mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 18:17:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:sleuthkit/autopsy

Browse Source
This commit is contained in:
Dick Fickling 2012-03-21 16:07:48 -04:00
commit e51534e678
30 changed files with 723 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DataModel/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java
View File

@ -145,8 +145,6 @@ public class BlackboardArtifactNode extends AbstractNode implements DisplayableI
private static Content getAssociatedContent(BlackboardArtifact artifact){ private static Content getAssociatedContent(BlackboardArtifact artifact){
try { try {
return artifact.getSleuthkitCase().getContentById(artifact.getObjectID()); return artifact.getSleuthkitCase().getContentById(artifact.getObjectID());
} catch (SQLException ex) {
logger.log(Level.WARNING, "SQL query threw exception", ex);
} catch (TskException ex) { } catch (TskException ex) {
logger.log(Level.WARNING, "Getting file failed", ex); logger.log(Level.WARNING, "Getting file failed", ex);
} }

9
HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestService.java
View File

@ -18,6 +18,7 @@
*/ */
package org.sleuthkit.autopsy.hashdatabase; package org.sleuthkit.autopsy.hashdatabase;
import java.beans.PropertyChangeListener;
import java.io.IOException; import java.io.IOException;
import java.sql.SQLException; import java.sql.SQLException;
import java.util.Collections; import java.util.Collections;
@ -185,9 +186,6 @@ public class HashDbIngestService implements IngestServiceFsContent {
// TODO: This shouldn't be at level INFO, but it needs to be to hide the popup // TODO: This shouldn't be at level INFO, but it needs to be to hide the popup
logger.log(Level.INFO, "Couldn't analyze file " + name + " - see sleuthkit log for details", ex); logger.log(Level.INFO, "Couldn't analyze file " + name + " - see sleuthkit log for details", ex);
ret = ProcessResult.ERROR; ret = ProcessResult.ERROR;
} catch (SQLException ex) {
logger.log(Level.WARNING, "Error updating file known status in database", ex);
ret = ProcessResult.ERROR;
} catch (IOException ex) { } catch (IOException ex) {
// TODO: This shouldn't be at level INFO, but it needs to be to hide the popup // TODO: This shouldn't be at level INFO, but it needs to be to hide the popup
logger.log(Level.INFO, "Error reading file", ex); logger.log(Level.INFO, "Error reading file", ex);
@ -207,6 +205,11 @@ public class HashDbIngestService implements IngestServiceFsContent {
return false; return false;
} }
@Override
public boolean backgroundJobsCompleteListener(PropertyChangeListener l) {
return false;
}
@Override @Override
public boolean hasSimpleConfiguration() { public boolean hasSimpleConfiguration() {
return false; return false;

80
Ingest/src/org/sleuthkit/autopsy/ingest/IngestManager.java
View File

@ -18,6 +18,7 @@
*/ */
package org.sleuthkit.autopsy.ingest; package org.sleuthkit.autopsy.ingest;
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener; import java.beans.PropertyChangeListener;
import java.beans.PropertyChangeSupport; import java.beans.PropertyChangeSupport;
import java.text.DateFormat; import java.text.DateFormat;
@ -139,7 +140,7 @@ public class IngestManager {
* @param images images to execute services on * @param images images to execute services on
*/ */
void execute(final List<IngestServiceAbstract> services, final List<Image> images) { void execute(final List<IngestServiceAbstract> services, final List<Image> images) {
logger.log(Level.INFO, "Will enqueue number of images: " + images.size()); logger.log(Level.INFO, "Will enqueue number of images: " + images.size() + " to " + services.size() + " services.");
if (!isIngestRunning()) { if (!isIngestRunning()) {
ui.clearMessages(); ui.clearMessages();
@ -443,8 +444,9 @@ public class IngestManager {
*/ */
public static List<IngestServiceImage> enumerateImageServices() { public static List<IngestServiceImage> enumerateImageServices() {
List<IngestServiceImage> ret = new ArrayList<IngestServiceImage>(); List<IngestServiceImage> ret = new ArrayList<IngestServiceImage>();
for (IngestServiceImage list : Lookup.getDefault().lookupAll(IngestServiceImage.class)) for (IngestServiceImage list : Lookup.getDefault().lookupAll(IngestServiceImage.class)) {
ret.add(list); ret.add(list);
}
return ret; return ret;
} }
@ -453,8 +455,9 @@ public class IngestManager {
*/ */
public static List<IngestServiceFsContent> enumerateFsContentServices() { public static List<IngestServiceFsContent> enumerateFsContentServices() {
List<IngestServiceFsContent> ret = new ArrayList<IngestServiceFsContent>(); List<IngestServiceFsContent> ret = new ArrayList<IngestServiceFsContent>();
for (IngestServiceFsContent list : Lookup.getDefault().lookupAll(IngestServiceFsContent.class)) for (IngestServiceFsContent list : Lookup.getDefault().lookupAll(IngestServiceFsContent.class)) {
ret.add(list); ret.add(list);
}
return ret; return ret;
} }
@ -750,7 +753,7 @@ public class IngestManager {
public synchronized String toString() { public synchronized String toString() {
return "FsContentQueue, size: " + Integer.toString(fsContentUnits.size()); return "FsContentQueue, size: " + Integer.toString(fsContentUnits.size());
} }
public String printQueue() { public String printQueue() {
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
for (QueueUnit<FsContent, IngestServiceFsContent> u : fsContentUnits) { for (QueueUnit<FsContent, IngestServiceFsContent> u : fsContentUnits) {
@ -903,7 +906,7 @@ public class IngestManager {
hash = 37 * hash + (this.services != null ? this.services.hashCode() : 0); hash = 37 * hash + (this.services != null ? this.services.hashCode() : 0);
return hash; return hash;
} }
@Override @Override
public String toString() { public String toString() {
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
@ -957,14 +960,10 @@ public class IngestManager {
public String toHtmlString() { public String toHtmlString() {
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
sb.append("<html>"); sb.append("<html>");
if (startTime != null) {
sb.append("Start time: ").append(dateFormatter.format(startTime)).append("<br />"); sb.append("Ingest time: ").append(getTotalTimeString()).append("<br />");
}
if (endTime != null) {
sb.append("End time: ").append(dateFormatter.format(endTime)).append("<br />");
}
sb.append("Total ingest time: ").append(getTotalTimeString()).append("<br />");
sb.append("Total errors: ").append(errorsTotal).append("<br />"); sb.append("Total errors: ").append(errorsTotal).append("<br />");
/*
if (errorsTotal > 0) { if (errorsTotal > 0) {
sb.append("Errors per service:"); sb.append("Errors per service:");
for (IngestServiceAbstract service : errors.keySet()) { for (IngestServiceAbstract service : errors.keySet()) {
@ -972,6 +971,8 @@ public class IngestManager {
sb.append("\t").append(service.getName()).append(": ").append(errorsService).append("<br />"); sb.append("\t").append(service.getName()).append(": ").append(errorsService).append("<br />");
} }
} }
* */
sb.append("</html>"); sb.append("</html>");
return sb.toString(); return sb.toString();
} }
@ -1134,18 +1135,63 @@ public class IngestManager {
handleInterruption(); handleInterruption();
logger.log(Level.SEVERE, "Fatal error during ingest.", ex); logger.log(Level.SEVERE, "Fatal error during ingest.", ex);
} finally { } finally {
stats.end(); //stats.end();
progress.finish(); progress.finish();
if (!this.isCancelled()) { if (!this.isCancelled()) {
logger.log(Level.INFO, "Summary Report: " + stats.toString()); //logger.log(Level.INFO, "Summary Report: " + stats.toString());
ui.displayReport(stats.toHtmlString()); //ui.displayReport(stats.toHtmlString());
new FsServicesComplete(stats);
} }
initMainProgress(0); initMainProgress(0);
} }
} }
/**
* Ensures that all background threads are done
* then finalize the stats and show dialog
*/
private class FsServicesComplete {
private IngestManagerStats stats; //ongoing stats
private List<IngestServiceAbstract> running = new ArrayList<IngestServiceAbstract>();
FsServicesComplete(IngestManagerStats stats) {
this.stats = stats;
for (IngestServiceAbstract s : fsContentServices) {
if (s.backgroundJobsCompleteListener(new PropertyChangeListener() {
@Override
public void propertyChange(PropertyChangeEvent evt) {
if (evt.getPropertyName().equals(IngestServiceAbstract.BCKGRND_JOBS_COMPLETED_EVT)) {
IngestServiceAbstract service = (IngestServiceAbstract) evt.getNewValue();
running.remove(service);
if (running.isEmpty()) {
showStats();
}
}
}
})) {
running.add(s);
}
}
//no listeners registered since no services running any longer
if (running.isEmpty()) {
showStats();
}
}
void showStats() {
stats.end();
logger.log(Level.INFO, "Summary Report: " + stats.toString());
ui.displayReport(stats.toHtmlString());
}
}
private void handleInterruption() { private void handleInterruption() {
for (IngestServiceFsContent s : fsContentServices) { for (IngestServiceFsContent s : fsContentServices) {
s.stop(); s.stop();
@ -1254,9 +1300,9 @@ public class IngestManager {
progress.progress(serviceName + " " + imageName, ++processed); progress.progress(serviceName + " " + imageName, ++processed);
} }
} }
//logger.log(Level.INFO, fsContentQueue.printQueue()); //logger.log(Level.INFO, fsContentQueue.printQueue());
progress.progress("Sorting files", processed); progress.progress("Sorting files", processed);
sortFsContents(); sortFsContents();
} }

2
Ingest/src/org/sleuthkit/autopsy/ingest/IngestMessagePanel.java
View File

@ -555,7 +555,7 @@ class IngestMessagePanel extends javax.swing.JPanel {
static Color VERY_HIGH_PRI_COLOR = new Color(164, 164, 202); //for a single message in a group static Color VERY_HIGH_PRI_COLOR = new Color(164, 164, 202); //for a single message in a group
static Color HIGH_PRI_COLOR = new Color(180, 180, 211); static Color HIGH_PRI_COLOR = new Color(180, 180, 211);
static Color MED_PRI_COLOR = new Color(199, 199, 202); static Color MED_PRI_COLOR = new Color(199, 199, 222);
static Color LOW_PRI_COLOR = new Color(221, 221, 235); static Color LOW_PRI_COLOR = new Color(221, 221, 235);
private List<IngestMessage> messages; private List<IngestMessage> messages;
private int count; private int count;

58
Ingest/src/org/sleuthkit/autopsy/ingest/IngestMessageTopComponent.java
View File

@ -20,13 +20,15 @@ package org.sleuthkit.autopsy.ingest;
import java.beans.PropertyChangeEvent; import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener; import java.beans.PropertyChangeListener;
import java.util.ArrayList; import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import javax.swing.Action; import javax.swing.Action;
import javax.swing.BoxLayout; import javax.swing.BoxLayout;
import javax.swing.JOptionPane; import javax.swing.JOptionPane;
import org.openide.util.ImageUtilities; import org.openide.util.ImageUtilities;
import org.openide.util.NbBundle; import org.openide.util.NbBundle;
import org.openide.util.Utilities;
import org.openide.windows.Mode; import org.openide.windows.Mode;
import org.openide.windows.TopComponent; import org.openide.windows.TopComponent;
import org.openide.windows.WindowManager; import org.openide.windows.WindowManager;
@ -103,22 +105,22 @@ public final class IngestMessageTopComponent extends TopComponent implements Ing
if (manager == null) { if (manager == null) {
manager = IngestManager.getDefault(); manager = IngestManager.getDefault();
} }
} }
@Override @Override
public void componentClosed() { public void componentClosed() {
//logger.log(Level.INFO, "CLOSED"); //logger.log(Level.INFO, "CLOSED");
super.componentClosed(); super.componentClosed();
/* /*
Mode mode = WindowManager.getDefault().findMode("dockedBottom"); Mode mode = WindowManager.getDefault().findMode("dockedBottom");
if (mode != null) { if (mode != null) {
mode.dockInto(this); mode.dockInto(this);
this.open(); this.open();
} }
* */ * */
//this.close(); //this.close();
} }
@ -126,7 +128,7 @@ public final class IngestMessageTopComponent extends TopComponent implements Ing
protected void componentShowing() { protected void componentShowing() {
//logger.log(Level.INFO, "SHOWING"); //logger.log(Level.INFO, "SHOWING");
super.componentShowing(); super.componentShowing();
Mode mode = WindowManager.getDefault().findMode("floatingLeftBottom"); Mode mode = WindowManager.getDefault().findMode("floatingLeftBottom");
if (mode != null) { if (mode != null) {
TopComponent[] tcs = mode.getTopComponents(); TopComponent[] tcs = mode.getTopComponents();
@ -138,7 +140,7 @@ public final class IngestMessageTopComponent extends TopComponent implements Ing
} }
mode.dockInto(this); mode.dockInto(this);
this.open(); this.open();
} }
} }
@Override @Override
@ -151,7 +153,7 @@ public final class IngestMessageTopComponent extends TopComponent implements Ing
@Override @Override
protected void componentActivated() { protected void componentActivated() {
//logger.log(Level.INFO, "ACTIVATED"); //logger.log(Level.INFO, "ACTIVATED");
super.componentActivated(); super.componentActivated();
} }
@Override @Override
@ -226,11 +228,40 @@ public final class IngestMessageTopComponent extends TopComponent implements Ing
*/ */
@Override @Override
public void displayReport(String ingestReport) { public void displayReport(String ingestReport) {
JOptionPane.showMessageDialog(
null, Object[] options = {"OK",
"Generate Report"};
final int choice = JOptionPane.showOptionDialog(null,
ingestReport, ingestReport,
"File Ingest Summary", "Ingest Report",
JOptionPane.INFORMATION_MESSAGE); JOptionPane.YES_NO_OPTION,
JOptionPane.INFORMATION_MESSAGE,
null,
options,
options[0]);
final String reportActionName = "org.sleuthkit.autopsy.report.reportAction";
Action reportAction = null;
//find action by name from action lookup, without introducing cyclic dependency
if (choice == JOptionPane.NO_OPTION) {
List<? extends Action> actions = Utilities.actionsForPath("Toolbars/File");
for (Action a : actions) {
//separators are null actions
if (a != null) {
if (a.getClass().getCanonicalName().equals(reportActionName)) {
reportAction = a;
break;
}
}
}
if (reportAction == null)
logger.log(Level.SEVERE, "Could not locate Action: " + reportActionName);
else reportAction.actionPerformed(null);
}
} }
/** /**
@ -261,7 +292,6 @@ public final class IngestMessageTopComponent extends TopComponent implements Ing
ingestDialog.setImage(image); ingestDialog.setImage(image);
ingestDialog.display(); ingestDialog.display();
*/ */
} }
@Override @Override

22
Ingest/src/org/sleuthkit/autopsy/ingest/IngestServiceAbstract.java
View File

@ -19,12 +19,15 @@
package org.sleuthkit.autopsy.ingest; package org.sleuthkit.autopsy.ingest;
import java.beans.PropertyChangeListener;
/** /**
* Base interface for ingest services * Base interface for ingest services
*/ */
public interface IngestServiceAbstract { public interface IngestServiceAbstract {
public enum ServiceType {Image, FsContent}; public enum ServiceType {Image, FsContent};
public static final String BCKGRND_JOBS_COMPLETED_EVT = "BCKGRND_JOBS_COMPLETED_EVT";
/** /**
* notification from manager that brand new processing should be initiated. * notification from manager that brand new processing should be initiated.
@ -61,11 +64,28 @@ public interface IngestServiceAbstract {
/** /**
* A service can manage and use additional threads to perform some work in the background. * A service can manage and use additional threads to perform some work in the background.
* This method provides insight to the manager if the service has truly completed its work or not. * This method provides insight to the manager if the service has truly completed its work or not.
*
*
* @return true if any background threads/workers managed by this service are still running * @return true if any background threads/workers managed by this service are still running
* false if all work has been done, or if background threads are not used by this service * false if all work has been done, or if background threads are not managed by this service
*/ */
public boolean hasBackgroundJobsRunning(); public boolean hasBackgroundJobsRunning();
/**
* Register listener to notify when all background jobs managed by this service have completed and the service
* has truly finished. The service should first check if it has threads running, and then register the listener, all in a single atomic, synchronized operation, and return the result of the registration.
* Do not register the listener if the background threads are not running and will not run during this service invocation.
* If the service does use background threads it is required to implement this method properly and ensure the event is fired when the service-managed threads complete (are finished or cancelled)
* The event fired off should be IngestServiceAbstract.BCKGRND_JOBS_COMPLETED_EVT, with the instance of IngestServiceAbstract in the newValue parameter.
* The listeners should be reset at service init() - listeners are expected to register again as needed during the new service run.
* Typical use case is for ingest manager to try to register the listener for every service when the queue has been consumed,
* for a precise indication when all work is truly done.
*
* @param l listener
* @return true if listener registered, false otherwise (i.e. no background jobs were running, or the service does not manage additional threads)
*/
public boolean backgroundJobsCompleteListener(PropertyChangeListener l);
/** /**
* @return does this service have a simple configuration? * @return does this service have a simple configuration?

7
Ingest/src/org/sleuthkit/autopsy/ingest/example/ExampleFsContentIngestService.java
View File

@ -18,9 +18,9 @@
*/ */
package org.sleuthkit.autopsy.ingest.example; package org.sleuthkit.autopsy.ingest.example;
import java.beans.PropertyChangeListener;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import javax.swing.JPanel;
import org.sleuthkit.autopsy.ingest.IngestManagerProxy; import org.sleuthkit.autopsy.ingest.IngestManagerProxy;
import org.sleuthkit.autopsy.ingest.IngestMessage; import org.sleuthkit.autopsy.ingest.IngestMessage;
import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType; import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType;
@ -117,6 +117,11 @@ public class ExampleFsContentIngestService implements IngestServiceFsContent {
return false; return false;
} }
@Override
public boolean backgroundJobsCompleteListener(PropertyChangeListener l) {
return false;
}
@Override @Override
public void saveAdvancedConfiguration() { public void saveAdvancedConfiguration() {
} }

6
Ingest/src/org/sleuthkit/autopsy/ingest/example/ExampleImageIngestService.java
View File

@ -18,6 +18,7 @@
*/ */
package org.sleuthkit.autopsy.ingest.example; package org.sleuthkit.autopsy.ingest.example;
import java.beans.PropertyChangeListener;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; import org.sleuthkit.autopsy.ingest.IngestImageWorkerController;
@ -147,6 +148,11 @@ public final class ExampleImageIngestService implements IngestServiceImage {
return false; return false;
} }
@Override
public boolean backgroundJobsCompleteListener(PropertyChangeListener l) {
return false;
}
@Override @Override
public void saveAdvancedConfiguration() { public void saveAdvancedConfiguration() {
} }

1
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Ingester.java
View File

@ -48,6 +48,7 @@ class Ingester {
} }
@Override @Override
@SuppressWarnings("FinalizeDeclaration")
protected void finalize() throws Throwable { protected void finalize() throws Throwable {
super.finalize(); super.finalize();

8
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchEditListPanel.java
View File

@ -844,7 +844,7 @@ class KeywordSearchEditListPanel extends javax.swing.JPanel implements ListSelec
} }
class TableEntry implements Comparable { class TableEntry implements Comparable<TableEntry> {
Keyword keyword; Keyword keyword;
@ -853,12 +853,12 @@ class KeywordSearchEditListPanel extends javax.swing.JPanel implements ListSelec
} }
@Override @Override
public int compareTo(Object o) { public int compareTo(TableEntry te) {
int keywords = this.keyword.getQuery().compareTo(((TableEntry) o).keyword.getQuery()); int keywords = this.keyword.getQuery().compareTo(te.keyword.getQuery());
if (keywords != 0) { if (keywords != 0) {
return keywords; return keywords;
} else { } else {
return Boolean.valueOf(keyword.isLiteral()).compareTo(((TableEntry) o).keyword.isLiteral()); return Boolean.valueOf(keyword.isLiteral()).compareTo(te.keyword.isLiteral());
} }
} }
} }

40
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestService.java
View File

@ -18,6 +18,8 @@
*/ */
package org.sleuthkit.autopsy.keywordsearch; package org.sleuthkit.autopsy.keywordsearch;
import java.beans.PropertyChangeListener;
import java.beans.PropertyChangeSupport;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;
import java.util.HashMap; import java.util.HashMap;
@ -25,7 +27,6 @@ import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import javax.swing.JPanel;
import javax.swing.SwingUtilities; import javax.swing.SwingUtilities;
import javax.swing.SwingWorker; import javax.swing.SwingWorker;
import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang.StringEscapeUtils;
@ -38,6 +39,7 @@ import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.autopsy.ingest.IngestManagerProxy; import org.sleuthkit.autopsy.ingest.IngestManagerProxy;
import org.sleuthkit.autopsy.ingest.IngestMessage; import org.sleuthkit.autopsy.ingest.IngestMessage;
import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType; import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType;
import org.sleuthkit.autopsy.ingest.IngestServiceAbstract;
import org.sleuthkit.autopsy.ingest.IngestServiceFsContent; import org.sleuthkit.autopsy.ingest.IngestServiceFsContent;
import org.sleuthkit.autopsy.ingest.ServiceDataEvent; import org.sleuthkit.autopsy.ingest.ServiceDataEvent;
import org.sleuthkit.autopsy.keywordsearch.Ingester.IngesterException; import org.sleuthkit.autopsy.keywordsearch.Ingester.IngesterException;
@ -66,13 +68,17 @@ public final class KeywordSearchIngestService implements IngestServiceFsContent
//private final Object lock = new Object(); //private final Object lock = new Object();
private Thread timer; private Thread timer;
private Indexer indexer; private Indexer indexer;
private SwingWorker searcher; private Searcher searcher;
private volatile boolean searcherDone = true; private volatile boolean searcherDone = true;
private static PropertyChangeSupport pcs = null;
private Map<Keyword, List<FsContent>> currentResults; private Map<Keyword, List<FsContent>> currentResults;
private volatile int messageID = 0; private volatile int messageID = 0;
private boolean processedFiles;
private volatile boolean finalRun = false; private volatile boolean finalRun = false;
private volatile boolean finalRunComplete = false;
private final String hashDBServiceName = "Hash Lookup"; private final String hashDBServiceName = "Hash Lookup";
private SleuthkitCase caseHandle = null; private SleuthkitCase caseHandle = null;
// TODO: use a more robust method than checking file extension to determine // TODO: use a more robust method than checking file extension to determine
// whether to try a file // whether to try a file
// supported extensions list from http://www.lucidimagination.com/devzone/technical-articles/content-extraction-tika // supported extensions list from http://www.lucidimagination.com/devzone/technical-articles/content-extraction-tika
@ -108,6 +114,9 @@ public final class KeywordSearchIngestService implements IngestServiceFsContent
//notify depending service that keyword search (would) encountered error for this file //notify depending service that keyword search (would) encountered error for this file
return ProcessResult.ERROR; return ProcessResult.ERROR;
} }
if (processedFiles == false)
processedFiles = true;
//check if time to commit and previous search is not running //check if time to commit and previous search is not running
//commiting while searching causes performance issues //commiting while searching causes performance issues
@ -151,11 +160,12 @@ public final class KeywordSearchIngestService implements IngestServiceFsContent
updateKeywords(); updateKeywords();
//run one last search as there are probably some new files committed //run one last search as there are probably some new files committed
if (keywords != null && !keywords.isEmpty()) { if (keywords != null && !keywords.isEmpty() && processedFiles == true) {
finalRun = true; finalRun = true;
searcher = new Searcher(keywords); searcher = new Searcher(keywords);
searcher.execute(); searcher.execute();
} else { } else {
finalRunComplete = true;
managerProxy.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, this, "Completed")); managerProxy.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, this, "Completed"));
} }
//postSummary(); //postSummary();
@ -191,6 +201,9 @@ public final class KeywordSearchIngestService implements IngestServiceFsContent
caseHandle = Case.getCurrentCase().getSleuthkitCase(); caseHandle = Case.getCurrentCase().getSleuthkitCase();
this.managerProxy = managerProxy; this.managerProxy = managerProxy;
//this deregisters previously registered listeners at every init()
pcs = new PropertyChangeSupport(KeywordSearchIngestService.class);
final Server.Core solrCore = KeywordSearch.getServer().getCore(); final Server.Core solrCore = KeywordSearch.getServer().getCore();
ingester = solrCore.getIngester(); ingester = solrCore.getIngester();
@ -209,7 +222,9 @@ public final class KeywordSearchIngestService implements IngestServiceFsContent
managerProxy.postMessage(IngestMessage.createWarningMessage(++messageID, instance, "No keywords in keyword list.", "Only indexing will be done and and keyword search will be skipped (it can be executed later again as ingest or using toolbar search feature).")); managerProxy.postMessage(IngestMessage.createWarningMessage(++messageID, instance, "No keywords in keyword list.", "Only indexing will be done and and keyword search will be skipped (it can be executed later again as ingest or using toolbar search feature)."));
} }
processedFiles = false;
finalRun = false; finalRun = false;
finalRunComplete = false;
searcherDone = true; //make sure to start the initial searcher searcherDone = true; //make sure to start the initial searcher
//keeps track of all results per run not to repeat reporting the same hits //keeps track of all results per run not to repeat reporting the same hits
currentResults = new HashMap<Keyword, List<FsContent>>(); currentResults = new HashMap<Keyword, List<FsContent>>();
@ -271,6 +286,17 @@ public final class KeywordSearchIngestService implements IngestServiceFsContent
//no need to check timer thread //no need to check timer thread
} }
@Override
public synchronized boolean backgroundJobsCompleteListener(PropertyChangeListener l) {
if (finalRunComplete == true)
return false;
else {
pcs.addPropertyChangeListener(l);
return true;
}
}
private void commit() { private void commit() {
ingester.commit(); ingester.commit();
@ -468,16 +494,17 @@ public final class KeywordSearchIngestService implements IngestServiceFsContent
if (fsContent.getSize() < MAX_STRING_EXTRACT_SIZE) { if (fsContent.getSize() < MAX_STRING_EXTRACT_SIZE) {
if (!extractAndIngest(fsContent)) { if (!extractAndIngest(fsContent)) {
logger.log(Level.INFO, "Failed to extract strings and ingest, file '" + fsContent.getName() + "' (id: " + fsContent.getId() + ")."); logger.log(Level.INFO, "Failed to extract strings and ingest, file '" + fsContent.getName() + "' (id: " + fsContent.getId() + ").");
ingestStatus.put(fsContent.getId(), IngestStatus.SKIPPED);
} else { } else {
ingestStatus.put(fsContent.getId(), IngestStatus.EXTRACTED_INGESTED); ingestStatus.put(fsContent.getId(), IngestStatus.EXTRACTED_INGESTED);
} }
} else { } else {
ingestStatus.put(fsContent.getId(), IngestStatus.SKIPPED); //ingestStatus.put(fsContent.getId(), IngestStatus.SKIPPED);
} }
} }
} }
private class Searcher extends SwingWorker { private class Searcher extends SwingWorker<Object,Void> {
private List<Keyword> keywords; private List<Keyword> keywords;
private ProgressHandle progress; private ProgressHandle progress;
@ -499,6 +526,7 @@ public final class KeywordSearchIngestService implements IngestServiceFsContent
@Override @Override
public boolean cancel() { public boolean cancel() {
finalRunComplete = true;
return Searcher.this.cancel(true); return Searcher.this.cancel(true);
} }
}); });
@ -655,9 +683,11 @@ public final class KeywordSearchIngestService implements IngestServiceFsContent
//logger.log(Level.INFO, "Finished search"); //logger.log(Level.INFO, "Finished search");
if (finalRun) { if (finalRun) {
finalRunComplete = true;
keywords.clear(); keywords.clear();
keywordLists.clear(); keywordLists.clear();
managerProxy.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, KeywordSearchIngestService.instance, "Completed")); managerProxy.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, KeywordSearchIngestService.instance, "Completed"));
pcs.firePropertyChange(IngestServiceAbstract.BCKGRND_JOBS_COMPLETED_EVT, null, KeywordSearchIngestService.this);
} }
} }
} }

6
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchListsManagementPanel.java
View File

@ -396,7 +396,7 @@ class KeywordSearchListsManagementPanel extends javax.swing.JPanel {
} }
//single model entry //single model entry
class TableEntry implements Comparable { class TableEntry implements Comparable<TableEntry> {
String name; String name;
@ -405,8 +405,8 @@ class KeywordSearchListsManagementPanel extends javax.swing.JPanel {
} }
@Override @Override
public int compareTo(Object o) { public int compareTo(TableEntry te) {
return this.name.compareTo(((TableEntry) o).name); return this.name.compareTo(te.name);
} }
} }
} }

12
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchListsViewerPanel.java
View File

@ -506,7 +506,7 @@ class KeywordSearchListsViewerPanel extends AbstractKeywordSearchPerformer {
} }
//single model entry //single model entry
private class ListTableEntry implements Comparable { private class ListTableEntry implements Comparable<ListTableEntry> {
String name; String name;
Boolean selected; Boolean selected;
@ -520,8 +520,8 @@ class KeywordSearchListsViewerPanel extends AbstractKeywordSearchPerformer {
} }
@Override @Override
public int compareTo(Object o) { public int compareTo(ListTableEntry e) {
return this.name.compareTo(((ListTableEntry) o).name); return this.name.compareTo(e.name);
} }
} }
} }
@ -606,7 +606,7 @@ class KeywordSearchListsViewerPanel extends AbstractKeywordSearchPerformer {
} }
//single model entry //single model entry
private class KeywordTableEntry implements Comparable { private class KeywordTableEntry implements Comparable<KeywordTableEntry> {
String name; String name;
Boolean regex; Boolean regex;
@ -617,8 +617,8 @@ class KeywordSearchListsViewerPanel extends AbstractKeywordSearchPerformer {
} }
@Override @Override
public int compareTo(Object o) { public int compareTo(KeywordTableEntry e) {
return this.name.compareTo(((KeywordTableEntry) o).name); return this.name.compareTo(e.name);
} }
} }
} }

4
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchUtil.java
View File

@ -131,7 +131,9 @@ public class KeywordSearchUtil {
//TODO escaping should be handled by blackboard //TODO escaping should be handled by blackboard
public static String escapeForBlackBoard(String text) { public static String escapeForBlackBoard(String text) {
try { try {
text = text.replaceAll("\\\\'", URLEncoder.encode("\\'", "UTF-8")); //text = text.replaceAll("\\\\'", URLEncoder.encode("\\'", "UTF-8"));
text = text.replaceAll("'", URLEncoder.encode("'", "UTF-8"));
//text = text.replaceAll("\"", URLEncoder.encode("\"", "UTF-8"));
//text = text.replaceAll("\\\\", URLEncoder.encode("\\", "UTF-8")); //text = text.replaceAll("\\\\", URLEncoder.encode("\\", "UTF-8"));
} catch (UnsupportedEncodingException ex) { } catch (UnsupportedEncodingException ex) {
} }

7
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/TermComponentQuery.java
View File

@ -199,7 +199,8 @@ public class TermComponentQuery implements KeywordSearchQuery {
attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD_REGEXP.getTypeID(), MODULE_NAME, "", KeywordSearchUtil.escapeForBlackBoard(termsQuery))); attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD_REGEXP.getTypeID(), MODULE_NAME, "", KeywordSearchUtil.escapeForBlackBoard(termsQuery)));
//regex match //regex match
attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD.getTypeID(), MODULE_NAME, "", regexMatch)); final String regexMatchEscaped = KeywordSearchUtil.escapeForBlackBoard(regexMatch);
attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD.getTypeID(), MODULE_NAME, "", regexMatchEscaped));
//list //list
if (listName == null) { if (listName == null) {
listName = ""; listName = "";
@ -214,7 +215,7 @@ public class TermComponentQuery implements KeywordSearchQuery {
if (keywordQuery != null) { if (keywordQuery != null) {
BlackboardAttribute.ATTRIBUTE_TYPE selType = keywordQuery.getType(); BlackboardAttribute.ATTRIBUTE_TYPE selType = keywordQuery.getType();
if (selType != null) { if (selType != null) {
BlackboardAttribute selAttr = new BlackboardAttribute(selType.getTypeID(), MODULE_NAME, "", regexMatch); BlackboardAttribute selAttr = new BlackboardAttribute(selType.getTypeID(), MODULE_NAME, "", regexMatchEscaped);
attributes.add(selAttr); attributes.add(selAttr);
} }
} }
@ -297,7 +298,7 @@ public class TermComponentQuery implements KeywordSearchQuery {
logger.log(Level.INFO, "Executing TermsComponent query: " + q.toString()); logger.log(Level.INFO, "Executing TermsComponent query: " + q.toString());
final SwingWorker worker = new TermsQueryWorker(q); final SwingWorker<List<Term>, Void> worker = new TermsQueryWorker(q);
worker.execute(); worker.execute();
} }

134
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
View File

@ -31,6 +31,8 @@ public class Chrome {
+ "datetime(urls.last_visit_time/1000000-11644473600,'unixepoch','localtime') as last_visit_time, urls.hidden, visits.visit_time, visits.from_visit, visits.transition FROM urls, visits WHERE urls.id = visits.url"; + "datetime(urls.last_visit_time/1000000-11644473600,'unixepoch','localtime') as last_visit_time, urls.hidden, visits.visit_time, visits.from_visit, visits.transition FROM urls, visits WHERE urls.id = visits.url";
public static final String chcookiequery = "select name, value, host, expires_utc, datetime(last_access_utc/1000000-11644473600,'unixepoch','localtime') as last_access_utc, creation_utc from cookies"; public static final String chcookiequery = "select name, value, host, expires_utc, datetime(last_access_utc/1000000-11644473600,'unixepoch','localtime') as last_access_utc, creation_utc from cookies";
public static final String chbookmarkquery = "SELECT starred.title, urls.url, starred.date_added, starred.date_modified, urls.typed_count, datetime(urls.last_visit_time/1000000-11644473600,'unixepoch','localtime') as urls._last_visit_time FROM starred INNER JOIN urls ON urls.id = starred.url_id"; public static final String chbookmarkquery = "SELECT starred.title, urls.url, starred.date_added, starred.date_modified, urls.typed_count, datetime(urls.last_visit_time/1000000-11644473600,'unixepoch','localtime') as urls._last_visit_time FROM starred INNER JOIN urls ON urls.id = starred.url_id";
public static final String chdownloadquery = "select full_path, url, start_time, received_bytes from `downloads`";
public static final String chloginquery = "select origin_url, username_value, signon_realm from `logins`";
private final Logger logger = Logger.getLogger(this.getClass().getName()); private final Logger logger = Logger.getLogger(this.getClass().getName());
public int ChromeCount = 0; public int ChromeCount = 0;
@ -82,7 +84,7 @@ public class Chrome {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","",temprs.getString("url"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","",temprs.getString("url")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Accessed",temprs.getString("last_visit_time"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Accessed",temprs.getString("last_visit_time")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),"RecentActivity","",temprs.getString("from_visit"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),"RecentActivity","",temprs.getString("from_visit")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),"RecentActivity","",((temprs.getString("title") != null) ? temprs.getString("title") : "No Title"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),"RecentActivity","",((temprs.getString("title") != null) ? temprs.getString("title") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome"));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
@ -144,7 +146,7 @@ public class Chrome {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(),"RecentActivity", "Last Visited",temprs.getString("access_utc"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(),"RecentActivity", "Last Visited",temprs.getString("access_utc")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),"RecentActivity", "",temprs.getString("value"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),"RecentActivity", "",temprs.getString("value")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","Title",((temprs.getString("name") != null) ? temprs.getString("name") : "No name"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","Title",((temprs.getString("name") != null) ? temprs.getString("name") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome"));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} }
@ -202,8 +204,132 @@ public class Chrome {
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK); BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getString("last_visit_time"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getString("last_visit_time")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",((temprs.getString("url") != null) ? temprs.getString("url") : "No URL"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",((temprs.getString("url") != null) ? temprs.getString("url") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "No Title"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome"));
bbart.addAttributes(bbattributes);
}
tempdbconnect.closeConnection();
temprs.close();
}
catch (Exception ex)
{
logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex);
}
j++;
dbFile.delete();
}
}
catch (SQLException ex)
{
logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex);
}
catch(IOException ioex)
{
logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex);
}
//Downloads section
// This gets the downloads info
try
{
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
List<FsContent> FFSqlitedb;
ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'History' and parent_path LIKE '%Chrome%' and fs_obj_id = '" + image + "'");
FFSqlitedb = tempDb.resultSetToFsContents(rs);
rs.close();
rs.getStatement().close();
int j = 0;
while (j < FFSqlitedb.size())
{
String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db";
String connectionString = "jdbc:sqlite:" + temps;
ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"));
File dbFile = new File(temps);
if (controller.isCancelled() ) {
dbFile.delete();
break;
}
try
{
dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString);
ResultSet temprs = tempdbconnect.executeQry(chdownloadquery);
while(temprs.next())
{
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getString("start_time")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",((temprs.getString("url") != null) ? temprs.getString("url") : "")));
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "Recent Activity", "", temprs.getString("full_path")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome"));
bbart.addAttributes(bbattributes);
}
tempdbconnect.closeConnection();
temprs.close();
}
catch (Exception ex)
{
logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex);
}
j++;
dbFile.delete();
}
}
catch (SQLException ex)
{
logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex);
}
catch(IOException ioex)
{
logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex);
}
//Login/Password section
// This gets the user info
try
{
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
List<FsContent> FFSqlitedb;
ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'signons.sqlite' and parent_path LIKE '%Chrome%' and fs_obj_id = '" + image + "'");
FFSqlitedb = tempDb.resultSetToFsContents(rs);
rs.close();
rs.getStatement().close();
int j = 0;
while (j < FFSqlitedb.size())
{
String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db";
String connectionString = "jdbc:sqlite:" + temps;
ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"));
File dbFile = new File(temps);
if (controller.isCancelled() ) {
dbFile.delete();
break;
}
try
{
dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString);
ResultSet temprs = tempdbconnect.executeQry(chloginquery);
while(temprs.next())
{
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getString("start_time")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",((temprs.getString("origin_url") != null) ? temprs.getString("origin_url") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USERNAME.getTypeID(), "RecentActivity","", ((temprs.getString("username_value") != null) ? temprs.getString("username_value").replaceAll("'", "''") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "Recent Activity", "", temprs.getString("signon_realm")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome"));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);

2
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractAll.java
View File

@ -14,7 +14,7 @@ import org.sleuthkit.autopsy.ingest.IngestImageWorkerController;
public class ExtractAll { public class ExtractAll {
void ExtractAll(){ void ExtractAll(){
} }

4
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -292,9 +292,7 @@ public class ExtractIE { // implements BrowserActivity {
PASCO_RESULTS_LIST.add(PASCO_RESULTS_LUT); PASCO_RESULTS_LIST.add(PASCO_RESULTS_LUT);
} catch (TskException ex) { } catch (TskException ex) {
Exceptions.printStackTrace(ex); Exceptions.printStackTrace(ex);
} catch (SQLException ex) { }
logger.log(Level.WARNING, "Couldn't find file with id: " + artObjId, ex);
}
} }
} }

40
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -42,7 +42,7 @@ public class ExtractRegistry {
public Logger logger = Logger.getLogger(this.getClass().getName()); public Logger logger = Logger.getLogger(this.getClass().getName());
private String RR_PATH; private String RR_PATH;
boolean rrFound = false; boolean rrFound = false;
private int sysid;
ExtractRegistry(){ ExtractRegistry(){
final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false); final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false);
if (rrRoot == null) { if (rrRoot == null) {
@ -53,7 +53,18 @@ public class ExtractRegistry {
else { else {
rrFound = true; rrFound = true;
} }
try{
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
ResultSet artset = tempDb.runQuery("SELECT * from blackboard_artifact_types WHERE type_name = 'TSK_SYS_INFO'");
while (artset.next()){
sysid = artset.getInt("artifact_type_id");
}
}
catch(Exception e){
}
final String rrHome = rrRoot.getAbsolutePath(); final String rrHome = rrRoot.getAbsolutePath();
logger.log(Level.INFO, "RegRipper home: " + rrHome); logger.log(Level.INFO, "RegRipper home: " + rrHome);
@ -175,7 +186,9 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
{ {
Case currentCase = Case.getCurrentCase(); // get the most updated case Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase(); SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try { try {
String regString = new Scanner(new File(regRecord)).useDelimiter("\\Z").next(); String regString = new Scanner(new File(regRecord)).useDelimiter("\\Z").next();
String startdoc = "<document>"; String startdoc = "<document>";
String result = regString.replaceAll("----------------------------------------",""); String result = regString.replaceAll("----------------------------------------","");
@ -199,7 +212,7 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
Element artroot = tempnode.getChild("artifacts"); Element artroot = tempnode.getChild("artifacts");
List artlist = artroot.getChildren(); List artlist = artroot.getChildren();
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time));
Iterator aiterator = artlist.iterator(); Iterator aiterator = artlist.iterator();
@ -210,16 +223,27 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", context, name)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", context, name));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", context, value)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", context, value));
} }
if("recentdocs".equals(context)){
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT);
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
}
else if("runMRU".equals(context)){
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT);
bbart.addAttributes(bbattributes);
}
else
{
BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(sysid);
bbart.addAttributes(bbattributes);
}
} }
} }
catch (Exception ex) catch (Exception ex)
{ {
String hi = "";
logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + ex); logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + ex);
} }

74
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -31,6 +31,7 @@ public class Firefox {
private static final String ffquery = "SELECT moz_historyvisits.id,url,title,visit_count,datetime(moz_historyvisits.visit_date/1000000,'unixepoch','localtime') as visit_date,from_visit,(SELECT url FROM moz_places WHERE id=moz_historyvisits.from_visit) as ref FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND hidden = 0"; private static final String ffquery = "SELECT moz_historyvisits.id,url,title,visit_count,datetime(moz_historyvisits.visit_date/1000000,'unixepoch','localtime') as visit_date,from_visit,(SELECT url FROM moz_places WHERE id=moz_historyvisits.from_visit) as ref FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND hidden = 0";
private static final String ffcookiequery = "SELECT name,value,host,expiry,datetime(moz_cookies.lastAccessed/1000000,'unixepoch','localtime') as lastAccessed,creationTime FROM moz_cookies"; private static final String ffcookiequery = "SELECT name,value,host,expiry,datetime(moz_cookies.lastAccessed/1000000,'unixepoch','localtime') as lastAccessed,creationTime FROM moz_cookies";
private static final String ffbookmarkquery = "SELECT fk, moz_bookmarks.title, url FROM moz_bookmarks INNER JOIN moz_places ON moz_bookmarks.fk=moz_places.id"; private static final String ffbookmarkquery = "SELECT fk, moz_bookmarks.title, url FROM moz_bookmarks INNER JOIN moz_places ON moz_bookmarks.fk=moz_places.id";
private static final String ffdownloadquery = "select target, source, startTime, maxBytes from `moz_downloads`";
public Logger logger = Logger.getLogger(this.getClass().getName()); public Logger logger = Logger.getLogger(this.getClass().getName());
@ -88,8 +89,8 @@ public class Firefox {
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","",temprs.getString("url"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","",temprs.getString("url")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getString("visit_date"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getString("visit_date")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),"RecentActivity","",((temprs.getString("ref") != null) ? temprs.getString("ref") : "None"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),"RecentActivity","",((temprs.getString("ref") != null) ? temprs.getString("ref") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),"RecentActivity","",((temprs.getString("title") != null) ? temprs.getString("title") : "No Title"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),"RecentActivity","",((temprs.getString("title") != null) ? temprs.getString("title") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox"));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
@ -100,8 +101,8 @@ public class Firefox {
{ {
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK); BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","",((temprs.getString("url") != null) ? temprs.getString("url") : "No URL"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","",((temprs.getString("url") != null) ? temprs.getString("url") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "No Title"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox"));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
} }
@ -168,7 +169,7 @@ public class Firefox {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Last Visited", temprs.getString("lastAccessed"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Last Visited", temprs.getString("lastAccessed")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", "", temprs.getString("value"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", "", temprs.getString("value")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","Title",((temprs.getString("name") != null) ? temprs.getString("name") : "No name"))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","Title",((temprs.getString("name") != null) ? temprs.getString("name") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox"));
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
@ -193,6 +194,69 @@ public class Firefox {
{ {
logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex); logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex);
} }
//Downloads section
// This gets the downloads info
try
{
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
List<FsContent> FFSqlitedb;
ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'downloads.sqlite' and parent_path LIKE '%Firefox%' and fs_obj_id = '" + image + "'");
FFSqlitedb = tempDb.resultSetToFsContents(rs);
rs.close();
rs.getStatement().close();
int j = 0;
while (j < FFSqlitedb.size())
{
String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db";
String connectionString = "jdbc:sqlite:" + temps;
ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"));
File dbFile = new File(temps);
if (controller.isCancelled() ) {
dbFile.delete();
break;
}
try
{
dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString);
ResultSet temprs = tempdbconnect.executeQry(ffdownloadquery);
while(temprs.next())
{
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getString("startTime")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",((temprs.getString("source") != null) ? temprs.getString("source") : "")));
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "Recent Activity", "", temprs.getString("target")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome"));
bbart.addAttributes(bbattributes);
}
tempdbconnect.closeConnection();
temprs.close();
}
catch (Exception ex)
{
logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex);
}
j++;
dbFile.delete();
}
}
catch (SQLException ex)
{
logger.log(Level.WARNING, "Error while trying to get FireFox SQLite db.", ex);
}
catch(IOException ioex)
{
logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex);
}
} }
} }
//@Override //@Override

30
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestService.java
View File

@ -18,12 +18,13 @@
*/ */
package org.sleuthkit.autopsy.recentactivity; package org.sleuthkit.autopsy.recentactivity;
import java.beans.PropertyChangeListener;
import java.sql.ResultSet;
import java.util.Collection; import java.util.Collection;
import java.util.LinkedList; import java.util.LinkedList;
import java.util.List; import java.util.List;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import javax.swing.JPanel;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; import org.sleuthkit.autopsy.ingest.IngestImageWorkerController;
import org.sleuthkit.autopsy.ingest.IngestManager; import org.sleuthkit.autopsy.ingest.IngestManager;
@ -80,7 +81,28 @@ public final class RAImageIngestService implements IngestServiceImage {
try { try {
//do the work for(FileSystem img : imageFS ) //do the work for(FileSystem img : imageFS )
try{
ResultSet artset = sCurrentCase.runQuery("SELECT * from blackboard_artifact_types WHERE type_name = 'TSK_SYS_INFO'");
int artcount = 0;
while (artset.next()){
artcount++;
}
// artset.beforeFirst();
if(artcount > 0)
{
}
else
{
int artint = sCurrentCase.addArtifactType("TSK_SYS_INFO", "System Information");
}
}
catch(Exception e)
{
}
ext.extractToBlackboard(controller, fsIds); ext.extractToBlackboard(controller, fsIds);
@ -162,4 +184,10 @@ public final class RAImageIngestService implements IngestServiceImage {
public boolean hasBackgroundJobsRunning() { public boolean hasBackgroundJobsRunning() {
return false; return false;
} }
@Override
public boolean backgroundJobsCompleteListener(PropertyChangeListener l) {
return false;
}
} }

57
Report/src/org/sleuthkit/autopsy/report/report.java
View File

@ -5,16 +5,14 @@
package org.sleuthkit.autopsy.report; package org.sleuthkit.autopsy.report;
import java.sql.ResultSet; import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap; import java.util.HashMap;
import java.util.List;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
/** /**
@ -199,4 +197,57 @@ public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getHashHit() {
return reportMap; return reportMap;
} }
@Override
public String getGroupedKeywordHit() {
StringBuilder table = new StringBuilder();
HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap();
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
try
{
ResultSet uniqueresults = tempDb.runQuery("SELECT DISTINCT value_text from blackboard_attributes where attribute_type_id = '10' order by value_text ASC");
while(uniqueresults.next())
{
table.append("<strong>").append(uniqueresults.getString("value_text")).append("</strong>");
table.append("<table><thead><tr><th>").append("File Name").append("</th><th>Preview</th><th>Keyword List</th></tr><tbody>");
ArrayList<BlackboardArtifact> artlist = new ArrayList<BlackboardArtifact>();
ResultSet tempresults = tempDb.runQuery("select DISTINCT artifact_id from blackboard_attributes where attribute_type_id = '10' and value_text = '" + uniqueresults.getString("value_text") +"'");
while(tempresults.next())
{
artlist.add(tempDb.getBlackboardArtifact(tempresults.getLong("artifact_id")));
}
for(BlackboardArtifact art : artlist)
{
String filename = tempDb.getFsContentById(art.getObjectID()).getName();
String preview = "";
String set = "";
table.append("<tr><td>").append(filename).append("</td>");
ArrayList<BlackboardAttribute> tempatts = art.getAttributes();
for(BlackboardAttribute att : tempatts)
{
if(att.getAttributeTypeID() == 12)
{
preview = "<td>" + att.getValueString() + "</td>";
}
if(att.getAttributeTypeID() == 13)
{
set = "<td>" + att.getValueString() + "</td>";
}
}
table.append(preview).append(set).append("</tr>");
}
table.append("</tbody></table><br /><br />");
}
}
catch (Exception e)
{
Logger.getLogger(report.class.getName()).log(Level.INFO, "Exception occurred", e);
}
String result = table.toString();
return result;
}
} }

28
Report/src/org/sleuthkit/autopsy/report/reportFilter.form
View File

@ -32,34 +32,35 @@
<DimensionLayout dim="0"> <DimensionLayout dim="0">
<Group type="103" groupAlignment="0" attributes="0"> <Group type="103" groupAlignment="0" attributes="0">
<Group type="102" attributes="0"> <Group type="102" attributes="0">
<EmptySpace min="-2" pref="38" max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0"> <Group type="103" groupAlignment="0" attributes="0">
<Group type="102" attributes="0"> <Group type="102" attributes="0">
<EmptySpace min="-2" pref="28" max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0"> <Group type="103" groupAlignment="0" attributes="0">
<Component id="jCheckBox3" alignment="0" min="-2" max="-2" attributes="0"/> <Component id="jCheckBox3" alignment="0" min="-2" max="-2" attributes="0"/>
<Group type="102" alignment="0" attributes="0"> <Group type="102" alignment="0" attributes="0">
<Group type="103" groupAlignment="0" attributes="0"> <Group type="103" groupAlignment="0" attributes="0">
<Component id="jCheckBox2" alignment="0" min="-2" max="-2" attributes="0"/> <Component id="jCheckBox2" alignment="0" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox1" alignment="0" min="-2" max="-2" attributes="0"/> <Component id="jCheckBox1" alignment="0" min="-2" max="-2" attributes="0"/>
<Component id="cancelButton" min="-2" max="-2" attributes="0"/>
</Group> </Group>
<EmptySpace max="-2" attributes="0"/> <EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0"> <Group type="103" groupAlignment="0" attributes="0">
<Component id="jCheckBox5" min="-2" max="-2" attributes="0"/> <Component id="jCheckBox5" min="-2" max="-2" attributes="0"/>
<Group type="103" alignment="0" groupAlignment="0" attributes="0"> <Component id="jCheckBox4" alignment="0" min="-2" max="-2" attributes="0"/>
<Component id="jCheckBox4" min="-2" max="-2" attributes="0"/>
<Component id="progBar" alignment="1" min="-2" pref="188" max="-2" attributes="0"/>
</Group>
</Group> </Group>
</Group> </Group>
</Group> </Group>
<EmptySpace min="-2" pref="69" max="-2" attributes="0"/>
</Group> </Group>
<Group type="102" alignment="0" attributes="0"> <Group type="102" alignment="0" attributes="0">
<EmptySpace min="-2" pref="106" max="-2" attributes="0"/>
<Component id="jButton1" min="-2" max="-2" attributes="0"/> <Component id="jButton1" min="-2" max="-2" attributes="0"/>
<EmptySpace pref="15" max="32767" attributes="0"/>
<Component id="cancelButton" min="-2" max="-2" attributes="0"/>
<EmptySpace type="unrelated" max="-2" attributes="0"/>
<Component id="progBar" min="-2" max="-2" attributes="0"/>
<EmptySpace min="-2" pref="42" max="-2" attributes="0"/>
</Group> </Group>
</Group> </Group>
<EmptySpace pref="108" max="32767" attributes="0"/> <EmptySpace max="-2" attributes="0"/>
</Group> </Group>
</Group> </Group>
</DimensionLayout> </DimensionLayout>
@ -79,13 +80,12 @@
<EmptySpace type="separate" max="-2" attributes="0"/> <EmptySpace type="separate" max="-2" attributes="0"/>
<Component id="jCheckBox3" min="-2" max="-2" attributes="0"/> <Component id="jCheckBox3" min="-2" max="-2" attributes="0"/>
<EmptySpace type="separate" max="-2" attributes="0"/> <EmptySpace type="separate" max="-2" attributes="0"/>
<Group type="103" groupAlignment="1" attributes="0"> <Group type="103" groupAlignment="0" attributes="0">
<Group type="102" attributes="0"> <Component id="progBar" pref="23" max="32767" attributes="1"/>
<Component id="jButton1" min="-2" max="-2" attributes="0"/> <Group type="103" alignment="0" groupAlignment="3" attributes="0">
<EmptySpace type="unrelated" max="-2" attributes="0"/> <Component id="jButton1" alignment="3" max="32767" attributes="1"/>
<Component id="progBar" pref="25" max="32767" attributes="0"/> <Component id="cancelButton" alignment="3" max="32767" attributes="1"/>
</Group> </Group>
<Component id="cancelButton" min="-2" max="-2" attributes="0"/>
</Group> </Group>
<EmptySpace max="-2" attributes="0"/> <EmptySpace max="-2" attributes="0"/>
</Group> </Group>

31
Report/src/org/sleuthkit/autopsy/report/reportFilter.java
View File

@ -106,26 +106,28 @@ public class reportFilter extends javax.swing.JPanel {
layout.setHorizontalGroup( layout.setHorizontalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup() .addGroup(layout.createSequentialGroup()
.addGap(38, 38, 38)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup() .addGroup(layout.createSequentialGroup()
.addGap(28, 28, 28)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jCheckBox3) .addComponent(jCheckBox3)
.addGroup(layout.createSequentialGroup() .addGroup(layout.createSequentialGroup()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jCheckBox2) .addComponent(jCheckBox2)
.addComponent(jCheckBox1) .addComponent(jCheckBox1))
.addComponent(cancelButton))
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jCheckBox5) .addComponent(jCheckBox5)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addComponent(jCheckBox4))))
.addComponent(jCheckBox4) .addGap(69, 69, 69))
.addComponent(progBar, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.PREFERRED_SIZE, 188, javax.swing.GroupLayout.PREFERRED_SIZE))))))
.addGroup(layout.createSequentialGroup() .addGroup(layout.createSequentialGroup()
.addGap(106, 106, 106) .addComponent(jButton1)
.addComponent(jButton1))) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 15, Short.MAX_VALUE)
.addContainerGap(108, Short.MAX_VALUE)) .addComponent(cancelButton)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addComponent(progBar, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
.addGap(42, 42, 42)))
.addContainerGap())
); );
layout.setVerticalGroup( layout.setVerticalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
@ -141,12 +143,11 @@ public class reportFilter extends javax.swing.JPanel {
.addGap(18, 18, 18) .addGap(18, 18, 18)
.addComponent(jCheckBox3) .addComponent(jCheckBox3)
.addGap(18, 18, 18) .addGap(18, 18, 18)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup() .addComponent(progBar, javax.swing.GroupLayout.DEFAULT_SIZE, 23, Short.MAX_VALUE)
.addComponent(jButton1) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) .addComponent(jButton1, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addComponent(progBar, javax.swing.GroupLayout.DEFAULT_SIZE, 25, Short.MAX_VALUE)) .addComponent(cancelButton, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)))
.addComponent(cancelButton))
.addContainerGap()) .addContainerGap())
); );
}// </editor-fold>//GEN-END:initComponents }// </editor-fold>//GEN-END:initComponents

181
Report/src/org/sleuthkit/autopsy/report/reportHTML.java
View File

@ -5,7 +5,6 @@
package org.sleuthkit.autopsy.report; package org.sleuthkit.autopsy.report;
import java.io.BufferedWriter; import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter; import java.io.FileWriter;
import java.text.DateFormat; import java.text.DateFormat;
import java.text.SimpleDateFormat; import java.text.SimpleDateFormat;
@ -13,13 +12,16 @@ import java.util.ArrayList;
import java.util.Date; import java.util.Date;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map.Entry; import java.util.Map.Entry;
import java.util.TreeMap;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.FsContent; import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskData;
/** /**
* *
@ -31,16 +33,65 @@ public class reportHTML {
public static StringBuilder formatted_Report = new StringBuilder(); public static StringBuilder formatted_Report = new StringBuilder();
public static String htmlPath = ""; public static String htmlPath = "";
public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> report, reportFilter rr){ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> report, reportFilter rr){
//This is literally a terrible way to count up all the types of artifacts, and doesn't include any added ones.
//Unlike the XML report, which is dynamic, this is formatted and needs to be redone later instead of being hardcoded.
int countGen = 0;
int countWebBookmark = 0;
int countWebCookie = 0;
int countWebHistory = 0;
int countWebDownload = 0;
int countRecentObjects = 0;
int countTrackPoint = 0;
int countInstalled = 0;
int countKeyword = 0;
int countHash = 0;
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(entry.getKey().getArtifactTypeID() == 1){
countGen++;
}
if(entry.getKey().getArtifactTypeID() == 2){
countWebBookmark++;
}
if(entry.getKey().getArtifactTypeID() == 3){
countWebCookie++;
}
if(entry.getKey().getArtifactTypeID() == 4){
countWebHistory++;
}
if(entry.getKey().getArtifactTypeID() == 5){
countWebDownload++;
}
if(entry.getKey().getArtifactTypeID() == 6){
countRecentObjects++;
}
if(entry.getKey().getArtifactTypeID() == 7){
countTrackPoint++;
}
if(entry.getKey().getArtifactTypeID() == 8){
countInstalled++;
}
if(entry.getKey().getArtifactTypeID() == 9){
countKeyword++;
}
if(entry.getKey().getArtifactTypeID() == 10){
countHash++;
}
}
try{ try{
String ingestwarning = "<h2 style=\"color: red;\">Warning, this report was run before ingest services completed!</h2>";
Case currentCase = Case.getCurrentCase(); // get the most updated case Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase skCase = currentCase.getSleuthkitCase(); SleuthkitCase skCase = currentCase.getSleuthkitCase();
String caseName = currentCase.getName(); String caseName = currentCase.getName();
String rrpath = System.getProperty("user.dir");
rrpath = rrpath.substring(0, rrpath.length()-14);
rrpath = rrpath + "autopsy\\thirdparty\\";
Integer imagecount = currentCase.getImageIDs().length; Integer imagecount = currentCase.getImageIDs().length;
Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG);
Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR);
int reportsize = report.size();
Integer filesystemcount = currentCase.getRootObjectsCount(); Integer filesystemcount = currentCase.getRootObjectsCount();
DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy"); DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy");
@ -68,20 +119,27 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
// Add summary information now // Add summary information now
formatted_Report.append("<h1>Report for Case: ").append(caseName).append("</h1>"); formatted_Report.append("<h1>Report for Case: ").append(caseName).append("</h1>");
if(IngestManager.getDefault().isIngestRunning())
{
formatted_Report.append(ingestwarning);
}
formatted_Report.append("<h2>Case Summary</h2><p>HTML Report Generated by <strong>Autopsy 3</strong> on ").append(datetime).append("<br /><ul>"); formatted_Report.append("<h2>Case Summary</h2><p>HTML Report Generated by <strong>Autopsy 3</strong> on ").append(datetime).append("<br /><ul>");
formatted_Report.append("<li># of Images: ").append(imagecount).append("</li>"); formatted_Report.append("<li># of Images: ").append(imagecount).append("</li>");
formatted_Report.append("<li>FileSystems: ").append(filesystemcount).append("</li>"); formatted_Report.append("<li>FileSystems: ").append(filesystemcount).append("</li>");
String tableHeader = "<table><thead><tr><th>Artifact ID</th><th>Name</th><th>Size</th><th>Attribute</th><th>Value</th></tr></thead><tbody>"; formatted_Report.append("<li># of Files: ").append(totalfiles.toString()).append("</li>");
StringBuilder nodeGen = new StringBuilder("<h3>General Information</h3>" + tableHeader); formatted_Report.append("<li># of Dirs: ").append(totaldirs.toString()).append("</li>");
StringBuilder nodeWebBookmark = new StringBuilder("<h3>Web Bookmarks</h3>" + tableHeader); formatted_Report.append("<li># of Artifacts: ").append(reportsize).append("</li>");
StringBuilder nodeWebCookie = new StringBuilder("<h3>Web Cookies</h3>" + tableHeader); String tableHeader = "<table><thead><tr>";
StringBuilder nodeWebHistory = new StringBuilder("<h3>Web History</h3>" + tableHeader); StringBuilder nodeGen = new StringBuilder("<h3>General Information (").append(countGen).append(")</h3>").append(tableHeader).append("<th>Attribute</th><th>Value</th></tr></thead><tbody>");
StringBuilder nodeWebDownload = new StringBuilder("<h3>Web Downloads</h3>" + tableHeader); StringBuilder nodeWebBookmark = new StringBuilder("<h3>Web Bookmarks (").append(countWebBookmark).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Title</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeRecentObjects = new StringBuilder("<h3>Recent Documents</h3>" + tableHeader); StringBuilder nodeWebCookie = new StringBuilder("<h3>Web Cookies (").append(countWebCookie).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Name</th><th>Value</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeTrackPoint = new StringBuilder("<h3>Track Points</h3>" + tableHeader); StringBuilder nodeWebHistory = new StringBuilder("<h3>Web History (").append(countWebHistory).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Referrer</th><th>Title</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeInstalled = new StringBuilder("<h3>Installed Programs</h3>" + tableHeader); StringBuilder nodeWebDownload = new StringBuilder("<h3>Web Downloads (").append(countWebDownload).append(")</h3>").append(tableHeader).append("<th>File</th><th>Source</th><th>Time</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeKeyword = new StringBuilder("<h3>Keyword Search Hits</h3>" + tableHeader); StringBuilder nodeRecentObjects = new StringBuilder("<h3>Recent Documents (").append(countRecentObjects).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Name</th><th>Path</th></tr></thead><tbody>");
StringBuilder nodeHash = new StringBuilder("<h3>Hashset Hits</h3>" + tableHeader); StringBuilder nodeTrackPoint = new StringBuilder("<h3>Track Points (").append(countTrackPoint).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Attribute</th><th>Value</th></tr></thead><tbody>");
StringBuilder nodeInstalled = new StringBuilder("<h3>Installed Programs (").append(countInstalled).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Attribute</th><th>Value</th></tr></thead><tbody>");
StringBuilder nodeKeyword = new StringBuilder("<h3>Keyword Search Hits (").append(countKeyword).append(")</h3>");
StringBuilder nodeHash = new StringBuilder("<h3>Hashset Hits (").append(countHash).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Hashset Name</th></tr></thead><tbody>");
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) { for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(reportFilter.cancel == true){ if(reportFilter.cancel == true){
@ -95,64 +153,103 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
Long filesize = file.getSize(); Long filesize = file.getSize();
TreeMap<Integer, String> attributes = new TreeMap<Integer,String>();
// Get all the attributes for this guy // Get all the attributes, line them up to be added.
for (BlackboardAttribute tempatt : entry.getValue()) for (BlackboardAttribute tempatt : entry.getValue())
{ {
if(reportFilter.cancel == true){ if(reportFilter.cancel == true){
break; break;
} }
artifact.append("<tr><td>").append(objId.toString());
artifact.append("</td><td><strong>").append(file.getName().toString()).append("</strong></td>");
//artifact.append("Path: ").append(file.getParentPath());
artifact.append("<td>").append(filesize.toString()).append("</td>");
StringBuilder attribute = new StringBuilder("<td>").append(tempatt.getAttributeTypeDisplayName()).append("</td>");
attribute.append("<td>").append(tempatt.getValueString()).append("</td></tr>");
//attribute.append("<li style=\"list-style-type: none;\"> Context: ").append(tempatt.getContext()).append("</li>");
artifact.append(attribute); int type = tempatt.getAttributeTypeID();
String value = tempatt.getValueString();
attributes.put(type, value);
cc++; cc++;
} }
//artifact.append("</tr>");
if(entry.getKey().getArtifactTypeID() == 1){ if(entry.getKey().getArtifactTypeID() == 1){
artifact.append("</tr>");
nodeGen.append(artifact); nodeGen.append(artifact);
} }
if(entry.getKey().getArtifactTypeID() == 2){ if(entry.getKey().getArtifactTypeID() == 2){
artifact.append("<tr><td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(3)).append("</td>");
artifact.append("<td>").append(attributes.get(4)).append("</td>");
artifact.append("</tr>");
nodeWebBookmark.append(artifact); nodeWebBookmark.append(artifact);
} }
if(entry.getKey().getArtifactTypeID() == 3){ if(entry.getKey().getArtifactTypeID() == 3){
artifact.append("<tr><td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(2)).append("</td>");
artifact.append("<td>").append(attributes.get(3)).append("</td>");
artifact.append("<td>").append(attributes.get(6)).append("</td>");
artifact.append("<td>").append(attributes.get(4)).append("</td>");
artifact.append("</tr>");
nodeWebCookie.append(artifact); nodeWebCookie.append(artifact);
} }
if(entry.getKey().getArtifactTypeID() == 4){ if(entry.getKey().getArtifactTypeID() == 4){
artifact.append("<tr><td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(2)).append("</td>");
artifact.append("<td>").append(attributes.get(32)).append("</td>");
artifact.append("<td>").append(attributes.get(3)).append("</td>");
artifact.append("<td>").append(attributes.get(4)).append("</td>");
artifact.append("</tr>");
nodeWebHistory.append(artifact); nodeWebHistory.append(artifact);
} }
if(entry.getKey().getArtifactTypeID() == 5){ if(entry.getKey().getArtifactTypeID() == 5){
artifact.append("<tr><td>").append(attributes.get(8)).append("</td>");
artifact.append("<td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(2)).append("</td>");
artifact.append("<td>").append(attributes.get(4)).append("</td>");
artifact.append("</tr>");
nodeWebDownload.append(artifact); nodeWebDownload.append(artifact);
} }
if(entry.getKey().getArtifactTypeID() == 6){ if(entry.getKey().getArtifactTypeID() == 6){
artifact.append("<tr><td>").append(objId.toString());
artifact.append("</td><td><strong>").append(file.getName().toString()).append("</strong></td>");
artifact.append("<td>").append(filesize.toString()).append("</td>");
artifact.append("</tr>");
nodeRecentObjects.append(artifact); nodeRecentObjects.append(artifact);
} }
if(entry.getKey().getArtifactTypeID() == 7){ if(entry.getKey().getArtifactTypeID() == 7){
artifact.append("<tr><td>").append(objId.toString());
artifact.append("</td><td><strong>").append(file.getName().toString()).append("</strong></td>");
artifact.append("<td>").append(filesize.toString()).append("</td>");
artifact.append("</tr>");
nodeTrackPoint.append(artifact); nodeTrackPoint.append(artifact);
} }
if(entry.getKey().getArtifactTypeID() == 8){ if(entry.getKey().getArtifactTypeID() == 8){
artifact.append("<tr><td>").append(objId.toString());
artifact.append("</td><td><strong>").append(file.getName().toString()).append("</strong></td>");
artifact.append("<td>").append(filesize.toString()).append("</td>");
artifact.append("</tr>");
nodeInstalled.append(artifact); nodeInstalled.append(artifact);
} }
if(entry.getKey().getArtifactTypeID() == 9){ if(entry.getKey().getArtifactTypeID() == 9){
nodeKeyword.append(artifact);
// artifact.append("<table><thead><tr><th>Artifact ID</th><th>Name</th><th>Size</th>");
// artifact.append("</tr></table>");
// nodeKeyword.append(artifact);
} }
if(entry.getKey().getArtifactTypeID() == 10){ if(entry.getKey().getArtifactTypeID() == 10){
artifact.append("<tr><td>").append(objId.toString());
artifact.append("</td><td><strong>").append(file.getName().toString()).append("</strong></td>");
artifact.append("<td>").append(filesize.toString()).append("</td>");
//artifact.append("<td>").append(attributes.get(31)).append("</td>");
artifact.append("<td>").append(attributes.get(30)).append("</td>");
artifact.append("</tr>");
nodeHash.append(artifact); nodeHash.append(artifact);
} }
cc++; cc++;
rr.progBarSet(cc); rr.progBarSet(cc);
} }
//Add them back in order //Add them back in order
formatted_Report.append(nodeGen); //formatted_Report.append(nodeGen);
formatted_Report.append("</tbody></table>"); // formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeWebBookmark); formatted_Report.append(nodeWebBookmark);
formatted_Report.append("</tbody></table>"); formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeWebCookie); formatted_Report.append(nodeWebCookie);
@ -163,19 +260,25 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
formatted_Report.append("</tbody></table>"); formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeRecentObjects); formatted_Report.append(nodeRecentObjects);
formatted_Report.append("</tbody></table>"); formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeTrackPoint); // formatted_Report.append(nodeTrackPoint);
formatted_Report.append("</tbody></table>"); //formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeInstalled); formatted_Report.append(nodeInstalled);
formatted_Report.append("</tbody></table>"); formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeKeyword); formatted_Report.append(nodeKeyword);
formatted_Report.append("</tbody></table>"); if(countKeyword > 0){
report keywords = new report();
formatted_Report.append(keywords.getGroupedKeywordHit());
// "<table><thead><tr><th>Artifact ID</th><th>Name</th><th>Size</th>
// formatted_Report.append("</tbody></table>");
}
formatted_Report.append(nodeHash); formatted_Report.append(nodeHash);
formatted_Report.append("</tbody></table>"); formatted_Report.append("</tbody></table>");
//end of master loop //end of master loop
formatted_Report.append("</div></div></body></html>"); formatted_Report.append("</div></div></body></html>");
htmlPath = currentCase.getCaseDirectory()+"/Temp/" + caseName + "-" + datenotime + ".html"; htmlPath = currentCase.getCaseDirectory()+"/Reports/" + caseName + "-" + datenotime + ".html";
BufferedWriter out = new BufferedWriter(new FileWriter(htmlPath)); BufferedWriter out = new BufferedWriter(new FileWriter(htmlPath));
out.write(formatted_Report.toString()); out.write(formatted_Report.toString());

1
Report/src/org/sleuthkit/autopsy/report/reportInterface.java
View File

@ -22,4 +22,5 @@ public interface reportInterface{
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getRecentObject(); public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getRecentObject();
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getHashHit(); public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getHashHit();
public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getKeywordHit(); public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getKeywordHit();
public String getGroupedKeywordHit();
} }

3
Report/src/org/sleuthkit/autopsy/report/reportPanel.form
View File

@ -7,6 +7,9 @@
<Component class="javax.swing.JOptionPane" name="jOptionPane1"> <Component class="javax.swing.JOptionPane" name="jOptionPane1">
</Component> </Component>
</NonVisualComponents> </NonVisualComponents>
<Properties>
<Property name="focusTraversalPolicyProvider" type="boolean" value="true"/>
</Properties>
<AccessibilityProperties> <AccessibilityProperties>
<Property name="AccessibleContext.accessibleName" type="java.lang.String" value=""/> <Property name="AccessibleContext.accessibleName" type="java.lang.String" value=""/>
<Property name="AccessibleContext.accessibleParent" type="javax.accessibility.Accessible" editor="org.netbeans.modules.form.RADVisualComponent$AccessibleParentEditor"> <Property name="AccessibleContext.accessibleParent" type="javax.accessibility.Accessible" editor="org.netbeans.modules.form.RADVisualComponent$AccessibleParentEditor">

16
Report/src/org/sleuthkit/autopsy/report/reportPanel.java
View File

@ -10,9 +10,11 @@
*/ */
package org.sleuthkit.autopsy.report; package org.sleuthkit.autopsy.report;
import java.awt.event.ActionListener; import java.awt.event.ActionListener;
import java.io.BufferedWriter;
import java.io.FileOutputStream; import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.IOException; import java.io.IOException;
import javax.swing.filechooser.FileFilter; import org.jdom.output.XMLOutputter;
/** /**
* *
@ -42,6 +44,8 @@ public class reportPanel extends javax.swing.JPanel {
jButton1 = new javax.swing.JButton(); jButton1 = new javax.swing.JButton();
saveReport = new javax.swing.JButton(); saveReport = new javax.swing.JButton();
setFocusTraversalPolicyProvider(true);
jEditorPane1.setContentType(org.openide.util.NbBundle.getMessage(reportPanel.class, "reportPanel.jEditorPane1.contentType")); // NOI18N jEditorPane1.setContentType(org.openide.util.NbBundle.getMessage(reportPanel.class, "reportPanel.jEditorPane1.contentType")); // NOI18N
jEditorPane1.setEditable(false); jEditorPane1.setEditable(false);
jScrollPane1.setViewportView(jEditorPane1); jScrollPane1.setViewportView(jEditorPane1);
@ -121,13 +125,19 @@ private void saveReportActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FI
private void exportReport(String path){ private void exportReport(String path){
path = reportUtils.changeExtension(path, ".html"); String htmlpath = reportUtils.changeExtension(path, ".html");
String xmlpath = reportUtils.changeExtension(path, ".xml");
try { try {
FileOutputStream out = new FileOutputStream(path); FileOutputStream out = new FileOutputStream(htmlpath);
out.write(reportHTML.formatted_Report.toString().getBytes()); out.write(reportHTML.formatted_Report.toString().getBytes());
out.flush(); out.flush();
out.close(); out.close();
FileOutputStream xmlout = new FileOutputStream(xmlpath);
XMLOutputter serializer = new XMLOutputter();
serializer.output(reportXML.xmldoc, xmlout);
xmlout.flush();
xmlout.close();
jOptionPane1.showMessageDialog(this, "Report has been successfully saved!"); jOptionPane1.showMessageDialog(this, "Report has been successfully saved!");
} }
catch (IOException e) { catch (IOException e) {

4
Report/src/org/sleuthkit/autopsy/report/reportPanelAction.java
View File

@ -97,7 +97,7 @@ public class reportPanelAction {
// add the panel to the popup window // add the panel to the popup window
popUpWindow.add(panel); popUpWindow.add(panel);
popUpWindow.pack(); popUpWindow.pack();
popUpWindow.setResizable(false); popUpWindow.setResizable(true);
// set the location of the popUp Window on the center of the screen // set the location of the popUp Window on the center of the screen
Dimension screenDimension = Toolkit.getDefaultToolkit().getScreenSize(); Dimension screenDimension = Toolkit.getDefaultToolkit().getScreenSize();
@ -107,7 +107,7 @@ public class reportPanelAction {
popUpWindow.setVisible(true); popUpWindow.setVisible(true);
rr.progBarDone(); rr.progBarDone();
// add the command to close the window to the button on the Case Properties form / panel
} }
} catch (Exception ex) { } catch (Exception ex) {
Log.get(reportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex); Log.get(reportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex);

16
Report/src/org/sleuthkit/autopsy/report/reportXML.java
View File

@ -19,6 +19,7 @@ import org.jdom.Document.*;
import org.jdom.Element; import org.jdom.Element;
import org.jdom.output.XMLOutputter; import org.jdom.output.XMLOutputter;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.Content;
@ -27,8 +28,9 @@ import org.sleuthkit.datamodel.Directory;
import org.sleuthkit.datamodel.File; import org.sleuthkit.datamodel.File;
import org.sleuthkit.datamodel.Image; import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskData;
public class reportXML { public class reportXML {
public static Document xmldoc = new Document();
public reportXML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> report, reportFilter rr){ public reportXML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> report, reportFilter rr){
try{ try{
Case currentCase = Case.getCurrentCase(); // get the most updated case Case currentCase = Case.getCurrentCase(); // get the most updated case
@ -36,8 +38,10 @@ public class reportXML {
String caseName = currentCase.getName(); String caseName = currentCase.getName();
Integer imagecount = currentCase.getImageIDs().length; Integer imagecount = currentCase.getImageIDs().length;
Integer filesystemcount = currentCase.getRootObjectsCount(); Integer filesystemcount = currentCase.getRootObjectsCount();
Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG);
Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR);
Element root = new Element("Case"); Element root = new Element("Case");
Document xmldoc = new Document(root); xmldoc = new Document(root);
DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss"); DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss");
Date date = new Date(); Date date = new Date();
@ -47,9 +51,15 @@ public class reportXML {
root.addContent(comment); root.addContent(comment);
//Create summary node involving how many of each type //Create summary node involving how many of each type
Element summary = new Element("Summary"); Element summary = new Element("Summary");
if(IngestManager.getDefault().isIngestRunning())
{
summary.addContent(new Element("Warning").setText("Report was run before ingest services completed!"));
}
summary.addContent(new Element("Name").setText(caseName)); summary.addContent(new Element("Name").setText(caseName));
summary.addContent(new Element("Total-Images").setText(imagecount.toString())); summary.addContent(new Element("Total-Images").setText(imagecount.toString()));
summary.addContent(new Element("Total-FileSystems").setText(filesystemcount.toString())); summary.addContent(new Element("Total-FileSystems").setText(filesystemcount.toString()));
summary.addContent(new Element("Total-Files").setText(totalfiles.toString()));
summary.addContent(new Element("Total-Directories").setText(totaldirs.toString()));
root.addContent(summary); root.addContent(summary);
//generate the nodes for each of the types so we can use them later //generate the nodes for each of the types so we can use them later
Element nodeGen = new Element("General-Information"); Element nodeGen = new Element("General-Information");
@ -145,7 +155,7 @@ public class reportXML {
root.addContent(nodeHash); root.addContent(nodeHash);
try { try {
FileOutputStream out = new FileOutputStream(currentCase.getCaseDirectory()+"/Temp/" + caseName + "-" + datenotime + ".xml"); FileOutputStream out = new FileOutputStream(currentCase.getCaseDirectory()+"/Reports/" + caseName + "-" + datenotime + ".xml");
XMLOutputter serializer = new XMLOutputter(); XMLOutputter serializer = new XMLOutputter();
serializer.output(xmldoc, out); serializer.output(xmldoc, out);
out.flush(); out.flush();