mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-17 18:17:43 +00:00
Merge remote-tracking branch 'upstream/master'
This commit is contained in:
commit
de9a676a64
@ -30,7 +30,7 @@
|
|||||||
</Group>
|
</Group>
|
||||||
<Group type="102" alignment="0" attributes="0">
|
<Group type="102" alignment="0" attributes="0">
|
||||||
<Component id="caseNameLabel" min="-2" max="-2" attributes="0"/>
|
<Component id="caseNameLabel" min="-2" max="-2" attributes="0"/>
|
||||||
<EmptySpace min="-2" pref="26" max="-2" attributes="0"/>
|
<EmptySpace max="32767" attributes="0"/>
|
||||||
<Component id="caseNameTextField" min="-2" pref="296" max="-2" attributes="0"/>
|
<Component id="caseNameTextField" min="-2" pref="296" max="-2" attributes="0"/>
|
||||||
</Group>
|
</Group>
|
||||||
<Component id="caseDirTextField" alignment="0" min="-2" pref="380" max="-2" attributes="1"/>
|
<Component id="caseDirTextField" alignment="0" min="-2" pref="380" max="-2" attributes="1"/>
|
||||||
@ -51,7 +51,7 @@
|
|||||||
<EmptySpace type="separate" max="-2" attributes="0"/>
|
<EmptySpace type="separate" max="-2" attributes="0"/>
|
||||||
<Group type="103" groupAlignment="3" attributes="0">
|
<Group type="103" groupAlignment="3" attributes="0">
|
||||||
<Component id="caseNameLabel" alignment="3" min="-2" max="-2" attributes="0"/>
|
<Component id="caseNameLabel" alignment="3" min="-2" max="-2" attributes="0"/>
|
||||||
<Component id="caseNameTextField" alignment="3" min="-2" pref="20" max="-2" attributes="0"/>
|
<Component id="caseNameTextField" alignment="3" min="-2" max="-2" attributes="0"/>
|
||||||
</Group>
|
</Group>
|
||||||
<EmptySpace type="unrelated" max="-2" attributes="0"/>
|
<EmptySpace type="unrelated" max="-2" attributes="0"/>
|
||||||
<Group type="103" groupAlignment="3" attributes="0">
|
<Group type="103" groupAlignment="3" attributes="0">
|
||||||
|
@ -93,7 +93,7 @@ final class NewCaseVisualPanel1 extends JPanel implements DocumentListener{
|
|||||||
jLabel2 = new javax.swing.JLabel();
|
jLabel2 = new javax.swing.JLabel();
|
||||||
caseDirTextField = new javax.swing.JTextField();
|
caseDirTextField = new javax.swing.JTextField();
|
||||||
|
|
||||||
jLabel1.setFont(new java.awt.Font("Tahoma", 1, 14));
|
jLabel1.setFont(new java.awt.Font("Tahoma", 1, 14)); // NOI18N
|
||||||
org.openide.awt.Mnemonics.setLocalizedText(jLabel1, org.openide.util.NbBundle.getMessage(NewCaseVisualPanel1.class, "NewCaseVisualPanel1.jLabel1.text_1")); // NOI18N
|
org.openide.awt.Mnemonics.setLocalizedText(jLabel1, org.openide.util.NbBundle.getMessage(NewCaseVisualPanel1.class, "NewCaseVisualPanel1.jLabel1.text_1")); // NOI18N
|
||||||
|
|
||||||
org.openide.awt.Mnemonics.setLocalizedText(caseNameLabel, org.openide.util.NbBundle.getMessage(NewCaseVisualPanel1.class, "NewCaseVisualPanel1.caseNameLabel.text_1")); // NOI18N
|
org.openide.awt.Mnemonics.setLocalizedText(caseNameLabel, org.openide.util.NbBundle.getMessage(NewCaseVisualPanel1.class, "NewCaseVisualPanel1.caseNameLabel.text_1")); // NOI18N
|
||||||
@ -133,7 +133,7 @@ final class NewCaseVisualPanel1 extends JPanel implements DocumentListener{
|
|||||||
.addComponent(caseParentDirTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 296, javax.swing.GroupLayout.PREFERRED_SIZE))
|
.addComponent(caseParentDirTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 296, javax.swing.GroupLayout.PREFERRED_SIZE))
|
||||||
.addGroup(javax.swing.GroupLayout.Alignment.LEADING, layout.createSequentialGroup()
|
.addGroup(javax.swing.GroupLayout.Alignment.LEADING, layout.createSequentialGroup()
|
||||||
.addComponent(caseNameLabel)
|
.addComponent(caseNameLabel)
|
||||||
.addGap(26, 26, 26)
|
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
|
||||||
.addComponent(caseNameTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 296, javax.swing.GroupLayout.PREFERRED_SIZE))
|
.addComponent(caseNameTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 296, javax.swing.GroupLayout.PREFERRED_SIZE))
|
||||||
.addComponent(caseDirTextField, javax.swing.GroupLayout.Alignment.LEADING, javax.swing.GroupLayout.PREFERRED_SIZE, 380, javax.swing.GroupLayout.PREFERRED_SIZE))
|
.addComponent(caseDirTextField, javax.swing.GroupLayout.Alignment.LEADING, javax.swing.GroupLayout.PREFERRED_SIZE, 380, javax.swing.GroupLayout.PREFERRED_SIZE))
|
||||||
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
|
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
|
||||||
@ -148,7 +148,7 @@ final class NewCaseVisualPanel1 extends JPanel implements DocumentListener{
|
|||||||
.addGap(18, 18, 18)
|
.addGap(18, 18, 18)
|
||||||
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
|
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
|
||||||
.addComponent(caseNameLabel)
|
.addComponent(caseNameLabel)
|
||||||
.addComponent(caseNameTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 20, javax.swing.GroupLayout.PREFERRED_SIZE))
|
.addComponent(caseNameTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))
|
||||||
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
|
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
|
||||||
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
|
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
|
||||||
.addComponent(caseDirLabel)
|
.addComponent(caseDirLabel)
|
||||||
|
@ -105,11 +105,7 @@ public class Installer extends ModuleInstall {
|
|||||||
}
|
}
|
||||||
|
|
||||||
final String[] UI_MENU_ITEM_KEYS = new String[]{"MenuBarUI",
|
final String[] UI_MENU_ITEM_KEYS = new String[]{"MenuBarUI",
|
||||||
"MenuUI",
|
};
|
||||||
"MenuItemUI",
|
|
||||||
"CheckBoxMenuItemUI",
|
|
||||||
"RadioButtonMenuItemUI",
|
|
||||||
"PopupMenuUI"};
|
|
||||||
|
|
||||||
Map<Object, Object> uiEntries = new TreeMap<Object, Object>();
|
Map<Object, Object> uiEntries = new TreeMap<Object, Object>();
|
||||||
|
|
||||||
|
@ -19,6 +19,7 @@
|
|||||||
package org.sleuthkit.autopsy.datamodel;
|
package org.sleuthkit.autopsy.datamodel;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
import java.util.Arrays;
|
||||||
import java.util.LinkedHashMap;
|
import java.util.LinkedHashMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
@ -45,6 +46,15 @@ public class BlackboardArtifactNode extends DisplayableItemNode {
|
|||||||
private Content associated;
|
private Content associated;
|
||||||
private List<NodeProperty> customProperties;
|
private List<NodeProperty> customProperties;
|
||||||
static final Logger logger = Logger.getLogger(BlackboardArtifactNode.class.getName());
|
static final Logger logger = Logger.getLogger(BlackboardArtifactNode.class.getName());
|
||||||
|
/**
|
||||||
|
* Artifact types which should have the associated content's full unique path
|
||||||
|
* as a property.
|
||||||
|
*/
|
||||||
|
private static final Integer[] SHOW_UNIQUE_PATH = new Integer[] {
|
||||||
|
BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID(),
|
||||||
|
BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID(),
|
||||||
|
BlackboardArtifact.ARTIFACT_TYPE.TSK_TAG_FILE.getTypeID(),
|
||||||
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Construct blackboard artifact node from an artifact and using provided
|
* Construct blackboard artifact node from an artifact and using provided
|
||||||
@ -107,30 +117,38 @@ public class BlackboardArtifactNode extends DisplayableItemNode {
|
|||||||
entry.getValue()));
|
entry.getValue()));
|
||||||
}
|
}
|
||||||
|
|
||||||
String path = "";
|
|
||||||
try {
|
|
||||||
path = associated.getUniquePath();
|
|
||||||
} catch (TskCoreException ex) {
|
|
||||||
logger.log(Level.SEVERE, "Except while calling Content.getUniquePath() on " + associated);
|
|
||||||
}
|
|
||||||
final int artifactTypeID = artifact.getArtifactTypeID();
|
|
||||||
|
|
||||||
//custom additional properties
|
|
||||||
//TODO use addNodeProperty() instead of hardcoding here
|
|
||||||
if (artifactTypeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()
|
|
||||||
|| artifactTypeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
|
|
||||||
ss.put(new NodeProperty("File Path",
|
|
||||||
"File Path",
|
|
||||||
NO_DESCR,
|
|
||||||
path));
|
|
||||||
}
|
|
||||||
|
|
||||||
//append custom node properties
|
//append custom node properties
|
||||||
if (customProperties != null) {
|
if (customProperties != null) {
|
||||||
for (NodeProperty np : customProperties) {
|
for (NodeProperty np : customProperties) {
|
||||||
ss.put(np);
|
ss.put(np);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
final int artifactTypeId = artifact.getArtifactTypeID();
|
||||||
|
|
||||||
|
if (Arrays.asList(SHOW_UNIQUE_PATH).contains(artifactTypeId)) {
|
||||||
|
String sourcePath = "";
|
||||||
|
try {
|
||||||
|
sourcePath = associated.getUniquePath();
|
||||||
|
} catch (TskCoreException ex) {
|
||||||
|
logger.log(Level.WARNING, "Failed to get unique path from: " + associated.getName());
|
||||||
|
}
|
||||||
|
|
||||||
|
if (sourcePath.isEmpty() == false) {
|
||||||
|
ss.put(new NodeProperty("File Path", "File Path",
|
||||||
|
NO_DESCR, sourcePath));
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
String dataSource = "";
|
||||||
|
try {
|
||||||
|
dataSource = associated.getImage().getName();
|
||||||
|
} catch (TskCoreException ex) {
|
||||||
|
logger.log(Level.WARNING, "Failed to get image name from " + associated.getName());
|
||||||
|
}
|
||||||
|
|
||||||
|
if (dataSource.isEmpty() == false) {
|
||||||
|
ss.put(new NodeProperty("Data Source", "Data Source",
|
||||||
|
NO_DESCR, dataSource));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return s;
|
return s;
|
||||||
|
@ -417,20 +417,6 @@ public class Tags implements AutopsyVisitableItem {
|
|||||||
tagNode.addNodeProperty(resultTypeProp);
|
tagNode.addNodeProperty(resultTypeProp);
|
||||||
|
|
||||||
}
|
}
|
||||||
try {
|
|
||||||
//add source path property
|
|
||||||
final AbstractFile sourceFile = skCase.getAbstractFileById(artifact.getObjectID());
|
|
||||||
final String sourcePath = sourceFile.getUniquePath();
|
|
||||||
NodeProperty sourcePathProp = new NodeProperty("Source File Path",
|
|
||||||
"Source File Path",
|
|
||||||
NO_DESCR,
|
|
||||||
sourcePath);
|
|
||||||
|
|
||||||
|
|
||||||
tagNode.addNodeProperty(sourcePathProp);
|
|
||||||
} catch (TskCoreException ex) {
|
|
||||||
logger.log(Level.SEVERE, "Error getting a file from artifact to get source file path for a tag, ", ex);
|
|
||||||
}
|
|
||||||
|
|
||||||
return tagNode;
|
return tagNode;
|
||||||
}
|
}
|
||||||
|
@ -22,6 +22,7 @@ package org.sleuthkit.autopsy.directorytree;
|
|||||||
import java.awt.event.ActionEvent;
|
import java.awt.event.ActionEvent;
|
||||||
import java.util.logging.Level;
|
import java.util.logging.Level;
|
||||||
import javax.swing.AbstractAction;
|
import javax.swing.AbstractAction;
|
||||||
|
import javax.swing.SwingUtilities;
|
||||||
import org.openide.nodes.Node;
|
import org.openide.nodes.Node;
|
||||||
import org.openide.windows.Mode;
|
import org.openide.windows.Mode;
|
||||||
import org.openide.windows.WindowManager;
|
import org.openide.windows.WindowManager;
|
||||||
@ -63,12 +64,20 @@ public class NewWindowViewAction extends AbstractAction{
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
DataContentTopComponent dctc = DataContentTopComponent.createUndocked(name, this.contentNode);
|
final DataContentTopComponent dctc = DataContentTopComponent.createUndocked(name, null);
|
||||||
|
|
||||||
Mode m = WindowManager.getDefault().findMode("outputFloat");
|
Mode m = WindowManager.getDefault().findMode("outputFloat");
|
||||||
m.dockInto(dctc);
|
m.dockInto(dctc);
|
||||||
dctc.open();
|
dctc.open();
|
||||||
|
|
||||||
|
// Queue setting the node on the EDT thread to be done later so the dctc
|
||||||
|
// can completely initialize.
|
||||||
|
SwingUtilities.invokeLater(new Runnable() {
|
||||||
|
@Override
|
||||||
|
public void run() {
|
||||||
|
dctc.setNode(contentNode);
|
||||||
|
}
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -830,13 +830,13 @@ public class ReportGenerator {
|
|||||||
|
|
||||||
switch (type) {
|
switch (type) {
|
||||||
case TSK_WEB_BOOKMARK:
|
case TSK_WEB_BOOKMARK:
|
||||||
columnHeaders = new ArrayList<>(Arrays.asList(new String[] {"URL", "Title", "Date Accessed", "Program", "Source File"}));
|
columnHeaders = new ArrayList<>(Arrays.asList(new String[] {"URL", "Title", "Date Created", "Program", "Source File"}));
|
||||||
break;
|
break;
|
||||||
case TSK_WEB_COOKIE:
|
case TSK_WEB_COOKIE:
|
||||||
columnHeaders = new ArrayList<>(Arrays.asList(new String[] {"URL", "Date/Time", "Name", "Value", "Program", "Source File"}));
|
columnHeaders = new ArrayList<>(Arrays.asList(new String[] {"URL", "Date/Time", "Name", "Value", "Program", "Source File"}));
|
||||||
break;
|
break;
|
||||||
case TSK_WEB_HISTORY:
|
case TSK_WEB_HISTORY:
|
||||||
columnHeaders = new ArrayList<>(Arrays.asList(new String[] {"URL", "Date Accessed", "Referrer", "Name", "Program", "Source File"}));
|
columnHeaders = new ArrayList<>(Arrays.asList(new String[] {"URL", "Date Accessed", "Referrer", "Title", "Program", "Source File"}));
|
||||||
break;
|
break;
|
||||||
case TSK_WEB_DOWNLOAD:
|
case TSK_WEB_DOWNLOAD:
|
||||||
columnHeaders = new ArrayList<>(Arrays.asList(new String[] {"Destination", "Source URL", "Date Accessed", "Program", "Source File"}));
|
columnHeaders = new ArrayList<>(Arrays.asList(new String[] {"Destination", "Source URL", "Date Accessed", "Program", "Source File"}));
|
||||||
@ -997,7 +997,7 @@ public class ReportGenerator {
|
|||||||
List<String> bookmark = new ArrayList<>();
|
List<String> bookmark = new ArrayList<>();
|
||||||
bookmark.add(attributes.get(ATTRIBUTE_TYPE.TSK_URL.getTypeID()));
|
bookmark.add(attributes.get(ATTRIBUTE_TYPE.TSK_URL.getTypeID()));
|
||||||
bookmark.add(attributes.get(ATTRIBUTE_TYPE.TSK_TITLE.getTypeID()));
|
bookmark.add(attributes.get(ATTRIBUTE_TYPE.TSK_TITLE.getTypeID()));
|
||||||
bookmark.add(attributes.get(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID()));
|
bookmark.add(attributes.get(ATTRIBUTE_TYPE.TSK_DATETIME_CREATED.getTypeID()));
|
||||||
bookmark.add(attributes.get(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
|
bookmark.add(attributes.get(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
|
||||||
bookmark.add(getFileUniquePath(artifactData.getObjectID()));
|
bookmark.add(getFileUniquePath(artifactData.getObjectID()));
|
||||||
return bookmark;
|
return bookmark;
|
||||||
@ -1015,7 +1015,7 @@ public class ReportGenerator {
|
|||||||
history.add(attributes.get(ATTRIBUTE_TYPE.TSK_URL.getTypeID()));
|
history.add(attributes.get(ATTRIBUTE_TYPE.TSK_URL.getTypeID()));
|
||||||
history.add(attributes.get(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID()));
|
history.add(attributes.get(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID()));
|
||||||
history.add(attributes.get(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID()));
|
history.add(attributes.get(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID()));
|
||||||
history.add(attributes.get(ATTRIBUTE_TYPE.TSK_NAME.getTypeID()));
|
history.add(attributes.get(ATTRIBUTE_TYPE.TSK_TITLE.getTypeID()));
|
||||||
history.add(attributes.get(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
|
history.add(attributes.get(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID()));
|
||||||
history.add(getFileUniquePath(artifactData.getObjectID()));
|
history.add(getFileUniquePath(artifactData.getObjectID()));
|
||||||
return history;
|
return history;
|
||||||
|
@ -271,7 +271,7 @@ public class HashDbIngestModule extends IngestModuleAbstractFile {
|
|||||||
detailsSb.append("</table>");
|
detailsSb.append("</table>");
|
||||||
|
|
||||||
services.postMessage(IngestMessage.createDataMessage(++messageId, this,
|
services.postMessage(IngestMessage.createDataMessage(++messageId, this,
|
||||||
"Notable: " + abstractFile.getName(),
|
"Known Bad: " + abstractFile.getName(),
|
||||||
detailsSb.toString(),
|
detailsSb.toString(),
|
||||||
abstractFile.getName() + md5Hash,
|
abstractFile.getName() + md5Hash,
|
||||||
badFile));
|
badFile));
|
||||||
@ -280,7 +280,6 @@ public class HashDbIngestModule extends IngestModuleAbstractFile {
|
|||||||
} catch (TskException ex) {
|
} catch (TskException ex) {
|
||||||
logger.log(Level.WARNING, "Error creating blackboard artifact", ex);
|
logger.log(Level.WARNING, "Error creating blackboard artifact", ex);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private ProcessResult processFile(AbstractFile file) {
|
private ProcessResult processFile(AbstractFile file) {
|
||||||
|
@ -30,7 +30,7 @@ KeywordSearchEditListPanel.copyMenuItem.text=Copy
|
|||||||
KeywordSearchEditListPanel.exportButton.text=Export List
|
KeywordSearchEditListPanel.exportButton.text=Export List
|
||||||
KeywordSearchEditListPanel.deleteListButton.text=Delete List
|
KeywordSearchEditListPanel.deleteListButton.text=Delete List
|
||||||
KeywordSearchListsManagementPanel.newListButton.text=New List
|
KeywordSearchListsManagementPanel.newListButton.text=New List
|
||||||
KeywordSearchEditListPanel.useForIngestCheckbox.text=Enable for ingest
|
KeywordSearchEditListPanel.useForIngestCheckbox.text=Use during ingest
|
||||||
KeywordSearchListsManagementPanel.importButton.text=Import List
|
KeywordSearchListsManagementPanel.importButton.text=Import List
|
||||||
KeywordSearchPanel.searchBox.text=Search...
|
KeywordSearchPanel.searchBox.text=Search...
|
||||||
KeywordSearchPanel.regExCheckboxMenuItem.text=Use Regular Expressions
|
KeywordSearchPanel.regExCheckboxMenuItem.text=Use Regular Expressions
|
||||||
@ -53,8 +53,8 @@ ExtractedContentPanel.pageOfLabel.text=of
|
|||||||
ExtractedContentPanel.pageCurLabel.text=-
|
ExtractedContentPanel.pageCurLabel.text=-
|
||||||
ExtractedContentPanel.pageTotalLabel.text=-
|
ExtractedContentPanel.pageTotalLabel.text=-
|
||||||
ExtractedContentPanel.hitLabel.toolTipText=
|
ExtractedContentPanel.hitLabel.toolTipText=
|
||||||
KeywordSearchEditListPanel.ingestMessagesCheckbox.text=Enable sending messages to inbox during ingest
|
KeywordSearchEditListPanel.ingestMessagesCheckbox.text=Send messages to inbox during ingest
|
||||||
KeywordSearchEditListPanel.ingestMessagesCheckbox.toolTipText=Send messages during triage / ingest when hits on keyword from this list occur
|
KeywordSearchEditListPanel.ingestMessagesCheckbox.toolTipText=Send messages during ingest when hits on keyword from this list occur
|
||||||
KeywordSearchConfigurationPanel2.skipNSRLCheckBox.text=Do not add files in NSRL (known files) to keyword index during ingest
|
KeywordSearchConfigurationPanel2.skipNSRLCheckBox.text=Do not add files in NSRL (known files) to keyword index during ingest
|
||||||
KeywordSearchConfigurationPanel2.skipNSRLCheckBox.toolTipText=Requires Hash DB service to had run previously, or be selected for next ingest.
|
KeywordSearchConfigurationPanel2.skipNSRLCheckBox.toolTipText=Requires Hash DB service to had run previously, or be selected for next ingest.
|
||||||
KeywordSearchConfigurationPanel2.filesIndexedValue.text=-
|
KeywordSearchConfigurationPanel2.filesIndexedValue.text=-
|
||||||
|
@ -55,7 +55,7 @@ limitations under the License.
|
|||||||
To see keyword search results in real-time while ingest is running, add keyword lists using the
|
To see keyword search results in real-time while ingest is running, add keyword lists using the
|
||||||
<a href="nbdocs:/org/sleuthkit/autopsy/keywordsearch/docs/keywordsearch-configuration.html">Keyword Search Configuration Dialog</a>
|
<a href="nbdocs:/org/sleuthkit/autopsy/keywordsearch/docs/keywordsearch-configuration.html">Keyword Search Configuration Dialog</a>
|
||||||
and select the "Use during ingest" check box.
|
and select the "Use during ingest" check box.
|
||||||
You can select "Enable sending messages to inbox during ingest" per list, if the hits on that list should be reported in the Inbox, which is recommended for very specific searches.
|
You can select "Send messages to inbox during ingest" per list, if the hits on that list should be reported in the Inbox, which is recommended for very specific searches.
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
See <a href="nbdocs:/org/sleuthkit/autopsy/ingest/docs/ingest-about.html">(Ingest)</a>
|
See <a href="nbdocs:/org/sleuthkit/autopsy/ingest/docs/ingest-about.html">(Ingest)</a>
|
||||||
|
@ -150,12 +150,9 @@ public class Chrome extends Extract {
|
|||||||
|
|
||||||
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
|
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "Recent Activity", ((result.get("url").toString() != null) ? result.get("url").toString() : "")));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "Recent Activity", ((result.get("url").toString() != null) ? result.get("url").toString() : "")));
|
||||||
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "Recent Activity", ((result.get("url").toString() != null) ? EscapeUtil.decodeURL(result.get("url").toString()) : "")));
|
|
||||||
//TODO Revisit usage of deprecated constructor per TSK-583
|
|
||||||
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "Recent Activity", "Last Visited", ((Long.valueOf(result.get("last_visit_time").toString())) / 10000000)));
|
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), "Recent Activity", ((Long.valueOf(result.get("last_visit_time").toString())) / 10000000)));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), "Recent Activity", ((Long.valueOf(result.get("last_visit_time").toString())) / 10000000)));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), "Recent Activity", ((result.get("from_visit").toString() != null) ? result.get("from_visit").toString() : "")));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), "Recent Activity", ((result.get("from_visit").toString() != null) ? result.get("from_visit").toString() : "")));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "Recent Activity", ((result.get("title").toString() != null) ? result.get("title").toString() : "")));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TITLE.getTypeID(), "Recent Activity", ((result.get("title").toString() != null) ? result.get("title").toString() : "")));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "Recent Activity", "Chrome"));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "Recent Activity", "Chrome"));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "Recent Activity", (Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : ""))));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "Recent Activity", (Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : ""))));
|
||||||
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, historyFile, bbattributes);
|
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, historyFile, bbattributes);
|
||||||
@ -276,8 +273,8 @@ public class Chrome extends Extract {
|
|||||||
//TODO Revisit usage of deprecated constructor as per TSK-583
|
//TODO Revisit usage of deprecated constructor as per TSK-583
|
||||||
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "Recent Activity", "Last Visited", (date / 10000000)));
|
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "Recent Activity", "Last Visited", (date / 10000000)));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "Recent Activity", url));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "Recent Activity", url));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "Recent Activity", name));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TITLE.getTypeID(), "Recent Activity", name));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), "Recent Activity", (date / 10000000)));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_CREATED.getTypeID(), "Recent Activity", (date / 10000000)));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "Recent Activity", "Chrome"));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "Recent Activity", "Chrome"));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "Recent Activity", domain));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "Recent Activity", domain));
|
||||||
bbart.addAttributes(bbattributes);
|
bbart.addAttributes(bbattributes);
|
||||||
|
@ -157,8 +157,8 @@ public class ExtractIE extends Extract {
|
|||||||
|
|
||||||
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
|
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", url));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", url));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", name));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TITLE.getTypeID(), "RecentActivity", name));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), "RecentActivity", datetime));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_CREATED.getTypeID(), "RecentActivity", datetime));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "Internet Explorer"));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "Internet Explorer"));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", domain));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", domain));
|
||||||
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, favoritesFile, bbattributes);
|
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, favoritesFile, bbattributes);
|
||||||
@ -507,7 +507,7 @@ public class ExtractIE extends Extract {
|
|||||||
|
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), "RecentActivity", ftime));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), "RecentActivity", ftime));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), "RecentActivity", ""));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), "RecentActivity", ""));
|
||||||
// @@@ NOte that other browser modules are adding NAME in hre for the title
|
// @@@ NOte that other browser modules are adding TITLE in hre for the title
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "Internet Explorer"));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "Internet Explorer"));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", domain));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", domain));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USER_NAME.getTypeID(), "RecentActivity", user));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USER_NAME.getTypeID(), "RecentActivity", user));
|
||||||
|
@ -132,11 +132,9 @@ public class Firefox extends Extract {
|
|||||||
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
|
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", ((result.get("url").toString() != null) ? result.get("url").toString() : "")));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", ((result.get("url").toString() != null) ? result.get("url").toString() : "")));
|
||||||
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "RecentActivity", ((result.get("url").toString() != null) ? EscapeUtil.decodeURL(result.get("url").toString()) : "")));
|
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "RecentActivity", ((result.get("url").toString() != null) ? EscapeUtil.decodeURL(result.get("url").toString()) : "")));
|
||||||
//TODO Revisit usage of deprecated constructor as per TSK-583
|
|
||||||
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", (Long.valueOf(result.get("visit_date").toString()))));
|
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), "RecentActivity", (Long.valueOf(result.get("visit_date").toString()))));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), "RecentActivity", (Long.valueOf(result.get("visit_date").toString()))));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), "RecentActivity", ((result.get("ref").toString() != null) ? result.get("ref").toString() : "")));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), "RecentActivity", ((result.get("ref").toString() != null) ? result.get("ref").toString() : "")));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", ((result.get("title").toString() != null) ? result.get("title").toString() : "")));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TITLE.getTypeID(), "RecentActivity", ((result.get("title").toString() != null) ? result.get("title").toString() : "")));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "FireFox"));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "FireFox"));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", (Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : ""))));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", (Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : ""))));
|
||||||
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, historyFile, bbattributes);
|
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, historyFile, bbattributes);
|
||||||
@ -199,10 +197,9 @@ public class Firefox extends Extract {
|
|||||||
|
|
||||||
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
|
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", ((result.get("url").toString() != null) ? result.get("url").toString() : "")));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", ((result.get("url").toString() != null) ? result.get("url").toString() : "")));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", ((result.get("title").toString() != null) ? result.get("title").toString() : "")));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TITLE.getTypeID(), "RecentActivity", ((result.get("title").toString() != null) ? result.get("title").toString() : "")));
|
||||||
long time = Long.valueOf(result.get("dateAdded").toString());
|
if (Long.valueOf(result.get("dateAdded").toString()) > 0) {
|
||||||
if (time > 0) {
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_CREATED.getTypeID(), "RecentActivity", (Long.valueOf(result.get("dateAdded").toString()))));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), "RecentActivity", Long.valueOf(result.get("dateAdded").toString())));
|
|
||||||
}
|
}
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "FireFox"));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "FireFox"));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", (Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : ""))));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", (Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : ""))));
|
||||||
@ -358,8 +355,6 @@ public class Firefox extends Extract {
|
|||||||
|
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", ((result.get("source").toString() != null) ? result.get("source").toString() : "")));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", ((result.get("source").toString() != null) ? result.get("source").toString() : "")));
|
||||||
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "RecentActivity", ((result.get("source").toString() != null) ? EscapeUtil.decodeURL(result.get("source").toString()) : "")));
|
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "RecentActivity", ((result.get("source").toString() != null) ? EscapeUtil.decodeURL(result.get("source").toString()) : "")));
|
||||||
//TODO Revisit usage of deprecated constructor as per TSK-583
|
|
||||||
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", (Long.valueOf(result.get("startTime").toString()))));
|
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), "RecentActivity", (Long.valueOf(result.get("startTime").toString()))));
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), "RecentActivity", (Long.valueOf(result.get("startTime").toString()))));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
Loading…
x
Reference in New Issue
Block a user