mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-13 16:36:15 +00:00
Add all SearchResults.txt items to Interesting Files
This commit is contained in:
Joe Ho
parent
c097e6d0df
commit
c7f9f19f66
@ -53,7 +53,7 @@ import org.sleuthkit.datamodel.TskCoreException;
|
|||||||
*/
|
*/
|
||||||
final class AddLogicalImageTask extends AddMultipleImageTask {
|
final class AddLogicalImageTask extends AddMultipleImageTask {
|
||||||
|
|
||||||
private final static Logger logger = Logger.getLogger(AddLogicalImageTask.class.getName());
|
private final static Logger LOGGER = Logger.getLogger(AddLogicalImageTask.class.getName());
|
||||||
private final static String ALERT_TXT = "alert.txt"; //NON-NLS
|
private final static String ALERT_TXT = "alert.txt"; //NON-NLS
|
||||||
private final static String SEARCH_RESULTS_TXT = "SearchResults.txt"; //NON-NLS
|
private final static String SEARCH_RESULTS_TXT = "SearchResults.txt"; //NON-NLS
|
||||||
private final static String USERS_TXT = "users.txt"; //NON-NLS
|
private final static String USERS_TXT = "users.txt"; //NON-NLS
|
||||||
@ -61,8 +61,8 @@ final class AddLogicalImageTask extends AddMultipleImageTask {
|
|||||||
private final File dest;
|
private final File dest;
|
||||||
private final DataSourceProcessorCallback callback;
|
private final DataSourceProcessorCallback callback;
|
||||||
private final DataSourceProcessorProgressMonitor progressMonitor;
|
private final DataSourceProcessorProgressMonitor progressMonitor;
|
||||||
private Blackboard blackboard;
|
private final Blackboard blackboard;
|
||||||
private Case currentCase;
|
private final Case currentCase;
|
||||||
|
|
||||||
AddLogicalImageTask(String deviceId,
|
AddLogicalImageTask(String deviceId,
|
||||||
List<String> imagePaths,
|
List<String> imagePaths,
|
||||||
@ -89,7 +89,11 @@ final class AddLogicalImageTask extends AddMultipleImageTask {
|
|||||||
"AddLogicalImageTask.doneCopying=Done copying",
|
"AddLogicalImageTask.doneCopying=Done copying",
|
||||||
"# {0} - src", "# {1} - dest", "AddLogicalImageTask.failedToCopyDirectory=Failed to copy directory {0} to {1}",
|
"# {0} - src", "# {1} - dest", "AddLogicalImageTask.failedToCopyDirectory=Failed to copy directory {0} to {1}",
|
||||||
"# {0} - file", "AddLogicalImageTask.addingToReport=Adding {0} to report",
|
"# {0} - file", "AddLogicalImageTask.addingToReport=Adding {0} to report",
|
||||||
"# {0} - file", "AddLogicalImageTask.doneAddingToReport=Done adding {0} to report"
|
"# {0} - file", "AddLogicalImageTask.doneAddingToReport=Done adding {0} to report",
|
||||||
|
"AddLogicalImageTask.addingInterestingFiles=Adding search results as intersting files",
|
||||||
|
"AddLogicalImageTask.doneAddingInterestingFiles=Done adding search results as intersting files",
|
||||||
|
"# {0} - searchResults.txt", "# {1} - alert.txt", "# {2} - directory", "AddLogicalImageTask.cannotFindFiles=Cannot find {0} or {1} in {2}",
|
||||||
|
"# {0} - reason", "AddLogicalImageTask.failedToAddInterestingFiles=Failed to add interesting files: {0}"
|
||||||
})
|
})
|
||||||
@Override
|
@Override
|
||||||
public void run() {
|
public void run() {
|
||||||
@ -104,7 +108,7 @@ final class AddLogicalImageTask extends AddMultipleImageTask {
|
|||||||
// Copy directory failed
|
// Copy directory failed
|
||||||
String msg = Bundle.AddLogicalImageTask_failedToCopyDirectory(src.toString(), dest.toString());
|
String msg = Bundle.AddLogicalImageTask_failedToCopyDirectory(src.toString(), dest.toString());
|
||||||
errorList.add(msg);
|
errorList.add(msg);
|
||||||
logger.log(Level.SEVERE, String.format("Failed to copy directory %s to %s", src.toString(), dest.toString()), ex);
|
LOGGER.log(Level.SEVERE, String.format("Failed to copy directory %s to %s", src.toString(), dest.toString()), ex); // NON-NLS
|
||||||
callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources);
|
callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -116,7 +120,7 @@ final class AddLogicalImageTask extends AddMultipleImageTask {
|
|||||||
} else if (Paths.get(dest.toString(), ALERT_TXT).toFile().exists()) {
|
} else if (Paths.get(dest.toString(), ALERT_TXT).toFile().exists()) {
|
||||||
resultsFilename = ALERT_TXT;
|
resultsFilename = ALERT_TXT;
|
||||||
} else {
|
} else {
|
||||||
errorList.add("Cannot find " + SEARCH_RESULTS_TXT + " or " + ALERT_TXT + " in " + dest.toString());
|
errorList.add(Bundle.AddLogicalImageTask_cannotFindFiles(SEARCH_RESULTS_TXT, ALERT_TXT, dest.toString()));
|
||||||
callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources);
|
callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -141,11 +145,13 @@ final class AddLogicalImageTask extends AddMultipleImageTask {
|
|||||||
super.run();
|
super.run();
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
progressMonitor.setProgressText(Bundle.AddLogicalImageTask_addingInterestingFiles());
|
||||||
addInterestingFiles(src, Paths.get(dest.toString(), resultsFilename));
|
addInterestingFiles(src, Paths.get(dest.toString(), resultsFilename));
|
||||||
|
progressMonitor.setProgressText(Bundle.AddLogicalImageTask_doneAddingInterestingFiles());
|
||||||
} catch (IOException | TskCoreException ex) {
|
} catch (IOException | TskCoreException ex) {
|
||||||
errorList.add("Failed to add interesting files");
|
errorList.add(Bundle.AddLogicalImageTask_failedToAddInterestingFiles(ex.getMessage()));
|
||||||
logger.log(Level.SEVERE, "Failed to add interesting files", ex);
|
LOGGER.log(Level.SEVERE, "Failed to add interesting files", ex); // NON-NLS
|
||||||
callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources);
|
callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.NONCRITICAL_ERRORS, errorList, emptyDataSources);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -170,21 +176,23 @@ final class AddLogicalImageTask extends AddMultipleImageTask {
|
|||||||
return null;
|
return null;
|
||||||
} catch (TskCoreException ex) {
|
} catch (TskCoreException ex) {
|
||||||
String msg = Bundle.AddLogicalImageTask_failedToAddReport(reportPath.toString(), ex.getMessage());
|
String msg = Bundle.AddLogicalImageTask_failedToAddReport(reportPath.toString(), ex.getMessage());
|
||||||
logger.log(Level.SEVERE, String.format("Failed to add report %s. Reason= %s", reportPath.toString(), ex.getMessage()), ex);
|
LOGGER.log(Level.SEVERE, String.format("Failed to add report %s. Reason= %s", reportPath.toString(), ex.getMessage()), ex); // NON-NLS
|
||||||
return msg;
|
return msg;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Messages({
|
||||||
|
"# {0} - line number", "# {1} - fields length", "# {2} - expected length", "AddLogicalImageTask.notEnoughFields=File does not contain enough fields at line {0}, got {1}, expecting {2}"
|
||||||
|
})
|
||||||
private void addInterestingFiles(File src, Path resultsPath) throws IOException, TskCoreException {
|
private void addInterestingFiles(File src, Path resultsPath) throws IOException, TskCoreException {
|
||||||
logger.log(Level.INFO, "Adding " + resultsPath.toString() + " to interesting files");
|
|
||||||
try (BufferedReader br = new BufferedReader(new FileReader(resultsPath.toFile()))) {
|
try (BufferedReader br = new BufferedReader(new FileReader(resultsPath.toFile()))) {
|
||||||
String line;
|
String line;
|
||||||
br.readLine(); // skip the header line
|
br.readLine(); // skip the header line
|
||||||
int lineNumber = 1;
|
int lineNumber = 2;
|
||||||
while ((line = br.readLine()) != null) {
|
while ((line = br.readLine()) != null) {
|
||||||
String[] fields = line.split("\t");
|
String[] fields = line.split("\t", -1); // NON-NLS
|
||||||
if (fields.length != 9) {
|
if (fields.length != 9) {
|
||||||
throw new IOException(String.format("File does not contain enough fields at line %d", lineNumber));
|
throw new IOException(Bundle.AddLogicalImageTask_notEnoughFields(lineNumber, fields.length, 9));
|
||||||
}
|
}
|
||||||
String vhdFilename = fields[0];
|
String vhdFilename = fields[0];
|
||||||
// String fileSystemOffsetStr = fields[1];
|
// String fileSystemOffsetStr = fields[1];
|
||||||
@ -198,7 +206,7 @@ final class AddLogicalImageTask extends AddMultipleImageTask {
|
|||||||
|
|
||||||
String dataSourceObjId = findDataSourceObjId(src, vhdFilename);
|
String dataSourceObjId = findDataSourceObjId(src, vhdFilename);
|
||||||
|
|
||||||
String query = String.format("data_source_obj_id = '%s' AND meta_addr = '%s' AND name = '%s'",
|
String query = String.format("data_source_obj_id = '%s' AND meta_addr = '%s' AND name = '%s'", // NON-NLS
|
||||||
dataSourceObjId, fileMetaAddressStr, filename);
|
dataSourceObjId, fileMetaAddressStr, filename);
|
||||||
List<AbstractFile> matchedFiles = Case.getCurrentCase().getSleuthkitCase().findAllFilesWhere(query);
|
List<AbstractFile> matchedFiles = Case.getCurrentCase().getSleuthkitCase().findAllFilesWhere(query);
|
||||||
for (AbstractFile file : matchedFiles) {
|
for (AbstractFile file : matchedFiles) {
|
||||||
@ -209,6 +217,9 @@ final class AddLogicalImageTask extends AddMultipleImageTask {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Messages({
|
||||||
|
"# {0} - target image path", "AddLogicalImageTask.cannotFindDataSourceObjId=Cannot find obj_id in tsk_image_names for {0}"
|
||||||
|
})
|
||||||
private String findDataSourceObjId(File src, String vhdFilename) throws TskCoreException {
|
private String findDataSourceObjId(File src, String vhdFilename) throws TskCoreException {
|
||||||
String targetImagePath = Paths.get(src.toString(), vhdFilename).toString();
|
String targetImagePath = Paths.get(src.toString(), vhdFilename).toString();
|
||||||
Map<Long, List<String>> imagePaths = currentCase.getSleuthkitCase().getImagePaths();
|
Map<Long, List<String>> imagePaths = currentCase.getSleuthkitCase().getImagePaths();
|
||||||
@ -221,7 +232,7 @@ final class AddLogicalImageTask extends AddMultipleImageTask {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
throw new TskCoreException("Cannot find obj_id in tsk_image_names for " + targetImagePath);
|
throw new TskCoreException(Bundle.AddLogicalImageTask_cannotFindDataSourceObjId(targetImagePath));
|
||||||
}
|
}
|
||||||
|
|
||||||
private void addInterestingFile(AbstractFile file, String ruleSetName, String ruleName) throws TskCoreException {
|
private void addInterestingFile(AbstractFile file, String ruleSetName, String ruleName) throws TskCoreException {
|
||||||
@ -236,11 +247,10 @@ final class AddLogicalImageTask extends AddMultipleImageTask {
|
|||||||
// index the artifact for keyword search
|
// index the artifact for keyword search
|
||||||
blackboard.indexArtifact(artifact);
|
blackboard.indexArtifact(artifact);
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
|
LOGGER.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
|
||||||
}
|
}
|
||||||
|
IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent("LogicalImager", // NON-NLS
|
||||||
IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent("Logical Imager", BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, Collections.singletonList(artifact)));
|
BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, Collections.singletonList(artifact)));
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -2,20 +2,34 @@
|
|||||||
# To change this template file, choose Tools | Templates
|
# To change this template file, choose Tools | Templates
|
||||||
# and open the template in the editor.
|
# and open the template in the editor.
|
||||||
|
|
||||||
|
AddLogicalImageTask.addingInterestingFiles=Adding search results as intersting files
|
||||||
# {0} - file
|
# {0} - file
|
||||||
AddLogicalImageTask.addingToReport=Adding {0} to report
|
AddLogicalImageTask.addingToReport=Adding {0} to report
|
||||||
|
# {0} - target image path
|
||||||
|
AddLogicalImageTask.cannotFindDataSourceObjId=Cannot find obj_id in tsk_image_names for {0}
|
||||||
|
# {0} - searchResults.txt
|
||||||
|
# {1} - alert.txt
|
||||||
|
# {2} - directory
|
||||||
|
AddLogicalImageTask.cannotFindFiles=Cannot find {0} or {1} in {2}
|
||||||
# {0} - src
|
# {0} - src
|
||||||
# {1} - dest
|
# {1} - dest
|
||||||
AddLogicalImageTask.copyingImageFromTo=Copying image from {0} to {1}
|
AddLogicalImageTask.copyingImageFromTo=Copying image from {0} to {1}
|
||||||
|
AddLogicalImageTask.doneAddingInterestingFiles=Done adding search results as intersting files
|
||||||
# {0} - file
|
# {0} - file
|
||||||
AddLogicalImageTask.doneAddingToReport=Done adding {0} to report
|
AddLogicalImageTask.doneAddingToReport=Done adding {0} to report
|
||||||
AddLogicalImageTask.doneCopying=Done copying
|
AddLogicalImageTask.doneCopying=Done copying
|
||||||
|
# {0} - reason
|
||||||
|
AddLogicalImageTask.failedToAddInterestingFiles=Failed to add interesting files: {0}
|
||||||
# {0} - file
|
# {0} - file
|
||||||
# {1} - exception message
|
# {1} - exception message
|
||||||
AddLogicalImageTask.failedToAddReport=Failed to add report {0}. Reason= {1}
|
AddLogicalImageTask.failedToAddReport=Failed to add report {0}. Reason= {1}
|
||||||
# {0} - src
|
# {0} - src
|
||||||
# {1} - dest
|
# {1} - dest
|
||||||
AddLogicalImageTask.failedToCopyDirectory=Failed to copy directory {0} to {1}
|
AddLogicalImageTask.failedToCopyDirectory=Failed to copy directory {0} to {1}
|
||||||
|
# {0} - line number
|
||||||
|
# {1} - fields length
|
||||||
|
# {2} - expected length
|
||||||
|
AddLogicalImageTask.notEnoughFields=File does not contain enough fields at line {0}, got {1}, expecting {2}
|
||||||
# {0} - imageFilePath
|
# {0} - imageFilePath
|
||||||
AddMultipleImageTask.adding=Adding: {0}
|
AddMultipleImageTask.adding=Adding: {0}
|
||||||
# {0} - file
|
# {0} - file
|
||||||
|
|||||||
@ -194,7 +194,6 @@ public final class LogicalImagerDSProcessor implements DataSourceProcessor {
|
|||||||
String msg = Bundle.LogicalImagerDSProcessor_noCurrentCase();
|
String msg = Bundle.LogicalImagerDSProcessor_noCurrentCase();
|
||||||
errorList.add(msg);
|
errorList.add(msg);
|
||||||
callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources);
|
callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources);
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user