenerator(File reportFile) throws IOException {