mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-13 08:26:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into zipmodule

Browse Source
This commit is contained in:
adam-m 2013-01-29 22:14:44 -05:00
commit d24ee5dc12
7 changed files with 142 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ExifParser/src/org/sleuthkit/autopsy/exifparser/ExifParserFileIngestModule.java
View File

@ -198,9 +198,6 @@ public final class ExifParserFileIngestModule implements IngestModuleAbstractFil
public void complete() {
logger.log(Level.INFO, "completed exif parsing " + this.toString());
final IngestMessage msg = IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Complete");
services.postMessage(msg);
//module specific cleanup due to completion here
}
@ -235,13 +232,11 @@ public final class ExifParserFileIngestModule implements IngestModuleAbstractFil
public void init(IngestModuleInit initContext) {
services = IngestServices.getDefault();
logger.log(Level.INFO, "init() " + this.toString());
}
@Override
public void stop() {
logger.log(Level.INFO, "stop()");
services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Stopped"));
//module specific cleanup due to interruption here
}

193
HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011 Basis Technology Corp.
* Copyright 2011-2013 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -23,20 +23,18 @@ import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.netbeans.api.options.OptionsDisplayer;
import org.netbeans.spi.options.OptionsPanelController;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.ingest.IngestMessage;
import org.sleuthkit.autopsy.ingest.IngestModuleAbstractFile;
import org.sleuthkit.autopsy.ingest.IngestModuleInit;
import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.ContentVisitor;
import org.sleuthkit.datamodel.File;
@ -58,7 +56,7 @@ public class HashDbIngestModule implements IngestModuleAbstractFile {
private IngestServices services;
private SleuthkitCase skCase;
private static int messageId = 0;
private int count;
private int knownBadCount;
// Whether or not to do hash lookups (only set to true if there are dbs set)
private boolean nsrlIsSet;
private boolean knownBadIsSet;
@ -67,13 +65,13 @@ public class HashDbIngestModule implements IngestModuleAbstractFile {
private int nsrlPointer;
static long calctime = 0;
static long lookuptime = 0;
private Map<Integer, HashDb> knownBadSets = new HashMap<Integer, HashDb>();
private Map<Integer, HashDb> knownBadSets = new HashMap<>();
private HashDbManagementPanel panel;
private final Hash hasher = new Hash();
private HashDbIngestModule() {
count = 0;
knownBadCount = 0;
}
public static synchronized HashDbIngestModule getDefault() {
@ -86,7 +84,6 @@ public class HashDbIngestModule implements IngestModuleAbstractFile {
@Override
public void init(IngestModuleInit initContext) {
services = IngestServices.getDefault();
this.services.postMessage(IngestMessage.createMessage(++messageId, IngestMessage.MessageType.INFO, this, "Started"));
this.skCase = Case.getCurrentCase().getSleuthkitCase();
try {
HashDbXML hdbxml = HashDbXML.getCurrent();
@ -121,36 +118,39 @@ public class HashDbIngestModule implements IngestModuleAbstractFile {
}
} catch (TskException ex) {
logger.log(Level.WARNING, "Setting NSRL and Known database failed", ex);
logger.log(Level.SEVERE, "Setting NSRL and Known database failed", ex);
this.services.postMessage(IngestMessage.createErrorMessage(++messageId, this, "Error Configuring Hash Databases", "Setting NSRL and Known database failed."));
}
}
@Override
public void complete() {
StringBuilder detailsSb = new StringBuilder();
//details
detailsSb.append("<table border='0' cellpadding='4' width='280'>");
if ((knownBadIsSet) || (nsrlIsSet)) {
StringBuilder detailsSb = new StringBuilder();
//details
detailsSb.append("<table border='0' cellpadding='4' width='280'>");
detailsSb.append("<tr>");
detailsSb.append("<th>Number of notable files found:</th>");
detailsSb.append("<td>").append(count).append("</td>");
detailsSb.append("</tr>");
detailsSb.append("<tr>");
detailsSb.append("<th>Number of notable files found:</th>");
detailsSb.append("<td>").append(knownBadCount).append("</td>");
detailsSb.append("</tr>");
detailsSb.append("<tr>");
detailsSb.append("<th>Notable databases used:</th>");
detailsSb.append("<td>Calc Time: ").append(calctime).append(" Lookup Time: ").append(lookuptime).append("</td>");
detailsSb.append("</tr>");
detailsSb.append("<tr>");
detailsSb.append("<th>Notable databases used:</th>");
detailsSb.append("<td>Calc Time: ").append(calctime).append(" Lookup Time: ").append(lookuptime).append("</td>");
detailsSb.append("</tr>");
for (HashDb db : knownBadSets.values()) {
detailsSb.append("<tr><th>");
detailsSb.append(db.getName());
detailsSb.append("</th><td>");
detailsSb.append(db.getDatabasePaths().get(0)); // TODO: support multiple database paths
detailsSb.append("</td></tr>");
for (HashDb db : knownBadSets.values()) {
detailsSb.append("<tr><th>");
detailsSb.append(db.getName());
detailsSb.append("</th><td>");
detailsSb.append(db.getDatabasePaths().get(0)); // TODO: support multiple database paths
detailsSb.append("</td></tr>");
}
detailsSb.append("</table>");
services.postMessage(IngestMessage.createMessage(++messageId, IngestMessage.MessageType.INFO, this, "Hash Lookup Results", detailsSb.toString()));
}
detailsSb.append("</table>");
services.postMessage(IngestMessage.createMessage(++messageId, IngestMessage.MessageType.INFO, this, "Hash Ingest Complete", detailsSb.toString()));
}
/**
@ -159,7 +159,7 @@ public class HashDbIngestModule implements IngestModuleAbstractFile {
*/
@Override
public void stop() {
//manager.postMessage(IngestMessage.createMessage(++messageId, IngestMessage.MessageType.INFO, this, "STOP"));
}
/**
@ -312,70 +312,89 @@ public class HashDbIngestModule implements IngestModuleAbstractFile {
}
private ProcessResult process(FsContent fsContent) {
ProcessResult ret = ProcessResult.OK;
boolean processFile = true;
if (fsContent.getKnown().equals(TskData.FileKnown.BAD)) {
processFile = false;
// bail out if we have no hashes set
if ((nsrlIsSet == false) && (knownBadIsSet == false) && (calcHashesIsSet == false)) {
return ProcessResult.OK;
}
if (processFile && (nsrlIsSet || knownBadIsSet)) {
String name = fsContent.getName();
// calc hash value
String name = fsContent.getName();
String md5Hash = fsContent.getMd5Hash();
if (md5Hash == null || md5Hash.isEmpty()) {
try {
String md5Hash = fsContent.getMd5Hash();
if (md5Hash == null || md5Hash.isEmpty()) {
long calcstart = System.currentTimeMillis();
md5Hash = hasher.calculateMd5(fsContent);
calctime += (System.currentTimeMillis() - calcstart);
}
TskData.FileKnown status = TskData.FileKnown.UKNOWN;
boolean foundBad = false;
for (Map.Entry<Integer, HashDb> entry : knownBadSets.entrySet()) {
long calcstart = System.currentTimeMillis();
md5Hash = hasher.calculateMd5(fsContent);
calctime += (System.currentTimeMillis() - calcstart);
} catch (IOException ex) {
logger.log(Level.WARNING, "Error calculating hash of file " + name, ex);
services.postMessage(IngestMessage.createErrorMessage(++messageId, HashDbIngestModule.this, "Read Error: " + name,
"Error encountered while calculating the hash value for " + name + "."));
return ProcessResult.ERROR;
}
}
// look up in known bad first
TskData.FileKnown status = TskData.FileKnown.UKNOWN;
boolean foundBad = false;
ProcessResult ret = ProcessResult.OK;
if (knownBadIsSet) {
for (Map.Entry<Integer, HashDb> entry : knownBadSets.entrySet()) {
try {
long lookupstart = System.currentTimeMillis();
status = skCase.knownBadLookupMd5(md5Hash, entry.getKey());
lookuptime += (System.currentTimeMillis() - lookupstart);
if (status.equals(TskData.FileKnown.BAD)) {
foundBad = true;
count += 1;
skCase.setKnown(fsContent, status);
String hashSetName = entry.getValue().getName();
processBadFile(fsContent, md5Hash, hashSetName, entry.getValue().getShowInboxMessages());
} catch (TskException ex) {
logger.log(Level.WARNING, "Couldn't lookup known bad hash for file " + name + " - see sleuthkit log for details", ex);
services.postMessage(IngestMessage.createErrorMessage(++messageId, HashDbIngestModule.this, "Hash Lookup Error: " + name,
"Error encountered while looking up known bad hash value for " + name + "."));
ret = ProcessResult.ERROR;
}
if (status.equals(TskData.FileKnown.BAD)) {
foundBad = true;
knownBadCount += 1;
try {
skCase.setKnown(fsContent, TskData.FileKnown.BAD);
} catch (TskException ex) {
logger.log(Level.WARNING, "Couldn't set known bad state for file " + name + " - see sleuthkit log for details", ex);
services.postMessage(IngestMessage.createErrorMessage(++messageId, HashDbIngestModule.this, "Hash Lookup Error: " + name,
"Error encountered while setting known bad state for " + name + "."));
ret = ProcessResult.ERROR;
}
String hashSetName = entry.getValue().getName();
processBadFile(fsContent, md5Hash, hashSetName, entry.getValue().getShowInboxMessages());
}
if (!foundBad && nsrlIsSet) {
long lookupstart = System.currentTimeMillis();
status = skCase.nsrlLookupMd5(md5Hash);
lookuptime += (System.currentTimeMillis() - lookupstart);
if (status.equals(TskData.FileKnown.KNOWN)) {
skCase.setKnown(fsContent, status);
}
}
} catch (TskException ex) {
logger.log(Level.WARNING, "Couldn't analyze file " + name + " - see sleuthkit log for details", ex);
services.postMessage(IngestMessage.createErrorMessage(++messageId, HashDbIngestModule.this, "Hash Lookup Error: " + name,
"Error encountered while updating the hash values for " + name + "."));
ret = ProcessResult.ERROR;
} catch (IOException ex) {
logger.log(Level.WARNING, "Error reading file " + name, ex);
services.postMessage(IngestMessage.createErrorMessage(++messageId, HashDbIngestModule.this, "Read Error: " + name,
"Error encountered while calculating the hash value for " + name + "."));
ret = ProcessResult.ERROR;
}
} else if (processFile && calcHashesIsSet) {
String name = fsContent.getName();
try {
String md5Hash = fsContent.getMd5Hash();
if (md5Hash == null || md5Hash.isEmpty()) {
long calcstart = System.currentTimeMillis();
hasher.calculateMd5(fsContent);
calctime += (System.currentTimeMillis() - calcstart);
}
ret = ProcessResult.OK;
} catch (IOException ex) {
logger.log(Level.WARNING, "Error reading file " + name, ex);
services.postMessage(IngestMessage.createErrorMessage(++messageId, HashDbIngestModule.this, "Read Error: " + name,
"Error encountered while calculating the hash value for " + name + " without databases."));
}
}
// only do NSRL if we didn't find a known bad
if (!foundBad && nsrlIsSet) {
try {
long lookupstart = System.currentTimeMillis();
status = skCase.nsrlLookupMd5(md5Hash);
lookuptime += (System.currentTimeMillis() - lookupstart);
} catch (TskException ex) {
logger.log(Level.WARNING, "Couldn't lookup NSRL hash for file " + name + " - see sleuthkit log for details", ex);
services.postMessage(IngestMessage.createErrorMessage(++messageId, HashDbIngestModule.this, "Hash Lookup Error: " + name,
"Error encountered while looking up NSRL hash value for " + name + "."));
ret = ProcessResult.ERROR;
}
if (status.equals(TskData.FileKnown.KNOWN)) {
try {
skCase.setKnown(fsContent, TskData.FileKnown.KNOWN);
} catch (TskException ex) {
logger.log(Level.WARNING, "Couldn't set known state for file " + name + " - see sleuthkit log for details", ex);
services.postMessage(IngestMessage.createErrorMessage(++messageId, HashDbIngestModule.this, "Hash Lookup Error: " + name,
"Error encountered while setting known (NSRL) state for " + name + "."));
ret = ProcessResult.ERROR;
}
}
}
return ret;
}
}

7
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java
View File

@ -252,7 +252,6 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile
finalSearcher.execute();
} else {
finalSearcherDone = true;
services.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, this, "Completed"));
}
//log number of files / chunks in index
@ -438,8 +437,6 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile
commitTimer.start();
searchTimer.start();
services.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, this, "Started"));
}
@Override
@ -551,7 +548,7 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile
msg.append("<br />Skipped files: ").append(skipped).append("<br />");
String indexStats = msg.toString();
logger.log(Level.INFO, "Keyword Indexing Completed: " + indexStats);
services.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, this, "Keyword Indexing Completed", indexStats));
services.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, this, "Keyword Indexing Results", indexStats));
}
@ -1180,8 +1177,6 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile
logger.log(Level.INFO, "The final searcher in this ingest done.");
finalSearcherDone = true;
services.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, KeywordSearchIngestModule.instance, "Completed"));
//run module cleanup
cleanup();
} else {

2
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
View File

@ -406,7 +406,7 @@ public class Chrome extends Extract implements IngestModuleImage {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "Recent Activity", ((result.get("title").toString() != null) ? result.get("title").toString() : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "Recent Activity", "Chrome"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "Recent Activity", (Util.extractDomain((result.get("origin_url").toString() != null) ? result.get("url").toString() : ""))));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USERNAME.getTypeID(), "Recent Activity", ((result.get("username_value").toString() != null) ? result.get("username_value").toString().replaceAll("'", "''") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USER_NAME.getTypeID(), "Recent Activity", ((result.get("username_value").toString() != null) ? result.get("username_value").toString().replaceAll("'", "''") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "Recent Activity", result.get("signon_realm").toString()));
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, signonFiles.get(j), bbattributes);

2
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -500,7 +500,7 @@ public class ExtractIE extends Extract implements IngestModuleImage {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "Internet Explorer"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", domain));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USERNAME.getTypeID(), "RecentActivity", user));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USER_NAME.getTypeID(), "RecentActivity", user));
bbart.addAttributes(bbattributes);
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error writing Internet Explorer web history artifact to the blackboard.", ex);

58
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java
View File

@ -44,7 +44,6 @@ public final class RAImageIngestModule implements IngestModuleImage {
private static RAImageIngestModule defaultInstance = null;
private IngestServices services;
private static int messageId = 0;
private ArrayList<String> errors = new ArrayList<String>();
private StringBuilder subCompleted = new StringBuilder();
private ArrayList<Extract> modules;
final public static String MODULE_VERSION = "1.0";
@ -66,12 +65,15 @@ public final class RAImageIngestModule implements IngestModuleImage {
@Override
public void process(Image image, IngestImageWorkerController controller) {
services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Started " + image.getName()));
controller.switchToDeterminate(modules.size());
controller.progress(0);
ArrayList<String> errors = new ArrayList<>();
for (int i = 0; i < modules.size(); i++) {
Extract module = modules.get(i);
if (controller.isCancelled()) {
logger.log(Level.INFO, "Recent Activity has been canceled, quitting before " + module.getName());
logger.log(Level.INFO, "Recent Activity has been canceled, quitting before {0}", module.getName());
break;
}
try {
@ -83,47 +85,45 @@ public final class RAImageIngestModule implements IngestModuleImage {
controller.progress(i + 1);
errors.addAll(module.getErrorMessages());
}
// create the final message for inbox
StringBuilder errorMessage = new StringBuilder();
String errorMsgSubject;
if (!errors.isEmpty()) {
errorMessage.append("Errors encountered during analysis: <ul>\n");
for (String msg : errors) {
errorMessage.append("<li>").append(msg).append("</li>\n");
}
errorMessage.append("</ul>\n");
if (errors.size() == 1) {
errorMsgSubject = "1 error found";
} else {
errorMsgSubject = errors.size() + " errors found";
}
} else {
errorMessage.append("No errors encountered.");
errorMsgSubject = "No errors reported";
}
final IngestMessage msg = IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Finished " + image.getName()+ " - " + errorMsgSubject, errorMessage.toString());
services.postMessage(msg);
}
@Override
public void complete() {
logger.log(Level.INFO, "complete() " + this.toString());
StringBuilder errorMessage = new StringBuilder();
String errorsFound = "";
// close modules
for (int i = 0; i < modules.size(); i++) {
Extract module = modules.get(i);
try {
module.complete();
subCompleted.append(module.getName()).append(" complete <br>");
} catch (Exception ex) {
logger.log(Level.SEVERE, "Exception occurred when completing " + module.getName(), ex);
subCompleted.append(module.getName()).append(" failed to complete - see log for details <br>");
}
}
errorMessage.append(subCompleted);
int i = 0;
if (!errors.isEmpty()) {
errorMessage.append("<br>There were some errors extracting the data: <br>");
for (String msg : errors) {
i++;
final IngestMessage error = IngestMessage.createMessage(++messageId, MessageType.INFO, this, msg + "<br>");
services.postMessage(error);
}
if (i == 1) {
errorsFound = i + " error found";
} else {
errorsFound = i + " errors found";
}
} else {
errorMessage.append("<br> No errors encountered.");
errorsFound = "No errors reported";
}
final IngestMessage msg = IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Completed - " + errorsFound, errorMessage.toString());
services.postMessage(msg);
//module specific cleanup due to completion here
}
@ -139,8 +139,8 @@ public final class RAImageIngestModule implements IngestModuleImage {
@Override
public void init(IngestModuleInit initContext) {
modules = new ArrayList<Extract>();
logger.log(Level.INFO, "init() " + this.toString());
modules = new ArrayList<>();
logger.log(Level.INFO, "init() {0}", this.toString());
services = IngestServices.getDefault();
final Extract registry = new ExtractRegistry();

4
thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java
View File

@ -114,7 +114,8 @@ public class ThunderbirdMboxFileIngestModule implements IngestModuleAbstractFile
if (isMbox) {
services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Processing " + fsContent.getName()));
logger.log(Level.INFO, "ThunderbirdMboxFileIngestModule: Parsing {0}", fsContent.getName());
String mboxName = fsContent.getName();
String msfName = mboxName + ".msf";
//Long mboxId = fsContent.getId();
@ -248,7 +249,6 @@ public class ThunderbirdMboxFileIngestModule implements IngestModuleAbstractFile
@Override
public void complete() {
logger.log(Level.INFO, "complete()");
services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "COMPLETE"));
//module specific cleanup due completion here
}