mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Restored IE history functionality

Browse Source 
Signed-off-by: Alexander Ebadirad <aebadirad@42six.com>
This commit is contained in:
Alexander Ebadirad 2012-02-01 14:04:06 -07:00
parent e3e4600577
commit b6e4928e3b
8 changed files with 88 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Ingest/src/org/sleuthkit/autopsy/ingest/Bundle.properties
View File

@ -4,4 +4,7 @@ HINT_IngestTopComponent=Ingest window
OpenIDE-Module-Name=Ingest
IngestTopComponent.topLable.text=Image ingest services
IngestTopComponent.startButton.text=Start
IngestTopComponent.messageFrame.title=Ingest Messages
IngestTopComponent.refreshFreqLabel.text=Refresh frequency
IngestTopComponent.refreshFrequencyLabel.text=Refresh Frequency
IngestTopComponent.ingestProgressLabel.text=File Ingest Progress

14
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
View File

@ -82,7 +82,7 @@ public class Chrome {
BlackboardAttribute bbattref = new BlackboardAttribute(32,"RecentActivity","Chrome",temprs.getString("from_visit"));
bbart.addAttribute(bbattref);
BlackboardAttribute bbatttitle = new BlackboardAttribute(3,"RecentActivity","Chrome",((temprs.getString("title") != null) ? temprs.getString("title") : "No Title"));
bbart.addAttribute(bbatturl);
bbart.addAttribute(bbatttitle);
als.add(kvs);
@ -141,13 +141,13 @@ public class Chrome {
cookies.add(kvs);
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE);
BlackboardAttribute bbatturl = new BlackboardAttribute(1, temprs.getString("host"), "RecentActivity", "Chrome");
BlackboardAttribute bbatturl = new BlackboardAttribute(1, "RecentActivity", "Chrome", temprs.getString("host"));
bbart.addAttribute(bbatturl);
BlackboardAttribute bbattdate = new BlackboardAttribute(2, temprs.getString("access_utc"), "RecentActivity", "Chrome");
BlackboardAttribute bbattdate = new BlackboardAttribute(2,"RecentActivity", "Chrome",temprs.getString("access_utc"));
bbart.addAttribute(bbattdate);
BlackboardAttribute bbattvalue = new BlackboardAttribute(26, temprs.getString("value"), "RecentActivity", "Chrome");
BlackboardAttribute bbattvalue = new BlackboardAttribute(26,"RecentActivity", "Chrome",temprs.getString("value"));
bbart.addAttribute(bbattvalue);
BlackboardAttribute bbatttitle = new BlackboardAttribute(3, ((temprs.getString("name") != null) ? temprs.getString("name") : "No name"), "RecentActivity","Chrome");
BlackboardAttribute bbatttitle = new BlackboardAttribute(3, "RecentActivity","Chrome",((temprs.getString("name") != null) ? temprs.getString("name") : "No name"));
bbart.addAttribute(bbatttitle);
@ -206,9 +206,9 @@ public class Chrome {
kvs.put("Reference", temprs.getString("starred.date_added"));
BlackboardAttribute bbattdate = new BlackboardAttribute(31,"RecentActivity","Chrome",temprs.getString("last_visit_time"));
bbart.addAttribute(bbattdate);
BlackboardAttribute bbatturl = new BlackboardAttribute(5, ((temprs.getString("url") != null) ? temprs.getString("url") : "No URL"), "RecentActivity","Chrome");
BlackboardAttribute bbatturl = new BlackboardAttribute(5, "RecentActivity","Chrome",((temprs.getString("url") != null) ? temprs.getString("url") : "No URL"));
bbart.addAttribute(bbatturl);
BlackboardAttribute bbatttitle = new BlackboardAttribute(3, ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "No Title"), "RecentActivity","Chrome");
BlackboardAttribute bbatttitle = new BlackboardAttribute(3, "RecentActivity","Chrome", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "No Title"));
bbart.addAttribute(bbatttitle);
bookmarks.add(kvs);

12
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractAll.java
View File

@ -4,10 +4,8 @@
*/
package org.sleuthkit.autopsy.recentactivity;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.FsContent;
import java.util.ArrayList;
import java.util.HashMap;
/**
*
@ -30,10 +28,10 @@ public class ExtractAll {
Chrome chre = new Chrome();
chre.getchdb();
// ExtractIE eere = new ExtractIE();
// eere.parsePascoResults();
ExtractIE eere = new ExtractIE();
eere.parsePascoResults();
//Find a way to put these results into BB
// ArrayList<HashMap<String,Object>> IEresults = eere.PASCO_RESULTS_LIST;
return true;
}
catch(Error e){

40
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -21,14 +21,16 @@ import java.util.regex.Matcher;
import java.util.regex.Pattern;
// TSK Imports
import org.openide.util.Exceptions;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.autopsy.datamodel.KeyValueThing;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskException;
public class ExtractIE { // implements BrowserActivity {
@ -85,17 +87,20 @@ public class ExtractIE { // implements BrowserActivity {
// just create these files with the following notation:
// index<Number>.dat (i.e. index0.dat, index1.dat,..., indexN.dat)
// Write each index.dat file to a temp directory.
indexFileName = "index" + Integer.toString(index) + ".dat";
BlackboardArtifact bbart = fsc.newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY);
//indexFileName = "index" + Integer.toString(index) + ".dat";
indexFileName = "index" + Long.toString(bbart.getArtifactID()) + ".dat";
temps = currentCase.getTempDirectory() + "\\" + indexFileName;
File datFile = new File(temps);
ContentUtils.writeToFile(fsc, datFile);
boolean bPascProcSuccess = executePasco(temps, index);
boolean bPascProcSuccess = executePasco(temps, index, bbart.getArtifactID());
//At this point pasco2 proccessed the index files.
//Now fetch the results, parse them and the delete the files.
if(bPascProcSuccess)
{
//Delete index<n>.dat file since it was succcessfully by Pasco
datFile.delete();
}
@ -112,7 +117,7 @@ public class ExtractIE { // implements BrowserActivity {
//Simple wrapper to JavaSystemCaller.Exec() to execute pasco2 jar
// TODO: Hardcoded command args/path needs to be removed. Maybe set some constants and set env variables for classpath
// I'm not happy with this code. Can't stand making a system call, is not an acceptable solution but is a hack for now.
private boolean executePasco(String indexFilePath, int fileIndex)
private boolean executePasco(String indexFilePath, int fileIndex, long bbId)
{
boolean success = true;
@ -125,8 +130,8 @@ public class ExtractIE { // implements BrowserActivity {
command.add(" isi.pasco2.Main");
command.add(" -T history");
command.add(indexFilePath);
command.add(" > " + PASCO_RESULTS_PATH + "\\pasco2Result" + Integer.toString(fileIndex) + ".txt");
//command.add(" > " + PASCO_RESULTS_PATH + "\\pasco2Result" + Integer.toString(fileIndex) + ".txt");
command.add(" > " + PASCO_RESULTS_PATH + "\\" + Long.toString(bbId));
String[] cmd = command.toArray(new String[0]);
JavaSystemCaller.Exec.execute("java", cmd);
@ -147,6 +152,7 @@ public class ExtractIE { // implements BrowserActivity {
// is not empty.
File rFile = new File(PASCO_RESULTS_PATH);
//Let's make sure our list and lut are empty.
//PASCO_RESULTS_LIST.clear();
@ -161,6 +167,10 @@ public class ExtractIE { // implements BrowserActivity {
{
for (File file : pascoFiles)
{
String bbartname = file.getName();
//bbartname = bbartname.substring(0, 4);
long bbartId = Long.parseLong(bbartname);
// Make sure the file the is not empty or the Scanner will
// throw a "No Line found" Exception
if (file != null && file.length() > 0 )
@ -173,6 +183,8 @@ public class ExtractIE { // implements BrowserActivity {
while (fileScanner.hasNext())
{
String line = fileScanner.nextLine();
//Need to change this pattern a bit because there might
@ -182,6 +194,7 @@ public class ExtractIE { // implements BrowserActivity {
Matcher m = p.matcher(line);
if(m.find())
{
try {
String[] lineBuff = line.split("\\t");
PASCO_RESULTS_LUT = new HashMap<String,Object>();
PASCO_RESULTS_LUT.put(BrowserActivityType.Url.name(), lineBuff[1]);
@ -190,7 +203,15 @@ public class ExtractIE { // implements BrowserActivity {
PASCO_RESULTS_LUT.put("Last Accessed", lineBuff[3]);
PASCO_RESULTS_LUT.put("Reference", "None");
BlackboardArtifact bbart = tempDb.getBlackboardArtifact(bbartId);
BlackboardAttribute bbatturl = new BlackboardAttribute(1,"RecentActivity","Internet Explorer",lineBuff[1]);
bbart.addAttribute(bbatturl);
BlackboardAttribute bbattdate = new BlackboardAttribute(31,"RecentActivity","Internet Explorer",lineBuff[3]);
bbart.addAttribute(bbattdate);
BlackboardAttribute bbattref = new BlackboardAttribute(32,"RecentActivity","Internet Explorer","No Ref");
bbart.addAttribute(bbattref);
BlackboardAttribute bbatttitle = new BlackboardAttribute(3,"RecentActivity","Internet Explorer",lineBuff[2]);
bbart.addAttribute(bbatttitle);
//KeyValueThing
//This will be redundant in terms IE.name() because of
@ -201,6 +222,11 @@ public class ExtractIE { // implements BrowserActivity {
PASCO_RESULTS_LIST.add(PASCO_RESULTS_LUT);
}
catch (TskException ex) {
Exceptions.printStackTrace(ex);
}
}
}
}
//TODO: Fix Delete issue

14
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -82,7 +82,7 @@ public class Firefox {
BlackboardAttribute bbattref = new BlackboardAttribute(32,"RecentActivity","FireFox",temprs.getString("from_visit"));
bbart.addAttribute(bbattref);
BlackboardAttribute bbatttitle = new BlackboardAttribute(3,"RecentActivity","FireFox",((temprs.getString("title") != null) ? temprs.getString("title") : "No Title"));
bbart.addAttribute(bbatturl);
bbart.addAttribute(bbatttitle);
//bbart.addAttribute(ATTRIBUTE_TYPE.TSK_URL, temprs.getString("url"), "RecentActivity","FireFox");
//bbart.addAttribute(ATTRIBUTE_TYPE.TSK_DATETIME, temprs.getString("visit_date"), "RecentActivity","FireFox");
//bbart.addAttribute(ATTRIBUTE_TYPE.TSK_REFERRER, temprs.getString("from_visit"), "RecentActivity","FireFox");
@ -101,9 +101,9 @@ public class Firefox {
kvs.put("Count", "");
kvs.put("Last Accessed", "");
kvs.put("Reference", "");
BlackboardAttribute bbatturl = new BlackboardAttribute(5, ((temprs.getString("url") != null) ? temprs.getString("url") : "No URL"), "RecentActivity","FireFox");
BlackboardAttribute bbatturl = new BlackboardAttribute(5,"RecentActivity","FireFox",((temprs.getString("url") != null) ? temprs.getString("url") : "No URL"));
bbart.addAttribute(bbatturl);
BlackboardAttribute bbatttitle = new BlackboardAttribute(3, ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "No Title"), "RecentActivity","FireFox");
BlackboardAttribute bbatttitle = new BlackboardAttribute(3, "RecentActivity","FireFox", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "No Title"));
bbart.addAttribute(bbatttitle);
bookmarks.add(kvs);
@ -163,13 +163,13 @@ public class Firefox {
kvs.put("Count", temprs.getString("value"));
kvs.put("Last Accessed", temprs.getString("lastAccessed"));
kvs.put("Reference", temprs.getString("creationTime"));
BlackboardAttribute bbatturl = new BlackboardAttribute(1, temprs.getString("host"), "RecentActivity", "FireFox");
BlackboardAttribute bbatturl = new BlackboardAttribute(1, "RecentActivity", "FireFox", temprs.getString("host"));
bbart.addAttribute(bbatturl);
BlackboardAttribute bbattdate = new BlackboardAttribute(2, temprs.getString("lastAccessed"), "RecentActivity", "FireFox");
BlackboardAttribute bbattdate = new BlackboardAttribute(2, "RecentActivity", "FireFox", temprs.getString("lastAccessed"));
bbart.addAttribute(bbattdate);
BlackboardAttribute bbattvalue = new BlackboardAttribute(26, temprs.getString("value"), "RecentActivity", "FireFox");
BlackboardAttribute bbattvalue = new BlackboardAttribute(26, "RecentActivity", "FireFox", temprs.getString("value"));
bbart.addAttribute(bbattvalue);
BlackboardAttribute bbatttitle = new BlackboardAttribute(3, ((temprs.getString("name") != null) ? temprs.getString("name") : "No name"), "RecentActivity","FireFox");
BlackboardAttribute bbatttitle = new BlackboardAttribute(3, "RecentActivity","FireFox",((temprs.getString("name") != null) ? temprs.getString("name") : "No name"));
bbart.addAttribute(bbatttitle);

19
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestService.java
View File

@ -59,10 +59,11 @@ public final class RAImageIngestService implements IngestServiceImage {
//service specific Image processing code here
//example:
controller.switchToDeterminate(2);
ExtractAll ext = new ExtractAll();
int count = ext.getExtractCount();
// int count = ext.getExtractCount();
//if we know amount of work units, we can switch to determinate and update progress bar
int filesToProcess = count;
int filesToProcess = 1;
controller.switchToDeterminate(filesToProcess);
int processedFiles = 0;
@ -83,8 +84,22 @@ public final class RAImageIngestService implements IngestServiceImage {
}
catch (Error e) {
}
if (controller.isCancelled()) {
return;
}
controller.progress(1);
try {
//do the work
ext.extractToBlackboard();
controller.progress(2);
} catch (Error e) {
manager.postMessage(IngestMessage.createErrorMessage(++messageId,
this, "Error writing recent activity data"));
}
}
}

2
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RecentActivityDataExplorer.java
View File

@ -58,8 +58,6 @@ public class RecentActivityDataExplorer implements DataExplorer {
void makeNodes()
{
things.clear();
ExtractRegistry eree = new ExtractRegistry();
eree.getregistryfiles();
Firefox ffre = new Firefox();
ffre.getffdb();
Chrome chre = new Chrome();

8
thirdparty/pasco2/results/pasco2Result0.txt vendored Normal file
View File

@ -0,0 +1,8 @@
History File: C:\Users\Alex\Documents\projects\Autopsy2\testFolder\bentest\Temp\index0.dat Version: 5.2
TYPE URL MODIFIED TIME ACCESS TIME FILENAME DIRECTORY HTTP HEADERS
LEAK entries: 0
REDR entries: 0
URL entries: 0
ent entries: 0
unknown entries: 0