mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 02:07:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/develop' into mt-search

Browse Source
This commit is contained in:
Samuel H. Kenyon 2014-04-03 16:16:58 -04:00
commit d3321853e0
17 changed files with 558 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Core/0
View File

Binary file not shown.

2
Core/nbproject/project.properties
View File

@ -1,3 +1,5 @@
file.reference.jdom-2.0.5-contrib.jar=release/modules/ext/jdom-2.0.5-contrib.jar
file.reference.jdom-2.0.5.jar=release/modules/ext/jdom-2.0.5.jar
file.reference.sqlite-jdbc-3.8.0-SNAPSHOT.jar=release/modules/ext/sqlite-jdbc-3.8.0-SNAPSHOT.jar
file.reference.Tsk_DataModel.jar=release/modules/ext/Tsk_DataModel.jar
javac.source=1.7

8
Core/nbproject/project.xml
View File

@ -207,6 +207,14 @@
<package>org.sleuthkit.autopsy.report</package>
<package>org.sleuthkit.datamodel</package>
</public-packages>
<class-path-extension>
<runtime-relative-path>ext/jdom-2.0.5.jar</runtime-relative-path>
<binary-origin>release/modules/ext/jdom-2.0.5.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/jdom-2.0.5-contrib.jar</runtime-relative-path>
<binary-origin>release/modules/ext/jdom-2.0.5-contrib.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/Tsk_DataModel.jar</runtime-relative-path>
<binary-origin>release/modules/ext/Tsk_DataModel.jar</binary-origin>

BIN
Core/release/modules/ext/jdom-2.0.5-contrib.jar Normal file
View File

Binary file not shown.

BIN
Core/release/modules/ext/jdom-2.0.5.jar Normal file
View File

Binary file not shown.

6
Core/src/org/sleuthkit/autopsy/core/layer.xml
View File

@ -317,6 +317,12 @@
<attr name="instanceCreate" methodvalue="org.sleuthkit.autopsy.report.FileReportText.getDefault"/>
<attr name="position" intvalue="903"/>
</file>
<file name="org-sleuthkit-autopsy-report-ReportKML.instance">
<attr name="instanceOf" stringvalue="org.sleuthkit.autopsy.report.GeneralReportModule"/>
<attr name="instanceCreate" methodvalue="org.sleuthkit.autopsy.report.ReportKML.getDefault"/>
<attr name="position" intvalue="904"/>
</file>
<!--<folder name="JavaHelp">
<file name="casemodule-helpset.xml" url="casemodule-helpset.xml">
<attr name="position" intvalue="3075"/>

5
Core/src/org/sleuthkit/autopsy/corecomponents/Bundle.properties
View File

@ -1,8 +1,8 @@
CTL_DataContentAction=DataContent
CTL_DataContentTopComponent=Data Content
CTL_CustomAboutAction=About
OptionsCategory_Name_General=Display
OptionsCategory_Keywords_General=display
OptionsCategory_Name_General=Autopsy
OptionsCategory_Keywords_General=Autopsy Options
HINT_DataContentTopComponent=This is a DataContent window
HINT_NodeTableTopComponent=This is a DataResult window
OpenIDE-Module-Name=CoreComponents
@ -147,3 +147,4 @@ DataResultViewerThumbnail.switchPage.done.errMsg=Error making thumbnails\: {0}
FXVideoPanel.pauseButton.infoLabel.playbackErr=Playback error.
GstVideoPanel.progress.infoLabel.updateErr=Error updating video progress\: {0}
GstVideoPanel.ExtractMedia.progress.buffering=Buffering {0}
GeneralPanel.jLabel4.text=Number of threads to use for file ingest:

2
Core/src/org/sleuthkit/autopsy/corecomponents/GeneralOptionsPanelController.java
View File

@ -30,7 +30,7 @@ import java.util.logging.Level;
import org.sleuthkit.autopsy.coreutils.Logger;
@OptionsPanelController.TopLevelRegistration(categoryName = "#OptionsCategory_Name_General",
iconBase = "org/sleuthkit/autopsy/corecomponents/display-options.png",
iconBase = "org/sleuthkit/autopsy/corecomponents/checkbox.png",
position = 1,
keywords = "#OptionsCategory_Keywords_General",
keywordsCategory = "General")

29
Core/src/org/sleuthkit/autopsy/corecomponents/GeneralPanel.form
View File

@ -42,6 +42,7 @@
<Group type="103" groupAlignment="0" attributes="0">
<Component id="jLabel1" min="-2" max="-2" attributes="0"/>
<Component id="jLabel3" alignment="0" min="-2" max="-2" attributes="0"/>
<Component id="jLabel4" alignment="0" min="-2" max="-2" attributes="0"/>
<Group type="102" attributes="0">
<EmptySpace min="10" pref="10" max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
@ -49,10 +50,11 @@
<Component id="useBestViewerRB" min="-2" max="-2" attributes="0"/>
<Component id="dataSourcesHideKnownCB" alignment="0" min="-2" max="-2" attributes="0"/>
<Component id="viewsHideKnownCB" alignment="0" min="-2" max="-2" attributes="0"/>
<Component id="numberOfFileIngestThreadsComboBox" min="-2" max="-2" attributes="0"/>
</Group>
</Group>
</Group>
<EmptySpace min="0" pref="13" max="32767" attributes="0"/>
<EmptySpace min="0" pref="0" max="32767" attributes="0"/>
</Group>
</Group>
</Group>
@ -78,7 +80,10 @@
<Component id="useLocalTimeRB" min="-2" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Component id="useGMTTimeRB" min="-2" max="-2" attributes="0"/>
<EmptySpace pref="30" max="32767" attributes="0"/>
<EmptySpace type="unrelated" max="-2" attributes="0"/>
<Component id="jLabel4" min="-2" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Component id="numberOfFileIngestThreadsComboBox" min="-2" max="-2" attributes="0"/>
</Group>
</Group>
</DimensionLayout>
@ -173,5 +178,25 @@
</Property>
</Properties>
</Component>
<Component class="javax.swing.JLabel" name="jLabel4">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/corecomponents/Bundle.properties" key="GeneralPanel.jLabel4.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
</Component>
<Component class="javax.swing.JComboBox" name="numberOfFileIngestThreadsComboBox">
<Properties>
<Property name="model" type="javax.swing.ComboBoxModel" editor="org.netbeans.modules.form.editors2.ComboBoxModelEditor">
<StringArray count="4">
<StringItem index="0" value="1"/>
<StringItem index="1" value="2"/>
<StringItem index="2" value="3"/>
<StringItem index="3" value="4"/>
</StringArray>
</Property>
<Property name="selectedIndex" type="int" value="1"/>
</Properties>
</Component>
</SubComponents>
</Form>

27
Core/src/org/sleuthkit/autopsy/corecomponents/GeneralPanel.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2013 Basis Technology Corp.
* Copyright 2013-2014 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -21,10 +21,10 @@ package org.sleuthkit.autopsy.corecomponents;
import java.util.prefs.Preferences;
import org.openide.util.NbPreferences;
import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.autopsy.ingest.IngestManager;
final class GeneralPanel extends javax.swing.JPanel {
private final GeneralOptionsPanelController controller;
private static final String KEEP_PREFERRED_VIEWER = "keepPreferredViewer";
private static final String USE_LOCAL_TIME = "useLocalTime";
private static final String DS_HIDE_KNOWN = "dataSourcesHideKnown"; // Default false
@ -32,7 +32,6 @@ final class GeneralPanel extends javax.swing.JPanel {
private final Preferences prefs = NbPreferences.forModule(this.getClass());
GeneralPanel(GeneralOptionsPanelController controller) {
this.controller = controller;
initComponents();
ContentUtils.setDisplayInLocalTime(useLocalTimeRB.isSelected());
// TODO listen to changes in form fields and call controller.changed()
@ -57,6 +56,8 @@ final class GeneralPanel extends javax.swing.JPanel {
jLabel3 = new javax.swing.JLabel();
dataSourcesHideKnownCB = new javax.swing.JCheckBox();
viewsHideKnownCB = new javax.swing.JCheckBox();
jLabel4 = new javax.swing.JLabel();
numberOfFileIngestThreadsComboBox = new javax.swing.JComboBox();
buttonGroup1.add(useBestViewerRB);
useBestViewerRB.setSelected(true);
@ -94,6 +95,11 @@ final class GeneralPanel extends javax.swing.JPanel {
org.openide.awt.Mnemonics.setLocalizedText(viewsHideKnownCB, org.openide.util.NbBundle.getMessage(GeneralPanel.class, "GeneralPanel.viewsHideKnownCB.text")); // NOI18N
org.openide.awt.Mnemonics.setLocalizedText(jLabel4, org.openide.util.NbBundle.getMessage(GeneralPanel.class, "GeneralPanel.jLabel4.text")); // NOI18N
numberOfFileIngestThreadsComboBox.setModel(new javax.swing.DefaultComboBoxModel(new String[] { "1", "2", "3", "4" }));
numberOfFileIngestThreadsComboBox.setSelectedIndex(1);
javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
this.setLayout(layout);
layout.setHorizontalGroup(
@ -114,14 +120,16 @@ final class GeneralPanel extends javax.swing.JPanel {
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jLabel1)
.addComponent(jLabel3)
.addComponent(jLabel4)
.addGroup(layout.createSequentialGroup()
.addGap(10, 10, 10)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(keepCurrentViewerRB)
.addComponent(useBestViewerRB)
.addComponent(dataSourcesHideKnownCB)
.addComponent(viewsHideKnownCB))))
.addGap(0, 13, Short.MAX_VALUE))))
.addComponent(viewsHideKnownCB)
.addComponent(numberOfFileIngestThreadsComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))))
.addGap(0, 0, Short.MAX_VALUE))))
);
layout.setVerticalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
@ -143,7 +151,10 @@ final class GeneralPanel extends javax.swing.JPanel {
.addComponent(useLocalTimeRB)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(useGMTTimeRB)
.addContainerGap(30, Short.MAX_VALUE))
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addComponent(jLabel4)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(numberOfFileIngestThreadsComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))
);
}// </editor-fold>//GEN-END:initComponents
@ -164,6 +175,7 @@ final class GeneralPanel extends javax.swing.JPanel {
useGMTTimeRB.setSelected(!useLocalTime);
dataSourcesHideKnownCB.setSelected(prefs.getBoolean(DS_HIDE_KNOWN, false));
viewsHideKnownCB.setSelected(prefs.getBoolean(VIEWS_HIDE_KNOWN, true));
numberOfFileIngestThreadsComboBox.setSelectedItem(IngestManager.getInstance().getNumberOfFileIngestThreads());
}
void store() {
@ -171,6 +183,7 @@ final class GeneralPanel extends javax.swing.JPanel {
prefs.putBoolean(USE_LOCAL_TIME, useLocalTimeRB.isSelected());
prefs.putBoolean(DS_HIDE_KNOWN, dataSourcesHideKnownCB.isSelected());
prefs.putBoolean(VIEWS_HIDE_KNOWN, viewsHideKnownCB.isSelected());
IngestManager.getInstance().setNumberOfFileIngestThreads(Integer.valueOf(numberOfFileIngestThreadsComboBox.getSelectedItem().toString()));
}
boolean valid() {
@ -184,7 +197,9 @@ final class GeneralPanel extends javax.swing.JPanel {
private javax.swing.JLabel jLabel1;
private javax.swing.JLabel jLabel2;
private javax.swing.JLabel jLabel3;
private javax.swing.JLabel jLabel4;
private javax.swing.JRadioButton keepCurrentViewerRB;
private javax.swing.JComboBox numberOfFileIngestThreadsComboBox;
private javax.swing.JRadioButton useBestViewerRB;
private javax.swing.JRadioButton useGMTTimeRB;
private javax.swing.JRadioButton useLocalTimeRB;

BIN
Core/src/org/sleuthkit/autopsy/corecomponents/checkbox.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.7 KiB

149
Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java
View File

@ -31,24 +31,31 @@ import javax.swing.SwingWorker;
import org.netbeans.api.progress.ProgressHandle;
import org.netbeans.api.progress.ProgressHandleFactory;
import org.openide.util.Cancellable;
import org.openide.util.NbPreferences;
import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Content;
import java.util.prefs.Preferences;
/**
* Manages the execution of ingest jobs.
*/
public class IngestManager {
private static final String NUMBER_OF_FILE_INGEST_THREADS_KEY = "NumberOfFileingestThreads";
private static final int MIN_NUMBER_OF_FILE_INGEST_THREADS = 1;
private static final int MAX_NUMBER_OF_FILE_INGEST_THREADS = 4;
private static final int DEFAULT_NUMBER_OF_FILE_INGEST_THREADS = 2;
private static final Logger logger = Logger.getLogger(IngestManager.class.getName());
private static final PropertyChangeSupport pcs = new PropertyChangeSupport(IngestManager.class);
private static IngestManager instance;
private final IngestScheduler scheduler;
private final IngestScheduler scheduler = IngestScheduler.getInstance();
private final IngestMonitor ingestMonitor = new IngestMonitor();
private final Preferences userPreferences = NbPreferences.forModule(this.getClass());
private final HashMap<Long, IngestJob> ingestJobs = new HashMap<>();
private TaskSchedulingWorker taskSchedulingWorker;
private FileTaskWorker fileTaskWorker;
private DataSourceTaskWorker dataSourceTaskWorker;
private TaskSchedulingWorker taskSchedulingWorker = null;
private DataSourceTaskWorker dataSourceTaskWorker = null;
private final List<FileTaskWorker> fileTaskWorkers = new ArrayList<>();
private long nextDataSourceTaskId = 0;
private long nextThreadId = 0;
private volatile IngestUI ingestMessageBox;
@ -103,7 +110,6 @@ public class IngestManager {
};
private IngestManager() {
this.scheduler = IngestScheduler.getInstance();
}
/**
@ -135,6 +141,18 @@ public class IngestManager {
return ++this.nextThreadId;
}
public synchronized int getNumberOfFileIngestThreads() {
return userPreferences.getInt(NUMBER_OF_FILE_INGEST_THREADS_KEY, DEFAULT_NUMBER_OF_FILE_INGEST_THREADS);
}
public synchronized void setNumberOfFileIngestThreads(int numberOfThreads) {
if (numberOfThreads < MIN_NUMBER_OF_FILE_INGEST_THREADS
|| numberOfThreads > MAX_NUMBER_OF_FILE_INGEST_THREADS) {
numberOfThreads = DEFAULT_NUMBER_OF_FILE_INGEST_THREADS;
}
userPreferences.putInt(NUMBER_OF_FILE_INGEST_THREADS_KEY, numberOfThreads);
}
/**
* Add property change listener to listen to ingest events as defined in
* IngestModuleEvent.
@ -274,35 +292,56 @@ public class IngestManager {
scheduler.getFileScheduler().scheduleFile(job, file);
}
/**
* Starts the File-level Ingest Module pipeline and the Data Source-level
* Ingest Modules for the queued up data sources and files.
*
* if AbstractFile module is still running, do nothing and allow it to
* consume queue otherwise start /restart AbstractFile worker
*
* data source ingest workers run per (module,content). Checks if one for
* the same (module,content) is already running otherwise start/restart the
* worker
*/
private synchronized void startAll() {
// Make sure the ingest monitor is running.
if (!ingestMonitor.isRunning()) {
ingestMonitor.start();
}
if (scheduler.getDataSourceScheduler().hasNext()) {
if (dataSourceTaskWorker == null || dataSourceTaskWorker.isDone()) {
dataSourceTaskWorker = new DataSourceTaskWorker(getNextThreadId());
dataSourceTaskWorker.execute();
}
// Make sure a data source task worker is running.
// TODO: There is a race condition here with SwingWorker.isDone().
// The highly unlikely chance that no data source task worker will
// run for this job needs to be addressed. Fix by using a thread pool
// and converting the SwingWorkers to Runnables.
if (dataSourceTaskWorker == null || dataSourceTaskWorker.isDone()) {
dataSourceTaskWorker = new DataSourceTaskWorker(getNextThreadId());
dataSourceTaskWorker.execute();
}
if (scheduler.getFileScheduler().hasNext()) {
if (fileTaskWorker == null || fileTaskWorker.isDone()) {
fileTaskWorker = new FileTaskWorker(getNextThreadId());
fileTaskWorker.execute();
// Make sure the requested number of file task workers are running.
// TODO: There is a race condition here with SwingWorker.isDone().
// The highly unlikely chance that no file task workers or the wrong
// number of file task workers will run for this job needs to be
// addressed. Fix by using a thread pool and converting the SwingWorkers
// to Runnables.
int workersRequested = getNumberOfFileIngestThreads();
int workersRunning = 0;
for (FileTaskWorker worker : fileTaskWorkers) {
if (worker != null) {
if (worker.isDone()) {
if (workersRunning < workersRequested) {
worker = new FileTaskWorker(getNextThreadId());
worker.execute();
++workersRunning;
} else {
worker = null;
}
} else {
++workersRunning;
}
} else if (workersRunning < workersRequested) {
worker = new FileTaskWorker(getNextThreadId());
worker.execute();
++workersRunning;
}
}
while (workersRunning < workersRequested
&& fileTaskWorkers.size() < MAX_NUMBER_OF_FILE_INGEST_THREADS) {
FileTaskWorker worker = new FileTaskWorker(getNextThreadId());
fileTaskWorkers.add(worker);
worker.execute();
++workersRunning;
}
}
synchronized void reportThreadDone(long threadId) {
@ -316,40 +355,56 @@ public class IngestManager {
for (Long jobId : completedJobs) {
ingestJobs.remove(jobId);
}
}
}
synchronized void stopAll() {
// First get the task scheduling worker to stop.
// First get the task scheduling worker to stop adding new tasks.
if (taskSchedulingWorker != null) {
taskSchedulingWorker.cancel(true);
while (!taskSchedulingWorker.isDone()) {
// Wait.
try {
Thread.sleep(1000);
} catch (InterruptedException ex) {
}
}
taskSchedulingWorker = null;
}
// Now mark all of the ingest jobs as cancelled. This way the ingest
// modules will know they are being shut down due to cancellation when
// the ingest worker threads release their pipelines.
// the cancelled ingest workers release their pipelines.
for (IngestJob job : ingestJobs.values()) {
job.cancel();
}
// Cancel the worker threads.
// Cancel the data source task worker. It will release its pipelines
// in its done() method and the pipelines will shut down their modules.
if (dataSourceTaskWorker != null) {
dataSourceTaskWorker.cancel(true);
while (!dataSourceTaskWorker.isDone()) {
// Wait.
try {
Thread.sleep(1000);
} catch (InterruptedException ex) {
}
}
dataSourceTaskWorker = null;
}
if (fileTaskWorker != null) {
fileTaskWorker.cancel(true);
while (!fileTaskWorker.isDone()) {
// Wait.
// Cancel the file task workers. They will release their pipelines
// in their done() methods and the pipelines will shut down their
// modules.
for (FileTaskWorker worker : fileTaskWorkers) {
if (worker != null) {
worker.cancel(true);
while (!worker.isDone()) {
try {
Thread.sleep(1000);
} catch (InterruptedException ex) {
}
}
worker = null;
}
fileTaskWorker = null;
}
// Jettision the remaining tasks. This will dispose of any tasks that
@ -364,9 +419,25 @@ public class IngestManager {
* @return true if any module is running, false otherwise
*/
public synchronized boolean isIngestRunning() {
return ((taskSchedulingWorker != null && !taskSchedulingWorker.isDone())
|| (fileTaskWorker != null && !fileTaskWorker.isDone())
|| (fileTaskWorker != null && !fileTaskWorker.isDone()));
// TODO: There is a race condition here with SwingWorker.isDone().
// It probably needs to be addressed at a later date. If we replace the
// SwingWorkers with a thread pool and Runnables, one solution would be
// to check the ingest jobs list.
if (taskSchedulingWorker != null && !taskSchedulingWorker.isDone()) {
return true;
}
if (dataSourceTaskWorker != null && !dataSourceTaskWorker.isDone()) {
return true;
}
for (FileTaskWorker worker : fileTaskWorkers) {
if (worker != null && !worker.isDone()) {
return true;
}
}
return false;
}
/**

7
Core/src/org/sleuthkit/autopsy/report/Bundle.properties
View File

@ -47,6 +47,13 @@ ReportBodyFile.progress.processing=Now processing {0}...
ReportBodyFile.getName.text=TSK Body File
ReportBodyFile.getDesc.text=Body file format report with MAC times for every file. This format can be used for a timeline view.
ReportBodyFile.getFilePath.text=BodyFile.txt
ReportKML.progress.querying=Querying files...
ReportKML.ingestWarning.text=Warning, this report was run before ingest services completed\!
ReportKML.progress.loading=Loading files...
ReportKML.progress.processing=Now processing {0}...
ReportKML.getName.text=Google Earth/KML
ReportKML.getDesc.text=KML format report with coordinates for relevant files. This format can be used for google earth views.
ReportKML.getFilePath.text=ReportKML.kml
ReportBranding.defaultReportTitle.text=Autopsy Forensic Report
ReportBranding.defaultReportFooter.text=Powered by Autopsy Open Source Digital Forensics Platform - www.sleuthkit.org
ReportExcel.numAartifacts.text=Number of artifacts\:

323
Core/src/org/sleuthkit/autopsy/report/ReportKML.java Normal file
View File

@ -0,0 +1,323 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.sleuthkit.autopsy.report;
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 Basis Technology Corp.
* Project Contact/Architect: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import javax.swing.JPanel;
import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.datamodel.*;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.datamodel.BlackboardArtifact;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.logging.Level;
import org.jdom2.Document;
import org.jdom2.Element;
import org.jdom2.Namespace;
import org.jdom2.output.Format;
import org.jdom2.output.XMLOutputter;
import org.apache.commons.lang.StringEscapeUtils;
/**
* ReportBodyFile generates a report in the body file format specified on
* The Sleuth Kit wiki as MD5|name|inode|mode_as_string|UID|GID|size|atime|mtime|ctime|crtime.
*/
class ReportKML implements GeneralReportModule {
private static final Logger logger = Logger.getLogger(ReportKML.class.getName());
private static ReportKML instance = null;
private Case currentCase;
private SleuthkitCase skCase;
private String reportPath;
// Hidden constructor for the report
private ReportKML() {
}
// Get the default implementation of this report
public static synchronized ReportKML getDefault() {
if (instance == null) {
instance = new ReportKML();
}
return instance;
}
/**
* Generates a body file format report for use with the MAC time tool.
* @param path path to save the report
* @param progressPanel panel to update the report's progress
*/
@Override
@SuppressWarnings("deprecation")
public void generateReport(String path, ReportProgressPanel progressPanel) {
// Start the progress bar and setup the report
progressPanel.setIndeterminate(false);
progressPanel.start();
progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportKML.progress.querying"));
reportPath = path + "ReportKML.kml";
String reportPath2 = path + "ReportKML.txt";
currentCase = Case.getCurrentCase();
skCase = currentCase.getSleuthkitCase();
progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportKML.progress.loading"));
// Check if ingest has finished
String ingestwarning = "";
if (IngestManager.getInstance().isIngestRunning()) {
ingestwarning = NbBundle.getMessage(this.getClass(), "ReportBodyFile.ingestWarning.text");
}
progressPanel.setMaximumProgress(5);
progressPanel.increment();
try {
BufferedWriter out = null;
try {
out = new BufferedWriter(new FileWriter(reportPath2));
double lat = 0; // temp latitude
double lon = 0; //temp longitude
AbstractFile aFile;
String geoPath = ""; // will hold values of images to put in kml
String imageName="";
File f;
for (BlackboardArtifact artifact : skCase.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_METADATA_EXIF)) {
lat = 0;
lon = 0;
geoPath = "";
String extractedToPath;
for (BlackboardAttribute attribute : artifact.getAttributes()) {
if (attribute.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE.getTypeID()) //latitude
{
lat = attribute.getValueDouble();
}
if (attribute.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE.getTypeID()) //longitude
{
lon = attribute.getValueDouble();
}
}
if (lon != 0 && lat != 0) {
aFile=artifact.getSleuthkitCase().getAbstractFileById(artifact.getObjectID());
extractedToPath = reportPath +aFile.getName();
geoPath=extractedToPath;
f = new File(extractedToPath);
f.createNewFile();
copyFileUsingStream(aFile,f);
imageName= aFile.getName();
out.write(String.valueOf(lat));
out.write(";");
out.write(String.valueOf(lon));
out.write(";");
out.write(String.valueOf(geoPath));
out.write(";");
out.write(String.valueOf(imageName));
out.write("\n");
// lat lon path name
}
}
out.flush();
out.close();
progressPanel.increment();
/*
* Step 1: generate XML stub
*/
Namespace ns = Namespace.getNamespace("", "http://earth.google.com/kml/2.2");
// kml
Element kml = new Element("kml", ns);
Document kmlDocument = new Document(kml);
// Document
Element document = new Element("Document", ns);
kml.addContent(document);
// name
Element name = new Element("name", ns);
name.setText("Java Generated KML Document");
document.addContent(name);
/*
* Step 2: add in Style elements
*/
// Style
Element style = new Element("Style", ns);
style.setAttribute("id", "redIcon");
document.addContent(style);
// IconStyle
Element iconStyle = new Element("IconStyle", ns);
style.addContent(iconStyle);
// color
Element color = new Element("color", ns);
color.setText("990000ff");
iconStyle.addContent(color);
// Icon
Element icon = new Element("Icon", ns);
iconStyle.addContent(icon);
// href
Element href = new Element("href", ns);
href.setText("http://www.cs.mun.ca/~hoeber/teaching/cs4767/notes/02.1-kml/circle.png");
icon.addContent(href);
progressPanel.increment();
/*
* Step 3: read data from source location and
* add in a Placemark for each data element
*/
File file = new File(reportPath2);
BufferedReader reader;
reader = new BufferedReader(new FileReader(file));
String line = reader.readLine();
while (line != null) {
String[] lineParts = line.split(";");
if (lineParts.length == 4) {
String coordinates = lineParts[1].trim() + "," + lineParts[0].trim(); //lat,lon
// Placemark
Element placemark = new Element("Placemark", ns);
document.addContent(placemark);
// name
Element pmName = new Element("name", ns);
pmName.setText(lineParts[3].trim());
placemark.addContent(pmName);
// Path
Element pmPath = new Element("Path", ns);
pmPath.setText(lineParts[2].trim());
placemark.addContent(pmPath);
// description
Element pmDescription = new Element("description", ns);
String xml= "<![CDATA[ \n" +" <img src='file:///"+lineParts[2].trim()+"' width='400' /><br/&gt; \n" ;
StringEscapeUtils.unescapeXml(xml);
pmDescription.setText(xml);
placemark.addContent(pmDescription);
// styleUrl
Element pmStyleUrl = new Element("styleUrl", ns);
pmStyleUrl.setText("#redIcon");
placemark.addContent(pmStyleUrl);
// Point
Element pmPoint = new Element("Point", ns);
placemark.addContent(pmPoint);
// coordinates
Element pmCoordinates = new Element("coordinates", ns);
pmCoordinates.setText(coordinates);
pmPoint.addContent(pmCoordinates);
}
// read the next line
line = reader.readLine();
}
progressPanel.increment();
/*
* Step 4: write the XML file
*/
try {
XMLOutputter outputter = new XMLOutputter(Format.getPrettyFormat());
FileOutputStream writer = new FileOutputStream(reportPath);
outputter.output(kmlDocument, writer);
writer.close();
} catch (IOException ex) {
logger.log(Level.WARNING, "Could not write the KML file.", ex);
}
} catch (IOException ex) {
logger.log(Level.WARNING, "Could not write the KML report.", ex);
}
progressPanel.complete();
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Failed to get the unique path.", ex);
}
progressPanel.increment();
progressPanel.complete();
}
public static void copyFileUsingStream(AbstractFile file, File jFile) throws IOException {
InputStream is = new ReadContentInputStream(file);
OutputStream os = new FileOutputStream(jFile);
byte[] buffer = new byte[8192];
int length;
try {
while ((length = is.read(buffer)) != -1)
{
os.write(buffer, 0, length);
}
} finally {
is.close();
os.close();
}
}
@Override
public String getName() {
String name = NbBundle.getMessage(this.getClass(), "ReportKML.getName.text");
return name;
}
@Override
public String getFilePath() {
return NbBundle.getMessage(this.getClass(), "ReportKML.getFilePath.text");
}
@Override
public String getExtension() {
String ext = ".txt";
return ext;
}
@Override
public String getDescription() {
String desc = NbBundle.getMessage(this.getClass(), "ReportKML.getDesc.text");
return desc;
}
@Override
public JPanel getConfigurationPanel() {
return null; // No configuration panel
}
}

35
RecentActivity/release/rr-full/plugins/lsasecrets.pl
View File

@ -49,23 +49,30 @@ sub pluginmain {
eval {
::rptMsg("");
::rptMsg("Domain secret - \$MACHINE\.ACC");
my $c = $key->get_subkey("\$MACHINE\.ACC\\CupdTime")->get_value("")->get_data();
my @v = unpack("VV",$c);
my $cupd = gmtime(::getTime($v[0],$v[1]));
::rptMsg("CupdTime = ".$cupd);
my $v1 = $key->get_subkey("\$MACHINE\.ACC\\CupdTime")->get_value("");
if (defined $v1) {
my $c = $v1->get_data();
my @v = unpack("VV",$c);
my $cupd = gmtime(::getTime($v[0],$v[1]));
::rptMsg("CupdTime = ".$cupd);
}
else {
::rptMsg("CupdTime value not found");
}
my $o = $key->get_subkey("\$MACHINE\.ACC\\OupdTime")->get_value("")->get_data();
my @v = unpack("VV",$c);
my $oupd = gmtime(::getTime($v[0],$v[1]));
::rptMsg("OupdTime = ".$oupd);
$v1 = $key->get_subkey("\$MACHINE\.ACC\\OupdTime")->get_value("")
if (defined $v1) {
my $c = $v1->get_data();
my @v = unpack("VV",$c);
my $oupd = gmtime(::getTime($v[0],$v[1]));
::rptMsg("OupdTime = ".$oupd);
}
else {
::rptMsg("OupdTime value not found");
}
};
::rptMsg("Error: ".$@) if ($@);
}
else {
::rptMsg($key_path." not found.");

39
RecentActivity/release/rr-full/plugins/productpolicy.pl
View File

@ -69,29 +69,32 @@ sub pluginmain {
my $key;
my $key_path = "ControlSet00".$curr."\\Control\\ProductOptions";
if ($key = $root_key->get_subkey($key_path)) {
my $prod;
eval {
$prod = $key->get_value("ProductPolicy")->get_data();
my $v1 = $key->get_value("ProductPolicy");
if (defined $v1) {
my $prod = $v1->get_data();
my %pol = parseData($prod);
::rptMsg("");
::rptMsg("Note: This plugin applies to Vista and Windows 2008 ONLY.");
::rptMsg("For a listing of names and values, see:");
::rptMsg("http://www.geoffchappell.com/viewer.htm?doc=notes/windows/license/install.htm&tx=3,5,6;4");
::rptMsg("");
foreach my $p (sort keys %pol) {
::rptMsg($p." - ".$pol{$p});
}
if (exists $prodinfo{$pol{"Kernel\-ProductInfo"}}) {
::rptMsg("");
::rptMsg("Kernel\-ProductInfo = ".$prodinfo{$pol{"Kernel\-ProductInfo"}});
}
}
else {
::rptMsg("Error getting ProductPolicy value");
}
};
if ($@) {
::rptMsg("Error getting ProductPolicy value: $@");
}
else {
my %pol = parseData($prod);
::rptMsg("");
::rptMsg("Note: This plugin applies to Vista and Windows 2008 ONLY.");
::rptMsg("For a listing of names and values, see:");
::rptMsg("http://www.geoffchappell.com/viewer.htm?doc=notes/windows/license/install.htm&tx=3,5,6;4");
::rptMsg("");
foreach my $p (sort keys %pol) {
::rptMsg($p." - ".$pol{$p});
}
if (exists $prodinfo{$pol{"Kernel\-ProductInfo"}}) {
::rptMsg("");
::rptMsg("Kernel\-ProductInfo = ".$prodinfo{$pol{"Kernel\-ProductInfo"}});
}
}
}
else {
::rptMsg($key_path." not found.");

12
RecentActivity/release/rr-full/plugins/skype.pl
View File

@ -45,13 +45,17 @@ sub pluginmain {
::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)");
::rptMsg("");
my $install;
eval {
$install = $key->get_subkey("Installer")->get_value("DonwloadLastModified")->get_data();
::rptMsg("DonwloadLastModified = ".$install);
my $v1 = $install = $key->get_subkey("Installer")->get_value("DonwloadLastModified");
if (defined $v1) {
my $install = $v1->get_data()
::rptMsg("DonwloadLastModified = ".$install);
}
else {
::rptMsg("DonwloadLastModified value not found");
}
};
::rptMsg("DonwloadLastModified value not found: ".$@) if ($@);
}
else {
::rptMsg($key_path." not found.");