mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 07:56:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Re-adding files back to git repo with proper capitalization in place.

Browse Source 
Signed-off-by: Alex Ebadirad <aebadirad@42six.com>
This commit is contained in:
Alex Ebadirad 2012-05-11 08:48:03 -07:00
parent 9facfee95a
commit ca50b0d96f
21 changed files with 2984 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
Report/src/org/sleuthkit/autopsy/report/BrowserControl.java Normal file
View File

@ -0,0 +1,50 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.sleuthkit.autopsy.report;
/**
*
* @author Alex
*/
import java.lang.reflect.Method;
public class BrowserControl{
/**
* Method to Open the Browser with Given URL
* @param url
*/
public static void openUrl(String url){
String os = System.getProperty("os.name");
Runtime runtime=Runtime.getRuntime();
try{
// Block for Windows Platform
if (os.startsWith("Windows")){
String cmd = "rundll32 url.dll,FileProtocolHandler "+ url;
Process p = runtime.exec(cmd);
}
//Block for Mac OS
else if(os.startsWith("Mac OS")){
Class fileMgr = Class.forName("com.apple.eio.FileManager");
Method openURL = fileMgr.getDeclaredMethod("openURL", new Class[] {String.class});
openURL.invoke(null, new Object[] {url});
}
//Block for UNIX Platform
else {
String[] browsers = {"firefox", "opera", "konqueror", "epiphany", "mozilla", "netscape" };
String browser = null;
for (int count = 0; count < browsers.length && browser == null; count++)
if (runtime.exec(new String[] {"which", browsers[count]}).waitFor() == 0)
browser = browsers[count];
if (browser == null)
throw new Exception("Could not find web browser");
else
runtime.exec(new String[] {browser, url});
}
}catch(Exception x){
System.err.println("Exception occurd while invoking Browser!");
x.printStackTrace();
}
}
}

18
Report/src/org/sleuthkit/autopsy/report/Bundle.properties Normal file
View File

@ -0,0 +1,18 @@
OpenIDE-Module-Name=Report
Toolbars/Reports/org-sleuthkit-autopsy-report-reportAction.shadow=Reports
ReportFilter.progBar.string=
ReportFilter.cancelButton.actionCommand=
ReportFilter.cancelButton.text=Cancel
ReportFilter.jCheckBox3.text=Keyword Hits
ReportFilter.jCheckBox4.text=Hashlist Hits
ReportFilter.jCheckBox5.text=System Information
ReportFilter.jButton1.text=Generate Report
ReportFilter.jButton2.label=
ReportFilter.jButton2.actionCommand=
ReportFilter.jButton2.text=
ReportFilter.jCheckBox1.text=Internet History
ReportFilter.jCheckBox2.text=General Info
ReportPanel.jLabel1.text=jLabel1
ReportPanel.saveReport.actionCommand=
ReportPanel.saveReport.text=Export Report...
ReportPanel.jButton1.text=Close

107
Report/src/org/sleuthkit/autopsy/report/Report.java Normal file
View File

@ -0,0 +1,107 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.sql.ResultSet;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.SleuthkitCase;
/**
*
* @author Alex
*/
public class Report {
private void report() {
}
public String getGroupedKeywordHit() {
StringBuilder table = new StringBuilder();
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try {
ResultSet uniqueresults = tempDb.runQuery("SELECT DISTINCT value_text from blackboard_attributes where attribute_type_id = '10' order by value_text ASC");
while (uniqueresults.next()) {
table.append("<strong>").append(uniqueresults.getString("value_text")).append("</strong>");
table.append("<table><thead><tr><th>").append("File Name").append("</th><th>Preview</th><th>Keyword List</th></tr><tbody>");
ArrayList<BlackboardArtifact> artlist = new ArrayList<BlackboardArtifact>();
ResultSet tempresults = tempDb.runQuery("select DISTINCT artifact_id from blackboard_attributes where attribute_type_id = '10' and value_text = '" + uniqueresults.getString(1) + "'");
while (tempresults.next()) {
artlist.add(tempDb.getBlackboardArtifact(tempresults.getLong(1)));
}
for (BlackboardArtifact art : artlist) {
String filename = tempDb.getFsContentById(art.getObjectID()).getName();
String preview = "";
String set = "";
table.append("<tr><td>").append(filename).append("</td>");
ArrayList<BlackboardAttribute> tempatts = art.getAttributes();
for (BlackboardAttribute att : tempatts) {
if (att.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_REGEXP.getTypeID()) {
preview = "<td>" + att.getValueString() + "</td>";
}
if (att.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW.getTypeID()) {
set = "<td>" + att.getValueString() + "</td>";
}
}
table.append(preview).append(set).append("</tr>");
}
table.append("</tbody></table><br /><br />");
}
} catch (Exception e) {
Logger.getLogger(Report.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return table.toString();
}
public HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> getAllTypes(ReportConfiguration config) {
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> reportMap = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try {
for (Map.Entry<BlackboardArtifact.ARTIFACT_TYPE, Boolean> entry : config.config.entrySet()) {
if (entry.getValue()) {
ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(entry.getKey());
for (BlackboardArtifact artifact : bbart) {
ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
reportMap.put(artifact, attributes);
}
}
}
} catch (Exception e) {
Logger.getLogger(Report.class.getName()).log(Level.INFO, "Exception occurred", e);
}
return reportMap;
}
}

186
Report/src/org/sleuthkit/autopsy/report/ReportAction.java Normal file
View File

@ -0,0 +1,186 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.awt.Component;
import java.awt.Dimension;
import java.awt.Toolkit;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import java.io.File;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.swing.ImageIcon;
import javax.swing.JButton;
import javax.swing.JDialog;
import javax.swing.JFrame;
import org.openide.awt.ActionID;
import org.openide.awt.ActionReference;
import org.openide.awt.ActionReferences;
import org.openide.awt.ActionRegistration;
import org.openide.util.HelpCtx;
import org.openide.util.NbBundle.Messages;
import org.openide.util.actions.CallableSystemAction;
import org.openide.util.actions.Presenter;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.coreutils.Log;
@ActionID(category = "Tools",
id = "org.sleuthkit.autopsy.report.ReportAction")
@ActionRegistration(displayName = "#CTL_ReportAction")
@ActionReferences({
@ActionReference(path = "Menu/Tools", position = 80)
})
@Messages("CTL_ReportAction=Run Report")
public final class ReportAction extends CallableSystemAction implements Presenter.Toolbar {
private JButton toolbarButton = new JButton();
private static final String ACTION_NAME = "Generate Report";
static final Logger logger = Logger.getLogger(ReportAction.class.getName());
public ReportAction() {
setEnabled(false);
Case.addPropertyChangeListener(new PropertyChangeListener() {
@Override
public void propertyChange(PropertyChangeEvent evt) {
if (evt.getPropertyName().equals(Case.CASE_CURRENT_CASE)) {
setEnabled(evt.getNewValue() != null);
}
}
});
//attempt to create a report folder if a case is active
Case.addPropertyChangeListener(new PropertyChangeListener() {
@Override
public void propertyChange(PropertyChangeEvent evt) {
String changed = evt.getPropertyName();
//case has been changed
if (changed.equals(Case.CASE_CURRENT_CASE)) {
Case newCase = (Case) evt.getNewValue();
if (newCase != null) {
boolean exists = (new File(newCase.getCaseDirectory() + "\\Reports")).exists();
if (exists) {
// report directory exists -- don't need to do anything
} else {
// report directory does not exist -- create it
boolean reportCreate = (new File(newCase.getCaseDirectory() + "\\Reports")).mkdirs();
if (!reportCreate) {
logger.log(Level.WARNING, "Could not create Reports directory for case. It does not exist.");
}
}
}
}
}
});
// set action of the toolbar button
toolbarButton.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
ReportAction.this.actionPerformed(e);
}
});
}
@Override
public void actionPerformed(ActionEvent e) {
try {
// create the popUp window for it
final JFrame frame = new JFrame(ACTION_NAME);
final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal
// initialize panel with loaded settings
final ReportFilter panel = new ReportFilter();
panel.setjButton2ActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
popUpWindow.dispose();
}
});
// add the panel to the popup window
popUpWindow.add(panel);
popUpWindow.pack();
popUpWindow.setResizable(false);
// set the location of the popUp Window on the center of the screen
Dimension screenDimension = Toolkit.getDefaultToolkit().getScreenSize();
double w = popUpWindow.getSize().getWidth();
double h = popUpWindow.getSize().getHeight();
popUpWindow.setLocation((int) ((screenDimension.getWidth() - w) / 2), (int) ((screenDimension.getHeight() - h) / 2));
// display the window
popUpWindow.setVisible(true);
// add the command to close the window to the button on the Case Properties form / panel
} catch (Exception ex) {
Log.get(ReportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex);
}
}
@Override
public void performAction() {
}
@Override
public String getName() {
return ACTION_NAME;
}
@Override
public HelpCtx getHelpCtx() {
return HelpCtx.DEFAULT_HELP;
}
/**
* Returns the toolbar component of this action
*
* @return component the toolbar button
*/
@Override
public Component getToolbarPresenter() {
ImageIcon icon = new ImageIcon(getClass().getResource("btn_icon_generate_report.png"));
toolbarButton.setIcon(icon);
toolbarButton.setText("Generate Report");
return toolbarButton;
}
/**
* Set this action to be enabled/disabled
*
* @param value whether to enable this action or not
*/
@Override
public void setEnabled(boolean value) {
super.setEnabled(value);
toolbarButton.setEnabled(value);
}
}

138
Report/src/org/sleuthkit/autopsy/report/ReportConfiguration.java Normal file
View File

@ -0,0 +1,138 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.util.ArrayList;
import java.util.EnumMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.SleuthkitCase;
/**
* Configures which parts of report were requested e.g. based on user input Some
* specialized reporting modules may choose not to generate all requested
* sections and some modules may generate additional, specialized sections
*
*/
class ReportConfiguration {
//base data structure
Map<BlackboardArtifact.ARTIFACT_TYPE, Boolean> config = new EnumMap<BlackboardArtifact.ARTIFACT_TYPE, Boolean>(BlackboardArtifact.ARTIFACT_TYPE.class);
private final Logger logger = Logger.getLogger(this.getClass().getName());
ReportConfiguration() {
//clear the config just incase before we get the list from the db again
config.clear();
//now lets get the list from the tsk and current case
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
try {
ArrayList<BlackboardArtifact.ARTIFACT_TYPE> arttypes = skCase.getBlackboardArtifactTypes();
for (BlackboardArtifact.ARTIFACT_TYPE type : arttypes) {
config.put(type, Boolean.FALSE);
}
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to retrieve list of artifact types from the TSK case .", ex);
}
}
;
/**regets everything that occurs in the constructor normally
*
* @throws ReportModuleException
*/
public void getAllTypes() throws ReportModuleException {
config.clear();
//now lets get the list from the tsk and current case
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
try {
ArrayList<BlackboardArtifact.ARTIFACT_TYPE> arttypes = skCase.getBlackboardArtifactTypes();
for (BlackboardArtifact.ARTIFACT_TYPE type : arttypes) {
config.put(type, Boolean.FALSE);
}
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to retrieve list of artifact types from the TSK case .", ex);
}
}
;
/**setters for generally supported report parts
*
*/
public void setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE type, Boolean value) throws ReportModuleException {
if (config.containsKey(type)) {
config.put(type, value);
} else {
throw new ReportModuleException("The following artifact type is not present:" + type);
}
}
;
/**This allows all that setting to happen in groups
*
*/
public void setGenArtifactType(ArrayList<BlackboardArtifact.ARTIFACT_TYPE> typeList, boolean value) throws ReportModuleException {
for (BlackboardArtifact.ARTIFACT_TYPE type : typeList) {
if (config.containsKey(type)) {
config.put(type, value);
} else {
throw new ReportModuleException("The following artifact type is not present:" + type);
}
}
}
;
/** getters for generally supported report parts
*
*/
public boolean getGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE type) throws ReportModuleException {
boolean value = false;
if (config.containsKey(type)) {
value = config.get(type);
} else {
throw new ReportModuleException("The following artifact type is not present:" + type);
}
return value;
}
public void resetGenArtifactTypes() {
for (Map.Entry<BlackboardArtifact.ARTIFACT_TYPE, Boolean> entry : config.entrySet()) {
config.put(entry.getKey(), Boolean.FALSE);
}
}
}

180
Report/src/org/sleuthkit/autopsy/report/ReportFilter.form Normal file
View File

@ -0,0 +1,180 @@
<?xml version="1.0" encoding="UTF-8" ?>
<Form version="1.5" maxVersion="1.7" type="org.netbeans.modules.form.forminfo.JPanelFormInfo">
<NonVisualComponents>
<Component class="javax.swing.JButton" name="jButton2">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportFilter.jButton2.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="actionCommand" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportFilter.jButton2.actionCommand" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="label" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportFilter.jButton2.label" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
</Component>
</NonVisualComponents>
<Properties>
<Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[250, 193]"/>
</Property>
</Properties>
<AuxValues>
<AuxValue name="FormSettings_autoResourcing" type="java.lang.Integer" value="1"/>
<AuxValue name="FormSettings_autoSetComponentName" type="java.lang.Boolean" value="false"/>
<AuxValue name="FormSettings_generateFQN" type="java.lang.Boolean" value="true"/>
<AuxValue name="FormSettings_generateMnemonicsCode" type="java.lang.Boolean" value="false"/>
<AuxValue name="FormSettings_i18nAutoMode" type="java.lang.Boolean" value="true"/>
<AuxValue name="FormSettings_layoutCodeTarget" type="java.lang.Integer" value="1"/>
<AuxValue name="FormSettings_listenerGenerationStyle" type="java.lang.Integer" value="0"/>
<AuxValue name="FormSettings_variablesLocal" type="java.lang.Boolean" value="false"/>
<AuxValue name="FormSettings_variablesModifier" type="java.lang.Integer" value="2"/>
</AuxValues>
<Layout>
<DimensionLayout dim="0">
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" attributes="0">
<EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0">
<Component id="jButton1" min="-2" max="-2" attributes="0"/>
<EmptySpace max="32767" attributes="0"/>
<Component id="cancelButton" min="-2" max="-2" attributes="0"/>
<EmptySpace min="-2" pref="156" max="-2" attributes="0"/>
</Group>
<Component id="jCheckBox3" alignment="0" min="-2" max="-2" attributes="0"/>
<Group type="102" alignment="0" attributes="0">
<Group type="103" groupAlignment="0" attributes="0">
<Component id="jCheckBox2" alignment="0" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox1" alignment="0" min="-2" max="-2" attributes="0"/>
</Group>
<EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Component id="jCheckBox5" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox4" alignment="0" min="-2" max="-2" attributes="0"/>
</Group>
</Group>
<Component id="progBar" alignment="0" min="-2" pref="231" max="-2" attributes="0"/>
</Group>
<EmptySpace max="-2" attributes="0"/>
</Group>
</Group>
</DimensionLayout>
<DimensionLayout dim="1">
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0">
<EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="3" attributes="0">
<Component id="jCheckBox1" alignment="3" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox4" alignment="3" min="-2" max="-2" attributes="0"/>
</Group>
<EmptySpace type="separate" max="-2" attributes="0"/>
<Group type="103" groupAlignment="3" attributes="0">
<Component id="jCheckBox2" alignment="3" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox5" alignment="3" min="-2" max="-2" attributes="0"/>
</Group>
<EmptySpace type="separate" max="-2" attributes="0"/>
<Component id="jCheckBox3" min="-2" max="-2" attributes="0"/>
<EmptySpace type="separate" max="-2" attributes="0"/>
<Group type="103" groupAlignment="3" attributes="0">
<Component id="jButton1" alignment="3" max="32767" attributes="1"/>
<Component id="cancelButton" alignment="3" max="32767" attributes="1"/>
</Group>
<EmptySpace max="-2" attributes="0"/>
<Component id="progBar" pref="23" max="32767" attributes="1"/>
<EmptySpace max="-2" attributes="0"/>
</Group>
</Group>
</DimensionLayout>
</Layout>
<SubComponents>
<Component class="javax.swing.JCheckBox" name="jCheckBox1">
<Properties>
<Property name="selected" type="boolean" value="true"/>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportFilter.jCheckBox1.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
<Events>
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="jCheckBox1ActionPerformed"/>
</Events>
</Component>
<Component class="javax.swing.JCheckBox" name="jCheckBox2">
<Properties>
<Property name="selected" type="boolean" value="true"/>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportFilter.jCheckBox2.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
</Component>
<Component class="javax.swing.JCheckBox" name="jCheckBox3">
<Properties>
<Property name="selected" type="boolean" value="true"/>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportFilter.jCheckBox3.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
</Component>
<Component class="javax.swing.JCheckBox" name="jCheckBox4">
<Properties>
<Property name="selected" type="boolean" value="true"/>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportFilter.jCheckBox4.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
</Component>
<Component class="javax.swing.JCheckBox" name="jCheckBox5">
<Properties>
<Property name="selected" type="boolean" value="true"/>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportFilter.jCheckBox5.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
</Component>
<Component class="javax.swing.JButton" name="jButton1">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportFilter.jButton1.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
<Events>
<EventHandler event="mouseReleased" listener="java.awt.event.MouseListener" parameters="java.awt.event.MouseEvent" handler="jButton1MouseReleased"/>
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="jButton1ActionPerformed"/>
</Events>
<AuxValues>
<AuxValue name="JavaCodeGenerator_SerializeTo" type="java.lang.String" value="reportFilter_jButton1"/>
</AuxValues>
</Component>
<Component class="javax.swing.JProgressBar" name="progBar">
<Properties>
<Property name="doubleBuffered" type="boolean" value="true"/>
<Property name="enabled" type="boolean" value="false"/>
<Property name="name" type="java.lang.String" value="" noResource="true"/>
<Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[146, 15]"/>
</Property>
<Property name="string" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportFilter.progBar.string" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="stringPainted" type="boolean" value="true"/>
</Properties>
</Component>
<Component class="javax.swing.JButton" name="cancelButton">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportFilter.cancelButton.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="actionCommand" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportFilter.cancelButton.actionCommand" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="enabled" type="boolean" value="false"/>
</Properties>
<Events>
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="cancelButtonActionPerformed"/>
</Events>
</Component>
</SubComponents>
</Form>

353
Report/src/org/sleuthkit/autopsy/report/ReportFilter.java Normal file
View File

@ -0,0 +1,353 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.awt.event.ActionListener;
import java.util.ArrayList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.swing.SwingUtilities;
import javax.swing.SwingWorker;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.SleuthkitCase;
/**
*
* @author Alex
*/
public class ReportFilter extends javax.swing.JPanel {
public static ArrayList<Integer> filters = new ArrayList<Integer>();
public static ReportConfiguration config = new ReportConfiguration();
private final Logger logger = Logger.getLogger(this.getClass().getName());
public final ReportFilter panel = this;
ReportPanelAction rpa = new ReportPanelAction();
public static boolean cancel = false;
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
/**
* Creates new form ReportFilter
*/
public ReportFilter() {
initComponents();
cancel = false;
try{
config.getAllTypes();
}
catch(ReportModuleException ex)
{
Logger.getLogger(Report.class.getName()).log(Level.SEVERE, "Exception occurred", ex);
}
}
/**
* This method is called from within the constructor to initialize the form.
* WARNING: Do NOT modify this code. The content of this method is always
* regenerated by the Form Editor.
*/
@SuppressWarnings("unchecked")
// <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents
private void initComponents() {
jButton2 = new javax.swing.JButton();
jCheckBox1 = new javax.swing.JCheckBox();
jCheckBox2 = new javax.swing.JCheckBox();
jCheckBox3 = new javax.swing.JCheckBox();
jCheckBox4 = new javax.swing.JCheckBox();
jCheckBox5 = new javax.swing.JCheckBox();
jButton1 = new javax.swing.JButton();
progBar = new javax.swing.JProgressBar();
cancelButton = new javax.swing.JButton();
jButton2.setText(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.jButton2.text")); // NOI18N
jButton2.setActionCommand(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.jButton2.actionCommand")); // NOI18N
jButton2.setLabel(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.jButton2.label")); // NOI18N
setPreferredSize(new java.awt.Dimension(250, 193));
jCheckBox1.setSelected(true);
jCheckBox1.setText(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.jCheckBox1.text")); // NOI18N
jCheckBox1.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
jCheckBox1ActionPerformed(evt);
}
});
jCheckBox2.setSelected(true);
jCheckBox2.setText(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.jCheckBox2.text")); // NOI18N
jCheckBox3.setSelected(true);
jCheckBox3.setText(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.jCheckBox3.text")); // NOI18N
jCheckBox4.setSelected(true);
jCheckBox4.setText(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.jCheckBox4.text")); // NOI18N
jCheckBox5.setSelected(true);
jCheckBox5.setText(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.jCheckBox5.text")); // NOI18N
jButton1.setText(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.jButton1.text")); // NOI18N
jButton1.addMouseListener(new java.awt.event.MouseAdapter() {
public void mouseReleased(java.awt.event.MouseEvent evt) {
jButton1MouseReleased(evt);
}
});
jButton1.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
jButton1ActionPerformed(evt);
}
});
progBar.setDoubleBuffered(true);
progBar.setEnabled(false);
progBar.setName(""); // NOI18N
progBar.setPreferredSize(new java.awt.Dimension(146, 15));
progBar.setString(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.progBar.string")); // NOI18N
progBar.setStringPainted(true);
cancelButton.setText(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.cancelButton.text")); // NOI18N
cancelButton.setActionCommand(org.openide.util.NbBundle.getMessage(ReportFilter.class, "ReportFilter.cancelButton.actionCommand")); // NOI18N
cancelButton.setEnabled(false);
cancelButton.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
cancelButtonActionPerformed(evt);
}
});
javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
this.setLayout(layout);
layout.setHorizontalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addContainerGap()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addComponent(jButton1)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addComponent(cancelButton)
.addGap(156, 156, 156))
.addComponent(jCheckBox3)
.addGroup(layout.createSequentialGroup()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jCheckBox2)
.addComponent(jCheckBox1))
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jCheckBox5)
.addComponent(jCheckBox4)))
.addComponent(progBar, javax.swing.GroupLayout.PREFERRED_SIZE, 231, javax.swing.GroupLayout.PREFERRED_SIZE))
.addContainerGap())
);
layout.setVerticalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addContainerGap()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(jCheckBox1)
.addComponent(jCheckBox4))
.addGap(18, 18, 18)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(jCheckBox2)
.addComponent(jCheckBox5))
.addGap(18, 18, 18)
.addComponent(jCheckBox3)
.addGap(18, 18, 18)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(jButton1, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addComponent(cancelButton, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(progBar, javax.swing.GroupLayout.DEFAULT_SIZE, 23, Short.MAX_VALUE)
.addContainerGap())
);
}// </editor-fold>//GEN-END:initComponents
private void jCheckBox1ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jCheckBox1ActionPerformed
}//GEN-LAST:event_jCheckBox1ActionPerformed
public void getfilters(java.awt.event.ActionEvent evt) {
jButton1ActionPerformed(evt);
}
private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButton1ActionPerformed
jButton1.setEnabled(false);
progBar.setEnabled(true);
cancelButton.setEnabled(true);
progBar.setStringPainted(true);
progBar.setValue(0);
filters.clear();
if (jCheckBox1.isSelected()) {
try {
config.setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK, true);
config.setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE, true);
config.setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY, true);
config.setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, true);
filters.add(2);
filters.add(3);
filters.add(4);
filters.add(5);
} catch (ReportModuleException ex) {
logger.log(Level.WARNING, "", ex);
}
}
if (jCheckBox2.isSelected()) {
try {
config.setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO, true);
filters.add(1);
} catch (ReportModuleException ex) {
logger.log(Level.WARNING, "", ex);
}
}
if (jCheckBox3.isSelected()) {
try {
config.setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT, true);
filters.add(9);
} catch (ReportModuleException ex) {
logger.log(Level.WARNING, "", ex);
}
}
if (jCheckBox4.isSelected()) {
try {
config.setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT, true);
filters.add(10);
} catch (ReportModuleException ex) {
logger.log(Level.WARNING, "", ex);
}
}
if (jCheckBox5.isSelected()) {
try {
config.setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT, true);
config.setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG, true);
config.setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED, true);
filters.add(6);
filters.add(8);
filters.add(11);
} catch (ReportModuleException ex) {
}
}
getReports();
}//GEN-LAST:event_jButton1ActionPerformed
public void getReports() {
new SwingWorker<Void, Void>() {
@Override
protected Void doInBackground() throws Exception {
rpa.reportGenerate(config, panel);
return null;
}
;
// this is called when the SwingWorker's doInBackground finishes
@Override
protected void done() {
progBar.setVisible(false); // hide my progress bar JFrame
}
;
}.execute();
progBar.setVisible(true);
}
private void cancelButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_cancelButtonActionPerformed
cancelButton.setText("Cancelled!");
cancel = true;
}//GEN-LAST:event_cancelButtonActionPerformed
private void jButton1MouseReleased(java.awt.event.MouseEvent evt) {//GEN-FIRST:event_jButton1MouseReleased
}//GEN-LAST:event_jButton1MouseReleased
public void progBarSet(int cc) {
final int count = cc;
SwingUtilities.invokeLater(new Runnable() {
@Override
public void run() {
int start = progBar.getValue();
int end = start + count;
progBar.setValue(end);
progBar.setString(null);
progBar.setString(progBar.getString());
progBar.setStringPainted(true);
if (progBar.getPercentComplete() == 1.0) {
progBar.setString("Populating Report - Please wait...");
progBar.setStringPainted(true);
progBar.setIndeterminate(true);
}
}
});
}
public void progBarDone() {
int max = progBar.getMaximum();
progBar.setValue(max);
jButton2.doClick();
}
public void progBarStartText() {
progBar.setIndeterminate(true);
progBar.setString("Querying Database for Report Results...");
}
public void progBarText() {
progBar.setString("Populating Report - Please wait...");
progBar.setStringPainted(true);
progBar.repaint();
progBar.setIndeterminate(true);
}
public void progBarCount(int count) {
progBar.setIndeterminate(false);
progBar.setString(null);
progBar.setMinimum(0);
progBar.setMaximum(count);
progBar.setValue(0);
//Double bper = progBar.getPercentComplete();
progBar.setString(progBar.getString());
}
public void setjButton1ActionListener(ActionListener e) {
jButton1.addActionListener(e);
}
public void setjButton2ActionListener(ActionListener e) {
jButton2.addActionListener(e);
cancelButton.addActionListener(e);
}
// Variables declaration - do not modify//GEN-BEGIN:variables
private javax.swing.JButton cancelButton;
private javax.swing.JButton jButton1;
private javax.swing.JButton jButton2;
private javax.swing.JCheckBox jCheckBox1;
private javax.swing.JCheckBox jCheckBox2;
private javax.swing.JCheckBox jCheckBox3;
private javax.swing.JCheckBox jCheckBox4;
private javax.swing.JCheckBox jCheckBox5;
private javax.swing.JProgressBar progBar;
// End of variables declaration//GEN-END:variables
}

83
Report/src/org/sleuthkit/autopsy/report/ReportFilterAction.java Normal file
View File

@ -0,0 +1,83 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.awt.Container;
import java.awt.Dimension;
import java.awt.Toolkit;
import java.util.logging.Level;
import javax.swing.JDialog;
import javax.swing.JFrame;
import org.openide.util.HelpCtx;
import org.sleuthkit.autopsy.coreutils.Log;
/**
* The ReportFilterAction opens the reportFilterPanel in a dialog, and saves the
* settings of the panel if the Apply button is clicked.
*
* @author pmartel
*/
class ReportFilterAction {
private static final String ACTION_NAME = "Report Window";
//@Override
public void performAction() {
Log.noteAction(this.getClass());
try {
// create the popUp window for it
Container cpane;
final JFrame frame = new JFrame(ACTION_NAME);
final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal
cpane = frame.getContentPane();
// initialize panel with loaded settings
final ReportFilter panel = new ReportFilter();
// add the panel to the popup window
popUpWindow.add(panel);
popUpWindow.pack();
popUpWindow.setResizable(false);
// set the location of the popUp Window on the center of the screen
Dimension screenDimension = Toolkit.getDefaultToolkit().getScreenSize();
double w = popUpWindow.getSize().getWidth();
double h = popUpWindow.getSize().getHeight();
popUpWindow.setLocation((int) ((screenDimension.getWidth() - w) / 2), (int) ((screenDimension.getHeight() - h) / 2));
// display the window
popUpWindow.setVisible(true);
} catch (Exception ex) {
Log.get(ReportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex);
}
}
//@Override
public String getName() {
return ACTION_NAME;
}
// @Override
public HelpCtx getHelpCtx() {
return HelpCtx.DEFAULT_HELP;
}
}

49
Report/src/org/sleuthkit/autopsy/report/ReportGen.java Normal file
View File

@ -0,0 +1,49 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.util.ArrayList;
import java.util.HashMap;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
/**
*
* This class is the 'default' way to get artifacts/attributes from the
* blackboard using a reportconfiguration object.
*/
public class ReportGen {
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> Results = new HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>>();
ReportGen() {
}
public void clearReport() {
Results.clear();
}
public void populateReport(ReportConfiguration config) {
clearReport();
Report bbreport = new Report();
Results = bbreport.getAllTypes(config);
}
}

468
Report/src/org/sleuthkit/autopsy/report/ReportHTML.java Normal file
View File

@ -0,0 +1,468 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.io.BufferedWriter;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Map.Entry;
import java.util.TreeMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskData;
/**
*
* @author Alex
*/
public class ReportHTML implements ReportModule{
//Declare our publically accessible formatted Report, this will change everytime they run a Report
public static StringBuilder formatted_Report = new StringBuilder();
private static StringBuilder unformatted_header = new StringBuilder();
private static StringBuilder formatted_header = new StringBuilder();
private static String htmlPath = "";
private ReportConfiguration config;
ReportHTML(){
}
@Override
public String generateReport(ReportConfiguration reportconfig, ReportFilter rr) throws ReportModuleException {
config = reportconfig;
ReportGen reportobj = new ReportGen();
reportobj.populateReport(reportconfig);
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> report = reportobj.Results;
//This is literally a terrible way to count up all the types of artifacts, and doesn't include any added ones.
//Unlike the XML Report, which is dynamic, this is formatted and needs to be redone later instead of being hardcoded.
//Also, clearing variables to generate new Report.
formatted_Report.setLength(0);
unformatted_header.setLength(0);
formatted_header.setLength(0);
int countGen = 0;
int countWebBookmark = 0;
int countWebCookie = 0;
int countWebHistory = 0;
int countWebDownload = 0;
int countRecentObjects = 0;
int countTrackPoint = 0;
int countInstalled = 0;
int countKeyword = 0;
int countHash = 0;
int countDevice = 0;
for (Entry<BlackboardArtifact, ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) {
countGen++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) {
countWebBookmark++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) {
countWebCookie++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) {
countWebHistory++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) {
countWebDownload++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) {
countRecentObjects++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) {
countTrackPoint++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) {
countInstalled++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
countKeyword++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) {
countHash++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) {
countDevice++;
}
}
try {
String ingestwarning = "<h2 style=\"color: red;\">Warning, this report was run before ingest services completed!</h2>";
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
String caseName = currentCase.getName();
Integer imagecount = currentCase.getImageIDs().length;
Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG);
Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR);
int reportsize = report.size();
Integer filesystemcount = currentCase.getRootObjectsCount();
DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy");
Date date = new Date();
String datetime = datetimeFormat.format(date);
String datenotime = dateFormat.format(date);
String CSS = "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"><style>"
+ "body {padding: 30px; margin: 0; background: #FFFFFF; font: 13px/20px Arial, Helvetica, sans-serif; color: #535353;} "
+ "h1 {font-size: 26px; color: #005577; margin: 0 0 20px 0;} "
+ "h2 {font-size: 20px; font-weight: normal; color: #0077aa; margin: 40px 0 10px 0; padding: 0 0 10px 0; border-bottom: 1px solid #dddddd;} "
+ "h3 {font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;} "
+ "p {margin: 0 0 20px 0;} table {width: 100%; padding: 0; margin: 0; border-collapse: collapse; border-bottom: 1px solid #e5e5e5;} "
+ "table thead th {display: table-cell; text-align: left; padding: 8px 16px; background: #e5e5e5; color: #777;font-size: 11px;text-shadow: #e9f9fd 0 1px 0; border-top: 1px solid #dedede; border-bottom: 2px solid #dedede;} "
+ "table tr th:nth-child(1) {text-align: center; width: 60px;} "
+ "table td {display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif;} "
+ "table tr:nth-child(even) td {background: #f3f3f3;} "
+ "table tr td:nth-child(1) {text-align: left; width: 60px; background: #f3f3f3;} "
+ "table tr:nth-child(even) td:nth-child(1) {background: #eaeaea;}"
+ "</style>";
//Add additional header information
String header = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\"><html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\"><head><title>Autopsy Report for Case: " + caseName + "</title>";
formatted_header.append(header);
formatted_header.append(CSS);
//do for unformatted
String simpleCSS = "<style>"
+ "body {padding: 30px; margin: 0; background: #FFFFFF; color: #535353;} "
+ "h1 {font-size: 26px; color: #005577; margin: 0 0 20px 0;} "
+ "h2 {font-size: 20px; font-weight: normal; color: #0077aa; margin: 40px 0 10px 0; padding: 0 0 10px 0; border-bottom: 1px solid #dddddd;} "
+ "h3 {font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;} "
+ "p {margin: 0 0 20px 0;} table {width: 100%; padding: 0; margin: 0; border-collapse: collapse; border-bottom: 1px solid #e5e5e5;} "
+ "table thead th {display: table-cell; text-align: left; padding: 4px 8px; background: #e5e5e5; color: #777;font-size: 11px; width: 80px; border-top: 1px solid #dedede; border-bottom: 2px solid #dedede;} "
+ "table tr th {text-align: left; width: 80px;} "
+ "table td {width: 100px; font-size: 8px; display: table-cell; padding: 4px 8px;} "
+ "table tr {text-align: left; width: 60px; background: #f3f3f3;} "
+ "tr.alt td{ background-color: #FFFFFF;}"
+ "</style>";
unformatted_header.append(header);
unformatted_header.append(simpleCSS);
//formatted_Report.append("<link rel=\"stylesheet\" href=\"" + rrpath + "Report.css\" type=\"text/css\" />");
formatted_Report.append("</head><body><div id=\"main\"><div id=\"content\">");
// Add summary information now
formatted_Report.append("<h1>Report for Case: ").append(caseName).append("</h1>");
if (IngestManager.getDefault().isIngestRunning()) {
formatted_Report.append(ingestwarning);
}
formatted_Report.append("<h2>Case Summary</h2><p>HTML Report Generated by <strong>Autopsy 3</strong> on ").append(datetime).append("<ul>");
formatted_Report.append("<li># of Images: ").append(imagecount).append("</li>");
formatted_Report.append("<li>FileSystems: ").append(filesystemcount).append("</li>");
formatted_Report.append("<li># of Files: ").append(totalfiles.toString()).append("</li>");
formatted_Report.append("<li># of Dirs: ").append(totaldirs.toString()).append("</li>");
formatted_Report.append("<li># of Artifacts: ").append(reportsize).append("</li></ul>");
formatted_Report.append("<br /><table><thead><tr><th>Section</th><th>Count</th></tr></thead><tbody>");
if (countWebBookmark > 0) {
formatted_Report.append("<tr><td><a href=\"#bookmark\">Web Bookmarks</a></td><td>").append(countWebBookmark).append("</td></tr>");
}
if (countWebCookie > 0) {
formatted_Report.append("<tr><td><a href=\"#cookie\">Web Cookies</a></td><td>").append(countWebCookie).append("</td></tr>");
}
if (countWebHistory > 0) {
formatted_Report.append("<tr><td><a href=\"#history\">Web History</a></td><td>").append(countWebHistory).append("</td></tr>");
}
if (countWebDownload > 0) {
formatted_Report.append("<tr><td><a href=\"#download\">Web Downloads</a></td><td>").append(countWebDownload).append("</td></tr>");
}
if (countRecentObjects > 0) {
formatted_Report.append("<tr><td><a href=\"#recent\">Recent Documents</a></td><td>").append(countRecentObjects).append("</td></tr>");
}
if (countInstalled > 0) {
formatted_Report.append("<tr><td><a href=\"#installed\">Installed Programs</a></td><td>").append(countInstalled).append("</td></tr>");
}
if (countKeyword > 0) {
formatted_Report.append("<tr><td><a href=\"#keyword\">Keyword Hits</a></td><td>").append(countKeyword).append("</td></tr>");
}
if (countHash > 0) {
formatted_Report.append("<tr><td><a href=\"#hash\">Hash Hits</a></td><td>").append(countHash).append("</td></tr>");
}
if (countDevice > 0) {
formatted_Report.append("<tr><td><a href=\"#device\">Attached Devices</a></td><td>").append(countDevice).append("</td></tr>");
}
formatted_Report.append("</tbody></table><br />");
String tableHeader = "<table><thead><tr>";
StringBuilder nodeGen = new StringBuilder("<h3>General Information (").append(countGen).append(")</h3>").append(tableHeader).append("<th>Attribute</th><th>Value</th></tr></thead><tbody>");
StringBuilder nodeWebBookmark = new StringBuilder("<h3><a name=\"bookmark\">Web Bookmarks (").append(countWebBookmark).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Title</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeWebCookie = new StringBuilder("<h3><a name=\"cookie\">Web Cookies (").append(countWebCookie).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Name</th><th>Value</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeWebHistory = new StringBuilder("<h3><a name=\"history\">Web History (").append(countWebHistory).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Referrer</th><th>Title</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeWebDownload = new StringBuilder("<h3><a name=\"download\">Web Downloads (").append(countWebDownload).append(")</h3>").append(tableHeader).append("<th>File</th><th>Source</th><th>Time</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeRecentObjects = new StringBuilder("<h3><a name=\"recent\">Recent Documents (").append(countRecentObjects).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Path</th><th>Related Shortcut</th></tr></thead><tbody>");
StringBuilder nodeTrackPoint = new StringBuilder("<h3><a name=\"track\">Track Points (").append(countTrackPoint).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Attribute</th><th>Value</th></tr></thead><tbody>");
StringBuilder nodeInstalled = new StringBuilder("<h3><a name=\"installed\">Installed Programs (").append(countInstalled).append(")</h3>").append(tableHeader).append("<th>Program Name</th><th>Install Date/Time</th></tr></thead><tbody>");
StringBuilder nodeKeyword = new StringBuilder("<h3><a name=\"keyword\">Keyword Search Hits (").append(countKeyword).append(")</h3>");
StringBuilder nodeHash = new StringBuilder("<h3><a name=\"hash\">Hashset Hit (").append(countHash).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Size</th><th>Hashset Name</th></tr></thead><tbody>");
StringBuilder nodeDevice = new StringBuilder("<h3><a name=\"device\">Attached Devices (").append(countHash).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Serial #</th><th>Time</th></tr></thead><tbody>");
int alt = 0;
String altRow = "";
for (Entry<BlackboardArtifact, ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if (ReportFilter.cancel == true) {
break;
}
int cc = 0;
if (alt > 0) {
altRow = " class=\"alt\"";
alt = 0;
} else {
altRow = "";
alt++;
}
StringBuilder artifact = new StringBuilder("");
Long objId = entry.getKey().getObjectID();
//Content file = skCase.getContentById(objId);
FsContent file = skCase.getFsContentById(objId);
Long filesize = file.getSize();
TreeMap<Integer, String> attributes = new TreeMap<Integer, String>();
// Get all the attributes, line them up to be added. Place empty string placeholders for each attribute type
int n;
for (n = 1; n <= 35; n++) {
attributes.put(n, "");
}
for (BlackboardAttribute tempatt : entry.getValue()) {
if (ReportFilter.cancel == true) {
break;
}
String value = "";
Integer type = tempatt.getAttributeTypeID();
if (type.equals(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID()) || type.equals(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID())) {
try{
SimpleDateFormat sdf = new java.text.SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
value = sdf.format(new java.util.Date((tempatt.getValueLong())));
}
catch(Exception ex){
}
} else {
value = tempatt.getValueString();
}
if(value == null || value.isEmpty())
{
value = "";
}
value = ReportUtils.insertPeriodically(value, "<br>", 30);
attributes.put(type, value);
cc++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) {
artifact.append("</tr>");
nodeGen.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())).append("</td>");
artifact.append("</tr>");
nodeWebBookmark.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())).append("</td>");
artifact.append("</tr>");
nodeWebCookie.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())).append("</td>");
artifact.append("</tr>");
nodeWebHistory.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())).append("</td>");
artifact.append("</tr>");
nodeWebDownload.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) {
//artifact.append("<tr><td>").append(objId.toString());
artifact.append("<tr").append(altRow).append("><td><strong>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID())).append("</strong></td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH.getTypeID())).append("</td>");
artifact.append("<td>").append(file.getName()).append("</td>");
artifact.append("</tr>");
nodeRecentObjects.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td>").append(objId.toString());
artifact.append("</td><td><strong>").append(file.getName().toString()).append("</strong></td>");
artifact.append("<td>").append(filesize.toString()).append("</td>");
artifact.append("</tr>");
nodeTrackPoint.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td><strong>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID())).append("</strong></td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID())).append("</td>");
artifact.append("</tr>");
nodeInstalled.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
// artifact.append("<table><thead><tr><th>Artifact ID</th><th>Name</th><th>Size</th>");
// artifact.append("</tr></table>");
// nodeKeyword.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) {
// artifact.append("<tr><td>").append(objId.toString());
artifact.append("<tr").append(altRow).append("><td><strong>").append(file.getName().toString()).append("</strong></td>");
artifact.append("<td>").append(filesize.toString()).append("</td>");
//artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_INTERESTING_FILE.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_HASHSET_NAME.getTypeID())).append("</td>");
artifact.append("</tr>");
nodeHash.append(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) {
artifact.append("<tr").append(altRow).append("><td><strong>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID())).append("</strong></td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_ID.getTypeID())).append("</td>");
artifact.append("<td>").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID())).append("</td>");
artifact.append("</tr>");
nodeDevice.append(artifact);
}
cc++;
rr.progBarSet(cc);
}
//Add them back in order
//formatted_Report.append(nodeGen);
// formatted_Report.append("</tbody></table>");
if (countWebBookmark > 0) {
formatted_Report.append(nodeWebBookmark);
formatted_Report.append("</tbody></table>");
}
if (countWebCookie > 0) {
formatted_Report.append(nodeWebCookie);
formatted_Report.append("</tbody></table>");
}
if (countWebHistory > 0) {
formatted_Report.append(nodeWebHistory);
formatted_Report.append("</tbody></table>");
}
if (countWebDownload > 0) {
formatted_Report.append(nodeWebDownload);
formatted_Report.append("</tbody></table>");
}
if (countRecentObjects > 0) {
formatted_Report.append(nodeRecentObjects);
formatted_Report.append("</tbody></table>");
}
// formatted_Report.append(nodeTrackPoint);
//formatted_Report.append("</tbody></table>");
if (countInstalled > 0) {
formatted_Report.append(nodeInstalled);
formatted_Report.append("</tbody></table>");
}
if (countKeyword > 0) {
formatted_Report.append(nodeKeyword);
Report keywords = new Report();
formatted_Report.append(keywords.getGroupedKeywordHit());
// "<table><thead><tr><th>Artifact ID</th><th>Name</th><th>Size</th>
// formatted_Report.append("</tbody></table>");
}
if (countHash > 0) {
formatted_Report.append(nodeHash);
formatted_Report.append("</tbody></table>");
}
if (countDevice > 0) {
formatted_Report.append(nodeDevice);
formatted_Report.append("</tbody></table>");
}
//end of master loop
formatted_Report.append("</div></div></body></html>");
formatted_header.append(formatted_Report);
// unformatted_header.append(formatted_Report);
htmlPath = currentCase.getCaseDirectory() + "/Reports/" + caseName + "-" + datenotime + ".html";
this.save(htmlPath);
} catch (Exception e) {
Logger.getLogger(ReportHTML.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return htmlPath;
}
@Override
public void save(String path)
{
try{
Writer out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(path), "UTF-8"));
out.write(formatted_header.toString());
out.flush();
out.close();
}
catch(IOException e){
Logger.getLogger(ReportHTML.class.getName()).log(Level.SEVERE, "Could not write out HTML report!", e);
}
}
@Override
public String getReportType(){
String type = "HTML";
return type;
}
@Override
public ReportConfiguration GetReportConfiguration(){
return config;
}
@Override
public String getReportTypeDescription(){
String desc = "This is an html formatted report that is meant to be viewed in a modern browser.";
return desc;
}
@Override
public String generateReport() throws ReportModuleException {
throw new UnsupportedOperationException("Not supported yet.");
}
}

67
Report/src/org/sleuthkit/autopsy/report/ReportModule.java Normal file
View File

@ -0,0 +1,67 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
//interface every reporting module should implement
public interface ReportModule {
/**
* Generates a report on the current case Reporting module should traverse
* the blackboard, extract needed information as specified in the config and
* generate a report file
*
* @param config specifiying parts that should be generated
* @return absolute file path to the report generated
* @throws ReportModuleException if report generation failed
*/
public String generateReport() throws ReportModuleException;
//If it uses a report configuration and reports back to the gui its progress
public String generateReport(ReportConfiguration config, ReportFilter rr) throws ReportModuleException;
/**
* This saves a copy of the report (current one) to another place specified
* by the user. Takes the input of where the path needs to be saved, include
* filename and extention.
*/
public void save(String Path) throws ReportModuleException;
/**
* Returns a short description of report type/file format this module
* generates for instance, "XML", "Excel"
*
* @return
*/
public String getReportType();
/**
* Returns the reportconfiguration object that was created
*
* @return
*/
public ReportConfiguration GetReportConfiguration();
/**
* Returns a one line human readable description of the type of report this
* module generates
*/
public String getReportTypeDescription();
}

33
Report/src/org/sleuthkit/autopsy/report/ReportModuleException.java Normal file
View File

@ -0,0 +1,33 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
//exception thrown by a reporting module when report generation failed
class ReportModuleException extends Exception {
public ReportModuleException(String msg) {
super(msg);
}
public ReportModuleException(String msg, Exception ex) {
super(msg, ex);
}
}

89
Report/src/org/sleuthkit/autopsy/report/ReportPanel.form Normal file
View File

@ -0,0 +1,89 @@
<?xml version="1.0" encoding="UTF-8" ?>
<Form version="1.5" maxVersion="1.7" type="org.netbeans.modules.form.forminfo.JPanelFormInfo">
<NonVisualComponents>
<Component class="javax.swing.JFileChooser" name="jFileChooser1">
</Component>
<Component class="javax.swing.JOptionPane" name="jOptionPane1">
</Component>
</NonVisualComponents>
<AccessibilityProperties>
<Property name="AccessibleContext.accessibleName" type="java.lang.String" value=""/>
<Property name="AccessibleContext.accessibleParent" type="javax.accessibility.Accessible" editor="org.netbeans.modules.form.RADVisualComponent$AccessibleParentEditor">
<ComponentRef name="Form"/>
</Property>
</AccessibilityProperties>
<AuxValues>
<AuxValue name="FormSettings_autoResourcing" type="java.lang.Integer" value="1"/>
<AuxValue name="FormSettings_autoSetComponentName" type="java.lang.Boolean" value="false"/>
<AuxValue name="FormSettings_generateFQN" type="java.lang.Boolean" value="true"/>
<AuxValue name="FormSettings_generateMnemonicsCode" type="java.lang.Boolean" value="false"/>
<AuxValue name="FormSettings_i18nAutoMode" type="java.lang.Boolean" value="true"/>
<AuxValue name="FormSettings_layoutCodeTarget" type="java.lang.Integer" value="1"/>
<AuxValue name="FormSettings_listenerGenerationStyle" type="java.lang.Integer" value="0"/>
<AuxValue name="FormSettings_variablesLocal" type="java.lang.Boolean" value="false"/>
<AuxValue name="FormSettings_variablesModifier" type="java.lang.Integer" value="2"/>
</AuxValues>
<Layout>
<DimensionLayout dim="0">
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0">
<EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Component id="jLabel1" alignment="0" pref="300" max="32767" attributes="0"/>
<Group type="102" alignment="0" attributes="0">
<Component id="jButton1" min="-2" max="-2" attributes="0"/>
<EmptySpace pref="128" max="32767" attributes="0"/>
<Component id="saveReport" min="-2" max="-2" attributes="0"/>
</Group>
</Group>
<EmptySpace max="-2" attributes="0"/>
</Group>
</Group>
</DimensionLayout>
<DimensionLayout dim="1">
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="1" attributes="0">
<EmptySpace max="-2" attributes="0"/>
<Component id="jLabel1" pref="26" max="32767" attributes="0"/>
<EmptySpace type="unrelated" max="-2" attributes="0"/>
<Group type="103" groupAlignment="3" attributes="0">
<Component id="jButton1" alignment="3" min="-2" max="-2" attributes="0"/>
<Component id="saveReport" alignment="3" min="-2" max="-2" attributes="0"/>
</Group>
<EmptySpace min="-2" max="-2" attributes="0"/>
</Group>
</Group>
</DimensionLayout>
</Layout>
<SubComponents>
<Component class="javax.swing.JButton" name="jButton1">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportPanel.jButton1.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
</Component>
<Component class="javax.swing.JButton" name="saveReport">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportPanel.saveReport.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="actionCommand" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportPanel.saveReport.actionCommand" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
<Events>
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="saveReportActionPerformed"/>
</Events>
</Component>
<Component class="javax.swing.JLabel" name="jLabel1">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="ReportPanel.jLabel1.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
</Component>
</SubComponents>
</Form>

168
Report/src/org/sleuthkit/autopsy/report/ReportPanel.java Normal file
View File

@ -0,0 +1,168 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.awt.event.ActionListener;
import java.io.*;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
import javax.swing.JFileChooser;
import javax.swing.JOptionPane;
import org.jdom.output.XMLOutputter;
/**
*
* @author Alex
*/
public class ReportPanel extends javax.swing.JPanel {
/**
* Creates new form ReportPanel
*/
public ReportPanel() {
initComponents();
}
/**
* This method is called from within the constructor to initialize the form.
* WARNING: Do NOT modify this code. The content of this method is always
* regenerated by the Form Editor.
*/
@SuppressWarnings("unchecked")
// <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents
private void initComponents() {
jFileChooser1 = new javax.swing.JFileChooser();
jOptionPane1 = new javax.swing.JOptionPane();
jButton1 = new javax.swing.JButton();
saveReport = new javax.swing.JButton();
jLabel1 = new javax.swing.JLabel();
jButton1.setText(org.openide.util.NbBundle.getMessage(ReportPanel.class, "ReportPanel.jButton1.text")); // NOI18N
saveReport.setText(org.openide.util.NbBundle.getMessage(ReportPanel.class, "ReportPanel.saveReport.text")); // NOI18N
saveReport.setActionCommand(org.openide.util.NbBundle.getMessage(ReportPanel.class, "ReportPanel.saveReport.actionCommand")); // NOI18N
saveReport.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
saveReportActionPerformed(evt);
}
});
jLabel1.setText(org.openide.util.NbBundle.getMessage(ReportPanel.class, "ReportPanel.jLabel1.text")); // NOI18N
javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
this.setLayout(layout);
layout.setHorizontalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addContainerGap()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jLabel1, javax.swing.GroupLayout.DEFAULT_SIZE, 300, Short.MAX_VALUE)
.addGroup(layout.createSequentialGroup()
.addComponent(jButton1)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 128, Short.MAX_VALUE)
.addComponent(saveReport)))
.addContainerGap())
);
layout.setVerticalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup()
.addContainerGap()
.addComponent(jLabel1, javax.swing.GroupLayout.DEFAULT_SIZE, 26, Short.MAX_VALUE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(jButton1)
.addComponent(saveReport))
.addContainerGap())
);
getAccessibleContext().setAccessibleName("");
getAccessibleContext().setAccessibleParent(this);
}// </editor-fold>//GEN-END:initComponents
private void saveReportActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_saveReportActionPerformed
saveReportAction();
}//GEN-LAST:event_saveReportActionPerformed
/**
* Sets the listener for the OK button
*
* @param e The action listener
*/
public void setjButton1ActionListener(ActionListener e) {
jButton1.addActionListener(e);
}
public void setFinishedReportText() {
DateFormat dateFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
Date date = new Date();
String reportText = "Report was sucessfully generated at " + dateFormat.format(date) + ".";
jLabel1.setText(reportText);
}
private void saveReportAction() {
int option = jFileChooser1.showSaveDialog(this);
if (option == JFileChooser.APPROVE_OPTION) {
if (jFileChooser1.getSelectedFile() != null) {
String path = jFileChooser1.getSelectedFile().toString();
exportReport(path);
}
}
}
private void exportReport(String path) {
String htmlpath = ReportUtils.changeExtension(path, ".html");
String xmlpath = ReportUtils.changeExtension(path, ".xml");
String xlspath = ReportUtils.changeExtension(path, ".xlsx");
try {
Writer out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(htmlpath), "UTF-8"));
// FileOutputStream out = new FileOutputStream(htmlpath);
out.write(ReportHTML.formatted_Report.toString());
out.flush();
out.close();
//xls report
FileOutputStream fos = new FileOutputStream(xlspath);
ReportXLS.wb.write(fos);
fos.close();
FileOutputStream xmlout = new FileOutputStream(xmlpath);
XMLOutputter serializer = new XMLOutputter();
serializer.output(ReportXML.xmldoc, xmlout);
xmlout.flush();
xmlout.close();
JOptionPane.showMessageDialog(this, "Report has been successfully saved!");
} catch (IOException e) {
System.err.println(e);
}
}
// Variables declaration - do not modify//GEN-BEGIN:variables
private javax.swing.JButton jButton1;
private javax.swing.JFileChooser jFileChooser1;
private javax.swing.JLabel jLabel1;
private javax.swing.JOptionPane jOptionPane1;
private javax.swing.JButton saveReport;
// End of variables declaration//GEN-END:variables
}

163
Report/src/org/sleuthkit/autopsy/report/ReportPanelAction.java Normal file
View File

@ -0,0 +1,163 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.awt.Dimension;
import java.awt.Toolkit;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.swing.JDialog;
import javax.swing.JFrame;
import javax.swing.SwingUtilities;
import org.sleuthkit.autopsy.coreutils.Log;
/**
*
* @author Alex
*/
public class ReportPanelAction {
private static final String ACTION_NAME = "Report Preview";
private StringBuilder viewReport = new StringBuilder();
public ReportPanelAction(){
}
public void reportGenerate(final ReportConfiguration reportconfig, final ReportFilter rr){
try {
//Clear any old reports in the string
viewReport.setLength(0);
// Generate the reports and create the hashmap
final ReportGen report = new ReportGen();
//see what reports we need to run and run them
//Set progress bar to move while doing this
SwingUtilities.invokeLater(new Runnable() {
@Override
public void run() {
rr.progBarStartText();
}});
report.populateReport(reportconfig);
SwingUtilities.invokeLater(new Runnable() {
@Override
public void run() {
rr.progBarCount(2*report.Results.size());
}});
//Turn our results into the appropriate xml/html reports
//TODO: add a way for users to select what they will run when
Thread reportThread = new Thread(new Runnable()
{
@Override
public void run()
{
StopWatch a = new StopWatch();
a.start();
ReportHTML htmlReport = new ReportHTML();
try{
String htmlpath = htmlReport.generateReport(reportconfig, rr);
BrowserControl.openUrl(htmlpath);
}
catch(ReportModuleException e){
Logger.getLogger(ReportHTML.class.getName()).log(Level.WARNING, "Exception occurred in generating the htmlReport", e);
}
a.stop();
System.out.println("html in milliseconds: " + a.getElapsedTime());
StopWatch s = new StopWatch();
s.start();
ReportXLS xlsReport = new ReportXLS();
try{
xlsReport.generateReport(reportconfig,rr);
}
catch(ReportModuleException e){
Logger.getLogger(ReportHTML.class.getName()).log(Level.WARNING, "Exception occurred in generating the XLS Report", e);
}
s.stop();
System.out.println("xls in milliseconds: " + s.getElapsedTime());
StopWatch S = new StopWatch();
S.start();
ReportXML xmlReport = new ReportXML();
try{
xmlReport.generateReport(reportconfig,rr);
}
catch(ReportModuleException e){
Logger.getLogger(ReportHTML.class.getName()).log(Level.WARNING, "Exception occurred in generating the XML Report", e);
}
S.stop();
System.out.println("xml in milliseconds: " + S.getElapsedTime());
}
});
// start our threads
reportThread.start();
// display the window
// create the popUp window for it
if(ReportFilter.cancel == false){
final JFrame frame = new JFrame(ACTION_NAME);
final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal
// initialize panel with loaded settings
//Set the temporary label to let the user know its done and is waiting on the report
rr.progBarText();
final ReportPanel panel = new ReportPanel();
panel.setjButton1ActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
popUpWindow.dispose();
}
});
// add the panel to the popup window
popUpWindow.add(panel);
popUpWindow.setResizable(true);
popUpWindow.pack();
// set the location of the popUp Window on the center of the screen
Dimension screenDimension = Toolkit.getDefaultToolkit().getScreenSize();
double w = popUpWindow.getSize().getWidth();
double h = popUpWindow.getSize().getHeight();
popUpWindow.setLocation((int) ((screenDimension.getWidth() - w) / 2), (int) ((screenDimension.getHeight() - h) / 2));
reportThread.join();
rr.progBarDone();
panel.setFinishedReportText();
popUpWindow.setVisible(true);
}
} catch (Exception ex) {
Log.get(ReportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex);
}
}
}

55
Report/src/org/sleuthkit/autopsy/report/ReportUtils.java Normal file
View File

@ -0,0 +1,55 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
/**
*
* @author Alex
*/
public class ReportUtils {
static String changeExtension(String originalName, String newExtension) {
int lastDot = originalName.lastIndexOf(".");
if (lastDot != -1) {
return originalName.substring(0, lastDot) + newExtension;
} else {
return originalName + newExtension;
}
}
public static String insertPeriodically(String text, String insert, int period) {
StringBuilder builder = new StringBuilder(
text.length() + insert.length() * (text.length() / period) + 1);
int index = 0;
String prefix = "";
while (index < text.length()) {
// Don't put the insert in the very first iteration.
// This is easier than appending it *after* each substring
builder.append(prefix);
prefix = insert;
builder.append(text.substring(index,
Math.min(index + period, text.length())));
index += period;
}
return builder.toString();
}
}

435
Report/src/org/sleuthkit/autopsy/report/ReportXLS.java Normal file
View File

@ -0,0 +1,435 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.File;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Map.Entry;
import java.util.TreeMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.poi.ss.usermodel.*;
import org.apache.poi.xssf.usermodel.XSSFWorkbook;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.*;
/**
*
* @author Alex
*/
public class ReportXLS implements ReportModule {
public static Workbook wb = new XSSFWorkbook();
private static String xlsPath = "";
private ReportConfiguration config;
public ReportXLS() {
//Empty the workbook first
}
@Override
public String generateReport(ReportConfiguration reportconfig, ReportFilter rr) throws ReportModuleException {
config = reportconfig;
ReportGen reportobj = new ReportGen();
reportobj.populateReport(reportconfig);
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> report = reportobj.Results;
Workbook wbtemp = new XSSFWorkbook();
int countGen = 0;
int countBookmark = 0;
int countCookie = 0;
int countHistory = 0;
int countDownload = 0;
int countRecentObjects = 0;
int countTrackPoint = 0;
int countInstalled = 0;
int countKeyword = 0;
int countHash = 0;
int countDevice = 0;
for (Entry<BlackboardArtifact, ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) {
countGen++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) {
countBookmark++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) {
countCookie++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) {
countHistory++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) {
countDownload++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) {
countRecentObjects++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) {
countTrackPoint++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) {
countInstalled++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
countKeyword++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) {
countHash++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) {
countDevice++;
}
}
try {
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
String caseName = currentCase.getName();
Integer imagecount = currentCase.getImageIDs().length;
Integer filesystemcount = currentCase.getRootObjectsCount();
Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG);
Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR);
DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss");
Date date = new Date();
String datetime = datetimeFormat.format(date);
String datenotime = dateFormat.format(date);
//The first summary report page
Sheet sheetSummary = wbtemp.createSheet("Summary");
//Generate a sheet per artifact type
// Sheet sheetGen = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getDisplayName());
Sheet sheetHash = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getDisplayName());
Sheet sheetDevice = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getDisplayName());
Sheet sheetInstalled = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getDisplayName());
Sheet sheetKeyword = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getDisplayName());
// Sheet sheetTrackpoint = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getDisplayName());
Sheet sheetRecent = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getDisplayName());
Sheet sheetCookie = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getDisplayName());
Sheet sheetBookmark = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getDisplayName());
Sheet sheetDownload = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getDisplayName());
Sheet sheetHistory = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getDisplayName());
//Bold/underline cell style for the top header rows
CellStyle style = wbtemp.createCellStyle();
style.setBorderBottom((short) 2);
Font font = wbtemp.createFont();
font.setFontHeightInPoints((short) 14);
font.setFontName("Arial");
font.setBoldweight((short) 2);
style.setFont(font);
//create 'default' style
CellStyle defaultstyle = wbtemp.createCellStyle();
defaultstyle.setBorderBottom((short) 2);
Font defaultfont = wbtemp.createFont();
defaultfont.setFontHeightInPoints((short) 14);
defaultfont.setFontName("Arial");
defaultfont.setBoldweight((short) 2);
defaultstyle.setFont(defaultfont);
//create the rows in the worksheet for our records
//Create first row and header
// sheetGen.createRow(0);
// sheetGen.getRow(0).createCell(0).setCellValue("Name");
// sheetGen.getRow(0).createCell(1).setCellValue("Value");
// sheetGen.getRow(0).createCell(2).setCellValue("Date/Time");
sheetSummary.setDefaultColumnStyle(1, defaultstyle);
sheetSummary.createRow(0).setRowStyle(style);
sheetSummary.getRow(0).createCell(0).setCellValue("Summary Information");
sheetSummary.getRow(0).createCell(1).setCellValue(caseName);
//add some basic information
sheetSummary.createRow(1).setRowStyle(defaultstyle);
sheetSummary.getRow(1).createCell(0).setCellValue("# of Images");
sheetSummary.getRow(1).createCell(1).setCellValue(imagecount);
sheetSummary.createRow(2);
sheetSummary.getRow(2).createCell(0).setCellValue("Filesystems found");
sheetSummary.getRow(2).createCell(1).setCellValue(imagecount);
sheetSummary.createRow(3);
sheetSummary.getRow(3).createCell(0).setCellValue("# of Files");
sheetSummary.getRow(3).createCell(1).setCellValue(totalfiles);
sheetSummary.createRow(4);
sheetSummary.getRow(4).createCell(0).setCellValue("# of Directories");
sheetSummary.getRow(4).createCell(1).setCellValue(totaldirs);
sheetSummary.createRow(5);
sheetSummary.getRow(5).createCell(0).setCellValue("Date/Time");
sheetSummary.getRow(5).createCell(1).setCellValue(datetime);
sheetHash.setDefaultColumnStyle(1, defaultstyle);
sheetHash.createRow(0).setRowStyle(style);
sheetHash.getRow(0).createCell(0).setCellValue("Name");
sheetHash.getRow(0).createCell(1).setCellValue("Size");
sheetHash.getRow(0).createCell(2).setCellValue("Hashset Name");
sheetDevice.setDefaultColumnStyle(1, defaultstyle);
sheetDevice.createRow(0).setRowStyle(style);
sheetDevice.getRow(0).createCell(0).setCellValue("Name");
sheetDevice.getRow(0).createCell(1).setCellValue("Serial #");
sheetDevice.getRow(0).createCell(2).setCellValue("Time");
sheetInstalled.setDefaultColumnStyle(1, defaultstyle);
sheetInstalled.createRow(0).setRowStyle(style);
sheetInstalled.getRow(0).createCell(0).setCellValue("Program Name");
sheetInstalled.getRow(0).createCell(1).setCellValue("Install Date/Time");
sheetKeyword.setDefaultColumnStyle(1, defaultstyle);
sheetKeyword.createRow(0).setRowStyle(style);
sheetKeyword.getRow(0).createCell(0).setCellValue("Keyword");
sheetKeyword.getRow(0).createCell(1).setCellValue("File Name");
sheetKeyword.getRow(0).createCell(2).setCellValue("Preview");
sheetKeyword.getRow(0).createCell(3).setCellValue("Keyword LIst");
sheetRecent.setDefaultColumnStyle(1, defaultstyle);
sheetRecent.createRow(0).setRowStyle(style);
sheetRecent.getRow(0).createCell(0).setCellValue("Name");
sheetRecent.getRow(0).createCell(1).setCellValue("Path");
sheetRecent.getRow(0).createCell(2).setCellValue("Related Shortcut");
sheetCookie.setDefaultColumnStyle(1, defaultstyle);
sheetCookie.createRow(0).setRowStyle(style);
sheetCookie.getRow(0).createCell(0).setCellValue("URL");
sheetCookie.getRow(0).createCell(1).setCellValue("Date");
sheetCookie.getRow(0).createCell(2).setCellValue("Name");
sheetCookie.getRow(0).createCell(3).setCellValue("Value");
sheetCookie.getRow(0).createCell(4).setCellValue("Program");
sheetBookmark.setDefaultColumnStyle(1, defaultstyle);
sheetBookmark.createRow(0).setRowStyle(style);
sheetBookmark.getRow(0).createCell(0).setCellValue("URL");
sheetBookmark.getRow(0).createCell(1).setCellValue("Title");
sheetBookmark.getRow(0).createCell(2).setCellValue("Program");
sheetDownload.setDefaultColumnStyle(1, defaultstyle);
sheetDownload.createRow(0).setRowStyle(style);
sheetDownload.getRow(0).createCell(0).setCellValue("File");
sheetDownload.getRow(0).createCell(1).setCellValue("Source");
sheetDownload.getRow(0).createCell(2).setCellValue("Time");
sheetDownload.getRow(0).createCell(3).setCellValue("Program");
sheetHistory.setDefaultColumnStyle(1, defaultstyle);
sheetHistory.createRow(0).setRowStyle(style);
sheetHistory.getRow(0).createCell(0).setCellValue("URL");
sheetHistory.getRow(0).createCell(1).setCellValue("Date");
sheetHistory.getRow(0).createCell(2).setCellValue("Referrer");
sheetHistory.getRow(0).createCell(3).setCellValue("Title");
sheetHistory.getRow(0).createCell(4).setCellValue("Program");
for (int i = 0; i < wbtemp.getNumberOfSheets(); i++) {
Sheet tempsheet = wbtemp.getSheetAt(i);
tempsheet.setAutobreaks(true);
for (Row temprow : tempsheet) {
for (Cell cell : temprow) {
cell.setCellStyle(style);
tempsheet.autoSizeColumn(cell.getColumnIndex());
}
}
}
int countedGen = 0;
int countedBookmark = 0;
int countedCookie = 0;
int countedHistory = 0;
int countedDownload = 0;
int countedRecentObjects = 0;
int countedTrackPoint = 0;
int countedInstalled = 0;
int countedKeyword = 0;
int countedHash = 0;
int countedDevice = 0;
//start populating the sheets in the workbook
for (Entry<BlackboardArtifact, ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if (ReportFilter.cancel == true) {
break;
}
int cc = 0;
Long objId = entry.getKey().getObjectID();
FsContent file = skCase.getFsContentById(objId);
Long filesize = file.getSize();
TreeMap<Integer, String> attributes = new TreeMap<Integer, String>();
// Get all the attributes, line them up to be added. Place empty string placeholders for each attribute type
int n;
for (n = 1; n <= 36; n++) {
attributes.put(n, "");
}
for (BlackboardAttribute tempatt : entry.getValue()) {
if (ReportFilter.cancel == true) {
break;
}
String value = "";
int type = tempatt.getAttributeTypeID();
if (tempatt.getValueString() == null || "null".equals(tempatt.getValueString())) {
} else if (type == 2 || type == 33) {
value = new java.text.SimpleDateFormat("MM/dd/yyyy HH:mm:ss").format(new java.util.Date((tempatt.getValueLong()) * 1000));
} else {
value = tempatt.getValueString();
}
attributes.put(type, value);
cc++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) {
countedGen++;
// Row temp = sheetGen.getRow(countedGen);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) {
countedBookmark++;
Row temp = sheetBookmark.createRow(countedBookmark);
temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID()));
temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID()));
temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) {
countedCookie++;
Row temp = sheetCookie.createRow(countedCookie);
temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID()));
temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID()));
temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID()));
temp.createCell(3).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID()));
temp.createCell(4).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) {
countedHistory++;
Row temp = sheetHistory.createRow(countedHistory);
temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID()));
temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID()));
temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID()));
temp.createCell(3).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID()));
temp.createCell(4).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) {
countedDownload++;
Row temp = sheetDownload.createRow(countedDownload);
temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH.getTypeID()));
temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL.getTypeID()));
temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID()));
temp.createCell(3).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) {
countedRecentObjects++;
Row temp = sheetRecent.createRow(countedRecentObjects);
temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID()));
temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH.getTypeID()));
temp.createCell(2).setCellValue(file.getName());
temp.createCell(3).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) {
// sheetTrackpoint.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) {
countedInstalled++;
Row temp = sheetInstalled.createRow(countedInstalled);
temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID()));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
countedKeyword++;
Row temp = sheetKeyword.createRow(countedKeyword);
temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD.getTypeID()));
temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID()));
temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW.getTypeID()));
temp.createCell(3).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_SET.getTypeID()));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) {
countedHash++;
Row temp = sheetHash.createRow(countedHash);
temp.createCell(0).setCellValue(file.getName().toString());
temp.createCell(1).setCellValue(filesize.toString());
temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_HASHSET_NAME.getTypeID()));
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) {
countedDevice++;
Row temp = sheetDevice.createRow(countedDevice);
temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID()));
temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_ID.getTypeID()));
temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID()));
}
cc++;
rr.progBarSet(cc);
}
//write out the report to the reports folder, set the wbtemp to the primary wb object
wb = wbtemp;
xlsPath = currentCase.getCaseDirectory() + File.separator + "Reports" + File.separator + caseName + "-" + datenotime + ".xlsx";
this.save(xlsPath);
} catch (Exception E) {
String test = E.toString();
}
return xlsPath;
}
@Override
public void save(String path)
{
try{
FileOutputStream fos = new FileOutputStream(path);
wb.write(fos);
fos.close();
}
catch(IOException e){
Logger.getLogger(ReportHTML.class.getName()).log(Level.SEVERE, "Could not write out XLS report!", e);
}
}
@Override
public String getReportType(){
String type = "XLS";
return type;
}
@Override
public ReportConfiguration GetReportConfiguration(){
return config;
}
@Override
public String getReportTypeDescription(){
String desc = "This is an xls formatted report that is meant to be viewed in Excel.";
return desc;
}
@Override
public String generateReport() throws ReportModuleException {
throw new UnsupportedOperationException("Not supported yet.");
}
}

259
Report/src/org/sleuthkit/autopsy/report/ReportXML.java Normal file
View File

@ -0,0 +1,259 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
import java.io.FileOutputStream;
import java.io.File;
import java.io.IOException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Map.Entry;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringEscapeUtils;
import org.jdom.Comment;
import org.jdom.Document;
import org.jdom.Element;
import org.jdom.output.XMLOutputter;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.datamodel.*;
public class ReportXML implements ReportModule {
public static Document xmldoc = new Document();
private ReportConfiguration reportconfig;
private String xmlPath;
public ReportXML() {
}
@Override
public String generateReport(ReportConfiguration reportconfig, ReportFilter rr) throws ReportModuleException{
ReportGen reportobj = new ReportGen();
reportobj.populateReport(reportconfig);
HashMap<BlackboardArtifact, ArrayList<BlackboardAttribute>> report = reportobj.Results;
try {
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
String caseName = currentCase.getName();
Integer imagecount = currentCase.getImageIDs().length;
Integer filesystemcount = currentCase.getRootObjectsCount();
Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG);
Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR);
Element root = new Element("Case");
xmldoc = new Document(root);
DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss");
Date date = new Date();
String datetime = datetimeFormat.format(date);
String datenotime = dateFormat.format(date);
Comment comment = new Comment("XML Report Generated by Autopsy 3 on " + datetime);
root.addContent(comment);
//Create summary node involving how many of each type
Element summary = new Element("Summary");
if (IngestManager.getDefault().isIngestRunning()) {
summary.addContent(new Element("Warning").setText("Report was run before ingest services completed!"));
}
summary.addContent(new Element("Name").setText(caseName));
summary.addContent(new Element("Total-Images").setText(imagecount.toString()));
summary.addContent(new Element("Total-FileSystems").setText(filesystemcount.toString()));
summary.addContent(new Element("Total-Files").setText(totalfiles.toString()));
summary.addContent(new Element("Total-Directories").setText(totaldirs.toString()));
root.addContent(summary);
//generate the nodes for each of the types so we can use them later
Element nodeGen = new Element("General-Information");
Element nodeWebBookmark = new Element("Web-Bookmarks");
Element nodeWebCookie = new Element("Web-Cookies");
Element nodeWebHistory = new Element("Web-History");
Element nodeWebDownload = new Element("Web-Downloads");
Element nodeRecentObjects = new Element("Recent-Documents");
Element nodeTrackPoint = new Element("Track-Points");
Element nodeInstalled = new Element("Installed-Programfiles");
Element nodeKeyword = new Element("Keyword-Search-Hits");
Element nodeHash = new Element("Hashset-Hits");
Element nodeDevice = new Element("Attached-Devices");
//remove bytes
Pattern INVALID_XML_CHARS = Pattern.compile("[^\\u0009\\u000A\\u000D\\u0020-\\uD7FF\\uE000-\\uFFFD\uD800\uDC00-\uDBFF\uDFFF]");
for (Entry<BlackboardArtifact, ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if (ReportFilter.cancel == true) {
break;
}
int cc = 0;
Element artifact = new Element("Artifact");
Long objId = entry.getKey().getObjectID();
Content cont = skCase.getContentById(objId);
Long filesize = cont.getSize();
artifact.setAttribute("ID", objId.toString());
artifact.setAttribute("Name", cont.accept(new NameVisitor()));
artifact.setAttribute("Size", filesize.toString());
// Get all the attributes for this guy
for (BlackboardAttribute tempatt : entry.getValue()) {
if (ReportFilter.cancel == true) {
break;
}
Element attribute = new Element("Attribute").setAttribute("Type", tempatt.getAttributeTypeDisplayName());
String tempvalue = tempatt.getValueString();
//INVALID_XML_CHARS.matcher(tempvalue).replaceAll("");
Element value = new Element("Value").setText(tempvalue);
attribute.addContent(value);
Element context = new Element("Context").setText(StringEscapeUtils.escapeXml(tempatt.getContext()));
attribute.addContent(context);
artifact.addContent(attribute);
cc++;
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) {
//while (entry.getValue().iterator().hasNext())
// {
// }
nodeGen.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) {
nodeWebBookmark.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) {
nodeWebCookie.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) {
nodeWebHistory.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) {
nodeWebDownload.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) {
nodeRecentObjects.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) {
nodeTrackPoint.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) {
nodeInstalled.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
nodeKeyword.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) {
nodeHash.addContent(artifact);
}
if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) {
nodeDevice.addContent(artifact);
}
cc++;
rr.progBarSet(cc);
//end of master loop
}
//add them in the order we want them to the document
root.addContent(nodeGen);
root.addContent(nodeWebBookmark);
root.addContent(nodeWebCookie);
root.addContent(nodeWebHistory);
root.addContent(nodeWebDownload);
root.addContent(nodeRecentObjects);
root.addContent(nodeTrackPoint);
root.addContent(nodeInstalled);
root.addContent(nodeKeyword);
root.addContent(nodeHash);
root.addContent(nodeDevice);
//Export it the first time
xmlPath = currentCase.getCaseDirectory() + File.separator + "Reports" + File.separator + caseName + "-" + datenotime + ".xml";
this.save(xmlPath);
} catch (Exception e) {
Logger.getLogger(ReportXML.class.getName()).log(Level.WARNING, "Exception occurred", e);
}
return xmlPath;
}
@Override
public void save(String path) {
try {
FileOutputStream out = new FileOutputStream(path);
XMLOutputter serializer = new XMLOutputter();
serializer.output(xmldoc, out);
out.flush();
out.close();
} catch (IOException e) {
System.err.println(e);
}
}
@Override
public String getReportType() {
String type = "XML";
return type;
}
@Override
public ReportConfiguration GetReportConfiguration() {
ReportConfiguration config = reportconfig;
return config;
}
@Override
public String getReportTypeDescription() {
String desc = "This is an html formatted report that is meant to be viewed in a modern browser.";
return desc;
}
@Override
public String generateReport() throws ReportModuleException {
throw new UnsupportedOperationException("Not supported yet.");
}
private class NameVisitor extends ContentVisitor.Default<String> {
@Override
protected String defaultVisit(Content cntnt) {
throw new UnsupportedOperationException("Not supported for " + cntnt.toString());
}
@Override
public String visit(Directory dir) {
return dir.getName();
}
@Override
public String visit(Image img) {
return img.getName();
}
public String visit(File fil) {
return fil.getName();
}
}
}

60
Report/src/org/sleuthkit/autopsy/report/StopWatch.java Normal file
View File

@ -0,0 +1,60 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.sleuthkit.autopsy.report;
/**
*
* @author Alex
*/
public class StopWatch {
private long startTime = 0;
private long stopTime = 0;
private boolean running = false;
public void start() {
this.startTime = System.currentTimeMillis();
this.running = true;
}
public void stop() {
this.stopTime = System.currentTimeMillis();
this.running = false;
}
//elaspsed time in milliseconds
public long getElapsedTime() {
long elapsed;
if (running) {
elapsed = (System.currentTimeMillis() - startTime);
}
else {
elapsed = (stopTime - startTime);
}
return elapsed;
}
public void reset(){
startTime = 0;
stopTime = 0;
running = false;
}
//elaspsed time in seconds
public long getElapsedTimeSecs() {
long elapsed;
if (running) {
elapsed = ((System.currentTimeMillis() - startTime) / 1000);
}
else {
elapsed = ((stopTime - startTime) / 1000);
}
return elapsed;
}
}

BIN
Report/src/org/sleuthkit/autopsy/report/btn_icon_generate_report.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.6 KiB

23
Report/src/org/sleuthkit/autopsy/report/layer.xml Normal file
View File

@ -0,0 +1,23 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE filesystem PUBLIC "-//NetBeans//DTD Filesystem 1.2//EN" "http://www.netbeans.org/dtds/filesystem-1_2.dtd">
<filesystem>
<folder name="Actions">
<folder name="Tools">
<file name="org-sleuthkit-autopsy-report-ReportAction.instance"/>
<file name="org-sleuthkit-autopsy-report-ReportAction.instance_hidden"/>
<file name="org-sleuthkit-autopsy-report-reportAction.instance_hidden"/>
</folder>
</folder>
<folder name="Services"/>
<folder name="Toolbars">
<folder name="File">
<file name="org-sleuthkit-autopsy-report-reportAction.shadow">
<attr name="displayName" bundlevalue="org.sleuthkit.autopsy.report.Bundle#Toolbars/Reports/org-sleuthkit-autopsy-report-reportAction.shadow"/>
<attr name="originalFile" stringvalue="Actions/Tools/org-sleuthkit-autopsy-report-ReportAction.instance"/>
<attr name="position" intvalue="650"/>
</file>
</folder>
</folder>
</filesystem>