mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 18:17:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'release-4.19.2' of https://github.com/sleuthkit/autopsy into 8059-UseQueryReductionForAcctArtifact

Browse Source
This commit is contained in:
William Schaefer 2021-09-29 12:23:17 -04:00
commit d44525f3f5
7 changed files with 216 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Core/src/org/sleuthkit/autopsy/casemodule/IngestJobInfoPanel.java
View File

@ -30,6 +30,7 @@ import java.util.concurrent.CancellationException;
import java.util.concurrent.ExecutionException; import java.util.concurrent.ExecutionException;
import java.util.logging.Level; import java.util.logging.Level;
import javax.swing.JOptionPane; import javax.swing.JOptionPane;
import javax.swing.SwingUtilities;
import javax.swing.SwingWorker; import javax.swing.SwingWorker;
import javax.swing.event.ListSelectionEvent; import javax.swing.event.ListSelectionEvent;
import javax.swing.table.AbstractTableModel; import javax.swing.table.AbstractTableModel;
@ -125,12 +126,15 @@ public final class IngestJobInfoPanel extends javax.swing.JPanel {
} }
} }
this.ingestJobTableModel = new IngestJobTableModel(); this.ingestJobTableModel = new IngestJobTableModel();
this.ingestJobTable.setModel(ingestJobTableModel);
//if there were ingest jobs select the first one by default SwingUtilities.invokeLater(() -> {
if (!ingestJobsForSelectedDataSource.isEmpty()) { this.ingestJobTable.setModel(ingestJobTableModel);
ingestJobTable.setRowSelectionInterval(0, 0); //if there were ingest jobs select the first one by default
} if (!ingestJobsForSelectedDataSource.isEmpty()) {
this.repaint(); ingestJobTable.setRowSelectionInterval(0, 0);
}
this.repaint();
});
} }
/** /**
@ -168,7 +172,7 @@ public final class IngestJobInfoPanel extends javax.swing.JPanel {
} }
} catch (InterruptedException | ExecutionException ex) { } catch (InterruptedException | ExecutionException ex) {
logger.log(Level.WARNING, "Error getting results from Ingest Job Info Panel's refresh worker", ex); logger.log(Level.WARNING, "Error getting results from Ingest Job Info Panel's refresh worker", ex);
} catch (CancellationException ignored){ } catch (CancellationException ignored) {
logger.log(Level.INFO, "The refreshing of the IngestJobInfoPanel was cancelled"); logger.log(Level.INFO, "The refreshing of the IngestJobInfoPanel was cancelled");
} }
} }

126
Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java
View File

@ -42,6 +42,7 @@ import java.util.logging.Level;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import java.util.stream.Stream; import java.util.stream.Stream;
import javax.swing.Action; import javax.swing.Action;
import javax.swing.SwingUtilities;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair; import org.apache.commons.lang3.tuple.Pair;
import org.openide.nodes.Node; import org.openide.nodes.Node;
@ -203,27 +204,7 @@ public class BlackboardArtifactNode extends AbstractContentNode<BlackboardArtifa
contentCache.invalidateAll(); contentCache.invalidateAll();
} }
} else if (eventType.equals(NodeSpecificEvents.SCO_AVAILABLE.toString()) && !UserPreferences.getHideSCOColumns()) { } else if (eventType.equals(NodeSpecificEvents.SCO_AVAILABLE.toString()) && !UserPreferences.getHideSCOColumns()) {
SCOData scoData = (SCOData) evt.getNewValue(); updateSCOColumns((SCOData) evt.getNewValue());
if (scoData.getScoreAndDescription() != null) {
updateSheet(new NodeProperty<>(
Bundle.BlackboardArtifactNode_createSheet_score_name(),
Bundle.BlackboardArtifactNode_createSheet_score_displayName(),
scoData.getScoreAndDescription().getRight(),
scoData.getScoreAndDescription().getLeft()));
}
if (scoData.getComment() != null) {
updateSheet(new NodeProperty<>(
Bundle.BlackboardArtifactNode_createSheet_comment_name(),
Bundle.BlackboardArtifactNode_createSheet_comment_displayName(),
NO_DESCR, scoData.getComment()));
}
if (scoData.getCountAndDescription() != null) {
updateSheet(new NodeProperty<>(
Bundle.BlackboardArtifactNode_createSheet_count_name(),
Bundle.BlackboardArtifactNode_createSheet_count_displayName(),
scoData.getCountAndDescription().getRight(),
scoData.getCountAndDescription().getLeft()));
}
} else if (eventType.equals(FileNameTransTask.getPropertyName())) { } else if (eventType.equals(FileNameTransTask.getPropertyName())) {
/* /*
* Replace the value of the Source File property with the * Replace the value of the Source File property with the
@ -910,14 +891,25 @@ public class BlackboardArtifactNode extends AbstractContentNode<BlackboardArtifa
NO_DESCR, NO_DESCR,
getDisplayName())); getDisplayName()));
boolean scoHasBeenAdded = false; GetSCOTask scoTask = null;
if (artifact instanceof AnalysisResult if (artifact instanceof AnalysisResult
&& !(artifactType.getTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID() && !(artifactType.getTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()
|| artifactType.getTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID())) { || artifactType.getTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID())) {
updateSheetForAnalysisResult((AnalysisResult) artifact, sheetSet); scoTask = updateSheetForAnalysisResult((AnalysisResult) artifact, sheetSet);
scoHasBeenAdded = true; } else {
} /*
* Add the name of the source content of the artifact represented by
* this node to the sheet. The value of this property is the same as
* the display name of the node and this a "special" property that
* displays the node's icon as well as the display name.
*/
sheetSet.put(new NodeProperty<>(
Bundle.BlackboardArtifactNode_createSheet_srcFile_name(),
Bundle.BlackboardArtifactNode_createSheet_srcFile_displayName(),
NO_DESCR,
getDisplayName()));
}
if (TextTranslationService.getInstance().hasProvider() && UserPreferences.displayTranslatedFileNames()) { if (TextTranslationService.getInstance().hasProvider() && UserPreferences.displayTranslatedFileNames()) {
/* /*
* If machine translation is configured, add the original name of * If machine translation is configured, add the original name of
@ -937,8 +929,8 @@ public class BlackboardArtifactNode extends AbstractContentNode<BlackboardArtifa
} }
} }
if (!scoHasBeenAdded) { if (scoTask == null) {
addSCOColumns(sheetSet); scoTask = addSCOColumns(sheetSet);
} }
/* /*
@ -1156,6 +1148,8 @@ public class BlackboardArtifactNode extends AbstractContentNode<BlackboardArtifa
NO_DESCR, NO_DESCR,
path)); path));
} }
backgroundTasksPool.submit(scoTask);
return sheet; return sheet;
} }
@ -1420,8 +1414,14 @@ public class BlackboardArtifactNode extends AbstractContentNode<BlackboardArtifa
* @param result The AnalysisResult the sheet is being created. * @param result The AnalysisResult the sheet is being created.
* @param sheetSet The sheetSet to add the values to. * @param sheetSet The sheetSet to add the values to.
*/ */
private void updateSheetForAnalysisResult(AnalysisResult result, Sheet.Set sheetSet) { private GetSCOTask updateSheetForAnalysisResult(AnalysisResult result, Sheet.Set sheetSet) {
addSCOColumns(sheetSet); sheetSet.put(new NodeProperty<>(
Bundle.BlackboardArtifactNode_analysisSheet_soureName_name(),
Bundle.BlackboardArtifactNode_analysisSheet_soureName_name(),
NO_DESCR,
getDisplayName()));
GetSCOTask task = addSCOColumns(sheetSet);
sheetSet.put(new NodeProperty<>( sheetSet.put(new NodeProperty<>(
Bundle.BlackboardArtifactNode_analysisSheet_sourceType_name(), Bundle.BlackboardArtifactNode_analysisSheet_sourceType_name(),
@ -1452,9 +1452,11 @@ public class BlackboardArtifactNode extends AbstractContentNode<BlackboardArtifa
Bundle.BlackboardArtifactNode_analysisSheet_justifaction_name(), Bundle.BlackboardArtifactNode_analysisSheet_justifaction_name(),
NO_DESCR, NO_DESCR,
result.getJustification())); result.getJustification()));
return task;
} }
private void addSCOColumns(Sheet.Set sheetSet) { private GetSCOTask addSCOColumns(Sheet.Set sheetSet) {
if (!UserPreferences.getHideSCOColumns()) { if (!UserPreferences.getHideSCOColumns()) {
/* /*
* Add S(core), C(omments), and O(ther occurences) columns to the * Add S(core), C(omments), and O(ther occurences) columns to the
@ -1480,8 +1482,9 @@ public class BlackboardArtifactNode extends AbstractContentNode<BlackboardArtifa
VALUE_LOADING, VALUE_LOADING,
"")); ""));
} }
backgroundTasksPool.submit(new GetSCOTask(new WeakReference<>(this), weakListener)); return new GetSCOTask(new WeakReference<>(this), weakListener);
} }
return null;
} }
/** /**
@ -1519,31 +1522,44 @@ public class BlackboardArtifactNode extends AbstractContentNode<BlackboardArtifa
} }
return ""; return "";
} }
/**
* Returns a short description for the given content object.
*
* @param content The content object.
*
* @return A short description/label.
*/
private String getContentShortDescription(Content content) {
if (content != null) {
if (content instanceof BlackboardArtifact) {
try {
return ((BlackboardArtifact) content).getShortDescription();
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Failed to get short description for artifact id=" + content.getId(), ex);
}
}
return content.getName();
}
return "";
}
/** /**
* Sets the displayName and short description for the node. * Update the SCO columns with the data retrieved in the background
* thread.
*
* @param scoData The data for the SCO columns.
*/
private void updateSCOColumns(final SCOData scoData) {
// Make sure this happens in the EDT
SwingUtilities.invokeLater(new Runnable() {
@Override
public void run() {
if (scoData.getScoreAndDescription() != null) {
updateSheet(new NodeProperty<>(
Bundle.BlackboardArtifactNode_createSheet_score_name(),
Bundle.BlackboardArtifactNode_createSheet_score_displayName(),
scoData.getScoreAndDescription().getRight(),
scoData.getScoreAndDescription().getLeft()));
}
if (scoData.getComment() != null) {
updateSheet(new NodeProperty<>(
Bundle.BlackboardArtifactNode_createSheet_comment_name(),
Bundle.BlackboardArtifactNode_createSheet_comment_displayName(),
NO_DESCR, scoData.getComment()));
}
if (scoData.getCountAndDescription() != null) {
updateSheet(new NodeProperty<>(
Bundle.BlackboardArtifactNode_createSheet_count_name(),
Bundle.BlackboardArtifactNode_createSheet_count_displayName(),
scoData.getCountAndDescription().getRight(),
scoData.getCountAndDescription().getLeft()));
}
}
});
}
/**
* Sets the displayName of the node based on the source content.
*/ */
private void setDisplayNameBySourceContent() { private void setDisplayNameBySourceContent() {
if(srcContent instanceof BlackboardArtifact) { if(srcContent instanceof BlackboardArtifact) {

3
Core/src/org/sleuthkit/autopsy/datamodel/Bundle.properties-MERGED
View File

@ -356,6 +356,9 @@ OsAccounts_accountNameProperty_name=Name
OsAccounts_accountRealmNameProperty_desc=OS Account Realm Name OsAccounts_accountRealmNameProperty_desc=OS Account Realm Name
OsAccounts_accountRealmNameProperty_displayName=Realm Name OsAccounts_accountRealmNameProperty_displayName=Realm Name
OsAccounts_accountRealmNameProperty_name=RealmName OsAccounts_accountRealmNameProperty_name=RealmName
OsAccounts_accountScopeNameProperty_desc=OS Account Scope Name
OsAccounts_accountScopeNameProperty_displayName=Scope
OsAccounts_accountScopeNameProperty_name=ScopeName
OsAccounts_createdTimeProperty_desc=OS Account Creation Time OsAccounts_createdTimeProperty_desc=OS Account Creation Time
OsAccounts_createdTimeProperty_displayName=Creation Time OsAccounts_createdTimeProperty_displayName=Creation Time
OsAccounts_createdTimeProperty_name=creationTime OsAccounts_createdTimeProperty_name=creationTime

24
Core/src/org/sleuthkit/autopsy/datamodel/GetSCOTask.java
View File

@ -23,6 +23,7 @@ import java.beans.PropertyChangeListener;
import java.lang.ref.WeakReference; import java.lang.ref.WeakReference;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import org.apache.commons.lang3.tuple.Pair;
import org.openide.util.NbBundle.Messages; import org.openide.util.NbBundle.Messages;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance; import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance;
import org.sleuthkit.autopsy.core.UserPreferences; import org.sleuthkit.autopsy.core.UserPreferences;
@ -30,6 +31,8 @@ import org.sleuthkit.autopsy.events.AutopsyEvent;
import org.sleuthkit.datamodel.Tag; import org.sleuthkit.datamodel.Tag;
import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository; import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeUtil; import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeUtil;
import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable;
import org.sleuthkit.datamodel.Score;
import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.AnalysisResult; import org.sleuthkit.datamodel.AnalysisResult;
import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.Content;
@ -62,12 +65,14 @@ class GetSCOTask implements Runnable {
} }
// get the SCO column values // get the SCO column values
List<Tag> tags = contentNode.getAllTagsFromDatabase(); List<Tag> tags = contentNode.getAllTagsFromDatabase();
SCOData scoData = new SCOData(); Pair<Score, String> scoreAndDescription;
scoData.setScoreAndDescription(contentNode.getScorePropertyAndDescription(tags)); DataResultViewerTable.HasCommentStatus comment;
Pair<Long, String> countAndDescription = null;
scoreAndDescription = contentNode.getScorePropertyAndDescription(tags);
//getting the correlation attribute and setting the comment column is done before the eamdb isEnabled check //getting the correlation attribute and setting the comment column is done before the eamdb isEnabled check
//because the Comment column will reflect the presence of comments in the CR when the CR is enabled, but reflect tag comments regardless //because the Comment column will reflect the presence of comments in the CR when the CR is enabled, but reflect tag comments regardless
String description = Bundle.GetSCOTask_occurrences_defaultDescription(); String description = Bundle.GetSCOTask_occurrences_defaultDescription();
List<CorrelationAttributeInstance> listOfPossibleAttributes = new ArrayList<>(); List<CorrelationAttributeInstance> listOfPossibleAttributes = new ArrayList<>();
Content contentFromNode = contentNode.getContent(); Content contentFromNode = contentNode.getContent();
if (contentFromNode instanceof AbstractFile) { if (contentFromNode instanceof AbstractFile) {
@ -79,7 +84,7 @@ class GetSCOTask implements Runnable {
} else { } else {
//JIRA-TODO : add code for Jira-7938 OsAccounts //JIRA-TODO : add code for Jira-7938 OsAccounts
} }
scoData.setComment(contentNode.getCommentProperty(tags, listOfPossibleAttributes)); comment = contentNode.getCommentProperty(tags, listOfPossibleAttributes);
CorrelationAttributeInstance corInstance = null; CorrelationAttributeInstance corInstance = null;
if (CentralRepository.isEnabled()) { if (CentralRepository.isEnabled()) {
if (listOfPossibleAttributes.size() > 1) { if (listOfPossibleAttributes.size() > 1) {
@ -89,16 +94,19 @@ class GetSCOTask implements Runnable {
//there should only be one item in the list //there should only be one item in the list
corInstance = listOfPossibleAttributes.get(0); corInstance = listOfPossibleAttributes.get(0);
} }
scoData.setCountAndDescription(contentNode.getCountPropertyAndDescription(corInstance, description)); countAndDescription = contentNode.getCountPropertyAndDescription(corInstance, description);
} }
if(Thread.currentThread().isInterrupted()) {
return;
}
// signal SCO data is available. // signal SCO data is available.
if (listener if (listener != null) {
!= null) {
listener.propertyChange(new PropertyChangeEvent( listener.propertyChange(new PropertyChangeEvent(
AutopsyEvent.SourceType.LOCAL.toString(), AutopsyEvent.SourceType.LOCAL.toString(),
AbstractAbstractFileNode.NodeSpecificEvents.SCO_AVAILABLE.toString(), AbstractAbstractFileNode.NodeSpecificEvents.SCO_AVAILABLE.toString(),
null, scoData)); null, new SCOData(scoreAndDescription, comment, countAndDescription)));
} }
} }
} }

52
Core/src/org/sleuthkit/autopsy/datamodel/OsAccounts.java
View File

@ -31,6 +31,8 @@ import java.util.Optional;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import javax.swing.Action; import javax.swing.Action;
import javax.swing.SwingUtilities;
import org.apache.commons.lang3.StringUtils;
import org.openide.nodes.ChildFactory; import org.openide.nodes.ChildFactory;
import org.openide.nodes.Children; import org.openide.nodes.Children;
import org.openide.nodes.Node; import org.openide.nodes.Node;
@ -208,6 +210,8 @@ public final class OsAccounts implements AutopsyVisitableItem {
&& evt.getNewValue() instanceof AsynchOsAcctData && evt.getNewValue() instanceof AsynchOsAcctData
&& ((AsynchOsAcctData) evt.getNewValue()).getOsAccountId() == account.getId()) { && ((AsynchOsAcctData) evt.getNewValue()).getOsAccountId() == account.getId()) {
List<NodeProperty<?>> propertiesToUpdate = new ArrayList<>();
AsynchOsAcctData osAcctData = (AsynchOsAcctData) evt.getNewValue(); AsynchOsAcctData osAcctData = (AsynchOsAcctData) evt.getNewValue();
List<String> realmNames = osAcctData.getOsAcctRealm().getRealmNames(); List<String> realmNames = osAcctData.getOsAcctRealm().getRealmNames();
@ -215,31 +219,42 @@ public final class OsAccounts implements AutopsyVisitableItem {
String realmNamesStr = realmNames.stream() String realmNamesStr = realmNames.stream()
.map(String::trim) .map(String::trim)
.distinct() .distinct()
.sorted((a,b) -> a.compareToIgnoreCase(b)) .sorted((a, b) -> a.compareToIgnoreCase(b))
.collect(Collectors.joining(", ")); .collect(Collectors.joining(", "));
updateSheet(new NodeProperty<>( propertiesToUpdate.add(new NodeProperty<>(
Bundle.OsAccounts_accountRealmNameProperty_name(), Bundle.OsAccounts_accountRealmNameProperty_name(),
Bundle.OsAccounts_accountRealmNameProperty_displayName(), Bundle.OsAccounts_accountRealmNameProperty_displayName(),
Bundle.OsAccounts_accountRealmNameProperty_desc(), Bundle.OsAccounts_accountRealmNameProperty_desc(),
realmNamesStr)); realmNamesStr));
} }
String scopeName = osAcctData.getOsAcctRealm().getScope().getName();
if (StringUtils.isNotBlank(scopeName)) {
propertiesToUpdate.add(new NodeProperty<>(
Bundle.OsAccounts_accountScopeNameProperty_name(),
Bundle.OsAccounts_accountScopeNameProperty_displayName(),
Bundle.OsAccounts_accountScopeNameProperty_desc(),
scopeName));
}
List<Host> hosts = osAcctData.getHosts(); List<Host> hosts = osAcctData.getHosts();
if (!hosts.isEmpty()) { if (!hosts.isEmpty()) {
String hostsString = hosts.stream() String hostsString = hosts.stream()
.map(h -> h.getName().trim()) .map(h -> h.getName().trim())
.distinct() .distinct()
.sorted((a,b) -> a.compareToIgnoreCase(b)) .sorted((a, b) -> a.compareToIgnoreCase(b))
.collect(Collectors.joining(", ")); .collect(Collectors.joining(", "));
updateSheet(new NodeProperty<>( propertiesToUpdate.add(new NodeProperty<>(
Bundle.OsAccounts_accountHostNameProperty_name(), Bundle.OsAccounts_accountHostNameProperty_name(),
Bundle.OsAccounts_accountHostNameProperty_displayName(), Bundle.OsAccounts_accountHostNameProperty_displayName(),
Bundle.OsAccounts_accountHostNameProperty_desc(), Bundle.OsAccounts_accountHostNameProperty_desc(),
hostsString)); hostsString));
} }
SwingUtilities.invokeLater(() ->
updateSheet(propertiesToUpdate.toArray(new NodeProperty<?>[propertiesToUpdate.size()])));
} }
} }
}; };
@ -296,6 +311,9 @@ public final class OsAccounts implements AutopsyVisitableItem {
"OsAccounts_accountHostNameProperty_name=HostName", "OsAccounts_accountHostNameProperty_name=HostName",
"OsAccounts_accountHostNameProperty_displayName=Host", "OsAccounts_accountHostNameProperty_displayName=Host",
"OsAccounts_accountHostNameProperty_desc=OS Account Host Name", "OsAccounts_accountHostNameProperty_desc=OS Account Host Name",
"OsAccounts_accountScopeNameProperty_name=ScopeName",
"OsAccounts_accountScopeNameProperty_displayName=Scope",
"OsAccounts_accountScopeNameProperty_desc=OS Account Scope Name",
"OsAccounts_createdTimeProperty_name=creationTime", "OsAccounts_createdTimeProperty_name=creationTime",
"OsAccounts_createdTimeProperty_displayName=Creation Time", "OsAccounts_createdTimeProperty_displayName=Creation Time",
"OsAccounts_createdTimeProperty_desc=OS Account Creation Time", "OsAccounts_createdTimeProperty_desc=OS Account Creation Time",
@ -332,20 +350,25 @@ public final class OsAccounts implements AutopsyVisitableItem {
Bundle.OsAccounts_loginNameProperty_displayName(), Bundle.OsAccounts_loginNameProperty_displayName(),
Bundle.OsAccounts_loginNameProperty_desc(), Bundle.OsAccounts_loginNameProperty_desc(),
optional.isPresent() ? optional.get() : "")); optional.isPresent() ? optional.get() : ""));
// Fill with empty string, fetch on background task.
String realmName = "";
propertiesSet.put(new NodeProperty<>(
Bundle.OsAccounts_accountRealmNameProperty_name(),
Bundle.OsAccounts_accountRealmNameProperty_displayName(),
Bundle.OsAccounts_accountRealmNameProperty_desc(),
realmName));
String hostName = ""; // Fill with empty string, fetch on background task.
propertiesSet.put(new NodeProperty<>( propertiesSet.put(new NodeProperty<>(
Bundle.OsAccounts_accountHostNameProperty_name(), Bundle.OsAccounts_accountHostNameProperty_name(),
Bundle.OsAccounts_accountHostNameProperty_displayName(), Bundle.OsAccounts_accountHostNameProperty_displayName(),
Bundle.OsAccounts_accountHostNameProperty_desc(), Bundle.OsAccounts_accountHostNameProperty_desc(),
hostName)); ""));
propertiesSet.put(new NodeProperty<>(
Bundle.OsAccounts_accountScopeNameProperty_name(),
Bundle.OsAccounts_accountScopeNameProperty_displayName(),
Bundle.OsAccounts_accountScopeNameProperty_desc(),
""));
propertiesSet.put(new NodeProperty<>(
Bundle.OsAccounts_accountRealmNameProperty_name(),
Bundle.OsAccounts_accountRealmNameProperty_displayName(),
Bundle.OsAccounts_accountRealmNameProperty_desc(),
""));
Optional<Long> creationTimeValue = account.getCreationTime(); Optional<Long> creationTimeValue = account.getCreationTime();
String timeDisplayStr String timeDisplayStr
@ -442,9 +465,10 @@ public final class OsAccounts implements AutopsyVisitableItem {
/** /**
* Main constructor. * Main constructor.
*
* @param osAccountId The id of the os account. * @param osAccountId The id of the os account.
* @param osAcctRealm The realm of the os account. * @param osAcctRealm The realm of the os account.
* @param hosts The hosts that the os account belongs to. * @param hosts The hosts that the os account belongs to.
*/ */
AsynchOsAcctData(long osAccountId, OsAccountRealm osAcctRealm, List<Host> hosts) { AsynchOsAcctData(long osAccountId, OsAccountRealm osAcctRealm, List<Host> hosts) {
this.osAccountId = osAccountId; this.osAccountId = osAccountId;

23
Core/src/org/sleuthkit/autopsy/datamodel/SCOData.java
View File

@ -28,10 +28,16 @@ import org.sleuthkit.datamodel.Score;
*/ */
class SCOData { class SCOData {
private Pair<Score, String> scoreAndDescription = null; private final Pair<Score, String> scoreAndDescription;
private DataResultViewerTable.HasCommentStatus comment = null; private final DataResultViewerTable.HasCommentStatus comment;
private Pair<Long, String> countAndDescription = null; private final Pair<Long, String> countAndDescription;
SCOData (Pair<Score, String> scoreAndDescription, DataResultViewerTable.HasCommentStatus comment, Pair<Long, String> countAndDescription){
this.scoreAndDescription = scoreAndDescription;
this.comment = comment;
this.countAndDescription = countAndDescription;
}
Pair<Score, String> getScoreAndDescription() { Pair<Score, String> getScoreAndDescription() {
return scoreAndDescription; return scoreAndDescription;
} }
@ -43,15 +49,4 @@ class SCOData {
Pair<Long, String> getCountAndDescription() { Pair<Long, String> getCountAndDescription() {
return countAndDescription; return countAndDescription;
} }
void setScoreAndDescription(Pair<Score, String> scoreAndDescription) {
this.scoreAndDescription = scoreAndDescription;
}
void setComment(DataResultViewerTable.HasCommentStatus comment) {
this.comment = comment;
}
void setCountAndDescription(Pair<Long, String> countAndDescription) {
this.countAndDescription = countAndDescription;
}
} }

78
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -61,6 +61,7 @@ import java.util.AbstractMap;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Collection; import java.util.Collection;
import java.util.Collections;
import java.util.Date; import java.util.Date;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
@ -750,7 +751,7 @@ class ExtractRegistry extends Extract {
try{ try{
sid = userMap.getKey(); sid = userMap.getKey();
String userName = userMap.getValue(); String userName = userMap.getValue();
createOrUpdateOsAccount(regFile, sid, userName, null); createOrUpdateOsAccount(regFile, sid, userName, null, null, OsAccountRealm.RealmScope.LOCAL);
} catch(TskCoreException | TskDataException | NotUserSIDException ex) { } catch(TskCoreException | TskDataException | NotUserSIDException ex) {
logger.log(Level.WARNING, String.format("Failed to update Domain for existing OsAccount: %s, sid: %s", regFile.getId(), sid), ex); logger.log(Level.WARNING, String.format("Failed to update Domain for existing OsAccount: %s, sid: %s", regFile.getId(), sid), ex);
} }
@ -862,9 +863,15 @@ class ExtractRegistry extends Extract {
String homeDir = value; String homeDir = value;
String sid = artnode.getAttribute("sid"); //NON-NLS String sid = artnode.getAttribute("sid"); //NON-NLS
String username = artnode.getAttribute("username"); //NON-NLS String username = artnode.getAttribute("username"); //NON-NLS
String domName = domainName;
OsAccountRealm.RealmScope scope = OsAccountRealm.RealmScope.DOMAIN;
if(knownMachineSID(sid)) {
domName = null;
scope = OsAccountRealm.RealmScope.LOCAL;
}
try{ try{
createOrUpdateOsAccount(regFile, sid, username, homeDir); createOrUpdateOsAccount(regFile, sid, username, homeDir, domName, scope);
} catch(TskCoreException | TskDataException | NotUserSIDException ex) { } catch(TskCoreException | TskDataException | NotUserSIDException ex) {
logger.log(Level.SEVERE, String.format("Failed to create OsAccount for file: %s, sid: %s", regFile.getId(), sid), ex); logger.log(Level.SEVERE, String.format("Failed to create OsAccount for file: %s, sid: %s", regFile.getId(), sid), ex);
} }
@ -1105,13 +1112,14 @@ class ExtractRegistry extends Extract {
String sid = optional.get(); String sid = optional.get();
Map<String, String> userInfo = userInfoMap.remove(sid); Map<String, String> userInfo = userInfoMap.remove(sid);
if(userInfo != null) { if(userInfo != null) {
addAccountInstance(accountMgr, osAccount, (DataSource)dataSource);
updateOsAccount(osAccount, userInfo, groupMap.get(sid), regAbstractFile); updateOsAccount(osAccount, userInfo, groupMap.get(sid), regAbstractFile);
} }
} }
//add remaining userinfos as accounts; //add remaining userinfos as accounts;
for (Map<String, String> userInfo : userInfoMap.values()) { for (Map<String, String> userInfo : userInfoMap.values()) {
OsAccount osAccount = accountMgr.newWindowsOsAccount(userInfo.get(SID_KEY), null, domainName, host, domainName != null && !domainName.isEmpty() ? OsAccountRealm.RealmScope.DOMAIN : OsAccountRealm.RealmScope.UNKNOWN); OsAccount osAccount = accountMgr.newWindowsOsAccount(userInfo.get(SID_KEY), null, null, host, OsAccountRealm.RealmScope.LOCAL);
accountMgr.newOsAccountInstance(osAccount, (DataSource)dataSource, OsAccountInstance.OsAccountInstanceType.LAUNCHED); accountMgr.newOsAccountInstance(osAccount, (DataSource)dataSource, OsAccountInstance.OsAccountInstanceType.LAUNCHED);
updateOsAccount(osAccount, userInfo, groupMap.get(userInfo.get(SID_KEY)), regAbstractFile); updateOsAccount(osAccount, userInfo, groupMap.get(userInfo.get(SID_KEY)), regAbstractFile);
} }
@ -1724,6 +1732,42 @@ class ExtractRegistry extends Extract {
return map; return map;
} }
/**
* Strip the machine sid off of the osAccountSID. The returned string will
* include everything in the osAccountSID up to the last -.
*
* @param osAccountSID The SID of the os account.
*
* @return The Machine SID
*/
private String getMachineSID(String osAccountSID) {
int index = osAccountSID.lastIndexOf("-");
return osAccountSID.substring(0, index);
}
private final List<String> machineSIDs = new ArrayList<>();
/**
* Returns true if the machine part of the SID was seen prior
* to ExtractRegistry running.
*
* @param osAccountSID
*
* @return
*/
private boolean knownMachineSID(String osAccountSID) {
if (machineSIDs.isEmpty()) {
Map<String, String> userMap = getUserNameMap();
for (String str : userMap.keySet()) {
String temp = getMachineSID(str);
if (!machineSIDs.contains(temp)) {
machineSIDs.add(temp);
}
}
}
String machineSID = getMachineSID(osAccountSID);
return machineSIDs.contains(machineSID);
}
/** /**
* Returns a mapping of user sids to user names. * Returns a mapping of user sids to user names.
* *
@ -1987,7 +2031,7 @@ class ExtractRegistry extends Extract {
* @throws TskDataException * @throws TskDataException
* @throws OsAccountManager.NotUserSIDException * @throws OsAccountManager.NotUserSIDException
*/ */
private void createOrUpdateOsAccount(AbstractFile file, String sid, String userName, String homeDir) throws TskCoreException, TskDataException, NotUserSIDException { private void createOrUpdateOsAccount(AbstractFile file, String sid, String userName, String homeDir, String domainName, OsAccountRealm.RealmScope realmScope) throws TskCoreException, TskDataException, NotUserSIDException {
OsAccountManager accountMgr = tskCase.getOsAccountManager(); OsAccountManager accountMgr = tskCase.getOsAccountManager();
HostManager hostMrg = tskCase.getHostManager(); HostManager hostMrg = tskCase.getHostManager();
Host host = hostMrg.getHostByDataSource((DataSource)dataSource); Host host = hostMrg.getHostByDataSource((DataSource)dataSource);
@ -1995,13 +2039,14 @@ class ExtractRegistry extends Extract {
Optional<OsAccount> optional = accountMgr.getWindowsOsAccount(sid, null, null, host); Optional<OsAccount> optional = accountMgr.getWindowsOsAccount(sid, null, null, host);
OsAccount osAccount; OsAccount osAccount;
if (!optional.isPresent()) { if (!optional.isPresent()) {
osAccount = accountMgr.newWindowsOsAccount(sid, userName != null && userName.isEmpty() ? null : userName, domainName, host, domainName != null && !domainName.isEmpty()? OsAccountRealm.RealmScope.DOMAIN : OsAccountRealm.RealmScope.UNKNOWN); osAccount = accountMgr.newWindowsOsAccount(sid, userName != null && userName.isEmpty() ? null : userName, domainName, host, realmScope);
accountMgr.newOsAccountInstance(osAccount, (DataSource)dataSource, OsAccountInstance.OsAccountInstanceType.LAUNCHED); accountMgr.newOsAccountInstance(osAccount, (DataSource)dataSource, OsAccountInstance.OsAccountInstanceType.LAUNCHED);
} else { } else {
osAccount = optional.get(); osAccount = optional.get();
if (userName != null && !userName.isEmpty()) { addAccountInstance(accountMgr, osAccount, (DataSource)dataSource);
OsAccountUpdateResult updateResult= accountMgr.updateCoreWindowsOsAccountAttributes(osAccount, null, userName, domainName.isEmpty() ? null : domainName, host); if (userName != null && !userName.isEmpty()) {
osAccount = updateResult.getUpdatedAccount().orElse(osAccount); OsAccountUpdateResult updateResult= accountMgr.updateCoreWindowsOsAccountAttributes(osAccount, null, userName, (domainName == null || domainName.isEmpty()) ? null : domainName, host);
osAccount = updateResult.getUpdatedAccount().orElse(osAccount);
} }
} }
@ -2192,7 +2237,7 @@ class ExtractRegistry extends Extract {
accountMgr.addExtendedOsAccountAttributes(osAccount, attributes); accountMgr.addExtendedOsAccountAttributes(osAccount, attributes);
// update the loginname // update the loginname
accountMgr.updateCoreWindowsOsAccountAttributes(osAccount, null, loginName, domainName.isEmpty() ? null : domainName, host); accountMgr.updateCoreWindowsOsAccountAttributes(osAccount, null, loginName, null, host);
// update other standard attributes - fullname, creationdate // update other standard attributes - fullname, creationdate
accountMgr.updateStandardOsAccountAttributes(osAccount, fullName, null, null, creationTime); accountMgr.updateStandardOsAccountAttributes(osAccount, fullName, null, null, creationTime);
@ -2269,4 +2314,17 @@ class ExtractRegistry extends Extract {
private OsAccountAttribute createOsAccountAttribute(BlackboardAttribute.ATTRIBUTE_TYPE type, Integer value, OsAccount osAccount, Host host, AbstractFile file) { private OsAccountAttribute createOsAccountAttribute(BlackboardAttribute.ATTRIBUTE_TYPE type, Integer value, OsAccount osAccount, Host host, AbstractFile file) {
return osAccount.new OsAccountAttribute(new BlackboardAttribute.Type(type), value, osAccount, host, file); return osAccount.new OsAccountAttribute(new BlackboardAttribute.Type(type), value, osAccount, host, file);
} }
/**
* Adds an account instance for the given data source if one does not already
* exist.
*
* @param accountMgr
* @param osAccount
* @param dataSource
* @throws TskCoreException
*/
private void addAccountInstance(OsAccountManager accountMgr, OsAccount osAccount, DataSource dataSource) throws TskCoreException {
accountMgr.newOsAccountInstance(osAccount, dataSource, OsAccountInstance.OsAccountInstanceType.LAUNCHED);
}
} }