From f8a193761866e17d4f839789985b0cd917c83c5c Mon Sep 17 00:00:00 2001 From: Karl Mortensen Date: Thu, 30 Jun 2016 10:26:39 -0400 Subject: [PATCH 01/10] Compensate for core.properties sticking around --- .../autopsy/keywordsearch/KeywordSearch.java | 9 -- .../autopsy/keywordsearch/Server.java | 152 +++++++++--------- 2 files changed, 80 insertions(+), 81 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearch.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearch.java index cdd027472f..4513aca040 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearch.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearch.java @@ -119,15 +119,6 @@ public class KeywordSearch { @Override public void propertyChange(PropertyChangeEvent evt) { - /* - * TODO (AUT-2081): There is a Solr core unloading bug, fixed in - * Solr 5.4, that results in the co-existence of a core.properties - * file and a core.properties.unloaded file in the core instance - * directory when a core is closed/unloaded. When this happens, - * subsequent core open/load attempts will fail. The workaround for - * single-user cases is to close and reopen Autopsy so that a new - * server instance gets spun up. - */ if (evt.getPropertyName().equals(Case.Events.CURRENT_CASE.toString())) { if (null != evt.getOldValue()) { /* diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java index ef7e3ed76b..cd9d1572c9 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java @@ -79,76 +79,76 @@ public class Server { public static enum Schema { ID { - @Override - public String toString() { - return "id"; //NON-NLS - } - }, + @Override + public String toString() { + return "id"; //NON-NLS + } + }, IMAGE_ID { - @Override - public String toString() { - return "image_id"; //NON-NLS - } - }, + @Override + public String toString() { + return "image_id"; //NON-NLS + } + }, // This is not stored or index . it is copied to Text and Content_Ws CONTENT { - @Override - public String toString() { - return "content"; //NON-NLS - } - }, + @Override + public String toString() { + return "content"; //NON-NLS + } + }, TEXT { - @Override - public String toString() { - return "text"; //NON-NLS - } - }, + @Override + public String toString() { + return "text"; //NON-NLS + } + }, CONTENT_WS { - @Override - public String toString() { - return "content_ws"; //NON-NLS - } - }, + @Override + public String toString() { + return "content_ws"; //NON-NLS + } + }, FILE_NAME { - @Override - public String toString() { - return "file_name"; //NON-NLS - } - }, + @Override + public String toString() { + return "file_name"; //NON-NLS + } + }, // note that we no longer index this field CTIME { - @Override - public String toString() { - return "ctime"; //NON-NLS - } - }, + @Override + public String toString() { + return "ctime"; //NON-NLS + } + }, // note that we no longer index this field ATIME { - @Override - public String toString() { - return "atime"; //NON-NLS - } - }, + @Override + public String toString() { + return "atime"; //NON-NLS + } + }, // note that we no longer index this field MTIME { - @Override - public String toString() { - return "mtime"; //NON-NLS - } - }, + @Override + public String toString() { + return "mtime"; //NON-NLS + } + }, // note that we no longer index this field CRTIME { - @Override - public String toString() { - return "crtime"; //NON-NLS - } - }, + @Override + public String toString() { + return "crtime"; //NON-NLS + } + }, NUM_CHUNKS { - @Override - public String toString() { - return "num_chunks"; //NON-NLS - } - }, + @Override + public String toString() { + return "num_chunks"; //NON-NLS + } + }, }; public static final String HL_ANALYZE_CHARS_UNLIMITED = "500000"; //max 1MB in a chunk. use -1 for unlimited, but -1 option may not be supported (not documented) @@ -173,6 +173,8 @@ public class Server { private int currentSolrStopPort = 0; private static final boolean DEBUG = false;//(Version.getBuildType() == Version.Type.DEVELOPMENT); private UNCPathUtilities uncPathUtilities = null; + private static final String SOLR = "solr"; + private static final String CORE_PROPERTIES = "core.properties"; public enum CORE_EVT_STATES { @@ -635,15 +637,6 @@ public class Server { currentCoreLock.writeLock().lock(); try { if (null != currentCore) { - /* - * TODO (AUT-2081): There is a Solr core unloading bug, fixed in - * Solr 5.4, that will result in the co-existence of a - * core.properties file and a core.properties.unloaded file in - * the core instance directory when the following code executes. - * When this happens, subsequent open/load attempts will fail. - * The workaround for single-user cases is to close and reopen - * Autopsy so that a new server instance gets spun up. - */ currentCore.close(); currentCore = null; serverAction.putValue(CORE_EVT, CORE_EVT_STATES.STOPPED); @@ -1097,15 +1090,21 @@ public class Server { * The core either does not exist or it is not loaded. Make a * request that will cause the core to be created if it does not * exist or loaded if it already exists. - * - * TODO (AUT-2081): There is a Solr core unloading bug, fixed in - * Solr 5.4, that results in the co-existence of a - * core.properties file and a core.properties.unloaded file in - * the core instance directory when a core is unloaded. When - * this happens, this code will fail. The workaround for - * single-user cases is to close and reopen Autopsy so that a - * new server instance gets spun up. */ + + // In single user mode, if there is a core.properties file already, + // we've hit a solr bug. Compensate by deleting it. + if (caseType == CaseType.SINGLE_USER_CASE) { + Path corePropertiesFile = Paths.get(solrFolder.toString(), SOLR, coreName, CORE_PROPERTIES); + if (corePropertiesFile.toFile().exists()) { + try { + corePropertiesFile.toFile().delete(); + } catch (Exception ex) { + logger.log(Level.INFO, "Could not delete pre-existing core.properties prior to opening the core."); //NON-NLS + } + } + } + CoreAdminRequest.Create createCoreRequest = new CoreAdminRequest.Create(); createCoreRequest.setDataDir(dataDir.getAbsolutePath()); createCoreRequest.setCoreName(coreName); @@ -1208,6 +1207,15 @@ public class Server { } + /** + * Get the name of the core + * + * @return the String name of the core + */ + String getName() { + return name; + } + private QueryResponse query(SolrQuery sq) throws SolrServerException { return solrCore.query(sq); } From ee6cbcd05fda6d489c572c279b0826193a7836a3 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Mon, 11 Jul 2016 13:51:38 -0400 Subject: [PATCH 02/10] Fix bug in email artifacts refresh --- Core/src/org/sleuthkit/autopsy/datamodel/EmailExtracted.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/EmailExtracted.java b/Core/src/org/sleuthkit/autopsy/datamodel/EmailExtracted.java index fecf47d7cd..eabba62b07 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/EmailExtracted.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/EmailExtracted.java @@ -129,6 +129,8 @@ public class EmailExtracted implements AutopsyVisitableItem { } catch (TskCoreException | SQLException ex) { logger.log(Level.WARNING, "Cannot initialize email extraction: ", ex); //NON-NLS } + setChanged(); + notifyObservers(); } private Map parsePath(String path) { From 165a6dbc97934e721680d7dd98c11580181d9bcd Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Fri, 15 Jul 2016 17:15:16 -0400 Subject: [PATCH 03/10] Merge pull request #2279 from eugene7646/kws 1878 Fixed a bug where indexed text content viewer erroneously reported "no keyword hits" --- .../autopsy/keywordsearch/Bundle.properties | 2 +- .../keywordsearch/HighlightedText.java | 36 ++------------ .../KeywordSearchResultFactory.java | 48 +++++++++++-------- 3 files changed, 33 insertions(+), 53 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties index 8b1f465b6a..74c70118bc 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties @@ -64,7 +64,7 @@ ExtractedContentViewer.getTitle=Indexed Text ExtractedContentViewer.getSolrContent.knownFileMsg=

{0} is a known file (based on MD5 hash) and does not have text in the index.

ExtractedContentViewer.getSolrContent.noTxtYetMsg=

{0} does not have text in the index.
It may have no text, not been analyzed yet, or keyword search was not enabled during ingest.

ExtractedContentViewer.getSolrContent.txtBodyItal={0} -HighlightedMatchesSource.getMarkup.noMatchMsg=
There were no keyword hits on this page. 
Keyword could have been in file name. 
Advance to another page for hits or choose Extracted Text to view original text..
+HighlightedMatchesSource.getMarkup.noMatchMsg=
There were no keyword hits on this page. 
Keyword could have been in file name. 
Advance to another page for hits or to view original text choose File Text 
in the drop down menu to the right..
HighlightedMatchesSource.getMarkup.queryFailedMsg=
Failed to retrieve keyword hit results. 
Confirm that Autopsy can connect to the Solr server.
HighlightedMatchesSource.toString=Search Results Installer.reportPortError=Indexing server port {0} is not available. Check if your security software does not block {1} and consider changing {2} in {3} property file in the application user folder. Then try rebooting your system if another process was causing the conflict. diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java index a9b7524538..4e4b55d5f7 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java @@ -298,45 +298,17 @@ class HighlightedText implements IndexedText, TextMarkupLookup { String highLightField = null; - String highlightQuery = keywordHitQuery; - if (isRegex) { highLightField = LuceneQuery.HIGHLIGHT_FIELD_REGEX; - //escape special lucene chars if not already escaped (if not a compound query) - //TODO a better way to mark it a compound highlight query - final String findSubstr = LuceneQuery.HIGHLIGHT_FIELD_REGEX + ":"; - if (!highlightQuery.contains(findSubstr)) { - highlightQuery = KeywordSearchUtil.escapeLuceneQuery(highlightQuery); - } } else { highLightField = LuceneQuery.HIGHLIGHT_FIELD_LITERAL; - //escape special lucene chars always for literal queries query - highlightQuery = KeywordSearchUtil.escapeLuceneQuery(highlightQuery); } SolrQuery q = new SolrQuery(); q.setShowDebugInfo(DEBUG); //debug - String queryStr = null; - - if (isRegex) { - StringBuilder sb = new StringBuilder(); - sb.append(highLightField).append(":"); - if (group) { - sb.append("\""); - } - sb.append(highlightQuery); - if (group) { - sb.append("\""); - } - queryStr = sb.toString(); - } else { - //use default field, simplifies query - //always force grouping/quotes - queryStr = KeywordSearchUtil.quoteQuery(highlightQuery); - } - - q.setQuery(queryStr); + // input query has already been properly constructed and escaped + q.setQuery(keywordHitQuery); String contentIdStr = Long.toString(this.objectId); if (hasChunks) { @@ -367,7 +339,6 @@ class HighlightedText implements IndexedText, TextMarkupLookup { Map> responseHighlightID = responseHighlight.get(contentIdStr); if (responseHighlightID == null) { return NbBundle.getMessage(this.getClass(), "HighlightedMatchesSource.getMarkup.noMatchMsg"); - } List contentHighlights = responseHighlightID.get(highLightField); if (contentHighlights == null) { @@ -379,7 +350,8 @@ class HighlightedText implements IndexedText, TextMarkupLookup { return "
" + highlightedContent + "
"; //NON-NLS } - } catch (NoOpenCoreException | KeywordSearchModuleException ex) { + } catch (Exception ex) { + logger.log(Level.WARNING, "Error executing Solr highlighting query: " + keywordHitQuery, ex); //NON-NLS return NbBundle.getMessage(this.getClass(), "HighlightedMatchesSource.getMarkup.queryFailedMsg"); } } diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java index 24d32c76bc..835fe539ee 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java @@ -247,54 +247,62 @@ class KeywordSearchResultFactory extends ChildFactory { * @return */ private String getHighlightQuery(KeywordSearchQuery query, boolean literal_query, QueryResults queryResults, Content content) { - String highlightQueryEscaped; if (literal_query) { //literal, treat as non-regex, non-term component query - highlightQueryEscaped = query.getQueryString(); + return constructEscapedSolrQuery(query.getQueryString(), literal_query); } else { //construct a Solr query using aggregated terms to get highlighting //the query is executed later on demand - StringBuilder highlightQuery = new StringBuilder(); - if (queryResults.getKeywords().size() == 1) { //simple case, no need to process subqueries and do special escaping Keyword term = queryResults.getKeywords().iterator().next(); - highlightQuery.append(term.toString()); + return constructEscapedSolrQuery(term.getQuery(), literal_query); } else { //find terms for this content hit - List hitTerms = new ArrayList<>(); + List hitTerms = new ArrayList<>(); for (Keyword keyword : queryResults.getKeywords()) { for (KeywordHit hit : queryResults.getResults(keyword)) { if (hit.getContent().equals(content)) { - hitTerms.add(keyword.toString()); + hitTerms.add(keyword); break; //go to next term } } } + StringBuilder highlightQuery = new StringBuilder(); final int lastTerm = hitTerms.size() - 1; int curTerm = 0; - for (String term : hitTerms) { - //escape subqueries, they shouldn't be escaped again later - final String termS = KeywordSearchUtil.escapeLuceneQuery(term); - highlightQuery.append("\""); - highlightQuery.append(termS); - highlightQuery.append("\""); + for (Keyword term : hitTerms) { + //escape subqueries, MAKE SURE they are not escaped again later + highlightQuery.append(constructEscapedSolrQuery(term.getQuery(), literal_query)); if (lastTerm != curTerm) { highlightQuery.append(" "); //acts as OR || - //force HIGHLIGHT_FIELD_REGEX index and stored content - //in each term after first. First term taken care by HighlightedMatchesSource - highlightQuery.append(LuceneQuery.HIGHLIGHT_FIELD_REGEX).append(":"); } ++curTerm; } + return highlightQuery.toString(); } - //String highlightQueryEscaped = KeywordSearchUtil.escapeLuceneQuery(highlightQuery.toString()); - highlightQueryEscaped = highlightQuery.toString(); } - - return highlightQueryEscaped; + } + + /** + * Constructs a complete, escaped Solr query that is ready to be used. + * + * @param query keyword term to be searched for + * @param literal_query flag whether query is literal or regex + * @return Solr query string + */ + private String constructEscapedSolrQuery(String query, boolean literal_query) { + StringBuilder highlightQuery = new StringBuilder(); + String highLightField; + if (literal_query) { + highLightField = LuceneQuery.HIGHLIGHT_FIELD_LITERAL; + } else { + highLightField = LuceneQuery.HIGHLIGHT_FIELD_REGEX; + } + highlightQuery.append(highLightField).append(":").append("\"").append(KeywordSearchUtil.escapeLuceneQuery(query)).append("\""); + return highlightQuery.toString(); } @Override From 6fe30cbc4c2f344cb62d1e5fc04140f883ff54c4 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Fri, 15 Jul 2016 18:12:40 -0400 Subject: [PATCH 04/10] Refined keyword highlight query result message --- .../src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties | 2 +- .../org/sleuthkit/autopsy/keywordsearch/Bundle_ja.properties | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties index 74c70118bc..cecbe19cae 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties @@ -64,7 +64,7 @@ ExtractedContentViewer.getTitle=Indexed Text ExtractedContentViewer.getSolrContent.knownFileMsg=

{0} is a known file (based on MD5 hash) and does not have text in the index.

ExtractedContentViewer.getSolrContent.noTxtYetMsg=

{0} does not have text in the index.
It may have no text, not been analyzed yet, or keyword search was not enabled during ingest.

ExtractedContentViewer.getSolrContent.txtBodyItal={0} -HighlightedMatchesSource.getMarkup.noMatchMsg=
There were no keyword hits on this page. 
Keyword could have been in file name. 
Advance to another page for hits or to view original text choose File Text 
in the drop down menu to the right..
+HighlightedMatchesSource.getMarkup.noMatchMsg=
There were no keyword hits on this page. 
The keyword could have been in the file name. 
Advance to another page if present, or to view the original text, choose File Text 
in the drop down menu to the right...
HighlightedMatchesSource.getMarkup.queryFailedMsg=
Failed to retrieve keyword hit results. 
Confirm that Autopsy can connect to the Solr server.
HighlightedMatchesSource.toString=Search Results Installer.reportPortError=Indexing server port {0} is not available. Check if your security software does not block {1} and consider changing {2} in {3} property file in the application user folder. Then try rebooting your system if another process was causing the conflict. diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle_ja.properties b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle_ja.properties index 6230a04153..827842afd2 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle_ja.properties +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle_ja.properties @@ -51,7 +51,6 @@ ExtractedContentViewer.toolTip=\u30d5\u30a1\u30a4\u30eb\u3084\u30ad\u30fc\u30ef\ ExtractedContentViewer.getTitle=\u30a4\u30f3\u30c7\u30c3\u30af\u30b9\u5316\u3055\u308c\u305f\u30c6\u30ad\u30b9\u30c8 ExtractedContentViewer.getSolrContent.knownFileMsg=

{0}\u306f\u65e2\u77e5\u30d5\u30a1\u30a4\u30eb\u3067\u3059\uff08MDS\u30cf\u30c3\u30b7\u30e5\u306b\u57fa\u3065\u304f\u3068\uff09\u3002\u30a4\u30f3\u30c7\u30c3\u30af\u30b9\u306b\u30c6\u30ad\u30b9\u30c8\u304c\u3042\u308a\u307e\u305b\u3093\u3002

ExtractedContentViewer.getSolrContent.noTxtYetMsg=

{0}\u306e\u30a4\u30f3\u30c7\u30c3\u30af\u30b9\u306b\u30c6\u30ad\u30b9\u30c8\u304c\u3042\u308a\u307e\u305b\u3093\u3002
\u30c6\u30ad\u30b9\u30c8\u304c\u7121\u3044\u304b\u3001\u307e\u3060\u89e3\u6790\u3055\u308c\u3066\u3044\u306a\u3044\u304b\u3001\u30ad\u30fc\u30ef\u30fc\u30c9\u691c\u7d22\u304c\u30a4\u30f3\u30b8\u30a7\u30b9\u30c8\u4e2d\u306b\u6709\u52b9\u5316\u3055\u308c\u3066\u3044\u306a\u304b\u3063\u305f\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u3002

-HighlightedMatchesSource.getMarkup.noMatchMsg=
\u3053\u306e\u30da\u30fc\u30b8\u4e0a\u3067\u30ad\u30fc\u30ef\u30fc\u30c9\u304c\u30d2\u30c3\u30c8\u3057\u307e\u305b\u3093\u3067\u3057\u305f\u3002
\u30ad\u30fc\u30ef\u30fc\u30c9\u304c\u30d5\u30a1\u30a4\u30eb\u540d\u306b\u542b\u307e\u308c\u3066\u3044\u305f\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u3002 
\u30d2\u30c3\u30c8\u3057\u305f\u7d50\u679c\u3092\u898b\u308b\u306e\u306b\u5225\u306e\u30da\u30fc\u30b8\u306b\u79fb\u52d5\u3059\u308b\u304b\u3001\u30aa\u30ea\u30b8\u30ca\u30eb\u30c6\u30ad\u30b9\u30c8\u3092\u8868\u793a\u3059\u308b\u306e\u306b\u3001\u300c\u62bd\u51fa\u3055\u308c\u305f\u30c6\u30ad\u30b9\u30c8\u300d\u3092\u9078\u629e\u3057\u3066\u4e0b\u3055\u3044\u3002
HighlightedMatchesSource.toString=\u691c\u7d22\u7d50\u679c Installer.reportPortError=\u30a4\u30f3\u30c7\u30c3\u30af\u30b9\u30b5\u30fc\u30d0\u30fc\u30dd\u30fc\u30c8 {0} \u306f\u5229\u7528\u3067\u304d\u307e\u305b\u3093\u3002\u4f7f\u7528\u3057\u3066\u3044\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u304c {1} \u3092\u30d6\u30ed\u30c3\u30af\u3057\u3066\u3044\u306a\u3044\u304b\u78ba\u8a8d\u3057\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30e6\u30fc\u30b6\u30fc\u30d5\u30a9\u30eb\u30c0\u30fc\u5185\u306e{3}\u30d7\u30ed\u30d1\u30c6\u30a3\u30d5\u30a1\u30a4\u30eb\u306e{2}\u3092\u5909\u66f4\u3059\u308b\u691c\u8a0e\u3092\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u3082\u3057\u4ed6\u306e\u51e6\u7406\u304c\u554f\u984c\u306e\u539f\u56e0\u3067\u3042\u308c\u3070\u3001\u30b7\u30b9\u30c6\u30e0\u3092\u518d\u8d77\u52d5\u3057\u3066\u4e0b\u3055\u3044\u3002 Installer.reportStopPortError=\u30a4\u30f3\u30c7\u30c3\u30af\u30b9\u30b5\u30fc\u30d0\u30fc\u30b9\u30c8\u30c3\u30d7\u30dd\u30fc\u30c8 {0} \u306f\u5229\u7528\u3067\u304d\u307e\u305b\u3093\u3002\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30e6\u30fc\u30b6\u30fc\u30d5\u30a9\u30eb\u30c0\u30fc\u5185\u306e{3}\u30d7\u30ed\u30d1\u30c6\u30a3\u30d5\u30a1\u30a4\u30eb\u306e{2}\u3092\u5909\u66f4\u3059\u308b\u691c\u8a0e\u3092\u3057\u3066\u304f\u3060\u3055\u3044\u3002 From 22fb5c0bbbd929ae4d14b30f8a6828b08c6bc19f Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Mon, 18 Jul 2016 17:21:27 -0400 Subject: [PATCH 05/10] Update NEWS.txt for delayed 4.1.0 release --- NEWS.txt | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/NEWS.txt b/NEWS.txt index 3d7937e656..0d4d29606c 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -1,18 +1,18 @@ ---------------- VERSION 4.1.0 -------------- Improvements: +- New list view in Timeline tool - VMWare virtual machine files (vmdk) and Microsoft Virtual Hard Drives (vhd) can be added as data sources. - New core ingest module detects vmdk and vhd files embedded in other data sources and adds them as data sources. - Text associated with artifacts posted to the blackboard is indexed and searched for keywords. -- Custom (user-defined) blackboard artifact and attribute types displayed in UI and included in reports. -- File size and MIME type conditions can be specified for interesting files rules. -- File size and MIME type conditions can be specified for file search by attributes. +- Custom (user-defined) blackboard artifact and attribute types are displayed in the UI and included in reports. +- Additional Autopsy-defined custom file type definitions for assorted media file types have been added. +- The File Metadata content viewer displays MIME type. +- File size and MIME type conditions can be specified for interesting files set membership rules. +- File size and MIME type conditions can be specified for file searches by attributes. - Local/GMT time preference is used in reports. - User has option to choose display name for logical/local file set data sources. -- Global settings panel behavior is more consistent and the panels handle resizing better. -- Additional Autopsy-defined custom file type definitions for assorted media file types have been added. -- The precedence of user-defined custom file type definitions has been restored. -- The File Metadata content viewer displays MIME type. - Virtual directories can be tagged. +- Improved KML reports that include all geospatial artifacts posted to the blackboard. - Assorted bug fixes and minor enhancements. ---------------- VERSION 4.0.0 -------------- From 9293da4cbe600046a8202120849a3d424f8ae703 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Mon, 18 Jul 2016 17:58:44 -0400 Subject: [PATCH 06/10] Update suite project properties for 4.1.0 release --- .../core/core.jar/org/netbeans/core/startup/Bundle.properties | 2 +- .../org/netbeans/core/windows/view/ui/Bundle.properties | 2 +- nbproject/project.properties | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/branding/core/core.jar/org/netbeans/core/startup/Bundle.properties b/branding/core/core.jar/org/netbeans/core/startup/Bundle.properties index 387cfb83e3..2eb10546c9 100644 --- a/branding/core/core.jar/org/netbeans/core/startup/Bundle.properties +++ b/branding/core/core.jar/org/netbeans/core/startup/Bundle.properties @@ -1,5 +1,5 @@ #Updated by build script -#Mon, 22 Feb 2016 16:37:47 -0500 +#Mon, 18 Jul 2016 17:58:06 -0400 LBL_splash_window_title=Starting Autopsy SPLASH_HEIGHT=314 SPLASH_WIDTH=538 diff --git a/branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties b/branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties index eac00c4b67..468b249673 100644 --- a/branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties +++ b/branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties @@ -1,4 +1,4 @@ #Updated by build script -#Mon, 22 Feb 2016 16:37:47 -0500 +#Mon, 18 Jul 2016 17:58:06 -0400 CTL_MainWindow_Title=Autopsy 4.1.0 CTL_MainWindow_Title_No_Project=Autopsy 4.1.0 diff --git a/nbproject/project.properties b/nbproject/project.properties index 8d6bea269f..82d17bcb95 100644 --- a/nbproject/project.properties +++ b/nbproject/project.properties @@ -7,7 +7,7 @@ app.name=${branding.token} app.version=4.1.0 ### build.type must be one of: DEVELOPMENT, RELEASE #build.type=RELEASE -build.type=DEVELOPMENT +build.type=RELEASE project.org.sleuthkit.autopsy.imagegallery=ImageGallery update_versions=false From 5afbd922aa15e8840affec8b3b2dc803d5472d2d Mon Sep 17 00:00:00 2001 From: Karl Mortensen Date: Mon, 20 Jun 2016 15:51:04 -0400 Subject: [PATCH 07/10] Use resources instead of full path --- Core/src/org/sleuthkit/autopsy/timeline/OpenTimelineAction.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/timeline/OpenTimelineAction.java b/Core/src/org/sleuthkit/autopsy/timeline/OpenTimelineAction.java index 47d7f6940d..54d68cd7d9 100644 --- a/Core/src/org/sleuthkit/autopsy/timeline/OpenTimelineAction.java +++ b/Core/src/org/sleuthkit/autopsy/timeline/OpenTimelineAction.java @@ -140,7 +140,7 @@ public class OpenTimelineAction extends CallableSystemAction implements Presente */ @Override public Component getToolbarPresenter() { - ImageIcon icon = new ImageIcon("Core/src/org/sleuthkit/autopsy/timeline/images/btn_icon_timeline_colorized_26.png"); //NON-NLS + ImageIcon icon = new ImageIcon(getClass().getResource("images/btn_icon_timeline_colorized_26.png")); //NON-NLS toolbarButton.setIcon(icon); toolbarButton.setText(this.getName()); From bdf927152e3942446e4e90102a083212f739df7f Mon Sep 17 00:00:00 2001 From: jmillman Date: Tue, 19 Jul 2016 12:17:45 -0400 Subject: [PATCH 08/10] add description of anchoring behavior to keyword_search.dox --- docs/doxygen-user/keyword_search.dox | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/doxygen-user/keyword_search.dox b/docs/doxygen-user/keyword_search.dox index ec880cac75..85f503ebc7 100644 --- a/docs/doxygen-user/keyword_search.dox +++ b/docs/doxygen-user/keyword_search.dox @@ -21,7 +21,9 @@ The keyword search configuration dialog has three tabs, each with it's own purpo \li The String Extraction tab is used to enable language scripts and extraction type. \li The General tab is used to configure the ingest timings and display information. -To create a list, select the 'New List' button and choose a name for the new Keyword List. Once the list has been created, keywords can be added to it. Regular expressions are supported using Java Regex Syntax. Lists can be added to the keyword search ingest process; searches will happen at regular intervals as content is added to the index. +To create a list, select the 'New List' button and choose a name for the new Keyword List. Once the list has been created, keywords can be added to it. Lists can be added to the keyword search ingest process; searches will happen at regular intervals as content is added to the index. + +Regular expressions are supported using Java Regex Syntax, with one caveat: Solr treats regular expressions as if they begin and end with the anchoring tags "^" and "$", which match the start and the end of a string respectively.If you do not want this behavior, you can put .* at the start and/or end of the regex. List Import and Export \n Autopsy supports importing Encase tab-delimited lists as well as lists created previously with Autopsy. For Encase lists, folder structure and hierarchy is currently ignored. This will be fixed in a future version. There is currently no way to export lists for use with Encase. This will also be added in future releases. From 57fcb31d2d10151941e4749918adc214f6e32000 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 19 Jul 2016 12:32:40 -0400 Subject: [PATCH 09/10] Update keyword_search.dox --- docs/doxygen-user/keyword_search.dox | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/doxygen-user/keyword_search.dox b/docs/doxygen-user/keyword_search.dox index 85f503ebc7..336996b1af 100644 --- a/docs/doxygen-user/keyword_search.dox +++ b/docs/doxygen-user/keyword_search.dox @@ -23,7 +23,7 @@ The keyword search configuration dialog has three tabs, each with it's own purpo To create a list, select the 'New List' button and choose a name for the new Keyword List. Once the list has been created, keywords can be added to it. Lists can be added to the keyword search ingest process; searches will happen at regular intervals as content is added to the index. -Regular expressions are supported using Java Regex Syntax, with one caveat: Solr treats regular expressions as if they begin and end with the anchoring tags "^" and "$", which match the start and the end of a string respectively.If you do not want this behavior, you can put .* at the start and/or end of the regex. +Regular expressions are supported using Java Regex Syntax, with one caveat: Solr treats regular expressions as if they begin and end with the anchoring tags "^" and "$", which match the start and the end of a string respectively. If you do not want this behavior, you can put .* at the start and/or end of the regex. List Import and Export \n Autopsy supports importing Encase tab-delimited lists as well as lists created previously with Autopsy. For Encase lists, folder structure and hierarchy is currently ignored. This will be fixed in a future version. There is currently no way to export lists for use with Encase. This will also be added in future releases. From 48bb082e544262261feceb50558019f231be7501 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 19 Jul 2016 13:52:44 -0400 Subject: [PATCH 10/10] Change build.type property back to DEVFELOPMENT --- nbproject/project.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nbproject/project.properties b/nbproject/project.properties index 82d17bcb95..8d6bea269f 100644 --- a/nbproject/project.properties +++ b/nbproject/project.properties @@ -7,7 +7,7 @@ app.name=${branding.token} app.version=4.1.0 ### build.type must be one of: DEVELOPMENT, RELEASE #build.type=RELEASE -build.type=RELEASE +build.type=DEVELOPMENT project.org.sleuthkit.autopsy.imagegallery=ImageGallery update_versions=false