From 59f0afb95ff3667f942573953df575fa1a4acd68 Mon Sep 17 00:00:00 2001 From: Mark McKinnon Date: Tue, 11 Jul 2023 14:37:06 -0400 Subject: [PATCH 01/17] Update NEWS.txt Add updates for version 4.21.0 --- NEWS.txt | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/NEWS.txt b/NEWS.txt index 11c56f01c8..83f6bae954 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -1,3 +1,31 @@ +---------------- VERSION 4.21.0 -------------- +General +- Update Java to version 17 + +Recent Activity Updates: +- Check For Malicious Chrome Extensions + +Ingest Module Updates: +- Inline Keyword Search +- Update aLeapp/iLeapp executables. + +GUI Updates: +- Add "has attachments" flag for email's +- Add ability to delete a logical file/path from logical file + from the DSP before it is run. +- Add ability to add timestamps when adding localfiles as a data source +- Add Score to tree view + +Bugs: +- Fix path for lnk files +- Fix exporting of CSV files + +Misc: +- Update JNA Version +- Update SQLite library version +- Add export for Pasco +- Cyber Triage intergration + ---------------- VERSION 4.20.0 -------------- Recent Activity Updates: - Added Favicons, Profiles and Extensions to Chromium Browsers From 47898d6b8de9d39aa2ee8eaa33393f7fdf772d53 Mon Sep 17 00:00:00 2001 From: Mark McKinnon Date: Tue, 11 Jul 2023 15:04:09 -0400 Subject: [PATCH 02/17] Update NEWS.txt Fix --- NEWS.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NEWS.txt b/NEWS.txt index 83f6bae954..351f0e84e9 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -12,7 +12,7 @@ Ingest Module Updates: GUI Updates: - Add "has attachments" flag for email's - Add ability to delete a logical file/path from logical file - from the DSP before it is run. + DSP panel before it is run. - Add ability to add timestamps when adding localfiles as a data source - Add Score to tree view From 5b0fbaf41f9e1e4abda4ad3fcc03dcd6bccfeef2 Mon Sep 17 00:00:00 2001 From: Mark McKinnon Date: Fri, 14 Jul 2023 09:56:02 -0400 Subject: [PATCH 03/17] Update NEWS.txt Add cve mention --- NEWS.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/NEWS.txt b/NEWS.txt index 351f0e84e9..5a2bd33b57 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -25,6 +25,7 @@ Misc: - Update SQLite library version - Add export for Pasco - Cyber Triage intergration +- Updated 3rd party libraries that have known CVE's ---------------- VERSION 4.20.0 -------------- Recent Activity Updates: From a689f7dae85e6a9fb6e77ae550cb5a227b020d6e Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Wed, 19 Jul 2023 21:34:31 -0400 Subject: [PATCH 04/17] fix so module output goes to case db directory --- Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java b/Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java index c9170b1e68..8e41aa0778 100644 --- a/Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java +++ b/Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java @@ -258,7 +258,10 @@ public final class CaseMetadata { * @return The case directory. */ public String getCaseDirectory() { - return metadataFilePath.getParent().toString(); + File caseDatabaseNameFile = new File(caseDatabaseName); + return (caseDatabaseNameFile.isAbsolute()) + ? caseDatabaseNameFile.getParent() + : metadataFilePath.getParent().toString(); } /** From b2945c113970cea72b83f4ccbacf6e34c32c486e Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Thu, 20 Jul 2023 09:00:24 -0400 Subject: [PATCH 05/17] rely on abs path in xml --- .../sleuthkit/autopsy/casemodule/Case.java | 7 +----- .../autopsy/casemodule/CaseMetadata.java | 23 +++++-------------- 2 files changed, 7 insertions(+), 23 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java index 6ece795e35..aed519c694 100644 --- a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java +++ b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java @@ -2739,12 +2739,7 @@ public class Case { ContentStreamProvider contentProvider = loadContentProvider(metadata.getContentProviderName()); if (CaseType.SINGLE_USER_CASE == metadata.getCaseType()) { - // only prefix with metadata directory if databaseName is a relative path - String fullDatabasePath = (new File(databaseName).isAbsolute()) - ? databaseName - : Paths.get(metadata.getCaseDirectory(), databaseName).toString(); - - caseDb = SleuthkitCase.openCase(fullDatabasePath, contentProvider); + caseDb = SleuthkitCase.openCase(metadata.getCaseDatabasePath(), contentProvider); } else if (UserPreferences.getIsMultiUserModeEnabled()) { caseDb = SleuthkitCase.openCase(databaseName, UserPreferences.getDatabaseConnectionInfo(), metadata.getCaseDirectory(), contentProvider); } else { diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java b/Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java index 8e41aa0778..029290ae98 100644 --- a/Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java +++ b/Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java @@ -29,16 +29,8 @@ import java.nio.file.Path; import java.nio.file.Paths; import java.text.DateFormat; import java.text.SimpleDateFormat; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; import java.util.Date; -import java.util.HashMap; -import java.util.List; import java.util.Locale; -import java.util.Map; -import java.util.Map.Entry; -import java.util.stream.Collectors; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; @@ -51,13 +43,10 @@ import javax.xml.transform.TransformerFactory; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; import org.apache.commons.lang3.StringUtils; -import org.apache.commons.lang3.tuple.Pair; -import org.openide.util.Lookup; import org.sleuthkit.autopsy.coreutils.Version; import org.sleuthkit.autopsy.coreutils.XMLUtil; import org.w3c.dom.Document; import org.w3c.dom.Element; -import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; @@ -121,7 +110,6 @@ public final class CaseMetadata { private static final String SCHEMA_VERSION_SIX = "6.0"; private final static String CONTENT_PROVIDER_ELEMENT_NAME = "ContentProvider"; private final static String CONTENT_PROVIDER_NAME_ELEMENT_NAME = "Name"; - private final static String CONTENT_PROVIDER_ARG_DEFAULT_KEY = "DEFAULT"; /* * Unread fields, regenerated on save. @@ -136,7 +124,7 @@ public final class CaseMetadata { private String caseName; private CaseDetails caseDetails; private String caseDatabaseName; - private String caseDatabasePath; // Legacy + private String caseDatabasePath; private String textIndexName; // Legacy private String createdDate; private String createdByVersion; @@ -640,6 +628,7 @@ public final class CaseMetadata { this.textIndexName = getElementTextContent(caseElement, TEXT_INDEX_ELEMENT, false); break; default: + this.caseDatabasePath = getElementTextContent(caseElement, CASE_DB_ABSOLUTE_PATH_ELEMENT_NAME, false); this.caseDatabaseName = getElementTextContent(caseElement, CASE_DB_NAME_RELATIVE_ELEMENT_NAME, true); this.textIndexName = getElementTextContent(caseElement, TEXT_INDEX_ELEMENT, false); break; @@ -653,7 +642,7 @@ public final class CaseMetadata { */ Path possibleAbsoluteCaseDbPath = Paths.get(this.caseDatabaseName); Path caseDirectoryPath = Paths.get(getCaseDirectory()); - if (possibleAbsoluteCaseDbPath.getNameCount() > 1) { + if (possibleAbsoluteCaseDbPath.toFile().isAbsolute()) { this.caseDatabasePath = this.caseDatabaseName; this.caseDatabaseName = caseDirectoryPath.relativize(possibleAbsoluteCaseDbPath).toString(); } else { @@ -722,12 +711,12 @@ public final class CaseMetadata { * @return The full path to the case database file for a single-user case. * * @throws UnsupportedOperationException If called for a multi-user case. - * @deprecated Do not use. */ - @Deprecated public String getCaseDatabasePath() throws UnsupportedOperationException { if (Case.CaseType.SINGLE_USER_CASE == caseType) { - return Paths.get(getCaseDirectory(), caseDatabaseName).toString(); + return StringUtils.isBlank(this.caseDatabasePath) + ? this.metadataFilePath.resolve(this.caseDatabaseName).toString() + : this.caseDatabasePath; } else { throw new UnsupportedOperationException(); } From 139aaa944bc3b606eb77bea3042f80b08c349b9d Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Thu, 20 Jul 2023 09:18:19 -0400 Subject: [PATCH 06/17] bug fix --- .../org/sleuthkit/autopsy/casemodule/CaseMetadata.java | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java b/Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java index 029290ae98..8cb0509cbd 100644 --- a/Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java +++ b/Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java @@ -246,10 +246,9 @@ public final class CaseMetadata { * @return The case directory. */ public String getCaseDirectory() { - File caseDatabaseNameFile = new File(caseDatabaseName); - return (caseDatabaseNameFile.isAbsolute()) - ? caseDatabaseNameFile.getParent() - : metadataFilePath.getParent().toString(); + return StringUtils.isBlank(this.caseDatabasePath) + ? metadataFilePath.getParent().toString() + : Paths.get(this.caseDatabasePath).getParent().toString(); } /** @@ -645,8 +644,6 @@ public final class CaseMetadata { if (possibleAbsoluteCaseDbPath.toFile().isAbsolute()) { this.caseDatabasePath = this.caseDatabaseName; this.caseDatabaseName = caseDirectoryPath.relativize(possibleAbsoluteCaseDbPath).toString(); - } else { - this.caseDatabasePath = caseDirectoryPath.resolve(caseDatabaseName).toAbsolutePath().toString(); } } catch (ParserConfigurationException | SAXException | IOException ex) { From a245a0ebf705cf50e71b1b0024f5bdd2ff98202b Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Thu, 20 Jul 2023 11:46:52 -0400 Subject: [PATCH 07/17] only open case if provider is valid --- Core/src/org/sleuthkit/autopsy/casemodule/Case.java | 4 ++++ Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java index aed519c694..61e6897393 100644 --- a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java +++ b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java @@ -2729,6 +2729,7 @@ public class Case { "Case.progressMessage.openingCaseDatabase=Opening case database...", "# {0} - exception message", "Case.exceptionMessage.couldNotOpenCaseDatabase=Failed to open case database:\n{0}.", "# {0} - exception message", "Case.exceptionMessage.unsupportedSchemaVersionMessage=Unsupported case database schema version:\n{0}.", + "Case.exceptionMessage.contentProviderCouldNotBeFound=Content provider was specified for the case but could not be loaded.", "Case.open.exception.multiUserCaseNotEnabled=Cannot open a multi-user case if multi-user cases are not enabled. See Tools, Options, Multi-User." }) private void openCaseDataBase(ProgressIndicator progressIndicator) throws CaseActionException { @@ -2737,6 +2738,9 @@ public class Case { String databaseName = metadata.getCaseDatabaseName(); ContentStreamProvider contentProvider = loadContentProvider(metadata.getContentProviderName()); + if (StringUtils.isNotBlank(metadata.getContentProviderName()) && contentProvider == null) { + throw new CaseActionException(Bundle.Case_exceptionMessage_contentProviderCouldNotBeFound()); + } if (CaseType.SINGLE_USER_CASE == metadata.getCaseType()) { caseDb = SleuthkitCase.openCase(metadata.getCaseDatabasePath(), contentProvider); diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java b/Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java index 8cb0509cbd..91566a01bb 100644 --- a/Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java +++ b/Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java @@ -712,7 +712,7 @@ public final class CaseMetadata { public String getCaseDatabasePath() throws UnsupportedOperationException { if (Case.CaseType.SINGLE_USER_CASE == caseType) { return StringUtils.isBlank(this.caseDatabasePath) - ? this.metadataFilePath.resolve(this.caseDatabaseName).toString() + ? this.metadataFilePath.getParent().resolve(this.caseDatabaseName).toString() : this.caseDatabasePath; } else { throw new UnsupportedOperationException(); From e347c53f3df39976f4525b85a0b7bbcf9e7c4c7e Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Thu, 20 Jul 2023 13:28:39 -0400 Subject: [PATCH 08/17] add bundle message --- .../org/sleuthkit/autopsy/casemodule/Bundle.properties-MERGED | 1 + 1 file changed, 1 insertion(+) diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/casemodule/Bundle.properties-MERGED index b671940118..dc96292d9a 100755 --- a/Core/src/org/sleuthkit/autopsy/casemodule/Bundle.properties-MERGED +++ b/Core/src/org/sleuthkit/autopsy/casemodule/Bundle.properties-MERGED @@ -16,6 +16,7 @@ Case.exceptionMessage.cannotDeleteCurrentCase=Cannot delete current case, it mus Case.exceptionMessage.cannotGetLockToDeleteCase=Cannot delete case because it is open for another user or host. Case.exceptionMessage.cannotLocateMainWindow=Cannot locate main application window Case.exceptionMessage.cannotOpenMultiUserCaseNoSettings=Multi-user settings are missing (see Tools, Options, Multi-user tab), cannot open a multi-user case. +Case.exceptionMessage.contentProviderCouldNotBeFound=Content provider was specified for the case but could not be loaded. # {0} - exception message Case.exceptionMessage.couldNotCreatCollaborationMonitor=Failed to create collaboration monitor:\n{0}. # {0} - exception message From 2e8d7be572f490872d371390a2fea1fdfd7b3785 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Tue, 25 Jul 2023 13:03:51 -0400 Subject: [PATCH 09/17] dialog for missing CT provider --- .../df/cybertriage/autopsy/Bundle.properties | 10 ++ .../autopsy/Bundle.properties-MERGED | 7 + .../autopsy/CTIntegrationMissingDialog.form | 144 +++++++++++++++ .../autopsy/CTIntegrationMissingDialog.java | 165 ++++++++++++++++++ 4 files changed, 326 insertions(+) create mode 100644 Core/src/com/basistech/df/cybertriage/autopsy/Bundle.properties create mode 100644 Core/src/com/basistech/df/cybertriage/autopsy/Bundle.properties-MERGED create mode 100644 Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.form create mode 100644 Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.java diff --git a/Core/src/com/basistech/df/cybertriage/autopsy/Bundle.properties b/Core/src/com/basistech/df/cybertriage/autopsy/Bundle.properties new file mode 100644 index 0000000000..4d7a376395 --- /dev/null +++ b/Core/src/com/basistech/df/cybertriage/autopsy/Bundle.properties @@ -0,0 +1,10 @@ + +# Click nbfs://nbhost/SystemFileSystem/Templates/Licenses/license-default.txt to change this license +# Click nbfs://nbhost/SystemFileSystem/Templates/Other/properties.properties to edit this template + + +CTIntegrationMissingDialog.title=Cyber Triage Importer Module Required +CTIntegrationMissingDialog.descriptionLabel.text=

The Cyber Triage Importer Module is required to open this case.

To open this case:

  • Extract the module from the Integrations tab in the Cyber Triage options panel.
  • Select the 'Plugins' option from the 'Tools' menu, and go to the 'Downloaded' tab.
  • Click 'Add Plugins...' and select the path of the plugin.
  • Press 'Install' to finish the installation.
+CTIntegrationMissingDialog.link.text=http://docs.cybertriage.com +CTIntegrationMissingDialog.docsLabel.text=For more information, refer to the Cyber Triage Users Guide +CTIntegrationMissingDialog.okButton.text=OK diff --git a/Core/src/com/basistech/df/cybertriage/autopsy/Bundle.properties-MERGED b/Core/src/com/basistech/df/cybertriage/autopsy/Bundle.properties-MERGED new file mode 100644 index 0000000000..a9a4571ed2 --- /dev/null +++ b/Core/src/com/basistech/df/cybertriage/autopsy/Bundle.properties-MERGED @@ -0,0 +1,7 @@ + +# Click nbfs://nbhost/SystemFileSystem/Templates/Licenses/license-default.txt to change this license +# Click nbfs://nbhost/SystemFileSystem/Templates/Other/properties.properties to edit this template + + +CTIntegrationMissingDialog.title=Cyber Triage Importer Module Required +CTIntegrationMissingDialog.descriptionLabel.text=jLabel1 diff --git a/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.form b/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.form new file mode 100644 index 0000000000..6005c35acc --- /dev/null +++ b/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.form @@ -0,0 +1,144 @@ + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.java b/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.java new file mode 100644 index 0000000000..dbac6f9f55 --- /dev/null +++ b/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.java @@ -0,0 +1,165 @@ +/* + * Autopsy Forensic Browser + * + * Copyright 2023 Basis Technology Corp. + * Contact: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.basistech.df.cybertriage.autopsy; + +import java.awt.Desktop; +import java.io.IOException; +import java.net.URI; +import java.net.URISyntaxException; +import java.util.logging.Level; +import javax.swing.JComponent; +import org.sleuthkit.autopsy.coreutils.Logger; + +/** + * Provides directions with how to enable CT integration with Autopsy when + * trying to open a CT exported case. + */ +public class CTIntegrationMissingDialog extends javax.swing.JDialog { + + private static final String DOCS_PAGE_URL = "http://docs.cybertriage.com"; + + private static final Logger LOGGER = Logger.getLogger(CTIntegrationMissingDialog.class.getName()); + + /** + * Creates new form CTIntegrationMissingDialog + */ + public CTIntegrationMissingDialog(java.awt.Frame parent, boolean modal) { + super(parent, modal); + initComponents(); + } + + /** + * This method is called from within the constructor to initialize the form. + * WARNING: Do NOT modify this code. The content of this method is always + * regenerated by the Form Editor. + */ + @SuppressWarnings("unchecked") + // //GEN-BEGIN:initComponents + private void initComponents() { + java.awt.GridBagConstraints gridBagConstraints; + + javax.swing.JLabel descriptionLabel = new javax.swing.JLabel(); + javax.swing.JLabel docsLabel = new javax.swing.JLabel(); + javax.swing.JLabel link = new javax.swing.JLabel(); + javax.swing.JPanel paddingPanel = new javax.swing.JPanel(); + javax.swing.JButton okButton = new javax.swing.JButton(); + + setDefaultCloseOperation(javax.swing.WindowConstants.DISPOSE_ON_CLOSE); + setTitle(org.openide.util.NbBundle.getMessage(CTIntegrationMissingDialog.class, "CTIntegrationMissingDialog.title")); // NOI18N + setAlwaysOnTop(true); + setMaximumSize(new java.awt.Dimension(500, 190)); + setMinimumSize(new java.awt.Dimension(500, 190)); + setPreferredSize(new java.awt.Dimension(500, 190)); + setResizable(false); + setSize(new java.awt.Dimension(500, 190)); + getContentPane().setLayout(new java.awt.GridBagLayout()); + + org.openide.awt.Mnemonics.setLocalizedText(descriptionLabel, org.openide.util.NbBundle.getMessage(CTIntegrationMissingDialog.class, "CTIntegrationMissingDialog.descriptionLabel.text")); // NOI18N + descriptionLabel.setMinimumSize(new java.awt.Dimension(123, 116)); + gridBagConstraints = new java.awt.GridBagConstraints(); + gridBagConstraints.gridx = 0; + gridBagConstraints.gridy = 0; + gridBagConstraints.gridwidth = 2; + gridBagConstraints.fill = java.awt.GridBagConstraints.HORIZONTAL; + gridBagConstraints.anchor = java.awt.GridBagConstraints.NORTHWEST; + gridBagConstraints.weightx = 1.0; + gridBagConstraints.insets = new java.awt.Insets(5, 5, 5, 5); + getContentPane().add(descriptionLabel, gridBagConstraints); + + org.openide.awt.Mnemonics.setLocalizedText(docsLabel, org.openide.util.NbBundle.getMessage(CTIntegrationMissingDialog.class, "CTIntegrationMissingDialog.docsLabel.text")); // NOI18N + gridBagConstraints = new java.awt.GridBagConstraints(); + gridBagConstraints.gridx = 0; + gridBagConstraints.gridy = 1; + gridBagConstraints.anchor = java.awt.GridBagConstraints.NORTHWEST; + gridBagConstraints.insets = new java.awt.Insets(0, 5, 5, 0); + getContentPane().add(docsLabel, gridBagConstraints); + + org.openide.awt.Mnemonics.setLocalizedText(link, org.openide.util.NbBundle.getMessage(CTIntegrationMissingDialog.class, "CTIntegrationMissingDialog.link.text")); // NOI18N + link.setCursor(new java.awt.Cursor(java.awt.Cursor.HAND_CURSOR)); + link.addMouseListener(new java.awt.event.MouseAdapter() { + public void mouseClicked(java.awt.event.MouseEvent evt) { + linkMouseClicked(evt); + } + }); + gridBagConstraints = new java.awt.GridBagConstraints(); + gridBagConstraints.gridx = 1; + gridBagConstraints.gridy = 1; + gridBagConstraints.fill = java.awt.GridBagConstraints.HORIZONTAL; + gridBagConstraints.anchor = java.awt.GridBagConstraints.NORTHWEST; + gridBagConstraints.insets = new java.awt.Insets(0, 5, 5, 5); + getContentPane().add(link, gridBagConstraints); + + javax.swing.GroupLayout paddingPanelLayout = new javax.swing.GroupLayout(paddingPanel); + paddingPanel.setLayout(paddingPanelLayout); + paddingPanelLayout.setHorizontalGroup( + paddingPanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGap(0, 0, Short.MAX_VALUE) + ); + paddingPanelLayout.setVerticalGroup( + paddingPanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGap(0, 0, Short.MAX_VALUE) + ); + + gridBagConstraints = new java.awt.GridBagConstraints(); + gridBagConstraints.gridx = 0; + gridBagConstraints.gridy = 2; + gridBagConstraints.gridwidth = 2; + gridBagConstraints.weighty = 1.0; + getContentPane().add(paddingPanel, gridBagConstraints); + + org.openide.awt.Mnemonics.setLocalizedText(okButton, org.openide.util.NbBundle.getMessage(CTIntegrationMissingDialog.class, "CTIntegrationMissingDialog.okButton.text")); // NOI18N + okButton.addActionListener(new java.awt.event.ActionListener() { + public void actionPerformed(java.awt.event.ActionEvent evt) { + okButtonActionPerformed(evt); + } + }); + gridBagConstraints = new java.awt.GridBagConstraints(); + gridBagConstraints.gridx = 1; + gridBagConstraints.gridy = 2; + gridBagConstraints.anchor = java.awt.GridBagConstraints.NORTHEAST; + gridBagConstraints.insets = new java.awt.Insets(10, 5, 5, 5); + getContentPane().add(okButton, gridBagConstraints); + + pack(); + }// //GEN-END:initComponents + + private void linkMouseClicked(java.awt.event.MouseEvent evt) {//GEN-FIRST:event_linkMouseClicked + if (Desktop.isDesktopSupported()) { + try { + Desktop.getDesktop().browse(new URI(DOCS_PAGE_URL)); + } catch (IOException | URISyntaxException e) { + LOGGER.log(Level.SEVERE, "Error opening link to: " + DOCS_PAGE_URL, e); + } + } else { + LOGGER.log(Level.WARNING, "Desktop API is not supported. Link cannot be opened."); + } + }//GEN-LAST:event_linkMouseClicked + + private void okButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_okButtonActionPerformed + dispose(); + }//GEN-LAST:event_okButtonActionPerformed + + public void showDialog(JComponent parentComp) { + setLocationRelativeTo(parentComp); + setVisible(true); + } + + // Variables declaration - do not modify//GEN-BEGIN:variables + // End of variables declaration//GEN-END:variables +} From f12361ed43b2ea66cec78b9a120afd622af9b1e7 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Tue, 25 Jul 2023 13:45:21 -0400 Subject: [PATCH 10/17] CT missing dialog --- .../autopsy/Bundle.properties-MERGED | 5 ++++- .../autopsy/CTIntegrationMissingDialog.form | 21 ++++++------------- .../autopsy/CTIntegrationMissingDialog.java | 15 +++++++------ .../sleuthkit/autopsy/casemodule/Case.java | 5 +++++ 4 files changed, 22 insertions(+), 24 deletions(-) diff --git a/Core/src/com/basistech/df/cybertriage/autopsy/Bundle.properties-MERGED b/Core/src/com/basistech/df/cybertriage/autopsy/Bundle.properties-MERGED index a9a4571ed2..4d7a376395 100644 --- a/Core/src/com/basistech/df/cybertriage/autopsy/Bundle.properties-MERGED +++ b/Core/src/com/basistech/df/cybertriage/autopsy/Bundle.properties-MERGED @@ -4,4 +4,7 @@ CTIntegrationMissingDialog.title=Cyber Triage Importer Module Required -CTIntegrationMissingDialog.descriptionLabel.text=jLabel1 +CTIntegrationMissingDialog.descriptionLabel.text=

The Cyber Triage Importer Module is required to open this case.

To open this case:

  • Extract the module from the Integrations tab in the Cyber Triage options panel.
  • Select the 'Plugins' option from the 'Tools' menu, and go to the 'Downloaded' tab.
  • Click 'Add Plugins...' and select the path of the plugin.
  • Press 'Install' to finish the installation.
+CTIntegrationMissingDialog.link.text=http://docs.cybertriage.com +CTIntegrationMissingDialog.docsLabel.text=For more information, refer to the Cyber Triage Users Guide +CTIntegrationMissingDialog.okButton.text=OK diff --git a/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.form b/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.form index 6005c35acc..59955cb3dd 100644 --- a/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.form +++ b/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.form @@ -7,19 +7,7 @@ - - - - - - - - - - - - @@ -35,7 +23,7 @@ - + @@ -46,7 +34,7 @@ - + @@ -64,6 +52,9 @@ + + + @@ -93,7 +84,7 @@ - + diff --git a/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.java b/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.java index dbac6f9f55..98690ced57 100644 --- a/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.java +++ b/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.java @@ -33,9 +33,9 @@ import org.sleuthkit.autopsy.coreutils.Logger; public class CTIntegrationMissingDialog extends javax.swing.JDialog { private static final String DOCS_PAGE_URL = "http://docs.cybertriage.com"; - + private static final Logger LOGGER = Logger.getLogger(CTIntegrationMissingDialog.class.getName()); - + /** * Creates new form CTIntegrationMissingDialog */ @@ -63,15 +63,11 @@ public class CTIntegrationMissingDialog extends javax.swing.JDialog { setDefaultCloseOperation(javax.swing.WindowConstants.DISPOSE_ON_CLOSE); setTitle(org.openide.util.NbBundle.getMessage(CTIntegrationMissingDialog.class, "CTIntegrationMissingDialog.title")); // NOI18N setAlwaysOnTop(true); - setMaximumSize(new java.awt.Dimension(500, 190)); - setMinimumSize(new java.awt.Dimension(500, 190)); - setPreferredSize(new java.awt.Dimension(500, 190)); setResizable(false); - setSize(new java.awt.Dimension(500, 190)); getContentPane().setLayout(new java.awt.GridBagLayout()); org.openide.awt.Mnemonics.setLocalizedText(descriptionLabel, org.openide.util.NbBundle.getMessage(CTIntegrationMissingDialog.class, "CTIntegrationMissingDialog.descriptionLabel.text")); // NOI18N - descriptionLabel.setMinimumSize(new java.awt.Dimension(123, 116)); + descriptionLabel.setMinimumSize(new java.awt.Dimension(483, 116)); gridBagConstraints = new java.awt.GridBagConstraints(); gridBagConstraints.gridx = 0; gridBagConstraints.gridy = 0; @@ -83,6 +79,7 @@ public class CTIntegrationMissingDialog extends javax.swing.JDialog { getContentPane().add(descriptionLabel, gridBagConstraints); org.openide.awt.Mnemonics.setLocalizedText(docsLabel, org.openide.util.NbBundle.getMessage(CTIntegrationMissingDialog.class, "CTIntegrationMissingDialog.docsLabel.text")); // NOI18N + docsLabel.setMinimumSize(new java.awt.Dimension(312, 16)); gridBagConstraints = new java.awt.GridBagConstraints(); gridBagConstraints.gridx = 0; gridBagConstraints.gridy = 1; @@ -102,6 +99,7 @@ public class CTIntegrationMissingDialog extends javax.swing.JDialog { gridBagConstraints.gridy = 1; gridBagConstraints.fill = java.awt.GridBagConstraints.HORIZONTAL; gridBagConstraints.anchor = java.awt.GridBagConstraints.NORTHWEST; + gridBagConstraints.weightx = 1.0; gridBagConstraints.insets = new java.awt.Insets(0, 5, 5, 5); getContentPane().add(link, gridBagConstraints); @@ -156,7 +154,8 @@ public class CTIntegrationMissingDialog extends javax.swing.JDialog { }//GEN-LAST:event_okButtonActionPerformed public void showDialog(JComponent parentComp) { - setLocationRelativeTo(parentComp); + setLocationRelativeTo(parentComp == null ? getParent() : parentComp); + pack(); setVisible(true); } diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java index 61e6897393..45a4d6dff6 100644 --- a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java +++ b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java @@ -18,6 +18,7 @@ */ package org.sleuthkit.autopsy.casemodule; +import com.basistech.df.cybertriage.autopsy.CTIntegrationMissingDialog; import org.sleuthkit.autopsy.featureaccess.FeatureAccessUtils; import com.google.common.annotations.Beta; import com.google.common.eventbus.Subscribe; @@ -177,6 +178,7 @@ public class Case { private static final String CASE_ACTION_THREAD_NAME = "%s-case-action"; private static final String CASE_RESOURCES_THREAD_NAME = "%s-manage-case-resources"; private static final String NO_NODE_ERROR_MSG_FRAGMENT = "KeeperErrorCode = NoNode"; + private static final String CT_PROVIDER_PREFIX = "CTCustomContentProvider_"; private static final Logger logger = Logger.getLogger(Case.class.getName()); private static final AutopsyEventPublisher eventPublisher = new AutopsyEventPublisher(); private static final Object caseActionSerializationLock = new Object(); @@ -2739,6 +2741,9 @@ public class Case { ContentStreamProvider contentProvider = loadContentProvider(metadata.getContentProviderName()); if (StringUtils.isNotBlank(metadata.getContentProviderName()) && contentProvider == null) { + if (metadata.getContentProviderName().trim().toUpperCase().startsWith(CT_PROVIDER_PREFIX.toUpperCase())) { + new CTIntegrationMissingDialog(WindowManager.getDefault().getMainWindow(), true).showDialog(null); + } throw new CaseActionException(Bundle.Case_exceptionMessage_contentProviderCouldNotBeFound()); } From 16ec6a3ad6e63fb7cee6edda65353cbba63f953a Mon Sep 17 00:00:00 2001 From: Brian Carrier Date: Tue, 1 Aug 2023 07:50:12 -0400 Subject: [PATCH 11/17] Update NEWS.txtew --- NEWS.txt | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/NEWS.txt b/NEWS.txt index 5a2bd33b57..9a3e1ba6da 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -1,19 +1,22 @@ ---------------- VERSION 4.21.0 -------------- -General +Library Updates - Update Java to version 17 - -Recent Activity Updates: -- Check For Malicious Chrome Extensions +- Update aLeapp/iLeapp executables. +- Update JNA Version +- Update SQLite library version +- Updated 3rd party libraries that have known CVE's Ingest Module Updates: -- Inline Keyword Search -- Update aLeapp/iLeapp executables. +- Recent Activity checks for malicious Chrome extensions +- Keyword Search module now can search without needing to index text into Solr. +- New Cyber Triage Malware Scanner module that uses Reversing Labs (requires license) + +Add Data Source Updates: +- Timestamps for logical files can be added. +- List of logical files/folders can be edited before they are added. GUI Updates: -- Add "has attachments" flag for email's -- Add ability to delete a logical file/path from logical file - DSP panel before it is run. -- Add ability to add timestamps when adding localfiles as a data source +- Add "has attachments" flag for emails - Add Score to tree view Bugs: @@ -21,11 +24,8 @@ Bugs: - Fix exporting of CSV files Misc: -- Update JNA Version -- Update SQLite library version - Add export for Pasco -- Cyber Triage intergration -- Updated 3rd party libraries that have known CVE's +- Added File Repository concept ---------------- VERSION 4.20.0 -------------- Recent Activity Updates: From f2a32bf710a9f74e28dba587e82cf59e15e60f97 Mon Sep 17 00:00:00 2001 From: Mark McKinnon Date: Tue, 1 Aug 2023 10:17:19 -0400 Subject: [PATCH 12/17] Update NEWS.txt fixes --- NEWS.txt | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/NEWS.txt b/NEWS.txt index 9a3e1ba6da..3ba3ebf9af 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -1,4 +1,4 @@ ----------------- VERSION 4.21.0 -------------- +---------------- VERSION 4.21.0 --------------- Library Updates - Update Java to version 17 - Update aLeapp/iLeapp executables. @@ -7,25 +7,25 @@ Library Updates - Updated 3rd party libraries that have known CVE's Ingest Module Updates: -- Recent Activity checks for malicious Chrome extensions +- Recent Activity checks for malicious Chrome extensions from list provided by https://github.com/randomaccess3/detections - Keyword Search module now can search without needing to index text into Solr. - New Cyber Triage Malware Scanner module that uses Reversing Labs (requires license) Add Data Source Updates: -- Timestamps for logical files can be added. -- List of logical files/folders can be edited before they are added. +- Timestamps for logical files can be added. Issue https://github.com/sleuthkit/autopsy/issues/5852, https://github.com/sleuthkit/autopsy/issues/1788 +- List of logical files/folders can be edited before they are added. Issue https://github.com/sleuthkit/autopsy/issues/7347 GUI Updates: -- Add "has attachments" flag for emails +- Add "has attachments" flag for emails. Issue https://github.com/sleuthkit/autopsy/issues/7358 - Add Score to tree view Bugs: - Fix path for lnk files -- Fix exporting of CSV files +- Fix exporting of CSV files. Issue https://github.com/sleuthkit/autopsy/issues/6717 Misc: -- Add export for Pasco - Added File Repository concept +- Added Spanish language support, contributor https://github.com/AburtoArielPM ---------------- VERSION 4.20.0 -------------- Recent Activity Updates: From dde67efc0966fe9ebe27f446dc5bc8f74f025ca7 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Tue, 1 Aug 2023 11:45:08 -0400 Subject: [PATCH 13/17] centralize link and rename provider --- .../basistech/df/cybertriage/autopsy/Bundle.properties | 1 - .../cybertriage/autopsy/CTIntegrationMissingDialog.form | 8 ++------ .../cybertriage/autopsy/CTIntegrationMissingDialog.java | 5 +++-- Core/src/org/sleuthkit/autopsy/casemodule/Case.java | 2 +- 4 files changed, 6 insertions(+), 10 deletions(-) diff --git a/Core/src/com/basistech/df/cybertriage/autopsy/Bundle.properties b/Core/src/com/basistech/df/cybertriage/autopsy/Bundle.properties index 4d7a376395..caab36116d 100644 --- a/Core/src/com/basistech/df/cybertriage/autopsy/Bundle.properties +++ b/Core/src/com/basistech/df/cybertriage/autopsy/Bundle.properties @@ -5,6 +5,5 @@ CTIntegrationMissingDialog.title=Cyber Triage Importer Module Required CTIntegrationMissingDialog.descriptionLabel.text=

The Cyber Triage Importer Module is required to open this case.

To open this case:

  • Extract the module from the Integrations tab in the Cyber Triage options panel.
  • Select the 'Plugins' option from the 'Tools' menu, and go to the 'Downloaded' tab.
  • Click 'Add Plugins...' and select the path of the plugin.
  • Press 'Install' to finish the installation.
-CTIntegrationMissingDialog.link.text=http://docs.cybertriage.com CTIntegrationMissingDialog.docsLabel.text=For more information, refer to the Cyber Triage Users Guide CTIntegrationMissingDialog.okButton.text=OK diff --git a/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.form b/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.form index 59955cb3dd..e61f2f6cbd 100644 --- a/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.form +++ b/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.form @@ -68,8 +68,8 @@ - - + + @@ -78,10 +78,6 @@ - - - - diff --git a/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.java b/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.java index 98690ced57..8fbec4abef 100644 --- a/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.java +++ b/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.java @@ -56,7 +56,7 @@ public class CTIntegrationMissingDialog extends javax.swing.JDialog { javax.swing.JLabel descriptionLabel = new javax.swing.JLabel(); javax.swing.JLabel docsLabel = new javax.swing.JLabel(); - javax.swing.JLabel link = new javax.swing.JLabel(); + link = new javax.swing.JLabel(); javax.swing.JPanel paddingPanel = new javax.swing.JPanel(); javax.swing.JButton okButton = new javax.swing.JButton(); @@ -87,7 +87,7 @@ public class CTIntegrationMissingDialog extends javax.swing.JDialog { gridBagConstraints.insets = new java.awt.Insets(0, 5, 5, 0); getContentPane().add(docsLabel, gridBagConstraints); - org.openide.awt.Mnemonics.setLocalizedText(link, org.openide.util.NbBundle.getMessage(CTIntegrationMissingDialog.class, "CTIntegrationMissingDialog.link.text")); // NOI18N + org.openide.awt.Mnemonics.setLocalizedText(link, "" + DOCS_PAGE_URL + ""); link.setCursor(new java.awt.Cursor(java.awt.Cursor.HAND_CURSOR)); link.addMouseListener(new java.awt.event.MouseAdapter() { public void mouseClicked(java.awt.event.MouseEvent evt) { @@ -160,5 +160,6 @@ public class CTIntegrationMissingDialog extends javax.swing.JDialog { } // Variables declaration - do not modify//GEN-BEGIN:variables + private javax.swing.JLabel link; // End of variables declaration//GEN-END:variables } diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java index 45a4d6dff6..b1d2f28c31 100644 --- a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java +++ b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java @@ -178,7 +178,7 @@ public class Case { private static final String CASE_ACTION_THREAD_NAME = "%s-case-action"; private static final String CASE_RESOURCES_THREAD_NAME = "%s-manage-case-resources"; private static final String NO_NODE_ERROR_MSG_FRAGMENT = "KeeperErrorCode = NoNode"; - private static final String CT_PROVIDER_PREFIX = "CTCustomContentProvider_"; + private static final String CT_PROVIDER_PREFIX = "CTStandardContentProvider_"; private static final Logger logger = Logger.getLogger(Case.class.getName()); private static final AutopsyEventPublisher eventPublisher = new AutopsyEventPublisher(); private static final Object caseActionSerializationLock = new Object(); From f27b432fe3885ab930d2615a01f8e490ac21d2cf Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Tue, 1 Aug 2023 13:58:25 -0400 Subject: [PATCH 14/17] fix for bundle --- .../basistech/df/cybertriage/autopsy/Bundle.properties-MERGED | 1 - 1 file changed, 1 deletion(-) diff --git a/Core/src/com/basistech/df/cybertriage/autopsy/Bundle.properties-MERGED b/Core/src/com/basistech/df/cybertriage/autopsy/Bundle.properties-MERGED index 4d7a376395..caab36116d 100644 --- a/Core/src/com/basistech/df/cybertriage/autopsy/Bundle.properties-MERGED +++ b/Core/src/com/basistech/df/cybertriage/autopsy/Bundle.properties-MERGED @@ -5,6 +5,5 @@ CTIntegrationMissingDialog.title=Cyber Triage Importer Module Required CTIntegrationMissingDialog.descriptionLabel.text=

The Cyber Triage Importer Module is required to open this case.

To open this case:

  • Extract the module from the Integrations tab in the Cyber Triage options panel.
  • Select the 'Plugins' option from the 'Tools' menu, and go to the 'Downloaded' tab.
  • Click 'Add Plugins...' and select the path of the plugin.
  • Press 'Install' to finish the installation.
-CTIntegrationMissingDialog.link.text=http://docs.cybertriage.com CTIntegrationMissingDialog.docsLabel.text=For more information, refer to the Cyber Triage Users Guide CTIntegrationMissingDialog.okButton.text=OK From e4fb10458f1456fba13f62c95eff83cab04b8fb1 Mon Sep 17 00:00:00 2001 From: Brian Carrier Date: Tue, 15 Aug 2023 14:02:44 -0400 Subject: [PATCH 15/17] added malware scanner doc template --- docs/doxygen-user/ct_malware_scanner.dox | 57 ++++++++++++++++++++++++ docs/doxygen-user/main.dox | 1 + 2 files changed, 58 insertions(+) create mode 100644 docs/doxygen-user/ct_malware_scanner.dox diff --git a/docs/doxygen-user/ct_malware_scanner.dox b/docs/doxygen-user/ct_malware_scanner.dox new file mode 100644 index 0000000000..196a4d5b00 --- /dev/null +++ b/docs/doxygen-user/ct_malware_scanner.dox @@ -0,0 +1,57 @@ +/*! \page ct_malware_scanner_page Cyber Triage Malware Scanner Module + +[TOC] + +What Does It Do +======== + +The Cyber Triage Malware Scanner module will use the malware scanning infrastructure from Cyber Triage to identify if any Windows executables are malware. It will query an online service using the file's hash value to see if the file was already analyzed and allows you to upload files for analysis if they are new. + +This module requires a commercial license from Cyber Triage. + +For more information on obtaining a license, refer to [CyberTriage.com](https://cybertriage.com/autopsy-malware-module). The remainder of this page is about the use of the module once it is licensed. + + +Configuration +======= + +Once you have a license, you must add it on the Options panel. Choose the 'Cyber Triage' tab and choose 'Add License'. + + +IMAGE + +After you enter the license number that you should have received from your email, you will then need to review and agree to the license terms. + + +The options panel should now display information about the lookup limits. You can always refer back to here about what your limits are and when they reset. + +IMAGE + + + +Using the Module +====== + +Ingest Settings +------ + +For each data source, you select if you want files to be uploaded if they have not already been analyzed. By default, they are uploaded. You can choose to not upload them though. + +IMAGE + + + +Out of Scans +------- + +If you go beyond your limits, you will get a dialog that not all files were analyzed. You can wait until your limits reset and then start ingest again with only the malware scanning module enabled. It will ignore the files that are already analyzed. + + +Seeing Results +------ + +Once ingest has completed, the files with malware will be listed in the Malware node in the tree. + +IMAGE + +*/ diff --git a/docs/doxygen-user/main.dox b/docs/doxygen-user/main.dox index a31367ff6c..193a5abcba 100644 --- a/docs/doxygen-user/main.dox +++ b/docs/doxygen-user/main.dox @@ -58,6 +58,7 @@ The following topics are available here: - \subpage ileapp_page - \subpage aleapp_page - \subpage yara_page + - \subpage ct_malware_scanner_page - Reviewing the Results - \subpage uilayout_page From 797e26569fa879d6dd82066f4061a5787c5904bf Mon Sep 17 00:00:00 2001 From: Brian Carrier Date: Tue, 15 Aug 2023 14:08:20 -0400 Subject: [PATCH 16/17] Update CTIntegrationMissingDialog.java --- .../df/cybertriage/autopsy/CTIntegrationMissingDialog.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.java b/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.java index 8fbec4abef..9e534c9833 100644 --- a/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.java +++ b/Core/src/com/basistech/df/cybertriage/autopsy/CTIntegrationMissingDialog.java @@ -32,7 +32,7 @@ import org.sleuthkit.autopsy.coreutils.Logger; */ public class CTIntegrationMissingDialog extends javax.swing.JDialog { - private static final String DOCS_PAGE_URL = "http://docs.cybertriage.com"; + private static final String DOCS_PAGE_URL = "https://docs.cybertriage.com/en/latest/chapters/integrations/autopsy.html"; private static final Logger LOGGER = Logger.getLogger(CTIntegrationMissingDialog.class.getName()); From 43d9352a1a748cf210678c33ac1e5f01adb5451f Mon Sep 17 00:00:00 2001 From: Brian Carrier Date: Tue, 15 Aug 2023 14:12:42 -0400 Subject: [PATCH 17/17] updated news --- NEWS.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NEWS.txt b/NEWS.txt index 3ba3ebf9af..b8db91ca62 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -24,7 +24,7 @@ Bugs: - Fix exporting of CSV files. Issue https://github.com/sleuthkit/autopsy/issues/6717 Misc: -- Added File Repository concept +- Added File Repository concept for data source files that are in a central location - Added Spanish language support, contributor https://github.com/AburtoArielPM ---------------- VERSION 4.20.0 --------------