From f87ad41398a3c4827cd728233ab02f97197fb4c0 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Fri, 16 Feb 2018 14:09:12 -0500 Subject: [PATCH 1/6] Remove global field in keywordsearch/ExtractedContentViewer.java --- .../sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java index dbed68e660..a43546dca9 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java @@ -54,7 +54,7 @@ public class ExtractedContentViewer implements DataContentViewer { private static final long INVALID_DOCUMENT_ID = 0L; private static final BlackboardAttribute.Type TSK_ASSOCIATED_ARTIFACT_TYPE = new BlackboardAttribute.Type(TSK_ASSOCIATED_ARTIFACT); - public static final BlackboardAttribute.Type TSK_ACCOUNT_TYPE = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ACCOUNT_TYPE); + private static final BlackboardAttribute.Type TSK_ACCOUNT_TYPE = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ACCOUNT_TYPE); private ExtractedContentPanel panel; private volatile Node currentNode = null; From 71afb13f3e7f7a0ab5290f7c06d988f97878a32f Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 20 Feb 2018 16:07:13 -0500 Subject: [PATCH 2/6] Update NEWS file for 4.6.0 release --- NEWS.txt | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/NEWS.txt b/NEWS.txt index deb4d42cba..8dc3379d6c 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -1,3 +1,68 @@ +---------------- VERSION 4.6.0 -------------- +- A new Message content viewer has been added to the content viewers section of +the main application window to provide an examiner with tabs for looking at: +message headers; content as raw text, HTML, or RTF; and attachments. +- A new Communications tool has been added to the Tools menu to supply an +examiner with a separate three part view consisting of: a filtered, tabular +display of the various accounts (email, Facebook, Twitter, etc.) discovered by +the ingest modules, a tabular view of the messages exchanged between the +accounts, and a Message content viewer for the individual messages. +- Hash sets may now be stored either locally or in the Central Repository. +- An ingest module that uses file entropy to flag possibly encrypted files has +been added as a core file-level ingest module. +- The file names and organization of HTML reports have been changed to make it +easier to find and open these reports outside of the application. +- The version of Tika used by the application has been upgraded to version 1.17 +and the amount of memory consumed by Tika has been reduced significantly by +configuring it to use the new SAX parsers exclusively. +- A live triage feature has been added that copies the application executable to +a USB drive that can then be used for live analysis of another system. +- Memory leaks and other issues revealed by fuzzing the SleuthKit have +been fixed. +- The number of application log files generated before log rollover is now +user-configurable to enable retention of more logs to better support enterprise +installations that are running auto ingest. +- Preliminary build file and code changes aimed at supporting easy creation of +Linux and OS-X binary distribution packages are in place. +- Better typing of larger slack files has been added to the file type detection +ingest module. +- The maximum number of Solr connections and the maximum number of +file ingest threads allowed have both been increased. +- The default setting for JVM memory for 64-bit Windows installations has been +increased to 4 GB, and the user can adjust the JVM memory setting via the +Application options panel. +- The embedded file extractor now uses Tika for new form MS Office documents, +which dramatically reduces the memory required for processing Excel spreadsheets. +- The amount of memory required for processing keyword hits has been reduced. +- Periodic keyword search during ingest now has logic to dynamically increase +the interval between searches when searches are taking longer than the +user-configured periodic search interval to complete, thus preventing continuous +searching. +- Keyword search has been made more responsive to both search and ingest job +cancellation. +- The use of the terminology "known bad" has been replaced by "notable." +- Tag definitions now have a "notable" property indicating that tagged content +and results should be marked as notable in the Central Repository. +- Users can now enter more information about cases including examiner contact +info, organization info, and notes. +- A new "Databases" category has been added to the Views, File Types, By +Extension ree. +- Examiner mode for an enterprise installation no longer requires a restart and +a single dialog that lists all multi-user cases is provided; selecting a row in +the dialog and beginning to type opens a search box that allows an examiner to +search for cases by name, etc., and the columns in the tabular view presented by +the dialog can be reordered or hidden. +- An auto ingest data source processor that extracts data sources from archive +files specified as data sources via auto ingest job manifests has been added. +- Auto ingest job metrics are collected and can be displayed for a +user-specified time period using a button on either the auto dashboard or the +auto ingest control panel. +- Sorting by columns has been added to both the auto ingest control panel and +the auto ingest dashboard. +- The row highlight color for tagged items in the Results table view has been +changed for better visibility. +- Assorted small enhancements and bug fixes are included. + ---------------- VERSION 4.5.0 -------------- - Memory usage has been reduced to improve support for very large cases. - The central repository and correlation engine introduced in version 4.4.1 have From 621d1fe8d093d09f68f8689526cac052e570dc92 Mon Sep 17 00:00:00 2001 From: Brian Carrier Date: Tue, 20 Feb 2018 17:00:27 -0500 Subject: [PATCH 3/6] rearranged NEWS file --- NEWS.txt | 85 +++++++++++++++++--------------------------------------- 1 file changed, 25 insertions(+), 60 deletions(-) diff --git a/NEWS.txt b/NEWS.txt index 8dc3379d6c..54e0acb883 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -1,68 +1,33 @@ ---------------- VERSION 4.6.0 -------------- -- A new Message content viewer has been added to the content viewers section of -the main application window to provide an examiner with tabs for looking at: -message headers; content as raw text, HTML, or RTF; and attachments. -- A new Communications tool has been added to the Tools menu to supply an -examiner with a separate three part view consisting of: a filtered, tabular -display of the various accounts (email, Facebook, Twitter, etc.) discovered by -the ingest modules, a tabular view of the messages exchanged between the -accounts, and a Message content viewer for the individual messages. -- Hash sets may now be stored either locally or in the Central Repository. -- An ingest module that uses file entropy to flag possibly encrypted files has -been added as a core file-level ingest module. -- The file names and organization of HTML reports have been changed to make it -easier to find and open these reports outside of the application. -- The version of Tika used by the application has been upgraded to version 1.17 -and the amount of memory consumed by Tika has been reduced significantly by -configuring it to use the new SAX parsers exclusively. -- A live triage feature has been added that copies the application executable to -a USB drive that can then be used for live analysis of another system. +New Features: +- A new Message content viewer was added to make it easier to view email message contents. +- A new Communications interface was added to make it easier to find messages and relationships. +- Hash sets can be centrally stored and shared in the Central Repository. +- New Encryption Detection module that will flag possibly encrypted files. +- Can more easily run Autopsy from a USB drive and leave few traces on target system. +- Tag definitions now have a "notable" property. The Central Repository uses this to mark files as notable. +- Large slack files are now file typed. +- The maximum number of Solr connections and ingest threads have increased. +- Periodic keyword search will dynamically change based on how long queries are taking. +- Users can change the amount of memory allocated to the application. +- The amount of memory required for processing keyword hits has been reduced. +- Layout of HTML reports has been modified make it easier to open. +- "Databases" was added to File Type by Extension view. +- Users can now enter more information about cases including examiner, organization, etc. +- New dialog to open multi-user cases that allows for searching. +- Auto ingest metrics are collected and displayed in dashboard. +- Auto ingest module that extracts disk images from archive files. +- Keyword search has been made more responsive to both search and ingest job cancellation. +- Number of log files to keep before rollover is now configurable. +- Preliminary changes to make Linux and OS X builds easier. + +Bug Fixes: - Memory leaks and other issues revealed by fuzzing the SleuthKit have been fixed. -- The number of application log files generated before log rollover is now -user-configurable to enable retention of more logs to better support enterprise -installations that are running auto ingest. -- Preliminary build file and code changes aimed at supporting easy creation of -Linux and OS-X binary distribution packages are in place. -- Better typing of larger slack files has been added to the file type detection -ingest module. -- The maximum number of Solr connections and the maximum number of -file ingest threads allowed have both been increased. -- The default setting for JVM memory for 64-bit Windows installations has been -increased to 4 GB, and the user can adjust the JVM memory setting via the -Application options panel. -- The embedded file extractor now uses Tika for new form MS Office documents, -which dramatically reduces the memory required for processing Excel spreadsheets. -- The amount of memory required for processing keyword hits has been reduced. -- Periodic keyword search during ingest now has logic to dynamically increase -the interval between searches when searches are taking longer than the -user-configured periodic search interval to complete, thus preventing continuous -searching. -- Keyword search has been made more responsive to both search and ingest job -cancellation. -- The use of the terminology "known bad" has been replaced by "notable." -- Tag definitions now have a "notable" property indicating that tagged content -and results should be marked as notable in the Central Repository. -- Users can now enter more information about cases including examiner contact -info, organization info, and notes. -- A new "Databases" category has been added to the Views, File Types, By -Extension ree. -- Examiner mode for an enterprise installation no longer requires a restart and -a single dialog that lists all multi-user cases is provided; selecting a row in -the dialog and beginning to type opens a search box that allows an examiner to -search for cases by name, etc., and the columns in the tabular view presented by -the dialog can be reordered or hidden. -- An auto ingest data source processor that extracts data sources from archive -files specified as data sources via auto ingest job manifests has been added. -- Auto ingest job metrics are collected and can be displayed for a -user-specified time period using a button on either the auto dashboard or the -auto ingest control panel. -- Sorting by columns has been added to both the auto ingest control panel and -the auto ingest dashboard. -- The row highlight color for tagged items in the Results table view has been -changed for better visibility. +- Memory issues caused by Tika are fixed (by upgrading to 1.17) - Assorted small enhancements and bug fixes are included. + ---------------- VERSION 4.5.0 -------------- - Memory usage has been reduced to improve support for very large cases. - The central repository and correlation engine introduced in version 4.4.1 have From 20c2feba60de06a6fa0d36e3c06fcf65cf7eaba5 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 20 Feb 2018 17:18:25 -0500 Subject: [PATCH 4/6] Update verson numbers for 4.6.0 release --- Core/manifest.mf | 2 +- Core/nbproject/project.properties | 2 +- .../org/sleuthkit/autopsy/corecomponents/Bundle.properties | 2 +- KeywordSearch/manifest.mf | 2 +- KeywordSearch/nbproject/project.properties | 2 +- Testing/manifest.mf | 2 +- Testing/nbproject/project.properties | 2 +- docs/doxygen-user/Doxyfile | 4 ++-- docs/doxygen/Doxyfile | 4 ++-- nbproject/project.properties | 2 +- pythonExamples/README.txt | 2 +- 11 files changed, 13 insertions(+), 13 deletions(-) diff --git a/Core/manifest.mf b/Core/manifest.mf index 795341b86d..260c73c542 100644 --- a/Core/manifest.mf +++ b/Core/manifest.mf @@ -2,7 +2,7 @@ Manifest-Version: 1.0 OpenIDE-Module: org.sleuthkit.autopsy.core/10 OpenIDE-Module-Localizing-Bundle: org/sleuthkit/autopsy/core/Bundle.properties OpenIDE-Module-Layer: org/sleuthkit/autopsy/core/layer.xml -OpenIDE-Module-Implementation-Version: 21 +OpenIDE-Module-Implementation-Version: 22 OpenIDE-Module-Requires: org.openide.windows.WindowManager AutoUpdate-Show-In-Client: true AutoUpdate-Essential-Module: true diff --git a/Core/nbproject/project.properties b/Core/nbproject/project.properties index 9adbad3e9a..e4903c6ab3 100644 --- a/Core/nbproject/project.properties +++ b/Core/nbproject/project.properties @@ -32,5 +32,5 @@ nbm.homepage=http://www.sleuthkit.org/ nbm.module.author=Brian Carrier nbm.needs.restart=true source.reference.curator-recipes-2.8.0.jar=release/modules/ext/curator-recipes-2.8.0-sources.jar -spec.version.base=10.9 +spec.version.base=10.10 diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/Bundle.properties b/Core/src/org/sleuthkit/autopsy/corecomponents/Bundle.properties index 1aecff7348..5f43502f8f 100644 --- a/Core/src/org/sleuthkit/autopsy/corecomponents/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/corecomponents/Bundle.properties @@ -27,7 +27,7 @@ Format_OperatingSystem_Value={0} version {1} running on {2} LBL_Copyright=
Autopsy™ is a digital forensics platform based on The Sleuth Kit™ and other tools.
Copyright © 2003-2017.
URL_ON_IMG=http://www.sleuthkit.org/ -URL_ON_HELP=http://sleuthkit.org/autopsy/docs/user-docs/4.5.0/ +URL_ON_HELP=http://sleuthkit.org/autopsy/docs/user-docs/4.6.0/ FILE_FOR_LOCAL_HELP=file:/// INDEX_FOR_LOCAL_HELP=/docs/index.html diff --git a/KeywordSearch/manifest.mf b/KeywordSearch/manifest.mf index 56e7a721f2..60d5379544 100644 --- a/KeywordSearch/manifest.mf +++ b/KeywordSearch/manifest.mf @@ -1,7 +1,7 @@ Manifest-Version: 1.0 AutoUpdate-Show-In-Client: true OpenIDE-Module: org.sleuthkit.autopsy.keywordsearch/6 -OpenIDE-Module-Implementation-Version: 17 +OpenIDE-Module-Implementation-Version: 18 OpenIDE-Module-Install: org/sleuthkit/autopsy/keywordsearch/Installer.class OpenIDE-Module-Layer: org/sleuthkit/autopsy/keywordsearch/layer.xml OpenIDE-Module-Localizing-Bundle: org/sleuthkit/autopsy/keywordsearch/Bundle.properties diff --git a/KeywordSearch/nbproject/project.properties b/KeywordSearch/nbproject/project.properties index ddc825b4d4..600396fb43 100644 --- a/KeywordSearch/nbproject/project.properties +++ b/KeywordSearch/nbproject/project.properties @@ -142,4 +142,4 @@ license.file=../LICENSE-2.0.txt nbm.homepage=http://www.sleuthkit.org/autopsy/ nbm.needs.restart=true source.reference.commons-validator-1.5.1.jar=release/modules/ext/commons-validator-1.5.1-sources.jar -spec.version.base=6.3 +spec.version.base=6.4 diff --git a/Testing/manifest.mf b/Testing/manifest.mf index e6829a2a04..5134bcc561 100644 --- a/Testing/manifest.mf +++ b/Testing/manifest.mf @@ -1,6 +1,6 @@ Manifest-Version: 1.0 AutoUpdate-Show-In-Client: false OpenIDE-Module: org.sleuthkit.autopsy.testing/3 -OpenIDE-Module-Implementation-Version: 10 +OpenIDE-Module-Implementation-Version: 11 OpenIDE-Module-Localizing-Bundle: org/sleuthkit/autopsy/testing/Bundle.properties diff --git a/Testing/nbproject/project.properties b/Testing/nbproject/project.properties index 7ec0a803eb..2b963e0724 100644 --- a/Testing/nbproject/project.properties +++ b/Testing/nbproject/project.properties @@ -3,4 +3,4 @@ javac.compilerargs=-Xlint -Xlint:-serial license.file=../LICENSE-2.0.txt nbm.homepage=http://www.sleuthkit.org/autopsy/ nbm.needs.restart=true -spec.version.base=1.2 +spec.version.base=1.3 diff --git a/docs/doxygen-user/Doxyfile b/docs/doxygen-user/Doxyfile index 858a9bf81a..f2f31448a0 100755 --- a/docs/doxygen-user/Doxyfile +++ b/docs/doxygen-user/Doxyfile @@ -38,7 +38,7 @@ PROJECT_NAME = "Autopsy User Documentation" # could be handy for archiving the generated documentation or if some version # control system is used. -PROJECT_NUMBER = 4.5.0 +PROJECT_NUMBER = 4.6.0 # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer a @@ -1025,7 +1025,7 @@ GENERATE_HTML = YES # The default directory is: html. # This tag requires that the tag GENERATE_HTML is set to YES. -HTML_OUTPUT = 4.5.0 +HTML_OUTPUT = 4.6.0 # The HTML_FILE_EXTENSION tag can be used to specify the file extension for each # generated HTML page (for example: .htm, .php, .asp). diff --git a/docs/doxygen/Doxyfile b/docs/doxygen/Doxyfile index deb39bd4a4..3f4797ace0 100755 --- a/docs/doxygen/Doxyfile +++ b/docs/doxygen/Doxyfile @@ -38,7 +38,7 @@ PROJECT_NAME = "Autopsy" # could be handy for archiving the generated documentation or if some version # control system is used. -PROJECT_NUMBER = 4.5.0 +PROJECT_NUMBER = 4.6.0 # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer a @@ -1063,7 +1063,7 @@ GENERATE_HTML = YES # The default directory is: html. # This tag requires that the tag GENERATE_HTML is set to YES. -HTML_OUTPUT = api-docs/4.5.0/ +HTML_OUTPUT = api-docs/4.6.0/ # The HTML_FILE_EXTENSION tag can be used to specify the file extension for each # generated HTML page (for example: .htm, .php, .asp). diff --git a/nbproject/project.properties b/nbproject/project.properties index d97ffbaecf..0cb7b69b5e 100644 --- a/nbproject/project.properties +++ b/nbproject/project.properties @@ -4,7 +4,7 @@ app.title=Autopsy ### lowercase version of above app.name=${branding.token} ### if left unset, version will default to today's date -app.version=4.5.0 +app.version=4.6.0 ### build.type must be one of: DEVELOPMENT, RELEASE build.type=RELEASE #build.type=DEVELOPMENT diff --git a/pythonExamples/README.txt b/pythonExamples/README.txt index 1c5eff7270..3564182ec9 100644 --- a/pythonExamples/README.txt +++ b/pythonExamples/README.txt @@ -5,7 +5,7 @@ your needs. See the developer guide for more details and how to use and load the modules. - http://sleuthkit.org/autopsy/docs/api-docs/4.5.0/index.html + http://sleuthkit.org/autopsy/docs/api-docs/4.6.0/index.html Each module in this folder should have a brief description about what they can do. From 927f1a578f0be95b8a01b731e6c770fbcaa82c74 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 20 Feb 2018 18:42:49 -0500 Subject: [PATCH 5/6] Updates for Autopsy-Core NBM version number change --- Experimental/nbproject/project.xml | 2 +- ImageGallery/nbproject/project.xml | 2 +- KeywordSearch/nbproject/project.xml | 2 +- RecentActivity/nbproject/project.xml | 2 +- Testing/nbproject/project.xml | 2 +- thunderbirdparser/nbproject/project.xml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Experimental/nbproject/project.xml b/Experimental/nbproject/project.xml index f2bf6d1996..dbd5a31c4c 100644 --- a/Experimental/nbproject/project.xml +++ b/Experimental/nbproject/project.xml @@ -119,7 +119,7 @@ 10 - 10.9 + 10.10 diff --git a/ImageGallery/nbproject/project.xml b/ImageGallery/nbproject/project.xml index 4c961c2a5b..eb907611cf 100644 --- a/ImageGallery/nbproject/project.xml +++ b/ImageGallery/nbproject/project.xml @@ -127,7 +127,7 @@ 10 - 10.9 + 10.10 diff --git a/KeywordSearch/nbproject/project.xml b/KeywordSearch/nbproject/project.xml index db9ada1b1b..a8b49012cf 100644 --- a/KeywordSearch/nbproject/project.xml +++ b/KeywordSearch/nbproject/project.xml @@ -119,7 +119,7 @@ 10 - 10.9 + 10.10 diff --git a/RecentActivity/nbproject/project.xml b/RecentActivity/nbproject/project.xml index 07961ef4c1..4b173c70c1 100644 --- a/RecentActivity/nbproject/project.xml +++ b/RecentActivity/nbproject/project.xml @@ -60,7 +60,7 @@ 10 - 10.9 + 10.10 diff --git a/Testing/nbproject/project.xml b/Testing/nbproject/project.xml index e8adf58403..597a356046 100644 --- a/Testing/nbproject/project.xml +++ b/Testing/nbproject/project.xml @@ -47,7 +47,7 @@ 10 - 10.9 + 10.10 diff --git a/thunderbirdparser/nbproject/project.xml b/thunderbirdparser/nbproject/project.xml index a1c9e275f9..2e738ef588 100644 --- a/thunderbirdparser/nbproject/project.xml +++ b/thunderbirdparser/nbproject/project.xml @@ -36,7 +36,7 @@ 10 - 10.9 + 10.10 From da5872e1323a80bd00e3d804bca4f6bdd497fcda Mon Sep 17 00:00:00 2001 From: esaunders Date: Tue, 20 Feb 2018 17:33:54 -0500 Subject: [PATCH 6/6] Modified Solr status command to not request index info. --- .../src/org/sleuthkit/autopsy/keywordsearch/Server.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java index dca39b469c..0e9b804757 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java @@ -56,6 +56,7 @@ import org.apache.solr.common.SolrDocument; import org.apache.solr.common.SolrDocumentList; import org.apache.solr.common.SolrException; import org.apache.solr.common.SolrInputDocument; +import org.apache.solr.common.params.CoreAdminParams; import org.apache.solr.common.util.NamedList; import org.openide.modules.InstalledFileLocator; import org.openide.modules.Places; @@ -600,7 +601,7 @@ public class Server { // making a status request here instead of just doing solrServer.ping(), because // that doesn't work when there are no cores //TODO handle timeout in cases when some other type of server on that port - CoreAdminRequest.getStatus(null, localSolrServer); + connectToSolrServer(localSolrServer); logger.log(Level.INFO, "Solr server is running"); //NON-NLS } catch (SolrServerException ex) { @@ -1180,7 +1181,11 @@ public class Server { * @throws IOException */ void connectToSolrServer(HttpSolrServer solrServer) throws SolrServerException, IOException { - CoreAdminRequest.getStatus(null, solrServer); + CoreAdminRequest statusRequest = new CoreAdminRequest(); + statusRequest.setCoreName( null ); + statusRequest.setAction( CoreAdminParams.CoreAdminAction.STATUS ); + statusRequest.setIndexInfoNeeded(false); + statusRequest.process(solrServer); } /**