From 6fc9e6f7702396ede98cd22dea955428ffe55911 Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Wed, 26 Jun 2019 16:38:43 -0400 Subject: [PATCH 01/12] Skip "Network Drive" --- .../autopsy/logicalimager/dsp/LogicalImagerPanel.form | 4 ++-- .../autopsy/logicalimager/dsp/LogicalImagerPanel.java | 7 +++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.form b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.form index 43a8e0f1ca..45a18167ac 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.form +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.form @@ -72,7 +72,7 @@ - + @@ -89,7 +89,7 @@ - + diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java index 880259f95a..82df64a022 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java @@ -258,7 +258,7 @@ final class LogicalImagerPanel extends JPanel implements DocumentListener { .addGroup(layout.createSequentialGroup() .addContainerGap() .addComponent(jScrollPane1, javax.swing.GroupLayout.PREFERRED_SIZE, 568, javax.swing.GroupLayout.PREFERRED_SIZE))) - .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)) + .addContainerGap(66, Short.MAX_VALUE)) ); layout.setVerticalGroup( layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) @@ -272,7 +272,7 @@ final class LogicalImagerPanel extends JPanel implements DocumentListener { .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addComponent(imageScrollPane, javax.swing.GroupLayout.PREFERRED_SIZE, 0, Short.MAX_VALUE) - .addComponent(driveListScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 106, Short.MAX_VALUE)) + .addComponent(driveListScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 379, Short.MAX_VALUE)) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) .addComponent(refreshButton) .addGap(18, 18, 18) @@ -482,6 +482,9 @@ final class LogicalImagerPanel extends JPanel implements DocumentListener { int i = 0; for (File root : roots) { String description = FileSystemView.getFileSystemView().getSystemTypeDescription(root); + if ("Network Drive".equalsIgnoreCase(description)) { + continue; // skip network drive + } long spaceInBytes = root.getTotalSpace(); String sizeWithUnit = DriveListUtils.humanReadableByteCount(spaceInBytes, false); listData.add(root + " (" + description + ") (" + sizeWithUnit + ")"); From cdedb0a6afced83876b9a9a034f5d997da2a9dcb Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Wed, 26 Jun 2019 16:39:35 -0400 Subject: [PATCH 02/12] Revert "Skip "Network Drive"" This reverts commit 6fc9e6f7702396ede98cd22dea955428ffe55911. --- .../autopsy/logicalimager/dsp/LogicalImagerPanel.form | 4 ++-- .../autopsy/logicalimager/dsp/LogicalImagerPanel.java | 7 ++----- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.form b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.form index 45a18167ac..43a8e0f1ca 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.form +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.form @@ -72,7 +72,7 @@ - + @@ -89,7 +89,7 @@ - + diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java index 82df64a022..880259f95a 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java @@ -258,7 +258,7 @@ final class LogicalImagerPanel extends JPanel implements DocumentListener { .addGroup(layout.createSequentialGroup() .addContainerGap() .addComponent(jScrollPane1, javax.swing.GroupLayout.PREFERRED_SIZE, 568, javax.swing.GroupLayout.PREFERRED_SIZE))) - .addContainerGap(66, Short.MAX_VALUE)) + .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)) ); layout.setVerticalGroup( layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) @@ -272,7 +272,7 @@ final class LogicalImagerPanel extends JPanel implements DocumentListener { .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addComponent(imageScrollPane, javax.swing.GroupLayout.PREFERRED_SIZE, 0, Short.MAX_VALUE) - .addComponent(driveListScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 379, Short.MAX_VALUE)) + .addComponent(driveListScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 106, Short.MAX_VALUE)) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) .addComponent(refreshButton) .addGap(18, 18, 18) @@ -482,9 +482,6 @@ final class LogicalImagerPanel extends JPanel implements DocumentListener { int i = 0; for (File root : roots) { String description = FileSystemView.getFileSystemView().getSystemTypeDescription(root); - if ("Network Drive".equalsIgnoreCase(description)) { - continue; // skip network drive - } long spaceInBytes = root.getTotalSpace(); String sizeWithUnit = DriveListUtils.humanReadableByteCount(spaceInBytes, false); listData.add(root + " (" + description + ") (" + sizeWithUnit + ")"); From e4e0a773197a93fd65709dfa5447a57f4320b442 Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Thu, 27 Jun 2019 10:20:16 -0400 Subject: [PATCH 03/12] Skip network drrive --- .../autopsy/logicalimager/dsp/LogicalImagerPanel.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java index 880259f95a..08f005c768 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java @@ -482,6 +482,9 @@ final class LogicalImagerPanel extends JPanel implements DocumentListener { int i = 0; for (File root : roots) { String description = FileSystemView.getFileSystemView().getSystemTypeDescription(root); + if ("Network Drive".equalsIgnoreCase(description)) { // NON-NLS + continue; + } long spaceInBytes = root.getTotalSpace(); String sizeWithUnit = DriveListUtils.humanReadableByteCount(spaceInBytes, false); listData.add(root + " (" + description + ") (" + sizeWithUnit + ")"); From 394ab8e2be9841f03ada414f8f8995c6b694eb92 Mon Sep 17 00:00:00 2001 From: Kelly Kelly Date: Thu, 27 Jun 2019 13:55:54 -0400 Subject: [PATCH 04/12] sorted the threads and messages by time, added subject for text messages. --- .../MessagesChildNodeFactory.java | 81 +++++++++++++++++- .../relationships/ThreadChildNodeFactory.java | 82 ++++++++++++++++++- .../relationships/ThreadNode.java | 42 +++++++++- 3 files changed, 198 insertions(+), 7 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/communications/relationships/MessagesChildNodeFactory.java b/Core/src/org/sleuthkit/autopsy/communications/relationships/MessagesChildNodeFactory.java index 5039ce225e..7ff5eec315 100755 --- a/Core/src/org/sleuthkit/autopsy/communications/relationships/MessagesChildNodeFactory.java +++ b/Core/src/org/sleuthkit/autopsy/communications/relationships/MessagesChildNodeFactory.java @@ -18,17 +18,17 @@ */ package org.sleuthkit.autopsy.communications.relationships; +import java.util.Comparator; import java.util.List; import java.util.Set; import java.util.logging.Level; import org.openide.nodes.ChildFactory; import org.openide.nodes.Node; -import org.sleuthkit.autopsy.casemodule.Case; -import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardAttribute; -import org.sleuthkit.datamodel.CommunicationsManager; +import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME; +import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START; import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.TskCoreException; @@ -123,6 +123,8 @@ public class MessagesChildNodeFactory extends ChildFactory{ } catch (TskCoreException ex) { logger.log(Level.SEVERE, "Failed to load artifacts for relationship sources.", ex); //NON-NLS } + + list.sort(new DateComparator()); return true; } @@ -132,4 +134,77 @@ public class MessagesChildNodeFactory extends ChildFactory{ return new MessageNode(key, null, null); } + /** + * A comparator class for comparing BlackboardArtifacts of type + * TSK_EMAIL_MSG, TSK_MESSAGE, and TSK_CALLLOG by their respective creation + * date-time. + */ + class DateComparator implements Comparator { + @Override + public int compare(BlackboardArtifact bba1, BlackboardArtifact bba2) { + + BlackboardAttribute attribute1 = null; + BlackboardAttribute attribute2 = null; + // Inializing to Long.MAX_VALUE so that if a BlackboardArtifact of + // any unexpected type is passed in, it will bubble to the top of + // the list. + long dateTime1 = Long.MAX_VALUE; + long dateTime2 = Long.MAX_VALUE; + + if (bba1 != null) { + BlackboardArtifact.ARTIFACT_TYPE fromID = BlackboardArtifact.ARTIFACT_TYPE.fromID(bba1.getArtifactTypeID()); + if (fromID != null) { + try { + switch (fromID) { + case TSK_EMAIL_MSG: + attribute1 = bba1.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_SENT)); + + break; + case TSK_MESSAGE: + attribute1 = bba1.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME)); + + break; + case TSK_CALLLOG: + attribute1 = bba1.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START)); + + break; + } + } catch (TskCoreException ex) { + logger.log(Level.WARNING, String.format("Unable to compare attributes for artifact %d", bba1.getArtifactID()), ex); + } + } + } + + if (bba2 != null) { + BlackboardArtifact.ARTIFACT_TYPE fromID = BlackboardArtifact.ARTIFACT_TYPE.fromID(bba2.getArtifactTypeID()); + if (fromID != null) { + try { + switch (fromID) { + case TSK_EMAIL_MSG: + attribute2 = bba2.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_SENT)); + break; + case TSK_MESSAGE: + attribute2 = bba2.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME)); + break; + case TSK_CALLLOG: + attribute2 = bba2.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START)); + break; + } + } catch (TskCoreException ex) { + logger.log(Level.WARNING, String.format("Unable to compare attributes for artifact %d", bba2.getArtifactID()), ex); + } + } + } + + if (attribute1 != null) { + dateTime1 = attribute1.getValueLong(); + } + + if (attribute2 != null) { + dateTime2 = attribute2.getValueLong(); + } + + return Long.compare(dateTime1, dateTime2); + } + } } diff --git a/Core/src/org/sleuthkit/autopsy/communications/relationships/ThreadChildNodeFactory.java b/Core/src/org/sleuthkit/autopsy/communications/relationships/ThreadChildNodeFactory.java index 1cf987d132..b49b48991f 100755 --- a/Core/src/org/sleuthkit/autopsy/communications/relationships/ThreadChildNodeFactory.java +++ b/Core/src/org/sleuthkit/autopsy/communications/relationships/ThreadChildNodeFactory.java @@ -18,6 +18,7 @@ */ package org.sleuthkit.autopsy.communications.relationships; +import java.util.Comparator; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -29,13 +30,10 @@ import org.openide.nodes.ChildFactory; import org.openide.nodes.Children; import org.openide.nodes.Node; import org.openide.nodes.Sheet; -import org.sleuthkit.autopsy.casemodule.Case; -import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.datamodel.NodeProperty; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardAttribute; -import org.sleuthkit.datamodel.CommunicationsManager; import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.TskCoreException; @@ -160,6 +158,8 @@ final class ThreadChildNodeFactory extends ChildFactory { for(BlackboardArtifact bba: rootMessageMap.values()) { list.add(bba); } + + list.sort(new ThreadDateComparator()); return true; } @@ -242,4 +242,80 @@ final class ThreadChildNodeFactory extends ChildFactory { return sheet; } } + + /** + * A comparator class for comparing BlackboardArtifacts of type + * TSK_EMAIL_MSG, TSK_MESSAGE, and TSK_CALLLOG by their respective creation + * date-time. + * + * Nodes will be sorted newest to oldest. + */ + class ThreadDateComparator implements Comparator { + + @Override + public int compare(BlackboardArtifact bba1, BlackboardArtifact bba2) { + BlackboardAttribute attribute1 = null; + BlackboardAttribute attribute2 = null; + // Inializing to Long.MAX_VALUE so that if a BlackboardArtifact of + // any unexpected type is passed in, it will bubble to the top of + // the list. + long dateTime1 = Long.MAX_VALUE; + long dateTime2 = Long.MAX_VALUE; + + if (bba1 != null) { + BlackboardArtifact.ARTIFACT_TYPE fromID = BlackboardArtifact.ARTIFACT_TYPE.fromID(bba1.getArtifactTypeID()); + if (fromID != null) { + try { + switch (fromID) { + case TSK_EMAIL_MSG: + attribute1 = bba1.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_SENT)); + + break; + case TSK_MESSAGE: + attribute1 = bba1.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME)); + + break; + case TSK_CALLLOG: + attribute1 = bba1.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START)); + + break; + } + } catch (TskCoreException ex) { + logger.log(Level.WARNING, String.format("Unable to compare attributes for artifact %d", bba1.getArtifactID()), ex); + } + } + } + + if (bba2 != null) { + BlackboardArtifact.ARTIFACT_TYPE fromID = BlackboardArtifact.ARTIFACT_TYPE.fromID(bba2.getArtifactTypeID()); + if (fromID != null) { + try { + switch (fromID) { + case TSK_EMAIL_MSG: + attribute2 = bba2.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_SENT)); + break; + case TSK_MESSAGE: + attribute2 = bba2.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME)); + break; + case TSK_CALLLOG: + attribute2 = bba2.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START)); + break; + } + } catch (TskCoreException ex) { + logger.log(Level.WARNING, String.format("Unable to compare attributes for artifact %d", bba2.getArtifactID()), ex); + } + } + } + + if (attribute1 != null) { + dateTime1 = attribute1.getValueLong(); + } + + if (attribute2 != null) { + dateTime2 = attribute2.getValueLong(); + } + + return Long.compare(dateTime1, dateTime2) * -1; + } + } } diff --git a/Core/src/org/sleuthkit/autopsy/communications/relationships/ThreadNode.java b/Core/src/org/sleuthkit/autopsy/communications/relationships/ThreadNode.java index 013730a097..2aa7dcfcec 100755 --- a/Core/src/org/sleuthkit/autopsy/communications/relationships/ThreadNode.java +++ b/Core/src/org/sleuthkit/autopsy/communications/relationships/ThreadNode.java @@ -18,11 +18,19 @@ */ package org.sleuthkit.autopsy.communications.relationships; +import java.util.logging.Level; import javax.swing.Action; import org.openide.nodes.AbstractNode; import org.openide.nodes.Children; import org.openide.nodes.Sheet; +import org.openide.util.Exceptions; +import org.sleuthkit.autopsy.coreutils.Logger; +import org.sleuthkit.autopsy.datamodel.NodeProperty; import org.sleuthkit.datamodel.BlackboardArtifact; +import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE; +import org.sleuthkit.datamodel.BlackboardAttribute; +import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT; +import org.sleuthkit.datamodel.TskCoreException; /** * An AbstractNode subclass which wraps a MessageNode object. Doing this allows @@ -31,6 +39,10 @@ import org.sleuthkit.datamodel.BlackboardArtifact; */ final class ThreadNode extends AbstractNode{ + private static final Logger logger = Logger.getLogger(ThreadNode.class.getName()); + + final static int MAX_SUBJECT_LENGTH = 120; + final private MessageNode messageNode; ThreadNode(BlackboardArtifact artifact, String threadID, Action preferredAction) { @@ -41,7 +53,35 @@ final class ThreadNode extends AbstractNode{ @Override protected Sheet createSheet() { - return messageNode.createSheet(); + Sheet sheet = messageNode.createSheet(); + + BlackboardArtifact artifact = messageNode.getArtifact(); + if(artifact != null) { + BlackboardArtifact.ARTIFACT_TYPE artifactTypeID = BlackboardArtifact.ARTIFACT_TYPE.fromID(artifact.getArtifactTypeID()); + + // If its a text message, replace the subject node which is probably + // an empty string with the firest 120 characters of the text message + if(artifactTypeID != null && artifactTypeID == TSK_MESSAGE) { + try { + BlackboardAttribute attribute = artifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.fromID(TSK_TEXT.getTypeID()))); + if(attribute != null) { + Sheet.Set sheetSet = sheet.get(Sheet.PROPERTIES); + sheetSet.remove("Subject"); + + String msg = attribute.getDisplayString(); + if(msg != null && msg.length() > MAX_SUBJECT_LENGTH) { + msg = msg.substring(0, MAX_SUBJECT_LENGTH) + "..."; + } + + sheetSet.put(new NodeProperty<>("Subject", Bundle.MessageNode_Node_Property_Subject(), "", msg)); //NON-NLS + } + } catch (TskCoreException ex) { + logger.log(Level.WARNING, String.format("Unable to get the text message from message artifact %d", artifact.getId()), ex); + } + } + } + + return sheet; } String getThreadID() { From 8386a7d216064b295ce557e86965d561ac15880e Mon Sep 17 00:00:00 2001 From: Kelly Kelly Date: Thu, 27 Jun 2019 14:21:00 -0400 Subject: [PATCH 05/12] Using the newest text to represent the thread --- .../relationships/ThreadChildNodeFactory.java | 44 +++++++++++++++---- 1 file changed, 35 insertions(+), 9 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/communications/relationships/ThreadChildNodeFactory.java b/Core/src/org/sleuthkit/autopsy/communications/relationships/ThreadChildNodeFactory.java index b49b48991f..9e0a8fcc26 100755 --- a/Core/src/org/sleuthkit/autopsy/communications/relationships/ThreadChildNodeFactory.java +++ b/Core/src/org/sleuthkit/autopsy/communications/relationships/ThreadChildNodeFactory.java @@ -142,15 +142,41 @@ final class ThreadChildNodeFactory extends ChildFactory { rootMessageMap.put(threadID, bba); } else { // Get the date of the message - BlackboardAttribute tableAttribute = tableArtifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_SENT)); - attribute = bba.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_SENT)); - - // put the earliest message into the table - if(tableAttribute != null - && attribute != null - && tableAttribute.getValueLong() > attribute.getValueLong()) { - rootMessageMap.put(threadID, bba); + BlackboardAttribute tableAttribute = null; + switch(fromID) { + case TSK_EMAIL_MSG: + tableAttribute = tableArtifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_SENT)); + attribute = bba.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_SENT)); + // put the earliest message into the table + if(tableAttribute != null + && attribute != null + && tableAttribute.getValueLong() > attribute.getValueLong()) { + rootMessageMap.put(threadID, bba); + } + break; + case TSK_MESSAGE: + tableAttribute = tableArtifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME)); + attribute = bba.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME)); + // put the earliest message into the table + if(tableAttribute != null + && attribute != null + && tableAttribute.getValueLong() < attribute.getValueLong()) { + rootMessageMap.put(threadID, bba); + } + break; + case TSK_CALLLOG: + tableAttribute = tableArtifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START)); + attribute = bba.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START)); + // put the earliest message into the table + if(tableAttribute != null + && attribute != null + && tableAttribute.getValueLong() > attribute.getValueLong()) { + rootMessageMap.put(threadID, bba); + } + break; } + + } } } @@ -286,7 +312,7 @@ final class ThreadChildNodeFactory extends ChildFactory { } } - if (bba2 != null) { + if (bba1 != null) { BlackboardArtifact.ARTIFACT_TYPE fromID = BlackboardArtifact.ARTIFACT_TYPE.fromID(bba2.getArtifactTypeID()); if (fromID != null) { try { From 082cdc3608c7630926a7bb7bff2df0102aed1184 Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Fri, 28 Jun 2019 14:47:06 -0400 Subject: [PATCH 06/12] language-independent test for network drive --- .../configuration/ConfigVisualPanel1.java | 5 ++- .../logicalimager/dsp/DriveListUtils.java | 38 +++++++++++++++++++ .../logicalimager/dsp/LogicalImagerPanel.java | 4 +- 3 files changed, 44 insertions(+), 3 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel1.java b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel1.java index 1be96b52a2..2765bb1856 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel1.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/ConfigVisualPanel1.java @@ -36,9 +36,9 @@ import java.util.logging.Level; import javax.swing.JFileChooser; import javax.swing.JOptionPane; import javax.swing.JPanel; +import javax.swing.SwingUtilities; import javax.swing.event.DocumentEvent; import javax.swing.event.DocumentListener; -import javax.swing.SwingUtilities; import javax.swing.filechooser.FileFilter; import javax.swing.filechooser.FileNameExtensionFilter; import javax.swing.filechooser.FileSystemView; @@ -251,6 +251,9 @@ final class ConfigVisualPanel1 extends JPanel { int firstRemovableDrive = -1; int i = 0; for (File root : roots) { + if (DriveListUtils.isNetworkDrive(root.toString().replace(":\\", ""))) { + continue; + } String description = FileSystemView.getFileSystemView().getSystemTypeDescription(root); long spaceInBytes = root.getTotalSpace(); String sizeWithUnit = DriveListUtils.humanReadableByteCount(spaceInBytes, false); diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/DriveListUtils.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/DriveListUtils.java index 12b10d3000..7365cdeaaa 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/DriveListUtils.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/DriveListUtils.java @@ -18,6 +18,12 @@ */ package org.sleuthkit.autopsy.logicalimager.dsp; +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStreamReader; +import java.util.Arrays; +import java.util.List; + /** * Utility class for displaying a list of drives */ @@ -48,4 +54,36 @@ public final class DriveListUtils { private DriveListUtils() { //empty private constructor for util class } + + /** Use the command net to determine what this drive is. + * net use will return an error for anything which isn't a share. + */ + public static boolean isNetworkDrive(String driveLetter) { + List cmd = Arrays.asList("cmd", "/c", "net", "use", driveLetter + ":"); + + try { + Process p = new ProcessBuilder(cmd) + .redirectErrorStream(true) + .start(); + + p.getOutputStream().close(); + + StringBuilder consoleOutput = new StringBuilder(); + + String line; + try (BufferedReader in = new BufferedReader(new InputStreamReader(p.getInputStream()))) { + while ((line = in.readLine()) != null) { + consoleOutput.append(line).append("\r\n"); + } + } + + int rc = p.waitFor(); +// System.out.println(consoleOutput); +// System.out.println("rc=" + rc); + return rc == 0; + } catch(IOException | InterruptedException e) { +// throw new IllegalStateException("Unable to run 'net use' on " + driveLetter, e); + return false; // assume not a network drive + } + } } diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java index 08f005c768..d7f4c8b3c1 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/LogicalImagerPanel.java @@ -481,10 +481,10 @@ final class LogicalImagerPanel extends JPanel implements DocumentListener { int firstRemovableDrive = -1; int i = 0; for (File root : roots) { - String description = FileSystemView.getFileSystemView().getSystemTypeDescription(root); - if ("Network Drive".equalsIgnoreCase(description)) { // NON-NLS + if (DriveListUtils.isNetworkDrive(root.toString().replace(":\\", ""))) { continue; } + String description = FileSystemView.getFileSystemView().getSystemTypeDescription(root); long spaceInBytes = root.getTotalSpace(); String sizeWithUnit = DriveListUtils.humanReadableByteCount(spaceInBytes, false); listData.add(root + " (" + description + ") (" + sizeWithUnit + ")"); From ae83782016d270b436194d9a8c08c4c5d5ebd31e Mon Sep 17 00:00:00 2001 From: Kelly Kelly Date: Fri, 28 Jun 2019 17:11:28 -0400 Subject: [PATCH 07/12] updated based on review comments --- .../relationships/MessagesChildNodeFactory.java | 9 ++++----- .../autopsy/communications/relationships/ThreadNode.java | 3 +-- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/communications/relationships/MessagesChildNodeFactory.java b/Core/src/org/sleuthkit/autopsy/communications/relationships/MessagesChildNodeFactory.java index 7ff5eec315..9fddddf221 100755 --- a/Core/src/org/sleuthkit/autopsy/communications/relationships/MessagesChildNodeFactory.java +++ b/Core/src/org/sleuthkit/autopsy/communications/relationships/MessagesChildNodeFactory.java @@ -27,8 +27,6 @@ import org.openide.nodes.Node; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardAttribute; -import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME; -import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START; import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.TskCoreException; @@ -158,16 +156,15 @@ public class MessagesChildNodeFactory extends ChildFactory{ switch (fromID) { case TSK_EMAIL_MSG: attribute1 = bba1.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_SENT)); - break; case TSK_MESSAGE: attribute1 = bba1.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME)); - break; case TSK_CALLLOG: attribute1 = bba1.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START)); - break; + default: + attribute1 = null; } } catch (TskCoreException ex) { logger.log(Level.WARNING, String.format("Unable to compare attributes for artifact %d", bba1.getArtifactID()), ex); @@ -189,6 +186,8 @@ public class MessagesChildNodeFactory extends ChildFactory{ case TSK_CALLLOG: attribute2 = bba2.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START)); break; + default: + attribute2 = null; } } catch (TskCoreException ex) { logger.log(Level.WARNING, String.format("Unable to compare attributes for artifact %d", bba2.getArtifactID()), ex); diff --git a/Core/src/org/sleuthkit/autopsy/communications/relationships/ThreadNode.java b/Core/src/org/sleuthkit/autopsy/communications/relationships/ThreadNode.java index 2aa7dcfcec..9cd12db548 100755 --- a/Core/src/org/sleuthkit/autopsy/communications/relationships/ThreadNode.java +++ b/Core/src/org/sleuthkit/autopsy/communications/relationships/ThreadNode.java @@ -23,7 +23,6 @@ import javax.swing.Action; import org.openide.nodes.AbstractNode; import org.openide.nodes.Children; import org.openide.nodes.Sheet; -import org.openide.util.Exceptions; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.datamodel.NodeProperty; import org.sleuthkit.datamodel.BlackboardArtifact; @@ -41,7 +40,7 @@ final class ThreadNode extends AbstractNode{ private static final Logger logger = Logger.getLogger(ThreadNode.class.getName()); - final static int MAX_SUBJECT_LENGTH = 120; + private final static int MAX_SUBJECT_LENGTH = 120; final private MessageNode messageNode; From 86961a654784a34a91977e2b6fe1d09e8749def6 Mon Sep 17 00:00:00 2001 From: Kelly Kelly Date: Fri, 28 Jun 2019 17:58:18 -0400 Subject: [PATCH 08/12] fixed codacy issue --- .../MessagesChildNodeFactory.java | 2 + .../relationships/ThreadNode.java | 41 ++++++++++--------- 2 files changed, 23 insertions(+), 20 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/communications/relationships/MessagesChildNodeFactory.java b/Core/src/org/sleuthkit/autopsy/communications/relationships/MessagesChildNodeFactory.java index 9fddddf221..2ea076fe0a 100755 --- a/Core/src/org/sleuthkit/autopsy/communications/relationships/MessagesChildNodeFactory.java +++ b/Core/src/org/sleuthkit/autopsy/communications/relationships/MessagesChildNodeFactory.java @@ -165,6 +165,7 @@ public class MessagesChildNodeFactory extends ChildFactory{ break; default: attribute1 = null; + break; } } catch (TskCoreException ex) { logger.log(Level.WARNING, String.format("Unable to compare attributes for artifact %d", bba1.getArtifactID()), ex); @@ -188,6 +189,7 @@ public class MessagesChildNodeFactory extends ChildFactory{ break; default: attribute2 = null; + break; } } catch (TskCoreException ex) { logger.log(Level.WARNING, String.format("Unable to compare attributes for artifact %d", bba2.getArtifactID()), ex); diff --git a/Core/src/org/sleuthkit/autopsy/communications/relationships/ThreadNode.java b/Core/src/org/sleuthkit/autopsy/communications/relationships/ThreadNode.java index 9cd12db548..43e6e82308 100755 --- a/Core/src/org/sleuthkit/autopsy/communications/relationships/ThreadNode.java +++ b/Core/src/org/sleuthkit/autopsy/communications/relationships/ThreadNode.java @@ -52,31 +52,32 @@ final class ThreadNode extends AbstractNode{ @Override protected Sheet createSheet() { - Sheet sheet = messageNode.createSheet(); - BlackboardArtifact artifact = messageNode.getArtifact(); - if(artifact != null) { - BlackboardArtifact.ARTIFACT_TYPE artifactTypeID = BlackboardArtifact.ARTIFACT_TYPE.fromID(artifact.getArtifactTypeID()); + if(artifact == null) { + return messageNode.createSheet() ; + } + + Sheet sheet = messageNode.createSheet(); + BlackboardArtifact.ARTIFACT_TYPE artifactTypeID = BlackboardArtifact.ARTIFACT_TYPE.fromID(artifact.getArtifactTypeID()); - // If its a text message, replace the subject node which is probably - // an empty string with the firest 120 characters of the text message - if(artifactTypeID != null && artifactTypeID == TSK_MESSAGE) { - try { - BlackboardAttribute attribute = artifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.fromID(TSK_TEXT.getTypeID()))); - if(attribute != null) { - Sheet.Set sheetSet = sheet.get(Sheet.PROPERTIES); - sheetSet.remove("Subject"); + // If its a text message, replace the subject node which is probably + // an empty string with the firest 120 characters of the text message + if(artifactTypeID != null && artifactTypeID == TSK_MESSAGE) { + try { + BlackboardAttribute attribute = artifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.fromID(TSK_TEXT.getTypeID()))); + if(attribute != null) { + Sheet.Set sheetSet = sheet.get(Sheet.PROPERTIES); + sheetSet.remove("Subject"); - String msg = attribute.getDisplayString(); - if(msg != null && msg.length() > MAX_SUBJECT_LENGTH) { - msg = msg.substring(0, MAX_SUBJECT_LENGTH) + "..."; - } - - sheetSet.put(new NodeProperty<>("Subject", Bundle.MessageNode_Node_Property_Subject(), "", msg)); //NON-NLS + String msg = attribute.getDisplayString(); + if(msg != null && msg.length() > MAX_SUBJECT_LENGTH) { + msg = msg.substring(0, MAX_SUBJECT_LENGTH) + "..."; } - } catch (TskCoreException ex) { - logger.log(Level.WARNING, String.format("Unable to get the text message from message artifact %d", artifact.getId()), ex); + + sheetSet.put(new NodeProperty<>("Subject", Bundle.MessageNode_Node_Property_Subject(), "", msg)); //NON-NLS } + } catch (TskCoreException ex) { + logger.log(Level.WARNING, String.format("Unable to get the text message from message artifact %d", artifact.getId()), ex); } } From d74e6ec890c9a3b36191c34ed82796c128194ccc Mon Sep 17 00:00:00 2001 From: esaunders Date: Mon, 1 Jul 2019 12:52:23 -0400 Subject: [PATCH 09/12] Switch build type flag to RELEASE. --- nbproject/project.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nbproject/project.properties b/nbproject/project.properties index 5d59189544..0014be6b88 100644 --- a/nbproject/project.properties +++ b/nbproject/project.properties @@ -6,8 +6,8 @@ app.name=${branding.token} ### if left unset, version will default to today's date app.version=4.12.0 ### build.type must be one of: DEVELOPMENT, RELEASE -#build.type=RELEASE -build.type=DEVELOPMENT +build.type=RELEASE +#build.type=DEVELOPMENT project.org.netbeans.progress=org-netbeans-api-progress project.org.sleuthkit.autopsy.experimental=Experimental From 7e2625bb3a9f9a7b91f870f2878fc9cefc75ed79 Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Mon, 1 Jul 2019 13:09:02 -0400 Subject: [PATCH 10/12] Fix megabyte capitalization --- .../logicalimager/configuration/Bundle.properties-MERGED | 2 +- .../logicalimager/configuration/EditNonFullPathsRulePanel.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED index 7ef61a8452..123dfa3b69 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/Bundle.properties-MERGED @@ -76,7 +76,7 @@ EditNonFullPathsRulePanel.modifiedDaysNotPositiveException=Modified days must be EditNonFullPathsRulePanel.units.bytes=Bytes EditNonFullPathsRulePanel.units.gigabytes=Gigabytes EditNonFullPathsRulePanel.units.kilobytes=Kilobytes -EditNonFullPathsRulePanel.units.megabytes=MegaBytes +EditNonFullPathsRulePanel.units.megabytes=Megabytes # {0} - fieldName EditRulePanel.blankLineException={0} cannot have a blank line EditRulePanel.emptyRuleName.message=Rule name cannot be empty diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/EditNonFullPathsRulePanel.java b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/EditNonFullPathsRulePanel.java index a48db9b2c4..22dbe55ca3 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/EditNonFullPathsRulePanel.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/configuration/EditNonFullPathsRulePanel.java @@ -66,7 +66,7 @@ final class EditNonFullPathsRulePanel extends javax.swing.JPanel { "EditNonFullPathsRulePanel.example=Example: ", "EditNonFullPathsRulePanel.units.bytes=Bytes", "EditNonFullPathsRulePanel.units.kilobytes=Kilobytes", - "EditNonFullPathsRulePanel.units.megabytes=MegaBytes", + "EditNonFullPathsRulePanel.units.megabytes=Megabytes", "EditNonFullPathsRulePanel.units.gigabytes=Gigabytes" }) EditNonFullPathsRulePanel(JButton okButton, JButton cancelButton, String ruleName, LogicalImagerRule rule, boolean editing) { From 061c07f14ee4cd4ce51559f0d4dc14a4a9d40b6b Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Mon, 1 Jul 2019 13:36:21 -0400 Subject: [PATCH 11/12] Update DriveListUtils.java --- .../org/sleuthkit/autopsy/logicalimager/dsp/DriveListUtils.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/DriveListUtils.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/DriveListUtils.java index 7365cdeaaa..07aaa4c6d6 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/DriveListUtils.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/DriveListUtils.java @@ -78,8 +78,6 @@ public final class DriveListUtils { } int rc = p.waitFor(); -// System.out.println(consoleOutput); -// System.out.println("rc=" + rc); return rc == 0; } catch(IOException | InterruptedException e) { // throw new IllegalStateException("Unable to run 'net use' on " + driveLetter, e); From e795af5537a45da55d9e4243cd3439cda4df82d1 Mon Sep 17 00:00:00 2001 From: Joe Ho Date: Mon, 1 Jul 2019 13:38:37 -0400 Subject: [PATCH 12/12] Update DriveListUtils.java --- .../org/sleuthkit/autopsy/logicalimager/dsp/DriveListUtils.java | 1 - 1 file changed, 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/DriveListUtils.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/DriveListUtils.java index 07aaa4c6d6..d033d0fdce 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/DriveListUtils.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/DriveListUtils.java @@ -80,7 +80,6 @@ public final class DriveListUtils { int rc = p.waitFor(); return rc == 0; } catch(IOException | InterruptedException e) { -// throw new IllegalStateException("Unable to run 'net use' on " + driveLetter, e); return false; // assume not a network drive } }