mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-14 17:06:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

worked through kdb parser and integration

Browse Source
This commit is contained in:
Greg DiCristofaro 2020-04-30 13:17:25 -04:00
parent 634ce51266
commit e4b13b9df1
3 changed files with 45 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashSetParser.java
View File

@ -55,7 +55,7 @@ interface HashSetParser {
/** /**
* Get the next hash to import as a HashEntry object. * Get the next hash to import as a HashEntry object.
* *
* @return A new hash entry for the next item parsed or null if no more items. * @return A new hash entry for the next item parsed.
* @throws TskCoreException * @throws TskCoreException
*/ */
default HashEntry getNextHashEntry() throws TskCoreException { default HashEntry getNextHashEntry() throws TskCoreException {

7
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/ImportCentralRepoDbProgressDialog.java
View File

@ -41,6 +41,7 @@ import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.TskData; import org.sleuthkit.datamodel.TskData;
import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository; import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository;
import org.sleuthkit.datamodel.HashEntry;
/** /**
* Imports a hash set into the central repository and updates a progress dialog * Imports a hash set into the central repository and updates a progress dialog
@ -250,14 +251,14 @@ class ImportCentralRepoDbProgressDialog extends javax.swing.JDialog implements P
return null; return null;
} }
String newHash = hashSetParser.getNextHash(); HashEntry newHash = hashSetParser.getNextHashEntry();
if (newHash != null) { if (newHash != null) {
CentralRepoFileInstance eamGlobalFileInstance = new CentralRepoFileInstance( CentralRepoFileInstance eamGlobalFileInstance = new CentralRepoFileInstance(
referenceSetID.get(), referenceSetID.get(),
newHash, newHash.getMd5Hash(),
knownStatus, knownStatus,
""); newHash.getComment() != null ? newHash.getComment() : "");
globalInstances.add(eamGlobalFileInstance); globalInstances.add(eamGlobalFileInstance);

48
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/KdbHashSetParser.java
View File

@ -20,9 +20,12 @@ package org.sleuthkit.autopsy.modules.hashdatabase;
import java.sql.Connection; import java.sql.Connection;
import java.sql.DriverManager; import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet; import java.sql.ResultSet;
import java.sql.SQLException; import java.sql.SQLException;
import java.sql.Statement; import java.sql.Statement;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level; import java.util.logging.Level;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.datamodel.HashEntry; import org.sleuthkit.datamodel.HashEntry;
@ -80,10 +83,28 @@ public class KdbHashSetParser implements HashSetParser {
private static class HashRow { private static class HashRow {
private final String md5Hash; private final String md5Hash;
private private final long hashId;
HashRow(String md5Hash, long hashId) {
this.md5Hash = md5Hash;
this.hashId = hashId;
}
String getMd5Hash() {
return md5Hash;
}
long getHashId() {
return hashId;
}
} }
private Stuff getNextHashEntry() throws TskCoreException { /**
* Retrieves the row id and md5 hash for the next item in the hashes table.
* @return A hash row object containing the hash and id.
* @throws TskCoreException
*/
private HashRow getNextHashRow() throws TskCoreException {
try { try {
if (resultSet.next()) { if (resultSet.next()) {
long hashId = resultSet.getLong("id"); long hashId = resultSet.getLong("id");
@ -98,10 +119,8 @@ public class KdbHashSetParser implements HashSetParser {
} }
String md5Hash = sb.toString(); String md5Hash = sb.toString();
return new
totalHashesRead++; totalHashesRead++;
return new HashRow(md5Hash, hashId);
} else { } else {
throw new TskCoreException("Could not read expected number of hashes from hash set " + filename); throw new TskCoreException("Could not read expected number of hashes from hash set " + filename);
} }
@ -118,13 +137,26 @@ public class KdbHashSetParser implements HashSetParser {
*/ */
@Override @Override
public String getNextHash() throws TskCoreException { public String getNextHash() throws TskCoreException {
return getNextHashRow().getMd5Hash();
} }
@Override @Override
public HashEntry getNextHashEntry() throws TskCoreException { public HashEntry getNextHashEntry() throws TskCoreException {
return HashSetParser.super.getNextHashEntry(); //To change body of generated methods, choose Tools | Templates. HashRow row = getNextHashRow();
try {
PreparedStatement getComment = conn.prepareStatement("SELECT comment FROM comments WHERE hash_id = ?");
getComment.setLong(0, row.getHashId());
ResultSet commentResults = getComment.executeQuery();
List<String> comments = new ArrayList<>();
while (commentResults.next())
comments.add(commentResults.getString("comment"));
String comment = comments.size() > 0 ? String.join(" ", comments) : null;
return new HashEntry(null, row.getMd5Hash(), null, null, comment);
}
catch (SQLException ex) {
throw new TskCoreException("Error opening/reading hash set " + filename, ex);
}
} }