diff --git a/Ingest/src/org/sleuthkit/autopsy/ingest/Bundle.properties b/Ingest/src/org/sleuthkit/autopsy/ingest/Bundle.properties index 9aef703e9e..422c819d4e 100644 --- a/Ingest/src/org/sleuthkit/autopsy/ingest/Bundle.properties +++ b/Ingest/src/org/sleuthkit/autopsy/ingest/Bundle.properties @@ -4,4 +4,7 @@ HINT_IngestTopComponent=Ingest window OpenIDE-Module-Name=Ingest IngestTopComponent.topLable.text=Image ingest services IngestTopComponent.startButton.text=Start +IngestTopComponent.messageFrame.title=Ingest Messages IngestTopComponent.refreshFreqLabel.text=Refresh frequency +IngestTopComponent.refreshFrequencyLabel.text=Refresh Frequency +IngestTopComponent.ingestProgressLabel.text=File Ingest Progress \ No newline at end of file diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java index bf60bbb0de..e87aac2f2a 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java @@ -82,7 +82,7 @@ public class Chrome { BlackboardAttribute bbattref = new BlackboardAttribute(32,"RecentActivity","Chrome",temprs.getString("from_visit")); bbart.addAttribute(bbattref); BlackboardAttribute bbatttitle = new BlackboardAttribute(3,"RecentActivity","Chrome",((temprs.getString("title") != null) ? temprs.getString("title") : "No Title")); - bbart.addAttribute(bbatturl); + bbart.addAttribute(bbatttitle); als.add(kvs); @@ -141,13 +141,13 @@ public class Chrome { cookies.add(kvs); BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE); - BlackboardAttribute bbatturl = new BlackboardAttribute(1, temprs.getString("host"), "RecentActivity", "Chrome"); + BlackboardAttribute bbatturl = new BlackboardAttribute(1, "RecentActivity", "Chrome", temprs.getString("host")); bbart.addAttribute(bbatturl); - BlackboardAttribute bbattdate = new BlackboardAttribute(2, temprs.getString("access_utc"), "RecentActivity", "Chrome"); + BlackboardAttribute bbattdate = new BlackboardAttribute(2,"RecentActivity", "Chrome",temprs.getString("access_utc")); bbart.addAttribute(bbattdate); - BlackboardAttribute bbattvalue = new BlackboardAttribute(26, temprs.getString("value"), "RecentActivity", "Chrome"); + BlackboardAttribute bbattvalue = new BlackboardAttribute(26,"RecentActivity", "Chrome",temprs.getString("value")); bbart.addAttribute(bbattvalue); - BlackboardAttribute bbatttitle = new BlackboardAttribute(3, ((temprs.getString("name") != null) ? temprs.getString("name") : "No name"), "RecentActivity","Chrome"); + BlackboardAttribute bbatttitle = new BlackboardAttribute(3, "RecentActivity","Chrome",((temprs.getString("name") != null) ? temprs.getString("name") : "No name")); bbart.addAttribute(bbatttitle); @@ -206,9 +206,9 @@ public class Chrome { kvs.put("Reference", temprs.getString("starred.date_added")); BlackboardAttribute bbattdate = new BlackboardAttribute(31,"RecentActivity","Chrome",temprs.getString("last_visit_time")); bbart.addAttribute(bbattdate); - BlackboardAttribute bbatturl = new BlackboardAttribute(5, ((temprs.getString("url") != null) ? temprs.getString("url") : "No URL"), "RecentActivity","Chrome"); + BlackboardAttribute bbatturl = new BlackboardAttribute(5, "RecentActivity","Chrome",((temprs.getString("url") != null) ? temprs.getString("url") : "No URL")); bbart.addAttribute(bbatturl); - BlackboardAttribute bbatttitle = new BlackboardAttribute(3, ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "No Title"), "RecentActivity","Chrome"); + BlackboardAttribute bbatttitle = new BlackboardAttribute(3, "RecentActivity","Chrome", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "No Title")); bbart.addAttribute(bbatttitle); bookmarks.add(kvs); diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractAll.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractAll.java index 26fad037c5..46fa21cf4f 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractAll.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractAll.java @@ -4,10 +4,8 @@ */ package org.sleuthkit.autopsy.recentactivity; -import org.sleuthkit.datamodel.BlackboardArtifact; -import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; -import org.sleuthkit.datamodel.BlackboardAttribute; -import org.sleuthkit.datamodel.FsContent; +import java.util.ArrayList; +import java.util.HashMap; /** * @@ -30,10 +28,10 @@ public class ExtractAll { Chrome chre = new Chrome(); chre.getchdb(); - // ExtractIE eere = new ExtractIE(); - // eere.parsePascoResults(); + ExtractIE eere = new ExtractIE(); + eere.parsePascoResults(); //Find a way to put these results into BB - // ArrayList> IEresults = eere.PASCO_RESULTS_LIST; + return true; } catch(Error e){ diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java index be69d519fc..ad903b44d6 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java @@ -21,14 +21,16 @@ import java.util.regex.Matcher; import java.util.regex.Pattern; // TSK Imports +import org.openide.util.Exceptions; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.datamodel.KeyValueThing; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; -import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; +import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.FsContent; import org.sleuthkit.datamodel.SleuthkitCase; +import org.sleuthkit.datamodel.TskException; public class ExtractIE { // implements BrowserActivity { @@ -85,17 +87,20 @@ public class ExtractIE { // implements BrowserActivity { // just create these files with the following notation: // index.dat (i.e. index0.dat, index1.dat,..., indexN.dat) // Write each index.dat file to a temp directory. - indexFileName = "index" + Integer.toString(index) + ".dat"; + BlackboardArtifact bbart = fsc.newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); + //indexFileName = "index" + Integer.toString(index) + ".dat"; + indexFileName = "index" + Long.toString(bbart.getArtifactID()) + ".dat"; temps = currentCase.getTempDirectory() + "\\" + indexFileName; File datFile = new File(temps); ContentUtils.writeToFile(fsc, datFile); - boolean bPascProcSuccess = executePasco(temps, index); + boolean bPascProcSuccess = executePasco(temps, index, bbart.getArtifactID()); //At this point pasco2 proccessed the index files. //Now fetch the results, parse them and the delete the files. if(bPascProcSuccess) { + //Delete index.dat file since it was succcessfully by Pasco datFile.delete(); } @@ -112,21 +117,21 @@ public class ExtractIE { // implements BrowserActivity { //Simple wrapper to JavaSystemCaller.Exec() to execute pasco2 jar // TODO: Hardcoded command args/path needs to be removed. Maybe set some constants and set env variables for classpath // I'm not happy with this code. Can't stand making a system call, is not an acceptable solution but is a hack for now. - private boolean executePasco(String indexFilePath, int fileIndex) + private boolean executePasco(String indexFilePath, int fileIndex, long bbId) { boolean success = true; try { - List command = new ArrayList(); + List command = new ArrayList(); command.add("-cp"); - command.add(PASCO_LIB_PATH); + command.add(PASCO_LIB_PATH); command.add(" isi.pasco2.Main"); command.add(" -T history"); command.add(indexFilePath); - command.add(" > " + PASCO_RESULTS_PATH + "\\pasco2Result" + Integer.toString(fileIndex) + ".txt"); - + //command.add(" > " + PASCO_RESULTS_PATH + "\\pasco2Result" + Integer.toString(fileIndex) + ".txt"); + command.add(" > " + PASCO_RESULTS_PATH + "\\" + Long.toString(bbId)); String[] cmd = command.toArray(new String[0]); JavaSystemCaller.Exec.execute("java", cmd); @@ -147,6 +152,7 @@ public class ExtractIE { // implements BrowserActivity { // is not empty. File rFile = new File(PASCO_RESULTS_PATH); + //Let's make sure our list and lut are empty. //PASCO_RESULTS_LIST.clear(); @@ -161,6 +167,10 @@ public class ExtractIE { // implements BrowserActivity { { for (File file : pascoFiles) { + String bbartname = file.getName(); + //bbartname = bbartname.substring(0, 4); + long bbartId = Long.parseLong(bbartname); + // Make sure the file the is not empty or the Scanner will // throw a "No Line found" Exception if (file != null && file.length() > 0 ) @@ -173,6 +183,8 @@ public class ExtractIE { // implements BrowserActivity { while (fileScanner.hasNext()) { + + String line = fileScanner.nextLine(); //Need to change this pattern a bit because there might @@ -182,6 +194,7 @@ public class ExtractIE { // implements BrowserActivity { Matcher m = p.matcher(line); if(m.find()) { + try { String[] lineBuff = line.split("\\t"); PASCO_RESULTS_LUT = new HashMap(); PASCO_RESULTS_LUT.put(BrowserActivityType.Url.name(), lineBuff[1]); @@ -190,17 +203,30 @@ public class ExtractIE { // implements BrowserActivity { PASCO_RESULTS_LUT.put("Last Accessed", lineBuff[3]); PASCO_RESULTS_LUT.put("Reference", "None"); - - - //KeyValueThing + BlackboardArtifact bbart = tempDb.getBlackboardArtifact(bbartId); + BlackboardAttribute bbatturl = new BlackboardAttribute(1,"RecentActivity","Internet Explorer",lineBuff[1]); + bbart.addAttribute(bbatturl); + BlackboardAttribute bbattdate = new BlackboardAttribute(31,"RecentActivity","Internet Explorer",lineBuff[3]); + bbart.addAttribute(bbattdate); + BlackboardAttribute bbattref = new BlackboardAttribute(32,"RecentActivity","Internet Explorer","No Ref"); + bbart.addAttribute(bbattref); + BlackboardAttribute bbatttitle = new BlackboardAttribute(3,"RecentActivity","Internet Explorer",lineBuff[2]); + bbart.addAttribute(bbatttitle); + + //KeyValueThing //This will be redundant in terms IE.name() because of //the way they implemented KeyValueThing IE_OBJ = new LinkedHashMap(); IE_OBJ.put(BrowserType.IE.name(), PASCO_RESULTS_LUT); IE_PASCO_LUT.addMap(IE_OBJ); - PASCO_RESULTS_LIST.add(PASCO_RESULTS_LUT); - } + PASCO_RESULTS_LIST.add(PASCO_RESULTS_LUT); + } + catch (TskException ex) { + Exceptions.printStackTrace(ex); + } + } + } } //TODO: Fix Delete issue diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java index e22592e7a4..1bd8f501da 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java @@ -82,7 +82,7 @@ public class Firefox { BlackboardAttribute bbattref = new BlackboardAttribute(32,"RecentActivity","FireFox",temprs.getString("from_visit")); bbart.addAttribute(bbattref); BlackboardAttribute bbatttitle = new BlackboardAttribute(3,"RecentActivity","FireFox",((temprs.getString("title") != null) ? temprs.getString("title") : "No Title")); - bbart.addAttribute(bbatturl); + bbart.addAttribute(bbatttitle); //bbart.addAttribute(ATTRIBUTE_TYPE.TSK_URL, temprs.getString("url"), "RecentActivity","FireFox"); //bbart.addAttribute(ATTRIBUTE_TYPE.TSK_DATETIME, temprs.getString("visit_date"), "RecentActivity","FireFox"); //bbart.addAttribute(ATTRIBUTE_TYPE.TSK_REFERRER, temprs.getString("from_visit"), "RecentActivity","FireFox"); @@ -101,9 +101,9 @@ public class Firefox { kvs.put("Count", ""); kvs.put("Last Accessed", ""); kvs.put("Reference", ""); - BlackboardAttribute bbatturl = new BlackboardAttribute(5, ((temprs.getString("url") != null) ? temprs.getString("url") : "No URL"), "RecentActivity","FireFox"); + BlackboardAttribute bbatturl = new BlackboardAttribute(5,"RecentActivity","FireFox",((temprs.getString("url") != null) ? temprs.getString("url") : "No URL")); bbart.addAttribute(bbatturl); - BlackboardAttribute bbatttitle = new BlackboardAttribute(3, ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "No Title"), "RecentActivity","FireFox"); + BlackboardAttribute bbatttitle = new BlackboardAttribute(3, "RecentActivity","FireFox", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "No Title")); bbart.addAttribute(bbatttitle); bookmarks.add(kvs); @@ -163,13 +163,13 @@ public class Firefox { kvs.put("Count", temprs.getString("value")); kvs.put("Last Accessed", temprs.getString("lastAccessed")); kvs.put("Reference", temprs.getString("creationTime")); - BlackboardAttribute bbatturl = new BlackboardAttribute(1, temprs.getString("host"), "RecentActivity", "FireFox"); + BlackboardAttribute bbatturl = new BlackboardAttribute(1, "RecentActivity", "FireFox", temprs.getString("host")); bbart.addAttribute(bbatturl); - BlackboardAttribute bbattdate = new BlackboardAttribute(2, temprs.getString("lastAccessed"), "RecentActivity", "FireFox"); + BlackboardAttribute bbattdate = new BlackboardAttribute(2, "RecentActivity", "FireFox", temprs.getString("lastAccessed")); bbart.addAttribute(bbattdate); - BlackboardAttribute bbattvalue = new BlackboardAttribute(26, temprs.getString("value"), "RecentActivity", "FireFox"); + BlackboardAttribute bbattvalue = new BlackboardAttribute(26, "RecentActivity", "FireFox", temprs.getString("value")); bbart.addAttribute(bbattvalue); - BlackboardAttribute bbatttitle = new BlackboardAttribute(3, ((temprs.getString("name") != null) ? temprs.getString("name") : "No name"), "RecentActivity","FireFox"); + BlackboardAttribute bbatttitle = new BlackboardAttribute(3, "RecentActivity","FireFox",((temprs.getString("name") != null) ? temprs.getString("name") : "No name")); bbart.addAttribute(bbatttitle); diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestService.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestService.java index ac789ed28b..149854b4ee 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestService.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestService.java @@ -59,10 +59,11 @@ public final class RAImageIngestService implements IngestServiceImage { //service specific Image processing code here //example: + controller.switchToDeterminate(2); ExtractAll ext = new ExtractAll(); - int count = ext.getExtractCount(); + // int count = ext.getExtractCount(); //if we know amount of work units, we can switch to determinate and update progress bar - int filesToProcess = count; + int filesToProcess = 1; controller.switchToDeterminate(filesToProcess); int processedFiles = 0; @@ -83,8 +84,22 @@ public final class RAImageIngestService implements IngestServiceImage { } catch (Error e) { } + if (controller.isCancelled()) { + return; } + controller.progress(1); + try { + //do the work + ext.extractToBlackboard(); + controller.progress(2); + + } catch (Error e) { + manager.postMessage(IngestMessage.createErrorMessage(++messageId, +this, "Error writing recent activity data")); + + } + } } diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RecentActivityDataExplorer.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RecentActivityDataExplorer.java index 4b6c6c135c..90741430a6 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RecentActivityDataExplorer.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RecentActivityDataExplorer.java @@ -58,10 +58,8 @@ public class RecentActivityDataExplorer implements DataExplorer { void makeNodes() { things.clear(); - ExtractRegistry eree = new ExtractRegistry(); - eree.getregistryfiles(); - Firefox ffre = new Firefox(); - ffre.getffdb(); + Firefox ffre = new Firefox(); + ffre.getffdb(); Chrome chre = new Chrome(); chre.getchdb(); ExtractIE eere = new ExtractIE(); diff --git a/thirdparty/pasco2/results/pasco2Result0.txt b/thirdparty/pasco2/results/pasco2Result0.txt new file mode 100644 index 0000000000..44c69cfc42 --- /dev/null +++ b/thirdparty/pasco2/results/pasco2Result0.txt @@ -0,0 +1,8 @@ +History File: C:\Users\Alex\Documents\projects\Autopsy2\testFolder\bentest\Temp\index0.dat Version: 5.2 + +TYPE URL MODIFIED TIME ACCESS TIME FILENAME DIRECTORY HTTP HEADERS +LEAK entries: 0 +REDR entries: 0 +URL entries: 0 +ent entries: 0 +unknown entries: 0