mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 07:56:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #17 from aebadirad42six/master

Browse Source 
bug fixes and moving regripper
This commit is contained in:
dickfickling 2012-03-16 12:05:48 -07:00
commit af5086d53b
7 changed files with 186 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
View File

@ -143,7 +143,7 @@ public class Chrome {
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(),"RecentActivity", "Last Visited",temprs.getString("access_utc")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(),"RecentActivity", "",temprs.getString("value")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),"RecentActivity", "",temprs.getString("value")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","Title",((temprs.getString("name") != null) ? temprs.getString("name") : "No name")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome"));
bbart.addAttributes(bbattributes);

22
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -19,6 +19,7 @@ import java.util.logging.Logger;
import org.jdom.Document;
import org.jdom.Element;
import org.jdom.input.SAXBuilder;
import org.openide.modules.InstalledFileLocator;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.autopsy.ingest.IngestImageWorkerController;
@ -39,8 +40,24 @@ import org.sleuthkit.datamodel.SleuthkitCase;
public class ExtractRegistry {
public Logger logger = Logger.getLogger(this.getClass().getName());
private String RR_PATH;
boolean rrFound = false;
ExtractRegistry(){
final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false);
if (rrRoot == null) {
logger.log(Level.SEVERE, "RegRipper not found");
rrFound = false;
return;
}
else {
rrFound = true;
}
final String rrHome = rrRoot.getAbsolutePath();
logger.log(Level.INFO, "RegRipper home: " + rrHome);
RR_PATH = rrHome + File.separator + "rip.exe";
}
@ -113,9 +130,6 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
try
{
String rrpath = System.getProperty("user.dir");
rrpath = rrpath.substring(0, rrpath.length()-14);
rrpath = rrpath + "thirdparty\\rr\\";
if(regFilePath.toLowerCase().contains("system"))
{
@ -142,7 +156,7 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
type = "security";
}
String command = rrpath + "rip.exe -r " + regFilePath +" -f " + type + "> " + txtPath;
String command = RR_PATH + " -r " + regFilePath +" -f " + type + "> " + txtPath;
JavaSystemCaller.Exec.execute(command);

2
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -167,7 +167,7 @@ public class Firefox {
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Last Visited", temprs.getString("lastAccessed")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(), "RecentActivity", "", temprs.getString("value")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", "", temprs.getString("value")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","Title",((temprs.getString("name") != null) ? temprs.getString("name") : "No name")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox"));
bbart.addAttributes(bbattributes);

52
Report/src/org/sleuthkit/autopsy/report/reportAction.java
View File

@ -9,12 +9,12 @@ import java.awt.Dimension;
import java.awt.Toolkit;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.util.List;
import java.util.logging.Level;
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import java.io.File;
import javax.swing.JButton;
import javax.swing.JDialog;
import javax.swing.JFrame;
import javax.swing.SwingWorker;
import org.openide.awt.ActionRegistration;
import org.openide.awt.ActionReference;
import org.openide.awt.ActionReferences;
@ -23,7 +23,10 @@ import org.openide.util.HelpCtx;
import org.openide.util.NbBundle.Messages;
import org.openide.util.actions.CallableSystemAction;
import org.openide.util.actions.Presenter;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.coreutils.Log;
import java.util.logging.Level;
import java.util.logging.Logger;
@ActionID(category = "Tools",
id = "org.sleuthkit.autopsy.report.reportAction")
@ -35,9 +38,50 @@ id = "org.sleuthkit.autopsy.report.reportAction")
public final class reportAction extends CallableSystemAction implements Presenter.Toolbar{
private JButton toolbarButton = new JButton();
private static final String ACTION_NAME = "Report Filter";
private static final String ACTION_NAME = "Report";
Logger logger = Logger.getLogger(reportAction.class.getName());
public reportAction() {
setEnabled(false);
Case.addPropertyChangeListener(new PropertyChangeListener() {
@Override
public void propertyChange(PropertyChangeEvent evt) {
if(evt.getPropertyName().equals(Case.CASE_CURRENT_CASE)){
setEnabled(evt.getNewValue() != null);
}
}
});
//attempt to create a report folder if a case is active
Case.addPropertyChangeListener(new PropertyChangeListener () {
@Override
public void propertyChange(PropertyChangeEvent evt) {
String changed = evt.getPropertyName();
//case has been changed
if (changed.equals(Case.CASE_CURRENT_CASE)) {
Case newCase = (Case)evt.getNewValue();
if (newCase != null) {
boolean exists = (new File(newCase.getCaseDirectory() + "\\Reports")).exists();
if (exists) {
// report directory exists -- don't need to do anything
} else {
// report directory does not exist -- create it
boolean reportCreate = (new File(newCase.getCaseDirectory() + "\\Reports")).mkdirs();
if(!reportCreate){
logger.log(Level.WARNING, "Could not create Reports directory for case. It does not exist.");
}
}
}
}
}
});
// set action of the toolbar button
toolbarButton.addActionListener(new ActionListener() {

1
thirdparty/rr/plugins/autopsysoftware vendored
View File

@ -2,4 +2,5 @@
#-------------------------------------
# SOFTWARE
autopsywinver
autopsyuninstall

11
thirdparty/rr/plugins/autopsyuninstall.pl vendored
View File

@ -50,7 +50,9 @@ sub pluginmain {
#::rptMsg("Uninstall");
#::rptMsg($key_path);
#::rptMsg("");
::rptMsg("<uninstall>");
::rptMsg("<time>".gmtime($key->get_timestamp())."</time>");
::rptMsg("<artifacts>");
my %uninst;
my @subkeys = $key->get_list_of_subkeys();
if (scalar(@subkeys) > 0) {
@ -71,11 +73,11 @@ sub pluginmain {
push(@{$uninst{$lastwrite}},$display);
}
foreach my $t (reverse sort {$a <=> $b} keys %uninst) {
::rptMsg(gmtime($t)." (UTC)");
::rptMsg("<item name=\"". gmtime($t).">");
foreach my $item (@{$uninst{$t}}) {
::rptMsg("\t$item");
::rptMsg($item."</item>");
}
::rptMsg("");
#::rptMsg("");
}
}
else {
@ -85,5 +87,6 @@ sub pluginmain {
else {
#::rptMsg($key_path." not found.");
}
::rptMsg("</artifacts></uninstall>");
}
1;

109
thirdparty/rr/plugins/autopsywinver.pl vendored Normal file
View File

@ -0,0 +1,109 @@
#-----------------------------------------------------------
# winver.pl
#
# copyright 2008-2009 H. Carvey, keydet89@yahoo.com
#-----------------------------------------------------------
package autopsywinver;
use strict;
my %config = (hive => "Software",
osmask => 22,
hasShortDescr => 1,
hasDescr => 0,
hasRefs => 0,
version => 20081210);
sub getConfig{return %config}
sub getShortDescr {
return "Get Windows version";
}
sub getDescr{}
sub getRefs {}
sub getHive {return $config{hive};}
sub getVersion {return $config{version};}
my $VERSION = getVersion();
sub pluginmain {
my $class = shift;
my $hive = shift;
#::logMsg("Launching winver v.".$VERSION);
my $reg = Parse::Win32Registry->new($hive);
my $root_key = $reg->get_root_key;
::rptMsg("<WinVersion>");
::rptMsg("<time>Not Available</time>");
::rptMsg("<artifacts>");
my $key_path = "Microsoft\\Windows NT\\CurrentVersion";
my $key;
if ($key = $root_key->get_subkey($key_path)) {
# ::rptMsg("{name}");
# ::rptMsg($key_path);
# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)");
my $prod;
eval {
$prod = $key->get_value("ProductName")->get_data();
};
if ($@) {
# ::rptMsg("ProductName value not found.");
}
else {
::rptMsg("<winver name=\"ProductName\">".$prod ."</winver>");
}
my $csd;
eval {
$csd = $key->get_value("CSDVersion")->get_data();
};
if ($@) {
# ::rptMsg("CSDVersion value not found.");
}
else {
::rptMsg("<winver name=\"CSDVersion\">".$csd."</winver>");
}
my $build;
eval {
$build = $key->get_value("BuildName")->get_data();
};
if ($@) {
# ::rptMsg("BuildName value not found.");
}
else {
::rptMsg("<winver name=\"BuildName\">".$build."</winver>");
}
my $buildex;
eval {
$buildex = $key->get_value("BuildNameEx")->get_data();
};
if ($@) {
# ::rptMsg("BuildName value not found.");
}
else {
::rptMsg("<winver name=\"BuildNameEx\">".$buildex."</winver>");
}
my $install;
eval {
$install = $key->get_value("InstallDate")->get_data();
};
if ($@) {
# ::rptMsg("InstallDate value not found.");
}
else {
::rptMsg("<winver name=\"InstallDate\">".gmtime($install)."</winver>");
}
}
else {
#::rptMsg($key_path." not found.");
#::logMsg($key_path." not found.");
}
::rptMsg("</artifacts></shellfolders>");
}
1;