mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 07:56:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #399 from jawallace/encryption

Browse Source 
Encryption
This commit is contained in:
Richard Cordovano 2013-12-20 13:23:11 -08:00
commit c62923ecd5
5 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Core/src/org/sleuthkit/autopsy/datamodel/ArtifactTypeNode.java
View File

@ -124,6 +124,8 @@ public class ArtifactTypeNode extends DisplayableItemNode {
return "gps-search.png";
case TSK_SERVICE_ACCOUNT:
return "account-icon-16.png";
case TSK_ENCRYPTION_DETECTED:
return "encrypted-file.png";
}
return "artifact-icon.png";
}

2
Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java
View File

@ -349,6 +349,8 @@ public class BlackboardArtifactNode extends DisplayableItemNode {
return "gps-search.png";
case TSK_SERVICE_ACCOUNT:
return "account-icon-16.png";
case TSK_ENCRYPTION_DETECTED:
return "encrypted-file.png";
}
return "artifact-icon.png";

BIN
Core/src/org/sleuthkit/autopsy/images/encrypted-file.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 801 B

7
Core/src/org/sleuthkit/autopsy/report/ReportGenerator.java
View File

@ -1016,6 +1016,9 @@ public class ReportGenerator {
case TSK_TOOL_OUTPUT:
columnHeaders = new ArrayList<>(Arrays.asList(new String[] {"Program Name", "Text", "Source File"}));
break;
case TSK_ENCRYPTION_DETECTED:
columnHeaders = new ArrayList<>(Arrays.asList(new String[] {"Name", "Source File"}));
break;
default:
return null;
}
@ -1340,6 +1343,10 @@ public class ReportGenerator {
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_TEXT.getTypeID()));
orderedRowData.add(getFileUniquePath(getObjectID()));
break;
case TSK_ENCRYPTION_DETECTED:
orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_NAME.getTypeID()));
orderedRowData.add(getFileUniquePath(getObjectID()));
break;
}
orderedRowData.add(makeCommaSeparatedList(getTags()));

9
SevenZip/src/org/sleuthkit/autopsy/sevenzip/SevenZipIngestModule.java
View File

@ -51,6 +51,7 @@ import org.sleuthkit.autopsy.ingest.PipelineContext;
import org.sleuthkit.autopsy.ingest.IngestMessage;
import org.sleuthkit.autopsy.ingest.IngestMonitor;
import org.sleuthkit.autopsy.ingest.ModuleContentEvent;
import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
@ -553,11 +554,9 @@ public final class SevenZipIngestModule extends IngestModuleAbstractFile {
if (hasEncrypted) {
String encryptionType = fullEncryption ? ENCRYPTION_FULL : ENCRYPTION_FILE_LEVEL;
try {
BlackboardArtifact generalInfo = archiveFile.getGenInfoArtifact();
generalInfo.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_ENCRYPTION_DETECTED.getTypeID(),
MODULE_NAME, encryptionType));
//@@@ We don't fire here because GEN_INFO isn't displayed in the tree.... Need to address how these should be displayed
//services.fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, BlackboardArtifact.ARTIFACT_TYPE.TSK_METADATA_EXIF));
BlackboardArtifact artifact = archiveFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED);
artifact.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), MODULE_NAME, encryptionType));
services.fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED));
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error creating blackboard artifact for encryption detected for file: " + archiveFile, ex);
}