mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 10:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/develop' into 7238-Complete-replacement-of-legacy-Android-Analyzer-module

Browse Source
This commit is contained in:
Mark McKinnon 2021-03-17 10:13:25 -04:00
commit bd3bf463f8
7 changed files with 103 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Core/src/org/sleuthkit/autopsy/datamodel/DataSourcesByTypeNode.java
View File

@ -22,7 +22,9 @@ import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import java.util.EnumSet;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.stream.Collectors;
import org.openide.nodes.ChildFactory;
import org.openide.nodes.Children;
import org.openide.nodes.Node;
@ -48,13 +50,23 @@ public class DataSourcesByTypeNode extends DisplayableItemNode {
*/
public static class DataSourcesByTypeChildren extends ChildFactory.Detachable<HostDataSources> {
private static final Set<Case.Events> UPDATE_EVTS = EnumSet.of(
Case.Events.DATA_SOURCE_ADDED,
Case.Events.HOSTS_ADDED,
Case.Events.HOSTS_DELETED,
Case.Events.HOSTS_CHANGED);
private static final Set<String> UPDATE_EVT_STRS = UPDATE_EVTS.stream()
.map(evt -> evt.name())
.collect(Collectors.toSet());
private static final Logger logger = Logger.getLogger(DataSourcesByTypeChildren.class.getName());
private final PropertyChangeListener pcl = new PropertyChangeListener() {
@Override
public void propertyChange(PropertyChangeEvent evt) {
String eventType = evt.getPropertyName();
if (eventType.equals(Case.Events.DATA_SOURCE_ADDED.toString())) {
if (UPDATE_EVT_STRS.contains(eventType)) {
refresh(true);
}
}
@ -62,12 +74,12 @@ public class DataSourcesByTypeNode extends DisplayableItemNode {
@Override
protected void addNotify() {
Case.addEventTypeSubscriber(EnumSet.of(Case.Events.DATA_SOURCE_ADDED), pcl);
Case.addEventTypeSubscriber(UPDATE_EVTS, pcl);
}
@Override
protected void removeNotify() {
Case.removeEventTypeSubscriber(EnumSet.of(Case.Events.DATA_SOURCE_ADDED), pcl);
Case.removeEventTypeSubscriber(UPDATE_EVTS, pcl);
}
@Override
@ -91,7 +103,7 @@ public class DataSourcesByTypeNode extends DisplayableItemNode {
}
}
private static final String NAME = Bundle.DataSourcesHostsNode_name();
/**
@ -100,7 +112,7 @@ public class DataSourcesByTypeNode extends DisplayableItemNode {
public static String getNameIdentifier() {
return NAME;
}
/**
* Main constructor.
*/

37
Core/src/org/sleuthkit/autopsy/datamodel/OsAccounts.java
View File

@ -24,6 +24,7 @@ import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.EnumSet;
import java.util.List;
import java.util.Optional;
import java.util.logging.Level;
@ -52,7 +53,7 @@ public final class OsAccounts implements AutopsyVisitableItem {
private static final String ICON_PATH = "org/sleuthkit/autopsy/images/os-account.png";
private static final SimpleDateFormat DATE_FORMATTER = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss z");
private final SleuthkitCase skCase;
private SleuthkitCase skCase;
private final long filteringDSObjId;
public OsAccounts(SleuthkitCase skCase) {
@ -112,34 +113,46 @@ public final class OsAccounts implements AutopsyVisitableItem {
private final PropertyChangeListener listener = new PropertyChangeListener() {
@Override
public void propertyChange(PropertyChangeEvent evt) {
refresh(true);
String eventType = evt.getPropertyName();
if(eventType.equals(Case.Events.OS_ACCOUNT_ADDED.toString())) {
refresh(true);
} else if (eventType.equals(Case.Events.CURRENT_CASE.toString())) {
// case was closed. Remove listeners so that we don't get called with a stale case handle
if (evt.getNewValue() == null) {
removeNotify();
skCase = null;
}
}
}
};
@Override
protected void addNotify() {
Case.addEventTypeSubscriber(Collections.singleton(Case.Events.OS_ACCOUNT_ADDED), listener);
Case.addEventTypeSubscriber(EnumSet.of(Case.Events.CURRENT_CASE), listener);
}
@Override
protected void removeNotify() {
Case.removeEventTypeSubscriber(Collections.singleton(Case.Events.OS_ACCOUNT_ADDED), listener);
Case.removeEventTypeSubscriber(EnumSet.of(Case.Events.CURRENT_CASE), listener);
}
@Override
protected boolean createKeys(List<OsAccount> list) {
try {
if (filteringDSObjId == 0) {
list.addAll(skCase.getOsAccountManager().getAccounts());
} else {
Host host = skCase.getHostManager().getHost(skCase.getDataSource(filteringDSObjId));
list.addAll(skCase.getOsAccountManager().getAccounts(host));
if(skCase != null) {
try {
if (filteringDSObjId == 0) {
list.addAll(skCase.getOsAccountManager().getAccounts());
} else {
Host host = skCase.getHostManager().getHost(skCase.getDataSource(filteringDSObjId));
list.addAll(skCase.getOsAccountManager().getAccounts(host));
}
} catch (TskCoreException | TskDataException ex) {
logger.log(Level.SEVERE, "Unable to retrieve list of OsAccounts for case", ex);
return false;
}
} catch (TskCoreException | TskDataException ex) {
logger.log(Level.SEVERE, "Unable to retrieve list of OsAccounts for case", ex);
return false;
}
return true;
}

40
Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/aleap-artifact-attribute-reference.xml
View File

@ -48,7 +48,7 @@
<FileName filename="accounts de 0.tsv" description="Accounts_de">
<ArtifactName artifactname="TSK_SERVICE_ACCOUNT" comment="accounts de 0">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last password entry" required="no" />
<AttributeName attributename="null" columnName="Last password entry" required="no" />
<AttributeName attributename="TSK_USER_ID" columnName="Name" required="yes" />
<AttributeName attributename="TSK_PROG_NAME" columnName="Type" required="yes" />
</ArtifactName>
@ -66,13 +66,13 @@
<FileName filename="Browser cookies.tsv" description="Browser Cookies">
<ArtifactName artifactname="TSK_WEB_COOKIE" comment="Browser Cookies">
<AttributeName attributename="TSK_DATETIME_START" columnName="Last Access Date" required="yes" />
<AttributeName attributename="TSK_DOMAIN" columnName="Host" required="yes" />
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Access Date" required="yes" />
<AttributeName attributename="TSK_URL" columnName="Host" required="yes" />
<AttributeName attributename="TSK_NAME" columnName="Name" required="yes" />
<AttributeName attributename="TSK_VALUE" columnName="Value" required="yes" />
<AttributeName attributename="TSK_DATETIME_CREATED" columnName="Created Date" required="yes" />
<AttributeName attributename="TSK_DATETIME_END" columnName="Expiration Date" required="yes" />
<AttributeName attributename="TSK_PATH" columnName="Path" required="yes" />
<AttributeName attributename="null" columnName="Path" required="yes" />
</ArtifactName>
</FileName>
@ -90,7 +90,7 @@
<ArtifactName artifactname="TSK_WEB_SEARCH_QUERY" comment="Browser Keyword Search Terms">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Visit Time" required="yes"/>
<AttributeName attributename="TSK_TEXT" columnName="Term" required="yes"/>
<AttributeName attributename="TSK_URL" columnName="URL" required="yes"/>
<AttributeName attributename="TSK_DOMAIN" columnName="URL" required="yes"/>
</ArtifactName>
</FileName>
@ -120,7 +120,7 @@
<ArtifactName artifactname="TSK_WEB_SEARCH_QUERY" comment="Browser Search Terms">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Visit Time" required="yes"/>
<AttributeName attributename="TSK_TEXT" columnName="Search Term" required="yes"/>
<AttributeName attributename="TSK_URL" columnName="URL" required="yes"/>
<AttributeName attributename="TSK_DOMAIN" columnName="URL" required="yes"/>
<AttributeName attributename="null" columnName="Title" required="no"/>
<AttributeName attributename="null" columnName="Visit Count" required="no"/>
</ArtifactName>
@ -163,13 +163,13 @@
<FileName filename="Chrome cookies.tsv" description="Chrome Cookies">
<ArtifactName artifactname="TSK_WEB_COOKIE" comment="Chrome Cookies">
<AttributeName attributename="TSK_DATETIME_START" columnName="Last Access Date" required="yes" />
<AttributeName attributename="TSK_DOMAIN" columnName="Host" required="yes" />
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Access Date" required="yes" />
<AttributeName attributename="TSK_URL" columnName="Host" required="yes" />
<AttributeName attributename="TSK_NAME" columnName="Name" required="yes" />
<AttributeName attributename="TSK_VALUE" columnName="Value" required="yes" />
<AttributeName attributename="TSK_DATETIME_CREATED" columnName="Created Date" required="yes" />
<AttributeName attributename="TSK_DATETIME_END" columnName="Expiration Date" required="yes" />
<AttributeName attributename="TSK_PATH" columnName="Path" required="yes" />
<AttributeName attributename="null" columnName="Path" required="no" />
</ArtifactName>
</FileName>
@ -209,7 +209,7 @@
<ArtifactName artifactname="TSK_WEB_SEARCH_QUERY" comment="Chrome Search Terms">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Visit Time" required="yes"/>
<AttributeName attributename="TSK_TEXT" columnName="Search Term" required="yes"/>
<AttributeName attributename="TSK_URL" columnName="URL" required="yes"/>
<AttributeName attributename="TSK_DOMAIN" columnName="URL" required="yes"/>
<AttributeName attributename="null" columnName="Title" required="no"/>
<AttributeName attributename="null" columnName="Visit Count" required="no"/>
</ArtifactName>
@ -225,7 +225,7 @@
</FileName>
<FileName filename="Edge Bookmarks.tsv" description="Edge Bookmarks">
<ArtifactName artifactname="TSK_WEB_BOOKMARK" comment="Chrome Bookmarks">
<ArtifactName artifactname="TSK_WEB_BOOKMARK" comment="Edge Bookmarks">
<AttributeName attributename="TSK_DATETIME_CREATED" columnName="Added Date" required="yes" />
<AttributeName attributename="TSK_URL" columnName="URL" required="yes" />
<AttributeName attributename="TSK_TITLE" columnName="Name" required="yes" />
@ -236,13 +236,13 @@
<FileName filename="Edge cookies.tsv" description="Edge Cookies">
<ArtifactName artifactname="TSK_WEB_COOKIE" comment="Edge Cookies">
<AttributeName attributename="TSK_DATETIME_START" columnName="Last Access Date" required="yes" />
<AttributeName attributename="TSK_DOMAIN" columnName="Host" required="yes" />
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Access Date" required="yes" />
<AttributeName attributename="TSK_URL" columnName="Host" required="yes" />
<AttributeName attributename="TSK_NAME" columnName="Name" required="yes" />
<AttributeName attributename="TSK_VALUE" columnName="Value" required="yes" />
<AttributeName attributename="TSK_DATETIME_CREATED" columnName="Created Date" required="yes" />
<AttributeName attributename="TSK_DATETIME_END" columnName="Expiration Date" required="yes" />
<AttributeName attributename="TSK_PATH" columnName="Path" required="yes" />
<AttributeName attributename="null" columnName="Path" required="no" />
</ArtifactName>
</FileName>
@ -282,7 +282,7 @@
<ArtifactName artifactname="TSK_WEB_SEARCH_QUERY" comment="Chrome Search Terms">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Visit Time" required="yes"/>
<AttributeName attributename="TSK_TEXT" columnName="Search Term" required="yes"/>
<AttributeName attributename="TSK_URL" columnName="URL" required="yes"/>
<AttributeName attributename="TSK_DOMAIN" columnName="URL" required="yes"/>
<AttributeName attributename="null" columnName="Title" required="no"/>
<AttributeName attributename="null" columnName="Visit Count" required="no"/>
</ArtifactName>
@ -318,7 +318,7 @@
<FileName filename="installed apps library.tsv" description="Installed Apps (Library)">
<ArtifactName artifactname="TSK_INSTALLED_PROG" comment="Installed Apps (Library)">
<AttributeName attributename="TSK_DATETIME" columnName="Purchase Time" required="yes"/>
<AttributeName attributename="TSK_USER_NAME" columnName="Account" required="yes"/>
<AttributeName attributename="null" columnName="Account" required="no"/>
<AttributeName attributename="TSK_PROG_NAME" columnName="Doc ID" required="yes"/>
</ArtifactName>
</FileName>
@ -333,7 +333,7 @@
<ArtifactName artifactname="TSK_INSTALLED_PROG" comment="Installed Apps (Vending)">
<AttributeName attributename="TSK_DATETIME" columnName="First Download" required="yes" />
<AttributeName attributename="TSK_PROG_NAME" columnName="Package Name" required="yes" />
<AttributeName attributename="TSK_TITLE" columnName="Title" required="yes" />
<AttributeName attributename="null" columnName="Title" required="no" />
<AttributeName attributename="null" columnName="Install Reason" required="no" />
<AttributeName attributename="null" columnName="Auto Update?" required="no" />
</ArtifactName>
@ -482,10 +482,10 @@
<AttributeName attributename="TSK_PHONE_NUMBER_TO" columnName="recipients" required="yes"/>
<AttributeName attributename="TSK_DIRECTION" columnName="direction" required="yes"/>
<AttributeName attributename="TSK_TEXT" columnName="content" required="yes"/>
<AttributeName attributename="TSK_DATETIME_START" columnName="send_timestamp" required="yes" />
<AttributeName attributename="TSK_DATETIME" columnName="send_timestamp" required="yes" />
<AttributeName attributename="null" columnName="received_timestamp" required="no"/>
<AttributeName attributename="TSK_PHONE_NUMBER_FROM" columnName="group_sender" required="yes"/>
<AttributeName attributename="TSK_ATTACHMENTS" columnName="attachment" required="yes" />
<AttributeName attributename="TSK_PHONE_NUMBER_FROM" columnName="number" required="yes"/>
<AttributeName attributename="TSK_ATTACHMENTS" columnName="name" required="yes" />
<AttributeName attributename="TSK_TEXT_FILE" columnName="source file" required="yes"/>
</ArtifactName>
</FileName>

52
Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ileap-artifact-attribute-reference.xml
View File

@ -72,7 +72,7 @@
<AttributeName attributename="null" columnName="Name Origin" required="no" />
<AttributeName attributename="null" columnName="Address" required="no" />
<AttributeName attributename="null" columnName="Resolved Address" required="no" />
<AttributeName attributename="TSK_DATETIME" columnName="Last Seen TIme" required="yes" />
<AttributeName attributename="TSK_DATETIME" columnName="Last Seen Time" required="yes" />
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Connection Time" required="yes" />
</ArtifactName>
</FileName>
@ -237,8 +237,8 @@
<FileName filename="KnowledgeC Bluetooth Connections.tsv" description="KnowledgeC Bluetooth Connections">
<ArtifactName artifactname="TSK_BLUETOOTH_PAIRING" comment="KnowledgeC Bluetooth Connections">
<AttributeName attributename="TSK_DATETIME_START" columnName="Start" required="yes" />
<AttributeName attributename="TSK_DATETIME_END" columnName="End" required="yes" />
<AttributeName attributename="TSK_DATETIME" columnName="Start" required="yes" />
<AttributeName attributename="null" columnName="End" required="no" />
<AttributeName attributename="TSK_MAC_ADDRESS" columnName="Bluetooth Address" required="yes" />
<AttributeName attributename="TSK_DEVICE_NAME" columnName="Bluetooth Name" required="yes" />
<AttributeName attributename="null" columnName="Usage in Seconds" required="no" />
@ -252,17 +252,15 @@
</FileName>
<FileName filename="KnowledgeC Car Play Connections.tsv" description="KnowledgeC Car Play Connections">
<ArtifactName artifactname="TSK_DEVICE_INFO" comment="KnowledgeC Car Play Connections">
<AttributeName attributename="TSK_DATETIME" columnName="Start" required="yes" />
<AttributeName attributename="null" columnName="End" required="no" />
<AttributeName attributename="null" columnName="Car Play Connected" required="yes" />
<ArtifactName artifactname="TSK_USER_DEVICE_EVENT" comment="KnowledgeC Car Play Connections">
<AttributeName attributename="TSK_DATETIME_START" columnName="Start" required="yes" />
<AttributeName attributename="TSK_DATETIME_END" columnName="End" required="yes" />
<AttributeName attributename="null" columnName="Car Play Connected" required="no" />
<AttributeName attributename="null" columnName="Usage in Seconds" required="no" />
<AttributeName attributename="null" columnName="Usage in Minutes" required="no" />
<AttributeName attributename="null" columnName="Day of Week" required="no" />
<AttributeName attributename="null" columnName="GMT Offset" required="no" />
<AttributeName attributename="null" columnName="Entry Creation" required="no" />
<AttributeName attributename="TSK_DEVICE_ID" columnName="UUID" required="yes" />
<AttributeName attributename="null" columnName="Zobject Table ID" required="no" />
</ArtifactName>
</FileName>
@ -314,9 +312,9 @@
<FileName filename="KnowledgeC Application in Focus.tsv" description="KnowledgeC Application In Focus">
<ArtifactName artifactname="TSK_PROG_RUN" comment="KnowledgeC Application In Focus">
<AttributeName attributename="TSK_DATETIME_START" columnName="Start" required="no" />
<AttributeName attributename="TSK_DATETIME_END" columnName="End" required="no" />
<AttributeName attributename="TSK_PROG_NAME" columnName="Bundle ID" required="no" />
<AttributeName attributename="TSK_DATETIME" columnName="Start" required="yes" />
<AttributeName attributename="null" columnName="End" required="no" />
<AttributeName attributename="TSK_PROG_NAME" columnName="Bundle ID" required="yes" />
<AttributeName attributename="null" columnName="Usage in Seconds" required="no" />
<AttributeName attributename="null" columnName="Usage in Minutes" required="no" />
<AttributeName attributename="null" columnName="Day of Week" required="no" />
@ -357,7 +355,7 @@
<ArtifactName artifactname="TSK_RECENT_OBJ" comment="KnowledgeC Media Playing">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Start" required="yes" />
<AttributeName attributename="null" columnName="End" required="no" />
<AttributeName attributename="TSK_PROG_NAME" columnName="Bundle ID" required="yes" />
<AttributeName attributename="TSK_PATH" columnName="Bundle ID" required="yes" />
<AttributeName attributename="null" columnName="Now Playing Album" required="no" />
<AttributeName attributename="null" columnName="Now Playing Artists" required="no" />
<AttributeName attributename="null" columnName="Playing Genre" required="no" />
@ -377,7 +375,7 @@
<ArtifactName artifactname="TSK_RECENT_OBJ" comment="KnowledgeC Notes - Activity">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Start" required="yes" />
<AttributeName attributename="null" columnName="End" required="no" />
<AttributeName attributename="TSK_PROG_NAME" columnName="Bundle ID" required="yes" />
<AttributeName attributename="TSK_PATH" columnName="Bundle ID" required="yes" />
<AttributeName attributename="null" columnName="Activity Type" required="no" />
<AttributeName attributename="null" columnName="User Activity Required String" required="no" />
<AttributeName attributename="null" columnName="ID" required="no" />
@ -495,13 +493,6 @@
</ArtifactName>
</FileName>
<FileName filename="Last Build.tsv" description="iOS Build">
<ArtifactName artifactname="TSK_OS_INFO" comment="iOS Build">
<AttributeName attributename="TSK_NAME" columnName="Key" required="yes" />
<AttributeName attributename="TSK_VALUE" columnName="Values" required="yes" />
</ArtifactName>
</FileName>
<FileName filename="LocationD LTE Location.tsv" description="LocationD LTE Location">
<ArtifactName artifactname="TSK_GPS_LAST_KNOWN_LOCATION" comment="LocationD LTE Location">
<AttributeName attributename="TSK_DATETIME" columnName="Timestamp" required="yes" />
@ -524,7 +515,7 @@
<FileName filename="RoutineD Vehicle Location.tsv" description="RoutineD Vehicle Location">
<ArtifactName artifactname="TSK_GPS_LAST_KNOWN_LOCATION" comment="RoutineD Vehicle Location">
<AttributeName attributename="TSK_DATETIME" columnName="Date" required="yes" />
<AttributeName attributename="TSK_DATETIME" columnName="Timestamp" required="yes" />
<AttributeName attributename="null" columnName="Location Date" required="no" />
<AttributeName attributename="null" columnName="Coordinates" required="no" />
<AttributeName attributename="null" columnName="Vehicle Identifier" required="no" />
@ -543,14 +534,12 @@
<FileName filename="RoutineD Parked Vehicle Historical.tsv" description="RoutineD Parked Vehicle Historical">
<ArtifactName artifactname="TSK_GPS_LAST_KNOWN_LOCATION" comment="RoutineD Parked Vehicle Historical">
<AttributeName attributename="TSK_DATETIME" columnName="Date" required="yes" />
<AttributeName attributename="TSK_DATETIME" columnName="Timestamp" required="yes" />
<AttributeName attributename="null" columnName="Location Date" required="no" />
<AttributeName attributename="null" columnName="Coordinates" required="no" />
<AttributeName attributename="null" columnName="Location Uncertainty" required="no" />
<AttributeName attributename="null" columnName="Identifier" required="no" />
<AttributeName attributename="TSK_GEO_LATITUDE" columnName="Latitude" required="yes" />
<AttributeName attributename="TSK_GEO_LONGITUDE" columnName="Longitude" required="yes" />
<AttributeName attributename="null" columnName="Table ID" required="no" />
</ArtifactName>
</FileName>
@ -714,13 +703,14 @@
</FileName>
<FileName filename="Powerlog Paired Device Conf.tsv" description="Powerlog Paired Device Configuration">
<ArtifactName artifactname="TSK_DEVICE_INFO" comment="Powerlog Paired Device Configuration">
<ArtifactName artifactname="TSK_DEVICE_ATTACHED" comment="Powerlog Paired Device Configuration">
<AttributeName attributename="TSK_DATETIME" columnName="Timestamp" required="yes" />
<AttributeName attributename="TSK_DEVICE_ID" columnName="Build" required="yes" />
<AttributeName attributename="TSK_DEVICE_MAKE" columnName="Device" required="yes" />
<AttributeName attributename="TSK_DEVICE_MODEL" columnName="PairedDeviceConfig Table ID" required="yes" />
<AttributeName attributename="TSK_DEVICE_MODEL" columnName="HW Model" required="yes" />
<AttributeName attributename="null" columnName="Pairing ID" required="no" />
</ArtifactName>
</FileName>
</FileName>
<FileName filename="Safari Browser History.tsv" description="Safari Browser">
<ArtifactName artifactname="TSK_WEB_HISTORY" comment="null">
@ -741,13 +731,13 @@
<ArtifactName artifactname="TSK_WEB_SEARCH_QUERY" comment="null">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Visit Time" required="yes" />
<AttributeName attributename="TSK_TEXT" columnName="Search Term" required="yes" />
<AttributeName attributename="TSK_URL" columnName="URL" required="yes" />
<AttributeName attributename="null" columnName="URL" required="yes" />
<AttributeName attributename="null" columnName="Visit Count" required="no" />
<AttributeName attributename="TSK_TITLE" columnName="Title" required="yes" />
<AttributeName attributename="null" columnName="Title" required="no" />
<AttributeName attributename="null" columnName="iCloud Sync" required="no" />
<AttributeName attributename="null" columnName="Load Successful" required="no" />
<AttributeName attributename="null" columnName="Visit ID" required="no" />
<AttributeName attributename="TSK_REFERRER" columnName="Redirect Source" required="yes" />
<AttributeName attributename="null" columnName="Redirect Source" required="no" />
<AttributeName attributename="null" columnName="Redirect Destination" required="no" />
<AttributeName attributename="null" columnName="History Item ID" required="no" />
</ArtifactName>

7
ImageGallery/src/org/sleuthkit/autopsy/imagegallery/ImageGalleryController.java
View File

@ -192,12 +192,15 @@ public final class ImageGalleryController {
* @param theCase The case.
*/
static void shutDownController(Case theCase) {
ImageGalleryController controller = null;
synchronized (controllersByCaseLock) {
if (controllersByCase.containsKey(theCase.getName())) {
ImageGalleryController controller = controllersByCase.remove(theCase.getName());
controller.shutDown();
controller = controllersByCase.remove(theCase.getName());
}
}
if (controller != null) {
controller.shutDown();
}
}
/**

16
ImageGallery/src/org/sleuthkit/autopsy/imagegallery/datamodel/DrawableFile.java
View File

@ -100,13 +100,9 @@ public abstract class DrawableFile {
private String model;
private final CategoryManager categoryManager;
protected DrawableFile(AbstractFile file, Boolean analyzed) {
this.analyzed = new SimpleBooleanProperty(analyzed);
this.file = file;
categoryManager = ImageGalleryController.getController(Case.getCurrentCase()).getCategoryManager();
}
public abstract boolean isVideo();
@ -245,13 +241,19 @@ public abstract class DrawableFile {
/**
* Update the category property.
*/
private void updateCategory() {
private void updateCategory() {
try {
ImageGalleryController controllerForCase = ImageGalleryController.getController(Case.getCurrentCaseThrows());
if (controllerForCase == null) {
// This can only happen during case closing, so return without generating an error.
return;
}
List<ContentTag> contentTags = getContentTags();
TagName tag = null;
for (ContentTag ct : contentTags) {
TagName tagName = ct.getName();
if (categoryManager.isCategoryTagName(tagName)) {
if (controllerForCase.getCategoryManager().isCategoryTagName(tagName)) {
tag = tagName;
break;
}
@ -259,7 +261,7 @@ public abstract class DrawableFile {
categoryTagName.set(tag);
} catch (TskCoreException ex) {
LOGGER.log(Level.WARNING, "problem looking up category for " + this.getContentPathSafe(), ex); //NON-NLS
} catch (IllegalStateException ex) {
} catch (IllegalStateException | NoCurrentCaseException ex) {
// We get here many times if the case is closed during ingest, so don't print out a ton of warnings.
}
}

6
test/script/tskdbdiff.py
View File

@ -444,6 +444,7 @@ def normalize_db_entry(line, files_table, vs_parts_table, vs_info_table, fs_info
ig_groups_seen_index = line.find('INSERT INTO "image_gallery_groups_seen"') > -1 or line.find('INSERT INTO image_gallery_groups_seen ') > -1
os_account_index = line.find('INSERT INTO "tsk_os_accounts"') > -1 or line.find('INSERT INTO tsk_os_accounts') > -1
os_account_attr_index = line.find('INSERT INTO "tsk_os_account_attributes"') > -1 or line.find('INSERT INTO tsk_os_account_attributes') > -1
os_account_instances_index = line.find('INSERT INTO "tsk_os_account_instances"') > -1 or line.find('INSERT INTO tsk_os_account_instances') > -1
parens = line[line.find('(') + 1 : line.rfind(')')]
no_space_parens = parens.replace(" ", "")
@ -664,6 +665,11 @@ def normalize_db_entry(line, files_table, vs_parts_table, vs_info_table, fs_info
fields_list[3] = "NULL"
newLine = ('INSERT INTO "tsk_os_account_attributes" VALUES(' + ','.join(fields_list[1:]) + ');') # remove id
return newLine
elif os_account_instances_index:
os_account_id = int(fields_list[1])
fields_list[1] = accounts_table[os_account_id]
newLine = ('INSERT INTO "tsk_os_account_instances" VALUES(' + ','.join(fields_list[1:]) + ');') # remove id
return newLine
else:
return line