diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java index 3cf89ee318..fad833d7a3 100755 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java @@ -143,7 +143,7 @@ public class Chrome { Collection bbattributes = new ArrayList(); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(),"RecentActivity", "Last Visited",temprs.getString("access_utc"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(),"RecentActivity", "",temprs.getString("value"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),"RecentActivity", "",temprs.getString("value"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","Title",((temprs.getString("name") != null) ? temprs.getString("name") : "No name"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome")); bbart.addAttributes(bbattributes); diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java index 7d1602af7e..e9fa80a8a9 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java @@ -19,6 +19,7 @@ import java.util.logging.Logger; import org.jdom.Document; import org.jdom.Element; import org.jdom.input.SAXBuilder; +import org.openide.modules.InstalledFileLocator; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; @@ -39,8 +40,24 @@ import org.sleuthkit.datamodel.SleuthkitCase; public class ExtractRegistry { public Logger logger = Logger.getLogger(this.getClass().getName()); - + private String RR_PATH; + boolean rrFound = false; + ExtractRegistry(){ + final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false); + if (rrRoot == null) { + logger.log(Level.SEVERE, "RegRipper not found"); + rrFound = false; + return; + } + else { + rrFound = true; + } + + final String rrHome = rrRoot.getAbsolutePath(); + logger.log(Level.INFO, "RegRipper home: " + rrHome); + + RR_PATH = rrHome + File.separator + "rip.exe"; } @@ -113,9 +130,6 @@ public void getregistryfiles(List image, IngestImageWorkerController con try { - String rrpath = System.getProperty("user.dir"); - rrpath = rrpath.substring(0, rrpath.length()-14); - rrpath = rrpath + "thirdparty\\rr\\"; if(regFilePath.toLowerCase().contains("system")) { @@ -142,7 +156,7 @@ public void getregistryfiles(List image, IngestImageWorkerController con type = "security"; } - String command = rrpath + "rip.exe -r " + regFilePath +" -f " + type + "> " + txtPath; + String command = RR_PATH + " -r " + regFilePath +" -f " + type + "> " + txtPath; JavaSystemCaller.Exec.execute(command); diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java index c7c4a68eee..2380a191eb 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java @@ -167,7 +167,7 @@ public class Firefox { Collection bbattributes = new ArrayList(); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Last Visited", temprs.getString("lastAccessed"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(), "RecentActivity", "", temprs.getString("value"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", "", temprs.getString("value"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","Title",((temprs.getString("name") != null) ? temprs.getString("name") : "No name"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox")); bbart.addAttributes(bbattributes); diff --git a/Report/src/org/sleuthkit/autopsy/report/reportAction.java b/Report/src/org/sleuthkit/autopsy/report/reportAction.java index 6940ce4406..71068ae028 100644 --- a/Report/src/org/sleuthkit/autopsy/report/reportAction.java +++ b/Report/src/org/sleuthkit/autopsy/report/reportAction.java @@ -9,12 +9,12 @@ import java.awt.Dimension; import java.awt.Toolkit; import java.awt.event.ActionEvent; import java.awt.event.ActionListener; -import java.util.List; -import java.util.logging.Level; +import java.beans.PropertyChangeEvent; +import java.beans.PropertyChangeListener; +import java.io.File; import javax.swing.JButton; import javax.swing.JDialog; import javax.swing.JFrame; -import javax.swing.SwingWorker; import org.openide.awt.ActionRegistration; import org.openide.awt.ActionReference; import org.openide.awt.ActionReferences; @@ -23,7 +23,10 @@ import org.openide.util.HelpCtx; import org.openide.util.NbBundle.Messages; import org.openide.util.actions.CallableSystemAction; import org.openide.util.actions.Presenter; +import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.coreutils.Log; +import java.util.logging.Level; +import java.util.logging.Logger; @ActionID(category = "Tools", id = "org.sleuthkit.autopsy.report.reportAction") @@ -35,9 +38,50 @@ id = "org.sleuthkit.autopsy.report.reportAction") public final class reportAction extends CallableSystemAction implements Presenter.Toolbar{ private JButton toolbarButton = new JButton(); - private static final String ACTION_NAME = "Report Filter"; + private static final String ACTION_NAME = "Report"; + Logger logger = Logger.getLogger(reportAction.class.getName()); public reportAction() { + setEnabled(false); + Case.addPropertyChangeListener(new PropertyChangeListener() { + + @Override + public void propertyChange(PropertyChangeEvent evt) { + if(evt.getPropertyName().equals(Case.CASE_CURRENT_CASE)){ + setEnabled(evt.getNewValue() != null); + } + } + + }); + //attempt to create a report folder if a case is active + Case.addPropertyChangeListener(new PropertyChangeListener () { + + @Override + public void propertyChange(PropertyChangeEvent evt) { + String changed = evt.getPropertyName(); + + //case has been changed + if (changed.equals(Case.CASE_CURRENT_CASE)) { + Case newCase = (Case)evt.getNewValue(); + + if (newCase != null) { + boolean exists = (new File(newCase.getCaseDirectory() + "\\Reports")).exists(); + if (exists) { + // report directory exists -- don't need to do anything + + } else { + // report directory does not exist -- create it + boolean reportCreate = (new File(newCase.getCaseDirectory() + "\\Reports")).mkdirs(); + if(!reportCreate){ + logger.log(Level.WARNING, "Could not create Reports directory for case. It does not exist."); + } + } + } + } + } + +}); + // set action of the toolbar button toolbarButton.addActionListener(new ActionListener() { diff --git a/thirdparty/rr/plugins/autopsysoftware b/thirdparty/rr/plugins/autopsysoftware index 1b515928ca..5d94ff6883 100644 --- a/thirdparty/rr/plugins/autopsysoftware +++ b/thirdparty/rr/plugins/autopsysoftware @@ -2,4 +2,5 @@ #------------------------------------- # SOFTWARE +autopsywinver autopsyuninstall \ No newline at end of file diff --git a/thirdparty/rr/plugins/autopsyuninstall.pl b/thirdparty/rr/plugins/autopsyuninstall.pl index 2ec0f50e2e..1cff08cf14 100644 --- a/thirdparty/rr/plugins/autopsyuninstall.pl +++ b/thirdparty/rr/plugins/autopsyuninstall.pl @@ -50,7 +50,9 @@ sub pluginmain { #::rptMsg("Uninstall"); #::rptMsg($key_path); #::rptMsg(""); - + ::rptMsg(""); + ::rptMsg(""); + ::rptMsg(""); my %uninst; my @subkeys = $key->get_list_of_subkeys(); if (scalar(@subkeys) > 0) { @@ -71,11 +73,11 @@ sub pluginmain { push(@{$uninst{$lastwrite}},$display); } foreach my $t (reverse sort {$a <=> $b} keys %uninst) { - ::rptMsg(gmtime($t)." (UTC)"); + ::rptMsg(""); foreach my $item (@{$uninst{$t}}) { - ::rptMsg("\t$item"); + ::rptMsg($item.""); } - ::rptMsg(""); + #::rptMsg(""); } } else { @@ -85,5 +87,6 @@ sub pluginmain { else { #::rptMsg($key_path." not found."); } + ::rptMsg(""); } 1; \ No newline at end of file diff --git a/thirdparty/rr/plugins/autopsywinver.pl b/thirdparty/rr/plugins/autopsywinver.pl new file mode 100644 index 0000000000..a13795b6b6 --- /dev/null +++ b/thirdparty/rr/plugins/autopsywinver.pl @@ -0,0 +1,109 @@ +#----------------------------------------------------------- +# winver.pl +# +# copyright 2008-2009 H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package autopsywinver; +use strict; + +my %config = (hive => "Software", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + version => 20081210); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get Windows version"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + #::logMsg("Launching winver v.".$VERSION); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + ::rptMsg(""); + ::rptMsg(""); + ::rptMsg(""); + my $key_path = "Microsoft\\Windows NT\\CurrentVersion"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { +# ::rptMsg("{name}"); +# ::rptMsg($key_path); +# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + + my $prod; + eval { + $prod = $key->get_value("ProductName")->get_data(); + }; + if ($@) { +# ::rptMsg("ProductName value not found."); + } + else { + ::rptMsg("".$prod .""); + } + + my $csd; + eval { + $csd = $key->get_value("CSDVersion")->get_data(); + }; + if ($@) { +# ::rptMsg("CSDVersion value not found."); + } + else { + ::rptMsg("".$csd.""); + } + + + my $build; + eval { + $build = $key->get_value("BuildName")->get_data(); + }; + if ($@) { +# ::rptMsg("BuildName value not found."); + } + else { + ::rptMsg("".$build.""); + } + + my $buildex; + eval { + $buildex = $key->get_value("BuildNameEx")->get_data(); + }; + if ($@) { +# ::rptMsg("BuildName value not found."); + } + else { + ::rptMsg("".$buildex.""); + } + + + my $install; + eval { + $install = $key->get_value("InstallDate")->get_data(); + }; + if ($@) { +# ::rptMsg("InstallDate value not found."); + } + else { + ::rptMsg("".gmtime($install).""); + } + + + } + else { + #::rptMsg($key_path." not found."); + #::logMsg($key_path." not found."); + } + ::rptMsg(""); +} +1; \ No newline at end of file