mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-15 01:07:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1079 from mrtizmo/r312-stix.ja

Browse Source 
stix ja localization and translation
This commit is contained in:
Richard Cordovano 2015-02-23 09:10:38 -05:00
commit af6b47479a
19 changed files with 390 additions and 356 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Core/src/org/sleuthkit/autopsy/modules/stix/Bundle.properties
View File

@ -6,3 +6,10 @@ STIXReportModuleConfigPanel.jLabel2.text=Select a STIX file or directory of STIX
STIXReportModuleConfigPanel.jTextField1.text=
STIXReportModuleConfigPanel.jButton1.text=Choose file
STIXReportModuleConfigPanel.jCheckBox1.text=Include results for false indicators in output file
STIXReportModule.notifyMsg.unableToOpenReportFile=Unable to open STIX report file {0}
STIXReportModule.progress.completedWithErrors=Completed with errors
STIXReportModule.notifyMsg.unableToOpenFileDir=Unable to open STIX file/directory {0}
STIXReportModule.progress.couldNotOpenFileDir=Could not open file/directory {0}
STIXReportModule.notifyMsg.tooManyArtifactsgt1000=Too many STIX-related artifacts generated for "{0}". Only saving first 1000.
STIXReportModule.notifyErr.noFildDirProvided=No STIX file/directory provided
STIXReportModule.progress.noFildDirProvided=No STIX file/directory provided

14
Core/src/org/sleuthkit/autopsy/modules/stix/Bundle_ja.properties Normal file
View File

@ -0,0 +1,14 @@
OpenIDE-Module-Name=stix\u30E2\u30B8\u30E5\u30FC\u30EB
STIXReportModule.getDesc.text=\u30C7\u30FC\u30BF\u30BD\u30FC\u30B9\u306B\u5BFE\u3057\u3066\u5E7E\u3064\u304B\u306ESTIX\uFF08Structured Threat Information eXpression\uFF1B\u8105\u5A01\u60C5\u5831\u69CB\u9020\u5316\u8A18\u8FF0\u5F62\u5F0F\uFF09\u30D5\u30A1\u30A4\u30EB\u3092\u5B9F\u884C\u3057\u3001\u30EC\u30DD\u30FC\u30C8\u3092\u751F\u6210\u3057\u307E\u3059\u3002\u307E\u305F\u3001\u7591\u308F\u3057\u3044\u30D5\u30A1\u30A4\u30EB\u5185\u306B\u30A2\u30FC\u30C6\u30A3\u30D5\u30A1\u30AF\u30C8\u3092\u4F5C\u6210\u3002
STIXReportModule.getName.text=STIX
STIXReportModule.notifyMsg.tooManyArtifactsgt1000="{0}"\u7528\u306B\u751F\u6210\u3055\u308C\u305FSTIX\u95A2\u9023\u306E\u30A2\u30FC\u30C6\u30A3\u30D5\u30A1\u30AF\u30C8\u304C\u591A\u3059\u304E\u307E\u3059\u3002\u6700\u521D\u306E1000\u306E\u307F\u4FDD\u5B58\u3002
STIXReportModule.notifyMsg.unableToOpenFileDir=STIX\u30D5\u30A1\u30A4\u30EB\uFF0F\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA{0}\u3092\u958B\u3051\u307E\u305B\u3093\u3067\u3057\u305F
STIXReportModule.notifyMsg.unableToOpenReportFile=STIX\u30EC\u30DD\u30FC\u30C8\u30D5\u30A1\u30A4\u30EB{0}\u3092\u958B\u3051\u307E\u305B\u3093\u3067\u3057\u305F
STIXReportModule.progress.completedWithErrors=\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F\u304C\u3001\u5B8C\u4E86\u3057\u307E\u3057\u305F
STIXReportModule.progress.couldNotOpenFileDir=\u30D5\u30A1\u30A4\u30EB\uFF0F\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA{0}\u3092\u958B\u3051\u307E\u305B\u3093\u3067\u3057\u305F
STIXReportModule.progress.readSTIX=STIX\u30D5\u30A1\u30A4\u30EB\u3092\u30D1\u30FC\u30B9\u4E2D
STIXReportModuleConfigPanel.jButton1.text=\u30D5\u30A1\u30A4\u30EB\u9078\u629E
STIXReportModuleConfigPanel.jCheckBox1.text=\u30A2\u30A6\u30C8\u30D7\u30C3\u30C8\u30D5\u30A1\u30A4\u30EB\u306E\u8AA4\u3063\u305F\u30A4\u30F3\u30B8\u30B1\u30FC\u30BF\u30FC\u306E\u7D50\u679C\u3082\u542B\u3080
STIXReportModuleConfigPanel.jLabel2.text=STIX\u30D5\u30A1\u30A4\u30EB\u307E\u305F\u306FSTIX\u30D5\u30A1\u30A4\u30EB\u306E\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u3092\u9078\u629E
STIXReportModule.notifyErr.noFildDirProvided=STIX\u30D5\u30A1\u30A4\u30EB\uFF0F\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u304C\u63D0\u4F9B\u3055\u308C\u3066\u3044\u307E\u305B\u3093
STIXReportModule.progress.noFildDirProvided=STIX\u30D5\u30A1\u30A4\u30EB\uFF0F\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u304C\u63D0\u4F9B\u3055\u308C\u3066\u3044\u307E\u305B\u3093

50
Core/src/org/sleuthkit/autopsy/modules/stix/EvalAccountObj.java
View File

@ -53,7 +53,7 @@ class EvalAccountObj extends EvaluatableObject {
// UserAccount: Home_Directory, Username
// WinUserAccount: SID
if (!(obj instanceof UserAccountObjectType)) {
return new ObservableResult(id, "AccountObject: Can not process \"Account\" - need a User_Account or Windows_User_Account",
return new ObservableResult(id, "AccountObject: Can not process \"Account\" - need a User_Account or Windows_User_Account", //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
@ -68,14 +68,14 @@ class EvalAccountObj extends EvaluatableObject {
UserAccountObjectType userAccountObj = (UserAccountObjectType) obj;
if (userAccountObj.getHomeDirectory() != null) {
haveHomeDir = true;
searchString = "HomeDir \"" + userAccountObj.getHomeDirectory().getValue().toString() + "\"";
searchString = "HomeDir \"" + userAccountObj.getHomeDirectory().getValue().toString() + "\""; //NON-NLS
}
if (userAccountObj.getUsername() != null) {
haveUsername = true;
if (!searchString.isEmpty()) {
searchString += " and ";
searchString += " and "; //NON-NLS
}
searchString += "Username \"" + userAccountObj.getUsername().getValue().toString() + "\"";
searchString += "Username \"" + userAccountObj.getUsername().getValue().toString() + "\""; //NON-NLS
}
WindowsUserAccount winUserObj = null;
@ -85,14 +85,14 @@ class EvalAccountObj extends EvaluatableObject {
if (winUserObj.getSecurityID() != null) {
haveSID = true;
if (!searchString.isEmpty()) {
searchString += " and ";
searchString += " and "; //NON-NLS
}
searchString += "SID \"" + winUserObj.getSecurityID().getValue().toString() + "\"";
searchString += "SID \"" + winUserObj.getSecurityID().getValue().toString() + "\""; //NON-NLS
}
}
if (!(haveHomeDir || haveUsername || haveSID)) {
return new ObservableResult(id, "AccountObject: No evaluatable fields found",
return new ObservableResult(id, "AccountObject: No evaluatable fields found", //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
@ -141,17 +141,17 @@ class EvalAccountObj extends EvaluatableObject {
if (!finalHits.isEmpty()) {
List<StixArtifactData> artData = new ArrayList<StixArtifactData>();
for (BlackboardArtifact a : finalHits) {
artData.add(new StixArtifactData(a.getObjectID(), id, "Account"));
artData.add(new StixArtifactData(a.getObjectID(), id, "Account")); //NON-NLS
}
return new ObservableResult(id, "AccountObject: Found a match for " + searchString,
return new ObservableResult(id, "AccountObject: Found a match for " + searchString, //NON-NLS
spacing, ObservableResult.ObservableState.TRUE, artData);
}
// Didn't find any matches
return new ObservableResult(id, "AccountObject: No matches found for " + searchString,
return new ObservableResult(id, "AccountObject: No matches found for " + searchString, //NON-NLS
spacing, ObservableResult.ObservableState.FALSE, null);
} catch (TskCoreException ex) {
return new ObservableResult(id, "AccountObject: Exception during evaluation: " + ex.getLocalizedMessage(),
return new ObservableResult(id, "AccountObject: Exception during evaluation: " + ex.getLocalizedMessage(), //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
@ -164,43 +164,43 @@ class EvalAccountObj extends EvaluatableObject {
List<String> fieldNames = new ArrayList<String>();
if (obj.getDescription() != null) {
fieldNames.add("Description");
fieldNames.add("Description"); //NON-NLS
}
if (obj.getDomain() != null) {
fieldNames.add("Domain");
fieldNames.add("Domain"); //NON-NLS
}
if (obj.getAuthentications() != null) {
fieldNames.add("Authentication");
fieldNames.add("Authentication"); //NON-NLS
}
if (obj.getCreationDate() != null) {
fieldNames.add("Creation_Date");
fieldNames.add("Creation_Date"); //NON-NLS
}
if (obj.getModifiedDate() != null) {
fieldNames.add("Modified_Date");
fieldNames.add("Modified_Date"); //NON-NLS
}
if (obj.getLastAccessedTime() != null) {
fieldNames.add("Last_Accessed_Time");
fieldNames.add("Last_Accessed_Time"); //NON-NLS
}
if (obj instanceof UserAccountObjectType) {
UserAccountObjectType userAccountObj = (UserAccountObjectType) obj;
if (userAccountObj.getFullName() != null) {
fieldNames.add("Full_Name");
fieldNames.add("Full_Name"); //NON-NLS
}
if (userAccountObj.getGroupList() != null) {
fieldNames.add("Group_List");
fieldNames.add("Group_List"); //NON-NLS
}
if (userAccountObj.getLastLogin() != null) {
fieldNames.add("Last_Login");
fieldNames.add("Last_Login"); //NON-NLS
}
if (userAccountObj.getPrivilegeList() != null) {
fieldNames.add("Privilege_List");
fieldNames.add("Privilege_List"); //NON-NLS
}
if (userAccountObj.getScriptPath() != null) {
fieldNames.add("Script_Path");
fieldNames.add("Script_Path"); //NON-NLS
}
if (userAccountObj.getUserPasswordAge() != null) {
fieldNames.add("User_Password_Age");
fieldNames.add("User_Password_Age"); //NON-NLS
}
}
@ -208,7 +208,7 @@ class EvalAccountObj extends EvaluatableObject {
WindowsUserAccount winUserObj = (WindowsUserAccount) obj;
if (winUserObj.getSecurityType() != null) {
fieldNames.add("Security_Type");
fieldNames.add("Security_Type"); //NON-NLS
}
}
@ -220,7 +220,7 @@ class EvalAccountObj extends EvaluatableObject {
warningStr += name;
}
addWarning("Unsupported field(s): " + warningStr);
addWarning("Unsupported field(s): " + warningStr); //NON-NLS
}
}

28
Core/src/org/sleuthkit/autopsy/modules/stix/EvalAddressObj.java
View File

@ -50,7 +50,7 @@ class EvalAddressObj extends EvaluatableObject {
setWarnings("");
if (obj.getAddressValue() == null) {
return new ObservableResult(id, "AddressObject: No address value field found",
return new ObservableResult(id, "AddressObject: No address value field found", //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
@ -60,8 +60,8 @@ class EvalAddressObj extends EvaluatableObject {
// would ever appear in practice.
if (((obj.getAddressValue().getApplyCondition() != null)
&& (obj.getAddressValue().getApplyCondition() == ConditionApplicationEnum.NONE))) {
return new ObservableResult(id, "AddressObject: Can not process apply condition " + obj.getAddressValue().getApplyCondition().toString()
+ " on Address object", spacing, ObservableResult.ObservableState.INDETERMINATE, null);
return new ObservableResult(id, "AddressObject: Can not process apply condition " + obj.getAddressValue().getApplyCondition().toString() //NON-NLS
+ " on Address object", spacing, ObservableResult.ObservableState.INDETERMINATE, null); //NON-NLS
}
// Set warnings for any unsupported fields
@ -76,7 +76,7 @@ class EvalAddressObj extends EvaluatableObject {
boolean everyPartMatched = true;
List<BlackboardArtifact> combinedArts = new ArrayList<BlackboardArtifact>();
String searchString = "";
String[] parts = origAddressStr.split("##comma##");
String[] parts = origAddressStr.split("##comma##"); //NON-NLS
for (String addressStr : parts) {
@ -85,9 +85,9 @@ class EvalAddressObj extends EvaluatableObject {
if ((obj.getAddressValue().getApplyCondition() != null)
&& (obj.getAddressValue().getApplyCondition() == ConditionApplicationEnum.ALL)) {
searchString += " AND ";
searchString += " AND "; //NON-NLS
} else {
searchString += " OR ";
searchString += " OR "; //NON-NLS
}
}
searchString += addressStr;
@ -138,24 +138,24 @@ class EvalAddressObj extends EvaluatableObject {
if ((obj.getAddressValue().getApplyCondition() != null)
&& (obj.getAddressValue().getApplyCondition() == ConditionApplicationEnum.ALL)
&& (!everyPartMatched)) {
return new ObservableResult(id, "AddressObject: No matches for " + searchString,
return new ObservableResult(id, "AddressObject: No matches for " + searchString, //NON-NLS
spacing, ObservableResult.ObservableState.FALSE, null);
}
if (!combinedArts.isEmpty()) {
List<StixArtifactData> artData = new ArrayList<StixArtifactData>();
for (BlackboardArtifact a : combinedArts) {
artData.add(new StixArtifactData(a.getObjectID(), id, "AddressObject"));
artData.add(new StixArtifactData(a.getObjectID(), id, "AddressObject")); //NON-NLS
}
return new ObservableResult(id, "AddressObject: Found a match for " + searchString,
return new ObservableResult(id, "AddressObject: Found a match for " + searchString, //NON-NLS
spacing, ObservableResult.ObservableState.TRUE, artData);
}
return new ObservableResult(id, "AddressObject: Found no matches for " + searchString,
return new ObservableResult(id, "AddressObject: Found no matches for " + searchString, //NON-NLS
spacing, ObservableResult.ObservableState.FALSE, null);
} catch (TskCoreException ex) {
return new ObservableResult(id, "AddressObject: Exception during evaluation: " + ex.getLocalizedMessage(),
return new ObservableResult(id, "AddressObject: Exception during evaluation: " + ex.getLocalizedMessage(), //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
}
@ -167,10 +167,10 @@ class EvalAddressObj extends EvaluatableObject {
List<String> fieldNames = new ArrayList<String>();
if (obj.getVLANName() != null) {
fieldNames.add("VLAN_Name");
fieldNames.add("VLAN_Name"); //NON-NLS
}
if (obj.getVLANName() != null) {
fieldNames.add("VLAN_Num");
fieldNames.add("VLAN_Num"); //NON-NLS
}
String warningStr = "";
@ -181,6 +181,6 @@ class EvalAddressObj extends EvaluatableObject {
warningStr += name;
}
addWarning("Unsupported field(s): " + warningStr);
addWarning("Unsupported field(s): " + warningStr); //NON-NLS
}
}

18
Core/src/org/sleuthkit/autopsy/modules/stix/EvalDomainObj.java
View File

@ -48,22 +48,22 @@ class EvalDomainObj extends EvaluatableObject {
setWarnings("");
if (obj.getValue() == null) {
return new ObservableResult(id, "DomainObject: No domain value field found",
return new ObservableResult(id, "DomainObject: No domain value field found", //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
// Since we have single URL artifacts, ALL and NONE conditions probably don't make sense to test
if (!((obj.getValue().getApplyCondition() == null)
|| (obj.getValue().getApplyCondition() == ConditionApplicationEnum.ANY))) {
return new ObservableResult(id, "URIObject: Can not process apply condition " + obj.getValue().getApplyCondition().toString()
+ " on URI object", spacing, ObservableResult.ObservableState.INDETERMINATE, null);
return new ObservableResult(id, "URIObject: Can not process apply condition " + obj.getValue().getApplyCondition().toString() //NON-NLS
+ " on URI object", spacing, ObservableResult.ObservableState.INDETERMINATE, null); //NON-NLS
}
// If the condition is not "CONTAINS", add a warning that it's being ignored
if ((obj.getValue().getCondition() != null)
&& (obj.getValue().getCondition() != ConditionTypeEnum.CONTAINS)) {
addWarning("Warning: Ignoring condition " + obj.getValue().getCondition().toString()
+ " on DomainName - using substring comparison");
addWarning("Warning: Ignoring condition " + obj.getValue().getCondition().toString() //NON-NLS
+ " on DomainName - using substring comparison"); //NON-NLS
}
Case case1 = Case.getCurrentCase();
@ -96,18 +96,18 @@ class EvalDomainObj extends EvaluatableObject {
if (!finalHits.isEmpty()) {
List<StixArtifactData> artData = new ArrayList<StixArtifactData>();
for (BlackboardArtifact a : finalHits) {
artData.add(new StixArtifactData(a.getObjectID(), id, "DomainNameObject"));
artData.add(new StixArtifactData(a.getObjectID(), id, "DomainNameObject")); //NON-NLS
}
return new ObservableResult(id, "DomainNameObject: Found a match for " + obj.getValue().getValue().toString()
return new ObservableResult(id, "DomainNameObject: Found a match for " + obj.getValue().getValue().toString() //NON-NLS
+ " " + getPrintableWarnings(),
spacing, ObservableResult.ObservableState.TRUE, artData);
}
return new ObservableResult(id, "DomainNameObject: Found no matches for " + obj.getValue().getValue().toString()
return new ObservableResult(id, "DomainNameObject: Found no matches for " + obj.getValue().getValue().toString() //NON-NLS
+ " " + getPrintableWarnings(),
spacing, ObservableResult.ObservableState.FALSE, null);
} catch (TskCoreException ex) {
return new ObservableResult(id, "DomainNameObject: Exception during evaluation: " + ex.getLocalizedMessage(),
return new ObservableResult(id, "DomainNameObject: Exception during evaluation: " + ex.getLocalizedMessage(), //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}

54
Core/src/org/sleuthkit/autopsy/modules/stix/EvalEmailObj.java
View File

@ -125,7 +125,7 @@ class EvalEmailObj extends EvaluatableObject {
// Make sure at least one test had some data
if ((!hadToFields) && (!hadFromField) && (!hadCcFields) && (!hadSubjectField)) {
return new ObservableResult(id, "EmailMessage: Could not find any parsable EmailMessage fields "
return new ObservableResult(id, "EmailMessage: Could not find any parsable EmailMessage fields " //NON-NLS
+ getPrintableWarnings(),
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
@ -133,7 +133,7 @@ class EvalEmailObj extends EvaluatableObject {
// Check if there were more fields that aren't currently supported
String fieldNames = getListOfUnsupportedFields();
if (fieldNames.length() > 0) {
addWarning("Unsupported field(s) found: " + fieldNames);
addWarning("Unsupported field(s) found: " + fieldNames); //NON-NLS
}
// Find the artifacts that matched all of the fields
@ -159,7 +159,7 @@ class EvalEmailObj extends EvaluatableObject {
if (!finalHitsStarted) {
// We didn't find any fields that could be evaluated
return new ObservableResult(id, "EmailMessage: EmailObj parsing incomplete " + getPrintableWarnings(),
return new ObservableResult(id, "EmailMessage: EmailObj parsing incomplete " + getPrintableWarnings(), //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
@ -167,12 +167,12 @@ class EvalEmailObj extends EvaluatableObject {
if (finalHits.size() > 0) {
List<StixArtifactData> artData = new ArrayList<StixArtifactData>();
for (BlackboardArtifact a : finalHits) {
artData.add(new StixArtifactData(a.getObjectID(), id, "EmailMessage"));
artData.add(new StixArtifactData(a.getObjectID(), id, "EmailMessage")); //NON-NLS
}
return new ObservableResult(id, "EmailMessage: " + finalHits.size() + " matching artifacts found " + getPrintableWarnings(),
return new ObservableResult(id, "EmailMessage: " + finalHits.size() + " matching artifacts found " + getPrintableWarnings(), //NON-NLS
spacing, ObservableResult.ObservableState.TRUE, artData);
} else {
return new ObservableResult(id, "EmailMessage: No matching artifacts found " + getPrintableWarnings(),
return new ObservableResult(id, "EmailMessage: No matching artifacts found " + getPrintableWarnings(), //NON-NLS
spacing, ObservableResult.ObservableState.FALSE, null);
}
}
@ -203,69 +203,69 @@ class EvalEmailObj extends EvaluatableObject {
String fieldNames = "";
if (obj.getHeader() != null) {
if (obj.getHeader().getReceivedLines() != null) {
fieldNames += "Received_Lines ";
fieldNames += "Received_Lines "; //NON-NLS
}
if (obj.getHeader().getBCC() != null) {
fieldNames += "BCC ";
fieldNames += "BCC "; //NON-NLS
}
if (obj.getHeader().getInReplyTo() != null) {
fieldNames += "In_Reply_To ";
fieldNames += "In_Reply_To "; //NON-NLS
}
if (obj.getHeader().getDate() != null) {
fieldNames += "Date ";
fieldNames += "Date "; //NON-NLS
}
if (obj.getHeader().getMessageID() != null) {
fieldNames += "Message_ID ";
fieldNames += "Message_ID "; //NON-NLS
}
if (obj.getHeader().getSender() != null) {
fieldNames += "Sender ";
fieldNames += "Sender "; //NON-NLS
}
if (obj.getHeader().getReplyTo() != null) {
fieldNames += "Reply_To ";
fieldNames += "Reply_To "; //NON-NLS
}
if (obj.getHeader().getErrorsTo() != null) {
fieldNames += "Errors_To ";
fieldNames += "Errors_To "; //NON-NLS
}
if (obj.getHeader().getBoundary() != null) {
fieldNames += "Boundary ";
fieldNames += "Boundary "; //NON-NLS
}
if (obj.getHeader().getContentType() != null) {
fieldNames += "Content_Type ";
fieldNames += "Content_Type "; //NON-NLS
}
if (obj.getHeader().getMIMEVersion() != null) {
fieldNames += "MIME_Version ";
fieldNames += "MIME_Version "; //NON-NLS
}
if (obj.getHeader().getPrecedence() != null) {
fieldNames += "Precedence ";
fieldNames += "Precedence "; //NON-NLS
}
if (obj.getHeader().getUserAgent() != null) {
fieldNames += "User_Agent ";
fieldNames += "User_Agent "; //NON-NLS
}
if (obj.getHeader().getXMailer() != null) {
fieldNames += "X_Mailer ";
fieldNames += "X_Mailer "; //NON-NLS
}
if (obj.getHeader().getXOriginatingIP() != null) {
fieldNames += "X_Originiating_IP ";
fieldNames += "X_Originiating_IP "; //NON-NLS
}
if (obj.getHeader().getXPriority() != null) {
fieldNames += "X_Priority ";
fieldNames += "X_Priority "; //NON-NLS
}
}
if (obj.getEmailServer() != null) {
fieldNames += "Email_Server ";
fieldNames += "Email_Server "; //NON-NLS
}
if (obj.getRawBody() != null) {
fieldNames += "Raw_Body ";
fieldNames += "Raw_Body "; //NON-NLS
}
if (obj.getRawHeader() != null) {
fieldNames += "Raw_Header ";
fieldNames += "Raw_Header "; //NON-NLS
}
if (obj.getAttachments() != null) {
fieldNames += "Attachments ";
fieldNames += "Attachments "; //NON-NLS
}
if (obj.getLinks() != null) {
fieldNames += "Links ";
fieldNames += "Links "; //NON-NLS
}
return fieldNames;

164
Core/src/org/sleuthkit/autopsy/modules/stix/EvalFileObj.java
View File

@ -66,7 +66,7 @@ class EvalFileObj extends EvaluatableObject {
if (obj.getSizeInBytes() != null) {
try {
String newClause = processULongObject(obj.getSizeInBytes(), "size");
String newClause = processULongObject(obj.getSizeInBytes(), "size"); //NON-NLS
whereClause = addClause(whereClause, newClause);
} catch (TskCoreException ex) {
addWarning(ex.getLocalizedMessage());
@ -75,7 +75,7 @@ class EvalFileObj extends EvaluatableObject {
if (obj.getFileName() != null) {
try {
String newClause = processStringObject(obj.getFileName(), "name");
String newClause = processStringObject(obj.getFileName(), "name"); //NON-NLS
whereClause = addClause(whereClause, newClause);
} catch (TskCoreException ex) {
addWarning(ex.getLocalizedMessage());
@ -85,18 +85,18 @@ class EvalFileObj extends EvaluatableObject {
if (obj.getFileExtension() != null) {
if ((obj.getFileExtension().getCondition() == null)
|| (obj.getFileExtension().getCondition() == ConditionTypeEnum.EQUALS)) {
String newClause = "name LIKE \'%" + obj.getFileExtension().getValue() + "\'";
String newClause = "name LIKE \'%" + obj.getFileExtension().getValue() + "\'"; //NON-NLS
whereClause = addClause(whereClause, newClause);
} else {
addWarning(
"Could not process condition " + obj.getFileExtension().getCondition().value() + " on file extension");
"Could not process condition " + obj.getFileExtension().getCondition().value() + " on file extension"); //NON-NLS
}
}
if (obj.getFilePath() != null) {
try {
String[] parts = obj.getFilePath().getValue().toString().split("##comma##");
String[] parts = obj.getFilePath().getValue().toString().split("##comma##"); //NON-NLS
String finalPathStr = "";
for (String filePath : parts) {
@ -126,13 +126,13 @@ class EvalFileObj extends EvaluatableObject {
// Reconstruct the path string (which may be multi-part)
if (!finalPathStr.isEmpty()) {
finalPathStr += "##comma##";
finalPathStr += "##comma##"; //NON-NLS
}
finalPathStr += currentFilePath;
}
String newClause = processStringObject(finalPathStr, obj.getFilePath().getCondition(),
obj.getFilePath().getApplyCondition(), "parent_path");
obj.getFilePath().getApplyCondition(), "parent_path"); //NON-NLS
whereClause = addClause(whereClause, newClause);
} catch (TskCoreException ex) {
@ -142,7 +142,7 @@ class EvalFileObj extends EvaluatableObject {
if (obj.getCreatedTime() != null) {
try {
String newClause = processTimestampObject(obj.getCreatedTime(), "crtime");
String newClause = processTimestampObject(obj.getCreatedTime(), "crtime"); //NON-NLS
whereClause = addClause(whereClause, newClause);
} catch (TskCoreException ex) {
addWarning(ex.getLocalizedMessage());
@ -151,7 +151,7 @@ class EvalFileObj extends EvaluatableObject {
if (obj.getModifiedTime() != null) {
try {
String newClause = processTimestampObject(obj.getModifiedTime(), "mtime");
String newClause = processTimestampObject(obj.getModifiedTime(), "mtime"); //NON-NLS
whereClause = addClause(whereClause, newClause);
} catch (TskCoreException ex) {
addWarning(ex.getLocalizedMessage());
@ -160,7 +160,7 @@ class EvalFileObj extends EvaluatableObject {
if (obj.getAccessedTime() != null) {
try {
String newClause = processTimestampObject(obj.getAccessedTime(), "atime");
String newClause = processTimestampObject(obj.getAccessedTime(), "atime"); //NON-NLS
whereClause = addClause(whereClause, newClause);
} catch (TskCoreException ex) {
addWarning(ex.getLocalizedMessage());
@ -170,14 +170,14 @@ class EvalFileObj extends EvaluatableObject {
if (obj.getHashes() != null) {
for (HashType h : obj.getHashes().getHashes()) {
if (h.getSimpleHashValue() != null) {
if (h.getType().getValue().equals("MD5")) {
String newClause = "md5=\'" + h.getSimpleHashValue().getValue() + "\'";
if (h.getType().getValue().equals("MD5")) { //NON-NLS
String newClause = "md5=\'" + h.getSimpleHashValue().getValue() + "\'"; //NON-NLS
whereClause = addClause(whereClause, newClause);
} else {
addWarning("Could not process hash type " + h.getType().getValue().toString());
addWarning("Could not process hash type " + h.getType().getValue().toString()); //NON-NLS
}
} else {
addWarning("Could not process non-simple hash value");
addWarning("Could not process non-simple hash value"); //NON-NLS
}
}
}
@ -192,7 +192,7 @@ class EvalFileObj extends EvaluatableObject {
String newClause = processNumericFields(result,
winExe.getHeaders().getFileHeader().getTimeDateStamp().getCondition(),
winExe.getHeaders().getFileHeader().getTimeDateStamp().getApplyCondition(),
"crtime");
"crtime"); //NON-NLS
whereClause = addClause(whereClause, newClause);
} catch (TskCoreException ex) {
addWarning(ex.getLocalizedMessage());
@ -204,7 +204,7 @@ class EvalFileObj extends EvaluatableObject {
String unsupportedFields = listUnsupportedFields();
if (!unsupportedFields.isEmpty()) {
addWarning("Unsupported fields: " + unsupportedFields);
addWarning("Unsupported fields: " + unsupportedFields); //NON-NLS
}
if (whereClause.length() > 0) {
@ -217,10 +217,10 @@ class EvalFileObj extends EvaluatableObject {
List<StixArtifactData> artData = new ArrayList<StixArtifactData>();
for (AbstractFile a : matchingFiles) {
artData.add(new StixArtifactData(a, id, "FileObject"));
artData.add(new StixArtifactData(a, id, "FileObject")); //NON-NLS
}
return new ObservableResult(id, "FileObject: Found " + matchingFiles.size() + " matches for " + whereClause + getPrintableWarnings(),
return new ObservableResult(id, "FileObject: Found " + matchingFiles.size() + " matches for " + whereClause + getPrintableWarnings(), //NON-NLS
spacing, ObservableResult.ObservableState.TRUE, artData);
} else {
@ -277,12 +277,12 @@ class EvalFileObj extends EvaluatableObject {
// passedTests = false;
//}
if (formatsFound.isEmpty()) {
addWarning("Warning: Did not match File_Format field " + obj.getFileFormat().getValue().toString()
+ " (no file formats found)");
addWarning("Warning: Did not match File_Format field " + obj.getFileFormat().getValue().toString() //NON-NLS
+ " (no file formats found)"); //NON-NLS
} else {
if (!foundMatch) {
addWarning("Warning: Did not match File_Format field " + obj.getFileFormat().getValue().toString()
+ " against " + formatsFound);
addWarning("Warning: Did not match File_Format field " + obj.getFileFormat().getValue().toString() //NON-NLS
+ " against " + formatsFound); //NON-NLS
}
}
}
@ -294,32 +294,32 @@ class EvalFileObj extends EvaluatableObject {
if (secondaryHits.isEmpty()) {
return new ObservableResult(id, "FileObject: Found " + matchingFiles.size() + " matches for " + whereClause
+ " but none for secondary tests on " + listSecondaryFields() + getPrintableWarnings(),
return new ObservableResult(id, "FileObject: Found " + matchingFiles.size() + " matches for " + whereClause //NON-NLS
+ " but none for secondary tests on " + listSecondaryFields() + getPrintableWarnings(), //NON-NLS
spacing, ObservableResult.ObservableState.FALSE, null);
} else {
List<StixArtifactData> artData = new ArrayList<StixArtifactData>();
for (AbstractFile a : secondaryHits) {
artData.add(new StixArtifactData(a, id, "FileObject"));
artData.add(new StixArtifactData(a, id, "FileObject")); //NON-NLS
}
return new ObservableResult(id, "FileObject: Found " + secondaryHits.size() + " matches for " + whereClause
+ " and secondary tests on " + listSecondaryFields() + getPrintableWarnings(),
return new ObservableResult(id, "FileObject: Found " + secondaryHits.size() + " matches for " + whereClause //NON-NLS
+ " and secondary tests on " + listSecondaryFields() + getPrintableWarnings(), //NON-NLS
spacing, ObservableResult.ObservableState.TRUE, artData);
}
}
} else {
return new ObservableResult(id, "FileObject: Found no matches for " + whereClause + getPrintableWarnings(),
return new ObservableResult(id, "FileObject: Found no matches for " + whereClause + getPrintableWarnings(), //NON-NLS
spacing, ObservableResult.ObservableState.FALSE, null);
}
} catch (TskCoreException ex) {
return new ObservableResult(id, "FileObject: Exception during evaluation: " + ex.getLocalizedMessage(),
return new ObservableResult(id, "FileObject: Exception during evaluation: " + ex.getLocalizedMessage(), //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
} else {
}
return new ObservableResult(id, "FileObject: No evaluatable fields " + getPrintableWarnings(), spacing,
return new ObservableResult(id, "FileObject: No evaluatable fields " + getPrintableWarnings(), spacing, //NON-NLS
ObservableResult.ObservableState.INDETERMINATE, null);
}
@ -333,11 +333,11 @@ class EvalFileObj extends EvaluatableObject {
String secondaryFields = "";
if (obj.isIsMasqueraded() != null) {
secondaryFields += "is_masqueraded ";
secondaryFields += "is_masqueraded "; //NON-NLS
}
if (obj.getFileFormat() != null) {
secondaryFields += "File_Format ";
secondaryFields += "File_Format "; //NON-NLS
}
return secondaryFields;
@ -352,58 +352,58 @@ class EvalFileObj extends EvaluatableObject {
String unsupportedFields = "";
if (obj.isIsPacked() != null) {
unsupportedFields += "is_packed ";
unsupportedFields += "is_packed "; //NON-NLS
}
if (obj.getDevicePath() != null) {
unsupportedFields += "Device_Path ";
unsupportedFields += "Device_Path "; //NON-NLS
}
if (obj.getFullPath() != null) {
unsupportedFields += "Full_Path ";
unsupportedFields += "Full_Path "; //NON-NLS
}
if (obj.getMagicNumber() != null) {
unsupportedFields += "Magic_Number ";
unsupportedFields += "Magic_Number "; //NON-NLS
}
if (obj.getDigitalSignatures() != null) {
unsupportedFields += "Digital_Signatures ";
unsupportedFields += "Digital_Signatures "; //NON-NLS
}
if (obj.getFileAttributesList() != null) {
unsupportedFields += "File_Attributes_List ";
unsupportedFields += "File_Attributes_List "; //NON-NLS
}
if (obj.getPermissions() != null) {
unsupportedFields += "Permissions ";
unsupportedFields += "Permissions "; //NON-NLS
}
if (obj.getUserOwner() != null) {
unsupportedFields += "User_Owner ";
unsupportedFields += "User_Owner "; //NON-NLS
}
if (obj.getPackerList() != null) {
unsupportedFields += "Packer_List ";
unsupportedFields += "Packer_List "; //NON-NLS
}
if (obj.getPeakEntropy() != null) {
unsupportedFields += "Peak_Entropy ";
unsupportedFields += "Peak_Entropy "; //NON-NLS
}
if (obj.getSymLinks() != null) {
unsupportedFields += "Sym_Links ";
unsupportedFields += "Sym_Links "; //NON-NLS
}
if (obj.getByteRuns() != null) {
unsupportedFields += "Bytes_Runs ";
unsupportedFields += "Bytes_Runs "; //NON-NLS
}
if (obj.getExtractedFeatures() != null) {
unsupportedFields += "Extracted_Features ";
unsupportedFields += "Extracted_Features "; //NON-NLS
}
if (obj.getEncryptionAlgorithm() != null) {
unsupportedFields += "Encryption_Algorithm ";
unsupportedFields += "Encryption_Algorithm "; //NON-NLS
}
if (obj.getDecryptionKey() != null) {
unsupportedFields += "Decryption_Key ";
unsupportedFields += "Decryption_Key "; //NON-NLS
}
if (obj.getCompressionMethod() != null) {
unsupportedFields += "Compression_Method ";
unsupportedFields += "Compression_Method "; //NON-NLS
}
if (obj.getCompressionVersion() != null) {
unsupportedFields += "Compression_Version ";
unsupportedFields += "Compression_Version "; //NON-NLS
}
if (obj.getCompressionComment() != null) {
unsupportedFields += "Compression_Comment ";
unsupportedFields += "Compression_Comment "; //NON-NLS
}
return unsupportedFields;
@ -417,8 +417,8 @@ class EvalFileObj extends EvaluatableObject {
* @throws ParseException
*/
private static long convertTimestamp(String timeStr) throws ParseException {
SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
dateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); //NON-NLS
dateFormat.setTimeZone(TimeZone.getTimeZone("GMT")); //NON-NLS
Date parsedDate = dateFormat.parse(timeStr);
Long unixTime = parsedDate.getTime() / 1000;
@ -463,10 +463,10 @@ class EvalFileObj extends EvaluatableObject {
String fullClause = "";
if (valueStr.isEmpty()) {
throw new TskCoreException("Empty value field");
throw new TskCoreException("Empty value field"); //NON-NLS
}
String[] parts = valueStr.split("##comma##");
String[] parts = valueStr.split("##comma##"); //NON-NLS
for (String valuePart : parts) {
String partialClause;
@ -486,7 +486,7 @@ class EvalFileObj extends EvaluatableObject {
} else if (typeCondition == ConditionTypeEnum.LESS_THAN_OR_EQUAL) {
partialClause = fieldName + "<=" + valuePart;
} else {
throw new TskCoreException("Could not process condition " + typeCondition.value() + " on " + fieldName);
throw new TskCoreException("Could not process condition " + typeCondition.value() + " on " + fieldName); //NON-NLS
}
if (fullClause.isEmpty()) {
@ -495,16 +495,16 @@ class EvalFileObj extends EvaluatableObject {
fullClause += "( ";
}
if (applyCondition == ConditionApplicationEnum.NONE) {
fullClause += " NOT ";
fullClause += " NOT "; //NON-NLS
}
fullClause += partialClause;
} else {
if (applyCondition == ConditionApplicationEnum.ALL) {
fullClause += " AND " + partialClause;
fullClause += " AND " + partialClause; //NON-NLS
} else if (applyCondition == ConditionApplicationEnum.NONE) {
fullClause += " AND NOT " + partialClause;
fullClause += " AND NOT " + partialClause; //NON-NLS
} else {
fullClause += " OR " + partialClause;
fullClause += " OR " + partialClause; //NON-NLS
}
}
}
@ -517,19 +517,19 @@ class EvalFileObj extends EvaluatableObject {
} else {
// I don't think apply conditions make sense for these two.
if (typeCondition == ConditionTypeEnum.INCLUSIVE_BETWEEN) {
String[] parts = valueStr.split("##comma##");
String[] parts = valueStr.split("##comma##"); //NON-NLS
if (parts.length != 2) {
throw new TskCoreException("Unexpected number of arguments in INCLUSIVE_BETWEEN on " + fieldName
throw new TskCoreException("Unexpected number of arguments in INCLUSIVE_BETWEEN on " + fieldName //NON-NLS
+ "(" + valueStr + ")");
}
return (fieldName + ">=" + parts[0] + " AND " + fieldName + "<=" + parts[1]);
return (fieldName + ">=" + parts[0] + " AND " + fieldName + "<=" + parts[1]); //NON-NLS
} else {
String[] parts = valueStr.split("##comma##");
String[] parts = valueStr.split("##comma##"); //NON-NLS
if (parts.length != 2) {
throw new TskCoreException("Unexpected number of arguments in EXCLUSIVE_BETWEEN on " + fieldName
throw new TskCoreException("Unexpected number of arguments in EXCLUSIVE_BETWEEN on " + fieldName //NON-NLS
+ "(" + valueStr + ")");
}
return (fieldName + ">" + parts[0] + " AND " + fieldName + "<" + parts[1]);
return (fieldName + ">" + parts[0] + " AND " + fieldName + "<" + parts[1]); //NON-NLS
}
}
}
@ -564,13 +564,13 @@ class EvalFileObj extends EvaluatableObject {
throws TskCoreException {
String fullClause = "";
String lowerFieldName = "lower(" + fieldName + ")";
String lowerFieldName = "lower(" + fieldName + ")"; //NON-NLS
if (valueStr.isEmpty()) {
throw new TskCoreException("Empty value field");
throw new TskCoreException("Empty value field"); //NON-NLS
}
String[] parts = valueStr.split("##comma##");
String[] parts = valueStr.split("##comma##"); //NON-NLS
for (String value : parts) {
String lowerValue = value.toLowerCase();
@ -581,15 +581,15 @@ class EvalFileObj extends EvaluatableObject {
} else if (condition == ConditionTypeEnum.DOES_NOT_EQUAL) {
partialClause = lowerFieldName + " !=\'%" + lowerValue + "%\'";
} else if (condition == ConditionTypeEnum.CONTAINS) {
partialClause = lowerFieldName + " LIKE \'%" + lowerValue + "%\'";
partialClause = lowerFieldName + " LIKE \'%" + lowerValue + "%\'"; //NON-NLS
} else if (condition == ConditionTypeEnum.DOES_NOT_CONTAIN) {
partialClause = lowerFieldName + " NOT LIKE \'%" + lowerValue + "%\'";
partialClause = lowerFieldName + " NOT LIKE \'%" + lowerValue + "%\'"; //NON-NLS
} else if (condition == ConditionTypeEnum.STARTS_WITH) {
partialClause = lowerFieldName + " LIKE \'" + lowerValue + "%\'";
partialClause = lowerFieldName + " LIKE \'" + lowerValue + "%\'"; //NON-NLS
} else if (condition == ConditionTypeEnum.ENDS_WITH) {
partialClause = lowerFieldName + " LIKE \'%" + lowerValue + "\'";
partialClause = lowerFieldName + " LIKE \'%" + lowerValue + "\'"; //NON-NLS
} else {
throw new TskCoreException("Could not process condition " + condition.value() + " on " + fieldName);
throw new TskCoreException("Could not process condition " + condition.value() + " on " + fieldName); //NON-NLS
}
if (fullClause.isEmpty()) {
@ -598,16 +598,16 @@ class EvalFileObj extends EvaluatableObject {
fullClause += "( ";
}
if (applyCondition == ConditionApplicationEnum.NONE) {
fullClause += " NOT ";
fullClause += " NOT "; //NON-NLS
}
fullClause += partialClause;
} else {
if (applyCondition == ConditionApplicationEnum.ALL) {
fullClause += " AND " + partialClause;
fullClause += " AND " + partialClause; //NON-NLS
} else if (applyCondition == ConditionApplicationEnum.NONE) {
fullClause += " AND NOT " + partialClause;
fullClause += " AND NOT " + partialClause; //NON-NLS
} else {
fullClause += " OR " + partialClause;
fullClause += " OR " + partialClause; //NON-NLS
}
}
}
@ -638,7 +638,7 @@ class EvalFileObj extends EvaluatableObject {
return processNumericFields(result, dateObj.getCondition(), dateObj.getApplyCondition(), fieldName);
} else {
throw new TskCoreException("Found non DATE_TIME field on " + fieldName);
throw new TskCoreException("Found non DATE_TIME field on " + fieldName); //NON-NLS
}
}
@ -655,17 +655,17 @@ class EvalFileObj extends EvaluatableObject {
try {
String result = "";
if (timestampStr.length() > 0) {
String[] parts = timestampStr.split("##comma##");
String[] parts = timestampStr.split("##comma##"); //NON-NLS
for (int i = 0; i < parts.length - 1; i++) {
long unixTime = convertTimestamp(parts[i]);
result += unixTime + "##comma##";
result += unixTime + "##comma##"; //NON-NLS
}
result += convertTimestamp(parts[parts.length - 1]);
}
return result;
} catch (java.text.ParseException ex) {
throw new TskCoreException("Error parsing timestamp string " + timestampStr);
throw new TskCoreException("Error parsing timestamp string " + timestampStr); //NON-NLS
}
}
@ -683,7 +683,7 @@ class EvalFileObj extends EvaluatableObject {
return a_newClause;
}
return (a_clause + " AND " + a_newClause);
return (a_clause + " AND " + a_newClause); //NON-NLS
}
}

32
Core/src/org/sleuthkit/autopsy/modules/stix/EvalNetworkShareObj.java
View File

@ -49,35 +49,35 @@ class EvalNetworkShareObj extends EvaluatableObject {
setWarnings("");
if ((obj.getNetname() == null) && (obj.getLocalPath() == null)) {
return new ObservableResult(id, "NetworkShareObjet: No remote name or local path found",
return new ObservableResult(id, "NetworkShareObjet: No remote name or local path found", //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
// For displaying what we were looking for in the results
String searchString = "";
if (obj.getNetname() != null) {
searchString += "Netname \"" + obj.getNetname().getValue() + "\"";
searchString += "Netname \"" + obj.getNetname().getValue() + "\""; //NON-NLS
// The apply conditions ALL or NONE probably won't work correctly. Neither seems
// all that likely to come up in practice, so just give a warning.
if ((obj.getNetname().getApplyCondition() != null)
&& (obj.getNetname().getApplyCondition() != ConditionApplicationEnum.ANY)) {
addWarning("Apply condition " + obj.getNetname().getApplyCondition().value()
+ " may not work correctly");
addWarning("Apply condition " + obj.getNetname().getApplyCondition().value() //NON-NLS
+ " may not work correctly"); //NON-NLS
}
}
if (obj.getLocalPath() != null) {
if (!searchString.isEmpty()) {
searchString += " and ";
searchString += " and "; //NON-NLS
}
searchString += "LocalPath \"" + obj.getLocalPath().getValue() + "\"";
searchString += "LocalPath \"" + obj.getLocalPath().getValue() + "\""; //NON-NLS
// Same as above - the apply conditions ALL or NONE probably won't work correctly. Neither seems
// all that likely to come up in practice, so just give a warning.
if ((obj.getLocalPath().getApplyCondition() != null)
&& (obj.getLocalPath().getApplyCondition() != ConditionApplicationEnum.ANY)) {
addWarning("Apply condition " + obj.getLocalPath().getApplyCondition().value()
+ " may not work correctly");
addWarning("Apply condition " + obj.getLocalPath().getApplyCondition().value() //NON-NLS
+ " may not work correctly"); //NON-NLS
}
}
@ -119,17 +119,17 @@ class EvalNetworkShareObj extends EvaluatableObject {
if (!finalHits.isEmpty()) {
List<StixArtifactData> artData = new ArrayList<StixArtifactData>();
for (BlackboardArtifact a : finalHits) {
artData.add(new StixArtifactData(a.getObjectID(), id, "NetworkShare"));
artData.add(new StixArtifactData(a.getObjectID(), id, "NetworkShare")); //NON-NLS
}
return new ObservableResult(id, "NetworkShareObject: Found a match for " + searchString,
return new ObservableResult(id, "NetworkShareObject: Found a match for " + searchString, //NON-NLS
spacing, ObservableResult.ObservableState.TRUE, artData);
}
// Didn't find any matches
return new ObservableResult(id, "NetworkObject: No matches found for " + searchString,
return new ObservableResult(id, "NetworkObject: No matches found for " + searchString, //NON-NLS
spacing, ObservableResult.ObservableState.FALSE, null);
} catch (TskCoreException ex) {
return new ObservableResult(id, "NetworkObject: Exception during evaluation: " + ex.getLocalizedMessage(),
return new ObservableResult(id, "NetworkObject: Exception during evaluation: " + ex.getLocalizedMessage(), //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
}
@ -138,13 +138,13 @@ class EvalNetworkShareObj extends EvaluatableObject {
List<String> fieldNames = new ArrayList<String>();
if (obj.getCurrentUses() != null) {
fieldNames.add("Current_Uses");
fieldNames.add("Current_Uses"); //NON-NLS
}
if (obj.getMaxUses() != null) {
fieldNames.add("Max_Uses");
fieldNames.add("Max_Uses"); //NON-NLS
}
if (obj.getType() != null) {
fieldNames.add("Type");
fieldNames.add("Type"); //NON-NLS
}
String warningStr = "";
@ -155,7 +155,7 @@ class EvalNetworkShareObj extends EvaluatableObject {
warningStr += name;
}
addWarning("Unsupported field(s): " + warningStr);
addWarning("Unsupported field(s): " + warningStr); //NON-NLS
}
}

66
Core/src/org/sleuthkit/autopsy/modules/stix/EvalRegistryObj.java
View File

@ -64,15 +64,15 @@ class EvalRegistryObj extends EvaluatableObject {
// Key name is required
if (obj.getKey() == null) {
return new ObservableResult(id, "RegistryObject: No key found",
return new ObservableResult(id, "RegistryObject: No key found", //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
// For now, only support a full string match
if (!((obj.getKey().getCondition() == null)
|| (obj.getKey().getCondition() == ConditionTypeEnum.EQUALS))) {
return new ObservableResult(id, "RegistryObject: Can not support condition " + obj.getKey().getCondition()
+ " on Key field",
return new ObservableResult(id, "RegistryObject: Can not support condition " + obj.getKey().getCondition() //NON-NLS
+ " on Key field", //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
@ -83,7 +83,7 @@ class EvalRegistryObj extends EvaluatableObject {
if (obj.getHive() == null) {
// If the hive field is missing, add everything
hiveList.addAll(regFiles);
} else if (obj.getHive().getValue().toString().startsWith("HKEY")) {
} else if (obj.getHive().getValue().toString().startsWith("HKEY")) { //NON-NLS
// If the hive name is HKEY_LOCAL_MACHINE, add the ones from the config directory.
// Otherwise, add the others
for (RegistryFileInfo regFile : regFiles) {
@ -92,12 +92,12 @@ class EvalRegistryObj extends EvaluatableObject {
Matcher matcher = pattern.matcher(regFile.abstractFile.getParentPath());
if (matcher.find()) {
// Looking for system files and found one, so add it to the list
if (obj.getHive().getValue().toString().equalsIgnoreCase("HKEY_LOCAL_MACHINE")) {
if (obj.getHive().getValue().toString().equalsIgnoreCase("HKEY_LOCAL_MACHINE")) { //NON-NLS
hiveList.add(regFile);
}
} else {
// Looking for non-system files and found one, so add it to the list
if (!obj.getHive().getValue().toString().equalsIgnoreCase("HKEY_LOCAL_MACHINE")) {
if (!obj.getHive().getValue().toString().equalsIgnoreCase("HKEY_LOCAL_MACHINE")) { //NON-NLS
hiveList.add(regFile);
}
}
@ -125,7 +125,7 @@ class EvalRegistryObj extends EvaluatableObject {
// This is unlikely to happen unless we have no registry files to test against
if (hiveList.isEmpty()) {
return new ObservableResult(id, "RegistryObject: No matching registry hives found",
return new ObservableResult(id, "RegistryObject: No matching registry hives found", //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
@ -139,16 +139,16 @@ class EvalRegistryObj extends EvaluatableObject {
// The registry parser seems to throw lots of different types of exceptions,
// so make sure to catch them all by this point. Malformed registry files
// in particular cause problems.
addWarning("Error processing registry file " + hive);
addWarning("Error processing registry file " + hive); //NON-NLS
}
}
if (obj.getHive() == null) {
return new ObservableResult(id, "RegistryObject: Could not find key " + obj.getKey().getValue(),
return new ObservableResult(id, "RegistryObject: Could not find key " + obj.getKey().getValue(), //NON-NLS
spacing, ObservableResult.ObservableState.FALSE, null);
}
return new ObservableResult(id, "RegistryObject: Could not find key " + obj.getKey().getValue()
+ " in hive " + obj.getHive().getValue(),
return new ObservableResult(id, "RegistryObject: Could not find key " + obj.getKey().getValue() //NON-NLS
+ " in hive " + obj.getHive().getValue(), //NON-NLS
spacing, ObservableResult.ObservableState.FALSE, null);
}
@ -170,7 +170,7 @@ class EvalRegistryObj extends EvaluatableObject {
// hive file name is here). This should only happen if the hive name started
// with "HKEY"
if((obj.getHive() != null)
&& obj.getHive().getValue().toString().startsWith("HKEY")){
&& obj.getHive().getValue().toString().startsWith("HKEY")){ //NON-NLS
String[] parts = obj.getKey().getValue().toString().split("\\\\");
String newKey = "";
for (int i = 1; i < parts.length; i++) {
@ -183,7 +183,7 @@ class EvalRegistryObj extends EvaluatableObject {
}
if (result == null) {
return new ObservableResult(id, "RegistryObject: Could not find key " + obj.getKey().getValue(),
return new ObservableResult(id, "RegistryObject: Could not find key " + obj.getKey().getValue(), //NON-NLS
spacing, ObservableResult.ObservableState.FALSE, null);
}
}
@ -191,8 +191,8 @@ class EvalRegistryObj extends EvaluatableObject {
if ((obj.getValues() == null) || (obj.getValues().getValues().isEmpty())) {
// No values to test
List<StixArtifactData> artData = new ArrayList<StixArtifactData>();
artData.add(new StixArtifactData(a_regInfo.abstractFile.getId(), id, "Registry"));
return new ObservableResult(id, "RegistryObject: Found key " + obj.getKey().getValue(),
artData.add(new StixArtifactData(a_regInfo.abstractFile.getId(), id, "Registry")); //NON-NLS
return new ObservableResult(id, "RegistryObject: Found key " + obj.getKey().getValue(), //NON-NLS
spacing, ObservableResult.ObservableState.TRUE, artData);
}
@ -261,25 +261,25 @@ class EvalRegistryObj extends EvaluatableObject {
if (nameSuccess && valueSuccess) {
// Found a match for all values
List<StixArtifactData> artData = new ArrayList<StixArtifactData>();
artData.add(new StixArtifactData(a_regInfo.abstractFile.getId(), id, "Registry"));
return new ObservableResult(id, "RegistryObject: Found key " + obj.getKey().getValue()
+ " and value " + stixRegValue.getName().getValue().toString()
artData.add(new StixArtifactData(a_regInfo.abstractFile.getId(), id, "Registry")); //NON-NLS
return new ObservableResult(id, "RegistryObject: Found key " + obj.getKey().getValue() //NON-NLS
+ " and value " + stixRegValue.getName().getValue().toString() //NON-NLS
+ " = " + stixRegValue.getData().getValue().toString(),
spacing, ObservableResult.ObservableState.TRUE, artData);
}
}
} catch (Exception ex) {
// Broad catch here becase the registry parser can create all kinds of exceptions beyond what it reports.
return new ObservableResult(id, "RegistryObject: Exception during evaluation: " + ex.getLocalizedMessage(),
return new ObservableResult(id, "RegistryObject: Exception during evaluation: " + ex.getLocalizedMessage(), //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
}
} catch (TskCoreException ex) {
return new ObservableResult(id, "RegistryObject: Exception during evaluation: " + ex.getLocalizedMessage(),
return new ObservableResult(id, "RegistryObject: Exception during evaluation: " + ex.getLocalizedMessage(), //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
return new ObservableResult(id, "RegistryObject: Not done",
return new ObservableResult(id, "RegistryObject: Not done", //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
@ -290,9 +290,9 @@ class EvalRegistryObj extends EvaluatableObject {
RegistryKey root = regFile.getRoot();
return root;
} catch (IOException ex) {
throw new TskCoreException("Error opening registry file - " + ex.getLocalizedMessage());
throw new TskCoreException("Error opening registry file - " + ex.getLocalizedMessage()); //NON-NLS
} catch (RegistryParseException ex) {
throw new TskCoreException("Error opening root node of registry - " + ex.getLocalizedMessage());
throw new TskCoreException("Error opening root node of registry - " + ex.getLocalizedMessage()); //NON-NLS
}
}
@ -356,7 +356,7 @@ class EvalRegistryObj extends EvaluatableObject {
File regFileNameLocalFile = new File(regFileNameLocal);
try {
// Don't save any unallocated versions
if (regFile.getMetaFlagsAsString().contains("Allocated")) {
if (regFile.getMetaFlagsAsString().contains("Allocated")) { //NON-NLS
ContentUtils.writeToFile(regFile, regFileNameLocalFile);
regFilesLocal.add(new EvalRegistryObj().new RegistryFileInfo(regFile, regFileNameLocal));
}
@ -388,7 +388,7 @@ class EvalRegistryObj extends EvaluatableObject {
List<AbstractFile> allRegistryFiles = fileManager.findFiles(ds, regFileName, "/system32/config"); //NON-NLS
for (AbstractFile regFile : allRegistryFiles) {
// Don't want anything from regback
if (!regFile.getParentPath().contains("RegBack")) {
if (!regFile.getParentPath().contains("RegBack")) { //NON-NLS
registryFiles.add(regFile);
}
}
@ -402,25 +402,25 @@ class EvalRegistryObj extends EvaluatableObject {
List<String> fieldNames = new ArrayList<String>();
if (obj.getNumberValues() != null) {
fieldNames.add("Number_Values");
fieldNames.add("Number_Values"); //NON-NLS
}
if (obj.getModifiedTime() != null) {
fieldNames.add("Modified_Time");
fieldNames.add("Modified_Time"); //NON-NLS
}
if (obj.getCreatorUsername() != null) {
fieldNames.add("Creator_Username");
fieldNames.add("Creator_Username"); //NON-NLS
}
if (obj.getHandleList() != null) {
fieldNames.add("Handle_List");
fieldNames.add("Handle_List"); //NON-NLS
}
if (obj.getNumberSubkeys() != null) {
fieldNames.add("Number_Subkeys");
fieldNames.add("Number_Subkeys"); //NON-NLS
}
if (obj.getSubkeys() != null) {
fieldNames.add("Subkeys");
fieldNames.add("Subkeys"); //NON-NLS
}
if (obj.getByteRuns() != null) {
fieldNames.add("Byte_Runs");
fieldNames.add("Byte_Runs"); //NON-NLS
}
String warningStr = "";
@ -431,7 +431,7 @@ class EvalRegistryObj extends EvaluatableObject {
warningStr += name;
}
addWarning("Unsupported field(s): " + warningStr);
addWarning("Unsupported field(s): " + warningStr); //NON-NLS
}
/**

80
Core/src/org/sleuthkit/autopsy/modules/stix/EvalSystemObj.java
View File

@ -66,14 +66,14 @@ class EvalSystemObj extends EvaluatableObject {
if (obj.getHostname() != null) {
haveHostname = true;
searchString = "Hostname \"" + obj.getHostname().getValue().toString() + "\"";
searchString = "Hostname \"" + obj.getHostname().getValue().toString() + "\""; //NON-NLS
}
if(obj.getProcessorArchitecture() != null){
haveProcArch = true;
if(! searchString.isEmpty()){
searchString += " and ";
searchString += " and "; //NON-NLS
}
searchString += "Processor architecture \"" + obj.getProcessorArchitecture().getValue().toString() + "\"";
searchString += "Processor architecture \"" + obj.getProcessorArchitecture().getValue().toString() + "\""; //NON-NLS
}
WindowsSystem winSysObj = null;
@ -83,44 +83,44 @@ class EvalSystemObj extends EvaluatableObject {
if (winSysObj.getProductID() != null) {
haveProductID = true;
if (!searchString.isEmpty()) {
searchString += " and ";
searchString += " and "; //NON-NLS
}
searchString += "Product ID \"" + winSysObj.getProductID().getValue().toString() + "\"";
searchString += "Product ID \"" + winSysObj.getProductID().getValue().toString() + "\""; //NON-NLS
}
if (winSysObj.getProductName() != null) {
haveProductName = true;
if (!searchString.isEmpty()) {
searchString += " and ";
searchString += " and "; //NON-NLS
}
searchString += "Product Name \"" + winSysObj.getProductName().getValue().toString() + "\"";
searchString += "Product Name \"" + winSysObj.getProductName().getValue().toString() + "\""; //NON-NLS
}
if (winSysObj.getRegisteredOrganization() != null) {
haveOrganization = true;
if (!searchString.isEmpty()) {
searchString += " and ";
searchString += " and "; //NON-NLS
}
searchString += "Registered Org \"" + winSysObj.getRegisteredOrganization().getValue().toString() + "\"";
searchString += "Registered Org \"" + winSysObj.getRegisteredOrganization().getValue().toString() + "\""; //NON-NLS
}
if (winSysObj.getRegisteredOwner() != null) {
haveOwner = true;
if (!searchString.isEmpty()) {
searchString += " and ";
searchString += " and "; //NON-NLS
}
searchString += "Registered Owner \"" + winSysObj.getRegisteredOwner().getValue().toString() + "\"";
searchString += "Registered Owner \"" + winSysObj.getRegisteredOwner().getValue().toString() + "\""; //NON-NLS
}
if (winSysObj.getWindowsSystemDirectory() != null) {
haveSystemRoot = true;
if (!searchString.isEmpty()) {
searchString += " and ";
searchString += " and "; //NON-NLS
}
searchString += "System root \"" + winSysObj.getWindowsSystemDirectory().getValue().toString() + "\"";
searchString += "System root \"" + winSysObj.getWindowsSystemDirectory().getValue().toString() + "\""; //NON-NLS
}
if (winSysObj.getWindowsTempDirectory() != null) {
haveTempDir = true;
if (!searchString.isEmpty()) {
searchString += " and ";
searchString += " and "; //NON-NLS
}
searchString += "Temp dir \"" + winSysObj.getWindowsTempDirectory().getValue().toString() + "\"";
searchString += "Temp dir \"" + winSysObj.getWindowsTempDirectory().getValue().toString() + "\""; //NON-NLS
}
}
@ -128,7 +128,7 @@ class EvalSystemObj extends EvaluatableObject {
if (!(haveHostname || haveProcArch
|| haveTempDir || haveProductName || haveSystemRoot || haveProductID
|| haveOwner || haveOrganization)) {
return new ObservableResult(id, "SystemObject: No evaluatable fields found",
return new ObservableResult(id, "SystemObject: No evaluatable fields found", //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
@ -204,21 +204,21 @@ class EvalSystemObj extends EvaluatableObject {
if (!finalHits.isEmpty()) {
List<StixArtifactData> artData = new ArrayList<StixArtifactData>();
for (BlackboardArtifact a : finalHits) {
artData.add(new StixArtifactData(a.getObjectID(), id, "System"));
artData.add(new StixArtifactData(a.getObjectID(), id, "System")); //NON-NLS
}
return new ObservableResult(id, "SystemObject: Found a match for " + searchString,
return new ObservableResult(id, "SystemObject: Found a match for " + searchString, //NON-NLS
spacing, ObservableResult.ObservableState.TRUE, artData);
}
// Didn't find any matches
return new ObservableResult(id, "SystemObject: No matches found for " + searchString,
return new ObservableResult(id, "SystemObject: No matches found for " + searchString, //NON-NLS
spacing, ObservableResult.ObservableState.FALSE, null);
} else {
return new ObservableResult(id, "SystemObject: No OS artifacts found",
return new ObservableResult(id, "SystemObject: No OS artifacts found", //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
} catch (TskCoreException ex) {
return new ObservableResult(id, "SystemObject: Exception during evaluation: " + ex.getLocalizedMessage(),
return new ObservableResult(id, "SystemObject: Exception during evaluation: " + ex.getLocalizedMessage(), //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
}
@ -230,62 +230,62 @@ class EvalSystemObj extends EvaluatableObject {
List<String> fieldNames = new ArrayList<String>();
if (obj.getAvailablePhysicalMemory() != null) {
fieldNames.add("Available_Physical_Memory");
fieldNames.add("Available_Physical_Memory"); //NON-NLS
}
if (obj.getBIOSInfo() != null) {
fieldNames.add("BIOS_Info");
fieldNames.add("BIOS_Info"); //NON-NLS
}
if (obj.getDate() != null) {
fieldNames.add("Date");
fieldNames.add("Date"); //NON-NLS
}
if (obj.getLocalTime() != null) {
fieldNames.add("Local_Time");
fieldNames.add("Local_Time"); //NON-NLS
}
if (obj.getNetworkInterfaceList() != null) {
fieldNames.add("Network_Interface_List");
fieldNames.add("Network_Interface_List"); //NON-NLS
}
if (obj.getOS() != null) {
fieldNames.add("OS");
fieldNames.add("OS"); //NON-NLS
}
if(obj.getProcessor() != null){
fieldNames.add("Processor");
fieldNames.add("Processor"); //NON-NLS
}
if (obj.getSystemTime() != null) {
fieldNames.add("System_Time");
fieldNames.add("System_Time"); //NON-NLS
}
if (obj.getTimezoneDST() != null) {
fieldNames.add("Timezone_DST");
fieldNames.add("Timezone_DST"); //NON-NLS
}
if (obj.getTimezoneStandard() != null) {
fieldNames.add("Timezone_Standard");
fieldNames.add("Timezone_Standard"); //NON-NLS
}
if (obj.getTotalPhysicalMemory() != null) {
fieldNames.add("Total_Physical_Memory");
fieldNames.add("Total_Physical_Memory"); //NON-NLS
}
if (obj.getUptime() != null) {
fieldNames.add("Uptime");
fieldNames.add("Uptime"); //NON-NLS
}
if (obj.getUsername() != null) {
fieldNames.add("Username");
fieldNames.add("Username"); //NON-NLS
}
if (obj instanceof WindowsSystem) {
WindowsSystem winSysObj = (WindowsSystem) obj;
if (winSysObj.getDomains() != null) {
fieldNames.add("Domain");
fieldNames.add("Domain"); //NON-NLS
}
if (winSysObj.getGlobalFlagList() != null) {
fieldNames.add("Global_Flag_List");
fieldNames.add("Global_Flag_List"); //NON-NLS
}
if (winSysObj.getNetBIOSName() != null) {
fieldNames.add("NetBIOS_Name");
fieldNames.add("NetBIOS_Name"); //NON-NLS
}
if (winSysObj.getOpenHandleList() != null) {
fieldNames.add("Open_Handle_List");
fieldNames.add("Open_Handle_List"); //NON-NLS
}
if (winSysObj.getWindowsDirectory() != null) {
fieldNames.add("Windows_Directory");
fieldNames.add("Windows_Directory"); //NON-NLS
}
}
@ -297,6 +297,6 @@ class EvalSystemObj extends EvaluatableObject {
warningStr += name;
}
addWarning("Unsupported field(s): " + warningStr);
addWarning("Unsupported field(s): " + warningStr); //NON-NLS
}
}

18
Core/src/org/sleuthkit/autopsy/modules/stix/EvalURIObj.java
View File

@ -49,20 +49,20 @@ class EvalURIObj extends EvaluatableObject {
setWarnings("");
if (obj.getValue() == null) {
return new ObservableResult(id, "URIObject: No URI value field found",
return new ObservableResult(id, "URIObject: No URI value field found", //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
String addressStr = obj.getValue().getValue().toString();
// Strip off http:// or https://
String modifiedAddressStr = addressStr.toLowerCase();
modifiedAddressStr = modifiedAddressStr.replaceAll("http(s)?://", "");
modifiedAddressStr = modifiedAddressStr.replaceAll("http(s)?://", ""); //NON-NLS
// Since we have single URL artifacts, ALL and NONE conditions probably don't make sense to test
if (!((obj.getValue().getApplyCondition() == null)
|| (obj.getValue().getApplyCondition() == ConditionApplicationEnum.ANY))) {
return new ObservableResult(id, "URIObject: Can not process apply condition " + obj.getValue().getApplyCondition().toString()
+ " on URI object", spacing, ObservableResult.ObservableState.INDETERMINATE, null);
return new ObservableResult(id, "URIObject: Can not process apply condition " + obj.getValue().getApplyCondition().toString() //NON-NLS
+ " on URI object", spacing, ObservableResult.ObservableState.INDETERMINATE, null); //NON-NLS
}
Case case1 = Case.getCurrentCase();
@ -115,7 +115,7 @@ class EvalURIObj extends EvaluatableObject {
String modifiedAttrString = attr.getValueString();
if (modifiedAttrString != null) {
modifiedAttrString = modifiedAttrString.toLowerCase();
modifiedAttrString = modifiedAttrString.replaceAll("http(s)?://", "");
modifiedAttrString = modifiedAttrString.replaceAll("http(s)?://", ""); //NON-NLS
}
if (compareStringObject(modifiedAddressStr, obj.getValue().getCondition(),
@ -129,18 +129,18 @@ class EvalURIObj extends EvaluatableObject {
if (!finalHits.isEmpty()) {
List<StixArtifactData> artData = new ArrayList<StixArtifactData>();
for (BlackboardArtifact a : finalHits) {
artData.add(new StixArtifactData(a.getObjectID(), id, "UriObject"));
artData.add(new StixArtifactData(a.getObjectID(), id, "UriObject")); //NON-NLS
}
return new ObservableResult(id, "UriObject: Found a match for " + addressStr,
return new ObservableResult(id, "UriObject: Found a match for " + addressStr, //NON-NLS
spacing, ObservableResult.ObservableState.TRUE, artData);
}
return new ObservableResult(id, "URIObject: Found no matches for " + addressStr,
return new ObservableResult(id, "URIObject: Found no matches for " + addressStr, //NON-NLS
spacing, ObservableResult.ObservableState.FALSE, null);
/*}*/
} catch (TskCoreException ex) {
return new ObservableResult(id, "URIObject: Exception during evaluation: " + ex.getLocalizedMessage(),
return new ObservableResult(id, "URIObject: Exception during evaluation: " + ex.getLocalizedMessage(), //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}

64
Core/src/org/sleuthkit/autopsy/modules/stix/EvalURLHistoryObj.java
View File

@ -50,7 +50,7 @@ class EvalURLHistoryObj extends EvaluatableObject {
setWarnings("");
if ((obj.getBrowserInformation() == null) && (obj.getURLHistoryEntries() == null)) {
return new ObservableResult(id, "URLHistoryObject: No browser info or history entries found",
return new ObservableResult(id, "URLHistoryObject: No browser info or history entries found", //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
@ -64,7 +64,7 @@ class EvalURLHistoryObj extends EvaluatableObject {
if (obj.getBrowserInformation().getName() != null) {
haveBrowserName = true;
}
baseSearchString = "Browser \"" + obj.getBrowserInformation().getName() + "\"";
baseSearchString = "Browser \"" + obj.getBrowserInformation().getName() + "\""; //NON-NLS
}
// Matching artifacts
@ -89,41 +89,41 @@ class EvalURLHistoryObj extends EvaluatableObject {
if ((entry.getURL() != null) && (entry.getURL().getValue() != null)) {
haveURL = true;
if (!searchString.isEmpty()) {
searchString += " and ";
searchString += " and "; //NON-NLS
}
searchString += "URL \"" + entry.getURL().getValue().getValue() + "\"";
searchString += "URL \"" + entry.getURL().getValue().getValue() + "\""; //NON-NLS
}
if ((entry.getReferrerURL() != null) && (entry.getReferrerURL().getValue() != null)) {
haveReferrer = true;
if (!searchString.isEmpty()) {
searchString += " and ";
searchString += " and "; //NON-NLS
}
searchString += "Referrer \"" + entry.getReferrerURL().getValue().getValue() + "\"";
searchString += "Referrer \"" + entry.getReferrerURL().getValue().getValue() + "\""; //NON-NLS
}
if (entry.getUserProfileName() != null) {
haveUserProfile = true;
if (!searchString.isEmpty()) {
searchString += " and ";
searchString += " and "; //NON-NLS
}
searchString += "UserProfile \"" + entry.getUserProfileName().getValue() + "\"";
searchString += "UserProfile \"" + entry.getUserProfileName().getValue() + "\""; //NON-NLS
}
if (entry.getPageTitle() != null) {
havePageTitle = true;
if (!searchString.isEmpty()) {
searchString += " and ";
searchString += " and "; //NON-NLS
}
searchString += "Page title \"" + entry.getPageTitle().getValue() + "\"";
searchString += "Page title \"" + entry.getPageTitle().getValue() + "\""; //NON-NLS
}
if ((entry.getHostname() != null) && (entry.getHostname().getHostnameValue() != null)) {
haveHostname = true;
if (!searchString.isEmpty()) {
searchString += " and ";
searchString += " and "; //NON-NLS
}
searchString += "Hostname \"" + entry.getHostname().getHostnameValue().getValue() + "\"";
searchString += "Hostname \"" + entry.getHostname().getHostnameValue().getValue() + "\""; //NON-NLS
}
if (!finalResultsStr.isEmpty()) {
@ -133,7 +133,7 @@ class EvalURLHistoryObj extends EvaluatableObject {
if (!(haveURL || haveHostname || haveReferrer
|| havePageTitle || haveUserProfile || haveBrowserName)) {
return new ObservableResult(id, "URLHistoryObject: No evaluatable fields found",
return new ObservableResult(id, "URLHistoryObject: No evaluatable fields found", //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
@ -160,7 +160,7 @@ class EvalURLHistoryObj extends EvaluatableObject {
entry.getURL().getValue().getApplyCondition(),
attr.getValueString());
} else {
addWarning("Non-AnyURIObjectPropertyType found in URL value field");
addWarning("Non-AnyURIObjectPropertyType found in URL value field"); //NON-NLS
}
}
if ((attr.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID())
@ -176,7 +176,7 @@ class EvalURLHistoryObj extends EvaluatableObject {
entry.getURL().getValue().getApplyCondition(),
attr.getValueString());
} else {
addWarning("Non-AnyURIObjectPropertyType found in URL value field");
addWarning("Non-AnyURIObjectPropertyType found in URL value field"); //NON-NLS
}
}
if ((attr.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE.getTypeID())
@ -208,7 +208,7 @@ class EvalURLHistoryObj extends EvaluatableObject {
}
} catch (TskCoreException ex) {
return new ObservableResult(id, "URLHistoryObject: Exception during evaluation: " + ex.getLocalizedMessage(),
return new ObservableResult(id, "URLHistoryObject: Exception during evaluation: " + ex.getLocalizedMessage(), //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
@ -217,14 +217,14 @@ class EvalURLHistoryObj extends EvaluatableObject {
if (!finalHits.isEmpty()) {
List<StixArtifactData> artData = new ArrayList<StixArtifactData>();
for (BlackboardArtifact a : finalHits) {
artData.add(new StixArtifactData(a.getObjectID(), id, "URLHistory"));
artData.add(new StixArtifactData(a.getObjectID(), id, "URLHistory")); //NON-NLS
}
return new ObservableResult(id, "URLHistoryObject: Found at least one match for " + finalResultsStr,
return new ObservableResult(id, "URLHistoryObject: Found at least one match for " + finalResultsStr, //NON-NLS
spacing, ObservableResult.ObservableState.TRUE, artData);
}
// Didn't find any matches
return new ObservableResult(id, "URLHistoryObject: No matches found for " + finalResultsStr,
return new ObservableResult(id, "URLHistoryObject: No matches found for " + finalResultsStr, //NON-NLS
spacing, ObservableResult.ObservableState.FALSE, null);
} else if (haveBrowserName) {
@ -256,23 +256,23 @@ class EvalURLHistoryObj extends EvaluatableObject {
if (!finalHits.isEmpty()) {
List<StixArtifactData> artData = new ArrayList<StixArtifactData>();
for (BlackboardArtifact a : finalHits) {
artData.add(new StixArtifactData(a.getObjectID(), id, "URLHistory"));
artData.add(new StixArtifactData(a.getObjectID(), id, "URLHistory")); //NON-NLS
}
return new ObservableResult(id, "URLHistoryObject: Found at least one match",
return new ObservableResult(id, "URLHistoryObject: Found at least one match", //NON-NLS
spacing, ObservableResult.ObservableState.TRUE, artData);
}
// Didn't find any matches
return new ObservableResult(id, "URLHistoryObject: No matches found for " + baseSearchString,
return new ObservableResult(id, "URLHistoryObject: No matches found for " + baseSearchString, //NON-NLS
spacing, ObservableResult.ObservableState.FALSE, null);
} catch (TskCoreException ex) {
return new ObservableResult(id, "URLHistoryObject: Exception during evaluation: " + ex.getLocalizedMessage(),
return new ObservableResult(id, "URLHistoryObject: Exception during evaluation: " + ex.getLocalizedMessage(), //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
} else {
// Nothing to search for
return new ObservableResult(id, "URLHistoryObject: No evaluatable fields found",
return new ObservableResult(id, "URLHistoryObject: No evaluatable fields found", //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}
@ -286,25 +286,25 @@ class EvalURLHistoryObj extends EvaluatableObject {
List<String> fieldNames = new ArrayList<String>();
if (entry.getUserProfileName() != null) {
fieldNames.add("User_Profile_Name");
fieldNames.add("User_Profile_Name"); //NON-NLS
}
if (entry.getVisitCount() != null) {
fieldNames.add("Visit_Count");
fieldNames.add("Visit_Count"); //NON-NLS
}
if (entry.getManuallyEnteredCount() != null) {
fieldNames.add("Manually_Entered_Count");
fieldNames.add("Manually_Entered_Count"); //NON-NLS
}
if (entry.getModificationDateTime() != null) {
fieldNames.add("Modification_DateTime");
fieldNames.add("Modification_DateTime"); //NON-NLS
}
if (entry.getExpirationDateTime() != null) {
fieldNames.add("Expiration_DateTime");
fieldNames.add("Expiration_DateTime"); //NON-NLS
}
if (entry.getFirstVisitDateTime() != null) {
fieldNames.add("First_Visit_DateTime");
fieldNames.add("First_Visit_DateTime"); //NON-NLS
}
if (entry.getLastVisitDateTime() != null) {
fieldNames.add("Last_Visit_DateTime");
fieldNames.add("Last_Visit_DateTime"); //NON-NLS
}
String warningStr = "";
@ -315,6 +315,6 @@ class EvalURLHistoryObj extends EvaluatableObject {
warningStr += name;
}
addWarning("Unsupported URL_History_Entry field(s): " + warningStr);
addWarning("Unsupported URL_History_Entry field(s): " + warningStr); //NON-NLS
}
}

20
Core/src/org/sleuthkit/autopsy/modules/stix/EvaluatableObject.java
View File

@ -86,14 +86,14 @@ abstract class EvaluatableObject {
BlackboardAttribute.ATTRIBUTE_TYPE attrType) throws TskCoreException {
if (item.getValue() == null) {
throw new TskCoreException("Error: Value field is null");
throw new TskCoreException("Error: Value field is null"); //NON-NLS
}
if (item.getCondition() == null) {
addWarning("Warning: No condition given for " + attrType.getDisplayName() + " field, using substring comparison");
addWarning("Warning: No condition given for " + attrType.getDisplayName() + " field, using substring comparison"); //NON-NLS
} else if (item.getCondition() != ConditionTypeEnum.CONTAINS) {
addWarning("Warning: Ignoring condition " + item.getCondition() + " for "
+ attrType.getDisplayName() + " field and doing substring comparison");
addWarning("Warning: Ignoring condition " + item.getCondition() + " for " //NON-NLS
+ attrType.getDisplayName() + " field and doing substring comparison"); //NON-NLS
}
List<BlackboardArtifact> hits = null;
@ -101,7 +101,7 @@ abstract class EvaluatableObject {
Case case1 = Case.getCurrentCase();
SleuthkitCase sleuthkitCase = case1.getSleuthkitCase();
String[] parts = item.getValue().toString().split("##comma##");
String[] parts = item.getValue().toString().split("##comma##"); //NON-NLS
if ((item.getApplyCondition() == null)
|| (item.getApplyCondition() == ConditionApplicationEnum.ANY)) {
@ -139,7 +139,7 @@ abstract class EvaluatableObject {
}
}
} else {
throw new TskCoreException("Error: Can not apply NONE condition in search");
throw new TskCoreException("Error: Can not apply NONE condition in search"); //NON-NLS
}
} catch (TskCoreException ex) {
addWarning(ex.getLocalizedMessage());
@ -159,7 +159,7 @@ abstract class EvaluatableObject {
public static boolean compareStringObject(StringObjectPropertyType stringObj, String strField)
throws TskCoreException {
if (stringObj.getValue() == null) {
throw new TskCoreException("Error: Value field is null");
throw new TskCoreException("Error: Value field is null"); //NON-NLS
}
String valueStr = stringObj.getValue().toString();
@ -184,10 +184,10 @@ abstract class EvaluatableObject {
throws TskCoreException {
if (valueStr == null) {
throw new TskCoreException("Error: Value field is null");
throw new TskCoreException("Error: Value field is null"); //NON-NLS
}
String[] parts = valueStr.split("##comma##");
String[] parts = valueStr.split("##comma##"); //NON-NLS
String lowerFieldName = strField.toLowerCase();
for (String value : parts) {
@ -206,7 +206,7 @@ abstract class EvaluatableObject {
} else if (condition == ConditionTypeEnum.ENDS_WITH) {
partialResult = lowerFieldName.endsWith(value.toLowerCase());
} else {
throw new TskCoreException("Could not process condition " + condition.value() + " on " + value);
throw new TskCoreException("Could not process condition " + condition.value() + " on " + value); //NON-NLS
}
// Do all the short-circuiting

6
Core/src/org/sleuthkit/autopsy/modules/stix/ObservableResult.java
View File

@ -30,9 +30,9 @@ class ObservableResult {
public enum ObservableState {
TRUE("true "),
FALSE("false "),
INDETERMINATE("indeterminate");
TRUE("true "), //NON-NLS
FALSE("false "), //NON-NLS
INDETERMINATE("indeterminate"); //NON-NLS
private final String label;

87
Core/src/org/sleuthkit/autopsy/modules/stix/STIXReportModule.java
View File

@ -114,12 +114,15 @@ public class STIXReportModule implements GeneralReportModule {
File file = new File(reportPath);
output = new BufferedWriter(new FileWriter(file));
} catch (IOException ex) {
logger.log(Level.SEVERE, String.format("Unable to open STIX report file %s", reportPath), ex);
MessageNotifyUtil.Notify.show("STIXReportModule",
"Unable to open STIX report file " + reportPath,
logger.log(Level.SEVERE, String.format("Unable to open STIX report file %s", reportPath), ex); //NON-NLS
MessageNotifyUtil.Notify.show("STIXReportModule", //NON-NLS
NbBundle.getMessage(this.getClass(),
"STIXReportModule.notifyMsg.unableToOpenReportFile",
reportPath),
MessageNotifyUtil.MessageType.ERROR);
progressPanel.complete();
progressPanel.updateStatusLabel("Completed with errors");
progressPanel.updateStatusLabel(
NbBundle.getMessage(this.getClass(), "STIXReportModule.progress.completedWithErrors"));
return;
}
@ -129,31 +132,38 @@ public class STIXReportModule implements GeneralReportModule {
// Process the file/directory name entry
String stixFileName = configPanel.getStixFile();
if (stixFileName == null) {
logger.log(Level.SEVERE, "STIXReportModuleConfigPanel.stixFile not initialized ");
MessageNotifyUtil.Message.error("No STIX file/directory provided ");
logger.log(Level.SEVERE, "STIXReportModuleConfigPanel.stixFile not initialized "); //NON-NLS
MessageNotifyUtil.Message.error(
NbBundle.getMessage(this.getClass(), "STIXReportModule.notifyErr.noFildDirProvided"));
progressPanel.complete();
progressPanel.updateStatusLabel("No STIX file/directory provided ");
progressPanel.updateStatusLabel(
NbBundle.getMessage(this.getClass(), "STIXReportModule.progress.noFildDirProvided"));
return;
}
if (stixFileName.isEmpty()) {
logger.log(Level.SEVERE, "No STIX file/directory provided ");
MessageNotifyUtil.Message.error("No STIX file/directory provided ");
logger.log(Level.SEVERE, "No STIX file/directory provided "); //NON-NLS
MessageNotifyUtil.Message.error(
NbBundle.getMessage(this.getClass(), "STIXReportModule.notifyErr.noFildDirProvided"));
progressPanel.complete();
progressPanel.updateStatusLabel("No STIX file/directory provided ");
progressPanel.updateStatusLabel(
NbBundle.getMessage(this.getClass(), "STIXReportModule.progress.noFildDirProvided"));
return;
}
File stixFile = new File(stixFileName);
if (!stixFile.exists()) {
logger.log(Level.SEVERE, String.format("Unable to open STIX file/directory %s", stixFileName));
MessageNotifyUtil.Message.error("Unable to open STIX file/directory" + stixFileName);
logger.log(Level.SEVERE, String.format("Unable to open STIX file/directory %s", stixFileName)); //NON-NLS
MessageNotifyUtil.Message.error(NbBundle.getMessage(this.getClass(),
"STIXReportModule.notifyMsg.unableToOpenFileDir",
stixFileName));
progressPanel.complete();
progressPanel.updateStatusLabel("Could not open file/directory " + stixFileName);
progressPanel.updateStatusLabel(
NbBundle.getMessage(this.getClass(), "STIXReportModule.progress.couldNotOpenFileDir", stixFileName));
return;
}
// Store the path
ModuleSettings.setConfigSetting("STIX", "defaultPath", stixFileName);
ModuleSettings.setConfigSetting("STIX", "defaultPath", stixFileName); //NON-NLS
// Create array of stix file(s)
File[] stixFiles;
@ -172,8 +182,8 @@ public class STIXReportModule implements GeneralReportModule {
try {
processFile(file.getAbsolutePath(), progressPanel);
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, String.format("Unable to process STIX file %s", file), ex);
MessageNotifyUtil.Notify.show("STIXReportModule",
logger.log(Level.SEVERE, String.format("Unable to process STIX file %s", file), ex); //NON-NLS
MessageNotifyUtil.Notify.show("STIXReportModule", //NON-NLS
ex.getLocalizedMessage(),
MessageNotifyUtil.MessageType.ERROR);
hadErrors = true;
@ -185,7 +195,7 @@ public class STIXReportModule implements GeneralReportModule {
try {
output.close();
} catch (IOException ex) {
logger.log(Level.SEVERE, String.format("Error closing STIX report file %s", reportPath), ex);
logger.log(Level.SEVERE, String.format("Error closing STIX report file %s", reportPath), ex); //NON-NLS
}
}
@ -193,7 +203,8 @@ public class STIXReportModule implements GeneralReportModule {
// the "complete" message to indicate this.
progressPanel.complete();
if (hadErrors) {
progressPanel.updateStatusLabel("Completed with errors");
progressPanel.updateStatusLabel(
NbBundle.getMessage(this.getClass(), "STIXReportModule.progress.completedWithErrors"));
}
}
@ -237,14 +248,14 @@ public class STIXReportModule implements GeneralReportModule {
try {
// Create STIXPackage object from xml.
File file = new File(stixFileName);
JAXBContext jaxbContext = JAXBContext.newInstance("org.mitre.stix.stix_1:org.mitre.stix.common_1:org.mitre.stix.indicator_2:"
+ "org.mitre.cybox.objects:org.mitre.cybox.cybox_2:org.mitre.cybox.common_2");
JAXBContext jaxbContext = JAXBContext.newInstance("org.mitre.stix.stix_1:org.mitre.stix.common_1:org.mitre.stix.indicator_2:" //NON-NLS
+ "org.mitre.cybox.objects:org.mitre.cybox.cybox_2:org.mitre.cybox.common_2"); //NON-NLS
Unmarshaller jaxbUnmarshaller = jaxbContext.createUnmarshaller();
STIXPackage stix = (STIXPackage) jaxbUnmarshaller.unmarshal(file);
return stix;
} catch (JAXBException ex) {
logger.log(Level.SEVERE, String.format("Unable to load STIX file %s", stixFileName), ex.getLocalizedMessage());
throw new TskCoreException("Error loading STIX file (" + ex.toString() + ")");
logger.log(Level.SEVERE, String.format("Unable to load STIX file %s", stixFileName), ex.getLocalizedMessage()); //NON-NLS
throw new TskCoreException("Error loading STIX file (" + ex.toString() + ")"); //NON-NLS
}
}
@ -328,15 +339,17 @@ public class STIXReportModule implements GeneralReportModule {
} else if (ind.getId() != null) {
s.createArtifact(ind.getId().toString());
} else {
s.createArtifact("Unnamed indicator(s)");
s.createArtifact("Unnamed indicator(s)"); //NON-NLS
}
// Trying to protect against the case where we end up with tons of artifacts
// for a single observable because the condition was not restrictive enough
count++;
if (count > 1000) {
MessageNotifyUtil.Notify.show("STIXReportModule",
"Too many STIX-related artifacts generated for " + ind.getId() + ". Only saving first 1000.",
MessageNotifyUtil.Notify.show("STIXReportModule", //NON-NLS
NbBundle.getMessage(this.getClass(),
"STIXReportModule.notifyMsg.tooManyArtifactsgt1000",
ind.getId()),
MessageNotifyUtil.MessageType.INFO);
break;
}
@ -356,28 +369,28 @@ public class STIXReportModule implements GeneralReportModule {
try {
if (found) {
output.write("----------------\r\n"
+ "Found indicator:\r\n");
+ "Found indicator:\r\n"); //NON-NLS
} else {
output.write("-----------------------\r\n"
+ "Did not find indicator:\r\n");
+ "Did not find indicator:\r\n"); //NON-NLS
}
if (ind.getTitle() != null) {
output.write("Title: " + ind.getTitle() + "\r\n");
output.write("Title: " + ind.getTitle() + "\r\n"); //NON-NLS
} else {
output.write("\r\n");
}
if (ind.getId() != null) {
output.write("ID: " + ind.getId() + "\r\n");
output.write("ID: " + ind.getId() + "\r\n"); //NON-NLS
}
if (ind.getDescription() != null) {
String desc = ind.getDescription().getValue();
desc = desc.trim();
output.write("Description: " + desc + "\r\n");
output.write("Description: " + desc + "\r\n"); //NON-NLS
}
output.write("\r\nObservable results:\r\n" + resultStr + "\r\n\r\n");
output.write("\r\nObservable results:\r\n" + resultStr + "\r\n\r\n"); //NON-NLS
} catch (IOException ex) {
logger.log(Level.SEVERE, String.format("Error writing to STIX report file %s", reportPath), ex);
logger.log(Level.SEVERE, String.format("Error writing to STIX report file %s", reportPath), ex); //NON-NLS
}
}
}
@ -398,7 +411,7 @@ public class STIXReportModule implements GeneralReportModule {
output.write("### " + a_fileName + " ###\r\n");
output.write(header + "\r\n\r\n");
} catch (IOException ex) {
logger.log(Level.SEVERE, String.format("Error writing to STIX report file %s", reportPath), ex);
logger.log(Level.SEVERE, String.format("Error writing to STIX report file %s", reportPath), ex); //NON-NLS
}
}
@ -446,7 +459,7 @@ public class STIXReportModule implements GeneralReportModule {
*/
private ObservableResult evaluateObservableComposition(ObservableCompositionType comp, String spacing) throws TskCoreException {
if (comp.getOperator() == null) {
throw new TskCoreException("No operator found in composition");
throw new TskCoreException("No operator found in composition"); //NON-NLS
}
if (comp.getObservables() != null) {
@ -525,7 +538,7 @@ public class STIXReportModule implements GeneralReportModule {
return result;
}
} else {
throw new TskCoreException("No observables found in list");
throw new TskCoreException("No observables found in list"); //NON-NLS
}
}
@ -567,7 +580,7 @@ public class STIXReportModule implements GeneralReportModule {
return result;
}
throw new TskCoreException("Error loading/finding object for observable " + obs.getIdref());
throw new TskCoreException("Error loading/finding object for observable " + obs.getIdref()); //NON-NLS
}
/**
@ -609,7 +622,7 @@ public class STIXReportModule implements GeneralReportModule {
if ((type.lastIndexOf(".") + 1) < type.length()) {
type = type.substring(type.lastIndexOf(".") + 1);
}
return new ObservableResult(id, type + " not supported",
return new ObservableResult(id, type + " not supported", //NON-NLS
spacing, ObservableResult.ObservableState.INDETERMINATE, null);
}

18
Core/src/org/sleuthkit/autopsy/modules/stix/STIXReportModuleConfigPanel.java
View File

@ -37,17 +37,17 @@ public class STIXReportModuleConfigPanel extends javax.swing.JPanel {
initComponents();
// Set the default path to the last one used
if ((ModuleSettings.getConfigSetting("STIX", "defaultPath") != null)
&& (!ModuleSettings.getConfigSetting("STIX", "defaultPath").isEmpty())) {
jTextField1.setText(ModuleSettings.getConfigSetting("STIX", "defaultPath"));
stixFile = ModuleSettings.getConfigSetting("STIX", "defaultPath");
if ((ModuleSettings.getConfigSetting("STIX", "defaultPath") != null) //NON-NLS
&& (!ModuleSettings.getConfigSetting("STIX", "defaultPath").isEmpty())) { //NON-NLS
jTextField1.setText(ModuleSettings.getConfigSetting("STIX", "defaultPath")); //NON-NLS
stixFile = ModuleSettings.getConfigSetting("STIX", "defaultPath"); //NON-NLS
}
// Set the results checkbox to the last one used
if ((ModuleSettings.getConfigSetting("STIX", "showAllResults") != null)
&& (!ModuleSettings.getConfigSetting("STIX", "showAllResults").isEmpty())) {
if ((ModuleSettings.getConfigSetting("STIX", "showAllResults") != null) //NON-NLS
&& (!ModuleSettings.getConfigSetting("STIX", "showAllResults").isEmpty())) { //NON-NLS
if (ModuleSettings.getConfigSetting("STIX", "showAllResults").equals("true")) {
if (ModuleSettings.getConfigSetting("STIX", "showAllResults").equals("true")) { //NON-NLS
jCheckBox1.setSelected(true);
showAllResults = true;
} else {
@ -177,9 +177,9 @@ public class STIXReportModuleConfigPanel extends javax.swing.JPanel {
// TODO add your handling code here:
showAllResults = jCheckBox1.isSelected();
if (showAllResults) {
ModuleSettings.setConfigSetting("STIX", "showAllResults", "true");
ModuleSettings.setConfigSetting("STIX", "showAllResults", "true"); //NON-NLS
} else {
ModuleSettings.setConfigSetting("STIX", "showAllResults", "false");
ModuleSettings.setConfigSetting("STIX", "showAllResults", "false"); //NON-NLS
}
}//GEN-LAST:event_jCheckBox1ActionPerformed

10
Core/src/org/sleuthkit/autopsy/modules/stix/StixArtifactData.java
View File

@ -59,15 +59,15 @@ class StixArtifactData {
String setName;
if (a_title != null) {
setName = "STIX Indicator - " + a_title;
setName = "STIX Indicator - " + a_title; //NON-NLS
} else {
setName = "STIX Indicator - (no title)";
setName = "STIX Indicator - (no title)"; //NON-NLS
}
BlackboardArtifact bba = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(), "Stix", setName));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE.getTypeID(), "Stix", observableId));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY.getTypeID(), "Stix", objType));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(), "Stix", setName)); //NON-NLS
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE.getTypeID(), "Stix", observableId)); //NON-NLS
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY.getTypeID(), "Stix", objType)); //NON-NLS
}
public void print() {

4
branding/core/core.jar/org/netbeans/core/startup/Bundle.properties
View File

@ -1,5 +1,5 @@
#Updated by build script
#Wed, 17 Dec 2014 13:11:49 -0500
#Thu, 19 Feb 2015 12:52:00 -0500
LBL_splash_window_title=Starting Autopsy
SPLASH_HEIGHT=314
SPLASH_WIDTH=538
@ -8,4 +8,4 @@ SplashRunningTextBounds=0,289,538,18
SplashRunningTextColor=0x0
SplashRunningTextFontSize=19
currentVersion=Autopsy 3.1.1
currentVersion=Autopsy 3.1.2

6
branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties
View File

@ -1,5 +1,5 @@
#Updated by build script
#Wed, 17 Dec 2014 13:11:49 -0500
#Thu, 19 Feb 2015 12:52:00 -0500
CTL_MainWindow_Title=Autopsy 3.1.1
CTL_MainWindow_Title_No_Project=Autopsy 3.1.1
CTL_MainWindow_Title=Autopsy 3.1.2
CTL_MainWindow_Title_No_Project=Autopsy 3.1.2