mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 18:17:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' of github.com:sleuthkit/autopsy into 7365-domainCategorization

Browse Source
This commit is contained in:
Greg DiCristofaro 2021-03-10 20:01:21 -05:00
commit ae2a916939
3 changed files with 207 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Core/src/org/sleuthkit/autopsy/contentviewers/osaccount/Bundle.properties-MERGED
View File

@ -8,6 +8,7 @@ OsAccountDataPanel_basic_type=Type
OsAccountDataPanel_realm_address=Address OsAccountDataPanel_realm_address=Address
OsAccountDataPanel_realm_confidence=Confidence OsAccountDataPanel_realm_confidence=Confidence
OsAccountDataPanel_realm_name=Name OsAccountDataPanel_realm_name=Name
OsAccountDataPanel_realm_scope=Scope
OsAccountDataPanel_realm_title=Realm Properties OsAccountDataPanel_realm_title=Realm Properties
OsAccountDataPanel_realm_unknown=Unknown OsAccountDataPanel_realm_unknown=Unknown
OsAccountViewer_title=Os Account OsAccountViewer_title=Os Account

209
Core/src/org/sleuthkit/autopsy/contentviewers/osaccount/OsAccountDataPanel.java
View File

@ -18,6 +18,7 @@
*/ */
package org.sleuthkit.autopsy.contentviewers.osaccount; package org.sleuthkit.autopsy.contentviewers.osaccount;
import java.awt.BorderLayout;
import java.awt.Font; import java.awt.Font;
import java.awt.GridBagConstraints; import java.awt.GridBagConstraints;
import java.awt.GridBagLayout; import java.awt.GridBagLayout;
@ -25,15 +26,27 @@ import java.awt.Insets;
import java.text.SimpleDateFormat; import java.text.SimpleDateFormat;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Date; import java.util.Date;
import java.util.HashMap;
import java.util.List; import java.util.List;
import static java.util.Locale.US; import static java.util.Locale.US;
import java.util.Map;
import java.util.Optional; import java.util.Optional;
import java.util.concurrent.ExecutionException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.swing.Box; import javax.swing.Box;
import javax.swing.JLabel; import javax.swing.JLabel;
import javax.swing.JPanel; import javax.swing.JPanel;
import javax.swing.SwingWorker;
import org.openide.util.NbBundle.Messages; import org.openide.util.NbBundle.Messages;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.contentviewers.osaccount.SectionData.RowData; import org.sleuthkit.autopsy.contentviewers.osaccount.SectionData.RowData;
import org.sleuthkit.datamodel.DataSource;
import org.sleuthkit.datamodel.Host;
import org.sleuthkit.datamodel.OsAccount; import org.sleuthkit.datamodel.OsAccount;
import org.sleuthkit.datamodel.OsAccountAttribute;
import org.sleuthkit.datamodel.OsAccountInstance;
import org.sleuthkit.datamodel.OsAccountManager;
import org.sleuthkit.datamodel.OsAccountRealm; import org.sleuthkit.datamodel.OsAccountRealm;
/** /**
@ -42,12 +55,15 @@ import org.sleuthkit.datamodel.OsAccountRealm;
public class OsAccountDataPanel extends JPanel { public class OsAccountDataPanel extends JPanel {
private static final long serialVersionUID = 1L; private static final long serialVersionUID = 1L;
final private static Logger logger = Logger.getLogger(OsAccountDataPanel.class.getName());
private static final int KEY_COLUMN = 0; private static final int KEY_COLUMN = 0;
private static final int VALUE_COLUMN = 1; private static final int VALUE_COLUMN = 1;
private static final SimpleDateFormat DATE_FORMAT = new SimpleDateFormat("MMM dd yyyy", US); private static final SimpleDateFormat DATE_FORMAT = new SimpleDateFormat("MMM dd yyyy", US);
private PanelDataFetcher dataFetcher = null;
// Panel constructor. // Panel constructor.
OsAccountDataPanel() { OsAccountDataPanel() {
initialize(); initialize();
@ -68,19 +84,19 @@ public class OsAccountDataPanel extends JPanel {
*/ */
void setOsAccount(OsAccount account) { void setOsAccount(OsAccount account) {
removeAll(); removeAll();
revalidate();
if (account != null) { if (account != null) {
List<SectionData> data = new ArrayList<>(); setLayout(new BorderLayout());
data.add(buildBasicProperties(account)); add(new JLabel("Loading OsAccount Data..."), BorderLayout.NORTH);
OsAccountRealm realm = account.getRealm(); if (dataFetcher != null && !dataFetcher.isDone()) {
if (realm != null) { dataFetcher.cancel(true);
data.add(buildRealmProperties(realm));
} }
addDataComponents(data); dataFetcher = new PanelDataFetcher(account);
dataFetcher.execute();
} }
revalidate();
} }
/** /**
@ -122,8 +138,7 @@ public class OsAccountDataPanel extends JPanel {
"OsAccountDataPanel_basic_address=Address", "OsAccountDataPanel_basic_address=Address",
"OsAccountDataPanel_basic_admin=Administrator", "OsAccountDataPanel_basic_admin=Administrator",
"OsAccountDataPanel_basic_type=Type", "OsAccountDataPanel_basic_type=Type",
"OsAccountDataPanel_basic_creationDate=Creation Date", "OsAccountDataPanel_basic_creationDate=Creation Date",})
})
/** /**
* Returns the data for the Basic Properties section of the panel. * Returns the data for the Basic Properties section of the panel.
@ -149,10 +164,9 @@ public class OsAccountDataPanel extends JPanel {
data.addData(Bundle.OsAccountDataPanel_basic_type(), account.getOsAccountType().getName()); data.addData(Bundle.OsAccountDataPanel_basic_type(), account.getOsAccountType().getName());
Optional<Long> crTime = account.getCreationTime(); Optional<Long> crTime = account.getCreationTime();
if(crTime.isPresent()) { if (crTime.isPresent()) {
data.addData(Bundle.OsAccountDataPanel_basic_creationDate(), DATE_FORMAT.format(new Date(crTime.get() * 1000))); data.addData(Bundle.OsAccountDataPanel_basic_creationDate(), DATE_FORMAT.format(new Date(crTime.get() * 1000)));
} } else {
else {
data.addData(Bundle.OsAccountDataPanel_basic_creationDate(), ""); data.addData(Bundle.OsAccountDataPanel_basic_creationDate(), "");
} }
@ -194,6 +208,15 @@ public class OsAccountDataPanel extends JPanel {
return data; return data;
} }
private SectionData buildHostData(Host host, List<OsAccountAttribute> attributeList) {
SectionData data = new SectionData(host.getName());
for (OsAccountAttribute attribute : attributeList) {
data.addData(attribute.getAttributeType().getDisplayName(), attribute.getDisplayString());
}
return data;
}
/** /**
* Add a section title to the panel with the given title and location. * Add a section title to the panel with the given title and location.
* *
@ -291,4 +314,166 @@ public class OsAccountDataPanel extends JPanel {
return constraints; return constraints;
} }
/**
* A SwingWorker to gather the data for the content panel.
*/
private class PanelDataFetcher extends SwingWorker<WorkerResults, Void> {
private final OsAccount account;
/**
* Construct a new worker for the given account.
*
* @param account
*/
PanelDataFetcher(OsAccount account) {
this.account = account;
}
@Override
protected WorkerResults doInBackground() throws Exception {
Map<Host, List<OsAccountAttribute>> hostMap = new HashMap<>();
Map<Host, DataSource> instanceMap = new HashMap<>();
OsAccountManager osAccountManager = Case.getCurrentCase().getSleuthkitCase().getOsAccountManager();
List<Host> hosts = osAccountManager.getHosts(account);
List<OsAccountAttribute> attributeList = account.getOsAccountAttributes();
if (attributeList != null) {
if (hosts != null) {
// Organize the attributes by hostId
Map<Long, List<OsAccountAttribute>> idMap = new HashMap<>();
for (OsAccountAttribute attribute : attributeList) {
List<OsAccountAttribute> atList = null;
Optional<Long> optionalId = attribute.getHostId();
Long key = null;
if (optionalId.isPresent()) {
key = optionalId.get();
}
atList = idMap.get(key);
if (atList == null) {
atList = new ArrayList<>();
idMap.put(key, atList);
}
atList.add(attribute);
}
// Add attribute lists to the hostMap
for (Host host : hosts) {
List<OsAccountAttribute> atList = idMap.get(host.getId());
if (atList != null) {
hostMap.put(host, atList);
}
}
List<OsAccountAttribute> atList = idMap.get(null);
if (atList != null) {
hostMap.put(null, atList);
}
// Store both the host and the dataSource so that we get
// all of the calls to the db done in the thread.
for (OsAccountInstance instance : account.getOsAccountInstances()) {
instanceMap.put(instance.getDataSource().getHost(), instance.getDataSource());
}
} else {
hostMap.put(null, attributeList);
}
}
return new WorkerResults(hostMap, instanceMap);
}
@Override
protected void done() {
WorkerResults results = null;
try {
if (this.isCancelled()) {
return;
} else {
results = get();
}
} catch (ExecutionException | InterruptedException ex) {
logger.log(Level.SEVERE, String.format("Failed to retrieve data for OsAccount (%d)", account.getId()), ex);
}
if (results != null) {
removeAll();
setLayout(new GridBagLayout());
List<SectionData> data = new ArrayList<>();
data.add(buildBasicProperties(account));
Map<Host, List<OsAccountAttribute>> hostDataMap = results.getAttributeMap();
if (hostDataMap != null && !hostDataMap.isEmpty()) {
hostDataMap.forEach((K, V) -> data.add(buildHostData(K, V)));
}
OsAccountRealm realm = account.getRealm();
if (realm != null) {
data.add(buildRealmProperties(realm));
}
Map<Host, DataSource> instanceMap = results.getDataSourceMap();
if (!instanceMap.isEmpty()) {
SectionData instanceSection = new SectionData("Instances");
instanceMap.forEach((K, V) -> instanceSection.addData(K.getName(), V.getName()));
data.add(instanceSection);
}
addDataComponents(data);
revalidate();
repaint();
}
}
}
/**
* Helper class for PanelDataFetcher that wraps the returned data needed for
* the panel.
*/
private final class WorkerResults {
private final Map<Host, List<OsAccountAttribute>> attributeMap;
private final Map<Host, DataSource> instanceMap;
/**
* Construct a new WorkerResult object.
*
* @param attributeMap Maps the OsAccountAttributes to the host they
* belong with.
* @param instanceMap A map of data to display OsAccount instance
* information.
*/
WorkerResults(Map<Host, List<OsAccountAttribute>> attributeMap, Map<Host, DataSource> instanceMap) {
this.attributeMap = attributeMap;
this.instanceMap = instanceMap;
}
/**
* Returns a map of OsAccountAttributes that belong to a specific Host.
* There maybe a null key in the map which represents properties that
* are not host specific.
*
* @return OsAccountAttribute map.
*/
Map<Host, List<OsAccountAttribute>> getAttributeMap() {
return attributeMap;
}
/**
* A map of the instance data for the OsAccount.
*
* @return
*/
Map<Host, DataSource> getDataSourceMap() {
return instanceMap;
}
}
} }

7
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -102,6 +102,7 @@ import org.sleuthkit.datamodel.Host;
import org.sleuthkit.datamodel.HostManager; import org.sleuthkit.datamodel.HostManager;
import org.sleuthkit.datamodel.OsAccount; import org.sleuthkit.datamodel.OsAccount;
import org.sleuthkit.datamodel.OsAccountAttribute; import org.sleuthkit.datamodel.OsAccountAttribute;
import org.sleuthkit.datamodel.OsAccountInstance;
import org.sleuthkit.datamodel.OsAccountManager; import org.sleuthkit.datamodel.OsAccountManager;
import org.sleuthkit.datamodel.OsAccountRealm; import org.sleuthkit.datamodel.OsAccountRealm;
import org.sleuthkit.datamodel.ReadContentInputStream.ReadContentInputStreamException; import org.sleuthkit.datamodel.ReadContentInputStream.ReadContentInputStreamException;
@ -1166,6 +1167,7 @@ class ExtractRegistry extends Extract {
//add remaining userinfos as accounts; //add remaining userinfos as accounts;
for (Map<String, String> userInfo : userInfoMap.values()) { for (Map<String, String> userInfo : userInfoMap.values()) {
OsAccount osAccount = accountMgr.createWindowsAccount(userInfo.get(SID_KEY), null, null, host, OsAccountRealm.RealmScope.UNKNOWN); OsAccount osAccount = accountMgr.createWindowsAccount(userInfo.get(SID_KEY), null, null, host, OsAccountRealm.RealmScope.UNKNOWN);
accountMgr.createOsAccountInstance(osAccount, (DataSource)dataSource, OsAccountInstance.OsAccountInstanceType.LAUNCHED);
updateOsAccount(osAccount, userInfo, groupMap.get(userInfo.get(SID_KEY)), regAbstractFile); updateOsAccount(osAccount, userInfo, groupMap.get(userInfo.get(SID_KEY)), regAbstractFile);
} }
@ -2214,6 +2216,7 @@ class ExtractRegistry extends Extract {
OsAccount osAccount; OsAccount osAccount;
if (!optional.isPresent()) { if (!optional.isPresent()) {
osAccount = accountMgr.createWindowsAccount(sid, userName != null && userName.isEmpty() ? null : userName, null, host, OsAccountRealm.RealmScope.UNKNOWN); osAccount = accountMgr.createWindowsAccount(sid, userName != null && userName.isEmpty() ? null : userName, null, host, OsAccountRealm.RealmScope.UNKNOWN);
accountMgr.createOsAccountInstance(osAccount, (DataSource)dataSource, OsAccountInstance.OsAccountInstanceType.LAUNCHED);
} else { } else {
osAccount = optional.get(); osAccount = optional.get();
if (userName != null && !userName.isEmpty()) { if (userName != null && !userName.isEmpty()) {
@ -2369,16 +2372,14 @@ class ExtractRegistry extends Extract {
} }
} }
String settingString = getSettingsFromMap(ACCOUNT_SETTINGS_FLAGS, userInfo); String settingString = getSettingsFromMap(PASSWORD_SETTINGS_FLAGS, userInfo);
if (!settingString.isEmpty()) { if (!settingString.isEmpty()) {
settingString = settingString.substring(0, settingString.length() - 2);
attributes.add(createOsAccountAttribute(ATTRIBUTE_TYPE.TSK_PASSWORD_SETTINGS, attributes.add(createOsAccountAttribute(ATTRIBUTE_TYPE.TSK_PASSWORD_SETTINGS,
settingString, osAccount, host, regFile)); settingString, osAccount, host, regFile));
} }
settingString = getSettingsFromMap(ACCOUNT_SETTINGS_FLAGS, userInfo); settingString = getSettingsFromMap(ACCOUNT_SETTINGS_FLAGS, userInfo);
if (!settingString.isEmpty()) { if (!settingString.isEmpty()) {
settingString = settingString.substring(0, settingString.length() - 2);
attributes.add(createOsAccountAttribute(ATTRIBUTE_TYPE.TSK_ACCOUNT_SETTINGS, attributes.add(createOsAccountAttribute(ATTRIBUTE_TYPE.TSK_ACCOUNT_SETTINGS,
settingString, osAccount, host, regFile)); settingString, osAccount, host, regFile));
} }