mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 10:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:sleuthkit/autopsy

Browse Source
This commit is contained in:
Dick Fickling 2012-03-11 14:14:05 -04:00
commit cfa50c4f51
15 changed files with 443 additions and 183 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
View File

@ -79,11 +79,11 @@ public class Chrome {
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","Chrome",temprs.getString("url")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Chrome",temprs.getString("last_visit_time")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),"RecentActivity","Chrome",temprs.getString("from_visit")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),"RecentActivity","Chrome",((temprs.getString("title") != null) ? temprs.getString("title") : "No Title")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","Chrome","Chrome"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","",temprs.getString("url")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Accessed",temprs.getString("last_visit_time")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),"RecentActivity","",temprs.getString("from_visit")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),"RecentActivity","",((temprs.getString("title") != null) ? temprs.getString("title") : "No Title")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome"));
bbart.addAttributes(bbattributes);
}
@ -141,11 +141,11 @@ public class Chrome {
{
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "Chrome", temprs.getString("host")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(),"RecentActivity", "Chrome",temprs.getString("access_utc")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(),"RecentActivity", "Chrome",temprs.getString("value")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","Chrome",((temprs.getString("name") != null) ? temprs.getString("name") : "No name")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","Chrome","Chrome"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(),"RecentActivity", "Last Visited",temprs.getString("access_utc")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(),"RecentActivity", "",temprs.getString("value")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","Title",((temprs.getString("name") != null) ? temprs.getString("name") : "No name")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome"));
bbart.addAttributes(bbattributes);
}
tempdbconnect.closeConnection();
@ -201,10 +201,10 @@ public class Chrome {
{
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Chrome",temprs.getString("last_visit_time")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","Chrome",((temprs.getString("url") != null) ? temprs.getString("url") : "No URL")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","Chrome", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "No Title")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","Chrome","Chrome"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getString("last_visit_time")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",((temprs.getString("url") != null) ? temprs.getString("url") : "No URL")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "No Title")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome"));
bbart.addAttributes(bbattributes);
}

17
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -245,26 +245,29 @@ public class ExtractIE { // implements BrowserActivity {
if(url.length > 1)
{
user = url[0];
user = user.replace("Visited:", "");
user = user.replace(":(.*?):", "");
user = user.replace(":Host:", "");
realurl = url[1];
realurl = realurl.replace("Visited:", "");
realurl = realurl.replace(":.*:", "");
realurl = realurl.replace(":(.*?):", "");
realurl = realurl.replace(":Host:", "");
}
// TODO: Need to fix this so we have the right obj_id
BlackboardArtifact bbart = tempDb.getContentById(artObjId).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "Internet Explorer", realurl));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", realurl));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Internet Explorer", lineBuff[3]));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "", lineBuff[3]));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), "RecentActivity", "Internet Explorer", "No Ref"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), "RecentActivity", "", "None"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "Internet Explorer", lineBuff[2]));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "", lineBuff[2]));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","Internet Explorer","Internet Explorer"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Internet Explorer"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USERNAME.getTypeID(),"RecentActivity","Internet Explorer",user));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USERNAME.getTypeID(),"RecentActivity","",user));
bbart.addAttributes(bbattributes);
//KeyValueThing

20
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -20,6 +20,7 @@ import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.SleuthkitCase;
@ -55,6 +56,8 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
while (j < Regfiles.size())
{
boolean Success;
Content orgFS = Regfiles.get(j);
long orgId = orgFS.getId();
String temps = currentCase.getTempDirectory() + "\\" + Regfiles.get(j).getName().toString();
ContentUtils.writeToFile(Regfiles.get(j), new File(currentCase.getTempDirectory() + "\\" + Regfiles.get(j).getName()));
File regFile = new File(temps);
@ -62,7 +65,7 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
String txtPath = executeRegRip(temps, j);
if(txtPath.length() > 0)
{
Success = parseReg(txtPath);
Success = parseReg(txtPath,orgId);
}
else
{
@ -102,6 +105,10 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
try
{
String rrpath = System.getProperty("user.dir");
rrpath = rrpath.substring(0, rrpath.length()-14);
rrpath = rrpath + "thirdparty\\rr\\";
if(regFilePath.toLowerCase().contains("system"))
{
type = "system";
@ -126,13 +133,8 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
{
type = "security";
}
String rrpath = System.getProperty("user.dir");
rrpath = rrpath.substring(0, rrpath.length()-14);
rrpath = rrpath + "thirdparty\\rr\\";
String command = rrpath + "rip.exe -r " + regFilePath +" -f " + type + " >> " + txtPath;
String command = rrpath + "rip.exe -r " + regFilePath +" -f " + type + " >> " + txtPath;
JavaSystemCaller.Exec.execute(command);
@ -147,7 +149,7 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
}
private boolean parseReg(String regRecord)
private boolean parseReg(String regRecord, long orgId)
{
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
@ -163,7 +165,7 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
}
else
{
BlackboardArtifact bbart = tempDb.getRootObjects().get(0).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT);
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT);
if(tempresult.contains("Username"))
{
Pattern p = Pattern.compile("Username\\[.*?\\]");

30
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -28,7 +28,7 @@ import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
*/
public class Firefox {
private static final String ffquery = "SELECT moz_historyvisits.id,url,title,visit_count, datetime(moz_historyvisits.visit_date/1000000,'unixepoch','localtime') as visit_date,from_visit FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND hidden = 0";
private static final String ffquery = "SELECT moz_historyvisits.id,url,title,visit_count,datetime(moz_historyvisits.visit_date/1000000,'unixepoch','localtime') as visit_date,from_visit,(SELECT url FROM moz_places WHERE id=moz_historyvisits.from_visit) as ref FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND hidden = 0";
private static final String ffcookiequery = "SELECT name,value,host,expiry,datetime(moz_cookies.lastAccessed/1000000,'unixepoch','localtime') as lastAccessed,creationTime FROM moz_cookies";
private static final String ffbookmarkquery = "SELECT fk, moz_bookmarks.title, url FROM moz_bookmarks INNER JOIN moz_places ON moz_bookmarks.fk=moz_places.id";
@ -83,14 +83,14 @@ public class Firefox {
dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString);
ResultSet temprs = tempdbconnect.executeQry(ffquery);
while(temprs.next())
{
{
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","FireFox",temprs.getString("url")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","FireFox",temprs.getString("visit_date")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),"RecentActivity","FireFox",temprs.getString("from_visit")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),"RecentActivity","FireFox",((temprs.getString("title") != null) ? temprs.getString("title") : "No Title")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","FireFox","FireFox"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","",temprs.getString("url")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getString("visit_date")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),"RecentActivity","",temprs.getString("ref")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),"RecentActivity","",((temprs.getString("title") != null) ? temprs.getString("title") : "No Title")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox"));
bbart.addAttributes(bbattributes);
}
@ -100,9 +100,9 @@ public class Firefox {
{
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","FireFox",((temprs.getString("url") != null) ? temprs.getString("url") : "No URL")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","FireFox", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "No Title")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","FireFox","FireFox"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","",((temprs.getString("url") != null) ? temprs.getString("url") : "No URL")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "No Title")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox"));
bbart.addAttributes(bbattributes);
}
tempbm.close();
@ -165,11 +165,11 @@ public class Firefox {
{
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "FireFox", temprs.getString("host")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "FireFox", temprs.getString("lastAccessed")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(), "RecentActivity", "FireFox", temprs.getString("value")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","FireFox",((temprs.getString("name") != null) ? temprs.getString("name") : "No name")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","FireFox","FireFox"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Last Visited", temprs.getString("lastAccessed")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(), "RecentActivity", "", temprs.getString("value")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","Title",((temprs.getString("name") != null) ? temprs.getString("name") : "No name")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox"));
bbart.addAttributes(bbattributes);
}

7
Report/src/org/sleuthkit/autopsy/report/Bundle.properties
View File

@ -8,3 +8,10 @@ reportFilter.jButton1.text=Generate Report
Toolbars/Reports/org-sleuthkit-autopsy-report-reportAction.shadow=Reports
reportPanel.jEditorPane1.contentType=text/html
reportPanel.jButton1.text=Close
reportFilter.cancelButton.text=Cancel
reportFilter.cancelButton.actionCommand=
reportFilter.jButton2.actionCommand=
reportFilter.jButton2.label=
reportFilter.jButton2.text=
reportPanel.saveReport.actionCommand=
reportPanel.saveReport.text=Save Report

25
Report/src/org/sleuthkit/autopsy/report/reportAction.java
View File

@ -9,12 +9,12 @@ import java.awt.Dimension;
import java.awt.Toolkit;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import java.util.List;
import java.util.logging.Level;
import javax.swing.JButton;
import javax.swing.JDialog;
import javax.swing.JFrame;
import javax.swing.SwingWorker;
import org.openide.awt.ActionRegistration;
import org.openide.awt.ActionReference;
import org.openide.awt.ActionReferences;
@ -23,7 +23,6 @@ import org.openide.util.HelpCtx;
import org.openide.util.NbBundle.Messages;
import org.openide.util.actions.CallableSystemAction;
import org.openide.util.actions.Presenter;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.coreutils.Log;
@ActionID(category = "Tools",
@ -39,17 +38,6 @@ public final class reportAction extends CallableSystemAction implements Presente
private static final String ACTION_NAME = "Report Filter";
public reportAction() {
setEnabled(false);
Case.addPropertyChangeListener(new PropertyChangeListener() {
@Override
public void propertyChange(PropertyChangeEvent evt) {
if(evt.getPropertyName().equals(Case.CASE_CURRENT_CASE)){
setEnabled(evt.getNewValue() != null);
}
}
});
// set action of the toolbar button
toolbarButton.addActionListener(new ActionListener() {
@ -70,14 +58,14 @@ public final class reportAction extends CallableSystemAction implements Presente
final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal
// initialize panel with loaded settings
final reportFilter panel = new reportFilter();
panel.setjButton1ActionListener(new ActionListener() {
final reportFilter panel = new reportFilter();
panel.setjButton2ActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
popUpWindow.dispose();
popUpWindow.dispose();
}
});
// add the panel to the popup window
popUpWindow.add(panel);
popUpWindow.pack();
@ -91,7 +79,6 @@ public final class reportAction extends CallableSystemAction implements Presente
// display the window
popUpWindow.setVisible(true);
// add the command to close the window to the button on the Case Properties form / panel

65
Report/src/org/sleuthkit/autopsy/report/reportFilter.form
View File

@ -1,6 +1,21 @@
<?xml version="1.1" encoding="UTF-8" ?>
<Form version="1.5" maxVersion="1.7" type="org.netbeans.modules.form.forminfo.JPanelFormInfo">
<NonVisualComponents>
<Component class="javax.swing.JButton" name="jButton2">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportFilter.jButton2.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="actionCommand" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportFilter.jButton2.actionCommand" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="label" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportFilter.jButton2.label" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
</Component>
</NonVisualComponents>
<AuxValues>
<AuxValue name="FormSettings_autoResourcing" type="java.lang.Integer" value="1"/>
<AuxValue name="FormSettings_autoSetComponentName" type="java.lang.Boolean" value="false"/>
@ -26,21 +41,25 @@
<Group type="103" groupAlignment="0" attributes="0">
<Component id="jCheckBox2" alignment="0" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox1" alignment="0" min="-2" max="-2" attributes="0"/>
<Component id="cancelButton" min="-2" max="-2" attributes="0"/>
</Group>
<EmptySpace min="-2" pref="27" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Component id="jCheckBox4" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox5" alignment="0" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox5" min="-2" max="-2" attributes="0"/>
<Group type="103" alignment="0" groupAlignment="0" attributes="0">
<Component id="jCheckBox4" min="-2" max="-2" attributes="0"/>
<Component id="progBar" alignment="1" min="-2" pref="188" max="-2" attributes="0"/>
</Group>
</Group>
</Group>
</Group>
</Group>
<Group type="102" alignment="0" attributes="0">
<EmptySpace min="-2" pref="110" max="-2" attributes="0"/>
<EmptySpace min="-2" pref="106" max="-2" attributes="0"/>
<Component id="jButton1" min="-2" max="-2" attributes="0"/>
</Group>
</Group>
<EmptySpace pref="58" max="32767" attributes="0"/>
<EmptySpace pref="108" max="32767" attributes="0"/>
</Group>
</Group>
</DimensionLayout>
@ -54,14 +73,21 @@
</Group>
<EmptySpace type="separate" max="-2" attributes="0"/>
<Group type="103" groupAlignment="3" attributes="0">
<Component id="jCheckBox5" alignment="3" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox2" alignment="3" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox5" alignment="3" min="-2" max="-2" attributes="0"/>
</Group>
<EmptySpace type="separate" max="-2" attributes="0"/>
<Component id="jCheckBox3" min="-2" max="-2" attributes="0"/>
<EmptySpace pref="34" max="32767" attributes="0"/>
<Component id="jButton1" min="-2" max="-2" attributes="0"/>
<EmptySpace min="-2" pref="31" max="-2" attributes="0"/>
<EmptySpace type="separate" max="-2" attributes="0"/>
<Group type="103" groupAlignment="1" attributes="0">
<Group type="102" attributes="0">
<Component id="jButton1" min="-2" max="-2" attributes="0"/>
<EmptySpace type="unrelated" max="-2" attributes="0"/>
<Component id="progBar" pref="25" max="32767" attributes="0"/>
</Group>
<Component id="cancelButton" min="-2" max="-2" attributes="0"/>
</Group>
<EmptySpace max="-2" attributes="0"/>
</Group>
</Group>
</DimensionLayout>
@ -117,11 +143,32 @@
</Property>
</Properties>
<Events>
<EventHandler event="mouseReleased" listener="java.awt.event.MouseListener" parameters="java.awt.event.MouseEvent" handler="jButton1MouseReleased"/>
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="jButton1ActionPerformed"/>
</Events>
<AuxValues>
<AuxValue name="JavaCodeGenerator_SerializeTo" type="java.lang.String" value="reportFilter_jButton1"/>
</AuxValues>
</Component>
<Component class="javax.swing.JProgressBar" name="progBar">
<Properties>
<Property name="enabled" type="boolean" value="false"/>
<Property name="name" type="java.lang.String" value="" noResource="true"/>
</Properties>
</Component>
<Component class="javax.swing.JButton" name="cancelButton">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportFilter.cancelButton.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="actionCommand" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportFilter.cancelButton.actionCommand" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="enabled" type="boolean" value="false"/>
</Properties>
<Events>
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="cancelButtonActionPerformed"/>
</Events>
</Component>
</SubComponents>
</Form>

140
Report/src/org/sleuthkit/autopsy/report/reportFilter.java
View File

@ -11,15 +11,27 @@
package org.sleuthkit.autopsy.report;
import java.awt.event.ActionListener;
import java.util.ArrayList;
import javax.swing.SwingUtilities;
import javax.swing.SwingWorker;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskException;
/**
*
* @author Alex
*/
public class reportFilter extends javax.swing.JPanel {
public ArrayList<Integer> filters = new ArrayList();
public static ArrayList<Integer> filters = new ArrayList();
public final reportFilter panel = this;
reportPanelAction rpa = new reportPanelAction();
public static boolean cancel = false;
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
/** Creates new form reportFilter */
public reportFilter() {
public reportFilter() {
initComponents();
cancel = false;
}
/** This method is called from within the constructor to
@ -31,12 +43,19 @@ public class reportFilter extends javax.swing.JPanel {
// <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents
private void initComponents() {
jButton2 = new javax.swing.JButton();
jCheckBox1 = new javax.swing.JCheckBox();
jCheckBox2 = new javax.swing.JCheckBox();
jCheckBox3 = new javax.swing.JCheckBox();
jCheckBox4 = new javax.swing.JCheckBox();
jCheckBox5 = new javax.swing.JCheckBox();
jButton1 = new javax.swing.JButton();
progBar = new javax.swing.JProgressBar();
cancelButton = new javax.swing.JButton();
jButton2.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jButton2.text")); // NOI18N
jButton2.setActionCommand(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jButton2.actionCommand")); // NOI18N
jButton2.setLabel(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jButton2.label")); // NOI18N
jCheckBox1.setSelected(true);
jCheckBox1.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jCheckBox1.text")); // NOI18N
@ -59,12 +78,29 @@ public class reportFilter extends javax.swing.JPanel {
jCheckBox5.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jCheckBox5.text")); // NOI18N
jButton1.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jButton1.text")); // NOI18N
jButton1.addMouseListener(new java.awt.event.MouseAdapter() {
public void mouseReleased(java.awt.event.MouseEvent evt) {
jButton1MouseReleased(evt);
}
});
jButton1.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
jButton1ActionPerformed(evt);
}
});
progBar.setEnabled(false);
progBar.setName(""); // NOI18N
cancelButton.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.cancelButton.text")); // NOI18N
cancelButton.setActionCommand(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.cancelButton.actionCommand")); // NOI18N
cancelButton.setEnabled(false);
cancelButton.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
cancelButtonActionPerformed(evt);
}
});
javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
this.setLayout(layout);
layout.setHorizontalGroup(
@ -78,15 +114,18 @@ public class reportFilter extends javax.swing.JPanel {
.addGroup(layout.createSequentialGroup()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jCheckBox2)
.addComponent(jCheckBox1))
.addGap(27, 27, 27)
.addComponent(jCheckBox1)
.addComponent(cancelButton))
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jCheckBox4)
.addComponent(jCheckBox5)))))
.addComponent(jCheckBox5)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jCheckBox4)
.addComponent(progBar, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.PREFERRED_SIZE, 188, javax.swing.GroupLayout.PREFERRED_SIZE))))))
.addGroup(layout.createSequentialGroup()
.addGap(110, 110, 110)
.addGap(106, 106, 106)
.addComponent(jButton1)))
.addContainerGap(58, Short.MAX_VALUE))
.addContainerGap(108, Short.MAX_VALUE))
);
layout.setVerticalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
@ -97,13 +136,18 @@ public class reportFilter extends javax.swing.JPanel {
.addComponent(jCheckBox4))
.addGap(18, 18, 18)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(jCheckBox5)
.addComponent(jCheckBox2))
.addComponent(jCheckBox2)
.addComponent(jCheckBox5))
.addGap(18, 18, 18)
.addComponent(jCheckBox3)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 34, Short.MAX_VALUE)
.addComponent(jButton1)
.addGap(31, 31, 31))
.addGap(18, 18, 18)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING)
.addGroup(layout.createSequentialGroup()
.addComponent(jButton1)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addComponent(progBar, javax.swing.GroupLayout.DEFAULT_SIZE, 25, Short.MAX_VALUE))
.addComponent(cancelButton))
.addContainerGap())
);
}// </editor-fold>//GEN-END:initComponents
@ -111,7 +155,18 @@ private void jCheckBox1ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FI
}//GEN-LAST:event_jCheckBox1ActionPerformed
public void getfilters(java.awt.event.ActionEvent evt)
{
jButton1ActionPerformed(evt);
}
private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButton1ActionPerformed
jButton1.setEnabled(false);
progBar.setEnabled(true);
cancelButton.setEnabled(true);
progBar.setStringPainted(true);
progBar.setValue(0);
filters.clear();
if(jCheckBox1.isSelected())
{
@ -137,19 +192,74 @@ private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRS
filters.add(6);
filters.add(8);
}
reportPanelAction rr = new reportPanelAction(filters);
getReports();
}//GEN-LAST:event_jButton1ActionPerformed
public void getReports() {
new SwingWorker<Void, Void>() {
protected Void doInBackground() throws Exception {
rpa.reportGenerate(filters, panel);
return null;
};
// this is called when the SwingWorker's doInBackground finishes
protected void done() {
progBar.setVisible(false); // hide my progress bar JFrame
};
}.execute();
progBar.setVisible(true);
}
private void cancelButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_cancelButtonActionPerformed
cancelButton.setText("Cancelled!");
cancel = true;
}//GEN-LAST:event_cancelButtonActionPerformed
private void jButton1MouseReleased(java.awt.event.MouseEvent evt) {//GEN-FIRST:event_jButton1MouseReleased
}//GEN-LAST:event_jButton1MouseReleased
public void progBarSet(int cc)
{
final int count = cc;
SwingUtilities.invokeLater(new Runnable() {
public void run() {
int start = progBar.getValue();
int end = start + count;
progBar.setValue(end);
}});
}
public void progBarDone(){
int max = progBar.getMaximum();
progBar.setValue(max);
jButton2.doClick();
}
public void progBarCount(int count){
progBar.setMaximum(count);
}
public void setjButton1ActionListener(ActionListener e){
jButton1.addActionListener(e);
}
public void setjButton2ActionListener(ActionListener e){
jButton2.addActionListener(e);
cancelButton.addActionListener(e);
}
// Variables declaration - do not modify//GEN-BEGIN:variables
private javax.swing.JButton cancelButton;
private javax.swing.JButton jButton1;
private javax.swing.JButton jButton2;
private javax.swing.JCheckBox jCheckBox1;
private javax.swing.JCheckBox jCheckBox2;
private javax.swing.JCheckBox jCheckBox3;
private javax.swing.JCheckBox jCheckBox4;
private javax.swing.JCheckBox jCheckBox5;
private javax.swing.JProgressBar progBar;
// End of variables declaration//GEN-END:variables
}

12
Report/src/org/sleuthkit/autopsy/report/reportFilterAction.java
View File

@ -19,16 +19,13 @@
package org.sleuthkit.autopsy.report;
import java.awt.Container;
import java.awt.Dimension;
import java.awt.Toolkit;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.io.IOException;
import java.util.logging.Level;
import javax.swing.JDialog;
import javax.swing.JFrame;
import org.openide.util.HelpCtx;
import org.openide.util.actions.CallableSystemAction;
import org.sleuthkit.autopsy.coreutils.Log;
/**
@ -45,11 +42,12 @@ class reportFilterAction {
Log.noteAction(this.getClass());
try {
// create the popUp window for it
Container cpane;
final JFrame frame = new JFrame(ACTION_NAME);
final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal
cpane = frame.getContentPane();
// initialize panel with loaded settings
final reportFilter panel = new reportFilter();
@ -66,7 +64,7 @@ class reportFilterAction {
// display the window
popUpWindow.setVisible(true);
} catch (Exception ex) {
Log.get(reportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex);

88
Report/src/org/sleuthkit/autopsy/report/reportHTML.java
View File

@ -15,14 +15,8 @@ import java.util.logging.Logger;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.ContentVisitor;
import org.sleuthkit.datamodel.Directory;
import org.sleuthkit.datamodel.File;
import org.sleuthkit.datamodel.FileSystem;
import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.Volume;
/**
*
@ -32,9 +26,8 @@ public class reportHTML {
//Declare our publically accessible formatted report, this will change everytime they run a report
public StringBuilder formatted_Report = new StringBuilder();
public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> report){
public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> report, reportFilter rr){
try{
@ -52,7 +45,7 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
formatted_Report.append("<html><head>Autopsy Report for Case:").append(caseName).append("</head><body><div id=\"main\"><div id=\"content\">");
// Add summary information now
formatted_Report.append("<h1>Report for Case: ").append(caseName).append("</h1>");
formatted_Report.append("<h3>Case Summary</h3><p>XML Report Generated by Autopsy 3 on ").append(datetime).append("<br /><ul>");
formatted_Report.append("<h3>Case Summary</h3><p>HTML Report Generated by Autopsy 3 on ").append(datetime).append("<br /><ul>");
formatted_Report.append("<li># of Images: ").append(imagecount).append("</li>");
formatted_Report.append("<li>FileSystems: ").append(filesystemcount).append("</li>");
@ -66,26 +59,37 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
StringBuilder nodeInstalled = new StringBuilder("<h3>Installed Programs</h3>");
StringBuilder nodeKeyword = new StringBuilder("<h3>Keyword Search Hits</h3>");
StringBuilder nodeHash = new StringBuilder("<h3>Hashset Hits</h3>");
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(reportFilter.cancel == true){
break;
}
int cc = 0;
StringBuilder artifact = new StringBuilder("<p>Artifact");
Long objId = entry.getKey().getObjectID();
Content cont = skCase.getContentById(objId);
Long filesize = cont.getSize();
artifact.append(" ID: " + objId.toString());
artifact.append("<br /> Name: <strong>").append(cont.accept(new NameVisitor())).append("</strong>");
artifact.append("<br />Path: ").append(cont.accept(new PathVisitor()));
//Content file = skCase.getContentById(objId);
FsContent file = skCase.getFsContentById(objId);
// File file = cfile
// File file = cfile.
Long filesize = file.getSize();
artifact.append(" ID: ").append(objId.toString());
artifact.append(" Name: <strong>").append(file.getName().toString()).append("</strong>");
artifact.append("<br />Path: ").append(file.getParentPath());
artifact.append("<br /> Size: ").append(filesize.toString());
artifact.append("</p><ul style=\"list-style-type: none;\">");
// Get all the attributes for this guy
for (BlackboardAttribute tempatt : entry.getValue())
{
if(reportFilter.cancel == true){
break;
}
StringBuilder attribute = new StringBuilder("<li style=\"list-style-type: none;\">Type: ").append(tempatt.getAttributeTypeDisplayName()).append("</li>");
attribute.append("<li style=\"list-style-type: none;\">Value: ").append(tempatt.getValueString()).append("</li>");
attribute.append("<li style=\"list-style-type: none;\"> Context: ").append(tempatt.getContext()).append("</li>");
artifact.append(attribute);
cc++;
}
artifact.append("</ul>");
if(entry.getKey().getArtifactTypeID() == 1){
@ -120,6 +124,8 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
if(entry.getKey().getArtifactTypeID() == 10){
nodeHash.append(artifact);
}
cc++;
rr.progBarSet(cc);
}
//Add them back in order
formatted_Report.append(nodeGen);
@ -133,57 +139,15 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
formatted_Report.append(nodeKeyword);
formatted_Report.append(nodeHash);
//end of master loop
formatted_Report.append("</div></div></body></html>");
}
catch(Exception e)
{
Logger.getLogger(reportHTML.class.getName()).log(Level.INFO, "Exception occurred", e);
}
}
private class NameVisitor extends ContentVisitor.Default<String> {
@Override
protected String defaultVisit(Content cntnt) {
throw new UnsupportedOperationException("Not supported for " + cntnt.toString());
}
@Override
public String visit(Directory dir) {
return dir.getName();
}
@Override
public String visit(Image img) {
return img.getName();
}
@Override
public String visit(File fil) {
return fil.getName();
}
}
private class PathVisitor extends ContentVisitor.Default<String> {
@Override
protected String defaultVisit(Content cntnt) {
throw new UnsupportedOperationException("Not supported for " + cntnt.toString());
}
@Override
public String visit(Directory dir) {
return dir.getParentPath();
}
@Override
public String visit(Image img) {
return img.getName();
}
@Override
public String visit(File fil) {
return fil.getParentPath();
}
}
}

28
Report/src/org/sleuthkit/autopsy/report/reportPanel.form
View File

@ -1,6 +1,12 @@
<?xml version="1.1" encoding="UTF-8" ?>
<Form version="1.5" maxVersion="1.7" type="org.netbeans.modules.form.forminfo.JPanelFormInfo">
<NonVisualComponents>
<Component class="javax.swing.JFileChooser" name="jFileChooser1">
</Component>
<Component class="javax.swing.JOptionPane" name="jOptionPane1">
</Component>
</NonVisualComponents>
<AccessibilityProperties>
<Property name="AccessibleContext.accessibleName" type="java.lang.String" value=""/>
<Property name="AccessibleContext.accessibleParent" type="javax.accessibility.Accessible" editor="org.netbeans.modules.form.RADVisualComponent$AccessibleParentEditor">
@ -25,10 +31,12 @@
<Group type="102" attributes="0">
<EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Component id="jScrollPane1" alignment="0" pref="811" max="32767" attributes="0"/>
<Component id="jScrollPane1" alignment="0" pref="863" max="32767" attributes="0"/>
<Group type="102" alignment="0" attributes="0">
<EmptySpace min="-2" pref="320" max="-2" attributes="0"/>
<Component id="jButton1" min="-2" max="-2" attributes="0"/>
<EmptySpace pref="391" max="32767" attributes="0"/>
<Component id="saveReport" min="-2" max="-2" attributes="0"/>
</Group>
</Group>
<EmptySpace max="-2" attributes="0"/>
@ -41,7 +49,10 @@
<EmptySpace max="-2" attributes="0"/>
<Component id="jScrollPane1" min="-2" pref="599" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Component id="jButton1" min="-2" max="-2" attributes="0"/>
<Group type="103" groupAlignment="3" attributes="0">
<Component id="jButton1" alignment="3" min="-2" max="-2" attributes="0"/>
<Component id="saveReport" alignment="3" min="-2" max="-2" attributes="0"/>
</Group>
<EmptySpace max="32767" attributes="0"/>
</Group>
</Group>
@ -72,5 +83,18 @@
</Property>
</Properties>
</Component>
<Component class="javax.swing.JButton" name="saveReport">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportPanel.saveReport.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="actionCommand" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/report/Bundle.properties" key="reportPanel.saveReport.actionCommand" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
<Events>
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="saveReportActionPerformed"/>
</Events>
</Component>
</SubComponents>
</Form>

63
Report/src/org/sleuthkit/autopsy/report/reportPanel.java
View File

@ -10,7 +10,9 @@
*/
package org.sleuthkit.autopsy.report;
import java.awt.event.ActionListener;
import java.util.logging.Logger;
import java.io.FileOutputStream;
import java.io.IOException;
import javax.swing.filechooser.FileFilter;
/**
*
@ -33,9 +35,12 @@ public class reportPanel extends javax.swing.JPanel {
// <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents
private void initComponents() {
jFileChooser1 = new javax.swing.JFileChooser();
jOptionPane1 = new javax.swing.JOptionPane();
jScrollPane1 = new javax.swing.JScrollPane();
jEditorPane1 = new javax.swing.JEditorPane();
jButton1 = new javax.swing.JButton();
saveReport = new javax.swing.JButton();
jEditorPane1.setContentType(org.openide.util.NbBundle.getMessage(reportPanel.class, "reportPanel.jEditorPane1.contentType")); // NOI18N
jEditorPane1.setEditable(false);
@ -43,6 +48,14 @@ public class reportPanel extends javax.swing.JPanel {
jButton1.setText(org.openide.util.NbBundle.getMessage(reportPanel.class, "reportPanel.jButton1.text")); // NOI18N
saveReport.setText(org.openide.util.NbBundle.getMessage(reportPanel.class, "reportPanel.saveReport.text")); // NOI18N
saveReport.setActionCommand(org.openide.util.NbBundle.getMessage(reportPanel.class, "reportPanel.saveReport.actionCommand")); // NOI18N
saveReport.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
saveReportActionPerformed(evt);
}
});
javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
this.setLayout(layout);
layout.setHorizontalGroup(
@ -50,10 +63,12 @@ public class reportPanel extends javax.swing.JPanel {
.addGroup(layout.createSequentialGroup()
.addContainerGap()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jScrollPane1, javax.swing.GroupLayout.DEFAULT_SIZE, 811, Short.MAX_VALUE)
.addComponent(jScrollPane1, javax.swing.GroupLayout.DEFAULT_SIZE, 863, Short.MAX_VALUE)
.addGroup(layout.createSequentialGroup()
.addGap(320, 320, 320)
.addComponent(jButton1)))
.addComponent(jButton1)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 391, Short.MAX_VALUE)
.addComponent(saveReport)))
.addContainerGap())
);
layout.setVerticalGroup(
@ -62,13 +77,20 @@ public class reportPanel extends javax.swing.JPanel {
.addContainerGap()
.addComponent(jScrollPane1, javax.swing.GroupLayout.PREFERRED_SIZE, 599, javax.swing.GroupLayout.PREFERRED_SIZE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(jButton1)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(jButton1)
.addComponent(saveReport))
.addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
);
getAccessibleContext().setAccessibleName("");
getAccessibleContext().setAccessibleParent(this);
}// </editor-fold>//GEN-END:initComponents
private void saveReportActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_saveReportActionPerformed
saveReportAction();
}//GEN-LAST:event_saveReportActionPerformed
/**
* Sets the listener for the OK button
*
@ -77,16 +99,49 @@ public class reportPanel extends javax.swing.JPanel {
public void setjButton1ActionListener(ActionListener e){
jButton1.addActionListener(e);
}
private void setReportWindow(String report)
{
jEditorPane1.setText(report);
jEditorPane1.setCaretPosition(0);
}
private void saveReportAction(){
int option = jFileChooser1.showOpenDialog(this);
if(option == jFileChooser1.APPROVE_OPTION){
if(jFileChooser1.getSelectedFile()!=null){
String path = jFileChooser1.getSelectedFile().toString();
exportReport(path);
}
}
}
private void exportReport(String path){
path = reportUtils.changeExtension(path, ".html");
try {
FileOutputStream out = new FileOutputStream(path);
out.write(jEditorPane1.getText().getBytes());
out.flush();
out.close();
jOptionPane1.showMessageDialog(this, "Report has been successfully saved!");
}
catch (IOException e) {
System.err.println(e);
}
}
// Variables declaration - do not modify//GEN-BEGIN:variables
private javax.swing.JButton jButton1;
private javax.swing.JEditorPane jEditorPane1;
private javax.swing.JFileChooser jFileChooser1;
private javax.swing.JOptionPane jOptionPane1;
private javax.swing.JScrollPane jScrollPane1;
private javax.swing.JButton saveReport;
// End of variables declaration//GEN-END:variables

65
Report/src/org/sleuthkit/autopsy/report/reportPanelAction.java
View File

@ -11,9 +11,9 @@ import java.awt.event.ActionListener;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.swing.JDialog;
import javax.swing.JFrame;
import javax.swing.SwingUtilities;
import org.sleuthkit.autopsy.coreutils.Log;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
@ -24,11 +24,15 @@ import org.sleuthkit.datamodel.BlackboardAttribute;
*/
public class reportPanelAction {
private static final String ACTION_NAME = "Report Preview";
public reportPanelAction(ArrayList<Integer> reportlist){
private String viewReport = "";
public reportPanelAction(){
}
public void reportGenerate(ArrayList<Integer> reportlist, final reportFilter rr){
try {
// Generate the reports and create the hashmap
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> Results = new HashMap();
final HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> Results = new HashMap();
report bbreport = new report();
//see what reports we need to run and run them
if(reportlist.contains(1)){Results.putAll(bbreport.getGenInfo());}
@ -41,17 +45,48 @@ public class reportPanelAction {
// if(reportlist.contains(7)){Results.putAll(bbreport.getGenInfo());}
if(reportlist.contains(9)){Results.putAll(bbreport.getKeywordHit());}
if(reportlist.contains(10)){Results.putAll(bbreport.getHashHit());}
SwingUtilities.invokeLater(new Runnable() {
public void run() {
rr.progBarCount(2*Results.size());
}});
//Turn our results into the appropriate xml/html reports
//TODO: add a way for users to select what they will run when
reportXML xmlReport = new reportXML(Results);
reportHTML htmlReport = new reportHTML(Results);
Thread xmlthread = new Thread(new Runnable()
{
public void run()
{
reportXML xmlReport = new reportXML(Results, rr);
}
});
Thread htmlthread = new Thread(new Runnable()
{
public void run()
{
reportHTML htmlReport = new reportHTML(Results,rr);
viewReport = htmlReport.formatted_Report.toString();
}
});
// start our threads
xmlthread.start();
htmlthread.start();
// display the window
// create the popUp window for it
if(reportFilter.cancel == false){
final JFrame frame = new JFrame(ACTION_NAME);
final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal
// initialize panel with loaded settings
final reportPanel panel = new reportPanel(htmlReport.formatted_Report.toString());
xmlthread.join();
// initialize panel with loaded settings
htmlthread.join();
reportPanel panel = new reportPanel(viewReport);
panel.setjButton1ActionListener(new ActionListener() {
@Override
@ -63,19 +98,17 @@ public class reportPanelAction {
popUpWindow.add(panel);
popUpWindow.pack();
popUpWindow.setResizable(false);
// set the location of the popUp Window on the center of the screen
Dimension screenDimension = Toolkit.getDefaultToolkit().getScreenSize();
double w = popUpWindow.getSize().getWidth();
double h = popUpWindow.getSize().getHeight();
popUpWindow.setLocation((int) ((screenDimension.getWidth() - w) / 2), (int) ((screenDimension.getHeight() - h) / 2));
// display the window
popUpWindow.setVisible(true);
rr.progBarDone();
// add the command to close the window to the button on the Case Properties form / panel
}
} catch (Exception ex) {
Log.get(reportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex);
}

21
Report/src/org/sleuthkit/autopsy/report/reportUtils.java Normal file
View File

@ -0,0 +1,21 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.sleuthkit.autopsy.report;
/**
*
* @author Alex
*/
public class reportUtils {
static String changeExtension(String originalName, String newExtension) {
int lastDot = originalName.lastIndexOf(".");
if (lastDot != -1) {
return originalName.substring(0, lastDot) + newExtension;
} else {
return originalName + newExtension;
}
}
}

17
Report/src/org/sleuthkit/autopsy/report/reportXML.java
View File

@ -29,7 +29,7 @@ import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.SleuthkitCase;
public class reportXML {
public reportXML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> report){
public reportXML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> report, reportFilter rr){
try{
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase();
@ -39,7 +39,7 @@ public class reportXML {
Element root = new Element("Case");
Document xmldoc = new Document(root);
DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy");
DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss");
Date date = new Date();
String datetime = datetimeFormat.format(date);
String datenotime = dateFormat.format(date);
@ -63,6 +63,10 @@ public class reportXML {
Element nodeKeyword = new Element("Keyword-Search-Hits");
Element nodeHash = new Element("Hashset-Hits");
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(reportFilter.cancel == true){
break;
}
int cc = 0;
Element artifact = new Element("Artifact");
Long objId = entry.getKey().getObjectID();
Content cont = skCase.getContentById(objId);
@ -74,12 +78,16 @@ public class reportXML {
// Get all the attributes for this guy
for (BlackboardAttribute tempatt : entry.getValue())
{
if(reportFilter.cancel == true){
break;
}
Element attribute = new Element("Attribute").setAttribute("Type",tempatt.getAttributeTypeDisplayName());
Element value = new Element("Value").setText(tempatt.getValueString());
attribute.addContent(value);
Element context = new Element("Context").setText(tempatt.getContext());
attribute.addContent(context);
artifact.addContent(attribute);
cc++;
}
if(entry.getKey().getArtifactTypeID() == 1){
@ -119,7 +127,8 @@ public class reportXML {
if(entry.getKey().getArtifactTypeID() == 10){
nodeHash.addContent(artifact);
}
cc++;
rr.progBarSet(cc);
//end of master loop
}
@ -136,7 +145,7 @@ public class reportXML {
root.addContent(nodeHash);
try {
FileOutputStream out = new FileOutputStream(currentCase.getTempDirectory()+"/" + caseName + "-" + datenotime + ".xml");
FileOutputStream out = new FileOutputStream(currentCase.getCaseDirectory()+"/Temp/" + caseName + "-" + datenotime + ".xml");
XMLOutputter serializer = new XMLOutputter();
serializer.output(xmldoc, out);
out.flush();