mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Bug Fix 2288406 (fls 3.0.0 parsing)

Browse Source
This commit is contained in:
Brian Carrier 2008-11-15 04:16:06 +00:00
parent 79ee980506
commit bbdbd1d7c3
3 changed files with 98 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES.txt
View File

@ -2,6 +2,8 @@
11/7/08: Bug Fix: Changed case management code to not error when 'dls ...' 11/7/08: Bug Fix: Changed case management code to not error when 'dls ...'
line was encountered. line was encountered.
11/14/08: Bug Fix: Fixed bug 2288406 (parsing of new fls -l format when file name searching and deleted file listing)
--------------------------- Version 2.20 -------------------------------- --------------------------- Version 2.20 --------------------------------
7/1/08: Update: Updated FAT sizes based on new "special" files. 7/1/08: Update: Updated FAT sizes based on new "special" files.

1
TODO.txt
View File

@ -52,7 +52,6 @@ files appended to each other?
--------------------- GENERAL ----------------------------- --------------------- GENERAL -----------------------------
- Add foremost - Add foremost
- link in meta data to list just unallocated / used - link in meta data to list just unallocated / used
- HTML encode output data (TASK outout)
- Make data bases updatable in the host details view - Make data bases updatable in the host details view
- Option to mount images in loopback when it is a Linux system - Option to mount images in loopback when it is a Linux system
- read config files in autopsy itself and not everytime ... - read config files in autopsy itself and not everytime ...

159
lib/File.pm
View File

@ -971,11 +971,13 @@ EOF3
# for valid files and directories make a link # for valid files and directories make a link
# Special rule for $OrphanFiles directory, which has a size of 0 # Special rule for $OrphanFiles directory, which has a size of 0
if ( ($meta_int[$i] >= $Fs::first_meta{$ftype}) if (
($meta_int[$i] >= $Fs::first_meta{$ftype})
&& (($size[$i] > 0) || ($name[$i] =~ /^\$Orphan/)) && (($size[$i] > 0) || ($name[$i] =~ /^\$Orphan/))
&& ( ($itype[$i] eq 'r') && ( ($itype[$i] eq 'r')
|| ($itype[$i] eq 'd') || ($itype[$i] eq 'd')
|| ($itype[$i] eq 'v'))) || ($itype[$i] eq 'v'))
)
{ {
print " <td><a href=\"$url\" target=\"$target\">$lcolor"; print " <td><a href=\"$url\" target=\"$target\">$lcolor";
} }
@ -1191,18 +1193,14 @@ sub file_list_file {
. "<td>$sp</td>\n"; . "<td>$sp</td>\n";
# Mod / Written # Mod / Written
print " <td><img border=\"0\" "; if ($Fs::has_mtime{$ftype}) {
if ($Fs::mtime_str{$ftype} eq 'Modified') { print " <td><img border=\"0\" "
print "src=\"pict/file_h_mod_link.jpg\" " . "src=\"pict/file_h_wr_link.jpg\" "
. "width=\"62\" height=20 "
. "alt=\"Modified Time\">";
}
else {
print "src=\"pict/file_h_wr_link.jpg\" "
. "width=\"60\" " . "width=\"60\" "
. "alt=\"Written Time\">"; . "alt=\"Written Time\">"
. "</td>\n"
. "<td>$sp</td>\n";
} }
print "</td>\n" . "<td>$sp</td>\n";
# Access # Access
print " <td><img border=\"0\" " print " <td><img border=\"0\" "
@ -1212,19 +1210,25 @@ sub file_list_file {
. "</td>\n" . "</td>\n"
. "<td>$sp</td>\n"; . "<td>$sp</td>\n";
# Change / Create # Change
print " <td><img border=\"0\" "; if ($Fs::has_ctime{$ftype}) {
if ($Fs::ctime_str{$ftype} eq 'Changed') { print " <td><img border=\"0\" "
print "src=\"pict/file_h_chg_link.jpg\" " . "src=\"pict/file_h_chg_link.jpg\" "
. "width=\"62\" height=20 " . "width=\"62\" "
. "alt=\"Change Time\">"; . "alt=\"Change Time\">"
. "</td>\n"
. "<td>$sp</td>\n";
} }
else {
print "src=\"pict/file_h_cre_link.jpg\" " # Create
. "width=\"59\" height=20 " if ($Fs::has_crtime{$ftype}) {
. "alt=\"Create Time\">"; print " <td><img border=\"0\" "
. "src=\"pict/file_h_cre_link.jpg\" "
. "width=\"59\" "
. "alt=\"Create Time\">"
. "</td>\n"
. "<td>$sp</td>\n";
} }
print "</td>\n" . "<td>$sp</td>\n";
# Size # Size
print " <td><img border=\"0\" " print " <td><img border=\"0\" "
@ -1260,9 +1264,8 @@ sub file_list_file {
my $row = 0; my $row = 0;
while ($_ = Exec::read_pipe_line(*OUT)) { while ($_ = Exec::read_pipe_line(*OUT)) {
if ( if (
/^($::REG_MTYPE)\/($::REG_MTYPE)\s*(\*?)\s*($::REG_META)(\(realloc\))?:\t(.+?)\t($::REG_DATE)\t($::REG_DATE)\t($::REG_DATE)\t(\d+)\t(\d+)\t(\d+)$/o /^($::REG_MTYPE)\/($::REG_MTYPE)\s*(\*?)\s*($::REG_META)(\(realloc\))?:\t(.+?)\t($::REG_DATE)\t($::REG_DATE)\t($::REG_DATE)\t($::REG_DATE)\t(\d+)\t(\d+)\t(\d+)$/o
) )
{ {
@ -1278,9 +1281,10 @@ sub file_list_file {
my $m = $7; my $m = $7;
my $a = $8; my $a = $8;
my $c = $9; my $c = $9;
my $s = $10; my $cr = $10;
my $g = $11; my $s = $11;
my $u = $12; my $g = $12;
my $u = $13;
if ($n =~ /^\/(.*)/) { if ($n =~ /^\/(.*)/) {
$n = $1; $n = $1;
@ -1378,14 +1382,19 @@ sub file_list_file {
if ($a =~ /($::REG_DAY\s+$::REG_TIME)\s+($::REG_ZONE2)/o); if ($a =~ /($::REG_DAY\s+$::REG_TIME)\s+($::REG_ZONE2)/o);
$c = "$1&nbsp;$2" $c = "$1&nbsp;$2"
if ($c =~ /($::REG_DAY\s+$::REG_TIME)\s+($::REG_ZONE2)/o); if ($c =~ /($::REG_DAY\s+$::REG_TIME)\s+($::REG_ZONE2)/o);
$cr = "$1&nbsp;$2"
if ($cr =~ /($::REG_DAY\s+$::REG_TIME)\s+($::REG_ZONE2)/o);
print "<td>$color$m</td>" print "<td>$color$m</td>" . "<td>$sp</td>\n"
. "<td>$sp</td>\n" if ($Fs::has_mtime{$ftype});
. "<td>$color$a</td>"
. "<td>$sp</td>\n" print "<td>$color$a</td>" . "<td>$sp</td>\n";
. "<td>$color$c</td>" print "<td>$color$c</td>" . "<td>$sp</td>\n"
. "<td>$sp</td>\n" if ($Fs::has_ctime{$ftype});
. "<td>$color$s</td>" print "<td>$color$cr</td>" . "<td>$sp</td>\n"
if ($Fs::has_crtime{$ftype});
print "<td>$color$s</td>"
. "<td>$sp</td>\n" . "<td>$sp</td>\n"
. "<td>$color$g</td>" . "<td>$color$g</td>"
. "<td>$sp</td>\n" . "<td>$sp</td>\n"
@ -1470,18 +1479,14 @@ sub file_list_del {
. "<td>$sp</td>\n"; . "<td>$sp</td>\n";
# Mod / Written # Mod / Written
print " <td><img border=\"0\" "; if ($Fs::has_mtime{$ftype}) {
if ($Fs::mtime_str{$ftype} eq 'Modified') { print " <td><img border=\"0\" "
print "src=\"pict/file_h_mod_link.jpg\" " . "src=\"pict/file_h_wr_link.jpg\" "
. "width=\"62\" height=20 "
. "alt=\"Modified Time\">";
}
else {
print "src=\"pict/file_h_wr_link.jpg\" "
. "width=\"60\" " . "width=\"60\" "
. "alt=\"Written Time\">"; . "alt=\"Written Time\">"
. "</td>\n"
. "<td>$sp</td>\n";
} }
print "</td>\n" . "<td>$sp</td>\n";
# Access # Access
print " <td><img border=\"0\" " print " <td><img border=\"0\" "
@ -1491,19 +1496,25 @@ sub file_list_del {
. "</td>\n" . "</td>\n"
. "<td>$sp</td>\n"; . "<td>$sp</td>\n";
# Change / Create # Change
print " <td><img border=\"0\" "; if ($Fs::has_ctime{$ftype}) {
if ($Fs::ctime_str{$ftype} eq 'Changed') { print " <td><img border=\"0\" "
print "src=\"pict/file_h_chg_link.jpg\" " . "src=\"pict/file_h_chg_link.jpg\" "
. "width=\"62\" height=20 " . "width=\"62\" "
. "alt=\"Change Time\">"; . "alt=\"Change Time\">"
. "</td>\n"
. "<td>$sp</td>\n";
} }
else {
print "src=\"pict/file_h_cre_link.jpg\" " # Create
. "width=\"59\" height=20 " if ($Fs::has_crtime{$ftype}) {
. "alt=\"Create Time\">"; print " <td><img border=\"0\" "
. "src=\"pict/file_h_cre_link.jpg\" "
. "width=\"59\" "
. "alt=\"Create Time\">"
. "</td>\n"
. "<td>$sp</td>\n";
} }
print "</td>\n" . "<td>$sp</td>\n";
# Size # Size
print " <td><img border=\"0\" " print " <td><img border=\"0\" "
@ -1541,7 +1552,7 @@ sub file_list_del {
while ($_ = Exec::read_pipe_line(*OUT)) { while ($_ = Exec::read_pipe_line(*OUT)) {
if ( if (
/^($::REG_MTYPE)\/($::REG_MTYPE)\s*(\*?)\s*($::REG_META)(\(realloc\))?:\t(.+?)\t($::REG_DATE)\t($::REG_DATE)\t($::REG_DATE)\t(\d+)\t(\d+)\t(\d+)$/o /^($::REG_MTYPE)\/($::REG_MTYPE)\s*(\*?)\s*($::REG_META)(\(realloc\))?:\t(.+?)\t($::REG_DATE)\t($::REG_DATE)\t($::REG_DATE)\t($::REG_DATE)\t(\d+)\t(\d+)\t(\d+)$/o
) )
{ {
@ -1557,9 +1568,10 @@ sub file_list_del {
my $m = $7; my $m = $7;
my $a = $8; my $a = $8;
my $c = $9; my $c = $9;
my $s = $10; my $cr = $10;
my $g = $11; my $s = $11;
my $u = $12; my $g = $12;
my $u = $13;
if ($n =~ /^\/(.*)/) { if ($n =~ /^\/(.*)/) {
$n = $1; $n = $1;
@ -1618,14 +1630,23 @@ sub file_list_del {
if ($a =~ /($::REG_DAY\s+$::REG_TIME)\s+($::REG_ZONE2)/o); if ($a =~ /($::REG_DAY\s+$::REG_TIME)\s+($::REG_ZONE2)/o);
$c = "$1&nbsp;$2" $c = "$1&nbsp;$2"
if ($c =~ /($::REG_DAY\s+$::REG_TIME)\s+($::REG_ZONE2)/o); if ($c =~ /($::REG_DAY\s+$::REG_TIME)\s+($::REG_ZONE2)/o);
$cr = "$1&nbsp;$2"
if ($cr =~ /($::REG_DAY\s+$::REG_TIME)\s+($::REG_ZONE2)/o);
print "<td><font color=\"$::DEL_COLOR[$r]\">$m</td>" print "<td><font color=\"$::DEL_COLOR[$r]\">$m</td>"
. "<td>$sp</td>\n" . "<td>$sp</td>\n"
. "<td><font color=\"$::DEL_COLOR[$r]\">$a</td>" if ($Fs::has_mtime{$ftype});
print "<td><font color=\"$::DEL_COLOR[$r]\">$a</td>"
. "<td>$sp</td>\n";
print "<td><font color=\"$::DEL_COLOR[$r]\">$c</td>"
. "<td>$sp</td>\n" . "<td>$sp</td>\n"
. "<td><font color=\"$::DEL_COLOR[$r]\">$c</td>" if ($Fs::has_ctime{$ftype});
print "<td><font color=\"$::DEL_COLOR[$r]\">$cr</td>"
. "<td>$sp</td>\n" . "<td>$sp</td>\n"
. "<td><font color=\"$::DEL_COLOR[$r]\">$s</td>" if ($Fs::has_crtime{$ftype});
print "<td><font color=\"$::DEL_COLOR[$r]\">$s</td>"
. "<td>$sp</td>\n" . "<td>$sp</td>\n"
. "<td><font color=\"$::DEL_COLOR[$r]\">$g</td>" . "<td><font color=\"$::DEL_COLOR[$r]\">$g</td>"
. "<td>$sp</td>\n" . "<td>$sp</td>\n"
@ -1876,8 +1897,7 @@ sub content {
); );
print "Contents Of File: $fname\n\n\n"; print "Contents Of File: $fname\n\n\n";
Print::print_output($_) Print::print_output($_) while ($_ = Exec::read_pipe_data(*OUT, 1024));
while ($_ = Exec::read_pipe_data(*OUT, 1024));
close(OUT); close(OUT);
} }
elsif ($sort == $FIL_SORT_HEX) { elsif ($sort == $FIL_SORT_HEX) {
@ -1905,8 +1925,7 @@ sub content {
); );
print "ASCII String Contents Of File: $fname\n\n\n\n"; print "ASCII String Contents Of File: $fname\n\n\n\n";
Print::print_output($_) Print::print_output($_) while ($_ = Exec::read_pipe_line(*OUT));
while ($_ = Exec::read_pipe_line(*OUT));
close(OUT); close(OUT);
} }
@ -2170,8 +2189,7 @@ sub report {
Exec::exec_pipe(*OUT, Exec::exec_pipe(*OUT,
"'$::TSKDIR/icat' -f $ftype $recflag -o $offset -i $imgtype $img $meta" "'$::TSKDIR/icat' -f $ftype $recflag -o $offset -i $imgtype $img $meta"
); );
Print::print_output($_) Print::print_output($_) while ($_ = Exec::read_pipe_data(*OUT, 1024));
while ($_ = Exec::read_pipe_data(*OUT, 1024));
close(OUT); close(OUT);
} }
elsif ($sort == $FIL_SORT_HEX) { elsif ($sort == $FIL_SORT_HEX) {
@ -2189,8 +2207,7 @@ sub report {
Exec::exec_pipe(*OUT, Exec::exec_pipe(*OUT,
"'$::TSKDIR/icat' -f $ftype $recflag -o $offset -i $imgtype $img $meta | '$::TSKDIR/srch_strings' -a" "'$::TSKDIR/icat' -f $ftype $recflag -o $offset -i $imgtype $img $meta | '$::TSKDIR/srch_strings' -a"
); );
Print::print_output($_) Print::print_output($_) while ($_ = Exec::read_pipe_line(*OUT));
while ($_ = Exec::read_pipe_line(*OUT));
close(OUT); close(OUT);
} }