mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-18 18:47:43 +00:00
Merge branch 'master' of github.com:sleuthkit/autopsy
This commit is contained in:
Dick Fickling
commit
c0470f53e0
@ -1,8 +1,8 @@
|
||||
build.xml.data.CRC32=f7f11023
|
||||
build.xml.data.CRC32=29b5838d
|
||||
build.xml.script.CRC32=d7506201
|
||||
build.xml.stylesheet.CRC32=a56c6a5b@1.46.2
|
||||
build.xml.stylesheet.CRC32=a56c6a5b@1.46.1
|
||||
# This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml.
|
||||
# Do not edit this file. You may delete it but then the IDE will never regenerate such files for you.
|
||||
nbproject/build-impl.xml.data.CRC32=f7f11023
|
||||
nbproject/build-impl.xml.data.CRC32=29b5838d
|
||||
nbproject/build-impl.xml.script.CRC32=c3845be2
|
||||
nbproject/build-impl.xml.stylesheet.CRC32=238281d1@1.46.2
|
||||
nbproject/build-impl.xml.stylesheet.CRC32=238281d1@1.46.1
|
||||
|
||||
@ -59,6 +59,8 @@ class KeywordSearchEditListPanel extends javax.swing.JPanel implements ListSelec
|
||||
private static Logger logger = Logger.getLogger(KeywordSearchEditListPanel.class.getName());
|
||||
private KeywordTableModel tableModel;
|
||||
private String currentKeywordList;
|
||||
|
||||
|
||||
private boolean ingestRunning;
|
||||
private boolean locked;
|
||||
private static KeywordSearchEditListPanel instance = null;
|
||||
@ -76,6 +78,7 @@ class KeywordSearchEditListPanel extends javax.swing.JPanel implements ListSelec
|
||||
}
|
||||
return instance;
|
||||
}
|
||||
|
||||
|
||||
private void customizeComponents() {
|
||||
locked = false;
|
||||
@ -109,7 +112,7 @@ class KeywordSearchEditListPanel extends javax.swing.JPanel implements ListSelec
|
||||
|
||||
final ListSelectionModel lsm = keywordTable.getSelectionModel();
|
||||
lsm.addListSelectionListener(new ListSelectionListener() {
|
||||
|
||||
|
||||
@Override
|
||||
public void valueChanged(ListSelectionEvent e) {
|
||||
if (lsm.isSelectionEmpty() || locked) {
|
||||
@ -148,6 +151,7 @@ class KeywordSearchEditListPanel extends javax.swing.JPanel implements ListSelec
|
||||
});
|
||||
|
||||
//loadDefaultKeywords();
|
||||
|
||||
|
||||
initButtons();
|
||||
|
||||
@ -649,7 +653,7 @@ class KeywordSearchEditListPanel extends javax.swing.JPanel implements ListSelec
|
||||
|
||||
@Override
|
||||
public void valueChanged(ListSelectionEvent e) {
|
||||
|
||||
//respond to list selection changes in KeywordSearchListManagementPanel
|
||||
ListSelectionModel listSelectionModel = (ListSelectionModel) e.getSource();
|
||||
if (!listSelectionModel.isSelectionEmpty()) {
|
||||
int index = listSelectionModel.getMinSelectionIndex();
|
||||
@ -667,7 +671,6 @@ class KeywordSearchEditListPanel extends javax.swing.JPanel implements ListSelec
|
||||
tableModel.resync(currentKeywordList);
|
||||
initButtons();
|
||||
} else {
|
||||
currentKeywordList = null;
|
||||
tableModel.deleteAll();
|
||||
initButtons();
|
||||
}
|
||||
|
||||
@ -66,12 +66,13 @@ sub pluginmain {
|
||||
#::logMsg($key_path." has no values.");
|
||||
}
|
||||
::rptMsg("</artifacts>");
|
||||
::rptMsg("</runMRU>");
|
||||
}
|
||||
else {
|
||||
#::rptMsg($key_path." not found.");
|
||||
#::logMsg($key_path." not found.");
|
||||
}
|
||||
::rptMsg("</runMRU>");
|
||||
|
||||
}
|
||||
|
||||
1;
|
||||
@ -66,7 +66,7 @@ sub pluginmain {
|
||||
|
||||
my @list = split(/,/,$rdvals{$tag});
|
||||
foreach my $i (@list) {
|
||||
::rptMsg("<doc>".$i." = ".$rdvals{$i} . "</doc>");
|
||||
::rptMsg("<doc name=\"Windows\">".$rdvals{$i} . "</doc>");
|
||||
}
|
||||
|
||||
}
|
||||
@ -79,8 +79,8 @@ sub pluginmain {
|
||||
my @subkeys = $key->get_list_of_subkeys();
|
||||
if (scalar(@subkeys) > 0) {
|
||||
foreach my $s (@subkeys) {
|
||||
::rptMsg($key_path."\\".$s->get_name());
|
||||
::rptMsg("LastWrite Time ".gmtime($s->get_timestamp())." (UTC)");
|
||||
#::rptMsg($key_path."\\".$s->get_name());
|
||||
#::rptMsg("LastWrite Time ".gmtime($s->get_timestamp())." (UTC)");
|
||||
|
||||
my %rdvals = getRDValues($s);
|
||||
if (%rdvals) {
|
||||
@ -96,12 +96,12 @@ sub pluginmain {
|
||||
}
|
||||
|
||||
my @list = split(/,/,$rdvals{$tag});
|
||||
::rptMsg($tag." = ".$rdvals{$tag});
|
||||
#::rptMsg($tag." = ".$rdvals{$tag});
|
||||
foreach my $i (@list) {
|
||||
::rptMsg(" ".$i." = ".$rdvals{$i});
|
||||
#::rptMsg("".$rdvals{$i});
|
||||
}
|
||||
|
||||
::rptMsg("");
|
||||
#::rptMsg("");
|
||||
}
|
||||
else {
|
||||
#::rptMsg($key_path." has no values.");
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
* and open the template in the editor.
|
||||
*/
|
||||
package org.sleuthkit.autopsy.recentactivity;
|
||||
import com.google.gson.JsonArray;
|
||||
import com.google.gson.JsonElement;
|
||||
import com.google.gson.JsonObject;
|
||||
import com.google.gson.JsonParser;
|
||||
@ -210,61 +211,33 @@ public class Chrome {
|
||||
dbFile.delete();
|
||||
break;
|
||||
}
|
||||
try
|
||||
try
|
||||
{
|
||||
|
||||
final JsonParser parser = new JsonParser();
|
||||
JsonElement jsonElement = parser.parse(new FileReader(temps));
|
||||
JsonObject jsonBookmarks = jsonElement.getAsJsonObject();
|
||||
JsonObject test = jsonElement.getAsJsonObject();
|
||||
JsonObject whatever = test.get("roots").getAsJsonObject();
|
||||
JsonObject whatever2 = whatever.get("bookmark_bar").getAsJsonObject();
|
||||
JsonArray whatever3 = whatever2.getAsJsonArray("children");
|
||||
|
||||
// JsonArray results = parser.parse(new FileReader(temps)).getAsJsonObject().getAsJsonArray("roots").getAsJsonObject().getAsJsonArray("bookmark_bar").get(0).getAsJsonObject().getAsJsonArray("children");
|
||||
for (JsonElement result : whatever3) {
|
||||
|
||||
JsonObject address = result.getAsJsonObject();
|
||||
String url = address.get("url").getAsString();
|
||||
String name = address.get("name").getAsString();
|
||||
String date = address.get("date_added").getAsString();
|
||||
|
||||
for ( Entry<String, JsonElement> entry : jsonBookmarks.entrySet()) {
|
||||
String key = entry.getKey();
|
||||
JsonElement value = entry.getValue();
|
||||
if(key.contains("roots"))
|
||||
{
|
||||
JsonObject jsonRoots = value.getAsJsonObject();
|
||||
for ( Entry<String, JsonElement> roots : jsonRoots.entrySet()) {
|
||||
if(roots.getKey().contains("bookmark_bar")){
|
||||
JsonObject jsonChildren = roots.getValue().getAsJsonObject();
|
||||
for ( Entry<String, JsonElement> children : jsonChildren.entrySet()) {
|
||||
JsonObject bookmarks = children.getValue().getAsJsonObject();
|
||||
for (Entry<String, JsonElement> recs : bookmarks.entrySet()) {
|
||||
JsonObject rec = recs.getValue().getAsJsonObject();
|
||||
|
||||
String url = rec.get("url").getAsString();
|
||||
String name = rec.get("name").getAsString();
|
||||
String date = rec.get("date_added").getAsString();
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK);
|
||||
// Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
|
||||
// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",""));
|
||||
// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",""));
|
||||
// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","",""));
|
||||
// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome"));
|
||||
// bbart.addAttributes(bbattributes);
|
||||
}
|
||||
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK);
|
||||
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
|
||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",date));
|
||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",url));
|
||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","",name));
|
||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome"));
|
||||
bbart.addAttributes(bbattributes);
|
||||
}
|
||||
// dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString);
|
||||
// ResultSet temprs = tempdbconnect.executeQry(chbookmarkquery);
|
||||
// while(temprs.next())
|
||||
// {
|
||||
// BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK);
|
||||
// Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
|
||||
// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getString("last_visit_time")));
|
||||
// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",((temprs.getString("url") != null) ? temprs.getString("url") : "")));
|
||||
// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "")));
|
||||
// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome"));
|
||||
// bbart.addAttributes(bbattributes);
|
||||
//
|
||||
// }
|
||||
// tempdbconnect.closeConnection();
|
||||
// temprs.close();
|
||||
|
||||
|
||||
}
|
||||
catch (Exception ex)
|
||||
|
||||
@ -46,11 +46,11 @@ import org.sleuthkit.autopsy.casemodule.Case;
|
||||
import org.sleuthkit.autopsy.datamodel.ContentUtils;
|
||||
import org.sleuthkit.autopsy.datamodel.KeyValue;
|
||||
import org.sleuthkit.autopsy.ingest.IngestImageWorkerController;
|
||||
import org.sleuthkit.autopsy.ingest.IngestImageWorkerController;
|
||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
|
||||
import org.sleuthkit.datamodel.BlackboardAttribute;
|
||||
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
|
||||
import org.sleuthkit.datamodel.Content;
|
||||
import org.sleuthkit.datamodel.FsContent;
|
||||
import org.sleuthkit.datamodel.SleuthkitCase;
|
||||
import org.sleuthkit.datamodel.TskException;
|
||||
@ -59,7 +59,9 @@ public class ExtractIE { // implements BrowserActivity {
|
||||
|
||||
private static final Logger logger = Logger.getLogger(ExtractIE.class.getName());
|
||||
private String indexDatQueryStr = "select * from tsk_files where name LIKE '%index.dat%'";
|
||||
|
||||
private String favoriteQuery = "select * from `tsk_files` where parent_path LIKE '%/Favorites%' and name LIKE '%.url'";
|
||||
private String cookiesQuery = "select * from `tsk_files` where parent_path LIKE '%/Cookies%' and name LIKE '%.txt'";
|
||||
private String recentQuery = "select * from `tsk_files` where parent_path LIKE '%/Recent%' and name LIKE '%.lnk'";
|
||||
//sleauthkit db handle
|
||||
SleuthkitCase tempDb;
|
||||
|
||||
@ -79,6 +81,117 @@ public class ExtractIE { // implements BrowserActivity {
|
||||
|
||||
public ExtractIE(List<String> image, IngestImageWorkerController controller) {
|
||||
init(image, controller);
|
||||
|
||||
//Favorites section
|
||||
// This gets the favorite info
|
||||
try
|
||||
{
|
||||
Case currentCase = Case.getCurrentCase(); // get the most updated case
|
||||
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
|
||||
String allFS = new String();
|
||||
for(String img : image)
|
||||
{
|
||||
allFS += " AND fs_obj_id = '" + img + "'";
|
||||
}
|
||||
List<FsContent> FavoriteList;
|
||||
|
||||
ResultSet rs = tempDb.runQuery(favoriteQuery + allFS);
|
||||
FavoriteList = tempDb.resultSetToFsContents(rs);
|
||||
rs.close();
|
||||
rs.getStatement().close();
|
||||
|
||||
for(FsContent Favorite : FavoriteList)
|
||||
{
|
||||
if (controller.isCancelled() ) {
|
||||
break;
|
||||
}
|
||||
Content fav = Favorite;
|
||||
byte[] t = fav.read(0, fav.getSize());
|
||||
String bookmarkString = new String(t);
|
||||
String re1=".*?"; // Non-greedy match on filler
|
||||
String re2="((?:http|https)(?::\\/{2}[\\w]+)(?:[\\/|\\.]?)(?:[^\\s\"]*))"; // HTTP URL 1
|
||||
String url = "";
|
||||
Pattern p = Pattern.compile(re1+re2,Pattern.CASE_INSENSITIVE | Pattern.DOTALL);
|
||||
Matcher m = p.matcher(bookmarkString);
|
||||
if (m.find())
|
||||
{
|
||||
url = m.group(1);
|
||||
}
|
||||
String name = Favorite.getName();
|
||||
String datetime = Favorite.getCrtimeAsDate();
|
||||
|
||||
BlackboardArtifact bbart = Favorite.newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK);
|
||||
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
|
||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",datetime));
|
||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",url));
|
||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","",name));
|
||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Internet Explorer"));
|
||||
bbart.addAttributes(bbattributes);
|
||||
|
||||
}
|
||||
}
|
||||
catch(TskException ex)
|
||||
{
|
||||
logger.log(Level.WARNING, "Error while trying to retrieve content from the TSK .", ex);
|
||||
}
|
||||
catch(SQLException ioex)
|
||||
{
|
||||
logger.log(Level.WARNING, "Error while trying to retrieve files from the TSK .", ioex);
|
||||
}
|
||||
|
||||
//Cookies section
|
||||
// This gets the cookies info
|
||||
try
|
||||
{
|
||||
Case currentCase = Case.getCurrentCase(); // get the most updated case
|
||||
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
|
||||
String allFS = new String();
|
||||
for(String img : image)
|
||||
{
|
||||
allFS += " AND fs_obj_id = '" + img + "'";
|
||||
}
|
||||
List<FsContent> CookiesList;
|
||||
|
||||
ResultSet rs = tempDb.runQuery(cookiesQuery + allFS);
|
||||
CookiesList = tempDb.resultSetToFsContents(rs);
|
||||
rs.close();
|
||||
rs.getStatement().close();
|
||||
|
||||
for(FsContent Cookie : CookiesList)
|
||||
{
|
||||
if (controller.isCancelled() ) {
|
||||
break;
|
||||
}
|
||||
Content fav = Cookie;
|
||||
byte[] t = fav.read(0, fav.getSize());
|
||||
String cookieString = new String(t);
|
||||
|
||||
String[] values = cookieString.split("\n");
|
||||
String url = values[2];
|
||||
String value = values[1];
|
||||
String name = values[0];
|
||||
String datetime = Cookie.getCrtimeAsDate();
|
||||
|
||||
BlackboardArtifact bbart = Cookie.newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE);
|
||||
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
|
||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", url));
|
||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(),"RecentActivity", "Last Visited",datetime));
|
||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),"RecentActivity", "",value));
|
||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","Title",(name != null) ? name : ""));
|
||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Internet Explorer"));
|
||||
bbart.addAttributes(bbattributes);
|
||||
|
||||
}
|
||||
}
|
||||
catch(TskException ex)
|
||||
{
|
||||
logger.log(Level.WARNING, "Error while trying to retrieve content from the TSK .", ex);
|
||||
}
|
||||
catch(SQLException ioex)
|
||||
{
|
||||
logger.log(Level.WARNING, "Error while trying to retrieve files from the TSK .", ioex);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
//@Override
|
||||
|
||||
@ -4,9 +4,14 @@
|
||||
*/
|
||||
package org.sleuthkit.autopsy.recentactivity;
|
||||
|
||||
import java.io.BufferedReader;
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.InputStreamReader;
|
||||
import java.io.StringReader;
|
||||
import java.nio.charset.Charset;
|
||||
import java.sql.ResultSet;
|
||||
import java.sql.SQLException;
|
||||
import java.util.ArrayList;
|
||||
@ -111,8 +116,8 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
|
||||
//Now fetch the results, parse them and the delete the files.
|
||||
if(Success)
|
||||
{
|
||||
//Delete dat file since it was succcessfully by Pasco
|
||||
regFile.delete();
|
||||
//Delete dat file since it was succcessful
|
||||
regFile.delete();
|
||||
}
|
||||
j++;
|
||||
|
||||
@ -144,11 +149,11 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
|
||||
|
||||
if(regFilePath.toLowerCase().contains("system"))
|
||||
{
|
||||
type = "system";
|
||||
type = "1system";
|
||||
}
|
||||
if(regFilePath.toLowerCase().contains("software"))
|
||||
{
|
||||
type = "software";
|
||||
type = "1software";
|
||||
}
|
||||
if(regFilePath.toLowerCase().contains("ntuser"))
|
||||
{
|
||||
@ -156,15 +161,15 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
|
||||
}
|
||||
if(regFilePath.toLowerCase().contains("default"))
|
||||
{
|
||||
type = "default";
|
||||
type = "1default";
|
||||
}
|
||||
if(regFilePath.toLowerCase().contains("sam"))
|
||||
{
|
||||
type = "sam";
|
||||
type = "1sam";
|
||||
}
|
||||
if(regFilePath.toLowerCase().contains("security"))
|
||||
{
|
||||
type = "security";
|
||||
type = "1security";
|
||||
}
|
||||
|
||||
String command = RR_PATH + " -r " + regFilePath +" -f " + type + "> " + txtPath;
|
||||
@ -188,8 +193,10 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
|
||||
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
|
||||
|
||||
try {
|
||||
|
||||
String regString = new Scanner(new File(regRecord)).useDelimiter("\\Z").next();
|
||||
File regfile = new File(regRecord);
|
||||
|
||||
BufferedReader input = new BufferedReader(new InputStreamReader(new FileInputStream(regfile)));
|
||||
String regString = new Scanner(input).useDelimiter("\\Z").next();
|
||||
String startdoc = "<document>";
|
||||
String result = regString.replaceAll("----------------------------------------","");
|
||||
String enddoc = "</document>";
|
||||
@ -212,18 +219,21 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
|
||||
|
||||
Element artroot = tempnode.getChild("artifacts");
|
||||
List artlist = artroot.getChildren();
|
||||
|
||||
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
|
||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time));
|
||||
if(artlist.isEmpty()){
|
||||
}
|
||||
else{
|
||||
|
||||
Iterator aiterator = artlist.iterator();
|
||||
while (aiterator.hasNext()) {
|
||||
Element artnode = (Element) aiterator.next();
|
||||
String name = artnode.getAttributeValue("name");
|
||||
String value = artnode.getTextTrim();
|
||||
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
|
||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time));
|
||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", context, name));
|
||||
|
||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", context, value));
|
||||
}
|
||||
if("recentdocs".equals(context)){
|
||||
if("recentdocs".equals(context)){
|
||||
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT);
|
||||
bbart.addAttributes(bbattributes);
|
||||
}
|
||||
@ -238,13 +248,16 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
|
||||
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(sysid);
|
||||
bbart.addAttributes(bbattributes);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
|
||||
logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + ex);
|
||||
logger.log(Level.WARNING, "Error while trying to read into a registry file." + ex);
|
||||
}
|
||||
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user