mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 16:06:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Organize, clean, and sort HTML report tables

Browse Source
This commit is contained in:
Devin148 2012-11-30 16:40:21 -05:00
parent 2312212fe1
commit c0bb7d74fd
1 changed files with 170 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

290
Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
View File

@ -22,6 +22,7 @@
*/
package org.sleuthkit.autopsy.report;
import java.awt.Desktop;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileNotFoundException;
@ -30,22 +31,28 @@ import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.UnsupportedEncodingException;
import java.io.Writer;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Comparator;
import java.util.Date;
import java.util.HashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
import java.util.logging.Level;
import org.openide.filesystems.FileUtil;
import org.openide.util.Exceptions;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.coreutils.EscapeUtil;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.datamodel.*;
import org.sleuthkit.autopsy.coreutils.EscapeUtil;
/**
* Generates an HTML report for all the Blackboard Artifacts found in the current case.
@ -57,7 +64,7 @@ public class ReportHTML implements ReportModule {
+ "<html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\">\n";
private final String CSS = "<link rel=\"stylesheet\" type=\"text/css\" href=\"index.css\" />\n";
private final String TABLE_FOOT = "</tbody></table>";
private final String HTML_FOOT = "</body>\n</html>";
private final String HTML_FOOT = "</div>\n</body>\n</html>";
private ReportConfiguration config;
private int reportSize;
@ -65,23 +72,20 @@ public class ReportHTML implements ReportModule {
private Case currentCase = Case.getCurrentCase();
private SleuthkitCase skCase = currentCase.getSleuthkitCase();
//private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> general = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> bookmarks = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> cookies = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> history = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> downloads = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> recent = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> trackpoint = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> installed = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> keywords = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
//private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> hash = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> devices = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
//private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> email = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> search = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> exif = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> fileBookmarks = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> bookmarks;
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> cookies;
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> history;
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> downloads;
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> recent;
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> trackpoint;
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> installed;
//private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> keywords;
//private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> hash;
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> devices;
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> search;
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> exif;
private Set<Entry<BlackboardArtifact, List<BlackboardAttribute>>> fileBookmarks;
//private int countGeneral;
private int countBookmarks;
private int countCookies;
private int countHistory;
@ -92,7 +96,6 @@ public class ReportHTML implements ReportModule {
private int countKeywords;
//private int countHash;
private int countDevices;
//private int countEmails;
private int countSearch;
private int countExif;
private int countFileBookmarks;
@ -106,6 +109,57 @@ public class ReportHTML implements ReportModule {
}
return instance;
}
/**
* Iterates through two artifacts' attributes, and compares them in order until
* it finds one which is different from the other. If no differing attribute is
* found, the comparator compares file unique paths, and then lastly the
* artifact ID.
*/
private class ArtifactComparator implements Comparator<Map.Entry<BlackboardArtifact, List<BlackboardAttribute>>> {
@Override
public int compare(Map.Entry<BlackboardArtifact, List<BlackboardAttribute>> art1, Map.Entry<BlackboardArtifact, List<BlackboardAttribute>> art2) {
// Get all the attributes for each artifact
int size = BlackboardAttribute.ATTRIBUTE_TYPE.values().length;
TreeMap<Integer, String> att1 = getAttributes(art1.getValue());
TreeMap<Integer, String> att2 = getAttributes(art2.getValue());
// Compare the attributes one-by-one looking for differences
for(int i=0; i < size; i++) {
String a1 = att1.get(i);
String a2 = att2.get(i);
if((!a1.equals("") && !a2.equals("")) && a1.compareTo(a2) != 0) {
return a1.compareTo(a2);
}
}
// If there are no differenct artifacts, compare the file path
Long objId = art1.getKey().getObjectID();
AbstractFile file1 = getFile(objId);
objId = art2.getKey().getObjectID();
AbstractFile file2 = getFile(objId);
if(file1 != null && file2 !=null) {
try {
int result = file1.getUniquePath().compareTo(file2.getUniquePath());
if(result != 0) {
return result;
}
} catch (TskCoreException ex) { // Not a big deal, we'll compare artifact IDs
}
}
// If that's the same, use the artifact ID
if(art1.getKey().getArtifactID() < art2.getKey().getArtifactID()) {
return -1;
} else if(art1.getKey().getArtifactID() > art2.getKey().getArtifactID()) {
return 1;
} else {
return 0;
}
}
}
/**
* Generate all the data needed for the report.
@ -136,28 +190,25 @@ public class ReportHTML implements ReportModule {
}
// For every type of artifact, group that type into it's own set
//general = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
bookmarks = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
cookies = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
history = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
downloads = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
recent = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
trackpoint = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
installed = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
keywords = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
//hash = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
devices = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
//email = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
search = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
exif = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
fileBookmarks = new LinkedHashSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>();
ArtifactComparator c = new ArtifactComparator();
bookmarks = new TreeSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>(c);
cookies = new TreeSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>(c);
history = new TreeSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>(c);
downloads = new TreeSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>(c);
recent = new TreeSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>(c);
trackpoint = new TreeSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>(c);
installed = new TreeSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>(c);
//keywords = new TreeSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>(c);
//hash = new TreeSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>(c);
devices = new TreeSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>(c);
search = new TreeSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>(c);
exif = new TreeSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>(c);
fileBookmarks = new TreeSet<Entry<BlackboardArtifact, List<BlackboardAttribute>>>(c);
for (Entry<BlackboardArtifact, List<BlackboardAttribute>> entry : report.entrySet()) {
if (ReportFilter.cancel == true) {
break;
}
//if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) {
// general.add(entry);
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) {
bookmarks.add(entry);
} else if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) {
@ -173,13 +224,11 @@ public class ReportHTML implements ReportModule {
} else if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) {
installed.add(entry);
} else if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
keywords.add(entry);
countKeywords++;
//} else if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) {
// hash.add(entry);
} else if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) {
devices.add(entry);
//} else if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG.getTypeID()) {
// email.add(entry);
} else if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY.getTypeID()) {
search.add(entry);
} else if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_METADATA_EXIF.getTypeID()){
@ -189,8 +238,9 @@ public class ReportHTML implements ReportModule {
}
}
// Get the sizes for each type
//countGeneral = general.size();
countBookmarks = bookmarks.size();
countCookies = cookies.size();
countHistory = history.size();
@ -198,10 +248,9 @@ public class ReportHTML implements ReportModule {
countRecent = recent.size();
countTrackpoint = trackpoint.size();
countInstalled = installed.size();
countKeywords = keywords.size();
//countKeywords = keywords.size();
//countHash = hash.size();
countDevices = devices.size();
//countEmails = email.size();
countSearch = search.size();
countExif = exif.size();
countFileBookmarks = fileBookmarks.size();
@ -218,21 +267,23 @@ public class ReportHTML implements ReportModule {
Writer out = null;
try {
out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(folder + "index.css"), "UTF-8"));
String css = "body {padding: 30px; margin: 0; background: #FFFFFF; font: 13px/20px Arial, Helvetica, sans-serif; color: #535353;} \n"
+ "h1 {font-size: 26px; color: #005577; margin: 0 0 20px 0;} \n"
+ "h2 {font-size: 20px; font-weight: normal; color: #0077aa; margin: 40px 0 10px 0; padding: 0 0 10px 0; border-bottom: 1px solid #dddddd;} \n"
+ "h3 {font-size: 16px; color: #0077aa; margin: 40px 0 10px 0;} \n"
+ "ul.nav {list-style-type: none; line-height: 35px; padding: 0px;} \n"
+ "ul.nav li a {font-size: 14px; color: #444; text-shadow: #e9f9fd 0 1px 0; text-decoration: none; padding-left: 25px;} \n"
+ "ul.nav li a:hover {text-decoration: underline;} \n"
+ "p {margin: 0 0 20px 0;} \n"
+ "table {max-width: 100%; min-width: 700px; padding: 0; margin: 0; border-collapse: collapse; border-bottom: 1px solid #e5e5e5;} \n"
+ "table thead th {display: table-cell; text-align: left; padding: 8px 16px; background: #e5e5e5; color: #777; font-size: 11px; text-shadow: #e9f9fd 0 1px 0; border-top: 1px solid #dedede; border-bottom: 2px solid #dedede;} \n"
+ "/*table tr th:nth-child(1) {text-align: center; width: 60px;}*/ \n"
+ "table td {display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif; max-width: 500px; min-width: 125px; word-break: break-all; overflow: auto;} \n"
+ "table tr:nth-child(even) td {background: #f3f3f3;} \n"
+ "/*table tr td:nth-child(1) {text-align: left; width: 60px; background: #f3f3f3;}*/ \n"
+ "/*table tr:nth-child(even) td:nth-child(1) {background: #eaeaea;}*/ \n";
String css = "body {margin: 0px; padding: 0px; background: #FFFFFF; font: 13px/20px Arial, Helvetica, sans-serif; color: #535353;}\n" +
"#content {padding: 30px;}\n" +
"#header {width:100%; padding: 10px; line-height: 25px; background: #07A; color: #FFF; font-size: 20px;}\n" +
"h1 {font-size: 20px; font-weight: normal; color: #07A; padding: 0 0 7px 0; border-bottom: 1px solid #D6D6D6;}\n" +
"h2 {font-size: 20px; font-weight: bolder; color: #07A;}\n" +
"h3 {font-size: 16px; color: #07A;}\n" +
"ul.nav {list-style-type: none; line-height: 35px; padding: 0px;}\n" +
"ul li a {font-size: 14px; color: #444; text-decoration: none; padding-left: 25px;}\n" +
"ul li a:hover {text-decoration: underline;}\n" +
"p {margin: 0 0 20px 0;}\n" +
".keyword_list td.keyword {background: #07A; color: #FFF; font-size: 16px; padding: 3px; padding-left: 15px;}\n" +
".keyword_list td.blank {background: #FFF; padding: 20px; border-top: 1px solid #07A;}\n" +
"table {max-width: 100%; min-width: 700px; padding: 0; margin: 0; border-collapse: collapse; border-bottom: 1px solid #e5e5e5;}\n" +
".keyword_list table {margin-left: 25px;}\n" +
"table th {display: table-cell; text-align: left; padding: 8px 16px; background: #e5e5e5; color: #777; font-size: 11px; text-shadow: #e9f9fd 0 1px 0; border-top: 1px solid #dedede; border-bottom: 2px solid #dedede;}\n" +
"table td {display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif; max-width: 500px; min-width: 125px; word-break: break-all; overflow: auto;}\n" +
"table tr:nth-child(even) td {background: #f3f3f3;}";
out.write(css);
} catch (FileNotFoundException ex) {
logger.log(Level.SEVERE, "Could not find index.css file to write to.");
@ -273,7 +324,7 @@ public class ReportHTML implements ReportModule {
Writer out = null;
try {
out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(folder + "index.html"), "UTF-8"));
out.write("<head>\n" + CSS + "<title>Report for " + currentCase.getName() + "</title>\n" + "</head>\n");
out.write("<head>\n" + CSS + "<title>Autopsy Report for case " + currentCase.getName() + "</title>\n" + "</head>\n");
StringBuilder index = new StringBuilder();
index.append("<frameset cols=\"300px,*\">\n");
@ -314,12 +365,9 @@ public class ReportHTML implements ReportModule {
out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(folder + "nav.html"), "UTF-8"));
out.write(generateHead("Report Navigation"));
StringBuilder nav = new StringBuilder();
nav.append("<h2>Report Navigation</h2>\n");
nav.append("<div id=\"content\">\n<h1>Report Navigation</h1>\n");
nav.append("<ul class=\"nav\">\n");
nav.append("<li><a href=\"summary.html\" target=\"content\">Case Summary</a></li>\n");
//if(countGeneral > 0) {
// nav.append("<a href=\"general.html\" target=\"content\">General Information (").append(countGeneral).append(")</a><br />\n");
//}
if(countBookmarks > 0) {
nav.append("<li><a href=\"bookmarks.html\" target=\"content\">Web Bookmarks (").append(countBookmarks).append(")</a></li>\n");
}
@ -332,6 +380,9 @@ public class ReportHTML implements ReportModule {
if(countDownloads > 0) {
nav.append("<li><a href=\"downloads.html\" target=\"content\">Web Downloads (").append(countDownloads).append(")</a></li>\n");
}
if(countSearch > 0) {
nav.append("<li><a href=\"search.html\" target=\"content\">Web Search Queries (").append(countSearch).append(")</a></li>\n");
}
if(countRecent > 0) {
nav.append("<li><a href=\"recent.html\" target=\"content\">Recent Documents (").append(countRecent).append(")</a></li>\n");
}
@ -350,12 +401,6 @@ public class ReportHTML implements ReportModule {
if(countDevices > 0) {
nav.append("<li><a href=\"devices.html\" target=\"content\">Devices Attached (").append(countDevices).append(")</a></li>\n");
}
//if(countEmails > 0) {
// nav.append("<li><a href=\"emails.html\" target=\"content\">Emails (").append(countEmails).append(")</a></li>\n");
//}
if(countSearch > 0) {
nav.append("<li><a href=\"search.html\" target=\"content\">Web Search Queries (").append(countSearch).append(")</a></li>\n");
}
if(countExif > 0) {
nav.append("<li><a href=\"exif.html\" target=\"content\">Exif Metadata (").append(countExif).append(")</a></li>\n");
}
@ -400,31 +445,33 @@ public class ReportHTML implements ReportModule {
String examiner = currentCase.getExaminer();
String number = currentCase.getNumber();
Integer imagecount = currentCase.getImageIDs().length;
Integer filesystemcount = currentCase.getRootObjectsCount();
Integer totalfiles = 0;
Integer totaldirs = 0;
try {
totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR);
totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG);
} catch (TskException ex) {
logger.log(Level.WARNING, "Could not get FsContentType counts from TSK ", ex);
}
StringBuilder summary = new StringBuilder();
if (IngestManager.getDefault().isIngestRunning() || IngestManager.getDefault().areModulesRunning()) {
summary.append(INGEST_WARNING);
}
summary.append("<h3>Report for Case: ").append(caseName).append("</h3>\n");
summary.append("<p>HTML Report Generated by <strong>Autopsy 3</strong> on ").append(datetime).append("\n");
summary.append("<ul>\n");
summary.append("<li>Examiner: ").append(examiner).append("</li>\n");
summary.append("<li>Number: ").append(number).append("</li>\n");
summary.append("<li># of Images: ").append(imagecount).append("</li>\n");
summary.append("<li>FileSystems: ").append(filesystemcount).append("</li>\n");
summary.append("<li># of Files: ").append(totalfiles.toString()).append("</li>\n");
summary.append("<li># of Dirs: ").append(totaldirs.toString()).append("</li>\n");
summary.append("<li># of Artifacts: ").append(reportSize).append("</li>\n");
summary.append("</ul>\n");
summary.append("<div id=\"content\"><h3>Report for Case: ").append(caseName).append("</h3>\n");
summary.append("<p>HTML Report Generated by Autopsy 3 on ").append(datetime).append("</p>\n");
summary.append("<p>Examiner: ").append(examiner.isEmpty()? "<i>No examiner</i>" : examiner).append("</p>\n");
summary.append("<p>Case Number: ").append(number.isEmpty() ? "<i>No case number</i>" : number).append("</p>\n");
summary.append("<p># of Images: ").append(imagecount).append("</p>\n");
try {
Image[] images = new Image[imagecount];
for(int i=0; i<imagecount; i++) {
images[i] = skCase.getImageById(currentCase.getImageIDs()[i]);
}
for(Image img : images) {
summary.append("<ul><li>").append(img.getName()).append(":\n");
summary.append("<ul>\n<li>Timezone: ").append(img.getTimeZone()).append("</li>\n");
for(String path : img.getPaths()) {
summary.append("<li>Image Path: ").append(path).append("</li>\n");
}
summary.append("</ul>\n</ul>\n</li>\n");
}
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Unable to get image information for the HTML report.");
}
out.write(summary.toString());
out.write(HTML_FOOT);
} catch (FileNotFoundException ex) {
@ -504,8 +551,8 @@ public class ReportHTML implements ReportModule {
// Write the HTML title
out.write(generateHead("Web Bookmark Artifacts (" + countBookmarks + ")"));
// Write the title for the artifact and the top of the table
String title = "<h3>Web Bookmarks (" + countBookmarks + ")</h3>\n";
String tableHeader = getTableHead("URL", "Title", "Program", "Path");
String title = "<div id=\"header\">Web Bookmarks (" + countBookmarks + ")</div>\n<div id=\"content\">\n";
String tableHeader = getTableHead("URL", "Title", "Date Accessed", "Program", "Source File");
out.write(title);
out.write(tableHeader);
@ -523,6 +570,7 @@ public class ReportHTML implements ReportModule {
row.append("<tr>\n");
row.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID())).append("</td>\n");
row.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID())).append("</td>\n");
row.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID())).append("</td>\n");
row.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())).append("</td>\n");
row.append("<td>").append(file !=null ? file.getUniquePath() : "").append("</td>\n");
row.append("</tr>\n");
@ -560,8 +608,8 @@ public class ReportHTML implements ReportModule {
try {
out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(folder + "cookies.html"), "UTF-8"));
out.write(generateHead("Web Cookie Artifacts (" + countCookies + ")"));
String title = "<h3>Web Cookies (" + countCookies + ")</h3>\n";
String tableHeader = getTableHead("URL", "Date", "Name", "Value", "Program", "Path");
String title = "<div id=\"header\">Web Cookies (" + countCookies + ")</div>\n<div id=\"content\">\n";
String tableHeader = getTableHead("URL", "Date/Time", "Name", "Value", "Program", "Source File");
out.write(title);
out.write(tableHeader);
@ -613,8 +661,8 @@ public class ReportHTML implements ReportModule {
try {
out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(folder + "history.html"), "UTF-8"));
out.write(generateHead("Web History Artifacts (" + countHistory + ")"));
String title = "<h3>Web History (" + countHistory + ")</h3>\n";
String tableHeader = getTableHead("URL", "Date", "Referrer", "Name", "Program", "Path");
String title = "<div id=\"header\">Web History (" + countHistory + ")</div>\n<div id=\"content\">\n";
String tableHeader = getTableHead("URL", "Date Accessed", "Referrer", "Name", "Program", "Source File");
out.write(title);
out.write(tableHeader);
@ -665,8 +713,8 @@ public class ReportHTML implements ReportModule {
try {
out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(folder + "downloads.html"), "UTF-8"));
out.write(generateHead("Web Download Artifacts (" + countDownloads + ")"));
String title = "<h3>Web Downloads (" + countDownloads + ")</h3>\n";
String tableHeader = getTableHead("URL", "Source", "Time", "Program", "Path");
String title = "<div id=\"header\">Web Downloads (" + countDownloads + ")</div>\n<div id=\"content\">\n";
String tableHeader = getTableHead("URL", "Source URL", "Date Accessed", "Program", "Source File");
out.write(title);
out.write(tableHeader);
@ -716,8 +764,8 @@ public class ReportHTML implements ReportModule {
try {
out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(folder + "recent.html"), "UTF-8"));
out.write(generateHead("Recent Document Artifacts (" + countRecent + ")"));
String title = "<h3>Recent Documents (" + countRecent + ")</h3>\n";
String tableHeader = getTableHead("Name", "Related Shortcut", "Path");
String title = "<div id=\"header\">Recent Documents (" + countRecent + ")</div>\n<div id=\"content\">\n";
String tableHeader = getTableHead("Path", "Source File");
out.write(title);
out.write(tableHeader);
@ -729,8 +777,7 @@ public class ReportHTML implements ReportModule {
TreeMap<Integer, String> attributes = getAttributes(entry.getValue());
StringBuilder row = new StringBuilder();
row.append("<tr>\n");
row.append("<td><strong>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID())).append("</strong></td>\n");
row.append("<td>").append(file !=null ? file.getName() : "").append("</td>\n");
row.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH.getTypeID())).append("</td>\n");
row.append("<td>").append(file !=null ? file.getUniquePath() : "").append("</td>\n");
row.append("</tr>\n");
out.write(row.toString());
@ -765,8 +812,8 @@ public class ReportHTML implements ReportModule {
try {
out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(folder + "trackpoint.html"), "UTF-8"));
out.write(generateHead("Track Point Artifacts (" + countTrackpoint + ")"));
String title = "<h3>Track Points (" + countTrackpoint + ")</h3>\n";
String tableHeader = getTableHead("Object ID", "Name", "Size", "Path");
String title = "<div id=\"header\">Track Points (" + countTrackpoint + ")</div>\n<div id=\"content\">\n";
String tableHeader = getTableHead("Object ID", "Name", "Size", "Source File");
out.write(title);
out.write(tableHeader);
@ -779,7 +826,7 @@ public class ReportHTML implements ReportModule {
StringBuilder row = new StringBuilder();
row.append("<tr>\n");
row.append("<td>").append(objId.toString()).append("</td>\n");
row.append("<td><strong>").append(file != null ? file.getName().toString() : "").append("</strong></td>\n");
row.append("<td>").append(file != null ? file.getName().toString() : "").append("</td>\n");
row.append("<td>").append(fileSize.toString()).append("</td>\n");
row.append("<td>").append(file !=null ? file.getUniquePath() : "").append("</td>\n");
row.append("</tr>\n");
@ -815,8 +862,8 @@ public class ReportHTML implements ReportModule {
try {
out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(folder + "installed.html"), "UTF-8"));
out.write(generateHead("Installed Program Artifacts (" + countInstalled + ")"));
String title = "<h3>Installed Programs (" + countInstalled + ")</h3>\n";
String tableHeader = getTableHead("Program Name", "Install Date/Time", "Path");
String title = "<div id=\"header\">Installed Programs (" + countInstalled + ")</div>\n<div id=\"content\">\n";
String tableHeader = getTableHead("Program Name", "Install Date/Time", "Source File");
out.write(title);
out.write(tableHeader);
@ -828,7 +875,7 @@ public class ReportHTML implements ReportModule {
TreeMap<Integer, String> attributes = getAttributes(entry.getValue());
StringBuilder row = new StringBuilder();
row.append("<tr>\n");
row.append("<td><strong>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())).append("</strong></td>\n");
row.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())).append("</td>\n");
row.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID())).append("</td>\n");
row.append("<td>").append(file !=null ? file.getUniquePath() : "").append("</td>\n");
row.append("</tr>\n");
@ -898,8 +945,8 @@ public class ReportHTML implements ReportModule {
try {
out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(folder + "devices.html"), "UTF-8"));
out.write(generateHead("Attached Device Artifacts (" + countDevices + ")"));
String title = "<h3>Attached Devices (" + countDevices + ")</h3>\n";
String tableHeader = getTableHead("Name", "Serial #", "Time", "Path");
String title = "<div id=\"header\">Attached Devices (" + countDevices + ")</div>\n<div id=\"content\">\n";
String tableHeader = getTableHead("Name", "Device ID", "Date/Time", "Source File");
out.write(title);
out.write(tableHeader);
@ -911,7 +958,7 @@ public class ReportHTML implements ReportModule {
TreeMap<Integer, String> attributes = getAttributes(entry.getValue());
StringBuilder row = new StringBuilder();
row.append("<tr>\n");
row.append("<td><strong>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID())).append("</strong></td>\n");
row.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID())).append("</td>\n");
row.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_ID.getTypeID())).append("</td>\n");
row.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID())).append("</td>\n");
row.append("<td>").append(file !=null ? file.getUniquePath() : "").append("</td>\n");
@ -948,8 +995,8 @@ public class ReportHTML implements ReportModule {
try {
out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(folder + "search.html"), "UTF-8"));
out.write(generateHead("Web Search Query Artifacts (" + countSearch + ")"));
String title = "<h3>Web Search Queries (" + countSearch + ")</h3>\n";
String tableHeader = getTableHead("Program Name", "Domain", "Text", "Last Modified", "Path");
String title = "<div id=\"header\">Web Search Queries (" + countSearch + ")</div>\n<div id=\"content\">\n";
String tableHeader = getTableHead("Text", "Domain", "Date Accessed", "Program Name", "Source File");
out.write(title);
out.write(tableHeader);
@ -961,10 +1008,10 @@ public class ReportHTML implements ReportModule {
TreeMap<Integer, String> attributes = getAttributes(entry.getValue());
StringBuilder row = new StringBuilder();
row.append("<tr>\n");
row.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())).append("</td>\n");
row.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID())).append("</td>\n");
row.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT.getTypeID())).append("</td>\n");
row.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID())).append("</td>\n");
row.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID())).append("</td>\n");
row.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())).append("</td>\n");
row.append("<td>").append(file !=null ? file.getUniquePath() : "").append("</td>\n");
row.append("</tr>\n");
out.write(row.toString());
@ -999,8 +1046,8 @@ public class ReportHTML implements ReportModule {
try {
out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(folder + "exif.html"), "UTF-8"));
out.write(generateHead("Exif Metadata Artifacts (" + countExif + ")"));
String title = "<h3>Exif Metadata (" + countExif + ")</h3>\n";
String tableHeader = getTableHead("File Name", "Date Taken", "Device Manufacturer", "Device Model", "Latitude", "Longitude", "Altitude", "Path");
String title = "<div id=\"header\">Exif Metadata (" + countExif + ")</div>\n<div id=\"content\">\n";
String tableHeader = getTableHead("File Name", "Date Taken", "Device Manufacturer", "Device Model", "Latitude", "Longitude", "Source File");
out.write(title);
out.write(tableHeader);
@ -1018,7 +1065,6 @@ public class ReportHTML implements ReportModule {
row.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID())).append("</td>\n");
row.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE.getTypeID())).append("</td>\n");
row.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE.getTypeID())).append("</td>\n");
row.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_ALTITUDE.getTypeID())).append("</td>\n");
row.append("<td>").append(file !=null ? file.getUniquePath() : "").append("</td>\n");
row.append("</tr>\n");
out.write(row.toString());
@ -1053,8 +1099,8 @@ public class ReportHTML implements ReportModule {
try {
out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(folder + "filebookmarks.html"), "UTF-8"));
out.write(generateHead("File Bookmarks (" + countFileBookmarks + ")"));
String title = "<h3>File Bookmarks (" + countFileBookmarks + ")</h3>\n";
String tableHeader = getTableHead("Comment", "File Name", "Path");
String title = "<div id=\"header\">File Bookmarks (" + countFileBookmarks + ")</div>\n<div id=\"content\">\n";
String tableHeader = getTableHead("Comment", "File Name", "Source File");
out.write(title);
out.write(tableHeader);
@ -1113,12 +1159,12 @@ public class ReportHTML implements ReportModule {
writeCookie(path);
writeHistory(path);
writeDownload(path);
writeSearch(path);
writeRecent(path);
writeTrackpoint(path);
writeInstalled(path);
writeKeyword(path);
writeDevice(path);
writeSearch(path);
writeExif(path);
writeFileBookmarks(path);
}
@ -1148,6 +1194,10 @@ public class ReportHTML implements ReportModule {
@Override
public void getPreview(String path) {
BrowserControl.openUrl(path);
try {
Desktop.getDesktop().open(new File(path));
} catch (IOException ex) {
Exceptions.printStackTrace(ex);
}
}
}