mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-15 09:17:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/develop' into file_typing_module_enhancements

Browse Source
This commit is contained in:
Richard Cordovano 2014-12-04 15:29:46 -05:00
commit bc251c7cce
19 changed files with 238 additions and 212 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
Core/src/org/sleuthkit/autopsy/casemodule/Case.java
View File

@ -18,6 +18,7 @@
*/ */
package org.sleuthkit.autopsy.casemodule; package org.sleuthkit.autopsy.casemodule;
import java.awt.EventQueue;
import java.awt.Frame; import java.awt.Frame;
import java.beans.PropertyChangeListener; import java.beans.PropertyChangeListener;
import java.beans.PropertyChangeSupport; import java.beans.PropertyChangeSupport;
@ -1077,7 +1078,7 @@ public class Case implements SleuthkitCase.ErrorObserver {
} }
//case change helper //case change helper
private static void doCaseChange(Case toChangeTo) { private static void doCaseChange(final Case toChangeTo) {
logger.log(Level.INFO, "Changing Case to: " + toChangeTo); //NON-NLS logger.log(Level.INFO, "Changing Case to: " + toChangeTo); //NON-NLS
if (toChangeTo != null) { // new case is open if (toChangeTo != null) { // new case is open
@ -1085,6 +1086,9 @@ public class Case implements SleuthkitCase.ErrorObserver {
Case.clearTempFolder(); Case.clearTempFolder();
checkSubFolders(toChangeTo); checkSubFolders(toChangeTo);
EventQueue.invokeLater(new Runnable() {
@Override
public void run() {
// enable these menus // enable these menus
CallableSystemAction.get(AddImageAction.class).setEnabled(true); CallableSystemAction.get(AddImageAction.class).setEnabled(true);
CallableSystemAction.get(CaseCloseAction.class).setEnabled(true); CallableSystemAction.get(CaseCloseAction.class).setEnabled(true);
@ -1098,7 +1102,13 @@ public class Case implements SleuthkitCase.ErrorObserver {
// close all top components // close all top components
CoreComponentControl.closeCoreWindows(); CoreComponentControl.closeCoreWindows();
} }
}
});
} else { // case is closed } else { // case is closed
EventQueue.invokeLater(new Runnable() {
@Override
public void run() {
// close all top components first // close all top components first
CoreComponentControl.closeCoreWindows(); CoreComponentControl.closeCoreWindows();
@ -1111,7 +1121,6 @@ public class Case implements SleuthkitCase.ErrorObserver {
//clear pending notifications //clear pending notifications
MessageNotifyUtil.Notify.clear(); MessageNotifyUtil.Notify.clear();
Frame f = WindowManager.getDefault().getMainWindow(); Frame f = WindowManager.getDefault().getMainWindow();
f.setTitle(Case.getAppName()); // set the window name to just application name f.setTitle(Case.getAppName()); // set the window name to just application name
@ -1119,6 +1128,8 @@ public class Case implements SleuthkitCase.ErrorObserver {
System.gc(); System.gc();
System.gc(); System.gc();
} }
});
}
//log memory usage after case changed //log memory usage after case changed
logger.log(Level.INFO, PlatformUtil.getAllMemUsageInfo()); logger.log(Level.INFO, PlatformUtil.getAllMemUsageInfo());
@ -1130,9 +1141,14 @@ public class Case implements SleuthkitCase.ErrorObserver {
private static void doCaseNameChange(String newCaseName) { private static void doCaseNameChange(String newCaseName) {
// update case name // update case name
if (!newCaseName.equals("")) { if (!newCaseName.equals("")) {
EventQueue.invokeLater(new Runnable() {
@Override
public void run() {
Frame f = WindowManager.getDefault().getMainWindow(); Frame f = WindowManager.getDefault().getMainWindow();
f.setTitle(newCaseName + " - " + Case.getAppName()); // set the window name to the new value f.setTitle(newCaseName + " - " + Case.getAppName()); // set the window name to the new value
} }
});
}
} }
//delete image helper //delete image helper

26
Core/src/org/sleuthkit/autopsy/modules/android/AndroidIngestModule.java
View File

@ -57,7 +57,7 @@ class AndroidIngestModule implements DataSourceIngestModule {
return IngestModule.ProcessResult.OK; return IngestModule.ProcessResult.OK;
} }
} catch (Exception e) { } catch (Exception e) {
errors.add("Error getting Contacts"); errors.add("Error getting Contacts"); //NON-NLS
} }
try { try {
@ -67,7 +67,7 @@ class AndroidIngestModule implements DataSourceIngestModule {
return IngestModule.ProcessResult.OK; return IngestModule.ProcessResult.OK;
} }
} catch (Exception e) { } catch (Exception e) {
errors.add("Error getting Call Logs"); errors.add("Error getting Call Logs"); //NON-NLS
} }
try { try {
@ -77,7 +77,7 @@ class AndroidIngestModule implements DataSourceIngestModule {
return IngestModule.ProcessResult.OK; return IngestModule.ProcessResult.OK;
} }
} catch (Exception e) { } catch (Exception e) {
errors.add("Error getting Text Messages"); errors.add("Error getting Text Messages"); //NON-NLS
} }
try { try {
@ -87,7 +87,7 @@ class AndroidIngestModule implements DataSourceIngestModule {
return IngestModule.ProcessResult.OK; return IngestModule.ProcessResult.OK;
} }
} catch (Exception e) { } catch (Exception e) {
errors.add("Error getting Tango Messages"); errors.add("Error getting Tango Messages"); //NON-NLS
} }
try { try {
@ -97,7 +97,7 @@ class AndroidIngestModule implements DataSourceIngestModule {
return IngestModule.ProcessResult.OK; return IngestModule.ProcessResult.OK;
} }
} catch (Exception e) { } catch (Exception e) {
errors.add("Error getting Words with Friends Messages"); errors.add("Error getting Words with Friends Messages"); //NON-NLS
} }
try { try {
@ -107,7 +107,7 @@ class AndroidIngestModule implements DataSourceIngestModule {
return IngestModule.ProcessResult.OK; return IngestModule.ProcessResult.OK;
} }
} catch (Exception e) { } catch (Exception e) {
errors.add("Error getting Google Map Locations"); errors.add("Error getting Google Map Locations"); //NON-NLS
} }
try { try {
@ -117,14 +117,14 @@ class AndroidIngestModule implements DataSourceIngestModule {
return IngestModule.ProcessResult.OK; return IngestModule.ProcessResult.OK;
} }
} catch (Exception e) { } catch (Exception e) {
errors.add("Error getting Browser Locations"); errors.add("Error getting Browser Locations"); //NON-NLS
} }
try { try {
CacheLocationAnalyzer.findGeoLocations(); CacheLocationAnalyzer.findGeoLocations();
progressBar.progress(8); progressBar.progress(8);
} catch (Exception e) { } catch (Exception e) {
errors.add("Error getting Cache Locations"); errors.add("Error getting Cache Locations"); //NON-NLS
} }
// create the final message for inbox // create the final message for inbox
@ -133,20 +133,20 @@ class AndroidIngestModule implements DataSourceIngestModule {
IngestMessage.MessageType msgLevel = IngestMessage.MessageType.INFO; IngestMessage.MessageType msgLevel = IngestMessage.MessageType.INFO;
if (errors.isEmpty() == false) { if (errors.isEmpty() == false) {
msgLevel = IngestMessage.MessageType.ERROR; msgLevel = IngestMessage.MessageType.ERROR;
errorMessage.append("Errors were encountered"); errorMessage.append("Errors were encountered"); //NON-NLS
for (String msg : errors) { for (String msg : errors) {
errorMessage.append("<li>").append(msg).append("</li>\n"); //NON-NLS errorMessage.append("<li>").append(msg).append("</li>\n"); //NON-NLS
} }
errorMessage.append("</ul>\n"); //NON-NLS errorMessage.append("</ul>\n"); //NON-NLS
if (errors.size() == 1) { if (errors.size() == 1) {
errorMsgSubject = "One error was found"; errorMsgSubject = "One error was found"; //NON-NLS
} else { } else {
errorMsgSubject = "errors found: " + errors.size(); errorMsgSubject = "errors found: " + errors.size(); //NON-NLS
} }
} else { } else {
errorMessage.append("No errors"); errorMessage.append("No errors"); //NON-NLS
errorMsgSubject = "No errors"; errorMsgSubject = "No errors"; //NON-NLS
} }
services.postMessage(IngestMessage.createMessage(msgLevel, AndroidModuleFactory.getModuleName(), "Finished Analysis: " + errorMsgSubject, errorMessage.toString())); services.postMessage(IngestMessage.createMessage(msgLevel, AndroidModuleFactory.getModuleName(), "Finished Analysis: " + errorMsgSubject, errorMessage.toString()));

24
Core/src/org/sleuthkit/autopsy/modules/android/BrowserLocationAnalyzer.java
View File

@ -43,7 +43,7 @@ class BrowserLocationAnalyzer {
public static void findGeoLocations() { public static void findGeoLocations() {
try { try {
SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
List<AbstractFile> abstractFiles = skCase.findAllFilesWhere("name LIKE 'CachedGeoposition%.db'"); //get exact file names List<AbstractFile> abstractFiles = skCase.findAllFilesWhere("name LIKE 'CachedGeoposition%.db'"); //NON-NLS //get exact file names
for (AbstractFile abstractFile : abstractFiles) { for (AbstractFile abstractFile : abstractFiles) {
try { try {
@ -54,11 +54,11 @@ class BrowserLocationAnalyzer {
ContentUtils.writeToFile(abstractFile, jFile); ContentUtils.writeToFile(abstractFile, jFile);
findGeoLocationsInDB(jFile.toString(), abstractFile); findGeoLocationsInDB(jFile.toString(), abstractFile);
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Browser Location files", e); logger.log(Level.SEVERE, "Error parsing Browser Location files", e); //NON-NLS
} }
} }
} catch (TskCoreException e) { } catch (TskCoreException e) {
logger.log(Level.SEVERE, "Error finding Browser Location files", e); logger.log(Level.SEVERE, "Error finding Browser Location files", e); //NON-NLS
} }
} }
@ -71,22 +71,22 @@ class BrowserLocationAnalyzer {
return; return;
} }
try { try {
Class.forName("org.sqlite.JDBC"); //load JDBC driver Class.forName("org.sqlite.JDBC"); //NON-NLS //load JDBC driver
connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); //NON-NLS
statement = connection.createStatement(); statement = connection.createStatement();
} catch (ClassNotFoundException | SQLException e) { } catch (ClassNotFoundException | SQLException e) {
logger.log(Level.SEVERE, "Error connecting to sql database", e); logger.log(Level.SEVERE, "Error connecting to sql database", e); //NON-NLS
return; return;
} }
try { try {
resultSet = statement.executeQuery( resultSet = statement.executeQuery(
"Select timestamp, latitude, longitude, accuracy FROM CachedPosition;"); "Select timestamp, latitude, longitude, accuracy FROM CachedPosition;"); //NON-NLS
while (resultSet.next()) { while (resultSet.next()) {
Long timestamp = Long.valueOf(resultSet.getString("timestamp")) / 1000; Long timestamp = Long.valueOf(resultSet.getString("timestamp")) / 1000; //NON-NLS
double latitude = Double.valueOf(resultSet.getString("latitude")); double latitude = Double.valueOf(resultSet.getString("latitude")); //NON-NLS
double longitude = Double.valueOf(resultSet.getString("longitude")); double longitude = Double.valueOf(resultSet.getString("longitude")); //NON-NLS
BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT); BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT);
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE.getTypeID(), moduleName, latitude)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE.getTypeID(), moduleName, latitude));
@ -96,7 +96,7 @@ class BrowserLocationAnalyzer {
// bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),moduleName, accuracy)); // bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),moduleName, accuracy));
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error Putting artifacts to Blackboard", e); logger.log(Level.SEVERE, "Error Putting artifacts to Blackboard", e); //NON-NLS
} finally { } finally {
try { try {
if (resultSet != null) { if (resultSet != null) {
@ -105,7 +105,7 @@ class BrowserLocationAnalyzer {
statement.close(); statement.close();
connection.close(); connection.close();
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error closing database", e); logger.log(Level.SEVERE, "Error closing database", e); //NON-NLS
} }
} }

1
Core/src/org/sleuthkit/autopsy/modules/android/Bundle_ja.properties Normal file
View File

@ -0,0 +1 @@
AndroidModuleFactory.moduleDescription=Android\u30B7\u30B9\u30C6\u30E0\u304A\u3088\u3073\u7B2C\u4E09\u8005\u30A2\u30D7\u30EA\u30C7\u30FC\u30BF\u3092\u62BD\u51FA

8
Core/src/org/sleuthkit/autopsy/modules/android/CacheLocationAnalyzer.java
View File

@ -43,7 +43,7 @@ class CacheLocationAnalyzer {
try { try {
SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
List<AbstractFile> abstractFiles = skCase.findAllFilesWhere("name ='cache.cell' OR name='cache.wifi'"); //get exact file names List<AbstractFile> abstractFiles = skCase.findAllFilesWhere("name ='cache.cell' OR name='cache.wifi'"); //NON-NLS //get exact file names
for (AbstractFile abstractFile : abstractFiles) { for (AbstractFile abstractFile : abstractFiles) {
try { try {
@ -55,11 +55,11 @@ class CacheLocationAnalyzer {
findGeoLocationsInFile(jFile, abstractFile); findGeoLocationsInFile(jFile, abstractFile);
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing cached Location files", e); logger.log(Level.SEVERE, "Error parsing cached Location files", e); //NON-NLS
} }
} }
} catch (TskCoreException e) { } catch (TskCoreException e) {
logger.log(Level.SEVERE, "Error finding cached Location files", e); logger.log(Level.SEVERE, "Error finding cached Location files", e); //NON-NLS
} }
} }
@ -124,7 +124,7 @@ class CacheLocationAnalyzer {
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Cached GPS locations to Blackboard", e); logger.log(Level.SEVERE, "Error parsing Cached GPS locations to Blackboard", e); //NON-NLS
} }
} }

32
Core/src/org/sleuthkit/autopsy/modules/android/CallLogAnalyzer.java
View File

@ -47,11 +47,11 @@ class CallLogAnalyzer {
/** the where clause(without 'where' of sql select statement to choose call /** the where clause(without 'where' of sql select statement to choose call
* log dbs, update the list of file names to include more files */ * log dbs, update the list of file names to include more files */
private static final String fileNameQuery = Stream.of("'logs.db'", "'contacts2.db'", "'contacts.db'") private static final String fileNameQuery = Stream.of("'logs.db'", "'contacts2.db'", "'contacts.db'") //NON-NLS
.collect(Collectors.joining(" OR name = ", "name = ", "")); .collect(Collectors.joining(" OR name = ", "name = ", "")); //NON-NLS
/** the names of tables that potentially hold call logs in the dbs */ /** the names of tables that potentially hold call logs in the dbs */
private static final Iterable<String> tableNames = Arrays.asList("calls", "logs"); private static final Iterable<String> tableNames = Arrays.asList("calls", "logs"); //NON-NLS
public static void findCallLogs() { public static void findCallLogs() {
try { try {
@ -63,11 +63,11 @@ class CallLogAnalyzer {
ContentUtils.writeToFile(abstractFile, file); ContentUtils.writeToFile(abstractFile, file);
findCallLogsInDB(file.toString(), abstractFile); findCallLogsInDB(file.toString(), abstractFile);
} catch (IOException e) { } catch (IOException e) {
logger.log(Level.SEVERE, "Error writing temporary call log db to disk", e); logger.log(Level.SEVERE, "Error writing temporary call log db to disk", e); //NON-NLS
} }
} }
} catch (TskCoreException e) { } catch (TskCoreException e) {
logger.log(Level.SEVERE, "Error finding call logs", e); logger.log(Level.SEVERE, "Error finding call logs", e); //NON-NLS
} }
} }
@ -76,20 +76,20 @@ class CallLogAnalyzer {
if (DatabasePath == null || DatabasePath.isEmpty()) { if (DatabasePath == null || DatabasePath.isEmpty()) {
return; return;
} }
try (Connection connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); try (Connection connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); //NON-NLS
Statement statement = connection.createStatement();) { Statement statement = connection.createStatement();) {
for (String tableName : tableNames) { for (String tableName : tableNames) {
try (ResultSet resultSet = statement.executeQuery( try (ResultSet resultSet = statement.executeQuery(
"SELECT number,date,duration,type, name FROM " + tableName + " ORDER BY date DESC;");) { "SELECT number,date,duration,type, name FROM " + tableName + " ORDER BY date DESC;");) { //NON-NLS
logger.log(Level.INFO, "Reading call log from table {0} in db {1}", new Object[]{tableName, DatabasePath}); logger.log(Level.INFO, "Reading call log from table {0} in db {1}", new Object[]{tableName, DatabasePath}); //NON-NLS
while (resultSet.next()) { while (resultSet.next()) {
Long date = resultSet.getLong("date") / 1000; Long date = resultSet.getLong("date") / 1000;
final CallDirection direction = CallDirection.fromType(resultSet.getInt("type")); final CallDirection direction = CallDirection.fromType(resultSet.getInt("type")); //NON-NLS
String directionString = direction != null ? direction.getDisplayName() : ""; String directionString = direction != null ? direction.getDisplayName() : "";
final String number = resultSet.getString("number"); final String number = resultSet.getString("number"); //NON-NLS
final long duration = resultSet.getLong("duration");//duration of call is in seconds final long duration = resultSet.getLong("duration"); //NON-NLS //duration of call is in seconds
final String name = resultSet.getString("name");// name of person dialed or called. null if unregistered final String name = resultSet.getString("name"); //NON-NLS // name of person dialed or called. null if unregistered
try { try {
BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG); //create a call log and then add attributes from result set. BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG); //create a call log and then add attributes from result set.
@ -104,21 +104,21 @@ class CallLogAnalyzer {
bba.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, directionString)); bba.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, directionString));
bba.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, name)); bba.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, name));
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error posting call log record to the Blackboard", ex); logger.log(Level.SEVERE, "Error posting call log record to the Blackboard", ex); //NON-NLS
} }
} }
} catch (SQLException e) { } catch (SQLException e) {
logger.log(Level.WARNING, "Could not read table {0} in db {1}", new Object[]{tableName, DatabasePath}); logger.log(Level.WARNING, "Could not read table {0} in db {1}", new Object[]{tableName, DatabasePath}); //NON-NLS
} }
} }
} catch (SQLException e) { } catch (SQLException e) {
logger.log(Level.SEVERE, "Could not parse call log; error connecting to db " + DatabasePath, e); logger.log(Level.SEVERE, "Could not parse call log; error connecting to db " + DatabasePath, e); //NON-NLS
} }
} }
private static enum CallDirection { private static enum CallDirection {
INCOMING(1, "Incoming"), OUTGOING(2, "Outgoing"), MISSED(3, "Missed"); INCOMING(1, "Incoming"), OUTGOING(2, "Outgoing"), MISSED(3, "Missed"); //NON-NLS
private final int type; private final int type;

38
Core/src/org/sleuthkit/autopsy/modules/android/ContactAnalyzer.java
View File

@ -45,7 +45,7 @@ class ContactAnalyzer {
List<AbstractFile> absFiles; List<AbstractFile> absFiles;
try { try {
SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
absFiles = skCase.findAllFilesWhere("name ='contacts2.db' OR name ='contacts.db'"); //get exact file names absFiles = skCase.findAllFilesWhere("name ='contacts2.db' OR name ='contacts.db'"); //NON-NLS //get exact file names
if (absFiles.isEmpty()) { if (absFiles.isEmpty()) {
return; return;
} }
@ -55,11 +55,11 @@ class ContactAnalyzer {
ContentUtils.writeToFile(AF, jFile); ContentUtils.writeToFile(AF, jFile);
findContactsInDB(jFile.toString(), AF); findContactsInDB(jFile.toString(), AF);
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Contacts", e); logger.log(Level.SEVERE, "Error parsing Contacts", e); //NON-NLS
} }
} }
} catch (TskCoreException e) { } catch (TskCoreException e) {
logger.log(Level.SEVERE, "Error finding Contacts", e); logger.log(Level.SEVERE, "Error finding Contacts", e); //NON-NLS
} }
} }
@ -78,11 +78,11 @@ class ContactAnalyzer {
return; return;
} }
try { try {
Class.forName("org.sqlite.JDBC"); //load JDBC driver Class.forName("org.sqlite.JDBC"); //NON-NLS //load JDBC driver
connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); //NON-NLS
statement = connection.createStatement(); statement = connection.createStatement();
} catch (ClassNotFoundException | SQLException e) { } catch (ClassNotFoundException | SQLException e) {
logger.log(Level.SEVERE, "Error opening database", e); logger.log(Level.SEVERE, "Error opening database", e); //NON-NLS
return; return;
} }
@ -90,13 +90,13 @@ class ContactAnalyzer {
// get display_name, mimetype(email or phone number) and data1 (phonenumber or email address depending on mimetype) // get display_name, mimetype(email or phone number) and data1 (phonenumber or email address depending on mimetype)
//sorted by name, so phonenumber/email would be consecutive for a person if they exist. //sorted by name, so phonenumber/email would be consecutive for a person if they exist.
resultSet = statement.executeQuery( resultSet = statement.executeQuery(
"SELECT mimetype,data1, name_raw_contact.display_name AS display_name \n" "SELECT mimetype,data1, name_raw_contact.display_name AS display_name \n" //NON-NLS
+ "FROM raw_contacts JOIN contacts ON (raw_contacts.contact_id=contacts._id) \n" + "FROM raw_contacts JOIN contacts ON (raw_contacts.contact_id=contacts._id) \n" //NON-NLS
+ "JOIN raw_contacts AS name_raw_contact ON(name_raw_contact_id=name_raw_contact._id) " + "JOIN raw_contacts AS name_raw_contact ON(name_raw_contact_id=name_raw_contact._id) " //NON-NLS
+ "LEFT OUTER JOIN data ON (data.raw_contact_id=raw_contacts._id) \n" + "LEFT OUTER JOIN data ON (data.raw_contact_id=raw_contacts._id) \n" //NON-NLS
+ "LEFT OUTER JOIN mimetypes ON (data.mimetype_id=mimetypes._id) \n" + "LEFT OUTER JOIN mimetypes ON (data.mimetype_id=mimetypes._id) \n" //NON-NLS
+ "WHERE mimetype = 'vnd.android.cursor.item/phone_v2' OR mimetype = 'vnd.android.cursor.item/email_v2'\n" + "WHERE mimetype = 'vnd.android.cursor.item/phone_v2' OR mimetype = 'vnd.android.cursor.item/email_v2'\n" //NON-NLS
+ "ORDER BY name_raw_contact.display_name ASC;"); + "ORDER BY name_raw_contact.display_name ASC;"); //NON-NLS
BlackboardArtifact bba; BlackboardArtifact bba;
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT); bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT);
@ -105,15 +105,15 @@ class ContactAnalyzer {
String mimetype; // either phone or email String mimetype; // either phone or email
String data1; // the phone number or email String data1; // the phone number or email
while (resultSet.next()) { while (resultSet.next()) {
name = resultSet.getString("display_name"); name = resultSet.getString("display_name"); //NON-NLS
data1 = resultSet.getString("data1"); data1 = resultSet.getString("data1"); //NON-NLS
mimetype = resultSet.getString("mimetype"); mimetype = resultSet.getString("mimetype"); //NON-NLS
// System.out.println(resultSet.getString("data1") + resultSet.getString("mimetype") + resultSet.getString("display_name")); //Test code // System.out.println(resultSet.getString("data1") + resultSet.getString("mimetype") + resultSet.getString("display_name")); //Test code
if (name.equals(oldName) == false) { if (name.equals(oldName) == false) {
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT); bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT);
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, name)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, name));
} }
if (mimetype.equals("vnd.android.cursor.item/phone_v2")) { if (mimetype.equals("vnd.android.cursor.item/phone_v2")) { //NON-NLS
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, data1)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, data1));
} else { } else {
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL.getTypeID(), moduleName, data1)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL.getTypeID(), moduleName, data1));
@ -122,7 +122,7 @@ class ContactAnalyzer {
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Contacts to Blackboard", e); logger.log(Level.SEVERE, "Error parsing Contacts to Blackboard", e); //NON-NLS
} finally { } finally {
try { try {
if (resultSet != null) { if (resultSet != null) {
@ -131,7 +131,7 @@ class ContactAnalyzer {
statement.close(); statement.close();
connection.close(); connection.close();
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error closing database", e); logger.log(Level.SEVERE, "Error closing database", e); //NON-NLS
} }
} }

32
Core/src/org/sleuthkit/autopsy/modules/android/GoogleMapLocationAnalyzer.java
View File

@ -44,7 +44,7 @@ class GoogleMapLocationAnalyzer {
List<AbstractFile> absFiles; List<AbstractFile> absFiles;
try { try {
SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
absFiles = skCase.findAllFilesWhere("name ='da_destination_history'"); //get exact file name absFiles = skCase.findAllFilesWhere("name ='da_destination_history'"); //NON-NLS //get exact file name
if (absFiles.isEmpty()) { if (absFiles.isEmpty()) {
return; return;
} }
@ -54,11 +54,11 @@ class GoogleMapLocationAnalyzer {
ContentUtils.writeToFile(abstractFile, jFile); ContentUtils.writeToFile(abstractFile, jFile);
findGeoLocationsInDB(jFile.toString(), abstractFile); findGeoLocationsInDB(jFile.toString(), abstractFile);
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Google map locations", e); logger.log(Level.SEVERE, "Error parsing Google map locations", e); //NON-NLS
} }
} }
} catch (TskCoreException e) { } catch (TskCoreException e) {
logger.log(Level.SEVERE, "Error finding Google map locations", e); logger.log(Level.SEVERE, "Error finding Google map locations", e); //NON-NLS
} }
} }
@ -71,27 +71,27 @@ class GoogleMapLocationAnalyzer {
return; return;
} }
try { try {
Class.forName("org.sqlite.JDBC"); //load JDBC driver Class.forName("org.sqlite.JDBC"); //NON-NLS //load JDBC driver
connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); //NON-NLS
statement = connection.createStatement(); statement = connection.createStatement();
} catch (ClassNotFoundException | SQLException e) { } catch (ClassNotFoundException | SQLException e) {
logger.log(Level.SEVERE, "Error opening database", e); logger.log(Level.SEVERE, "Error opening database", e); //NON-NLS
return; return;
} }
try { try {
resultSet = statement.executeQuery( resultSet = statement.executeQuery(
"Select time,dest_lat,dest_lng,dest_title,dest_address,source_lat,source_lng FROM destination_history;"); "Select time,dest_lat,dest_lng,dest_title,dest_address,source_lat,source_lng FROM destination_history;"); //NON-NLS
while (resultSet.next()) { while (resultSet.next()) {
Long time = Long.valueOf(resultSet.getString("time")) / 1000; Long time = Long.valueOf(resultSet.getString("time")) / 1000; //NON-NLS
String dest_title = resultSet.getString("dest_title"); String dest_title = resultSet.getString("dest_title"); //NON-NLS
String dest_address = resultSet.getString("dest_address"); String dest_address = resultSet.getString("dest_address"); //NON-NLS
double dest_lat = convertGeo(resultSet.getString("dest_lat")); double dest_lat = convertGeo(resultSet.getString("dest_lat")); //NON-NLS
double dest_lng = convertGeo(resultSet.getString("dest_lng")); double dest_lng = convertGeo(resultSet.getString("dest_lng")); //NON-NLS
double source_lat = convertGeo(resultSet.getString("source_lat")); double source_lat = convertGeo(resultSet.getString("source_lat")); //NON-NLS
double source_lng = convertGeo(resultSet.getString("source_lng")); double source_lng = convertGeo(resultSet.getString("source_lng")); //NON-NLS
// bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT);//src // bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT);//src
@ -123,7 +123,7 @@ class GoogleMapLocationAnalyzer {
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Google map locations to the Blackboard", e); logger.log(Level.SEVERE, "Error parsing Google map locations to the Blackboard", e); //NON-NLS
} finally { } finally {
try { try {
if (resultSet != null) { if (resultSet != null) {
@ -132,7 +132,7 @@ class GoogleMapLocationAnalyzer {
statement.close(); statement.close();
connection.close(); connection.close();
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error closing the database", e); logger.log(Level.SEVERE, "Error closing the database", e); //NON-NLS
} }
} }
} }

32
Core/src/org/sleuthkit/autopsy/modules/android/TangoMessageAnalyzer.java
View File

@ -45,18 +45,18 @@ class TangoMessageAnalyzer {
List<AbstractFile> absFiles; List<AbstractFile> absFiles;
try { try {
SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
absFiles = skCase.findAllFilesWhere("name ='tc.db' "); //get exact file names absFiles = skCase.findAllFilesWhere("name ='tc.db' "); //NON-NLS //get exact file names
for (AbstractFile abstractFile : absFiles) { for (AbstractFile abstractFile : absFiles) {
try { try {
File jFile = new File(Case.getCurrentCase().getTempDirectory(), abstractFile.getName()); File jFile = new File(Case.getCurrentCase().getTempDirectory(), abstractFile.getName());
ContentUtils.writeToFile(abstractFile, jFile); ContentUtils.writeToFile(abstractFile, jFile);
findTangoMessagesInDB(jFile.toString(), abstractFile); findTangoMessagesInDB(jFile.toString(), abstractFile);
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Tango messages", e); logger.log(Level.SEVERE, "Error parsing Tango messages", e); //NON-NLS
} }
} }
} catch (TskCoreException e) { } catch (TskCoreException e) {
logger.log(Level.SEVERE, "Error finding Tango messages", e); logger.log(Level.SEVERE, "Error finding Tango messages", e); //NON-NLS
} }
} }
@ -69,31 +69,31 @@ class TangoMessageAnalyzer {
return; return;
} }
try { try {
Class.forName("org.sqlite.JDBC"); //load JDBC driver Class.forName("org.sqlite.JDBC"); //NON-NLS //load JDBC driver
connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); //NON-NLS
statement = connection.createStatement(); statement = connection.createStatement();
} catch (ClassNotFoundException | SQLException e) { } catch (ClassNotFoundException | SQLException e) {
logger.log(Level.SEVERE, "Error opening database", e); logger.log(Level.SEVERE, "Error opening database", e); //NON-NLS
return; return;
} }
try { try {
resultSet = statement.executeQuery( resultSet = statement.executeQuery(
"Select conv_id, create_time,direction,payload FROM messages ORDER BY create_time DESC;"); "Select conv_id, create_time,direction,payload FROM messages ORDER BY create_time DESC;"); //NON-NLS
String conv_id; // seems to wrap around the message found in payload after decoding from base-64 String conv_id; // seems to wrap around the message found in payload after decoding from base-64
String direction; // 1 incoming, 2 outgoing String direction; // 1 incoming, 2 outgoing
String payload; // seems to be a base64 message wrapped by the conv_id String payload; // seems to be a base64 message wrapped by the conv_id
while (resultSet.next()) { while (resultSet.next()) {
conv_id = resultSet.getString("conv_id"); conv_id = resultSet.getString("conv_id"); //NON-NLS
Long create_time = Long.valueOf(resultSet.getString("create_time")) / 1000; Long create_time = Long.valueOf(resultSet.getString("create_time")) / 1000; //NON-NLS
if (resultSet.getString("direction").equals("1")) { if (resultSet.getString("direction").equals("1")) { //NON-NLS
direction = "Incoming"; direction = "Incoming"; //NON-NLS
} else { } else {
direction = "Outgoing"; direction = "Outgoing"; //NON-NLS
} }
payload = resultSet.getString("payload"); payload = resultSet.getString("payload"); //NON-NLS
BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create a call log and then add attributes from result set. BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create a call log and then add attributes from result set.
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, create_time)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, create_time));
@ -104,7 +104,7 @@ class TangoMessageAnalyzer {
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Tango messages to the Blackboard", e); logger.log(Level.SEVERE, "Error parsing Tango messages to the Blackboard", e); //NON-NLS
} finally { } finally {
try { try {
if (resultSet != null) { if (resultSet != null) {
@ -113,7 +113,7 @@ class TangoMessageAnalyzer {
statement.close(); statement.close();
connection.close(); connection.close();
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error closing database", e); logger.log(Level.SEVERE, "Error closing database", e); //NON-NLS
} }
} }
} }
@ -126,7 +126,7 @@ class TangoMessageAnalyzer {
String Z = new String(decoded, "UTF-8"); String Z = new String(decoded, "UTF-8");
result = Z.split(wrapper)[1]; result = Z.split(wrapper)[1];
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error decoding a Tango message", e); logger.log(Level.SEVERE, "Error decoding a Tango message", e); //NON-NLS
} }
return result; return result;
} }

30
Core/src/org/sleuthkit/autopsy/modules/android/TextMessageAnalyzer.java
View File

@ -43,7 +43,7 @@ class TextMessageAnalyzer {
public static void findTexts() { public static void findTexts() {
try { try {
SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
List<AbstractFile> absFiles = skCase.findAllFilesWhere("name ='mmssms.db'"); //get exact file name List<AbstractFile> absFiles = skCase.findAllFilesWhere("name ='mmssms.db'"); //NON-NLS //get exact file name
for (AbstractFile abstractFile : absFiles) { for (AbstractFile abstractFile : absFiles) {
try { try {
@ -51,11 +51,11 @@ class TextMessageAnalyzer {
ContentUtils.writeToFile(abstractFile, jFile); ContentUtils.writeToFile(abstractFile, jFile);
findTextsInDB(jFile.toString(), abstractFile); findTextsInDB(jFile.toString(), abstractFile);
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing text messages", e); logger.log(Level.SEVERE, "Error parsing text messages", e); //NON-NLS
} }
} }
} catch (TskCoreException e) { } catch (TskCoreException e) {
logger.log(Level.SEVERE, "Error finding text messages", e); logger.log(Level.SEVERE, "Error finding text messages", e); //NON-NLS
} }
} }
@ -68,17 +68,17 @@ class TextMessageAnalyzer {
return; return;
} }
try { try {
Class.forName("org.sqlite.JDBC"); //load JDBC driver Class.forName("org.sqlite.JDBC"); //NON-NLS //load JDBC driver
connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); //NON-NLS
statement = connection.createStatement(); statement = connection.createStatement();
} catch (ClassNotFoundException | SQLException e) { } catch (ClassNotFoundException | SQLException e) {
logger.log(Level.SEVERE, "Error opening database", e); logger.log(Level.SEVERE, "Error opening database", e); //NON-NLS
return; return;
} }
try { try {
resultSet = statement.executeQuery( resultSet = statement.executeQuery(
"Select address,date,read,type,subject,body FROM sms;"); "Select address,date,read,type,subject,body FROM sms;"); //NON-NLS
String address; // may be phone number, or other addresses String address; // may be phone number, or other addresses
@ -87,15 +87,15 @@ class TextMessageAnalyzer {
Integer read; // may be unread = 0, read = 1 Integer read; // may be unread = 0, read = 1
String body; //message body String body; //message body
while (resultSet.next()) { while (resultSet.next()) {
address = resultSet.getString("address"); address = resultSet.getString("address"); //NON-NLS
Long date = Long.valueOf(resultSet.getString("date")) / 1000; Long date = Long.valueOf(resultSet.getString("date")) / 1000; //NON-NLS
read = resultSet.getInt("read"); read = resultSet.getInt("read"); //NON-NLS
subject = resultSet.getString("subject"); subject = resultSet.getString("subject"); //NON-NLS
body = resultSet.getString("body"); body = resultSet.getString("body"); //NON-NLS
BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create Message artifact and then add attributes from result set. BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create Message artifact and then add attributes from result set.
if (resultSet.getString("type").equals("1")) { if (resultSet.getString("type").equals("1")) { //NON-NLS
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, "Incoming")); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, "Incoming"));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM.getTypeID(), moduleName, address)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM.getTypeID(), moduleName, address));
} else { } else {
@ -111,7 +111,7 @@ class TextMessageAnalyzer {
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing text messages to Blackboard", e); logger.log(Level.SEVERE, "Error parsing text messages to Blackboard", e); //NON-NLS
} finally { } finally {
try { try {
if (resultSet != null) { if (resultSet != null) {
@ -120,7 +120,7 @@ class TextMessageAnalyzer {
statement.close(); statement.close();
connection.close(); connection.close();
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error closing database", e); logger.log(Level.SEVERE, "Error closing database", e); //NON-NLS
} }
} }
} }

22
Core/src/org/sleuthkit/autopsy/modules/android/WWFMessageAnalyzer.java
View File

@ -44,7 +44,7 @@ class WWFMessageAnalyzer {
List<AbstractFile> absFiles; List<AbstractFile> absFiles;
try { try {
SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
absFiles = skCase.findAllFilesWhere("name ='WordsFramework' "); //get exact file names absFiles = skCase.findAllFilesWhere("name ='WordsFramework' "); //NON-NLS //get exact file names
for (AbstractFile abstractFile : absFiles) { for (AbstractFile abstractFile : absFiles) {
try { try {
@ -53,11 +53,11 @@ class WWFMessageAnalyzer {
findWWFMessagesInDB(jFile.toString(), abstractFile); findWWFMessagesInDB(jFile.toString(), abstractFile);
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing WWF messages", e); logger.log(Level.SEVERE, "Error parsing WWF messages", e); //NON-NLS
} }
} }
} catch (TskCoreException e) { } catch (TskCoreException e) {
logger.log(Level.SEVERE, "Error finding WWF messages", e); logger.log(Level.SEVERE, "Error finding WWF messages", e); //NON-NLS
} }
} }
@ -74,23 +74,23 @@ class WWFMessageAnalyzer {
connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath);
statement = connection.createStatement(); statement = connection.createStatement();
} catch (ClassNotFoundException | SQLException e) { } catch (ClassNotFoundException | SQLException e) {
logger.log(Level.SEVERE, "Error opening database", e); logger.log(Level.SEVERE, "Error opening database", e); //NON-NLS
return; return;
} }
try { try {
resultSet = statement.executeQuery( resultSet = statement.executeQuery(
"SELECT message,strftime('%s' ,created_at) as datetime,user_id,game_id FROM chat_messages ORDER BY game_id DESC, created_at DESC;"); "SELECT message,strftime('%s' ,created_at) as datetime,user_id,game_id FROM chat_messages ORDER BY game_id DESC, created_at DESC;"); //NON-NLS
String message; // WWF Message String message; // WWF Message
String user_id; // the ID of the user who sent the message. String user_id; // the ID of the user who sent the message.
String game_id; // ID of the game which the the message was sent. String game_id; // ID of the game which the the message was sent.
while (resultSet.next()) { while (resultSet.next()) {
message = resultSet.getString("message"); message = resultSet.getString("message"); //NON-NLS
Long created_at = resultSet.getLong("datetime"); Long created_at = resultSet.getLong("datetime"); //NON-NLS
user_id = resultSet.getString("user_id"); user_id = resultSet.getString("user_id"); //NON-NLS
game_id = resultSet.getString("game_id"); game_id = resultSet.getString("game_id"); //NON-NLS
BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create a call log and then add attributes from result set. BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create a call log and then add attributes from result set.
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, created_at)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, created_at));
@ -100,7 +100,7 @@ class WWFMessageAnalyzer {
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE.getTypeID(), moduleName, "Words With Friends Message")); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE.getTypeID(), moduleName, "Words With Friends Message"));
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing WWF messages to the Blackboard", e); logger.log(Level.SEVERE, "Error parsing WWF messages to the Blackboard", e); //NON-NLS
} finally { } finally {
try { try {
if (resultSet != null) { if (resultSet != null) {
@ -109,7 +109,7 @@ class WWFMessageAnalyzer {
statement.close(); statement.close();
connection.close(); connection.close();
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error closing database", e); logger.log(Level.SEVERE, "Error closing database", e); //NON-NLS
} }
} }
} }

2
Core/src/org/sleuthkit/autopsy/modules/iOS/Bundle_ja.properties Normal file
View File

@ -0,0 +1,2 @@
iOSModuleFactory.moduleDescription=\u30B7\u30B9\u30C6\u30E0\u304A\u3088\u3073\u7B2C\u4E09\u8005\u30A2\u30D7\u30EA\u30C7\u30FC\u30BF\u3092\u62BD\u51FA
iOSModuleFactory.moduleName=iOS\u30A2\u30CA\u30E9\u30A4\u30B6

32
Core/src/org/sleuthkit/autopsy/modules/iOS/CallLogAnalyzer.java
View File

@ -49,7 +49,7 @@ class CallLogAnalyzer {
List<AbstractFile> absFiles; List<AbstractFile> absFiles;
try { try {
SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
absFiles = skCase.findAllFilesWhere("name ='contacts2.db' OR name ='contacts.db'"); //get exact file names absFiles = skCase.findAllFilesWhere("name ='contacts2.db' OR name ='contacts.db'"); //NON-NLS //get exact file names
if (absFiles.isEmpty()) { if (absFiles.isEmpty()) {
return; return;
} }
@ -61,11 +61,11 @@ class CallLogAnalyzer {
fileId = AF.getId(); fileId = AF.getId();
findCallLogsInDB(dbPath, fileId); findCallLogsInDB(dbPath, fileId);
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Call logs", e); logger.log(Level.SEVERE, "Error parsing Call logs", e); //NON-NLS
} }
} }
} catch (TskCoreException e) { } catch (TskCoreException e) {
logger.log(Level.SEVERE, "Error finding Call logs", e); logger.log(Level.SEVERE, "Error finding Call logs", e); //NON-NLS
} }
} }
@ -74,11 +74,11 @@ class CallLogAnalyzer {
return; return;
} }
try { try {
Class.forName("org.sqlite.JDBC"); //load JDBC driver Class.forName("org.sqlite.JDBC"); //NON-NLS //load JDBC driver
connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); //NON-NLS
statement = connection.createStatement(); statement = connection.createStatement();
} catch (ClassNotFoundException | SQLException e) { } catch (ClassNotFoundException | SQLException e) {
logger.log(Level.SEVERE, "Error opening database", e); logger.log(Level.SEVERE, "Error opening database", e); //NON-NLS
} }
Case currentCase = Case.getCurrentCase(); Case currentCase = Case.getCurrentCase();
@ -87,7 +87,7 @@ class CallLogAnalyzer {
AbstractFile f = skCase.getAbstractFileById(fId); AbstractFile f = skCase.getAbstractFileById(fId);
try { try {
resultSet = statement.executeQuery( resultSet = statement.executeQuery(
"SELECT number,date,duration,type, name FROM calls ORDER BY date DESC;"); "SELECT number,date,duration,type, name FROM calls ORDER BY date DESC;"); //NON-NLS
BlackboardArtifact bba; BlackboardArtifact bba;
String name; // name of person dialed or called. null if unregistered String name; // name of person dialed or called. null if unregistered
@ -97,14 +97,14 @@ class CallLogAnalyzer {
String type; // 1 incoming, 2 outgoing, 3 missed String type; // 1 incoming, 2 outgoing, 3 missed
while (resultSet.next()) { while (resultSet.next()) {
name = resultSet.getString("name"); name = resultSet.getString("name"); //NON-NLS
number = resultSet.getString("number"); number = resultSet.getString("number"); //NON-NLS
duration = resultSet.getString("duration"); duration = resultSet.getString("duration"); //NON-NLS
date = resultSet.getString("date"); date = resultSet.getString("date"); //NON-NLS
type = resultSet.getString("type"); type = resultSet.getString("type"); //NON-NLS
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG); //create a call log and then add attributes from result set. bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG); //create a call log and then add attributes from result set.
if(type.equalsIgnoreCase("outgoing")) { if(type.equalsIgnoreCase("outgoing")) { //NON-NLS
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO.getTypeID(), moduleName, number)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO.getTypeID(), moduleName, number));
} }
else { /// Covers INCOMING and MISSED else { /// Covers INCOMING and MISSED
@ -117,18 +117,18 @@ class CallLogAnalyzer {
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Call logs to the Blackboard", e); logger.log(Level.SEVERE, "Error parsing Call logs to the Blackboard", e); //NON-NLS
} finally { } finally {
try { try {
resultSet.close(); resultSet.close();
statement.close(); statement.close();
connection.close(); connection.close();
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error closing the database", e); logger.log(Level.SEVERE, "Error closing the database", e); //NON-NLS
} }
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Call logs to the Blackboard", e); logger.log(Level.SEVERE, "Error parsing Call logs to the Blackboard", e); //NON-NLS
} }
} }

44
Core/src/org/sleuthkit/autopsy/modules/iOS/ContactAnalyzer.java
View File

@ -56,7 +56,7 @@ class ContactAnalyzer {
List<AbstractFile> absFiles; List<AbstractFile> absFiles;
try { try {
SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
absFiles = skCase.findAllFilesWhere("name LIKE '%call_history%' "); //get exact file names absFiles = skCase.findAllFilesWhere("name LIKE '%call_history%' "); //NON-NLS //get exact file names
if (absFiles.isEmpty()) { //asdfkjasfakljsdfhlaksdjfhasdlkjf if (absFiles.isEmpty()) { //asdfkjasfakljsdfhlaksdjfhasdlkjf
return; return;
} }
@ -71,11 +71,11 @@ class ContactAnalyzer {
fileId = AF.getId(); fileId = AF.getId();
//findContactsInDB(dbPath, fileId); //findContactsInDB(dbPath, fileId);
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Contacts", e); logger.log(Level.SEVERE, "Error parsing Contacts", e); //NON-NLS
} }
} }
} catch (TskCoreException e) { } catch (TskCoreException e) {
logger.log(Level.SEVERE, "Error finding Contacts", e); logger.log(Level.SEVERE, "Error finding Contacts", e); //NON-NLS
} }
} }
@ -90,11 +90,11 @@ class ContactAnalyzer {
return; return;
} }
try { try {
Class.forName("org.sqlite.JDBC"); //load JDBC driver Class.forName("org.sqlite.JDBC"); //NON-NLS //load JDBC driver
connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); //NON-NLS
statement = connection.createStatement(); statement = connection.createStatement();
} catch (ClassNotFoundException | SQLException e) { } catch (ClassNotFoundException | SQLException e) {
logger.log(Level.SEVERE, "Error opening database", e); logger.log(Level.SEVERE, "Error opening database", e); //NON-NLS
} }
Case currentCase = Case.getCurrentCase(); Case currentCase = Case.getCurrentCase();
@ -105,13 +105,13 @@ class ContactAnalyzer {
// get display_name, mimetype(email or phone number) and data1 (phonenumber or email address depending on mimetype) // get display_name, mimetype(email or phone number) and data1 (phonenumber or email address depending on mimetype)
//sorted by name, so phonenumber/email would be consecutive for a person if they exist. //sorted by name, so phonenumber/email would be consecutive for a person if they exist.
resultSet = statement.executeQuery( resultSet = statement.executeQuery(
"SELECT mimetype,data1, name_raw_contact.display_name AS display_name \n" "SELECT mimetype,data1, name_raw_contact.display_name AS display_name \n" //NON-NLS
+ "FROM raw_contacts JOIN contacts ON (raw_contacts.contact_id=contacts._id) \n" + "FROM raw_contacts JOIN contacts ON (raw_contacts.contact_id=contacts._id) \n" //NON-NLS
+ "JOIN raw_contacts AS name_raw_contact ON(name_raw_contact_id=name_raw_contact._id) " + "JOIN raw_contacts AS name_raw_contact ON(name_raw_contact_id=name_raw_contact._id) " //NON-NLS
+ "LEFT OUTER JOIN data ON (data.raw_contact_id=raw_contacts._id) \n" + "LEFT OUTER JOIN data ON (data.raw_contact_id=raw_contacts._id) \n" //NON-NLS
+ "LEFT OUTER JOIN mimetypes ON (data.mimetype_id=mimetypes._id) \n" + "LEFT OUTER JOIN mimetypes ON (data.mimetype_id=mimetypes._id) \n" //NON-NLS
+ "WHERE mimetype = 'vnd.android.cursor.item/phone_v2' OR mimetype = 'vnd.android.cursor.item/email_v2'\n" + "WHERE mimetype = 'vnd.android.cursor.item/phone_v2' OR mimetype = 'vnd.android.cursor.item/email_v2'\n" //NON-NLS
+ "ORDER BY name_raw_contact.display_name ASC;"); + "ORDER BY name_raw_contact.display_name ASC;"); //NON-NLS
BlackboardArtifact bba; BlackboardArtifact bba;
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT); bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT);
@ -120,15 +120,15 @@ class ContactAnalyzer {
String mimetype; // either phone or email String mimetype; // either phone or email
String data1; // the phone number or email String data1; // the phone number or email
while (resultSet.next()) { while (resultSet.next()) {
name = resultSet.getString("display_name"); name = resultSet.getString("display_name"); //NON-NLS
data1 = resultSet.getString("data1"); data1 = resultSet.getString("data1"); //NON-NLS
mimetype = resultSet.getString("mimetype"); mimetype = resultSet.getString("mimetype"); //NON-NLS
// System.out.println(resultSet.getString("data1") + resultSet.getString("mimetype") + resultSet.getString("display_name")); //Test code // System.out.println(resultSet.getString("data1") + resultSet.getString("mimetype") + resultSet.getString("display_name")); //Test code
if (name.equals(oldName) == false) { if (name.equals(oldName) == false) {
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT); bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT);
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, name)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, name));
} }
if (mimetype.equals("vnd.android.cursor.item/phone_v2")) { if (mimetype.equals("vnd.android.cursor.item/phone_v2")) { //NON-NLS
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, data1)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, data1));
} else { } else {
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL.getTypeID(), moduleName, data1)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL.getTypeID(), moduleName, data1));
@ -137,18 +137,18 @@ class ContactAnalyzer {
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Contacts to Blackboard", e); logger.log(Level.SEVERE, "Error parsing Contacts to Blackboard", e); //NON-NLS
} finally { } finally {
try { try {
resultSet.close(); resultSet.close();
statement.close(); statement.close();
connection.close(); connection.close();
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error closing database", e); logger.log(Level.SEVERE, "Error closing database", e); //NON-NLS
} }
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Contacts to Blackboard", e); logger.log(Level.SEVERE, "Error parsing Contacts to Blackboard", e); //NON-NLS
} }
} }
@ -186,13 +186,13 @@ class ContactAnalyzer {
ostream.write(c); ostream.write(c);
} }
} catch (IOException e) { } catch (IOException e) {
System.out.println("Error: " + e.getMessage()); System.out.println("Error: " + e.getMessage()); //NON-NLS
} finally { } finally {
try { try {
istream.close(); istream.close();
ostream.close(); ostream.close();
} catch (IOException e) { } catch (IOException e) {
System.out.println("File did not close"); System.out.println("File did not close"); //NON-NLS
} }
} }
} }

30
Core/src/org/sleuthkit/autopsy/modules/iOS/TextMessageAnalyzer.java
View File

@ -49,7 +49,7 @@ class TextMessageAnalyzer {
void findTexts() { void findTexts() {
try { try {
SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
absFiles = skCase.findAllFilesWhere("name ='mmssms.db'"); //get exact file name absFiles = skCase.findAllFilesWhere("name ='mmssms.db'"); //NON-NLS //get exact file name
if (absFiles.isEmpty()) { if (absFiles.isEmpty()) {
return; return;
} }
@ -61,11 +61,11 @@ class TextMessageAnalyzer {
fileId = AF.getId(); fileId = AF.getId();
findTextsInDB(dbPath, fileId); findTextsInDB(dbPath, fileId);
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing text messages", e); logger.log(Level.SEVERE, "Error parsing text messages", e); //NON-NLS
} }
} }
} catch (TskCoreException e) { } catch (TskCoreException e) {
logger.log(Level.SEVERE, "Error finding text messages", e); logger.log(Level.SEVERE, "Error finding text messages", e); //NON-NLS
} }
} }
@ -74,11 +74,11 @@ class TextMessageAnalyzer {
return; return;
} }
try { try {
Class.forName("org.sqlite.JDBC"); //load JDBC driver Class.forName("org.sqlite.JDBC"); //NON-NLS //load JDBC driver
connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); //NON-NLS
statement = connection.createStatement(); statement = connection.createStatement();
} catch (ClassNotFoundException | SQLException e) { } catch (ClassNotFoundException | SQLException e) {
logger.log(Level.SEVERE, "Error opening database", e); logger.log(Level.SEVERE, "Error opening database", e); //NON-NLS
} }
Case currentCase = Case.getCurrentCase(); Case currentCase = Case.getCurrentCase();
@ -87,7 +87,7 @@ class TextMessageAnalyzer {
AbstractFile f = skCase.getAbstractFileById(fId); AbstractFile f = skCase.getAbstractFileById(fId);
try { try {
resultSet = statement.executeQuery( resultSet = statement.executeQuery(
"Select address,date,type,subject,body FROM sms;"); "Select address,date,type,subject,body FROM sms;"); //NON-NLS
BlackboardArtifact bba; BlackboardArtifact bba;
String address; // may be phone number, or other addresses String address; // may be phone number, or other addresses
@ -96,11 +96,11 @@ class TextMessageAnalyzer {
String subject;//message subject String subject;//message subject
String body; //message body String body; //message body
while (resultSet.next()) { while (resultSet.next()) {
address = resultSet.getString("address"); address = resultSet.getString("address"); //NON-NLS
date = resultSet.getString("date"); date = resultSet.getString("date"); //NON-NLS
type = resultSet.getString("type"); type = resultSet.getString("type"); //NON-NLS
subject = resultSet.getString("subject"); subject = resultSet.getString("subject"); //NON-NLS
body = resultSet.getString("body"); body = resultSet.getString("body"); //NON-NLS
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create Message artifact and then add attributes from result set. bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create Message artifact and then add attributes from result set.
@ -122,18 +122,18 @@ class TextMessageAnalyzer {
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing text messages to Blackboard", e); logger.log(Level.SEVERE, "Error parsing text messages to Blackboard", e); //NON-NLS
} finally { } finally {
try { try {
resultSet.close(); resultSet.close();
statement.close(); statement.close();
connection.close(); connection.close();
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error closing database", e); logger.log(Level.SEVERE, "Error closing database", e); //NON-NLS
} }
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing text messages to Blackboard", e); logger.log(Level.SEVERE, "Error parsing text messages to Blackboard", e); //NON-NLS
} }
} }

3
Core/src/org/sleuthkit/autopsy/modules/photoreccarver/Bundle.properties
View File

@ -2,9 +2,10 @@ OpenIDE-Module-Name=PhotoRec Carver Ingest Module
OpenIDE-Module-Display-Category=Ingest Module OpenIDE-Module-Display-Category=Ingest Module
OpenIDE-Module-Long-Description=PhotoRec Carver ingest module. \n\n Carves unallocated space and feeds the resulting carved files back into the system for processing. OpenIDE-Module-Long-Description=PhotoRec Carver ingest module. \n\n Carves unallocated space and feeds the resulting carved files back into the system for processing.
OpenIDE-Module-Short-Description=Carves unallocated space and feeds carved files back into the system for processing. OpenIDE-Module-Short-Description=Carves unallocated space and feeds carved files back into the system for processing.
unallocatedSpaceProcessingSettingsError.message="Process Unallocated Space" is not checked. This module is designed to carve unallocated space. Either allow processing of unallocated space, or do not use this module.
moduleDisplayName.text=PhotoRec Carver moduleDisplayName.text=PhotoRec Carver
moduleDescription.text=Runs PhotoRec carver against unallocated space on the system. moduleDescription.text=Runs PhotoRec carver against unallocated space on the system.
unallocatedSpaceProcessingSettingsError.message="Process Unallocated Space" is not checked. This module is designed to carve unallocated space. Either allow processing of unallocated space, or do not use this module.
unsupportedOS.message=Module is not supported for other than Windows platforms unsupportedOS.message=Module is not supported for other than Windows platforms
missingExecutable.message=Unable to locate unallocated carver executable. missingExecutable.message=Unable to locate unallocated carver executable.
cannotRunExecutable.message=Unable to execute unallocated carver cannotRunExecutable.message=Unable to execute unallocated carver

6
Core/src/org/sleuthkit/autopsy/modules/photoreccarver/Bundle_ja.properties Normal file
View File

@ -0,0 +1,6 @@
moduleDescription.text=\u30B7\u30B9\u30C6\u30E0\u306E\u672A\u5272\u308A\u5F53\u3066\u9818\u57DF\u306B\u5BFE\u3057\u3066PhotoRec\u30AB\u30FC\u30D0\u3092\u5B9F\u884C\u3057\u307E\u3059\u3002
moduleDisplayName.text=PhotoRec\u30AB\u30FC\u30D0
OpenIDE-Module-Display-Category=\u30A4\u30F3\u30B8\u30A7\u30B9\u30C8\u30E2\u30B8\u30E5\u30FC\u30EB
OpenIDE-Module-Long-Description=PhotoRec\u30AB\u30FC\u30D0\u30A4\u30F3\u30B8\u30A7\u30B9\u30C8\u30E2\u30B8\u30E5\u30FC\u30EB\u3002\n\n\u672A\u5272\u308A\u5F53\u3066\u9818\u57DF\u3092\u5207\u308A\u51FA\u3057\u3001\u51E6\u7406\u3059\u308B\u3081\u306B\u30B7\u30B9\u30C6\u30E0\u3078\u30D5\u30A3\u30FC\u30C9\u3057\u307E\u3059\u3002
OpenIDE-Module-Name=PhotoRec\u30AB\u30FC\u30D0\u30A4\u30F3\u30B8\u30A7\u30B9\u30C8\u30E2\u30B8\u30E5\u30FC\u30EB
OpenIDE-Module-Short-Description=\u51E6\u7406\u3059\u308B\u3081\u306B\u672A\u5272\u308A\u5F53\u3066\u9818\u57DF\u3092\u5207\u308A\u51FA\u3057\u3001\u30B7\u30B9\u30C6\u30E0\u3078\u30D5\u30A3\u30FC\u30C9\u3057\u307E\u3059\u3002

10
Core/src/org/sleuthkit/autopsy/modules/photoreccarver/PhotoRecCarverFileIngestModule.java
View File

@ -113,7 +113,7 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {
PhotoRecCarverFileIngestModule.pathsByJob.put(this.context.getJobId(), new WorkingPaths(outputDirPath, tempDirPath)); PhotoRecCarverFileIngestModule.pathsByJob.put(this.context.getJobId(), new WorkingPaths(outputDirPath, tempDirPath));
} }
catch (SecurityException | IOException | UnsupportedOperationException ex) { catch (SecurityException | IOException | UnsupportedOperationException ex) {
throw new IngestModule.IngestModuleException(NbBundle.getMessage(this.getClass(), "Utilities.cannotCreateOutputDir.message", ex.getLocalizedMessage())); throw new IngestModule.IngestModuleException(NbBundle.getMessage(this.getClass(), "cannotCreateOutputDir.message", ex.getLocalizedMessage()));
} }
} }
} }
@ -145,7 +145,7 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {
// Check that we have roughly enough disk space left to complete the operation // Check that we have roughly enough disk space left to complete the operation
long freeDiskSpace = IngestServices.getInstance().getFreeDiskSpace(); long freeDiskSpace = IngestServices.getInstance().getFreeDiskSpace();
if ((file.getSize() * 2) > freeDiskSpace) { if ((file.getSize() * 2) > freeDiskSpace) {
logger.log(Level.SEVERE, "PhotoRec error processing {0} with {1} Not enough space on primary disk to carve unallocated space.", logger.log(Level.SEVERE, "PhotoRec error processing {0} with {1} Not enough space on primary disk to carve unallocated space.", // NON-NLS
new Object[]{file.getName(), PhotoRecCarverIngestModuleFactory.getModuleName()}); // NON-NLS new Object[]{file.getName(), PhotoRecCarverIngestModuleFactory.getModuleName()}); // NON-NLS
return IngestModule.ProcessResult.ERROR; return IngestModule.ProcessResult.ERROR;
} }
@ -163,9 +163,9 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {
// Scan the file with Unallocated Carver. // Scan the file with Unallocated Carver.
ProcessBuilder processAndSettings = new ProcessBuilder( ProcessBuilder processAndSettings = new ProcessBuilder(
"\"" + executableFile + "\"", "\"" + executableFile + "\"",
"/d", "/d", // NON-NLS
"\"" + outputDirPath.toAbsolutePath() + File.separator + PHOTOREC_RESULTS_BASE + "\"", "\"" + outputDirPath.toAbsolutePath() + File.separator + PHOTOREC_RESULTS_BASE + "\"",
"/cmd", "/cmd", // NON-NLS
"\"" + tempFilePath.toFile() + "\"", "\"" + tempFilePath.toFile() + "\"",
"search"); // NON_NLS "search"); // NON_NLS
@ -194,7 +194,7 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {
if (null != tempFilePath && Files.exists(tempFilePath)) { if (null != tempFilePath && Files.exists(tempFilePath)) {
tempFilePath.toFile().delete(); tempFilePath.toFile().delete();
} }
logger.log(Level.SEVERE, "PhotoRec carver returned error exit value = {0} when scanning {1}", logger.log(Level.SEVERE, "PhotoRec carver returned error exit value = {0} when scanning {1}", // NON-NLS
new Object[]{exitValue, file.getName()}); // NON-NLS new Object[]{exitValue, file.getName()}); // NON-NLS
return IngestModule.ProcessResult.ERROR; return IngestModule.ProcessResult.ERROR;
} }

2
Core/src/org/sleuthkit/autopsy/timeline/events/type/MiscTypes.java
View File

@ -62,7 +62,7 @@ public enum MiscTypes implements EventType, ArtifactEventType {
final BlackboardAttribute longEnd = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_END); final BlackboardAttribute longEnd = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_END);
return String.format("from %1$g %2$g to %3$g %4$g", latStart.getValueDouble(), longStart.getValueDouble(), latEnd.getValueDouble(), longEnd.getValueDouble()); return String.format("from %1$g %2$g to %3$g %4$g", latStart.getValueDouble(), longStart.getValueDouble(), latEnd.getValueDouble(), longEnd.getValueDouble());
}), }),
GPS_TRACKPOINT("Location History", "gps_trackpoint.png", GPS_TRACKPOINT("Location History", "gps-trackpoint.png",
BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT, BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT,
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME,
new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME), new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME),